ML-based Fault Injection for Autonomous Vehicles: A Case for Bayesian Fault Injection

Michael B. Sullivan; Ravishankar K. Iyer; Saurabh Jha; Siva K. S. Hari; Stephen W. Keckler; Subho S. Banerjee; Timothy Tsai; Zbigniew T. Kalbarczyk

arxiv: 1907.01051 · v1 · pith:PUZSKFJ7new · submitted 2019-07-01 · 💻 cs.LG · cs.SE· stat.ML

ML-based Fault Injection for Autonomous Vehicles: A Case for Bayesian Fault Injection

Saurabh Jha , Subho S. Banerjee , Timothy Tsai , Siva K. S. Hari , Michael B. Sullivan , Zbigniew T. Kalbarczyk , Stephen W. Keckler , Ravishankar K. Iyer This is my paper

Pith reviewed 2026-05-25 11:41 UTC · model grok-4.3

classification 💻 cs.LG cs.SEstat.ML

keywords fault injectionautonomous vehiclesmachine learningBayesian methodssafety-critical faultsAV verificationsafety testing

0 comments

The pith

DriveFI uses machine learning to locate 561 safety-critical faults in autonomous vehicles in under four hours.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces DriveFI as a machine learning-based fault injection engine designed to identify situations and faults that most threaten autonomous vehicle safety. It applies this approach to two industry-grade AV technology stacks and reports finding hundreds of critical faults rapidly. Traditional random fault injection, by contrast, uncovered none even after running for weeks. A reader would care because current AV verification relies heavily on such testing to prevent real-world accidents.

Core claim

DriveFI mines situations and faults that maximally impact AV safety, as demonstrated on NVIDIA and Baidu stacks where it found 561 safety-critical faults in less than 4 hours while random injection experiments executed over several weeks could not find any.

What carries the argument

DriveFI, a machine learning-based fault injection engine that prioritizes high-impact faults using Bayesian methods.

If this is right

AV safety testing can shift from weeks of random trials to targeted searches completed in hours.
Faults that remain hidden under conventional methods become discoverable during development.
End-to-end assessment of AV systems under accidental faults becomes practical on industry stacks.
Verification processes gain the ability to focus resources on the faults with largest safety consequences.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same targeted-injection principle could be adapted to other complex control systems where exhaustive testing is infeasible.
If the identified faults prove reproducible in physical vehicles, regulators might require evidence that such ML-guided searches have been performed.
Development teams could integrate the engine into continuous integration pipelines to catch safety regressions earlier.

Load-bearing premise

The machine learning model accurately identifies faults that will have the greatest safety impact in realistic driving scenarios and that these faults generalize beyond the two tested systems.

What would settle it

A controlled comparison in which random or exhaustive fault injection finds an equal or greater number of safety-critical faults within a similar time budget on the same AV stacks.

Figures

Figures reproduced from arXiv: 1907.01051 by Michael B. Sullivan, Ravishankar K. Iyer, Saurabh Jha, Siva K. S. Hari, Stephen W. Keckler, Subho S. Banerjee, Timothy Tsai, Zbigniew T. Kalbarczyk.

**Figure 2.** Figure 2: Definition of dstop, dsafe, and δ for lateral and longitudinal movement of the car. Non-AV vehicles are labeled as target vehicles (TV). At. The PID controller ensures that the AV does not make any sudden changes in At. The ADS ML module has an instantaneous state St that consists of configuration parameters C (e.g., neural network weights to perceive input camera data) and a world model Wt, which maintain… view at source ↗

**Figure 4.** Figure 4: Example scenarios: (1) Targeted FI leads to hazardous conditions; (2) Real-world example with Tesla Autopilot that is similar to injected faults. faults and scenes that are most likely to lead to violations of safety conditions and, hence, can be used to guide the fault injection. Taken together, these components of DriveFI can identify hazardous situations that lead to accidents similar to the Tesla crash… view at source ↗

**Figure 5.** Figure 5: Orientation of the EV when in motion. the safety potential delta from 20 m to 2 m as shown in “Scene 1B.” At that point, the Bayesian fault injector injects a fault into the throttle command, causing the vehicle to accelerate. The increase in acceleration caused the EV to become unsafe (δ < 0), as shown in “Scene 1C.” The EV velocity is high enough that braking, even with amax, is not able to prevent an ac… view at source ↗

**Figure 6.** Figure 6: 3-Temporal Bayesian Network modeling the ADS. the mechanism for speculation. We now describe the design of the model and its training and inference. The Model. Consider a situation in which a fault is injected into the EV’s ADS at time point k. We want to estimate the value of dstop at time k + 1 when the (corrupted) actuation commands of the previous time step have been acted upon. As we showed in the pre… view at source ↗

**Figure 7.** Figure 7: BN MLE inference is executed offline for every simulated time point to find the set of critical faults. the variables in Xk are measured and stored. • These “golden” values of Xk are stepped through with (9) to build F (k) crit for every scene/frame, based on (1). • An FI campaign is carried out on the simulated EV to execute faults in S k F (k) crit one frame and one fault at a time. IV. THE ADS ARCHITECT… view at source ↗

**Figure 10.** Figure 10: DriveFI architecture. faults in computational elements. The architectural-state faults that do not get masked manifest as errors in the internal state of the ADS modules, and the errors that do not get masked in the module propagate to the output of the module. Finally, errors that are not masked in any of the modules manifest as actuation command errors that are sent to the AV. Therefore, to mimic faults… view at source ↗

**Figure 11.** Figure 11: Fault/error impact characterization using FI campaigns. (a) & (b) use DS6; (c) & (d) use DS1. A. GPU-level Fault Injection We conducted 800 GPU-level FI experiments for each driving scenario (DS1, DS2, DS3) in DriveAV. The min-CIPO and max-LK of DS1 simulated in DriveAV are labelled as “1- GPU” in Fig. 11c and Fig. 11d, respectively. We conducted only 800 GPU-level FI experiments per scenario because we d… view at source ↗

**Figure 12.** Figure 12: Impact of 30 continuous faults on ζ in DriveAV. Left subfigure shows ζ for a golden simulation (in black) and an injected simulation (in red). Right subfigure shows compensation c. observed similar compensation behavior for the faults injected into brake and steer values. The ability of an ADS to compensate for injected faults depends on the number of faults and the time of injection. The outlier data po… view at source ↗

read the original abstract

The safety and resilience of fully autonomous vehicles (AVs) are of significant concern, as exemplified by several headline-making accidents. While AV development today involves verification, validation, and testing, end-to-end assessment of AV systems under accidental faults in realistic driving scenarios has been largely unexplored. This paper presents DriveFI, a machine learning-based fault injection engine, which can mine situations and faults that maximally impact AV safety, as demonstrated on two industry-grade AV technology stacks (from NVIDIA and Baidu). For example, DriveFI found 561 safety-critical faults in less than 4 hours. In comparison, random injection experiments executed over several weeks could not find any safety-critical faults

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

DriveFI applies Bayesian ML to fault injection on real AV stacks and reports a large efficiency gain over random testing, but the abstract leaves the model validation and fault classification details thin.

read the letter

DriveFI is the main contribution here: a machine learning engine that targets fault injection to find safety-critical issues in autonomous vehicle stacks. It was run on two industry platforms from NVIDIA and Baidu and reports locating 561 such faults in under four hours, while random injection over weeks turned up none. That quantitative contrast is the clearest new element, and it is grounded in actual hardware rather than toy simulations. The work does a solid job showing why random testing is inefficient for this domain and demonstrating that a directed approach can surface problems quickly. The numbers make the practical case for using ML to prioritize faults that matter for safety. The soft spots sit in the missing methodology. The abstract gives no information on how the Bayesian model is trained, what data it uses, how safety-critical faults are labeled or validated, or whether there are controls for false positives or overfitting. The central assumption—that the model reliably identifies faults with maximal safety impact and that those findings generalize—needs the full methods section to hold up. Without error analysis or additional baselines, the 561-fault claim is hard to assess for robustness. This paper is aimed at engineers and researchers doing verification for autonomous systems. Anyone working on fault injection or safety testing for AVs would find the case study and the efficiency comparison useful. It deserves peer review because the empirical demonstration on real stacks is concrete and the efficiency gap is large enough to merit expert examination of the underlying model and evaluation choices.

Referee Report

2 major / 0 minor

Summary. The manuscript introduces DriveFI, a machine learning-based (Bayesian) fault injection engine for mining situations and faults that maximally impact AV safety. It reports an empirical demonstration on two industry-grade AV stacks (NVIDIA and Baidu), claiming to discover 561 safety-critical faults in under 4 hours while random injection over several weeks found none.

Significance. If the methodology, fault definitions, and validation hold, the result would demonstrate a practical efficiency gain for targeted fault injection over random testing in safety-critical AV systems. The use of ML to prioritize impactful faults in realistic scenarios addresses an underexplored aspect of AV verification and could inform more scalable testing pipelines, provided the findings generalize beyond the two stacks tested.

major comments (2)

[Abstract] Abstract: the central quantitative claim (561 safety-critical faults in <4 hours vs. zero from random injection over weeks) is presented without any description of the ML model architecture, training procedure, definition of 'safety-critical,' validation against ground-truth safety metrics, error analysis, or statistical comparison to baselines. This absence prevents assessment of whether the data support the superiority claim.
[Abstract] The weakest assumption—that the ML model accurately identifies faults maximally impacting AV safety and generalizes beyond the two tested stacks without bias or overfitting—remains unaddressed in the provided text, as no details on cross-validation, scenario coverage, or sensitivity to model hyperparameters are supplied.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their thoughtful comments on the abstract. We address each point below. The full manuscript contains the requested details on the model and methodology, but we agree the abstract can be strengthened for standalone clarity.

read point-by-point responses

Referee: [Abstract] Abstract: the central quantitative claim (561 safety-critical faults in <4 hours vs. zero from random injection over weeks) is presented without any description of the ML model architecture, training procedure, definition of 'safety-critical,' validation against ground-truth safety metrics, error analysis, or statistical comparison to baselines. This absence prevents assessment of whether the data support the superiority claim.

Authors: The abstract prioritizes brevity while highlighting the key empirical result. Detailed information on the Bayesian ML model architecture, training procedure, definition of safety-critical faults, validation against ground-truth metrics, error analysis, and statistical comparisons to the random-injection baseline are provided in Sections 3–6 of the full manuscript. We will revise the abstract to incorporate a concise summary of the model and validation approach. revision: yes
Referee: [Abstract] The weakest assumption—that the ML model accurately identifies faults maximally impacting AV safety and generalizes beyond the two tested stacks without bias or overfitting—remains unaddressed in the provided text, as no details on cross-validation, scenario coverage, or sensitivity to model hyperparameters are supplied.

Authors: The abstract does not expand on these elements due to space limits. The manuscript addresses generalization via experiments across two independent industry stacks (NVIDIA and Baidu), scenario coverage in realistic driving conditions, and hyperparameter sensitivity in Sections 5 and 6. We will add a brief statement to the abstract summarizing these aspects. revision: yes

Circularity Check

0 steps flagged

No significant circularity; empirical demonstration only

full rationale

The paper presents an empirical ML-based fault injection system (DriveFI) whose central claim is a performance comparison between its outputs and random injection baselines. No equations, derivations, fitted parameters renamed as predictions, or self-citation chains appear in the provided abstract or description. The result is a direct experimental measurement rather than a reduction of one quantity to another by construction. The reader's assessment of score 1.0 is consistent with the absence of any load-bearing definitional or predictive circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review; no equations, parameters, or modeling choices are visible, so the ledger cannot be populated with concrete entries from the paper.

pith-pipeline@v0.9.0 · 5680 in / 1079 out tokens · 31892 ms · 2026-05-25T11:41:53.553823+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/RealityFromDistinction.lean; Cost/FunctionalEquation.lean reality_from_one_distinction; washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

DriveFI … modeling safety based on lateral and longitudinal stopping distance … Bayesian network (BN) … causal and counter-factual reasoning
IndisputableMonolith/Foundation/ArithmeticFromLogic.lean; AlexanderDuality.lean LogicNat recovery; alexander_duality_circle_linking (D=3) unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

561 safety-critical faults in less than 4 hours … random injection … several weeks

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

63 extracted references · 63 canonical work pages · 2 internal anchors

[1]

Shared vehicle control using safe driving envelopes for obstacle avoidance and stability,

S. M. Erlien, “Shared vehicle control using safe driving envelopes for obstacle avoidance and stability,” Ph.D. dissertation, Stanford University, 2015

work page 2015
[2]

Design and evaluation of a driving mode decision algorithm for automated driving vehicle on a motorway,

J. Suh, B. Kim, and K. Yi, “Design and evaluation of a driving mode decision algorithm for automated driving vehicle on a motorway,” IFAC- PapersOnLine, vol. 49, no. 11, pp. 115–120, 2016

work page 2016
[3]

nvidia drive | nvidia developer,

Nvidia, “nvidia drive | nvidia developer,” https://developer.nvidia.com/ driveworks

work page
[4]

Apollo Open Platform,

Baidu, “Apollo Open Platform,” http://apollo.auto, Accessed: 2018-09-02

work page 2018
[5]

OpenPilot: Open source driving agent,

CommaAI, “OpenPilot: Open source driving agent,” https://github.com/ commaai/openpilot, Accessed: 2018-09-12

work page 2018
[6]

Research group demos why Tesla Autopilot could crash into a stationary vehicle,

S. Alvarez, “Research group demos why Tesla Autopilot could crash into a stationary vehicle,” https://www.teslarati.com/tesla-research-group- autopilot-crash-demo/, June 2018

work page 2018
[7]

Why Uber’s self-driving car killed a pedestrian,

T.S., “Why Uber’s self-driving car killed a pedestrian,” The Economist May 29, 2018 https://www.economist.com/the-economist-explains/2018/ 05/29/why-ubers-self-driving-car-killed-a-pedestrian

work page 2018
[8]

Hands off the wheel in autonomous vehicles?: A systems perspective on over a million miles of ﬁeld data,

S. S. Banerjee et al. , “Hands off the wheel in autonomous vehicles?: A systems perspective on over a million miles of ﬁeld data,” in Proc. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . IEEE, 2018

work page 2018
[9]

DryVR: Data-Driven Veriﬁcation and Compositional Reasoning for Automotive systems,

C. Fan et al. , “DryVR: Data-Driven Veriﬁcation and Compositional Reasoning for Automotive systems,” in Computer Aided Veriﬁcation . Springer International Publishing, 2017, pp. 441–461

work page 2017
[10]

The model checking problem for concurrent systems with many similar processes,

E. M. Clarke and O. Grumberg, “The model checking problem for concurrent systems with many similar processes,” in Proc. Temporal Logic in Speciﬁcation , 1987, pp. 188–201. [Online]. Available: https://doi.org/10.1007/3-540-51803-7_26

work page doi:10.1007/3-540-51803-7_26 1987
[11]

Automatic veriﬁcation of ﬁnite state concurrent systems using temporal logic speciﬁcations: A practical approach,

E. M. Clarke, E. A. Emerson, and A. P. Sistla, “Automatic veriﬁcation of ﬁnite state concurrent systems using temporal logic speciﬁcations: A practical approach,” in Conference Record of the Tenth Annual ACM Symposium on Principles of Programming Languages , 1983, pp. 117–126. [Online]. Available: https://doi.org/10.1145/567067.567080

work page doi:10.1145/567067.567080 1983
[12]

Efﬁcient algorithmic circuit veriﬁcation using indexed bdds,

J. R. Bitner et al. , “Efﬁcient algorithmic circuit veriﬁcation using indexed bdds,” in Digest of Papers: 24th Symposium on Fault-Tolerant Computing , 1994, pp. 266–275. [Online]. Available: https://doi.org/10.1109/FTCS.1994.315633

work page doi:10.1109/ftcs.1994.315633 1994
[13]

Native mode functional test generation for processors with applications to self test and design validation,

J. Shen and J. A. Abraham, “Native mode functional test generation for processors with applications to self test and design validation,” in Int. Proc. Test Conference. IEEE, 1998, pp. 990–999

work page 1998
[14]

Compaction of atpg-generated test sequences for sequential circuits,

R. K. Roy et al. , “Compaction of atpg-generated test sequences for sequential circuits,” in Digest of Technical Papers, 1988 IEEE International Conference on Computer-Aided Design , 1988, pp. 382–385. [Online]. Available: https://doi.org/10.1109/ICCAD.1988.122533

work page doi:10.1109/iccad.1988.122533 1988
[15]

Deterministic test pattern generation techniques for sequential circuits,

I. Hamzaoglu and J. H. Patel, “Deterministic test pattern generation techniques for sequential circuits,” in Proceedings of the 2000 IEEE/ACM International Conference on Computer-Aided Design , 2000, pp. 538–543. [Online]. Available: https://doi.org/10.1109/ICCAD.2000.896528

work page doi:10.1109/iccad.2000.896528 2000
[16]

Fault injection techniques and tools,

M.-C. Hsueh, T. K. Tsai, and R. K. Iyer, “Fault injection techniques and tools,” Computer, vol. 30, no. 4, pp. 75–82, April 1997

work page 1997
[17]

Measuring automated vehicle safety,

L. Fraade-Blanar et al., “Measuring automated vehicle safety,” 2018

work page 2018
[18]

many cars have a hundred million lines of code,

M. T. Review, “many cars have a hundred million lines of code,” https://www.technologyreview.com/s/508231/many-cars-have-a- hundred-million-lines-of-code/

work page
[19]

Nvidia says its new supercomputer will enable the highest level of automated driving,

A. Hawkins, “Nvidia says its new supercomputer will enable the highest level of automated driving,” The Verge Oct. 10, 2017 https://www.theverge.com/2017/10/10/16449416/nvidia-pegasus- self-driving-car-ai-robotaxi

work page 2017
[20]

Dark silicon and the end of multicore scaling,

H. Esmaeilzadeh et al., “Dark silicon and the end of multicore scaling,” in Proceedings of the 38th Annual International Symposium on Computer Architecture, 2011, pp. 365–376

work page 2011
[21]

Characterization of soft errors caused by single event upsets in CMOS processes,

T. Karnik and P. Hazucha, “Characterization of soft errors caused by single event upsets in CMOS processes,” IEEE Transactions on Dependable and Secure Computing , vol. 1, no. 2, pp. 128–143, 2004

work page 2004
[22]

Finding and reproducing heisenbugs in concurrent programs

M. Musuvathi et al., “Finding and reproducing heisenbugs in concurrent programs.” in OSDI, vol. 8, 2008, pp. 267–280

work page 2008
[23]

Sassiﬁ: An architecture-level fault injection tool for gpu application resilience evaluation,

S. K. S. Hari et al., “Sassiﬁ: An architecture-level fault injection tool for gpu application resilience evaluation,” in Performance Analysis of Systems and Software (ISPASS), 2017 IEEE International Symposium on . IEEE, 2017, pp. 249–258

work page 2017
[24]

Understanding Error Propagation in Deep Learning Neural Network (DNN) Accelerators and Applications,

G. Li et al., “Understanding Error Propagation in Deep Learning Neural Network (DNN) Accelerators and Applications,” in Proc. International Conf. for High Performance Computing, Networking, Storage and Analysis, 2017, pp. 8:1–8:12

work page 2017
[25]

Automated Driving Systems: A Vision for Safety,

NHTSA, “Automated Driving Systems: A Vision for Safety,” https://www.nhtsa.gov/sites/nhtsa.dot.gov/ﬁles/documents/13069a- ads2.0_090617_v9a_tag.pdf, 2017

work page 2017
[26]

A Systematic Approach Based on STPA for Developing a Dependable Architecture for Fully Automated Driving Vehicles,

A. Abdulkhaleq et al. , “A Systematic Approach Based on STPA for Developing a Dependable Architecture for Fully Automated Driving Vehicles,” Procedia Engineering, vol. 179, pp. 41–51, 2017

work page 2017
[27]

A new accident model for engineering safer systems,

N. Leveson, “A new accident model for engineering safer systems,” Safety science, vol. 42, no. 4, pp. 237–270, 2004

work page 2004
[28]

DeepXplore: Automated whitebox testing of deep learning systems,

K. Pei et al. , “DeepXplore: Automated whitebox testing of deep learning systems,” in Proc. of the 26th Symposium on Operating Systems Principles, 2017, pp. 1–18

work page 2017
[29]

On the Resilience of RTL NN Accelerators: Fault Characterization and Mitigation

B. Salami, O. Unsal, and A. Cristal, “On the Resilience of RTL NN Accelerators: Fault Characterization and Mitigation,” arXiv preprint arXiv:1806.09679, 2018

work page internal anchor Pith review Pith/arXiv arXiv 2018
[30]

Ares: A framework for quantifying the resilience of deep neural networks,

B. Reagen et al. , “Ares: A framework for quantifying the resilience of deep neural networks,” in Proceedings of the 55th Annual Design Automation Conference. ACM, 2018, p. 17

work page 2018
[31]

A VFI: Fault Injection for Autonomous Vehicles,

S. Jha et al., “A VFI: Fault Injection for Autonomous Vehicles,” in Proc. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W) , pp. 55–56

work page 2018
[32]

Experimental re- silience assessment of an open-source driving agent,

A. H. M. Rubaiyat, Y . Qin, and H. Alemzadeh, “Experimental re- silience assessment of an open-source driving agent,” arXiv preprint arXiv:1807.06172, 2018

work page arXiv 2018
[33]

K. J. Åström and T. Hägglund, PID controllers: theory, design, and tuning. Instrument Society of America Research Triangle Park, NC, 1995, vol. 2

work page 1995
[34]

Safe driving envelopes for shared control of ground vehicles,

S. M. Erlien, S. Fujita, and J. C. Gerdes, “Safe driving envelopes for shared control of ground vehicles,” IFAC Proceedings Volumes, vol. 46, no. 21, pp. 831–836, 2013

work page 2013
[35]

Constraint-based planning and control for safe, semi-autonomous operation of vehicles,

S. J. Anderson, S. B. Karumanchi, and K. Iagnemma, “Constraint-based planning and control for safe, semi-autonomous operation of vehicles,” in Proc. 2012 IEEE Intelligent Vehicles Symposium (IV), 2012 IEEE , pp. 383–388

work page 2012
[36]

Basic concepts and taxonomy of dependable and secure computing,

A. Avizienis et al., “Basic concepts and taxonomy of dependable and secure computing,” IEEE Trans. Dependable Secur. Comput. , vol. 1, no. 1, pp. 11–33, Jan. 2004

work page 2004
[37]

New extension of the Kalman ﬁlter to nonlinear systems,

S. J. Julier and J. K. Uhlmann, “New extension of the Kalman ﬁlter to nonlinear systems,” in Signal pfrocessing, sensor fusion, and target recognition VI, vol. 3068. International Society for Optics and Photonics, 1997, pp. 182–194

work page 1997
[38]

Theoretical impediments to machine learning with seven sparks from the causal revolution,

J. Pearl, “Theoretical impediments to machine learning with seven sparks from the causal revolution,” 2018

work page 2018
[39]

S. M. LaValle, Planning algorithms. Cambridge University Press, 2006

work page 2006
[40]

A ﬁrst course in computational physics,

P. L. DeVries and P. Hamill, “A ﬁrst course in computational physics,” 1995

work page 1995
[41]

Towards robust automatic trafﬁc scene analysis in real-time,

D. Koller et al. , “Towards robust automatic trafﬁc scene analysis in real-time,” in Pattern Recognition, 1994. Vol. 1-Conference A: Computer Vision & Image Processing., Proceedings of the 12th IAPR International Conference on, vol. 1. IEEE, 1994, pp. 126–131

work page 1994
[42]

Pearl, Probabilistic reasoning in intelligent systems: networks of plausible inference

J. Pearl, Probabilistic reasoning in intelligent systems: networks of plausible inference. Morgan Kaufmann, 2014

work page 2014
[43]

Maximum likelihood from incomplete data via the EM algorithm,

A. P. Dempster, N. M. Laird, and D. B. Rubin, “Maximum likelihood from incomplete data via the EM algorithm,” Journal of the Royal Statistical Society. Series B (methodological) , pp. 1–38, 1977

work page 1977
[44]

SAE International, Taxonomy and Deﬁnitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles , Sep 2016

work page 2016
[45]

Model of visual contrast gain control and pattern masking,

A. B. Watson and J. A. Solomon, “Model of visual contrast gain control and pattern masking,” JOSA A, vol. 14, no. 9, pp. 2379–2391, 1997

work page 1997
[46]

A tone mapping algorithm for high contrast images,

P. Debevec and S. Gibson, “A tone mapping algorithm for high contrast images,” in 13th Eurographics Workshop on Rendering: Pisa, Italy . Citeseer, 2002

work page 2002
[47]

Color image demosaicking: An overview,

D. Menon and G. Calvagno, “Color image demosaicking: An overview,” Signal Processing: Image Communication , vol. 26, no. 8-9, pp. 518–533, 2011

work page 2011
[48]

You only look once: Uniﬁed, real-time object detection,

J. Redmon et al., “You only look once: Uniﬁed, real-time object detection,” in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2016, pp. 779–788

work page 2016
[49]

An algorithm for tracking multiple targets,

D. Reid et al. , “An algorithm for tracking multiple targets,” IEEE Transactions on Automatic Control , vol. 24, no. 6, pp. 843–854, 1979

work page 1979
[50]

Vehicle trajectory prediction based on motion model and maneuver recognition,

A. Houenou et al., “Vehicle trajectory prediction based on motion model and maneuver recognition,” in Intelligent Robots and Systems, Proc. 2013 IEEE/RSJ International Conference , pp. 4363–4369

work page 2013
[51]

CARLA: An open urban driving simulator,

A. Dosovitskiy et al., “CARLA: An open urban driving simulator,” in Proc. of the 1st Annual Conf. on Robot Learning , 2017, pp. 1–16

work page 2017
[52]

NVIDIA Drive Simulation,

NVIDIA, “NVIDIA Drive Simulation,” https://www.nvidia.com/en-us/ self-driving-cars/drive-constellation/, Accessed: 2018-09-02

work page 2018
[53]

Drive Pegasus,

Nvidia, “Drive Pegasus,” https://www.nvidia.com/en-us/self-driving-cars/ drive-platform/, Accessed: 2018-09-12

work page 2018
[54]

nuvo-6108gc gpu computing platform | nvidia rtx 2080-gtx 1080ti-titanx,

NEOUSYS, “nuvo-6108gc gpu computing platform | nvidia rtx 2080-gtx 1080ti-titanx,” https://www.neousys-tech.com/en/product/application/gpu- computing/nuvo-6108gc-gpu-computing, Accessed: 2018-11-28

work page 2080
[55]

seaborn.boxplot,

M. Waskom, “seaborn.boxplot,” https://seaborn.pydata.org/generated/ seaborn.boxplot.html. 12

work page
[56]

Autonomous vehicle technology: A guide for policymakers,

J. M. Anderson et al., “Autonomous vehicle technology: A guide for policymakers,” RAND Corp., Tech. Rep. RR-443-2-RC, 2016

work page 2016
[57]

Driving to safety: How many miles of driving would it take to demonstrate autonomous vehicle reliability?

N. Kalra and S. M. Paddock, “Driving to safety: How many miles of driving would it take to demonstrate autonomous vehicle reliability?” Transportation Research Part A: Policy and Practice , vol. 94, pp. 182– 193, 2016

work page 2016
[58]

Kayotee: A Fault Injection-based System to Assess the Safety and Reliability of Autonomous Vehicles to Faults and Errors,

S. Jha et al., “Kayotee: A Fault Injection-based System to Assess the Safety and Reliability of Autonomous Vehicles to Faults and Errors,” in Third IEEE International Workshop on Automotive Reliability & Test . IEEE, 2018

work page 2018
[59]

On the Road to Fully Self-Driving,

Waymo, “On the Road to Fully Self-Driving,” Waymo Safety Report https://assets.documentcloud.org/documents/4107762/Waymo- Safety-Report-2017.pdf, Accessed: 2017-11-27

work page arXiv 2017
[60]

Toward a framework for highly automated vehicle safety validation,

P. Koopman and M. Wagner, “Toward a framework for highly automated vehicle safety validation,” SAE Technical Paper, Tech. Rep., 2018

work page 2018
[61]

NO Need to Worry about Adversarial Examples in Object Detection in Autonomous Vehicles

J. Lu et al. , “No need to worry about adversarial examples in object detection in autonomous vehicles,” arXiv preprint arXiv:1707.03501 , 2017

work page internal anchor Pith review Pith/arXiv arXiv 2017
[62]

Towards practical veriﬁcation of machine learning: The case of computer vision systems,

K. Pei et al., “Towards practical veriﬁcation of machine learning: The case of computer vision systems,” arXiv preprint arXiv:1712.01785 , 2017

work page arXiv 2017
[63]

Identifying unknown unknowns in the open world: Representations and policies for guided exploration

H. Lakkaraju et al., “Identifying unknown unknowns in the open world: Representations and policies for guided exploration.” in AAAI, vol. 1, 2017, p. 2. 13

work page 2017

[1] [1]

Shared vehicle control using safe driving envelopes for obstacle avoidance and stability,

S. M. Erlien, “Shared vehicle control using safe driving envelopes for obstacle avoidance and stability,” Ph.D. dissertation, Stanford University, 2015

work page 2015

[2] [2]

Design and evaluation of a driving mode decision algorithm for automated driving vehicle on a motorway,

J. Suh, B. Kim, and K. Yi, “Design and evaluation of a driving mode decision algorithm for automated driving vehicle on a motorway,” IFAC- PapersOnLine, vol. 49, no. 11, pp. 115–120, 2016

work page 2016

[3] [3]

nvidia drive | nvidia developer,

Nvidia, “nvidia drive | nvidia developer,” https://developer.nvidia.com/ driveworks

work page

[4] [4]

Apollo Open Platform,

Baidu, “Apollo Open Platform,” http://apollo.auto, Accessed: 2018-09-02

work page 2018

[5] [5]

OpenPilot: Open source driving agent,

CommaAI, “OpenPilot: Open source driving agent,” https://github.com/ commaai/openpilot, Accessed: 2018-09-12

work page 2018

[6] [6]

Research group demos why Tesla Autopilot could crash into a stationary vehicle,

S. Alvarez, “Research group demos why Tesla Autopilot could crash into a stationary vehicle,” https://www.teslarati.com/tesla-research-group- autopilot-crash-demo/, June 2018

work page 2018

[7] [7]

Why Uber’s self-driving car killed a pedestrian,

T.S., “Why Uber’s self-driving car killed a pedestrian,” The Economist May 29, 2018 https://www.economist.com/the-economist-explains/2018/ 05/29/why-ubers-self-driving-car-killed-a-pedestrian

work page 2018

[8] [8]

Hands off the wheel in autonomous vehicles?: A systems perspective on over a million miles of ﬁeld data,

S. S. Banerjee et al. , “Hands off the wheel in autonomous vehicles?: A systems perspective on over a million miles of ﬁeld data,” in Proc. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . IEEE, 2018

work page 2018

[9] [9]

DryVR: Data-Driven Veriﬁcation and Compositional Reasoning for Automotive systems,

C. Fan et al. , “DryVR: Data-Driven Veriﬁcation and Compositional Reasoning for Automotive systems,” in Computer Aided Veriﬁcation . Springer International Publishing, 2017, pp. 441–461

work page 2017

[10] [10]

The model checking problem for concurrent systems with many similar processes,

E. M. Clarke and O. Grumberg, “The model checking problem for concurrent systems with many similar processes,” in Proc. Temporal Logic in Speciﬁcation , 1987, pp. 188–201. [Online]. Available: https://doi.org/10.1007/3-540-51803-7_26

work page doi:10.1007/3-540-51803-7_26 1987

[11] [11]

Automatic veriﬁcation of ﬁnite state concurrent systems using temporal logic speciﬁcations: A practical approach,

E. M. Clarke, E. A. Emerson, and A. P. Sistla, “Automatic veriﬁcation of ﬁnite state concurrent systems using temporal logic speciﬁcations: A practical approach,” in Conference Record of the Tenth Annual ACM Symposium on Principles of Programming Languages , 1983, pp. 117–126. [Online]. Available: https://doi.org/10.1145/567067.567080

work page doi:10.1145/567067.567080 1983

[12] [12]

Efﬁcient algorithmic circuit veriﬁcation using indexed bdds,

J. R. Bitner et al. , “Efﬁcient algorithmic circuit veriﬁcation using indexed bdds,” in Digest of Papers: 24th Symposium on Fault-Tolerant Computing , 1994, pp. 266–275. [Online]. Available: https://doi.org/10.1109/FTCS.1994.315633

work page doi:10.1109/ftcs.1994.315633 1994

[13] [13]

Native mode functional test generation for processors with applications to self test and design validation,

J. Shen and J. A. Abraham, “Native mode functional test generation for processors with applications to self test and design validation,” in Int. Proc. Test Conference. IEEE, 1998, pp. 990–999

work page 1998

[14] [14]

Compaction of atpg-generated test sequences for sequential circuits,

R. K. Roy et al. , “Compaction of atpg-generated test sequences for sequential circuits,” in Digest of Technical Papers, 1988 IEEE International Conference on Computer-Aided Design , 1988, pp. 382–385. [Online]. Available: https://doi.org/10.1109/ICCAD.1988.122533

work page doi:10.1109/iccad.1988.122533 1988

[15] [15]

Deterministic test pattern generation techniques for sequential circuits,

I. Hamzaoglu and J. H. Patel, “Deterministic test pattern generation techniques for sequential circuits,” in Proceedings of the 2000 IEEE/ACM International Conference on Computer-Aided Design , 2000, pp. 538–543. [Online]. Available: https://doi.org/10.1109/ICCAD.2000.896528

work page doi:10.1109/iccad.2000.896528 2000

[16] [16]

Fault injection techniques and tools,

M.-C. Hsueh, T. K. Tsai, and R. K. Iyer, “Fault injection techniques and tools,” Computer, vol. 30, no. 4, pp. 75–82, April 1997

work page 1997

[17] [17]

Measuring automated vehicle safety,

L. Fraade-Blanar et al., “Measuring automated vehicle safety,” 2018

work page 2018

[18] [18]

many cars have a hundred million lines of code,

M. T. Review, “many cars have a hundred million lines of code,” https://www.technologyreview.com/s/508231/many-cars-have-a- hundred-million-lines-of-code/

work page

[19] [19]

Nvidia says its new supercomputer will enable the highest level of automated driving,

A. Hawkins, “Nvidia says its new supercomputer will enable the highest level of automated driving,” The Verge Oct. 10, 2017 https://www.theverge.com/2017/10/10/16449416/nvidia-pegasus- self-driving-car-ai-robotaxi

work page 2017

[20] [20]

Dark silicon and the end of multicore scaling,

H. Esmaeilzadeh et al., “Dark silicon and the end of multicore scaling,” in Proceedings of the 38th Annual International Symposium on Computer Architecture, 2011, pp. 365–376

work page 2011

[21] [21]

Characterization of soft errors caused by single event upsets in CMOS processes,

T. Karnik and P. Hazucha, “Characterization of soft errors caused by single event upsets in CMOS processes,” IEEE Transactions on Dependable and Secure Computing , vol. 1, no. 2, pp. 128–143, 2004

work page 2004

[22] [22]

Finding and reproducing heisenbugs in concurrent programs

M. Musuvathi et al., “Finding and reproducing heisenbugs in concurrent programs.” in OSDI, vol. 8, 2008, pp. 267–280

work page 2008

[23] [23]

Sassiﬁ: An architecture-level fault injection tool for gpu application resilience evaluation,

S. K. S. Hari et al., “Sassiﬁ: An architecture-level fault injection tool for gpu application resilience evaluation,” in Performance Analysis of Systems and Software (ISPASS), 2017 IEEE International Symposium on . IEEE, 2017, pp. 249–258

work page 2017

[24] [24]

Understanding Error Propagation in Deep Learning Neural Network (DNN) Accelerators and Applications,

G. Li et al., “Understanding Error Propagation in Deep Learning Neural Network (DNN) Accelerators and Applications,” in Proc. International Conf. for High Performance Computing, Networking, Storage and Analysis, 2017, pp. 8:1–8:12

work page 2017

[25] [25]

Automated Driving Systems: A Vision for Safety,

NHTSA, “Automated Driving Systems: A Vision for Safety,” https://www.nhtsa.gov/sites/nhtsa.dot.gov/ﬁles/documents/13069a- ads2.0_090617_v9a_tag.pdf, 2017

work page 2017

[26] [26]

A Systematic Approach Based on STPA for Developing a Dependable Architecture for Fully Automated Driving Vehicles,

A. Abdulkhaleq et al. , “A Systematic Approach Based on STPA for Developing a Dependable Architecture for Fully Automated Driving Vehicles,” Procedia Engineering, vol. 179, pp. 41–51, 2017

work page 2017

[27] [27]

A new accident model for engineering safer systems,

N. Leveson, “A new accident model for engineering safer systems,” Safety science, vol. 42, no. 4, pp. 237–270, 2004

work page 2004

[28] [28]

DeepXplore: Automated whitebox testing of deep learning systems,

K. Pei et al. , “DeepXplore: Automated whitebox testing of deep learning systems,” in Proc. of the 26th Symposium on Operating Systems Principles, 2017, pp. 1–18

work page 2017

[29] [29]

On the Resilience of RTL NN Accelerators: Fault Characterization and Mitigation

B. Salami, O. Unsal, and A. Cristal, “On the Resilience of RTL NN Accelerators: Fault Characterization and Mitigation,” arXiv preprint arXiv:1806.09679, 2018

work page internal anchor Pith review Pith/arXiv arXiv 2018

[30] [30]

Ares: A framework for quantifying the resilience of deep neural networks,

B. Reagen et al. , “Ares: A framework for quantifying the resilience of deep neural networks,” in Proceedings of the 55th Annual Design Automation Conference. ACM, 2018, p. 17

work page 2018

[31] [31]

A VFI: Fault Injection for Autonomous Vehicles,

S. Jha et al., “A VFI: Fault Injection for Autonomous Vehicles,” in Proc. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W) , pp. 55–56

work page 2018

[32] [32]

Experimental re- silience assessment of an open-source driving agent,

A. H. M. Rubaiyat, Y . Qin, and H. Alemzadeh, “Experimental re- silience assessment of an open-source driving agent,” arXiv preprint arXiv:1807.06172, 2018

work page arXiv 2018

[33] [33]

K. J. Åström and T. Hägglund, PID controllers: theory, design, and tuning. Instrument Society of America Research Triangle Park, NC, 1995, vol. 2

work page 1995

[34] [34]

Safe driving envelopes for shared control of ground vehicles,

S. M. Erlien, S. Fujita, and J. C. Gerdes, “Safe driving envelopes for shared control of ground vehicles,” IFAC Proceedings Volumes, vol. 46, no. 21, pp. 831–836, 2013

work page 2013

[35] [35]

Constraint-based planning and control for safe, semi-autonomous operation of vehicles,

S. J. Anderson, S. B. Karumanchi, and K. Iagnemma, “Constraint-based planning and control for safe, semi-autonomous operation of vehicles,” in Proc. 2012 IEEE Intelligent Vehicles Symposium (IV), 2012 IEEE , pp. 383–388

work page 2012

[36] [36]

Basic concepts and taxonomy of dependable and secure computing,

A. Avizienis et al., “Basic concepts and taxonomy of dependable and secure computing,” IEEE Trans. Dependable Secur. Comput. , vol. 1, no. 1, pp. 11–33, Jan. 2004

work page 2004

[37] [37]

New extension of the Kalman ﬁlter to nonlinear systems,

S. J. Julier and J. K. Uhlmann, “New extension of the Kalman ﬁlter to nonlinear systems,” in Signal pfrocessing, sensor fusion, and target recognition VI, vol. 3068. International Society for Optics and Photonics, 1997, pp. 182–194

work page 1997

[38] [38]

Theoretical impediments to machine learning with seven sparks from the causal revolution,

J. Pearl, “Theoretical impediments to machine learning with seven sparks from the causal revolution,” 2018

work page 2018

[39] [39]

S. M. LaValle, Planning algorithms. Cambridge University Press, 2006

work page 2006

[40] [40]

A ﬁrst course in computational physics,

P. L. DeVries and P. Hamill, “A ﬁrst course in computational physics,” 1995

work page 1995

[41] [41]

Towards robust automatic trafﬁc scene analysis in real-time,

D. Koller et al. , “Towards robust automatic trafﬁc scene analysis in real-time,” in Pattern Recognition, 1994. Vol. 1-Conference A: Computer Vision & Image Processing., Proceedings of the 12th IAPR International Conference on, vol. 1. IEEE, 1994, pp. 126–131

work page 1994

[42] [42]

Pearl, Probabilistic reasoning in intelligent systems: networks of plausible inference

J. Pearl, Probabilistic reasoning in intelligent systems: networks of plausible inference. Morgan Kaufmann, 2014

work page 2014

[43] [43]

Maximum likelihood from incomplete data via the EM algorithm,

A. P. Dempster, N. M. Laird, and D. B. Rubin, “Maximum likelihood from incomplete data via the EM algorithm,” Journal of the Royal Statistical Society. Series B (methodological) , pp. 1–38, 1977

work page 1977

[44] [44]

SAE International, Taxonomy and Deﬁnitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles , Sep 2016

work page 2016

[45] [45]

Model of visual contrast gain control and pattern masking,

A. B. Watson and J. A. Solomon, “Model of visual contrast gain control and pattern masking,” JOSA A, vol. 14, no. 9, pp. 2379–2391, 1997

work page 1997

[46] [46]

A tone mapping algorithm for high contrast images,

P. Debevec and S. Gibson, “A tone mapping algorithm for high contrast images,” in 13th Eurographics Workshop on Rendering: Pisa, Italy . Citeseer, 2002

work page 2002

[47] [47]

Color image demosaicking: An overview,

D. Menon and G. Calvagno, “Color image demosaicking: An overview,” Signal Processing: Image Communication , vol. 26, no. 8-9, pp. 518–533, 2011

work page 2011

[48] [48]

You only look once: Uniﬁed, real-time object detection,

J. Redmon et al., “You only look once: Uniﬁed, real-time object detection,” in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2016, pp. 779–788

work page 2016

[49] [49]

An algorithm for tracking multiple targets,

D. Reid et al. , “An algorithm for tracking multiple targets,” IEEE Transactions on Automatic Control , vol. 24, no. 6, pp. 843–854, 1979

work page 1979

[50] [50]

Vehicle trajectory prediction based on motion model and maneuver recognition,

A. Houenou et al., “Vehicle trajectory prediction based on motion model and maneuver recognition,” in Intelligent Robots and Systems, Proc. 2013 IEEE/RSJ International Conference , pp. 4363–4369

work page 2013

[51] [51]

CARLA: An open urban driving simulator,

A. Dosovitskiy et al., “CARLA: An open urban driving simulator,” in Proc. of the 1st Annual Conf. on Robot Learning , 2017, pp. 1–16

work page 2017

[52] [52]

NVIDIA Drive Simulation,

NVIDIA, “NVIDIA Drive Simulation,” https://www.nvidia.com/en-us/ self-driving-cars/drive-constellation/, Accessed: 2018-09-02

work page 2018

[53] [53]

Drive Pegasus,

Nvidia, “Drive Pegasus,” https://www.nvidia.com/en-us/self-driving-cars/ drive-platform/, Accessed: 2018-09-12

work page 2018

[54] [54]

nuvo-6108gc gpu computing platform | nvidia rtx 2080-gtx 1080ti-titanx,

NEOUSYS, “nuvo-6108gc gpu computing platform | nvidia rtx 2080-gtx 1080ti-titanx,” https://www.neousys-tech.com/en/product/application/gpu- computing/nuvo-6108gc-gpu-computing, Accessed: 2018-11-28

work page 2080

[55] [55]

seaborn.boxplot,

M. Waskom, “seaborn.boxplot,” https://seaborn.pydata.org/generated/ seaborn.boxplot.html. 12

work page

[56] [56]

Autonomous vehicle technology: A guide for policymakers,

J. M. Anderson et al., “Autonomous vehicle technology: A guide for policymakers,” RAND Corp., Tech. Rep. RR-443-2-RC, 2016

work page 2016

[57] [57]

Driving to safety: How many miles of driving would it take to demonstrate autonomous vehicle reliability?

N. Kalra and S. M. Paddock, “Driving to safety: How many miles of driving would it take to demonstrate autonomous vehicle reliability?” Transportation Research Part A: Policy and Practice , vol. 94, pp. 182– 193, 2016

work page 2016

[58] [58]

Kayotee: A Fault Injection-based System to Assess the Safety and Reliability of Autonomous Vehicles to Faults and Errors,

S. Jha et al., “Kayotee: A Fault Injection-based System to Assess the Safety and Reliability of Autonomous Vehicles to Faults and Errors,” in Third IEEE International Workshop on Automotive Reliability & Test . IEEE, 2018

work page 2018

[59] [59]

On the Road to Fully Self-Driving,

Waymo, “On the Road to Fully Self-Driving,” Waymo Safety Report https://assets.documentcloud.org/documents/4107762/Waymo- Safety-Report-2017.pdf, Accessed: 2017-11-27

work page arXiv 2017

[60] [60]

Toward a framework for highly automated vehicle safety validation,

P. Koopman and M. Wagner, “Toward a framework for highly automated vehicle safety validation,” SAE Technical Paper, Tech. Rep., 2018

work page 2018

[61] [61]

NO Need to Worry about Adversarial Examples in Object Detection in Autonomous Vehicles

J. Lu et al. , “No need to worry about adversarial examples in object detection in autonomous vehicles,” arXiv preprint arXiv:1707.03501 , 2017

work page internal anchor Pith review Pith/arXiv arXiv 2017

[62] [62]

Towards practical veriﬁcation of machine learning: The case of computer vision systems,

K. Pei et al., “Towards practical veriﬁcation of machine learning: The case of computer vision systems,” arXiv preprint arXiv:1712.01785 , 2017

work page arXiv 2017

[63] [63]

Identifying unknown unknowns in the open world: Representations and policies for guided exploration

H. Lakkaraju et al., “Identifying unknown unknowns in the open world: Representations and policies for guided exploration.” in AAAI, vol. 1, 2017, p. 2. 13

work page 2017