Towards Adaptive Fault Tolerance on ROS for Advanced Driver Assistance Systems
read more
Citations
A Seamless Integration of Fault-Tolerant and Real-Time Capabilities for Robot Operating System (ROS)
Effective Crash Recovery of Robot Software Programs in ROS
References
Aspect-oriented programming
Component Software: Beyond Object-Oriented Programming
Agile software development: the business of innovation
Composing adaptive software
Related Papers (5)
Design of a data-driven communication framework as personalized support for users of ADAS.
A rapid prototyping environment for cooperative Advanced Driver Assistance Systems
Frequently Asked Questions (19)
Q2. What is the purpose of an interceptor?
An interceptor provides a means to insert functionality, such as safety or monitoring nodes, into the invocation path between two ROS nodes.
Q3. What is the effect of the remapping?
Since Client and Server must be relaunched for the remapping to take effect, the insertion is done off-line, i.e. the binding between nodes is static.
Q4. What is the purpose of interceptors in ROS?
In order to be able to add fault-tolerance mechanisms to an existing ROS application in the most transparent manner, the authors need to implement interceptors.
Q5. What is the purpose of the TJP?
The development of the TJP is based on three simple use cases: i) vehicle positioning on the road, ii) vehicle control in traffic jam, and iii) emergency braking.
Q6. What is the purpose of the second FTM?
As a second FTM (FTM2), the After node of TR is responsible for triggering the repetition of the computation (involving Before and Proceed) and the vote on the various results produced before forwarding the reply to the After node of FTM1, which implements PBR.
Q7. What is the main interest of separation of concerns?
The main interest is to avoid gluing non-functional mechanisms with application code, an approach making maintenance and evolution very difficult to achieve.
Q8. What happens when a Raspberry PI crashes?
When one Raspberry PI crashes, the watchdog triggers the switch to the backup that takes over the processing of sensor data and the computing of the commands.
Q9. What are the main benefits of component-based AFT?
The main benefits of component-based AFT with respect to pre-programmed adaptation is clear: separation of concerns at runtime, componentization and dynamic binding enable FTMs to be more easily updated a posteriori during the system lifetime.
Q10. What does Adaptive Fault Tolerant Computing mean?
Adaptive fault tolerance means that fault tolerance mechanisms attached to applications need to be updated when conditions change during the service life in the system.
Q11. What are the three computers needed for the FTM?
Three computers are needed: the CLIENT site hosting the Client node and the ROS Master, the MASTER site hosting the primary replica, and the SLAVE site hosting the backup replica.•
Q12. What is the next major revision of ROS?
the next major revision of ROS (ROS2) is based on a DDS (Data Distribution Service) communication system that should help solving this problem by distributing the ROS master functionalities among the nodes of the system.
Q13. What is the purpose of the Adaptive Autosar platform?
This might be of interest in the short term since a POSIX compliant kernel is part of the upcoming Adaptive Autosar platform whose aim is to facilitate dynamic reconfiguration and updates of embedded software.
Q14. What is the impact of a crash on the safety of the TJP?
The impact of such problems on the safety of the TJP is classified ASIL D or ASIL C according to RENAULT experts, combining Frequency and Gravity.
Q15. What is the main motivation for Aspect Oriented Programming?
The benefits of separation of concerns have been demonstrated in many ways for non-functional properties (replication, security, tracing, etc.) using Meta-Object Protocols [10] in the past as in [11] and was the main motivation for Aspect Oriented Programming.
Q16. What is the ideal executive support for a ddas?
As shown in previous work [6], this ideal executive support should exhibit the following features at runtime: i) control over component’s life cycle (add, remove, start, stop), ii) control over interactions for creating or removing bindings.
Q17. What is the serious problem in the TJP?
The result can be summarized as follows:• the crash of a computer running the TJP (a Raspberry PI in their mockup) leads to a loss of the service; the solution was based on a PBR replication strategy;• erroneous data delivered by the virtual sensor IMU (Inertial Measurement Unit) used to measure the speed of the vehicle was solved using TR and by computing an average value on a sliding window of values;• erroneous information delivered by virtual laser sensors was solved by triplication and voting.
Q18. What is the main purpose of separation of concerns?
Separation of concerns has a lot of merits at design, implementation and validation time, but also at runtime since the application and the attached FTM can be located into isolated components.
Q19. What is the main feature of ROS?
Although it is not a core feature of ROS at present, dynamic binding was possible but ROS does not provide a specific API to manage such connection between components.