RSS System Architecture Overview

This section sketches the integration of RSS into a exisiting system architecture.

Overview: Sense, Plan, Act, RSS

From high level view the architecture of an Automated Driving System (ADS) consists of three main subsystems: Sense, Plan, Act. The world model data provided by the Sense Subsystem is used by the Plan Subsystem to create the near term actuator control commands executed by the Act Subsystem.

Integration of RSS into a generic system architecture of an Automated Driving System

RSS is integrated into such an ADS architecture by placing it in parallel to the Plan. To provide a safety envelope around the planning output the integration of RSS into a ADS architecture spans into the Sense Subsystem to provide the required RSS world model data as well as into the Act Subsystem to limit the actuator control commands to the RSS restrictions.

The Sense Subsystem gathers information on the environment required to fulfill the ADS task. In general there exist several level of perception and fusion which enrich the world model to the extend required for the planning algorithms. In this high-level architecture overview the Sense Subsystem takes over this task. That sketches a slightly different view:

RSS foccussed view on the Integration of RSS into a ADS architecture

This view stresses on how RSS acts as a Doer-Checker on the Plan Subsystem. At a high level, RSS accomplishes this by doing three key things:

  1. Define a safety envelope around the car; the minimum distance, longitudinally and laterally, that should be maintained to avoid danger. By doing this, establish the so called Danger Threshold: the moment in time that the safety envelope has been compromised.
  2. RSS acts as a Doer-Checker on the Plan Subsystem of an ADS. With the safety envelope defined, the question is asked: will the planned action compromise that envelope? Is the proposed action unsafe? If RSS determines it is safe, the ADS can act upon it. If not,
  3. execute the Proper Response, the third component that defines how the ADS and/or the other party involved must react to get out of the danger and return to a safe state.
RSS acting as a Doer-Checker on the planning module

Sense Subsystem

The Sense Subsystem is responsible for the perception of the environment. It interfaces to the real world by receiving, processing and fusing sensor information. It provides all information in form of the world model to the other ADS subsystems. The exact content of the world model data is highly dependent on the concrete realization of the receiving and processing subsystems, especially the degree of perception and fusion applied will differ. The provided world model data might include raw sensor data, high level object data, but also a-priori knowledge such as AD map data. To account for this the Sense Subsystem provides separate output ports for every connected subsystem.

Port Name Explanation
Input sensorData The sensor input from the real vehicle or connected simulation
Output planWorldModelData The world model data required by the Plan Subsystem
Output rssWorldModelData The world model data required by the RSS Subsystem

Extract RSS World Model

The Extract RSS World Model entity is responsible to transform the internal world model data of the Sense subsytem into the input world model data rssWorldModelData ad::rss::world::WorldModel required by the RSS Subsystem. The user has to implement this functionality as part of the RSS integration efforts into the ADS system. The ad_rss_map_integration library provides an example implementation based on automated driving maps on how such might be calculated and how the global Cartesian data can be transformed into a lane based representation.

RSS Subsystem

The RSS Subsystem realizes the core RSS functionality. It implements the RSS checks based on the ad::rss::world::WorldModel received from the Extract RSS World Model entity:

  1. Do not his someone from behind
  2. Do not cut-in recklessly
  3. Right-of-Way is given, not taken
  4. Be careful in areas with limited visibility [not implemented yet]
  5. If you can avoid a crash without causing another, you must [not implemented yet]

In case a dangerous situation is detected a proper response and respective acceleration restrictions are calculated to enable the realization of the planning safety on the actuator control commands of the Plan Subsystem.

Port Name Explanation
Input rssWorldModelData The world model data required to calculate the RSS checks
Output rssProperResponse The proper response calculated by RSS
Output rssAccelerationRestrictions The restrictions on the vehicle acceleration calculated by RSS

Extract Situations

The Extract Situations entity transforms the world model data into individual RssSituations between the ego vehicle and each of the objects. For every scene ad::rss::world::Scene of the input world model data the individual (relative) situation ad::rss::situation::Situation is calculated.

Port Name Explanation
Input rssWorldModelData Lane based world model scenes on the surrounding environment required to create the situation based coordinate system. Requires local map data (i.e. lane segments and semantics on intersections and priority rules), ego vehicle and object (i.e. position, velocity and RSS dynamics) information.
Output rssSituations A list of individual RSS Situations between the ego vehicle and each of the objects. Each situation is formulated within its own situation based coordinate system. EgoVehicle and Objects: i.e. (relative) position, velocity, priority flag, situation specific RSS acceleration values.

Check Situations

The Check Situations entity performs the RSS check on all incoming individual RssSituations and creates the RssStates ad::rss::state::RssState containing the required responses if dangerous situations are detected.

Port Name Explanation
Input rssSituations A list of individual RSS Situations between the ego vehicle and each of the objects.
Output rssStates A list of RSS states in respect to the individual RSS Situations including situation specific responses.

Resolve and Transform Responses

The Resolve and Transform Responses entity handles conflicts of the incoming RssStates. It combines the individual situation specific responses into one single overall RssProperResponse ad::rss::state::ProperResponse and transforms these into RssAccelerationRestrictions ad::rss::world::AccelerationRestriction for the actuator commands.

Port Name Explanation
Input rssStates A list of RssStates in respect to the individual RssSituations
Output rssProperResponse Resulting combined overall proper response
Output rssAccelerationRestrictions The resulting restrictions of the actuator control command

Plan Subsystem

The Plan subsystem performs the decision-making of the ADS. It analyses the provided planWorldModelData and decides what action to take. Finally, this leads to concrete control commands for the ADS Act Subsystem defining the next move of the ADS.

Port Name Explanation
Input planWorldModelData The world model data required by the Plan Subsystem
Output actuatorControlCommand The control commands to realize the next moves within the current plan

Act Subsystem

The Act Subsystem executes the moves which the Plan Subsystem has calculated. It receives the ActuatorControlCommands controlling i.e. acceleration, braking and steering to execute the plan.

Port Name Explanation
Input actuatorControlCommand The control commands to realize the next moves within the current plan.
Input rssAccelerationRestrictions The restrictions on the acceleration for the vehicle calculated by RSS.
Output controlData The control output for the real vehicle or connected simulation

Enforce RSS Restrictions

The Enforce RSS Restrictions entity receives the actuator control commands from the Plan Subsystem and restricts the control values according to the restrictions calculated by RSS. The resulting actuator control commands are safe in respect to RSS rules. This calculation heavily depends on the actual representation of the ActuatorControlCommands data. Therefore, a generic implementation is not possible and the user has to implement this functionality as part of the RSS integration efforts into the ADS.

Port Name Explanation
Input rssAccelerationRestrictions The restrictions on the acceleration for the vehicle calculated by RSS.
Input actuatorControlCommandIn The control commands from the Plan Subsystem to control the vehicle actuator system
Output actuatorControlCommandOut The adapted control commands from the Plan Subsystem to control the vehicle actuator system in a RSS safe manner