A method and system for synchronizing computers includes a bit computing module for computing of a bit by each computer, an exchange module, a bit signal pair determination module for determining a bit signal pair including the computed bit, a bit product pair determination module for determining a bit product pair indicating which bit equal to 1 of the bit signal pair of a computer can be combined with the bit of the bit signal pair determined for the other computer in the iteration n−1, a bit remainder pair determination module for determining a bit remainder pair indicating which bit equal to 1 of the bit signal pair of a computer in the iteration n is different from the bit of the bit signal pair of the other computer in the iteration n−1, a synchronized signal determination module for determining a synchronized signal based on the bit product pair and on the bit remainder pair.

A synchronizing system including a generation unit for generating a synchronizing pulse from data of an independent clock, the synchronizing pulse being generated in a periodic manner, transmission links to transmit the synchronizing pulse to all the computation units, and in each of the computation units, a control element to compare the synchronizing pulse that has been received to a pulse generated by an internal clock of the computation unit and to detect a compliance or a lack of compliance, a scheduler of each of the computation units activating a sequence of partitions when the synchronizing pulse is received, and this only if the control element has detected a compliance. The synchronizing system is configured to synchronize the computation units in a reliable and accurate manner and to increase the operating safety of these computation units.

A method and a system for event validation on a vehicle. The method includes detecting an event determined by the vehicle. The method can include requesting and receiving external event determination, from at least one external source within a first surrounding area, based on the event. The method also includes generating an internal event determination based on the event and validating a validated event based on the both the external and internal event determinations. The method includes requesting and receiving external drive plan, from the external source within a second surrounding area, based on the validated event. The method also includes generating an internal drive plan, validating a validated drive plan based on the internal and external drive plans, and implementing the validated drive plan.

Systems and methods for a safety control framework for automated driving systems in which a second controller—with different/diverse hardware and/or software than the first controller—verifies whether a path plan generated by the first controller meets certain safety conditions and preempts the first controller from controlling automated driving of the host vehicle in response to determining that the path plan does not satisfy the safety conditions. In some implementations, the second controller is configured to preempt the first controller by operating the vehicle under automated control using a safety path plan generated by the second controller.

A method and system for validating the calculated localization (15) of a vehicle are devised. The vehicle (1) is equipped with P independent localization data sources (2-8), with P higher than or equal to 2. The method and system involve the step of comparing data provided by each one of a subset of M, with M lower than or equal to P, of the independent localization data sources with the calculated localization, by correlating an independent localization data source among the subset M if it is above a predetermined Reliability Threshold, and the distance between the data it provides and the calculated localization is lower than a predetermined Compatibility Threshold, and disregarding an independent localization data source among the subset M if either it is below the predetermined Reliability Threshold, or the distance between the data it provides and the calculated localization is higher than the predetermined Compatibility Threshold, and the step of modifying the speed of the vehicle (1) depending on the number of correlated independent localization data sources among the subset M relative to a predetermined Voting Threshold.

A distributed control system for a turbomachine and method of operating the distributed control system are provided. In one aspect, a distributed control system includes a central controller and a distributed controller communicatively coupled thereto. The distributed controller has one or more associated local actuators and one or more associated local sensors. The actuators and the sensors are communicatively coupled with the distributed controller. If a communication link between the central controller and the distributed controller becomes faulty, the distributed controller enters an autonomous safety mode. In this mode, the distributed controller uses a combination of its own associated local sensors and past commands received from the central controller to autonomously govern its associated local actuators to maintain safe operation of the turbomachine.

A remote support system requests a remote operator to perform remote support for passing through a predetermined area, when a vehicle is determined to be in a remote support request situation that a continuation of autonomous driving is difficult due to the vehicle during autonomous driving and one or more avoidance target vehicles approaching each other in the predetermined area. Then, the system displays information of the one or more avoidance target vehicles on a display of the remote operator, receives information of a starting reference vehicle serving as a reference for start permission designated by the remote operator from the displayed information, determines whether the starting reference vehicle has passed through the predetermined area, and causes the vehicle to pass through the predetermined area by autonomous driving in case where the starting reference vehicle has passed through the predetermined area.

Provided is an apparatus for providing obstacle information and reliability information to vehicle based on information received from roadside units. The apparatus includes a communication module that receives obstacle information from multiple roadside units, each roadside unit including multiple sensors for detecting obstacles within a predetermined field of view. A reliability judgement unit in the apparatus determines a reliability of the received obstacle information to output a reliability value based on a number of roadside units detecting a same obstacle, a number of sensor of one roadside unit detecting a same obstacle, and a difference value of detection of the same obstacle between different roadside units or different sensors.

A processing system for an unmanned vehicle (UV) such as an unmanned aerial vehicle (UAV) is provided. The processing system comprises a first processing unit of an integrated circuit and a second processing unit of the integrated circuit. The processing system comprises a first operating system provisioned using the first processing unit. The first operating system is configured to execute a first vehicle control process. The processing system comprises a virtualization layer configured using at least the second processing unit, and a second operating system provisioned using the virtualization layer. The second operating system is configured to execute a second vehicle control process.

A system that may include multiple driving related systems that are configured to perform driving related operations; a selection module; multiple fault collection and management units that are configured to monitor statuses of the multiple driving related systems and to report, to the selection module, at least one out of (a) an occurrence of at least one critical fault, (b) an absence of at least one critical fault, (c) an occurrence of at least one non-critical fault, and (d) an absence of at least one non-critical fault; and wherein the selection module is configured to respond to the report by performing at least one out of: (i) reset at least one entity out of the multiple fault collection and management units and the multiple driving related systems; and (ii) select data outputted from a driving related systems.