A vehicle computer may be configured to send instructions to various local controllers, e.g., controlling speed, acceleration, deceleration, steering, etc., e.g., the vehicle computer may provide for the vehicle to be driven autonomously or semi-autonomously. If a fault occurs in the computer, one or more sensors providing input to the computer, a vehicle communication system, etc., fault, then the vehicle may need to have a driver take control of an affected vehicle system, e.g., braking, powertrain, steering, etc. Where a fault occurs in a communication system providing information to a local controller and/or when a sensor or the like fails and the computer is unable to obtain information needed to provide an instruction to a local controller, then the local controller has no further information to rely on and, in presently practiced implementations, will default to a nominal set point.
Unfortunately, this nominal set point is generally not desirable for all scenarios in which a fault occurs, and can therefore result in a vehicle incident such as a collision, crash, etc. To take one specific example, if a steering controller loses communications during a turning operation, the steering controller is generally configured to reset a vehicle steering angle to zero degrees almost instantaneously. This nominal set point is generally not desirable while a vehicle is turning, however, and can result in a vehicle crash with minimal and very often insufficient time for a human driver to intervene and correct the vehicle steering angle.
Further, it is known to avoid communication failures such as described above by implementing a vehicle communication system having a redundant communications channel between a vehicle computer managing driving operations and a local controller. However, implementing such redundancy is in practically expensive and would require significant and impractical architectural changes in existing vehicle controllers.