The MDDSV work programme will provide a tool chain for the development of mobile real-time systems. The tool chain will allow application code to be generated from the high-level specification of a system, including its safety constraints. It will deliver a modelling language and environment, which allows the expression of constraints within which system behaviour must take place. It will also focus on the design and construction of systems within a dynamic or unknown environment (e.g., one where communications efficiency is variable).
What is the question that this Work Programme addresses?
The objective of this work programme is to investigate model-driven techniques for the development of software to support future smart vehicles modelled as semi-autonomous, mobile, real-time systems. The work programme will develop new techniques to allow application code to be generated from high-level specifications of a mobile real-time system, including its safety constraints. The fundamental scientific challenge to be addressed in order to allow this objective to be achieved is the discovery of a model of safe coordination between intelligent vehicles that will guide the automatic derivation of coordination protocols from system specifications. The output of this work programme will be improved software development strategies for smart vehicle (and similar) applications, such as coordinated highway driving, cooperative cruise control, and intersection collision avoidance.
How will the question be addressed?
The key challenge addressed by the work programme is the derivation of safe protocols for coordination between smart vehicles modelled as mobile real-time systems. Our approach to coordination relies on the observation that often, entities do not need to agree on their view of the world or their actions in order to ensure safety constraints, but that instead some entities can take responsibility for ensuring them independently. For example, an entity may delay taking an action that might violate the safety constraint. Unless the coordination problem is trivial, ensuring all safety constraints must hinder the progress of such entities, e.g., by delaying a desired action. The coordination problem then becomes a problem of how to ensure that, at any time, in every group of entities whose states might violate some safety constraint, some group of entities ensures that they do not. We call such entities responsible entities, and this condition the responsibility condition.
Responsible entities must be able to ensure that the safety constraints will not be violated. This will depend on the action they are taking. For responsible entities to make progress, they will typically need to take actions that could potentially violate the safety constraints. They can only take such actions when they can communicate with other entities to warn them, which corresponds to a transfer of responsibility. This requires entities to have access to some information about with which other entities they can communicate. Such feedback can be provided by mechanisms such as collision detectors but also communication models such as the space-elastic model.
In previous work we have shown the applicability of this approach to coordination on a number of limited smart-vehicle scenarios; we have yet to extend this work to the general case and prove the results formally. In particular, our current solutions are limited to the class of problems in which responsible entities of a single type can drive the system into a safe mode.
Since the solution to a coordination problem is essentially a protocol between the (types of) entities involved that satisfies a set of constraints derived from the safety constraints of the scenario, the allowable behaviour of entities and the current state of communication, this work programme will use a formalism such as Timed I/O Automata to model both coordination problems and proposed solutions. We will proceed from a formal model of the coordination problem and a formal model of the state of communication to derive necessary and sufficient conditions for real-time coordination within this model. We will identify a set of generic coordination protocols fulfilling the necessary and sufficient conditions based on the use of feedback on communication. The result will be a set of patterns for solutions to different styles of coordination problem which can then be instantiated with the parameters of particular problems and used as templates for code generation.
The tool chain used to develop new applications will take as input a specification of application requirements and the capabilities of individual mobile real-time systems in a high-level modelling language that can be mapped to the coordination model to be defined in the work programme, but is also easy to use for developers. We will investigate how specifications in this high-level language can be translated into the formal model and used to select and instantiate appropriate protocol templates for particular target platforms with each step of this process being supported by corresponding tools.
Why is this question significant?
This work programme will be carried out in collaboration with Intel Labs Europe as part of a joint initiative to address road transportation reliability to support improved supply-chain efficiency, more sustainable transportation (e.g., enabling less idling time, fewer emissions and lower fuel consumption) and support the uptake of electric vehicles by overcoming so-called “range anxiety”. This work programme will investigate enabling technology to support coordinated driving to improve reliability and support new economic models for road tolling allowing differentiated services and demand pricing – techniques which are only now beginning to emerge in the road transportation sector. In the future, we envisage such services being hosted in a traffic management Cloud.