ECC Workshop

Per Sahlholm, Scania

Integrating Autonomy: Software Challenges in Heavy-Duty Vehicle Automation

Abstract: Heavy-duty vehicle automation is a very challenging tasks, in a large part due to the high safety requirements associated with operating powerful machines. In many other automation areas safety can be achieved through static physical boundaries. For heavy-duty vehicles this is only possible to a limited degree. The automation problem itself is also complicated. The automation system needs to handle numerous sub-tasks both related to driving the vehicle and to sensing and interpreting the surrounding environment.

Consequently, a system engineering approach that enables a high development pace, in a large system, while ensuring safety, is required. This calls for modularization and extensive automation of testing. This talk will explore some key challenges in this area, identified while developing heavy-duty vehicle automation at Scania.

Biography: Per Sahlholm, PhD, is a senior manager responsible for the software platform as well as development and data toolchains for autonomous systems at Scania CV AB. He has 20 years of experience in software and control systems within the automotive industry. He completed his master's degree in engineering physics at Uppsala university in 2005, and his PhD in automatic control at KTH Royal Institute of Technology in 2011.

Adam Molin, DENSO AUTOMOTIVE

A Systems Engineering Perspective on Safe Automated Driving

Abstract: Verification and validation processes play a vital role in ensuring the safety and reliability of automated driving. To build a consistent safety argument, a rigorous systems engineering approach needs to be applied that considers the system design, as well as the verification and validation activities. The main objective is to comprehensibly decompose the high-level safety goals into manageable system/component and process requirements and to define activities that give evidence for their satisfaction. In this talk, we will provide a systems engineering perspective to arrive at a safety argument for automated driving within its operational design domain and show how run-time monitoring and scenario-based testing play a pivotal role in the argumentation process.

Biography: Dr. Adam Molin is Technical Manager in Corporate R&D at DENSO AUTOMOTIVE Deutschland GmbH, where he has been working since 2016. At DENSO, his R&D area is on system design, verification, and validation methodologies for automated driving. Prior to this, for more than 8 years, he worked as researcher at Technische Universität München and KTH Royal Institute of Technology in Stockholm. He holds a PhD in electrical engineering from Technische Universität München.

Alexandru Forrai, Siemens Digital Industries Software

Modular, Traceable and Certifiable Verification and Validation of Automated Driving Systems

Abstract: Verification and validation of automated driving systems (ADS) remains a challenging task for the automotive industry due to system complexity and unknown/unpredictable/dynamic/evolving nature of the environment (operational design domain), in which they are deployed. In other industry sectors, highly complex systems are verified, validated, and deployed in known and predictable dynamic environments. The automotive industry spent significant efforts to develop automated driving systems but much more efforts are needed to properly monitor, predict, and control the operational design domain, so the deployed ADS operates safely and delivers the designed performance.

In this talk we will highlight the main challenges related to the verification and validation of automated driving systems. We will present a state-of-the-art modular, traceable, and certifiable verification and validation framework based on a multi-pillar approach, inline with the existing European legislation and applicable standards. We will emphasize, the importance of systems engineering approach – based on well-defined processes, certified software tools, proper expertise and experience of the development team – in the aim to develop and deploy a safe, performant and certified ADS in the defined operational design domain.

Biography: Alexandru Forrai holds a master-of-science degree in electrical engineering and a Ph.D. degree in applied computer science, both from Technical University of Cluj-Napoca, Romania. Currently, he is a fellow scientist at Siemens Digital Industries Software, where his main research interests are focused on safety assurance and scenario-based verification and validation of automated driving systems.

He contributed to the development to one of the first automated emergency braking systems, operating at low speeds, while working at Continental Automotive Systems. He was part of the development and certification team of the electric/electronic safety system for high-speed elevators installed in Shanghai Tower, China, while working at Mitsubishi Electric. He published several scientific articles, holds a few patens and he is the author of the book: "Embedded Control System Design - a Model Based Approach", published by Springer in 2012.

Tichakorn (Nok) Wongpiromsarn, Iowa State University

Design and Analysis of Perception-Based Control Systems

Abstract: Autonomous systems signify a transformative shift from traditional observer-based control to perception-based control systems, where the conventional observer is replaced by a more sophisticated perception component that does not only estimate the internal state of the system but also the external environment. These estimates encompass a wide range of information, including real values such as positions and velocities of relevant objects, as well as discrete values such as the types of the objects. Furthermore, the objective of the controller is not simply to stabilize the system but to achieve complex tasks such as satisfying the rules of the road.

The separation principle plays a pivotal role in observerbased control by enabling the independent design of the observer and controller and allowing the controller to treat the state estimate as if it were the true value. Remarkably, perception-based control adopts a similar design philosophy to decouple the perception and control tasks, even though the separation principle may not hold. To address this challenge, in this talk, I will introduce novel metrics tailored for assessing the performance of the perception component and demonstrate their application in rigorous system-level analyses. Furthermore, I will discuss a novel training framework that augments the perception component with an understanding of system-level objectives.

Biography: Tichakorn (Nok) Wongpiromsarn is an Assistant Professor in the Department of Computer Science at Iowa State University, where she also serves as the director of the Autonomous Systems Laboratory. In addition to her academic role, she holds a Visiting Academic position with Amazon Robotics. She received her Ph.D. in Mechanical Engineering from the California Institute of Technology in 2010. Her research interests lie in the broad area of computer science, control theory, and optimization, with a particular focus on the design and analysis of autonomous systems. A significant portion of her career has been devoted to the development of autonomous vehicles, both in academic and industry settings. Before joining ISU, she held the position of principal research scientist and led the planning team at nuTonomy (now Motional).

Bart Besselink, University of Groningen

Contract-Based Modular Analysis of Linear Control Systems

Abstract: The growing complexity of modern engineering systems calls for a theory for verification and design that is inherently modular, i.e., allows for independent analysis of system components. This talk will present such theory by introducing assume-guarantee contracts for linear control systems, inspired by contract theories from the field of computer science and exploiting behavioral systems theory. In addition to using contracts as a description of component and system specifications, we will present results on compositional analysis using contracts. This enables modular verification and design as, first, subsystems merely need to guarantee satisfaction of their local contract and, second, correctly designed contracts guarantee desired global system behavior. The results will be illustrated on a simple example of autonomous highway driving.

Biography: Bart Besselink is an associate professor at the Bernoulli Institute for Mathematics, Computer Science and Artificial Intelligence of the University of Groningen, the Netherlands. He received the M.Sc. degree (cum laude) in Mechanical Engineering in 2008 and the Ph.D. degree in 2012, both from Eindhoven University of Technology, the Netherlands. He was a short-term visiting researcher at the Tokyo Institute of Technology, Japan, in 2012, and a post-doctoral researcher at the Department of Automatic Control and ACCESS Linnaeus Centre at KTH Royal Institute of Technology, Sweden, between 2012 and 2016. His main research interests are on mathematical systems theory for large-scale interconnected systems, with emphasis on contract-based verification and control, model reduction, and applications in intelligent transportation systems and neuromorphic computing. He is a recipient of the 2020 Automatica Paper Prize.

Antoine Girard, CentraleSupélec

Contract-Based Design and Set Invariance

Abstract: Contract theory is a promising framework for rigorous component-based design of highly dynamic distributed systems. Formally, a contract is a specification consisting of pairs of assumptions and guarantees. A guarantee describes the task that the component must fulfill when its environment (made of other components and of the external environment) satisfies the associated assumption. Assume-guarantee contracts make it possible to design components that can adapt under dynamic and uncertain working conditions. Moreover, compositional reasoning makes it possible to prove properties of the global systems based on the contracts satisfied by its components. In this talk, we will explore the connections between assume-guarantee contracts and set invariance, a concept which forms one of the cornerstone of modern control theory. In the first part of the talk, we will see that assume-guarantee contracts can help us prove invariance properties of interconnected dynamical systems. In the second part of the talk, we will consider assume-guarantee contracts for more complex properties and show that the verification problem can be tackled through set-theoretic tools such as invariant sets.

Biography: Antoine Girard is a Senior Researcher at CNRS and a member of the Laboratory of Signals and Systems. He received the Ph.D. degree from Grenoble Institute of Technology, in 2004. From 2004 to 2006, he held postdoctoral positions at University of Pennsylvania and Université Grenoble-Alpes. From 2006 to 2015, he was an Assistant/Associate Professor at the Université Grenoble-Alpes. His main research interests deal with analysis and control of hybrid systems with an emphasis on computational approaches, formal methods and applications to cyber-physical and autonomous systems.

Antoine Girard is an IEEE Fellow. He received the George S. Axelby Outstanding Paper Award from the IEEE Control Systems Society in 2009. In 2014, he was awarded the CNRS Bronze Medal. In 2015, he was appointed as a junior member of the Institut Universitaire de France (IUF). In 2016, he was awarded an ERC Consolidator Grant. In 2018, he received the European Control Award.

Pierluigi Nuzzo, University of Southern California

Assume-Guarantee Contracts for Trustworthy Autonomous Systems

Abstract: Increasingly more sophisticated tasks that were previously allocated to humans are expected to be performed by software, including modern artificial intelligence (AI) methods, in a variety of mission-critical cyber-physical systems, including autonomous driving systems. One of the biggest challenges to trustworthy autonomy is arguably in showing that these software and AI-enabled autonomous functions, running on heterogeneous, interconnected sensing, computation, and actuation platforms, will still satisfy the stringent safety and dependability requirements of mission-critical systems in uncertain or unpredictable environments.

In this talk, I will introduce our approach to design-time assurance for autonomous systems. I will present the rich modeling and specification formalism of assume-guarantee contracts, and their probabilistic extensions, enabling compositional, quantitative requirement analysis and system verification in the presence of uncertainty. I will introduce synthesis methods, supported by contracts, for correct-by-construction design of optimal control and reinforcement learning policies in uncertain and unknown environments with provable guarantees on the satisfaction of complex missions, expressed by temporal logic languages. Finally, I will discuss how contracts can provide the semantic foundation for the automated construction of assurance cases, structured arguments about system dependability, which can accelerate system certification and help transition from a process-driven to a property-driven certification approach.

Biography: Pierluigi Nuzzo is the Kenneth C. Dahlberg Early Career Chair and an Associate Professor of Electrical and Computer Engineering and Computer Science at the University of Southern California, where he co-directs the Center for Autonomy and Artificial Intelligence. He received a PhD degree from UC Berkeley in 2015, and BS and MS degrees from the University of Pisa and the Sant'Anna School of Advanced Studies in Pisa. He also held research positions at the University of Pisa and IMEC, Leuven, Belgium, working on mixed-signal integrated circuit design. His current interests revolve around methodologies and tools for high-assurance design of cyber-physical systems and systems-on-chip, including contract-based design and compositional methods, computer-aided design and verification of safe and dependable autonomous systems, automated generation and validation of assurance cases for system certification, and analysis and design of secure and trustworthy hardware platforms.

His awards include the IEEE Council on Electronic Design Automation (CEDA) Ernest S. Kuh Early Career Award in 2023, the Okawa Research Grant in 2022, the IEEE Technical Committee on Cyber-Physical Systems Early-Career Award in 2022, the DARPA Young Faculty Award in 2020, the NSF CAREER Award in 2019, the UC Berkeley EECS David J. Sakrison Memorial Prize, and several best paper and design competition awards.

9:00 - 9:10	Welcome
9:10 - 9:40	Per Sahlholm, Scania Integrating Autonomy: Software Challenges in Heavy-Duty Vehicle Automation
9:40 - 10:10	Adam Molin, DENSO AUTOMOTIVE A Systems Engineering Perspective on Safe Automated Driving
10:10 - 10:30	Coffee break
10:30 - 11:00	Alexandru Forrai, Siemens Modular, Traceable and Certifiable Verification and Validation of Automated Driving Systems
11:00 - 11:40	Tichakorn (Nok) Wongpiromsarn, Iowa State University Design and Analysis of Perception-Based Control Systems
11:40 - 13:30	Break for lunch
13:30 - 13:40	Welcome back
13:40 - 14:20	Bart Besselink, University of Groningen Contract-Based Modular Analysis of Linear Control Systems
14:20 - 15:00	Antoine Girard, CentraleSupélec Contract-Based Design and Set Invariance
15:00 - 15:30	Coffee break
15:30 - 16:10	Pierluigi Nuzzo, University of Southern California Assume-Guarantee Contracts for Trustworthy Autonomous Systems
16:10 - 16:40	Panel discussion

Abstract