DriveFuzz
DriveFuzz is a feedback-driven fuzzing framework for testing autonomous driving systems end-to-end, which automatically generates safety-critical driving scenarios in which an autonomous driving system misbehaves.
Seulbae Kim, Major Liu, Junghwan "John" Rhee, Yuseok Jeon, Yonghwi Kwon, Chung Hwan Kim.
In Proceedings of the 29th ACM Conference on Computer and Communications Security (CCS 2022),
Los Angeles, CA, November 2022.
Introduction
Autonomous driving systems (ADS) are steadily becoming a reality, and we expect them to be safer than human drivers. Unfortunately, we continue to see cases of accidents, including fatal ones, caused by the flaws in ADS. A systematic approach to find and eliminate bugs in ADS is needed, which did not exist. We designed an automated fuzz-testing framework, DriveFuzz, that repeatedly tests an ADS under realistic driving scenarios that evolve over iterations. Specifically, DriveFuzz mutates the map, mission (initial position and goal position), actors (other vehicles and pedestrians), puddles, and weather of the scenario to stress the ADS under test, and it looks for safety-critical vehicular misbehaviors, such as collisions and various traffic infractions. By testing two industry-grade open-source ADS, we found 30 new bugs that lead to misbehaviors.
Demo
* Note that the video is not shown while running DriveFuzz by default, these demo videos are recorded with the video opened.
Bug 12
When a vehicle cuts in from either side to the front of the ego-vehicle, the LiDAR sensor detects the vehicle, and the perception layer perceives it as a vehicle. However, the local planner ignores the perceived vehicle and fails to command a stop.
Bug 25
The obstacle detection system only checks if anything is on the same lane as the ego-vehicle. As a result, when the ego-vehicle is switching lanes or turning at an intersection/roundabout to enter another lane, the planner fails to notice the obvious objects, causing collisions.
Bug 29
When the vehicle starts to slip due to a puddle, the rotation of the wheels is not converted to vehicular speed. Not considering the slipping state, the controller keeps generating greater torques on the wheels to achieve the target velocity, which creates an excessive burst of acceleration when the vehicle finally gets out of the puddle and makes the vehicle lose control.
Installation & Run
ExpandPrerequisite
-
Strictly required: Ubuntu 18.04 (requirement of Autoware and ROS melodic)
-
Python 3
-
Python dependencies
$ pip3 install --user pygame scikit-fuzzy docker -
setuptools needs to be downgraded due to a bug in CARLA.
$ pip3 install -Iv setuptools==47.3.1
Setting up docker and nvidia driver
-
Install
docker-ce
-
Remove existing installation, add GPG key, and install
docker-ce$ sudo apt remove docker docker-engine docker.io $ sudo apt update $ sudo apt install apt-transport-https ca-certificates curl software-properties-common $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - $ sudo apt-key fingerprint 0EBFCD88 $ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs)stable" $ sudo apt update $ sudo apt install docker-ce -
Check installation. The following should print a message starting with "Hello from Docker!"
$ sudo docker run hello-world
-
Set up permissions
-
Create group
dockerand add yourself to it$ sudo groupadd docker $ sudo usermod -aG docker ${USER} -
Log out and log back in
$ sudo su - ${USER} -
Try running docker without root permission this time
$ docker run hello-world
-
Make sure you have nvidia driver on Host
-
Search for available drivers
$ sudo add-apt-repository ppa:graphics-drivers $ sudo apt update $ ubuntu-drivers devices -
Install one of the compatible drivers.
nvidia-driver-415worked for me.$ sudo apt install nvidia-driver-415 $ sudo reboot now $ nvidia-smi
-
Install
nvidia-docker2
-
Install
$ distribution=$(. /etc/os-release;echo $ID$VERSION_ID) $ curl -s -L https://nvidia.github.io/libnvidia-container/gpgkey | sudo apt-key add - $ curl -s -L https://nvidia.github.io/libnvidia-container/$distribution/libnvidia-container.list | sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list $ sudo apt update $ sudo apt install nvidia-docker2 $ sudo systemctl restart docker -
Test the installation
$ docker run --runtime=nvidia --rm nvidia/cuda:10.0-base nvidia-smi
Install CARLA 0.9.10.1 docker
-
Pull docker image
$ docker pull carlasim/carla:0.9.10.1 -
Quick-running CARLA CARLA can be run using a wrapper script
run_carla.sh. If you have multiple GPUs installed, it is recommended that you "pin" CARLA simulator to one of the GPUs (other than #0). You can do that by openingrun_carla.shand modifying the following:-e NVIDIA_VISIBLE_DEVICES={DESIRED_GPU_ID} --gpus 'device={DESIRED_GPU_ID} -
To run carla simulator, execute the script:
$ ./run_carla.sh -
It will run carla simulator container, and name it carla-${USER} .
To stop the container, do:
$ docker rm -f carla-${USE} -
Building CARLA API
$ cd carla $ make PythonAPIEnsure that
PythonAPI/carla/dist/carla-0.9.10-py3.x-linux-x86_64.egghas been created after building.Return to the project root directory.
Building carla-autoware docker
-
Get additional files
$ cd carla-autoware $ git clone https://bitbucket.org/carla-simulator/autoware-contents.git -
Build carla-autoware docker
$ ./build.sh
Installing ROS-melodic
-
ROS is required on the host in order for DriveFuzz to communicate with the Autoware container.
$ sudo sh -c 'echo "deb http://packages.ros.org/ros/ubuntu $(lsb_release -sc) main" > /etc/apt/sources.list.d/ros-latest.list' $ sudo apt install curl $ curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | sudo apt-key add - $ sudo apt update $ sudo apt install ros-melodic-desktop-full $ source /opt/ros/melodic/setup.bash
Run DriveFuzz
-
Clone this repository to
~/drivefuzz$ git clone https://gitlab.com/s3lab-code/public/drivefuzz.git ~/drivefuzz -
Run carla simulator
First check if carla is already running:
$ docker ps | grep carla-$USERIf not, run CARLA container by executing:
$ cd ~/drivefuzz $ ./run_carla.sh -
Prepare environment
$ cd ~/drivefuzz $ ./init.sh $ source /opt/ros/melodic/setup.bash -
Run fuzzing
-
Testing Behavior Agent
$ cd ~/drivefuzz/src $ ./fuzzer.py -o out-artifact -s seed-artifact -c 5 -m 5 -t behavior --timeout 60 --town 1 --strategy all- Outputs (bugs, mutated test inputs, metadata, ...) will be stored in
out-artifact - Sample seeds are provided in
seed-artifact - Adjust the number of cycles (
-c) and size of mutated population (-m) (please refer to Algorithm 1 in the paper) - You can try other mutation strategies (congestion, entropy, instability, trajectory); (please refer to Section 4.2.4 in the paper)
- Check
./fuzzer.py --helpfor further instructions
Please note that Behavior Agent has a bug in the controller (that we found and reported), which leads to frequent lane invasions and finishing before reaching the goal. You can prevent these from triggering the misbehavior detector by adding
--no-lane-checkand--no-other-checkflags, e.g.,$ ./fuzzer.py -o out-artifact -s seed-artifact -c 5 -m 5 -t behavior --timeout 60 --town 1 --strategy all --no-lane-check --no-other-check - Outputs (bugs, mutated test inputs, metadata, ...) will be stored in
-
Testing Autoware
$ cd ~/drivefuzz/src $ rm -rf out-artifact $ ./fuzzer.py -o out-artifact -s seed-artifact -c 5 -m 5 -t autoware --timeout 60 --town 1 --strategy all --sim-port 2000
Results
By running DriveFuzz on Autoware and Behavior Agent, we detected the following bugs shown in the tables. We provide the test cases (including the seed, metadata, vehicle states, and detected bugs). Videos of the bugs can be found here.
Autoware bugs
| Bug # | Description | Test case & Log | Bug report | Video |
|---|---|---|---|---|
| 1 | LiDAR and camera fusion misses small objects on road | Log | Report | Video |
| 2 | Perceives the road ahead as an obstacle at a steep downhill | Log | Report | Video |
| 3 | Fails to semantically tag detected traffic lights and cannot take corresponding actions | Log | Report | Video |
| 4 | Fails to semantically tag detected stop signs and cannot take corresponding actions | Log | Report | Video |
| 5 | Fails to semantically tag detected speed signs and cannot take corresponding actions | Log | Report | Video |
| 6 | Faulty localization of the base frame while turning | Log | Report | Video |
| 7 | Localization error when moving underneath bridges and intersections | Log | Report | Video |
| 8 | Generates infeasible path if the given goal is unreachable | Log | Report | Video |
| 9 | Generates infeasible path if the goal's orientation is not aligned with lane direction | Log | Report | Video |
| 10 | Global path starts too far from the vehicle's current location | Log | Report | Video |
| 11 | Target speed keeps increasing at certain roads, overriding the speed configuration | Log | Report | Video |
| 12 | Fails to avoid forward collision with a moving object | Log | Report | Video |
| 13 | Fails to avoid lateral collision (Autoware perceives the approaching actor before collision) | Log | Report | Video |
| 14 | Fails to avoid rear-end collision (Autoware perceives the approaching actor before collision) | Log | Report | Video |
| 15 | While turning, ego-vehicle hits an immobile actor partially blocking the intersection | Log | Report | Video |
| 16 | Ego-vehicle keeps moving after reaching the destination | Log | Report | Video |
| 17 | Fails to handle sharp right turns, driving over curbs | Log | Report | Video |
Behavior Agent bugs
Bug report for all Behavior Agent bugs (#18-30): Report.
| Bug # | Description | Test case & Log | Video |
|---|---|---|---|
| 18 | Indefinitely stops if an actor vehicle is stopped on a sidewalk | Log | Video |
| 19 | Flawed obstacle detection logic; lateral movement of an object is ignored | Log | Video |
| 20 | Generates inappropriate trajectory when initial position is given within an intersection | Log | Video |
| 21 | Improper lane changing, cutting off and hitting an actor vehicle | Log | Video |
| 22 | Vehicle indefinitely stops at stop signs as planner treats stop signs as red lights and waits for green | Log | Video |
| 23 | Vehicle does not preemptively slow down when the speed limit is reduced | Log | Video |
| 24 | Always stops too far (> 10 m) from the goal due to improper checking of waypoint queue | Log | Video |
| 25 | Collision prevention does not work at intersections (only checks if actors are on the same lane) | Log | Video |
| 26 | Fails to avoid lateral collision (Behavior Agent perceives the approaching actor before collision) | Log | Video |
| 27 | Fails to avoid rear-end collision (Behavior Agent perceives the approaching actor before collision) | Log | Video |
| 28 | No dynamic replanning; the vehicle does infeasible maneuvers to go back to missed waypoints | Log | Video |
| 29 | Keeps over-accelerating to achieve the target speed while slipping, creating jolt back on dry surface | Log | Video |
| 30 | Motion controller parameters (PID) are poorly tuned, making the vehicle overshoot at turns | Log | Video |
CARLA simulator bugs
| Bug # | Description | Test case & Log | Bug report | Video |
|---|---|---|---|---|
| 31 | Simulation does not properly apply control commands | Log | Report | Video |
| 32 | Vector map contains a dead end blocked by objects as a valid lane | Log | Report | Video |
| 33 | Occasionally inconsistent simulation result | Log | Report | Video |
Cite this work!
-
CCS 2022 paper (pdf).
@inproceedings{drivefuzz, author = {Kim, Seulbae and Liu, Major and Rhee, Junghwan "John" and Jeon, Yuseok and Kwon, Yonghwi and Kim, Chung Hwan}, title = {{DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing}}, booktitle = {Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security}, series = {CCS 2022}, location = {Los Angeles, CA, USA}, pages = {1753–1767}, numpages = {15}, month = {nov}, year = {2022}, publisher = {ACM}, isbn = {9781450394505}, doi = {10.1145/3548606.3560558}, url = {https://doi.org/10.1145/3548606.3560558}} -
Extended paper (pdf).
@misc{drivefuzz_ext, author = {Kim, Seulbae and Liu, Major and Rhee, Junghwan "John" and Jeon, Yuseok and Kwon, Yonghwi and Kim, Chung Hwan}, title = {{DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing (extended version)}}, month = {nov}, year = {2022}, publisher = {Zenodo}, doi = {10.5281/zenodo.7255959}, url = {https://doi.org/10.5281/zenodo.7255959}}