A three-layer fail operational design for Levels 3-5 autonomous vehicles
The concept of Smart Vehicle Architecture (SVA) was born a few years ago at Aptiv. We define Smart Vehicle Architecture as the power and network backbone of a Level Three through Level Five automated vehicle.
The premise behind it? If you are going to put a Level Four, Level Five vehicle on the road, in essence a self-driving vehicle, you need to make sure the system is fail operational – it just can’t stop because one thing goes wrong. We realized this requires a new approach or what we call three-layer fail operational design, which ties together the three elements of Aptiv’s Smart Vehicle Architecture. It starts with compute, then the network or signal, and then the power.
Let’s start with compute. In the event of a critical computer failure, where the computer drops out completely, what will happen to an automated car? It has to operate in a safe manner. With Aptiv’s SVA there is a an appropriate amount of redundant compute that will bring the vehicle to a safe haven.
The second layer is the network. You have sensors that deliver information to that computer. So, what if the sensors fail or there is a network interruption? The vehicle has to have a backup position of sensors or a sensor array that allows it to go into what we call limp mode coupled with a resilient network, which brings the car to a safe stop. SVA considers both scenarios, providing an intelligent sensor array supported by a proprietary redundant network enable by a unique topology to ensure network fail operation.
The final layer is power. If a computer has a power failure, or the sensors have a power failure, it needs to be able to survive the power failure. SVA considers power failure of the other two layers delivering reliable redundant power to all critical functions.
Three-layer fail operational design basically embeds resilience in all three layers in the event of failures at any level. Failure in compute, failure in network, failure in power – partial or total – the vehicle can reach a safe haven and it does all this in an affordable way.
SVA was born because we found that Level Four or Five autonomous vehicles created an architecture break – in the delivery of the increased functionality and ability to package in the vehicle. We validated this with our customers and with our own fleet of autonomous vehicles.
What we did not realize at the time was that our customers were already having a problem with vehicle architecture today. All of the new features that have shown up in cars – from infotainment to active safety and everything in between – have created the need for feature boxes to be distributed throughout the car. It’s a tremendous amount of dispersed intelligence. All of this is making the technology itself unaffordable and inflexible (Read our CTO’s blog).
So we re-imagined the existing architecture and consolidated those features into a more flexible and affordable package. We completely reconcepted how the entire car was architected. We are unique in our industry and stand apart in our ability to deliver an end-to-end solution, from sensor to cloud.
If you follow the lines, you have a sensor where inside of a sensor, there is a processor. The processor then touches a connector, which touches a wire harness, which then goes to a computer, then goes to a connectivity device, and then even to the cloud. We have foundational capability in all of those areas. We are very unique, and nobody else can do what we do.
Smart Vehicle Architecture is our holistic approach to compute, signal, and power. It’s the intersection of everything we do here at Aptiv and sets the bar for systems integration. And when you look at it holistically and are able to break it down into its parts, solutions manifest themselves that make the entire system perform better, cost less and are more reliable.