Fault-tolerance in an Embedded Steering Robot: a hybrid approach

At TNO Automotive in Helmond the Generic Driving Actuator (GDA) is developed. The GDA is a device capable of driving a vehicle fully automatically using the same interface as a human driver does, i.e. using the actual steering wheel, fuel paddle and braking paddle. For such an autonomous robot, safety and fault-tolerance requirements are of the utmost importance, since failure of the robot can easily lead to lifethreatening situations. It seems, therefore, only logical that the hardware of the GDA is duplicated in order to guarantee a minimum performance even when part of the hardware (for example a motor) fails. However, duplication of the hardware, and in particular duplication of the processor-board on which the control software is running, leads to a great increase in the complexity of that software. Fault-detection mechanisms and synchronization issues could be the source of new, unexpected, errors. In this talk we will give an overview of the design of the GDA, and of our attempts to guarantee safety and fault tolerance using modeling, analysis and simulation techniques. We use the process algebra μCRL to model and verify the software and part of its interaction with the hardware, and we use Matlab/Simulink to simulate the behavior of the whole system: vehicle, robot and embedded software, in order to find the best control strategy when hardwarefailures occur. Dr. ir. Pieter Cuijpers is currently a post-doctoral researcher at the Faculty of Mathematics and Computer Science of the Technische Universiteit Eindhoven (TU/e) Leon Merkx is a graduate student at both, the Faculty of Mathematics and Computer Science and the Faculty of Mechanical Engineering, also at TU/e