To mitigate the high energy demand of Neural Network (NN) based Autonomous Driving Systems (ADSs), we consider the problem of offloading NN controllers from the ADS to nearby edge-computing infrastructure, but in such a way that formal vehicle safety properties are guaranteed. In particular, we propose the EnergyShield framework, which repurposes a controller ''shield'' as a low-power runtime safety monitor for the ADS vehicle. Specifically, the shield in EnergyShield provides not only safety interventions but also a formal, state-based quantification of the tolerable edge response time before vehicle safety is compromised. Using EnergyShield, an ADS can then save energy by wirelessly offloading NN computations to edge computers, while still maintaining a formal guarantee of safety until it receives a response (on-vehicle hardware provides a just-in-time fail safe). To validate the benefits of EnergyShield, we implemented and tested it in the Carla simulation environment. Our results show that EnergyShield maintains safe vehicle operation while providing significant energy savings compared to on-vehicle NN evaluation: from 24% to 54% less energy across a range of wireless conditions and edge delays.

翻译：为缓解基于神经网络（NN）的自动驾驶系统（ADSs）的高能耗需求，我们研究了将神经网络控制器从ADS卸载至附近边缘计算基础设施的问题，且需确保形式化车辆安全属性的可保证性。具体而言，我们提出了EnergyShield框架，该框架将控制器"防护盾"重新定位为ADS车辆的低功耗运行时安全监控器。在EnergyShield中，防护盾不仅提供安全干预措施，还能在车辆安全受损前给出可容忍边缘响应时间的基于状态的量化形式化界定。借助EnergyShield，ADS可通过将神经网络计算无线卸载至边缘计算机来节省能耗，同时在收到响应前仍保持形式化的安全保证（车载硬件提供即时安全响应机制）。为验证EnergyShield的优势，我们在Carla仿真环境中进行了实现与测试。结果表明：与车载神经网络计算相比，EnergyShield在确保车辆安全运行的同时实现了显著节能——在不同无线条件和边缘延迟情况下，能耗降低幅度达24%至54%。