Ensuring Safety and Reliability for Driver Out Autonomous Trucks

By TuSimple's editorial team
Mar 23

Share

In our last post, we explained details of our Driver Out runs, including the advanced driving capabilities of our TuSimple Driver, and the setup we chose to ensure operational safety. Another important element of safety is optimizing the reliability of the autonomous truck.

The world’s most safety-critical technologies and systems like spacecraft, power grids, and medical devices maximize safety and minimize failure risks by designing for reliability.

There are two approaches to increase overall system reliability:

  1. Specify components and subsystems with very low failure rates. 
  2. Add redundant components and subsystems so that if one fails, a backup automatically takes its place.

We used these techniques to design our solution for autonomous trucks.

This approach is often referred to as the “Swiss cheese” model of reliability. Like Swiss cheese, a single layer of the system may have“holes”. Nevertheless, when layers are stacked on top of each other, individual gaps are covered by the protections of the other layers.  Individually there may be gaps.  As a set, you attain improved coverage.

Figure 1: The “Swiss Cheese Model”: Increasing Reliability with Layers of Protection

Class 8 trucks, including the Navistar International LT that we use in our autonomous truck solution, have both highly reliable subsystems and an array of redundancies. For example, each load-bearing axle has four wheels, two on each side. If one tire blows, the others are still able to carry the full load. Likewise, over-specifying the steering column makes it very unlikely to fail over the lifetime of the truck.

Traditionally, Class 8 trucks include the driver as one of the layers of redundancy.  For example, if the power steering fails, in most cases the driver could still muscle the steering wheel to pull the truck over. With the TuSimple autonomous driver, we’ve added redundancies in hardware, software, and algorithms to ensure we maintain the capability to handle such events safely.

  1. Localization – The TuSimple autonomous driver needs to understand where the truck is in the world to navigate. We call this “localization”. GPS provides localization to the system. However, if the vehicle loses GPS signal, it can still see lane lines, landmarks, signs, and other vehicles. Using its perception system and high definition digital map, the TuSimple autonomous driver can still navigate until GPS is restored.
  2. Sensors – The arrays of sensors are carefully designed with overlapping fields of view, independent power sources, and a triage system so that if a sensor fails, others can fill in the gaps.
  3. Steering – The autonomous truck uses a motorized gear to control the steering wheel – effectively replacing the hands of a human driver.  Should that motor fail, a secondary motor takes over, allowing the vehicle to come to a safe stop.
  4. Braking – The Navistar International LT already has a highly reliable air braking system with dual control signals, dual air tanks and brake actuators on every wheel.  For the autonomous design, we added two independent actuators to replace the braking action of the driver.
  5. Power – To ensure we maintain power to all components of the autonomous system, we’ve designed a dual bank system to power redundant sensors, compute, and control systems independently.
Figure 2: Redundant Systems

Establishing a highly reliable system was paramount prior to conducting the Driver Out runs. The existing highly reliable and redundant systems in the Navistar International LT, together with the additional redundant systems retrofitted to the trucks, protect against rare but important equipment failures. Implementing these systems was a critical step that enabled the world’s first fully autonomous Driver Out runs on open public roads.  For more information about our approach to safety, please refer to our Driver Out Safety Framework.

Posted by TuSimple

Recent Blog Posts