System Software Team x CTO roundtable pt. 1
Application experts at the helm: A reverse approach to traditional OS development
TIER IV founder Shinpei Kato and the System Software Team offered a glimpse into the company's approach to development and formal verification of operating systems in an expansive roundtable discussion. In part one, the team shares their thoughts on the intriguing aspects of the “lower layer.”
System Software Team leader Yuuki Takano joined TIER IV in April 2022. He also serves as a guest associate professor at Osaka University and is the author of “Zero Kara Manabu Rust (Learning Rust from zero)” (Kodansha, 2022) and “Heiko Programming Nyumon (Introduction to parallel programming)” (O'Reilly Japan, 2021). He gave a tutorial on sel4 at TIER IV’s Computing System Workshop in 2023.
Takahiro Ishikawa joined TIER IV in April 2022. A specialist in operating systems and real-time systems, he’s in charge of lower-layer software related to the real-time performance of Autoware, the world’s first open-source autonomous driving platform. A doctoral student at the University of Tokyo’s Graduate School of Information Science and Technology, Takahiro gave a presentation titled “Quantification of Resource Conflicts in Autoware” at the Computing Workshop.
Ryuta Kambe joined the System Software Team in 2023 as a new graduate, working on formal verification, OS development, and performance improvement. He gave a presentation titled “Formal Verification of Autoware by UPPAAL” at the Computing Workshop.
The architect of Autoware, the world’s first open-source software for autonomous driving technology, Shinpei Kato has served as a project associate professor at the University of Tokyo’s Graduate School of Information Science and Technology and an associate professor at Nagoya University’s Graduate School of Information Science.
— To kick things off, can you talk about some of the things you’re currently working on?
Takahiro: At the moment, the focus is OS development. One of our strengths is that applications are being developed in-house, and the people closest to the applications are developing the OS. I have high hopes that we’ll be able to create something cutting-edge.
Shinpei: You mean an organization close to applications should develop the OS the applications run on.
Takahiro: Exactly. Or, the people who develop the OS should also develop the applications that run on it. I’m also actively engaged in Autoware.Universe. As a result, I started to come up with ideas, such as this kind of OS functionality should be there, or the OS and the application should be integrated. In lower-layer development, many people are not interested in applications. But I’ve been thinking that a change in direction could trigger a paradigm shift.
Shinpei: In a word, it’s full stack. The organization I want to create at TIER IV is like an ultra full stack [team]. The organization itself has knowledge of the application within it, so we can develop a powerful OS as a result.
Takahiro: But it’s no good if only the organization is full stack. We need real full-stack engineers. That’s the difficult part.
Yuuki: I agree. First of all, it’s a big deal that we have a great application. Usually, when an OS is created, there are no applications at first. At TIER IV, it’s the reverse approach to normal OS development. We had specific requirements first, and then we figured out that we needed an OS. I find that really interesting.
Shinpei: What about you, Ryuta? There isn’t that much lower-layer work to do in the company, so finding something to tackle can’t be easy. People say, “You can do whatever you want.”
Ryuta: Formal verification is my specialty, so I want to use it in autonomous driving development. It could be in the application layer and the OS layer. That’s what makes it interesting.
Shinpei: When it comes to formal verification and formal methodology, where do you think we should start within a full stack context?
Ryuta: We’re tackling both at the same time for Autoware, the application in other words, and in the development stage of the OS.
Shinpei: To move things forward, will you think about the methodology first or the tools?
Ryuta: At this phase, we’re trying all the tools we can use, and then we’ll decide on the best one later.
Takahiro: It’s quite a bottom-up approach. I’m starting with the work rather than the methodology.
Yuuki: We’re at the phase of selecting tools and establishing the technical details of what can be done. If all goes well, we’d like to look into offering consulting services in the future.
Shinpei: With the recent improvement in chip performance, the term “zone architecture” has emerged: essentially a large central computing unit based on the concept of zones. A zone can be contained within a single ECU or be formed by multiple ECUs.
The so-called zone controller functions as an operating system, managing the network and computing resources. Application developers only need to be concerned with the zone, and in an ideal scenario, they don't have to worry about each ECU. The zone controller must be secure but is designed to be standalone, not particularly high-performance, and with limited functionality. I’m really serious about creating something compliant with standards like ISO 26262 that is formally verified, and written entirely in Rust. [ISO 26262 is an international standard for the functional safety of electronic systems in vehicles.]
Ryuta: Bring it on!
Yuuki: Let’s give it a shot!
Shinpei: I heard Yuuki’s team always stresses the importance of never having bugs.
Yuuki: It's really important to avoid accidents caused by bugs in autonomous vehicles. However, I understand that it will be difficult to reduce bugs to zero in the development stages. But we never want to have a situation where a person is hit because of a buffer overrun. Some methodologies for fixing bugs have been established. We just need to apply them and avoid any issues that can be avoided.
Takahiro: We have our ideals, but colleagues tell us these ideals are too strict. What we want to do is rewrite everything with Rust, and have all applications run in the kernel space on the Autoware kernel [which was developed by TIER IV.]
Ryuta: Also, do not use external libraries.
Yuuki: And, to make real-time more flexible.
Takahiro: But when we mention this, people say “We’re using C++, so why switch to Rust?” The OS is developed with everyone in the OSS community, so I understand why people would say that. It’s important to stick with the idea of using technology to find solutions.
・・・
TIER IV is always on the lookout for passionate individuals to join our journey. If you share our vision of making autonomous driving accessible to all, get in touch.
Visit our careers page to view all job openings
If you’re uncertain about which roles align best with your experience, or if the current job openings don’t quite match your preferences, register your interest here. We’ll get in touch if a role that matches your experience becomes available, and schedule an informal interview.
Media contact
pr@tier4.jp
Business inquiries
sales@tier4.jp
Social Media
X (Japan/Global) | LinkedIn | Facebook | Instagram | YouTube
More