F2008-08-127
Safety Concept of the Cognitive Vehicle Control
Autonomous driving inclusive accelerating, braking, steering and other advanced maneuvers, such as lane change, platooning, should be exactly executed in the intelligent vehicle, which is also belonging to its basic functions. Such object is required to be accomplished on the vehicle actuators precisely, in limited delay and without errors by means of variable control algorithms. Because this control process completely takes the vehicle motion in hand and brings the fatal error to the vehicle and people in case of the false implementation, it should be secured. In the other aspect it is also required to find out a solution in the emergency situation to bring the vehicle back to the safety status such as `stop´ before the driver can react against the failures. In this article it will be discussed about how to secure the whole process of the cognitive vehicle controlling and timely find out even emend the errors. It begins with the vehicle status check, after accepting the driving commands from the cognition unit. The reliable implementation of the drive task is firstly based on whether it is under the actual vehicle physical boundary, since otherwise it will be certainly not or not correctly carried out. In this step the precise and in better time prediction of the vehicle ability and movement potential would play the important roll. Following the restricting or adjusting of the driving task it will be deconstructed into the elementary action, which will be subsequently and accordingly arranged on the separate actuators. Methods such as controller-observer Design, model based diagnose will be applied to observe the status of the hardware and its degree of the performance. In case of the failure in the sensor-controller-actuator loop, it should indicate its failure location with the necessary advice commands to the driver. When the driver is not able to in time react on it, the before-defined action will help the driver or alone with the redundant software/hardware bring the vehicle into the fail-safe mode. The redundant system design would be predefined and the knowledge base of the diagnose system would be established via the SIL, HIL simulation method. In the case of `blind´ mode, which means lost of the signal from the vision- and cognition-unit by any reasons, it will be tried to keep the vehicle in right tracks until the stop mode, along with the information in the last second and under help of the GPS digital atlas. While the digital atlas has the mostly precision range of 5-10 meter, it will be under the examination which precision range is required for the safety action and whether it is possible using mathematic method to avoid the precision problem.
This abstract is supplemented by a PDF, which can be viewed here.
Session: HMI & Safety