The field of the invention is autonomous driving, or, more specifically, methods, apparatus, autonomous vehicles, and products for protocol-level verification of aberrant driving decisions.
Automation computing decisions that generate driving decisions for an autonomous vehicle may produce an aberrant driving decision. The aberrant driving decision may be the product of a valid computation or decision making process. The aberrant driving decision may also be the result of a data corruption or other error.
Protocol-level verification of aberrant driving decisions may include: receiving an aberrant driving decision for an autonomous vehicle; determining whether a command enabling aberrant driving decisions has been received; and responsive to the command being received, allowing execution of the aberrant driving decision.
The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of exemplary embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts of exemplary embodiments of the invention.
The terminology used herein for the purpose of describing particular examples is not intended to be limiting for further examples. Whenever a singular form such as “a”, “an” and “the” is used and using only a single element is neither explicitly or implicitly defined as being mandatory, further examples may also use plural elements to implement the same functionality. Likewise, when a functionality is subsequently described as being implemented using multiple elements, further examples may implement the same functionality using a single element or processing entity. It will be further understood that the terms “comprises”, “comprising”, “includes” and/or “including”, when used, specify the presence of the stated features, integers, steps, operations, processes, acts, elements and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, processes, acts, elements, components and/or any group thereof. Additionally, when an element is described as “plurality,” it is understood to mean two or more of such an element. However, as set forth above, further examples may implement the same functionality using a single element/
It will be understood that when an element is referred to as being “connected” or “coupled” to another element, the elements may be directly connected or coupled or via one or more intervening elements. If two elements A and B are combined using an “or”, this is to be understood to disclose all possible combinations, i.e. only A, only B, as well as A and B. An alternative wording for the same combinations is “at least one of A and B”. The same applies for combinations of more than two elements.
Accordingly, while further examples are capable of various modifications and alternative forms, some particular examples thereof are shown in the figures and will subsequently be described in detail. However, this detailed description does not limit further examples to the particular forms described. Further examples may cover all modifications, equivalents, and alternatives falling within the scope of the disclosure. Like numbers refer to like or similar elements throughout the description of the figures, which may be implemented identically or in modified form when compared to one another while providing for the same or a similar functionality.
Protocol-level verification of aberrant driving decisions may be implemented in an autonomous vehicle. Accordingly,
Further shown in the top view 101d is an automation computing system 116. The automation computing system 116 comprises one or more computing devices configured to control one or more autonomous operations (e.g., autonomous driving operations) of the autonomous vehicle 100. For example, the automation computing system 116 may be configured to process sensor data (e.g., data from the cameras 102-114 and potentially other sensors), operational data (e.g., a speed, acceleration, gear, orientation, turning direction), and other data to determine a operational state and/or operational history of the autonomous vehicle. The automation computing system 116 may then determine one or more operational commands for the autonomous vehicle (e.g., a change in speed or acceleration, a change in brake application, a change in gear, a change in turning or orientation, etc.). The automation computing system 116 may also capture and store sensor data. Operational data of the autonomous vehicle may also be stored in association with corresponding sensor data, thereby indicating the operational data of the autonomous vehicle 100 at the time the sensor data was captured.
Although the autonomous vehicle 100 if
Protocol-level verification of aberrant driving decisions in accordance with the present invention is generally implemented with computers, that is, with automated computing machinery. For further explanation, therefore,
A CPU package 204 may comprise a plurality of processing units. For example, each CPU package 204 may comprise a logical or physical grouping of a plurality of processing units. Each processing unit may be allocated a particular process for execution. Moreover, each CPU package 204 may comprise one or more redundant processing units. A redundant processing unit is a processing unit not allocated a particular process for execution unless a failure occurs in another processing unit. For example, when a given processing unit allocated a particular process fails, a redundant processing unit may be selected and allocated the given process. A process may be allocated to a plurality of processing units within the same CPU package 204 or different CPU packages 204. For example, a given process may be allocated to a primary processing unit in a CPU package 204. The results or output of the given process may be output from the primary processing unit to a receiving process or service. The given process may also be executed in parallel on a secondary processing unit. The secondary processing unit may be included within the same CPU package 204 or a different CPU package 204. The secondary processing unit may not provide its output or results of the process until the primary processing unit fails. The receiving process or service will then receive data from the secondary processing unit. A redundant processing unit may then be selected and have allocated the given process to ensure that two or more processing units are allocated the given process for redundancy and increased reliability.
The CPU packages 204 are communicatively coupled to one or more sensors 212. The sensors 212 are configured to capture sensor data describing the operational and environmental conditions of an autonomous vehicle. For example, the sensors 212 may include cameras (e.g., the cameras 102-114 of
Although the sensors 212 are shown as being external to the automation computing system 116, it is understood that one or more of the sensors 212 may reside as a component of the automation computing system 116 (e.g., on the same board, within the same housing or chassis). The sensors 212 may be communicatively coupled with the CPU packages 204 via a switched fabric 213. The switched fabric 213 comprises a communications topology through which the CPU packages 204 and sensors 212 are coupled via a plurality of switching mechanisms (e.g., latches, switches, crossbar switches, field programmable gate arrays (FPGAs), etc.). For example, the switched fabric 213 may implement a mesh connection connecting the CPU packages 204 and sensors 212 as endpoints, with the switching mechanisms serving as intermediary nodes of the mesh connection. The CPU packages 204 and sensors 212 may be in communication via a plurality of switched fabrics 213. For example, each of the switched fabrics 213 may include the CPU packages 204 and sensors 212, or a subset of the CPU packages 204 and sensors 212, as endpoints. Each switched fabric 213 may also comprise a respective plurality of switching components. The switching components of a given switched fabric 213 may be independent (e.g., not connected) of the switching components of other switched fabrics 213 such that only switched fabric 213 endpoints (e.g., the CPU packages 204 and sensors 212) are overlapping across the switched fabrics 213. This provides redundancy such that, should a connection between a CPU package 204 and sensor 212 fail in one switched fabric 213, the CPU package 204 and sensor 212 may remain connected via another switched fabric 213. Moreover, in the event of a failure in a CPU package 204, a processor of a CPU package 204, or a sensor, a communications path excluding the failed component and including a functional redundant component may be established.
The CPU packages 204 and sensors 212 are configured to receive power from one or more power supplies 215. The power supplies 215 may comprise an extension of a power system of the autonomous vehicle 100 or an independent power source (e.g., a battery). The power supplies 215 may supply power to the CPU packages 204 and sensors 212 by another switched fabric 214. The switched fabric 214 provides redundant power pathways such that, in the event of a failure in a power connection, a new power connection pathway may be established to the CPU packages 204 and sensors 212.
Stored in RAM 206 is an automation module 220. The automation module 220 may be configured to process sensor data from the sensors 212 to determine a driving decision for the autonomous vehicle. The driving decision comprises one or more operational commands for an autonomous vehicle 100 to affect the movement, direction, or other function of the autonomous vehicle 100, thereby facilitating autonomous driving or operation of the vehicle. Such operational commands may include a change in the speed of the autonomous vehicle 100, a change in steering direction, a change in gear, or other command as can be appreciated. For example, the automation module 220 may provide sensor data and/or processed sensor data as one or more inputs to a trained machine learning model (e.g., a trained neural network) to determine the one or more operational commands. The operational commands may then be communicated to autonomous vehicle control systems 223 via a vehicle interface 222.
In some embodiments, the automation module 220 may be configured to determine an exit path for an autonomous vehicle 100 in motion. The exit path includes one or more operational commands that, if executed, are determined and/or predicted to bring the autonomous vehicle 100 safely to a stop (e.g., without collision with an object, without violating one or more safety rules). The automation module 220 may determine a both a driving decision and an exit path at a predefined interval. The automation module 220 may then send the driving decision and the exit path to the autonomous vehicle control systems 223. The autonomous vehicle control systems 223 may be configured to execute the driving decision unless an error state has been reached. If an error decision has been reached, therefore indicating a possible error in functionality of the automation computing system 116), the autonomous vehicle control systems 223 may then execute a last received exit path in order to bring the autonomous vehicle 100 safely to a stop. Thus, the autonomous vehicle control systems 223 are configured to receive both a driving decision and exit path at predefined intervals, and execute the exit path in response to an error.
The autonomous vehicle control systems 223 are configured to affect the movement and operation of the autonomous vehicle 100. For example, the autonomous vehicle control systems 223 may activate (e.g., apply one or more control signals) to actuators or other components to turn or otherwise change the direction of the autonomous vehicle 100, accelerate or decelerate the autonomous vehicle 100, change a gear of the autonomous vehicle 100, or otherwise affect the movement and operation of the autonomous vehicle 100.
Further stored in RAM 206 is a data collection module 224 configured to process and/or store sensor data received from the one or more sensors 212. For example, the data collection module 224 may store the sensor data as captured by the one or more sensors 212, or processed sensor 212 data (e.g., sensor 212 data having object recognition, compression, depth filtering, or other processes applied). Such processing may be performed by the data collection module 224 in real-time or in substantially real-time as the sensor data is captured by the one or more sensors 212. The processed sensor data may then be used by other functions or modules. For example, the automation module 220 may use processed sensor data as input to determine one or more operational commands. The data collection module 224 may store the sensor data in data storage 218.
Also stored in RAM 206 is a data processing module 226. The data processing module 226 is configured to perform one or more processes on stored sensor data (e.g., stored in data storage 218 by the data collection module 218) prior to upload to a execution environment 227. Such operations can include filtering, compression, encoding, decoding, or other operations as can be appreciated. The data processing module 226 may then communicate the processed and stored sensor data to the execution environment 227.
Further stored in RAM 206 is a hypervisor 228. The hypervisor 228 is configured to manage the configuration and execution of one or more virtual machines 229. For example, each virtual machine 229 may emulate and/or simulate the operation of a computer. Accordingly, each virtual machine 229 may comprise a guest operating system 216 for the simulated computer. The hypervisor 228 may manage the creation of a virtual machine 229 including installation of the guest operating system 216. The hypervisor 228 may also manage when execution of a virtual machine 229 begins, is suspended, is resumed, or is terminated. The hypervisor 228 may also control access to computational resources (e.g., processing resources, memory resources, device resources) by each of the virtual machines.
Each of the virtual machines 229 may be configured to execute one or more of the automation module 220, the data collection module 224, the data processing module 226, or combinations thereof. Moreover, as is set forth above, each of the virtual machines 229 may comprise its own guest operating system 216. Guest operating systems 216 useful in autonomous vehicles in accordance with some embodiments of the present disclosure include UNIX™, Linux™, Microsoft Windows™, AIX™, IBM's i OS™, and others as will occur to those of skill in the art. For example, the autonomous vehicle 100 may be configured to execute a first operating system when the autonomous vehicle is in an autonomous (or even partially autonomous) driving mode and the autonomous vehicle 100 may be configured to execute a second operating system when the autonomous vehicle is not in an autonomous (or even partially autonomous) driving mode. In such an example, the first operating system may be formally verified, secure, and operate in real-time such that data collected from the sensors 212 are processed within a predetermined period of time, and autonomous driving operations are performed within a predetermined period of time, such that data is processed and acted upon essentially in real-time. Continuing with this example, the second operating system may not be formally verified, may be less secure, and may not operate in real-time as the tasks that are carried out (which are described in greater detail below) by the second operating system are not as time-sensitive the tasks (e.g., carrying out self-driving operations) performed by the first operating system.
Readers will appreciate that although the example included in the preceding paragraph relates to an embodiment where the autonomous vehicle 100 may be configured to execute a first operating system when the autonomous vehicle is in an autonomous (or even partially autonomous) driving mode and the autonomous vehicle 100 may be configured to execute a second operating system when the autonomous vehicle is not in an autonomous (or even partially autonomous) driving mode, other embodiments are within the scope of the present disclosure. For example, in another embodiment one CPU (or other appropriate entity such as a chip, CPU core, and so on) may be executing the first operating system and a second CPU (or other appropriate entity) may be executing the second operating system, where switching between these two modalities is accomplished through fabric switching, as described in greater detail below. Likewise, in some embodiments, processing resources such as a CPU may be partitioned where a first partition supports the execution of the first operating system and a second partition supports the execution of the second operating system.
The guest operating systems 216 may correspond to a particular operating system modality. An operating system modality is a set of parameters or constraints which a given operating system satisfies, and are not satisfied by operating systems of another modality. For example, a given operating system may be considered a “real-time operating system” in that one or more processes executed by the operating system must be performed according to one or more time constraints. For example, as the automation module 220 must make determinations as to operational commands to facilitate autonomous operation of a vehicle. Accordingly, the automation module 220 must make such determinations within one or more time constraints in order for autonomous operation to be performed in real time. The automation module 220 may then be executed in an operating system (e.g., a guest operating system 216 of a virtual machine 229) corresponding to a “real-time operating system” modality. Conversely, the data processing module 226 may be able to perform its processing of sensor data independent of any time constrains, and may then be executed in an operating system (e.g., a guest operating system 216 of a virtual machine 229) corresponding to a “non-real-time operating system” modality.
As another example, an operating system (e.g., a guest operating system 216 of a virtual machine 229) may comprise a formally verified operating system. A formally verified operating system is an operating system for which the correctness of each function and operation has been verified with respect to a formal specification according to formal proofs. A formally verified operating system and an unverified operating system (e.g., one that has not been formally verified according to these proofs) can be said to operate in different modalities.
The automation module 220, data collection module 224, data collection module 224, data processing module 226, hypervisor 228, and virtual machine 229 in the example of
The automation computing system 116 of
The exemplary automation computing system 116 of
The exemplary automation computing system of
The exemplary automation computing system of
CPU package 204a also comprises two redundant processing units that are not actively executing a process A, B, or C, but are instead reserved in case of failure of an active processing unit. Redundant processing unit 508a has been reserved as “A/B redundant,” indicating that reserved processing unit 508a may be allocated primary or secondary execution of processes A or B in the event of a failure of a processing unit allocated the primary or secondary execution of these processes. Redundant processing unit 508b has been reserved as “A/C redundant,” indicating that reserved processing unit 508b may be allocated primary or secondary execution of processes A or C in the event of a failure of a processing unit allocated the primary or secondary execution of these processes.
CPU package 204b includes processing unit 502c, which has been allocated primary execution of “process A,” denoted as primary process A 510a, and processing unit 502d, which has been allocated secondary execution of “process C,” denoted as secondary process C 506a. CPU package 204b also includes redundant processing unit 508c, reserved as “A/B redundant,” and redundant processing unit 508d, reserved as “B/C redundant.” CPU package 204c includes processing unit 502e, which has been allocated primary execution of “process B,” denoted as primary process B 504a, and processing unit 502f, which has been allocated secondary execution of “process A,” denoted as secondary process A 510b. CPU package 204c also includes redundant processing unit 508e, reserved as “B/C redundant,” and redundant processing unit 508f, reserved as “A/C redundant.”
As set forth in the example view of
For further explanation,
The execution environment 227 depicted in
The execution environment 227 depicted in
The execution environment 227 depicted in
The execution environment 227 depicted in
The software resources 613 may include, for example, one or more modules of computer program instructions that when executed by processing resources 612 within the execution environment 227 are useful in deploying software resources or other data to autonomous vehicles 100 via a network 618. For example, a deployment module 616 may provide software updates, neural network updates, or other data to autonomous vehicles 100 to facilitate autonomous vehicle control operations.
The software resources 613 may include, for example, one or more modules of computer program instructions that when executed by processing resources 612 within the execution environment 227 are useful in collecting data from autonomous vehicles 100 via a network 618. For example, a data collection module 620 may receive, from autonomous vehicles 100, collected sensor 212, associated control operations, software performance logs, or other data. Such data may facilitate training of neural networks via the training module 614 or stored using storage resources 608.
For further explanation,
The method of
In some embodiments, an aberrant driving decision 704 is a driving decision having one or more attributes that fall outside of one or more predefined or dynamically calculated bounds for a normal or common driving decision. As described herein, the attributes of a driving decision describe the changes in motion or position of the autonomous vehicle 100 caused by executing the driving decision. As an example, the attributes of a driving decision may include velocity, changes in velocity over time (e.g., changes in acceleration), changes in velocity over distance, steering angle or trajectory, and the like. As a further example, the attributes of a driving decision may include a g-force caused by applying an amount of braking indicated in the driving decision (e.g., 0.25 g, one g, and the like).
Accordingly, in some embodiments, an aberrant driving decision 704 is considered “aberrant” by virtue of one or more of these attributes fallout outside of some range, threshold, or other limit as can be appreciated. For example, a driving decision may be identified as an aberrant driving decision by applying one or more functions to one or more attributes of the driving decision, where the result of the function may indicate whether a driving decision is aberrant, a confidence score indicating a degree to which a driving decision is aberrant, and the like. In some embodiments, the one or more functions may be based on one or more ranges or thresholds for the attributes of the driving decision. For example, in some embodiments, an aberrant driving decision 704 includes a driving decision whose one or more attributes falls outside of a predefined range or threshold for that driving decision. As an example, assuming a 0.25 g threshold for braking, a driving decision is considered aberrant where the g-force of the braking exceeds the 0.25 g threshold. As another example, assuming a thirty-degree threshold for changes in steering trajectory, a driving decision is considered aberrant where the driving decision includes a change in trajectory exceeding thirty degrees.
In some embodiments, the one or more functions may be based on a threshold number of standard deviations. In other words, an aberrant driving decision 704 is aberrant based on a number of standard deviations for the one or more attributes exceeding a threshold. For example, assume that the standard deviations of a given attribute in a driving decision is calculated relative to a current value for that attribute (e.g., current velocity, current acceleration, and the like). Where the attribute of the driving decision exceeds a threshold number of standard deviations (e.g., two standard deviations), the driving decision is considered aberrant.
In some embodiments, an aberrant driving decision 704 may also include a change to a threshold or range that defines aberrant driving decisions 704. For example, assume that a range for non-aberrant steering wheel rotations is from −10 to 10 degrees. Where this range is modified (e.g., to 20 to 40 degrees), this change may be identified as aberrant depending on the particular operational circumstances of the vehicle. As an example, where the vehicle is traversing a steep turn, this change may be considered normal or valid, whereas this change may be aberrant while cruising on a highway.
The method of
In some embodiments, the command enabling aberrant driving decisions enables aberrant driving decisions for some predefined amount of time. Accordingly, in some embodiments, determining 710 whether a command enabling aberrant driving decisions has been received includes determining whether the aberrant driving decision 704 was received within a predefined amount of time after receiving a command enabling aberrant driving decisions.
The method of
One skilled in the art will appreciate that, due to various errors such as data corruption, bit flipping, and the like, an encoded driving decision may be corrupted in such a way that it becomes an aberrant driving decision 704. As these aberrant driving decisions 704 are not the product of a valid computation or decision making process, execution of these aberrant driving decisions 704 may cause unintended and potentially dangerous behavior by the autonomous vehicle 100. Conversely, some aberrant driving decisions 704 are valid and should be executed, such as those aberrant driving decisions 704 generated by collision avoidance models, safety mechanisms, and the like. As an example, a collision avoidance model may generate driving decisions that include extreme applications of braking or acceleration, large degrees of turning or trajectory changes, and the like in order to avoid a potential hazard.
In order to ensure that valid aberrant driving decisions 704 are executed and invalid (e.g., resulting from a corruption or error) aberrant driving decisions 704 are not executed, a recipient 700 of an aberrant driving decision 700 only allows 712 execution of the aberrant driving decision where a command enabling aberrant driving decisions has been received. For example, where a sender 750 of the aberrant driving decision 704 provides a separate command enabling aberrant driving decisions, the received aberrant driving decision 704 is presumed to be valid as it is unlikely that an erroneous aberrant driving decision 704 would be received after such a command. As another example, where a monitoring system provides the command enabling aberrant driving decisions, this ensures that a separate entity has validated the aberrant driving decision 704, allowing the recipient 700 to presume its validity and allow 712 its execution. This protocol-based approach for aberrant driving decisions 704 ensures that valid aberrant driving decisions 704 are executed while erroneous aberrant driving decisions 704 are not executed.
In some embodiments, where an aberrant driving decision 704 is received and a command enabling aberrant driving decisions has not been received, one or more remedial actions may be performed. In some embodiments, the aberrant driving decision 704 may be modified or transformed to conform with the one or more limits defining aberrant driving decisions 704. In some embodiments, the aberrant driving decision 704 may be ignored. In some embodiments, one or more alerts, notifications, log entries, and the like may be generated indicating that an aberrant driving decision 704 was erroneously received.
For further explanation,
The method of
In some embodiments, the monitoring system 800 is configured to monitor driving decisions generated or provided by the sender 750 to determine if a driving decision qualifies as aberrant (e.g., by applying one or more functions to the driving decision). For example, in some embodiments, the monitoring system 800 determines if one or more attributes of the driving decisions fall outside of the defined limits for aberrant driving decisions 704. In some embodiments, the monitoring system 800 serves as an interlock between the sender 750 and recipient 700, whereby output from the sender 750 (e.g., driving decisions) is provided to the monitoring system 800 for forwarding to the recipient 700.
The method of
Where the aberrant driving decision 704 is verified, the monitoring system 800 sends the command 806 enabling aberrant driving decisions 704 to the recipient 700. Where the monitoring system 800 serves as an interlock between the sender 750 and the recipient 700, the monitoring system 800 sends the aberrant driving decision 704 to the recipient 700 after the command 806. As the recipient 700 has received the command 806, the recipient 700 will then allow 712 execution of the aberrant driving decision 704.
For further explanation,
The method of
In some embodiments, performing 902 the verification of the aberrant driving decision 704 includes providing one or more inputs to a model configured to verify an aberrant driving decision. As an example, the one or more inputs may include one or more portions of sensor data used to generate the aberrant driving decision. Such sensor data may include sensor data provided as input to a model or model pipeline that generated the aberrant driving decision. In some embodiments, the one or more inputs may include the aberrant driving decision itself. As an example, in some embodiments, the model may provide, as output, one or more ranges or thresholds for driving decision attributes. Where the attributes of the aberrant driving decision 704 falls within these ranges or satisfies these thresholds, the aberrant driving decision 704 may be considered verified. One skilled in the art will appreciate that such ranges or thresholds will be different than ranges or thresholds initially used to identify the driving decision as an aberrant driving decision 704.
For example, assume that, under normal operating conditions, a threshold deceleration for braking is 0.25 g. Further assume that an aberrant driving decision 704 is generated to perform a 1 g braking operation due to a possible collision being detected using front-facing camera data. This driving decision is initially identified as aberrant due to the deceleration exceeding the threshold. The monitoring system 800 may apply some portion of the forward facing camera data, and potentially other data, to a model. The model then provides, as output, a deceleration range of 0.75-1.25 g. In other words, the model determines that, by virtue of the collision risk, a range of deceleration between 0.75-1.25 g is expected to be produced by a driving decision. As the deceleration of the aberrant driving decision 704 falls within this range, the aberrant driving decision is considered verified.
In other embodiments, where the model accepts the aberrant driving decision 704 as an additional input, the model may provide, as output, an indication of whether the aberrant driving decision 704 is verified. In some embodiments, the output may include a binary indication of verification (e.g., verified, not verified). In other embodiments, the output may include a confidence score or other evaluation of a degree of verification. One skilled in the art will appreciate that various combinations of approaches for verifying an aberrant driving decision 704 may also be used by the monitoring system 800.
In some embodiments, where the monitoring system 800 serves as an interlock between the sender 750 and recipient 700, the monitoring system 800 refrains from sending the aberrant driving decision 704 if the aberrant driving decision 704 fails verification. In other embodiments, if the aberrant driving decision 704 fails verification, the monitoring system 800 sends the aberrant driving decision 704 to the recipient 700. As the monitoring system 806 did not send the command 806, the recipient 700 will not execute the aberrant driving decision 704. This particular approach may be used, for example, where the recipient 700 expects to receive driving decisions at some interval and failure to receive a driving decision would cause some error handling or fault tolerance process to be triggered.
As an example, assume that the monitoring system 800 serves as an interlock between the sender 750 and the recipient 700 and receives an aberrant driving decision 704 requiring a brake application exceeding some threshold (e.g., greater than 0.25 g). The monitoring system 800 determines that the aberrant driving decision 704 was generated by a collision avoidance model (e.g., by checking a model identifier in the aberrant driving decision 704, by querying the sender 750, and the like). Accordingly, the monitoring system 800 determines that the aberrant driving decision 704 is verified.
In response to the aberrant driving decision 704 being verified, the monitoring system 800 sends the command 806 enabling aberrant driving decisions followed by the aberrant driving decision 704 to the recipient 700. One skilled in the art will appreciate that, in some embodiments, the command 806 and the aberrant driving decision 704 may be sent substantially simultaneously or part of the same data payload.
In view of the explanations set forth above, readers will recognize that the benefits of protocol-level verification of aberrant driving decisions according to embodiments of the present invention include:
Exemplary embodiments of the present invention are described largely in the context of a fully functional computer system for protocol-level verification of aberrant driving decisions. Readers of skill in the art will recognize, however, that the present invention also may be embodied in a computer program product disposed upon computer readable storage media for use with any suitable data processing system. Such computer readable storage media may be any storage medium for machine-readable information, including magnetic media, optical media, or other suitable media. Examples of such media include magnetic disks in hard drives or diskettes, compact disks for optical drives, magnetic tape, and others as will occur to those of skill in the art. Persons skilled in the art will immediately recognize that any computer system having suitable programming means will be capable of executing the steps of the method of the invention as embodied in a computer program product. Persons skilled in the art will recognize also that, although some of the exemplary embodiments described in this specification are oriented to software installed and executing on computer hardware, nevertheless, alternative embodiments implemented as firmware or as hardware are well within the scope of the present invention.
The present invention may be a system, a method, and/or a computer program product. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.
The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing. A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.
Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network. The network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
Computer readable program instructions for carrying out operations of the present invention may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). In some embodiments, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present invention.
Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.
These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.
It will be understood that any of the functionality or approaches set forth herein may be facilitated at least in part by artificial intelligence applications, including machine learning applications, big data analytics applications, deep learning, and other techniques. Applications of such techniques may include: machine and vehicular object detection, identification and avoidance; visual recognition, classification and tagging; algorithmic financial trading strategy performance management; simultaneous localization and mapping; predictive maintenance of high-value machinery; prevention against cyber security threats, expertise automation; image recognition and classification; question answering; robotics; text analytics (extraction, classification) and text generation and translation; and many others.
It will be understood from the foregoing description that modifications and changes may be made in various embodiments of the present invention without departing from its true spirit. The descriptions in this specification are for purposes of illustration only and are not to be construed in a limiting sense. The scope of the present invention is limited only by the language of the following claims.