US 11,724,708 B2
Fail-safe handling system for autonomous driving vehicle
Guohao Gong, Beijing (CN); Fan Zhu, Sunnyvale, CA (US); Yue Wang, Beijing (CN); Xin Xu, Beijing (CN); Xiang Liu, Beijing (CN); Yongyi Sun, Beijing (CN); Yingnan Liu, Beijing (CN); Junping Wang, Beijing (CN); and Jingjing Xue, Beijing (CN)
Assigned to BAIDU USA LLC, Sunnyvale, CA (US); and BAIDU.COM TIMES TECHNOLOGY (BEIJING) CO., LTD., Beijing (CN)
Appl. No. 16/960,843
Filed by Baidu USA LLC, Sunnyvale, CA (US); and Baidu.com Times Technology (Beijing) Co., Ltd., Beijing (CN)
PCT Filed Jun. 12, 2020, PCT No. PCT/CN2020/095970
§ 371(c)(1), (2) Date Jul. 8, 2020,
PCT Pub. No. WO2021/248499, PCT Pub. Date Dec. 16, 2021.
Prior Publication US 2021/0387631 A1, Dec. 16, 2021
Int. Cl. B60W 50/023 (2012.01); B60W 60/00 (2020.01); B60W 10/18 (2012.01); B60W 30/06 (2006.01); B60W 50/02 (2012.01)
CPC B60W 50/023 (2013.01) [B60W 10/18 (2013.01); B60W 30/06 (2013.01); B60W 50/0205 (2013.01); B60W 50/0225 (2013.01); B60W 60/001 (2020.02)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method of handling malfunctions in an autonomous driving vehicle (ADV), comprising:
receiving, at a redundant system running on a first electronic control unit (ECU), a real-time value of each output parameter of each of a plurality of components in the ADV, wherein the plurality of components include a primary autonomous driving system (ADS) running on a second ECU, wherein the primary ADS is configured to generate planned trajectories based on localization data and sensor data from a global positioning system (GPS) system, one or more cameras, and one or more light detection and ranging (LiDAR) devices, smooth the planned trajectories, and issue first driving commands to a controller area network (CAN bus) to operate the ADV to follow the smoothed planned trajectories to operate the ADV;
determining, by the redundant system, that a malfunction has occurred in a component of the plurality of components based on a comparison between the real-time value and an expected value of the output parameter of each of the plurality of components;
determining a level of failure risk for the malfunction that has occurred in the component based on a predetermined weight of each of a plurality of factors associated with the malfunction, wherein the plurality of factors include a general category of the malfunction, a specific component where the malfunction occurs, a frequency of occurrence of the malfunction, and availability of inspection data for the malfunction; and
in response to determining that the level of failure risk falls within a particular value range, driving, by the redundant system, the ADV using the redundant system, including generating a path to a closest safe place based on localization data and sensor data only from the one or more cameras and without smoothing the path, and issuing second driving commands the CAN bus to control the ADV in response to the closest safe place.