Source: Porsche announcement

ZUFFENHAUSEN, Germany — Highly automated driving functions must work safely and reliably in every situation – whether on the highway or in a multi-story car park. One of the ways developers achieve this is through ‘redundancy’; parallel systems observe the environment and decide what to do in critical situations.

A truck in front loses its load. An unloaded pallet suddenly falls onto the road and blocks the lane. What causes a moment of shock for a human driver today will be mastered with ease by the highly auto­mated vehicles of the future. This is thanks to three parallel systems: the main planner handles normal driving operations and acts in a comfort­ oriented manner. It brakes and accelerates gently.

System two, the fallback planner, simultaneously cal­culates a trajectory that quickly maneuvers the vehicle into a safe position if necessary.

Related post:
PORSCHE’S COOL IDEA: VENTILATED DISC BRAKES

The third system, the supervisor, constantly checks whether a risk is posed by the main or fallback paths and selects the safest alternative in each case.

This is why a pallet falling out of the truck unexpectedly would not be a problem for the highly automated vehicle – because even in the unlikely event that the main planner overlooked the obstacle, the vehicle would safely take evasive action thanks to the fallback planner or stop on the hard shoulder if it were not possible to drive around it.

Such a scenario could soon become reality. Porsche Engineering is working flat out to make highly auto­mated driving (HAD) functions safe and reliable in this way. The crucial strategy along the way is called ‘decomposition’. Instead of the vehicle being controlled by a single system, several planners as well as supervisors work together in parallel. “Together, the systems achieve a much higher level of fail-­safety than a single one,” explains Jan Gutbrod, team leader for the development of driving assistance systems at Porsche Engineering.

“The biggest challenge is to master every last con­ceivable situation,” says Albrecht Böttiger, head of the ADAS/HAD Project House at Porsche AG. In other words: the overall system must be able to cope with different vehicle types and driving styles, recognize road markings in different colors – even when they are weathered – and safely avoid known and unknown obstacles. This requires a coordinated interaction of the three subsystems, which must prove itself in tests and road trials.

Strict technical segregation of the systems

Parallel systems have been in use in aviation for a long time. Their safety, however, critically depends on the technical design.

“To achieve true redundancy, it is im­portant not to simply copy systems,” stresses Andreas Nagler, Head of Systems Engineering and Architecture at Cariad, the Volkswagen Group’s software and technology company.

What that means is that the in­stances must be technically isolated from each other, i.e., each must have its own hardware, software and data sources. This is the only way to minimize what are known as common cause errors – failures due to a shared cause.

To view the entire announcement, click HERE.