AV: Can You Trust Your Co-Pilot?

Article By : Junko Yoshida

IVEX has the lofty goal of developing software technology that “guarantees and validates” safety-critical decisions made by AVs.


IVEX embedded safety co-pilot
(Source: IVEX)

IVEX, a Belgian startup founded in 2017, has the lofty goal of developing software technology that “guarantees and validates” safety-critical decisions made by AVs.

Seriously, how do they plan to do this?

Mario Torres
Mario Torres

Mario Torres, IVEX CEO, told EE Times that his company’s software components — named “safety co-pilot” — will reside atop the existing AV stack used by carmakers. This software, functioning as “an extra safety layer,” will constantly evaluate the safety state of the AV, he explained. The goal is to “sufficiently guarantee” AV safety in any given environment.

Right now, the prevalent theory is that AVs will make roads safer. But the very nature of a “probabilistic data-driven decision-making” process now applied by AVs makes it hard to guarantee that the system will follow the rules of the road. In other words, AVs “need a [deterministic] solution that gives runtime guarantee on their behavior,” Torres noted.

In developing IVEX’s safety co-pilot, Torres acknowledged that his team was “inspired by RSS [Responsibility-Sensitive Safety],” a mathematical model originally developed by Mobileye (now an Intel company) for AV safety. “We like [the] RSS approach,” he said.

The difference from RSS in IVEX’s model, however, is that it’s designed to cope with the unexpected. Torres explained, “RSS does not take into account imperfect perception and sensor failure, but we do.” IVEX models explicitly target “uncertainty of perception (obstacle detection, prediction), sensor data inconsistency, [and] failure conditions.”

Under such conditions, the IVEX model then prompts AVs to behave in accordance with specified safety rules.

Ivex Tech
(Source: IVEX)

What the IVEX safety co-pilot offers

When an AV is boxed in on a road, for example, with a certain distance to its left and front, the IVEX safety co-pilot software suggests to the AV, for example: “Reduce your speed by at least XX.”

But it doesn’t stop there. The IVEX safety co-pilot will calculate the risk levels faced by the car. The co-pilot software, for example, tells the AV the safe longitudinal acceleration when its lateral distance is one meter by predicting what could happen after the car slows down.

The safety co-pilot developed by IVEX is designed to constantly check the trajectory projected by motion-planning components.

The same software evaluates and makes decisions based on the safety of the planned trajectory. The safety co-pilot factors in a variety of perceived environments and different likely scenarios. To obtain a reliable assessment of the world, the safety co-pilot will combine raw sensor data and post-processed data to help establish the data’s level of certainty, according to IVEX.

Then the safety co-pilot sets constraints on the planning and decision-making controller to guarantee safety according to the IVEX driving model.

In the end, IVEX claims that its formal-based technology can guarantee the safety of millions of vehicle states “from the sensors’ perspective, and the car’s reactions.” The reaction time of IVEX software is “in the order of nanoseconds, a dozen times faster than state-of-the-art probabilistic algorithms,” the startup said. IVEX clients will have a unique advantage, said Torres, because the use of IVEX safety co-pilot software enables the decision-making system “to be certain and certifiable.”

The IVEX safety co-pilot has such a “small footprint,” explained Torres, that it can even fit into a small ECU such as Infineon’s AURIX. But it is hardware-independent. IVEX offers support for different ECUs and various automotive platforms, including NVidia DrivePX.

Open problems

Testing AVs have already been out on public roads for a few years. The AV industry is already aware of several safety issues that remain open questions. IVEX cited examples as follows:

  • You are driving on the highway and want to change lanes. Is it safe or unsafe? How would you know that the motion planner has selected the best trajectory?
  • What should a car do if cameras see nothing but radars see an obstacle? Do we have safety rules for AVs that define safe behavior?
  • Many AV companies boast about the millions of miles that their testing vehicles have already driven in the real world or in simulation. These mileage numbers are impressive, but do they guarantee or validate a car’s autonomous driving behavior?

Let’s not also forget that assessing the success/failure of autonomous driving behavior during simulation or real road tests is tough. Current tools do not facilitate continuous integration reports about the behavior of an autonomous driving solution, noted IVEX.

In other words, Torres said, “Safety is a huge puzzle. It requires a very big effort to solve it.”

IVEX, founded in 2017, has developed its safety co-pilot technology based on years of research performed at KU Leuven University in Belgium. The company’s IP has been built on the team’s experience in behavior planning and functional safety.

Subscribe to Newsletter

Leave a comment