The performance of low-cost RTK(real-time kinematic)GPS receivers hasbeen compared to a state-of-the-art system as well to each other. Both static and dynamic performanceshavebeen compared. The dynamic performance has been evaluated using a vehicle with driving robot on the AstaZero proving ground.The assembly of the low-cost RTK GPS receivers is presented, and the test set-ups described. Besides having a lower data output frequency, two of the low-cost receivers have static and dynamic performance not far fromthat of the state-of-the-art system.
When designing safety critical and software intensive embedded systems, extensive development processes have to be followed in order to ensure that the software corresponds with the software safety requirement specification. This paper describes a study performed to investigate how to use a component based approach in order to reduce the requirements of the development processes for safety critical embedded systems. Focus is on certification of individual software components by the use of integrity contracts and how this enables software component composition and re-usability, particularly between different domains. The use of our approach in system design may reduce the effort required for an assessor in certifying an entire safety critical system.
Designing software-intensive embedded systems for dependable autonomous applications is challenging. In addition to fulfilling complex functional requirements, the system must be safe under all operating conditions, even in the presence of faults. The key to achieving this is by simulating and testing the system enough, including possible faults that can be expected, to be confident that it reaches an acceptable level of performance with preserved safety. However, as the complexity of an autonomous system and its application grows, it becomes exponentially more difficult to perform exhaustive testing and explore the full state space, which makes the task a significant challenge.
Property-Based Testing (PBT) is a software testing technique where tests and input stimuli for a system are automatically generated based on specified properties of the system, and it is normally used for testing software libraries. PBT is not a formal proof that the system fulfills the specified properties, but an effective way to find deviations from them. Safety-critical systems that must be able to deal with hardware faults are often tested using Fault Injection (FI) at several abstraction levels. The purpose of FI is to inject faults into a system in order to exercise and evaluate fault handling mechanisms. In this thesis, we utilize techniques from PBT and FI, for automatically testing functional and safety requirements of autonomous system simultaneously. We have done this on both simulations of hardware, and on real-time hardware for autonomous systems. This has been done in the process of developing a quadcopter system with collision avoidance, as well as when developing a self-driving model car. With this work we explore how tests can be auto-generated with techniques from PBT and FI, and how this approach can be used at several abstraction levels during the development of these systems. We also explore which details and design choices have to be considered while developing our simulators and embedded software, to ease testing with our proposed methods.
Testing software-intensive systems can be challenging, especially when safety requirements are involved. Property-Based Testing (PBT) is a software testing technique where properties about software are specified and thousands of test cases with a wide range of inputs are automatically generated based on these properties. PBT does not formally prove that the software fulfils its specification, but it is an efficient way to identify deviations from the specification. Safety-critical systems that must be able to deal with faults, without causing damage or injuries, are often tested using Fault Injection (FI) at several abstraction levels. The purpose of FI is to inject faults into a system in order to exercise and evaluate fault handling mechanisms. The aim of this thesis is to investigate how knowledge and techniques from the areas of FI and PBT can be used together to test functional and safety requirements simultaneously.
We have developed a FI tool named FaultCheck that enables PBT tools to use common FI-techniques directly on source code. In order to evaluate and demonstrate our approach, we have applied our tool FaultCheck together with the commercially available PBT tool QuickCheck on a simple and on a complex system. The simple system is the AUTOSAR End-to-End (E2E) library and the complex system is a quadcopter simulator that we developed ourselves. The quadcopter simulator is based on a hardware quadcopter platform that we also developed, and the fault models that we inject into the simulator using FaultCheck are derived from the hardware quadcopter platform. We were able to efficiently apply FaultCheck together with QuickCheck on both the E2E library and the quadcopter simulator, which gives us confidence that FI together with PBT can be used to test and evaluate a wide range of simple and complex safety-critical software.
In this paper we present a methodology and a platform using Fault Injection (FI) and Property-Based Testing (PBT). PBT is a technique in which test cases are automatically generated from a specification of a system property. The generated test cases vary input stimuli as well as the sequence in which commands are executed. FI is used to accelerate the occurrences of faults in a system to exercise and evaluate fault handling mechanisms and e.g. calculate error detection coverage. By combining the two we have achieved a way of randomly injecting different faults at arbitrary moments in the execution sequence while checking whether certain properties still hold. We use the commercially available tool QuickCheck for generating the test cases and developed FaultCheck for FI. FaultCheck enables the user to utilize fault models, commonly used during FI, from PBT tools like QuickCheck. We demonstrate our method and tools on a simplified example of two Airbag systems that should meet safety requirements. We can easily find a safety violation in one of the examples, whereas by using the AUTOSAR E2E-library implementation, exhaustive testing cannot reveal any such safety violation. This demonstrates that our approach on testing can reveal certain safety violations in a cost-effective way. © 2014 ACM.
In this paper we present a methodology and a platform using Fault Injection (FI) and Property-Based Testing (PBT). PBT is a technique in which test cases are automatically generated from a specification of a system property. The generated test cases vary input stimuli as well as the sequence in which commands are executed. FI is used to accelerate the occurrences of faults in a system to exercise and evaluate fault handling mechanisms and e.g. calculate error detection coverage. By combining the two we have achieved a way of randomly injecting different faults at arbitrary moments in the execution sequence while checking whether certain properties still hold. We use the commercially available tool QuickCheck for generating the test cases and developed FaultCheck for FI. FaultCheck enables the user to utilize fault models, commonly used during FI, from PBT tools like QuickCheck. We demonstrate our method and tools on a simplified example of two Airbag systems that should meet safety requirements. We can easily find a safety violation in one of the examples, whereas by using the AUTOSAR E2E-library implementation, exhaustive testing cannot reveal any such safety violation. This demonstrates that our approach on testing can reveal certain safety violations in a cost-effective way.
We present a quadcopter platform built with commodity hardware that is able to do localization in GNSS-denied areas and avoid collisions by using a novel easy-to-setup and inexpensive ultrasound-localization system. We address the challenge to accurately estimate the copter's position and not hit any obstacles, including other, moving, quadcopters. The quadcopters avoid collisions by placing contours that represent risk around static and dynamic objects and acting if the risk contours overlap with ones own comfort zone. Position and velocity information is communicated between the copters to make them aware of each other. The shape and size of the risk contours are continuously updated based on the relative speed and distance to the obstacles and the current estimated localization accuracy. Thus, the collision-avoidance system is autonomous and only interferes with human or machine control of the quadcopter if the situation is hazardous. In the development of this platform we used our own simulation system using fault-injection (sensor faults, communication faults) together with automatically-generated tests to identify problematic scenarios for which the localization and risk contour parameters had to be adjusted. In the end, we were able to run thousands of simulations without any collisions, giving us confidence that also many real quadcopters can manoeuvre collision free in space-constrained GNSS-denied areas. ©2015 IEEE.
We present a quadcopter platform built with commodity hardware that is able to do localization in GNSS-denied areas and avoid collisions by using a novel easy-to-setup and inexpensive ultrasound-localization system. We address the challenge to accurately estimate the copter's position and not hit any obstacles, including other, moving, quadcopters. The quadcopters avoid collisions by placing contours that represent risk around static and dynamic objects and acting if the risk contours overlap with ones own comfort zone. Position and velocity information is communicated between the copters to make them aware of each other. The shape and size of the risk contours are continuously updated based on the relative speed and distance to the obstacles and the current estimated localization accuracy. Thus, the collision-avoidance system is autonomous and only interferes with human or machine control of the quadcopter if the situation is hazardous. In the development of this platform we used our own simulation system using fault-injection (sensor faults, communication faults) together with automatically-generated tests to identify problematic scenarios for which the localization and risk contour parameters had to be adjusted. In the end, we were able to run thousands of simulations without any collisions, giving us confidence that also many real quadcopters can manoeuvre collision free in space-constrained GNSS-denied areas.
Autonomous vehicles need accurate and dependable positioning, and these systems need to be tested extensively. We have evaluated positioning based on ultrawideband (UWB) ranging with our self-driving model car using a highly automated approach. Random drivable trajectories were generated, while the UWB position was compared against the Real-Time Kinematic Satellite Navigation (RTK-SN) positioning system which our model car also is equipped with. Fault injection was used to study the fault tolerance of the UWB positioning system. Addressed challenges are automatically generating test cases for real-time hardware, restoring the state between tests, and maintaining safety by preventing collisions. We were able to automatically generate and carry out hundreds of experiments on the model car in real time and rerun them consistently with and without fault injection enabled. Thereby, we demonstrate one novel approach to perform automated testing on complex real-time hardware. Copyright © 2020 Benjamin Vedder et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Autonomous vehicles need accurate and dependable positioning, and these systems need to be tested extensively. We have evaluated positioning based on Ultra-Wide Band (UWB) ranging with our self-driving model car using a highly automated approach. Random drivable trajectories were generated, while the UWB position was compared against the Real-Time Kinematic Satellite Navigation (RTK-SN) positioning system that our model car also is equipped with. Fault injection was used to study the fault tolerance of the UWB positioning system. Addressed challenges are: automatically generating test cases for real-time hardware, restore the state between tests and to maintain safety by preventing collisions. We were able to automatically generate and carry out hundreds of experiments on the model car in real time, and re-run them consistently with and without fault injection enabled. Thereby we demonstrate one novel approach to perform automated testing on complex real-time hardware.
Accurate positioning is a requirement for many applications, including safety-critical autonomous vehicles. To reduce cost and at the same time improving accuracy for positioning of autonomous vehicles, new methods, tools and research platforms are needed. We have created a low-cost testbed consisting of electronics and software, that can be fitted on model vehicles allowing them to follow trajectories autonomously with a position accuracy of around 3 cm outdoors. The position of the vehicles is derived from sensor fusion between Real-Time Kinematic Satellite Navigation (RTK-SN), odometry and inertial measurement, and performs well within a 10 km radius from a base station. Trajectories to be followed can be edited with a custom GUI, where also several model vehicles can be controlled and visualized in real time. All software and Printed Circuit Boards (PCBs) for our testbed are available as open source to make customization and development possible. Our testbed can be used for research within autonomous driving, for carrying test equipment, and other applications where low cost and accurate positioning and navigation is required. © 2018 Benjamin Vedder et al.
Accurate positioning is a requirement for many applications, including safety-critical autonomous vehicles. To reduce cost and at the same time improving accuracy for positioning of autonomous vehicles, new methods, tools, and research platforms are needed. We have created a low-cost testbed consisting of electronics and software that can be fitted on model vehicles allowing them to follow trajectories autonomously with a position accuracy of around 3 cm outdoors. The position of the vehicles is derived from sensor fusion between Real-Time Kinematic Satellite Navigation (RTK-SN), odometry, and inertial measurement and performs well within a 10 km radius from a base station. Trajectories to be followed can be edited with a custom GUI, where also several model vehicles can be controlled and visualized in real time. All software and Printed Circuit Boards (PCBs) for our testbed are available as open source to make customization and development possible. Our testbed can be used for research within autonomous driving, for carrying test equipment, and other applications where low cost and accurate positioning and navigation are required.
Cyclists are not well protected in accidents with other road users, and there are few active safety systems available for bicycles. In this study we have evaluated the use of inexpensive Real-Time Kinematic Satellite Navigation (RTK-SN) receivers with multiple satellite constellations together with dead reckoning for accurate positioning of bicycles to enable active safety functions such as collision warnings. This is a continuation of previous work were we concluded that RTK-SN alone is not sufficient in moderately dense urban areas as buildings and other obstructions degrade the performance of RTK-SN significantly. In this work we have added odometry to the positioning system as well as extending RTK-SN with multiple satellite constellations to deal with situations where the view of the sky is poor and thus fewer satellites are in view. To verify the performance of the positioning system we have used Ultra-Wideband radios as an independent positioning system to compare against while testing during poor conditions for RTK-SN. We were able to verify that adding dead reckoning and multiple satellite constellations improves the performance significantly under poor conditions and makes the positioning system more useful for active safety systems. © 2018 IEEE
Cyclists are not well protected in accidents with other road users, and there are few active safety systems available for bicycles. In this study we have evaluated the use of inexpensive Real-Time Kinematic Satellite Navigation (RTK-SN) receivers with multiple satellite constellations together with dead reckoning for accurate positioning of bicycles to enable active safety functions such as collision warnings. This is a continuation of previous work were we concluded that RTK-SN alone is not sufficient in moderately dense urban areas as buildings and other obstructions degrade the performance of RTK-SN significantly. In this work we have added odometry to the positioning system as well as extending RTK-SN with multiple satellite constellations to deal with situations where the view of the sky is poor and thus fewer satellites are in view. To verify the performance of the positioning system we have used Ultra-Wideband radios as an independent positioning system to compare against while testing during poor conditions for RTK-SN. We were able to verify that adding dead reckoning and multiple satellite constellations improves the performance significantly under poor conditions and makes the positioning system more useful for active safety systems.
In this work we use our testing platform based on FaultCheck and QuickCheck that we apply on a quadcopter simulator. We have used a hardware platform as the basis for the simulator and for deriving realistic fault models for our simulations. The quadcopters have a collision-avoidance mechanism that shall take over control when the situation becomes hazardous, steer away from the potential danger and then give control back to the pilot, thereby preventing collisions regardless of what the pilot does. We use our testing platform to randomly generate thousands of simulations with different input stimuli (using QuickCheck) for hundreds of quadcopters, while injecting faults simultaneously (using FaultCheck). This way, we can effectively adjust system parameters and enhance the collision-avoidance mechanism. © 2015 IEEE
Safety ADD is a tool for working with safety contracts for software components. Safety contracts tie safety related properties, in the form of guarantees and assumptions, to a component. A guarantee is a property the component promises to hold, on the premise that the environment provides its associated assumptions. When multiple software components are integrated in asystem, Safety ADD is used to verify that the guarantees and assumptions match when there are safety-related dependencies between the components. The initial goal of Safety ADD is to investigate how safety contracts can be managed and used efficiently within the software design process. It is implemented as an Eclipse plug in. The tool has two main functions. It gives designers of software components a way to specify safety contracts, which are stored in an XML format and shall be distributed together with the component. It also gives developers who integrate multiple software components in their systems a tool to verify that the safety contracts are fulfilled. A graphical editor is used to connect guarantees and assumptions for dependent components, and an algorithm traverses all such connections to make sure they match.