The growing number of autonomous-car demonstration programs foreshadow a future of self-driving vehicles, but making the transition to series production is no easy feat, according to engineers and scientists at the recent Autonomous Car Detroit conference.
“To make the leap from controlled, automated vehicle driving trials with system and/or human re-engagement requires a lot of algorithm and software work. It also requires a significant amount of testing, verification, validation, and ultimately some type of certification--and those steps haven’t been taken yet,” noted John Maddox, Assistant Director of the Mobility Transformation Center at the University of Michigan.
Vehicles that offer lane keeping, automatic emergency braking, and other driver assist technologies represent the underpinnings of today’s semi-autonomous driving experience. As the level of automated driving increases in the future, the driver will be free, at times, to do non-driving tasks.
But the process of putting control of a self-driving car back into human hands, the so-called hand-back, is a tricky issue to resolve, according to Dr. Ken Laberteaux, Senior Principal Scientist, Future Mobility Research Department for Toyota Research Institute of North America.
“It’s not purely an engineering question,” Laberteaux told Automotive Engineering. “It’s also a human factors question. It’s understanding how to engage drivers to have the right level of attention at various times through a driving situation.”
Control code vulnerabilities
Autonomous cars are heavily software-dependent, which underscores why code security is essential. It’s a challenging undertaking in a world in which software bugs are common. With a fully autonomous vehicle having tens of millions of lines of code, the potential for trouble is significant.
Joe Fabbre, Director of Platform Solutions at Green Hills Software, outlined the impact of 1000 lines of code hypothetically containing 0.05 found vulnerabilities and 0.15 undetected vulnerabilities. “This means 2500 vulnerabilities will be discovered in the platform over 5 years, and 7500 vulnerabilities will be undiscovered [representing] a potential for zero-day attacks,” he explained.
A comprehensive approach to software security that includes code analysis and lifecycle management is imperative, Fabbre stressed.
The product development process needs a laser-like focus on safety critical pieces of code. “At Green Hills Software, we require that every line of code is understood by the engineer responsible for that component,” said Fabbre, adding, “Having a full understanding of exactly what that code is going to do in every possible situation is key to making it highly secure and highly safe.”
According to Fabbre, software code writing companies, including suppliers and automakers, should consider independent expert system validation as an additional cross-check. “That really results in the most reliable, most secure systems,” he said.
The typical automotive practice of using an operating system platform for R&D work and a separate platform for advanced engineering development has a downside, according to Jack Weast, Intel's Principal Engineer and Chief Architect for Autonomous Solutions.
According to Weast, there are automotive industry companies with “teams that do nothing but port code from one platform to another platform. But once you’re dealing with tens of millions of lines of code, it’s impractical to follow that practice.”
He said using the same operating system and micro-architecture environment from R&D through production is an Intel specialty: “We think it’s very unique and could save significant amounts of effort and time moving forward.”
System redundancy is vital
Vehicle system redundancy will be a key fixture of autonomous vehicle development, according to Jeremy Carlson, Senior Analyst, Autonomous Driving for IHS Automotive. “There’s already a pretty high bar of quality and reliability that goes into any engineered part of the vehicle,” Carlson told Automotive Engineering. “One of the big things that will change, though, is the need for redundant systems.”
That emphasis on redundancy will be akin to practices in the aviation industry, he noted. “There’s no consensus on what level of redundancy is needed, but we’re already seeing multiple sensors, such as camera, radar, and Lidar, for redundant input,” said Carlson, “And the need for redundant control will increase.”
Obstacle detection amid 360º views of the vehicle’s surroundings are an automated-car must, especially for those with SAE Level 5 (full) autonomy. For engineers, "it’s not just about figuring out what’s the graceful degradation from one level to the next, or from one system to a back-up system,” said Carlson, “It’s also about putting that technology into a vehicle where packaging space is always at a premium.”
According to industry experts, autonomous vehicles with human fallback are only a few years from being in the market, while autonomous vehicles with system-level fallback—known as SAE Levels 4 and 5 (high and full autonomy) could reach the U.S. market in the 2020-2030 timeframe.