Kategorie: professional

Apex.OS Cert – „How ROS 2 was Safety-Certified for Automotive“

Last week, Apex.AI presented their Apex.OS Cert, an ASIL-D certified ROS 2 distribution intended for highly-automated driving. Other than previously stated in the invitation, the presentation took only 1 hour, providing a rough overview of what Apex.AI undertook in order to get their ROS 2 flavor certified. Slides are not yet released, but were told to be shared soon. The slides from Apex.AI’s presentation at the Embedded World 2021 in March are very close, though (slide 9 ff.).

From my point of view these were the main aspects touched by the presentation:

  1. Technical framework aspects they had to solve within ROS 2 that would have prevented certification. They call these the real-time gaps, see image below. This is mainly: runtime memory allocation, exception handling, real-time capable middleware, threading, and scheduling. Apex.AI fixed these issues by plugging in own versions of the allocator, a threading library, their own middleware, scheduler, etc.. Apex.AI Cert is also relying on a safe OS, e.g., QNX., see right-most column in the image above.
  2. For 24(!) ROS 2 C++ packages that Apex.AI considers „safety-related“, they performed a hazard and risc analysis, wrote ~300 requirements, and performed FMEAs. According to Apex.AI, they spent roughly 14 person years to do so and to add the according tests and traceability to reach 100% MC/DC coverage (required by ISO 26262 for ASIL-D).
  3. A tool qualification process for code generators, etc., that are for example part of the middleware layer.
  4. For issues identified during the FMEAs that could not be mitigated on a code level, they provide a safety manual with usage restrictions that need to be adhered to when relying on the certification of Apex.OS Cert.

All of this took 5 iterations with TÜV Nord, resulting in roughly ~200 A4 pages submitted as a safety case. With that, Apex.AI provides a blueprint on how to certify an existing open-source community project for ASIL-D with the approval by TÜV Nord. This might be worth considering for application of further open-source software in safety-critical context.

While the process doesn’t seem to involve any magic, it saves Apex.AI’s customers roughly 14 person years in doing it on their own.

How-to: Write the European Robotics Research Agenda by yourself!

By the end of this blog post, you will know how you can influence the European robotics research roadmap for the upcoming years.

Besides being a good read to get an overview on the challenges of the robotics domain, the European Strategic Research & Innovation Agenda (SRIA) is of vital importance as it is the source document for the yearly PFP* calls that distribute the research budget of the European Commission (EC). A little known fact: the SRIAfor the upcoming framework program „Horizon Europe“(following fp7 and Horizon 2020) is currently in the making!Good news: The EC, releasing body of the SRIA, is not writing it by its own, but is heavily relying on European domain experts to come up with ideas what to fund with 100 billion Euros during the upcoming Horizon Europe. And this is how you can contribute:

Similar to the process that was conducted for Horizon 2020, the European Commission is currently seeking to create so-called public-private-partnerships (PPPs) that joins forces on writing SRIAs for European research domains. For robotics in Horizon 2020 this was SPARC, a PPP between the European Commission and the euRobotics association. The robotics SRIA for Horizon 2020 was therefore heavily influences by all members of the euRobotics association – through so-called topic groups. Topic groups are formed by members that share interest in a certain robotics discipline, e.g., industrial robotics, agri-food, etc. During the process of writing the SRIA, topic groups are providing their input to the SRIA. I am one of the two coordinators of the Topicgroup Software Engineering, Systems Integration and Systems Engineering.

A very similar process will happen within this year for the SRIAs of Horizon Europe, e.g. the robotics SRIA for Horizon Europe. This time, the EC has decided to create an AI PPP with a strong focus on artificial intelligence, in which they see robotics as a part.** euRobotics is currently joining forces with the European Big Data Value Association (BDVA) to provide an SRIA and a proposal for an AI PPP by the end of this year (see image on the right). Workshops have already been held (I participated in one of them), a joint vision paper between euRobotics and BDVA has already been released, and a first draft of the SRIA will be released within the next two weeks.

Take-away message: Taking part in euRobotics and BDVA is a big chance to influence the European robotics research roadmap for the upcoming years. Since PFP calls of the upcoming years will heavily rely on the SRIA, this is a good chance to indirectly steer academic research in the robotics domain to challenges that we think are worth spending more effort. I therefore recommend considering to join the euRobotics Topicgroups and BDVA task forces according to your research interest.

* PFP = publicly funded project
** euRobotics tried to convince the EC for several months that AI and robotics are two independent but intersecting domains. However, the EC made very clear that they see robotics as part of AI.