Autoware, an open-source software platform for autonomous driving, has revolutionized the development of autonomous vehicles. With its comprehensive modules and tools, Autoware aims to democratize autonomous driving technology and make it accessible to a broader market. While Autoware is widely used for prototyping and testing in constrained scenarios, it does not have pre-certification for functional safety for mass production or regulatory compliance for regular road use. This article explores how Autoware can be used for safety applications and looks at the challenges and solutions.

Here is a quick overview of what this article is trying to convey:

• Autoware is an open-source platform for autonomous driving, offering planning, control algorithms, and sensor fusion techniques.
• But Autoware lacks pre-certification for functional safety and regulatory compliance, hindering mass production and public road use.
• To achieve functional safety, a deterministic safe POSIX RTOS like eMCOS is recommended over open-source Linux.
• eSOL’s “ROS on eMCOS” solution combines ROS 2 with a safety RTOS, allowing seamless integration of Autoware applications with safety certification.
• eSOL’s proposed framework for ROS 2 aims to simplify real-time performance and safety configurations for easier porting from Linux pre-developments to RTOS mass production.

Autoware Features

Autoware provides a set of planning and control algorithms for different driving scenarios that offer developers flexibility in designing autonomous systems. Autoware’s sensor fusion techniques enable reliable object detection and scene understanding using LiDAR, radar and cameras. Autoware is based on the Robot Operating System (ROS), which is also open-source and benefits from the extensive ROS ecosystem, such as continuous updates with bug fixes, new features and improvements – but based on the Linux open-source operating system.

The hurdle of mass production

While Autoware is a powerful tool for prototyping, it does not provide pre-certification regarding the functional safety required for commercial deployment, for example, to eliminate the need for additional human fallback controls on public routes. A more rigorous development process must be followed to make an Autoware-based application suitable for mass production and regulatory compliance. This includes using a V-model approach and testing and documenting the behavior of the application at various levels of abstraction to always ensure safe and reliable performance in real-world scenarios.

Functional safety

Functional safety is long established in industries such as automotive and industrial automation. To meet the relevant safety standards cost-effectively while not complicating the development process, it is recommended to use a deterministic operating system instead of open-source Linux. Not being able to provide any formal guarantee of worst-case execution time (WCET), Linux does not offer a guaranteed response time, which is necessary for safety-critical applications involving humans and machines. Real-time operating systems (RTOS), on the other hand, guarantee deterministic behavior and can ensure timely
response to safety-critical functions under all conditions.

eMCOS as a safety RTOS

eMCOS, a safety RTOS from eSOL, provides a compelling solution for Autoware-based applications targeting functional safety. eMCOS supports the same POSIX interface as Linux, allowing developers to reuse much of the Autoware application code. With its focus on multi/manycore hardware optimization, eMCOS maintains the level of performance achieved with Linux while ensuring determinism and safety. In addition, eMCOS is in the process of being pre-certified for functional safety as a safety element out of context (SEooC), which greatly simplifies the development, testing and documentation of safety applications in accordance with safety standards. Additionally, users can add other safety-capable products such as DDS and ROS 2 compatible middleware, that is already certified regarding ISO 26262, on top of eMCOS so users can ensure the whole stack underlying their application is safe.

ROS on eMCOS

“ROS on eMCOS” is a complete solution that combines a ROS / ROS 2 engineering service with expertise in functional safety standards with experience in porting Linux applications onto the POSIX RTOS eMCOS. This solution enables seamless integration of Autoware applications with the functional safe pre-certified eMCOS. The solution is named after the open-source base of Autoware, which is ROS 2: “ROS on eMCOS”. Just as for Autoware, it can therefore also be used for general ROS 2 applications.

Toolchain

The compatibility of toolchains and build systems is important for large-scale software development, and ROS 2 employs a meta-build system called “colcon”, which allows ROS 2 application developers to combine a variety of open-source packages around a meta-build system. ROS 2 application developers combine a variety of open-source packages for that meta-build system. This is because robotic systems, including automated driving, are composed of a wide variety of software modules, requiring a framework to integrate each of their build systems. In traditional embedded software development, developers were forced to stick to a specific build system, but this posed no severe burden due to the limited size of the associated software. However, such an approach is no longer in line with colcon’s goal of integrating diverse build systems. Therefore, eMCOS provides a tool chain that is highly compatible with those open-source build systems to help ROS 2 application developers easily migrate to the RTOS environment.

Arm’s FuSa cross-compiler used at eMCOS is based on LLVM Clang and is compatible with many OSS build systems. In addition, eSOL has developed a compiler driver for OSS to further improve compatibility when the FuSa cross-compiler is incorporated into a modern build system. This allows users to build not only ROS 2 but also a wide variety of related open-source libraries using the same build system as the established Linux environment.

RTOS Configuration

For Autoware to run efficiently on embedded processors such as ECUs used in automotive systems, the system must be properly configured to make the best use of limited resources. For example, the configuration should include the selection of thread priorities and scheduling schemes to ensure real-time performance (needed for safety), and the placement of execution cores in a multicore environment (needed for performance). However, in the current ROS 2, these configurations are not managed by the platform, so developers need to add primitive OS-dependent code to their applications. This requires maintaining the implementation for both the Linux and RTOS environments, which reduces the maintainability of the application and thus can be a barrier to continuous system integration. Therefore, eSOL is proposing a new standard framework to the Open Source Robotics Foundation (OSRF) and related WGs for ROS 2, to fulfill the performance and safety requirements. Once this framework is adopted, developers will be able to migrate their Autoware and ROS 2 applications to Linux and RTOS with no code modification.

CI on embedded processors

Autoware’s target, automated driving systems, require continuous integration, including hardware, due to the complexity of the overall system and its validation. However, developers face challenges in performing complete tests on embedded processors, such as interactions with embedded processors (e.g., software loading, system reset, etc.), preparing enough hardware units, building test environments, and so on. ROS on eMCOS supports not only the target board, but also the infrastructure to deploy to the simulator environment and run ROS 2 applications on it. This allows users to explore and test ROS 2 in combination with common simulation environments in the early development phase, leading smoothly to continuous integration, where embedded processors can be deployed later.

Challenges and future work

Platform integration is a never-ending task in a sense: multiple software packages such as Autoware, ROS 2, DDS, RTOS, and toolchain are updated asynchronously, requiring modifications to parts of the integration process each time. Today’s automated driving systems also make extensive use of hardware acceleration technologies such as GPUs and FPGAs, so integrating and verifying these technologies will be a challenging task for integrators. However, when these are successfully completed, developers can be freed from preparing to integrate the system and thus be able to focus on developing applications that will truly differentiate the system. As a provider of an embedded software platform, eSOL aims to provide such a solution to Autoware users with its ROS on eMCOS service.