In today’s post, we take a quick break from functional safety to talk about autonomous vehicles (AVs) more generally. The state of the art is rapidly evolving in the AV industry, but this post provides a brief overview of the functional architecture for a generic Level 4 AV, including lots of links for those wanting a deep dive into the technology.
This post is primarily aimed at engineers with no prior experience with AVs. However, I guarantee anyone who reads all of the linked papers will learn a thing or two.
Autonomous vehicles generally follow the classical “Sense-Plan-Act” model of robotics. For illustration purposes, it is helpful to zoom-in further to examine how these generic functions are typically decomposed in practice. The figure below shows a high-level functional view of a typical AV.
These functions are very briefly summarized below with references to survey papers that provide much more detailed descriptions. For those seeking a more detailed (but still readable) introduction, Yurtsever et al and Badue et al. provide pretty comprehensive overviews of AV tech.
- Sense: Process a variety of sensing modalities (see our AV sensors post)
- Map Prior: Provide static map data (more, more)
- Localize: Calculate position, orientation, and motion of the vehicle (more, more)
- Perceive: Calculate drivable area and obstacle location and motion (more, more, more)
- Predict: Estimate future motion of dynamic objects (more, more)
- Plan: Calculate a desired trajectory for the vehicle (more, more)
- Control: Execute the trajectory as steering, brake, & throttle commands (more)
This list of functions is not canonical, and in practice some functions may be modified, combined, or even omitted. For example, sensor strategies may differ between AVs. One well-known OEM famously uses only cameras for their Level 2 automated driving system.
Even with similar sensors, the design of software varies widely between AV providers. Some AVs may use a mapless approach and rely only on realtime perception. Other approaches combine perception and prediction, or combine prediction and planning. Experimental implementations even combine all of these functions into a single “end-to-end” deep neural network (DNN) that inputs sensor data and outputs actuation commands. Note that all of these design variations are different technical solutions satisfying the same functional requirements.
For educational purposes, the functional model above is detailed enough for useful discussion, but generic enough to be generalizable. For a more detailed discussions of functional architectures, refer to the literature here and here. There is also an SAE reference architecture document (J3131) that is still under development.
A high-level functional architecture like the one above is not only useful for educational purposes. It is also a key part of the ISO 26262 safety process. A functional architecture is the basis of the functional safety concept, a key safety deliverable prior to system design. Defining the safety concept first at a functional level embeds safety in the entire design process while giving designers flexibility to choose the best technical solutions.
The functions discussed above are the core functions required to automate the driving of a vehicle. However, to have a truly autonomous vehicle, even under limited conditions, a variety of additional support functions are required. A non-exhaustive sampling is provided in the list below:
- Mission planning and dispatch
- Operating mode management
- Passenger interface
- Pickup and drop-off
- ODD monitoring (more, more)
- Fault Handling
- Vehicle monitoring
- Predictive maintenance
- Data logging
- Software updating
- Collision detection
- Post-crash mitigation
- Remote operation (more)
- Remote customer support
Clearly, many of the above auxiliary functions are critical to the success of any practical AV product. The less human involvement, the more auxiliary functions are needed. The development of a comprehensive and dependable set of auxiliary functions is one of the big challenges for advancing from Level 2 to Level4+ automated driving.
Don’t be fooled by the auxiliary name. Besides being required for practical highly automated driving applications, some of these auxiliary functions may even be considered safety critical, depending on the overall safety concept.
Thanks for reading. I hope you found this post helpful. In a not-too-distant future post, we will give an overview of the typical sensors that are used to implement all these AV functions.