Building in layers of safety in a self-driving car

July 2016

Every device experiences glitches from time to time, whether it’s a cellphone, a computer, or even a simple toaster. Naturally, people often ask us, what happens if something goes awry with the equipment operating a self-driving car? Of course, the systems that power our self-driving cars need to be more robust than your average household device, so we’ve built in many layers of safety and protections. Our goal is to make sure our car can safely operate even if things don’t go according to plan.

Our team is focused on making our roads safer, and that includes finding ways to make our car’s internal systems as reliable as possible. On a practical level, we begin with strengthening the most basic components of our self-driving systems — things like connectors and wiring harnesses that enable our hardware and software to communicate. On our private test track, we simulate and prepare contingencies for all manner of potential faults: a loose cable in the hardware, a shorted wire, loss of power, or a bug in the software.

On the road, our car performs thousands of hardware and software checks every second to ensure that key components are working as intended. Because we’re constantly monitoring our system, our cars are designed to detect an issue and determine whether it’s small enough to continue driving (e.g. the tire pressure is low) or big enough to stop or pull over (e.g. a laser stops working).

We employ complementary sensors and software, so our car doesn’t rely on a single type of data to drive. For example, our suite of cameras, lasers and radars work together to give our cars 360 degree visibility, so even if there’s a glitch in one camera, our cars can still safely pull over. Likewise, our software uses a combination of algorithms that complement each other, so our cars don’t rely on a single technique to detect others on the road and navigate safely.

For critical driving functions, we go a step further and build in fully redundant systems. Arguably the most critical function in any kind of car is the driver. In today’s cars, a backup human can’t be installed to immediately take over if the driver is tired or distracted (despite the best efforts of backseat drivers!). In contrast, each of our self-driving vehicles is equipped with a secondary computer to act as a backup in the rare event that the primary computer goes offline. Its sole responsibility is to monitor the main computer and, if needed, safely pull over or come to a complete stop. It can even account for things like not stopping in the middle of an intersection where it could cause a hazard to other drivers.

With layers of safety and redundant systems, we can develop a fully self-driving car that doesn’t need to rely on a human as backup if something goes wrong. Given that human error and distracted driving are involved in 94% of crashes, this technology has the potential to make our roads dramatically safer.