Chapter 1. Control design aspects of highly automated vehicles

Table of Contents
1.1. Motivation
1.1.1. Reducing accident number and accident severity
1.1.2. Saving energy and reducing harmful exhaust emission
1.1.3. The role of mechatronics
1.2. Design aspects
1.3. Automation levels
1.3.1. Warning
1.3.2. Support
1.3.3. Intervention
1.3.3.1. Semi-automated intervention
1.3.3.2. Highly automated intervention
1.3.4. Full Automation

In the following pages the authors would like to provide an introduction into the design, the architecture and functionality of today’s highly automated vehicle control systems. Thanks to the developments in electronics technology integrated into the automotive industry there has been a revolution in road vehicle technology in the past 20 years. In modern vehicles there are approximately 100 microcomputers today providing service to the driver by means of vehicle operation, comfort, assistance and safety. Electronics control almost every function inside the vehicle and there are attempts to harmonise vehicle-to-vehicle communication (V2V) and vehicle-to-infrastructure information exchange (V2I) as well. Advanced driver assistance systems (ADAS) take over more and more complex and complicated tasks from the driver like adaptive cruise control (ACC) or lane keeping assistance (LKA), to make driving even easier and safer. In the not too far future the public road vehicles will be able to drive without a driver. On one hand the technology improvements makes such functions feasible even on public roads, while on the other hand it raises new challenges to policy makers. Until that time there are a lot of tasks to be solved, several technical questions and maybe even more legal issues have to be answered.

1.1. Motivation

1.1.1. Reducing accident number and accident severity

Reducing the number of accidents and accident severity is the highest importance according to the EU objectives, but this in not only a European, but a global problem affecting the whole society. Worldwide every year almost 50 million people are injured and 1.2 million people die in road accidents; more than half of them being young adults aged 15 to 44. Forecasts indicate that, without substantial improvements in road safety, road accidents will be the second largest cause of healthy life years lost by 2030. (Source:[1])

In Europe there is no reality to further improve the currently existing road network, so the solution has to face the limited infrastructure and the even further growing demand of transport. That is why highly automated road vehicles (integrated into an intelligent environment) will have a key role in improving road safety. The EU road safety strategy defined in 2001 has achieved significant results, but there is still a lot to do. The following figures [2] below show the overall and country based progress achieved in saving lives on European roads.

Road fatalities in the EU since 2001 (Source: CARE)
Figure 1.1. Road fatalities in the EU since 2001 (Source: CARE)


Road fatalities by population since 2001 (Source: CARE)
Figure 1.2. Road fatalities by population since 2001 (Source: CARE)


Hungary has been recognised with the “2012 Road Safety PIN Award” at the 6th ETSC Road Safety PIN Conference in 2012 for the outstanding progress made in reducing road deaths. Road deaths in Hungary have been cut by 49% since 2001, helped by a 14% decrease between 2010 and 2011. Since 2004 and its accession to the EU, Hungary quickly adapted to the rigours of membership and to the challenge of the EU 2010 target. (Source: [3])

1.1.2. Saving energy and reducing harmful exhaust emission

The other global challenge is to make transportation more efficient and environment friendly. Europe accelerates its progress towards a low-carbon society in order to reach the target of an 80% reduction in emissions below the 1990 levels by 2050. To be able to achieve that, the emissions should be reduced 40% by 2030 and 60% by 2040. Each sector has to contribute to achieve this, and transportation has an essential part in that. (Source: [4])

European roadmap for moving to a low-carbon economy (Source: EU)
Figure 1.3. European roadmap for moving to a low-carbon economy (Source: EU)


Although more economical engines (see also downsizing technology) also results in less emission, on the other hand there has been a great improvement recently in exhaust gas handling technology thanks to the EU regulations. Since the introduction of the Euro1 standard (1993) the harmful exhaust emission level was reduced the limit for NOX by 95% and for particulates by 97% to the Euro 6 levels. Figure 4 shows European harmful exhaust emission reduction requirements. (Source: [5])

European Euro 6 emissions legislation (Source: DAF)
Figure 1.4. European Euro 6 emissions legislation (Source: DAF)


Highly automated driving has also a value add to efficiency and lower harmful emissions by functions like Active Green Driving (AGD), Automated Queue Assistance (AQUA), forward thinking driving with eHorizon and velocity profile planning.

The main goal of the Active Green Driving is to reduce the fuel consumption and potentially emissions in vehicles by using e-Horizon system enhanced with environment sensors and the continuous prediction of vehicle speed profile. This includes a fuel optimal powertrain strategy and a driver support interface to give driving recommendations, in certain defined situations, using both graphical and textual information and furthermore haptic feedback in the accelerator pedal. (Source:[6])

1.1.3. The role of mechatronics

One should understand that there are some objective factors that electronics (mechatronics) has no alternative in the future of driving. We should not forget that most of the drivers on public road are not professional pilots, but even the most talented driver cannot compete with intelligent mechatronic systems in the following fields:

  • limited information: the driver does not have access to the information that state-of-the–art sensors installed in every part of the vehicle provide. The precise and detailed information about the vehicle status and the surrounding environment is essential for decision making.(Perception layer)

  • limited time: information in electronic systems propagate with the speed of light. The reaction times of mechatronic systems are significantly shorter compared to any human or mechanic systems. Information exchange between intelligent electronics inside the vehicle network is comparable to business computer networks.

  • limited access: for example mechatronic systems can individually brake each and every wheel according to the circumstances that may change hundred times a second while the driver has only the possibility to press more or less the brake pedal.

The electronically networked driver assistance systems will have key factor in the increase of safety on roads. According to statistics only 3% of traffic accidents can be traced back to technical reasons (vehicle), while 97% of accidents are caused by human factors (driver). Beside the inadequate technical status of a certain vehicle, the major sources of vehicle accidents are wrong driver decision, inappropriate evaluation of the circumstances, or lack of consideration. The probability of wrong decisions radically increases if the driver is in bad physical or mental condition, for example tired or from some other kind of reason indisposed.

According to European accident statistics 2/3 of the accidents with serious outcome could have been avoidable by the usage of driver assistance systems. A considerable part of these accidents are pile-up accidents, from which more than half can be traced back to lack of attention. Beyond the pile-up, accidents where commercial vehicles are involved are typically caused by drifting out, jack-knifing or rolling over.

The effect of collision speed on fatality risk (Source: UNECE)
Figure 1.5. The effect of collision speed on fatality risk (Source: UNECE)


In case of losing vehicle stability, unintentional lane departure, pile-up happening from behind, there are technical solutions to warn the driver before a late recognition and - if it is not enough - assistance systems automatically intervene in the management of the vehicle, with which the consequences of the accident can be radically mitigated. Such intervention may be a last minute emergency braking, which may significantly reduce the kinetic energy of the vehicle before the collision. Driver assistance systems may also compensate for eventual erroneous reactions of the driver.

1.2. Design aspects

It is no question that highly automated driving will play a major role in personal mobility in the future. The question is only when and how. Highly automated driving systems will relieve the drivers from distracting or stressing tasks ensuring safer and sustainable mobility. Today’s road vehicles are already complicated enough to distract some driver segments from using new driver assistance features. User acceptance is a key figure in moving towards highly automated driving, since most of the drivers can benefit from automated assistance systems in special situations. The application should be very easy and seamless to promote such functions and new ADAS features must be introduced into the education of drivers to understand them and get used to them.

There are traffic circumstances when drivers are especially in need of assistance like driver overload or underload situations. Driver overload situation may occur when the driver has to carry out multiple tasks simultaneously while also having to pay attention to other vehicles (e.g. intensive situations like turning manoeuvres at intersections or driving in the narrow lanes of roadwork areas) and driver stress may result in a deteriorated performance. Driver underload situation occurs during monotonous driving when there are really few impulses reaching the driver resulting in drowsiness (e.g. boring situations like traffic jams or long distance driving). Under “normal” conditions the driver has enough driving activity to make him awake and focused while not too much to distract or confuse him, this can also be regarded as optimum driving fun.

Either driver underload or overload situation results in the degradation of driver performance that is a risk for the traffic environment. Highly automated driving is a promising way to reduce this risk by providing assistance to the driver in these special situations. The following figure shows the correlation between driver load and driver performance indicating the need for assistance.

Situations when driver assistance is required. (Source: HAVEit)
Figure 1.6. Situations when driver assistance is required. (Source: HAVEit)


The two extreme situations on the figure above are not preferred. The resolution is selective automation of the vehicle, where the driver is still always a part of the control loop. (This is not just a requirement of legal issues but also important from user acceptance point of view.) In this approach the driver can pass over the control to the vehicle under specified circumstances and the vehicle can also pass back the control to the driver if the system is not able to handle the situation. Meanwhile the driver attention is continuously monitored and in case the driver is not capable of handling the traffic situation (e.g. medical emergency) the vehicle automatically takes over control and gradually reducing the vehicle speed safely drives to standstill on the roadside. The system will also pass back control to the driver if the pre-conditions for highly automated driving are not met, e.g. if no lane markings can be detected.

1.3. Automation levels

State-of-the-art driver assistant systems (ADAS) already provide a range of support functions for the driver. The vehicle automation level can be categorized into several layers depending on the degree of substituting driver tasks.

Automation level approach by the HAVEit system. (Source: HAVEit)
Figure 1.7. Automation level approach by the HAVEit system. (Source: HAVEit)


Based on the perception layer information the command layer determines the availability of each and every automation level in a hierarchical way. The availability may vary during driving according to the changing of the environment (e.g. lane markings obtainable or not). The automation levels may only change in order either upwards and downwards. Upon availability the driver is responsible for the selection of one of the automation levels. The driver cannot select an automation level that is not offered because the pre-conditions are not met. Vica versa if a certain automation level is no longer available the vehicle warns the driver to take over the control of the vehicle.

There are assistance levels that are built on each-other, assuming that the next level is available only in case all the previous levels are fulfilled.

1.3.1. Warning

The very first level of providing assistance to the driver is to inform the driver about potentially dangerous situations. In this stage there is no further support or intervention, the driver is just warned about the potential danger. The warning information is transmitted to the driver via the primary human machine interface (HMI) of the vehicle, using either visible (e.g. dashboard), acoustic (e.g. alarm sound) or haptic (e.g. seat or steering wheel vibration) feedback. It is totally up to the driver if he takes actions or not after receiving the warning. A good example is driver drowsiness detection which warns the driver to take a coffee break in case of fatigue by continuously monitoring the steering wheel movement. The warning message is an icon of a coffee cup in front of an orange background and there is a text message ”please take a break” shown in the figure below on the display of the HAVEit HMI.

Driver drowsiness warning: Time to take a coffee break! (Source: HAVEit)
Figure 1.8. Driver drowsiness warning: Time to take a coffee break! (Source: HAVEit)


1.3.2. Support

The second level of providing assistance is not just to warn the driver but support him guiding how to drive the car in a potentially hazardous situation. This level assumes that the driver is aware of the probably unsafe situation (warning) and there are hints provided further more to the driver directing him to the right manoeuvre.

Lane Departure Warning is a basic function inside supported control. It warns the driver if he gets too close to the lane markings and then warns the driver by acoustic and visual warnings or a slight vibration in the steering wheel.

LDW support guiding the driver back into the centre of the lane. (Source: Mercedes-Benz)
Figure 1.9. LDW support guiding the driver back into the centre of the lane. (Source: Mercedes-Benz)


Additional support may also be providing a counter-steering torque with the electrically power assisted steering system (EPAS or EPS). The gently applied EPAS steering torque makes it harder to steer out (change lane without using the turn signal). The driver may still decide to change lane (without using the turn signal) and steer out from the lane by a stronger steering wheel movement or stay in the lane by gently steering back.

Counter-steering torque provided to support keeping the lane. (Source: TRW)
Figure 1.10. Counter-steering torque provided to support keeping the lane. (Source: TRW)


The function works camera based by analysing the lane markings on the road in front and by comparing the current vehicle direction in relation to them. It usually incorporates hands-off detection of the steering wheel to avoid the use (misuse) of the system for autonomous driving.

Warning for misuse of lane assist for autonomous driving. (Source: Audi)
Figure 1.11. Warning for misuse of lane assist for autonomous driving. (Source: Audi)


Another not safety but typical comfort function example is the parking assistant system which can cover the support level and furthermore the intervention level. Into the support level three functions can be enrolled: parking space measurement, parking aid information and park steering information.

Parking space measurement (Source: Bosch)
Figure 1.12. Parking space measurement (Source: Bosch)


The parking aid information system monitors the close-up area in front and/or behind the vehicle by the ultrasonic sensors and informs the driver with an optical and/or acoustical signal of how close the vehicle is to an obstacle.

Principle of the operation of the parking aid systems (Source: Bosch)
Figure 1.13. Principle of the operation of the parking aid systems (Source: Bosch)


When the parking space measurement is active the ultrasonic sensors are scanning the roadside. As soon as the system identifies a suitable parking space long enough for the car, the driver will be immediately informed. The driver can activate the parking assistant with a push of button and initiate the parking manoeuvre.

The park steering information system provides clear instructions on steering-wheel position and the necessary stop and switching points through a display, thus guiding the driver into the perfect parking position.

1.3.3. Intervention

The next level of driver assistance is the automated intervention into the vehicle control. Depending on the intervention scale there are categories of semi-automated driving and highly automated driving. While during semi-automated driving the vehicle’s longitudinal movement is under automated control, as during highly automated driving both longitudinal and lateral control takes part of the vehicle motion.

1.3.3.1. Semi-automated intervention

Basically semi-automated driving can be described as supported driving plus longitudinal control of vehicle movement. The market currently offers several functions in this segment like adaptive cruise control (ACC) with Stop & Go extension or Emergency Brake Assist. This function uses a radar sensor to monitor the traffic ahead adjusting vehicle speed and keeping safe distance to the vehicle in front via the throttle-by-wire and brake-by-wire intelligent actuators. While no front vehicle is detected speed control is active keeping constant vehicle speed regardless of the road inclination, but when a vehicle is detected ahead then distance control becomes active, keeping speed-dependant safe distance between the two vehicles. The following figure shows the moment when distance control becomes active.

ACC distance control function for commercial vehicles (Source: Knorr-Bremse)
Figure 1.14. ACC distance control function for commercial vehicles (Source: Knorr-Bremse)


On top of ACC function there may be a collision avoidance (mitigation) option. Based on the radar signal (and video sensors), the system warns the driver if there is a collision hazard, and in case the collision is inevitable for the driver the system automatically applies the brakes to reduce vehicle speed, thus collision severity. Such function physically mitigates the collision consequences by reducing collision speed.

Steps of collision mitigation with an ACC System (Source: Toyota)
Figure 1.15. Steps of collision mitigation with an ACC System (Source: Toyota)


1.3.3.2. Highly automated intervention

The former levels of automated driving all had operational examples on the market, whereas highly-automated driving represents the state-of-the-art of road vehicle automation that soon (2016-2020) will be introduced to the public domain with function like Temporary Auto Pilot, Automated support for Roadwork and Congestion.

High automation means integrated longitudinal and lateral control of the vehicle enabling not only acceleration and braking for the vehicle automatically, but also changing lane and overtaking. Such functions will be introduced initially on motorways since they are the most suitable roads for automated driving; the road path has only smooth alterations (curves or slopes), they are highlighted by easily recognizable lane markings, protected by side barriers, and last but not least there is only one-way traffic. Potential use-cases are monotonous driving situations like traffic jams or long distance travel in slight traffic.

Temporary Auto Pilot function of Volkswagen [7] (developed within the EU funded HAVEit project) offers highly-automated driving on motorways with a maximum speed of 130 kilometres per hour. TAP provides an optimal degree of automation as a function of the driving situation, perception of the surroundings, the driver and the vehicle status. TAP maintains a safe distance to the vehicle ahead, drives at a speed selected by the driver, reduces this speed as necessary before a bend, and keeps the vehicle in the centre of the lane by detecting lane markings.

Temporary Auto Pilot in action at 130 km/h speed (Source: Volkswagen)
Figure 1.16. Temporary Auto Pilot in action at 130 km/h speed (Source: Volkswagen)


The responsibility always stays by driver even he is temporarily gets out of the control loop. He acts as an observer when TAP is active and can take back the vehicle control from TAP any time in safety-critical situations. The vehicle can also give back control to the driver if the preconditions for enabling TAP are not met. The driver is continuously monitored for drowsiness and attention by the vehicle to prevent accidents due to driving errors by an inattentive, distracted driver. The system also obeys overtaking rules and speed limits. Stop and start driving manoeuvres - for example in traffic jams - are also automated.

From time-to-market point of view a definitive advantage of the TAP system is that it has been realized on a relatively production-like sensors, consisting of production-level radar-, camera-, and ultrasonic-based sensors enhanced by a laser scanner and an electronic horizon. (Source: Volkswagen)

BMW demonstrated in 2009 that based on sensor fusion of eHorizon, GPS and samara information a vehicle can autonomously drive around a closed race circuit, following the ideal path. After the impressive performance BMW decided to introduce highly automated driving functions in series production vehicles until 2020. Aside typical functions like braking, accelerating and overtaking other vehicles entirely autonomously, the system will focus on challenges, like motorway intersections, toll stations, road works and national borders. The research prototype vehicle has run approximately 10,000 test kilometres up to now on public road with no driver intervention. (Source: [8])

Highly automated driving on motorways (Source: BMW)
Figure 1.17. Highly automated driving on motorways (Source: BMW)


Highly automated driving can also help in case of emergency, for example if biosensors detect that the driver is having a heart attack. The Emergency Stop Assistant function is able to switch the vehicle to highly automated driving mode and taking into account the traffic situation, manoeuvres the vehicle in a safe and controlled way to a standstill on the roadside. By switching on the hazard warning lights and making an eCall to request medical assistance, the situation is handled with maximum efficiently. (Source: [8])

Toyota has presented its AHDA [9] test vehicle in 2013 that incorporates highly automated driving technologies to support safer highway driving and reduce driver workload. AHDA combines two automated driving technologies together Cooperative-adaptive Cruise Control and Lane Trace Control. The vehicle is fitted with cameras to detect traffic signals, radars and laser-scanner to detect vehicles, pedestrians, and obstacles in the surroundings. Via sensor fusion the vehicle is also able to identify traffic conditions, like intersections and merging traffic lanes.  

Test vehicle with automated highway driving assist function (Source: Toyota)
Figure 1.18. Test vehicle with automated highway driving assist function (Source: Toyota)


In addition to radar based adaptive cruise control (ACC), Cooperative-adaptive Cruise Control (CCC) uses wireless communication between the vehicles to exchange vehicle dynamics data that enables smoother and more efficient control for maintaining a safe distance. Cooperative-adaptive Cruise Control uses 700-MHz band vehicle-to-vehicle ITS communications (V2V) to broadcast acceleration and deceleration data of the leading vehicle so that the following vehicles can control their speed profile correspondingly to better maintain inter-vehicle distance. Eliminating unnecessary accelerations and decelerations for the following vehicles results in better fuel efficiency and avoiding traffic congestion.

Lane Trace Control is a new assistance function that aids steering to keep the vehicle on an optimal driving path within the lane. It uses high-performance cameras, radar and sensor fusion to determine the optimal road path and provide smooth driving for the vehicle at all speeds. The system automatically intervenes in the steering, the drivetrain and the braking system when necessary to maintain the optimal path within the lane.

The objective of the automated assistance in road works and congestion function (developed within the EU funded HAVEit project) is to support the driver in overload situations like driving in narrow lanes of roadwork areas on motorways with lot of vehicles driving closely beside. Entering the road works and driving for longer distance in the road works area is very challenging for the driver. Some drivers even feel fear while other vehicles are driving so close in the parallel lane.

An integrated approach of the lateral and longitudinal control is used to adapt the speed and the lateral position of the vehicle to run the optimal path. (This assistance function will work at speeds between 0 and 80 km/h.) When the pre-conditions for the Automated Roadwork Assistance function are met the driver can switch to highly automated driving mode, taking his hands off the steering wheel. By this, the driver could drive through the road construction, without using his hands or feet. This guarantees that the driver gets the best possible support available, in particular with respect to lateral vehicle control.

Demonstrating automated roadwork assistance functionality. (Source: HAVEit)
Figure 1.19. Demonstrating automated roadwork assistance functionality. (Source: HAVEit)


Another step in automation is the concept of platooning, which was motivated by intelligent highway systems and road infrastructure, see the PATH program in California and the MOC-ITS program in Japan. The European programmes were based on the existing road networks and infrastructure and focused mainly on commercial vehicles with their existing sensors and actuators. In a Hungarian project an automated vehicle platoon of heavy vehicles was developed. In a platoon system 5 to 10 vehicles are organized. The intervehicle spacing is small and constant at all speeds and vehicles. A well-organized platoon control may have advantages in terms of increasing highway capacity and decreasing fuel consumption and emissions. The control objective in platooning is to maintain vehicle following within the platoon and platoon stability under the constraint of comfortable ride. Since the desired intervehicle spacing is very small, the allowable position error is also small, which implies very accurate tracking of the desired spacing and speed trajectories. This accuracy puts constraints on the performance of the sensors and actuators as well as on the controller bandwidth.

Demonstration of a platoon control
Figure 1.20. Demonstration of a platoon control


A three-layer software architecture that moves from discrete to continuous signals was in the PATH project, see Figure 20 and Figure 21. It should be noted that our design is not necessarily unique or optimal, but as a preliminary approach is sufficient to prove our point.

  • The stability and control layer deals with continuous signals and interfaces directly with the platform hardware. It contains several dynamic-positioning algorithms, a thruster allocation scheme, and sensor data processing and monitoring for fault detection. Control laws are given as vehicle state or observation feedback policies for controlling the vehicle dynamics. The corresponding events are sent to the manoeuvre coordination layer.

  • In the manoeuvre coordination layer control and observation subsystems responsible for safe execution of atomic manoeuvres such as assemble, split, wind tracking, and go to a location. Manoeuvres may include several modes according to the lattice of preferred operating modes. Mode changes are triggered by events generated by the stability layer monitors. It also monitors incidents and reacts to minimize their impact on manoeuvres and maximize safety.

  • The supervisory control layer: control strategies that the modules follow in order to minimize fuel consumption and maximize safety and efficiency. Discrete commands are given to achieve high-level goals of overall coordination and manoeuvring of the mobile offshore bases. This layer monitors the evolution of the system with respect to global mission goals. It receives commands and translates them into specific manoeuvres that the platforms need to carry out.

Hierarchical structure applied in the PATH project
Figure 1.21. Hierarchical structure applied in the PATH project


1.3.4. Full Automation

Until the driver has to be (legally) responsible for the behaviour of the vehicle, the driver will always be an integral part of the control loop. That is why full automation of public road vehicles is not realistic in the near future. There are some promising experiments on fully automated manoeuvring of vehicles but most of them are realized on a separated area and are far from being able to adapt on public roads without an intelligent, independent road infrastructure.

Distinguished members of IEEE, the world’s largest professional organization dedicated to advancing technology for humanity, have selected autonomous vehicles as the most promising form of intelligent transportation, anticipating that they will account for up to 75 % of cars on the road by the year 2040, see [10].

The U.S. government also supports the autonomous car research, as keeping it the next evolutionary step in technology. In Nevada, Florida and California it is licensed to test vehicles without a driver, which is used by Google as getting the first self-driven car license in Nevada in 2012. (Source: [11])

Google’s self-driving test car, a modified hybrid Toyota Prius (Source: http://www.motortrend.com)
Figure 1.22. Google’s self-driving test car, a modified hybrid Toyota Prius (Source: http://www.motortrend.com)


Google gathered the best engineers from the DARPA Challenge series, which was a legendary competition for American autonomous vehicles. It was started in 2004, funded by the Defense Advanced Research Projects Agency, which is a research institute of United States Department of Defense. Three events were held in 2004, 2005 and 2007 regarding to the autonomous passenger cars. The 2012 event has focused on autonomous emergency-maintenance robots.

Google’s self-driving car use video cameras, radar sensors and a LIDAR (see Section 3) for environment sensing, as well as detailed maps for navigation. The car is supported by the Google’s data centres, which can process the information gathered by the test cars when mapping the terrain. (Source: [12])

The main vehicle manufacturers are also heading toward the autonomous solutions, but they are trying to reach the goal step-by-step, and not at once like Google. They are developing (in cooperation with their OEMs) such subsystems which can increase the automation level of the car, and also can be marketed in production vehicles as new driver assistance systems. An example of this attitude can be found in an interview with Daimler head of development Thomas Weber, who said "Autonomous driving will not come overnight, but will be realized in stages". The plans to start selling self-driving cars is about 2020, primarily in North America. (Source: [13])