The complexity of American farming has seen rapid changes over the past 75 years. Long gone are the days of using a horse and plow, and according to a team of University of Illinois researchers led by Prof. Tarek Abdelzaher, the days of sensor-assisted tractors that safely drive themselves are in the not-so-far future. Professors Tarek Abdelzaher, Lui Sha and Marco Caccamo are working to develop trustworthy software for next-generation farm vehicles in a $900k NSF project.
Leading US off road equipment companies have perfected the physical, electrical, and hydraulic design of their off-road products, but computer scientists might help solve a new piece of the puzzle: that of perfecting software design.
“The design and safe operation of farming vehicles is rapidly becoming an Information Technology problem”, says Abdelzaher. “Ultimately, there are no significant technological barriers to fully autonomous off-road vehicle operation, except for software safety.” Can a vehicle reliably detect when it should stop to avoid harming others on its way? Can it know enough to slow down to prevent roll-over on sloped, uneven terrain after heavy rain? Can it reliably follow a prescribed path to avoid damage to crops? Will it know the right thing to do if it lost communication with home base? With GPS, vision, and other sensors commonly available, and new performance features such as autonomous navigation being introduced, it becomes up to the maturity of the software design to responsibly ensure safety, prevent costly recalls, and guarantee that software bugs will not (literally) crash farming vehicles.
The project explores the use of a new architectural paradigm to enable a next generation of safe vehicles for US agriculture that will run perfectly even when the software that runs them does not. “We have all experienced software crashes on our PCs” says Caccamo. “The idea is to prevent such errors from happening when a computer is driving the vehicle. This is not the same as saying we expect computer programmers to become flawless. We have to live with the fact that people who write software will make mistakes and formal methods are still short of fully automating the process. Our architecture should automatically deal with mistakes in ways that do not jeopardize vehicle safety.”
The project leverages architectural advances developed by Illinois computer science Prof. Lui Sha that significantly reduce the cost of embedded software development. Sha’s work, largely used in avionics, has demonstrated ways to structure software systems so that it is easy to prove safety and stability even if large parts of code contain bugs and are not fully tested. “The main idea is simple,” says Sha. “Unverified code that is not fully tested can be allowed to operate as long as it performs well. One needs only to understand when a critical situation is about to develop and intervene by resorting to a trusted, albeit perhaps less feature-rich mode of operation, until the danger is resolved”. The combination of highly-optimized, complex, and feature-rich components together with simple but provably correct ones, augmented with validated switch-over logic, is known as the Simplex architecture, developed by Sha.
This project also leverages Professor Caccamo's research on real time co-scheduling of computing resources. Meeting real time requirements is critical for control systems. Traditionally, each type of computing resource, CPU, Cache and I/O channels, is scheduled independently. This method no longer works well in tightly integrated modern microprocessors, where the activities on one resource can interfere with the activities on others.
With the spiraling cost of software development and testing in off-road vehicles, this project has the capacity both to maintain high reliability of future off road machines, and to pass cost savings to consumers of agricultural products leading to a stronger off road vehicle industry and safer farming at lower cost.