Bosch driverless e-Shuttle is fault tolerant
In such a situation, the systems used must be fault-tolerant and robust, so that the safety of passengers and other road users is guaranteed in all cases. How the corresponding vehicle components have to be designed in the face of such challenges is the question being addressed by Bosch with its 3F project that focuses on fail-safe operation.
“The aim was to develop solutions to ensure that automated shuttles can move around safely, even if a technical malfunction occurs or obstacles suddenly appear,” says Steffen Knoop, project leader in research and advance engineering at Robert Bosch GmbH.
To operate without drivers, shuttles must be able to monitor their system autonomously—i.e., perform diagnostic tasks—and cope with any technical faults detected so that they can continue driving. At the same time, they must be able to secure the system in the event of critical faults, for example by bringing the shuttle to a stop.
One approach is to build in redundancy; in other words, to duplicate safety-relevant functions. For example, Bosch researchers developed redundant systems for the power supply so that the electrical powertrain and vehicle electrical system are reliably protected. They also adapted and improved sensor technology to suit the vehicle design.
To reliably detect obstacles, they installed several LiDAR and radar sensors at various points around the vehicle, giving it the ability to observe its surroundings from different positions. By delivering a 360-degree birds-eye view and avoiding blind spots, this created a kind of 3D protection zone. The setup not only detects obstacles on the road, such as barriers, it also spots things like hanging branches.
Another solution employed by Bosch is to build in fault tolerance, whereby the failure of a subsystem is at least partly compensated for by other functions. This isn’t unlike how people behave—if the lights suddenly go out in a room, we use our other senses and feel our way around instead of becoming paralyzed. The shuttle behaves similarly: If it’s blind in a certain area, say because leaves are stuck to the sensor or a large object such as a dumpster is completely blocking the view in one direction, it slows down or omits the parts of the route that can no longer be detected.
next: it is all down to sensors
The challenge was to design the sensors so that the safety of the driverless shuttle is guaranteed at all times even if individual sensors fail. The same applies to movement and path planning, whereby the vehicle must be able to reach a safe state even in the event of malfunctions and obstacles, e.g., planning evasive maneuvers, slowing down the journey or coming to a complete stop.
The vehicles are programmed to slow down when any moving objects approach or, in case of doubt, to give unknown objects a wide berth. When they identify familiar landmarks such as streetlights, on the other hand, they resume their journey at full speed. If there’s any imminent danger, the shuttle will come to a precautionary stop. The objective is for the vehicle to adapt its driving behavior to the circumstances in real time while also continuing on its journey automatically whenever possible, even in the event of system malfunctions or obstacles in its path.
As part of the project, on-board electrical system concepts are being evaluated to ensure a proper power supply despite any fault. With the help of vehicle-wide power distribution at the 48-V voltage level, the cable cross-sections are reduced as is the cost of power distribution.
Project partner Finepower GmbH is tasked with developing and testing small, passively cooled 200-W dc-dc converters, which ensure the supply of the individual 12-V devices from the 48-V voltage level. The focus here is on overload capability and the implementation of various safety and diagnostic functions, as well as parallel operation to achieve the required redundancy. In addition, a water-cooled, redundant, high-voltage dc-dc converter is being developed, which lowers the voltage of the high-voltage battery to a 48-V intermediate network with 2X 2.5 kW of output power.
Data on the journey being undertaken and the current technical status of the shuttle’s systems can be transmitted from the vehicle and back to it. Information on three different functions is sent back and forth: diagnostics, monitoring, and control. This lays the foundation for a fleet of automated shuttle buses to be remotely monitored, as well as repaired or even controlled—for instance, to open the doors. It means the vehicles will get help if they do ever reach their fault-detection and compensation limits, or if they simply require scheduled maintenance.
The shuttles are being tested on several test tracks. At Bosch’s research campus in Renningen, Germany, two shuttle buses transport people around a site shared with pedestrians. Meanwhile, at the Avantis innovation park of StreetScooter GmbH in Aachen, Germany, the objective is to move the vehicles with centimeter precision underneath gantry cranes to enable the swift removal of transport containers. This requires precise localization and a form of automated parking under the gantry. In practice, this automated maneuver enables error-free container collection and positioning. In both scenarios, the vehicle is traveling at low speed and the systems are being monitored by an engineer.