Agile Software Development, Level 5 Autonomous Driving

Adacore Interview: Developing High Integrity Software at the Highest Level of Safety

Rob Tice | Lead Technical Account Manager | AdaCore

In the run-up to the ScaleUp 360° Automotive AI, we.CONECT spoke with Rob Tice, Lead Technical Account Manager at AdaCore, about the challenges in the developmentz of autonomous vehicles and his presentation on developing high integrity software at the highest level of safety (ASIL-4).

we.CONECT: What technical challenge fascinates you most about autonomous driving?

Rob Tice: The core technology “driving” the autonomous vehicle industry is based on heuristics and therefore, it is difficult to guarantee that a system will take decisions based on a specified design or behavior. Technologists and modern philosophers have posed scenarios where a car has to make a decision where all of the potential outcomes are bad, and car manufacturers have, for better or for worse, taken stances on what their systems would or wouldn’t do.
Unfortunately, these types of deterministic behaviors are difficult to guarantee when the system making decisions is a machine learning system with a non-infinite set of training data. This is a totally foreign challenge for other safety critical industries like aerospace and railway where software implementations are rigorously tested against strict behavior specifications. Now that the automotive industry is delving into the realm of safety critical software development, it will be a challenge to understand how to use heuristic based decision making while still guaranteeing the safety of passengers and by-standers.

we.CONECT: What do you consider the most important breakthrough in fully autonomous vehicle development in the next five years?

Rb Tice: In most safety critical software development lifecycles, there is a testing and validation phase, which guarantees the correctness of the software implementation. Today this is done through rigorous testing, static analysis, and even formal methods analysis. For systems using machine learning, these types of traditional testing techniques become difficult or don’t apply because of the non-deterministic nature of the processing. However, these types of validation of safety are necessary for the public to trust and adopt the technology.

we.CONECT: Where do you see the biggest opportunities in the application of AI, machine-, deep- & reinforcement learning in the development of fully autonomous vehicles?

Rob Tice: Level 5 autonomous vehicles will allow to us to improve the ecological footprint of driving vehicles, optimizing speed and trajectories and reducing the need for individual cars. This will also allow regulators to impose much more precise driving regulations which will ultimately increase the safety of everyone on the road as well as pedestrians and bicyclists.

we.CONECT: When do you think we will see level 5 autonomous vehicles / cars deployed massively on the road in the US and overtake the deployment of conventional vehicles?

Rob Tice: It is very difficult to plan ahead, and this is going to be a very un-democratic deployment. The most probable scenario is that autonomous vehicles will start developing in metropolitan areas where people tend not to own personal vehicles, or even, may not have a driving license. This may start being significant within a 10 year timeframe.

we.CONECT: Please explain in brief the key aspects of your session at the ScaleUp 360° Automotive AI 2020.

Rob Tice: Developing high integrity software at the highest level of safety (ASIL-4) requires the introduction of expensive specification and verification techniques. C and C++ as  programming languages aren’t designed to accompany these processes and requires a lot of tooling and work to achieve the right level of confidence. This webinar session will develop an alternative approach based on the Ada programming language and the SPARK formal proof enforcement, showing how using coding techniques built for verification can reduce high-integrity software development and increase overall reliability and time-to-market.

we.CONECT: What was your first car and how would your dream car of the future look like?

Rob Tice: Cars of the future are going to change dramatically from what we now understand as “a car”. The look and feel of a modern automobile is designed primarily to house a combustion engine and protect the driver and passengers during a potential collision. As the industry moves towards alternative-energy vehicles without drivers, we will see the designs change to accommodate the different use case and safety cases of the car. Based on the news coming from many new aerospace/automotive hybrid startups, we might even get to see a flying vehicle reminiscent of the Jetsons in our lifetime.

we.CONECT: Thank you, Rob, for taking part in our interview!

Join Rob Tice’s webinar session at 2020 ScaleUp 360° Automotive AI:

Session title: Beyond the boundaries of C: writing ASIL-4 software with verification-centric language SPARK Ada and Formal Proof
Date: February 04, 2020, 02:15 PM (CET)
Follow this link to sign up now for free: Online registration
Signing up automatically gives you access to all webinar sessions at ScaleUp 360° Automotive AI, February 04 – 05, 2020

ScaleUp 360° Automotive AI – the digital event deep diving into Level +5 automation. Experience 2 days with 12 live webinars and case studies by stakeholders involved in deep driving, imaging, computer vision, sensor fusion and perception in the Level +5 automation scene.