EnergyShield: Provably-Safe Offloading of Neural Network Controllers for Energy Efficiency

EnergyShield: Provably-Safe Offloading of Neural Network Controllers for Energy Efficiency

To mitigate the high energy demand of Neural Network (NN) based Autonomous Driving Systems (ADSs), we consider the problem of offloading NN controllers from the ADS to nearby edge-computing infrastructure, but in such a way that formal vehicle safety properties are guaranteed. In particular, we propose the EnergyShield framework, which repurposes a controller "shield" as a low-power runtime safety monitor for the ADS vehicle. Specifically, the shield in EnergyShield provides not only safety interventions but also a formal, state-based quantification of the tolerable edge response time before vehicle safety is compromised. Using EnergyShield, an ADS can then save energy by wirelessly offloading NN computations to edge computers, while still maintaining a formal guarantee of safety until it receives a response (on-vehicle hardware provides a just-in-time fail safe). To validate the benefits of EnergyShield, we implemented and tested it in the Carla simulation environment. Our results show that EnergyShield maintains safe vehicle operation while providing significant energy savings compared to on-vehicle NN evaluation: from 24% to 54% less energy across a range of wireless conditions and edge delays.

为了缓解基于神经网络（NN）的自动驾驶系统（ADS）的高能量需求，我们考虑将NN控制器从ADS卸载到附近的边缘计算基础设施的问题，但要以保证车辆正式安全属性的方式进行。特别是，我们提出了EnergyShield框架，该框架将一个控制器“防护器”重新用作ADS车辆的低功耗运行时安全监测器。具体而言，EnergyShield中的防护器不仅提供安全干预，还在车辆安全受到损害之前对可容忍的边缘响应时间进行基于状态的正式量化。使用EnergyShield，ADS可以通过将NN计算无线卸载到边缘计算机来节省能量，同时在收到响应之前仍然保持正式的安全保证（车载硬件提供即时故障安全保护）。为了验证EnergyShield的优势，我们在Carla模拟环境中对其进行了实施和测试。我们的结果表明，与车载NN评估相比，EnergyShield在保持车辆安全运行的同时实现了显著的节能：在一系列无线条件和边缘延迟情况下，能耗降低了24%至54%。