EDA for Autonomous Behavior Assurance

Abstract

The paper "EDA for Autonomous Behavior Assurance" explores the challenges and opportunities in applying electronic design automation (EDA) to the design and verification of autonomous systems, which are self-governed and self-adaptive systems that must meet stringent safety and correctness requirements. Unlike traditional cyber-physical systems (CPS), autonomous systems operate in underspecified and evolving environments, rendering conventional design processes, such as the V-model, insufficient for ensuring their autonomous behavior. The paper discusses how the inherent uncertainty and adaptability of autonomous systems necessitate novel approaches in specification, verification, and monitoring. The paper proposes a two-phase design process, comprising a lab design phase and an autonomous operation phase, where EDA tools play a critical role in enabling formal methods for requirement specification, design space exploration, verification under uncertainty, and runtime monitoring. By integrating EDA into both phases, the paper also argues that it can support the development of safe and reliable autonomous systems, addressing challenges such as incomplete specifications, emergent behaviors, and compliance with safety standards like ISO 26262 and ISO/PAS 21448.

Summary

The paper "EDA for Autonomous Behavior Assurance: Invited Paper," addresses the unique challenges posed by the design and verification of autonomous systems, which are defined as self-governed and self-adaptive systems capable of making decisions to achieve goals while maintaining operation in the presence of uncertainties and failures. These systems, often referred to as autonomous cyber-physical systems (CPS), operate in domains such as automotive, robotics, and industrial control, where they must meet stringent timing and dependability requirements. Unlike traditional CPS, which assume a well-defined environment, autonomous systems function in underspecified or evolving environments, requiring them to adapt their behavior dynamically. This adaptability introduces significant challenges for traditional design processes, such as the V-model, which relies on complete specifications and hierarchical decomposition followed by integration and testing.

The paper highlights that traditional safety standards, such as ISO 26262 for functional safety, assume a complete system specification and focus on mitigating risks due to system failures. However, autonomous systems face additional challenges due to their operation in open, unpredictable environments, where functional deficiencies may arise from unforeseen situations. The ISO/PAS 21448 standard, addressing the safety of the intended functionality (SOTIF), aims to reduce such risks by identifying and mitigating potential functional deficiencies, particularly in complex scenarios like urban traffic. The paper underscores that traditional verification methods, which are effective for classical CPS components like actuation control or operating systems, are inadequate for ensuring the correctness of autonomous behaviors, such as goal-driven decision-making and perception, which evolve during operation.

To address these challenges, the paper proposes a two-phase design process for autonomous systems: the lab design phase and the autonomous operation phase. In the lab design phase, the focus is on formulating behavioral goals and constraints, designing configurable hardware and software architectures, and conducting verification under uncertainty. This phase requires new languages and formal methods to specify evolving requirements and ensure bounded behavior, drawing inspiration from knowledge representation and task planning in robotics. Design space exploration is emphasized as a critical task, balancing performance and energy optimization with the need for isolation to prevent unwanted interference in evolving systems. Verification in this phase must account for the uncertainty of autonomous behavior, defining properties and abstractions that can extend to the operation phase. The paper also suggests that verification can leverage monitors designed to detect anomalies and ensure adherence to behavioral constraints, such as compliance with traffic laws.

The autonomous operation phase begins after deployment and involves runtime verification, self-monitoring, and self-adaptation. Monitors, synthesized as part of a hardware/software co-design process, play a crucial role in bounding system behavior and detecting anomalies, such as emergent behaviors that could compromise safety. These monitors must be flexible and reconfigurable to adapt to the evolving system and environment. The paper also highlights the importance of a comprehensive self-image, built from design-time models and data, which supports self-diagnosis, self-training, and automated failure analysis during operation. Such a self-image enables advanced techniques like failure mode and effects analysis (FMEA) and fault tree analysis (FTA) to be applied at runtime, expanding the behavioral space of autonomous systems while maintaining safety and reliability.

The role of electronic design automation (EDA) is central to both phases. In the lab design phase, EDA tools must support formal methods for requirement specification, verification, and synthesis of monitors, addressing the complexity of autonomous systems. In the operation phase, EDA extends to runtime configuration and optimization, leveraging design-time data to support self-X capabilities, such as self-awareness and self-configuration. The paper argues that integrating EDA into the entire design process, rather than treating autonomous behavior as a separate domain, is essential for ensuring the safety and correctness of autonomous systems. They cite initial work in autonomous vehicle design as evidence of the potential of design automation (DA) methods, suggesting that further development of EDA tools could unlock significant opportunities for critical systems.

The paper concludes by noting that this work is an excerpt from a forthcoming publication in IEEE Design & Test, indicating ongoing research into autonomous systems design as a new discipline. By addressing the limitations of traditional design processes and proposing a role for EDA in both design and operation phases, it also provides a roadmap for developing safe, reliable, and adaptable autonomous systems capable of operating in complex, uncertain environments.