The PowerPC®-based computers used in this project control the speed and direction of a driverless bus, with the bus moving on an "invisible" lane. The required safety level SIL-4 is achieved through a combination of redundancy, a fail-safe CAN communication infrastructure and a certified operating system/BSP. Every system consists of three single-board computers in a redundant 2-out-of-3 configuration, each installed in a different place in the bus to avoid a complete system failure in case of a vehicle collision.
Each of these computers obtains data from all sensors via two CAN bus connections. Every CPU board compares its results with those of the other CPU boards. If one of the three boards delivers a different result, it is switched off and the entire system goes into safe state, which means that the bus stops and opens its doors.
The electronics used are based on standard CompactPCI® in single Eurocard format and are connected to the housing via conductive cooling. To do this each board is embedded into its own aluminum cover. All plug-in boards designed for ventilated CompactPCI® systems can also be used in this completely EMC-sealed, conduction-cooled enclosure with an integrated wide-range PSU, 3-slot CompactPCI® backplane and IP65 protection class.
The systems are EN 50155 compliant in regards to temperature, humidity, shock and bump, and have no sharp corners and edges. The I/O connectors comply with MIL-C-38999.