CN110254512A - Distributed intelligence electric vehicle steering system functional safety architecture design method - Google Patents
Distributed intelligence electric vehicle steering system functional safety architecture design method Download PDFInfo
- Publication number
- CN110254512A CN110254512A CN201910547997.5A CN201910547997A CN110254512A CN 110254512 A CN110254512 A CN 110254512A CN 201910547997 A CN201910547997 A CN 201910547997A CN 110254512 A CN110254512 A CN 110254512A
- Authority
- CN
- China
- Prior art keywords
- steering
- functional safety
- failure
- safety
- vehicle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R16/00—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
- B60R16/02—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
- B60R16/023—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
- B60R16/0231—Circuits relating to the driving or the functioning of the vehicle
- B60R16/0232—Circuits relating to the driving or the functioning of the vehicle for measuring vehicle parameters and indicating critical, abnormal or dangerous conditions
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B62—LAND VEHICLES FOR TRAVELLING OTHERWISE THAN ON RAILS
- B62D—MOTOR VEHICLES; TRAILERS
- B62D15/00—Steering not otherwise provided for
- B62D15/02—Steering position indicators ; Steering position determination; Steering aids
Landscapes
- Engineering & Computer Science (AREA)
- Mechanical Engineering (AREA)
- Chemical & Material Sciences (AREA)
- Combustion & Propulsion (AREA)
- Transportation (AREA)
- Automation & Control Theory (AREA)
- Control Of Driving Devices And Active Controlling Of Vehicle (AREA)
- Steering Control In Accordance With Driving Conditions (AREA)
Abstract
The present invention relates to a kind of distributed intelligence electric vehicle steering system functional safety architecture design methods, for L3 grades and the above automatic driving vehicle steering system carries out functional safety architecture design, designs two parts including offline functional safety vehicle level conceptual analysis and functional safety vehicle plan architecture.Compare existing steering system safety control technology, the present invention considers L3 grades and the above automatic driving vehicle steering system vehicle level functional safety technology, it include that fault detection and corresponding safety control strategy guarantee to guarantee that vehicle is transitioned into safe condition after automatic driving vehicle steering system malfunctions by design safety controller, to ensure that passenger and the life and property safety of other traffic participants.
Description
Technical field
Drive wheel steering system functional safety analytical technology the present invention relates to distributed electrical, in particular to for L3 grades and
The above distributed driving intelligent electric vehicle wire-controlled steering system functional safety architecture design.
Background technique
Currently, automatic Pilot is a hot issue in vehicle and traffic study, ask urban traffic blocking is solved
Topic has very wide prospect, and the safety of automatic driving vehicle is its most important index, the very big attention by people.
With being constantly progressive for automotive electronic technology, the appearance and development of automatic Pilot technology are proposed the safety of system higher
Requirement, many automobile electronic systems are all closely related with the safety of automobile, such as anti-locking system for car ABS (Anti
Braking System), vehicle body stabilizing control system ESC (Electric Power Steering) etc., these thrashing meetings
Strong influence is brought to the safety of automobile.And for automatic driving vehicle, automatic Pilot higher grade, if do not had
Effective security mechanism, the consequence that system jam may cause later can be more serious, will directly threaten passenger, pedestrian
Or the life security of other traffic participants.Since 2017, the autonomous driving vehicle of the companies such as tesla, Uber has been sent out
Several traffic accidents are given birth to, including the lethal accident to autonomous driving vehicle driver and pedestrian, this has caused the public couple
The concern and query of automatic Pilot technology.From the point of view of this series of automatic Pilot safety accident, the safety of automated driving system
It is impatient to need to improve, it just can guarantee the safety of passenger and pedestrian.
For electric system, it is impossible for accomplishing that safety does not break down, so needing to carry out function to system
Energy safe design guarantees that with rear vehicle safety accident does not occur for system jam, causes the loss of lives and properties.Steering system
As very important a part in automated driving system actuator, the research of functional safety is carried out to it with highly important
Meaning.
It is directed to L3 grades (automatic Pilots of having ready conditions) and the above automatic driving vehicle steering system vehicle level function at this stage
Safe practice is a blank in field, therefore, studies L3 grades and the above automatic driving vehicle steering system functional safety, formulates
Corresponding functional safety framework, so as to guarantee after wheel steering system breaks down through corresponding safety control measures
Guarantee the safety of life and property of passenger He other traffic participants, it is significant.
Summary of the invention
For overcome the deficiencies in the prior art, the present invention is directed to be directed to L3 grades and the above automatic driving vehicle, one kind is provided
Distributed intelligence electric vehicle steering system functional safety architecture design method.
The technical solution used in the present invention is as follows: a kind of distributed intelligence electric vehicle steering system functional safety framework
Design method, this method include the conceptual analysis of vehicle level functional safety and vehicle level functional safety Control System Design two
Process;
Wherein, the Control System Design of vehicle level functional safety is enterprising on vehicle level functional safety conceptual analysis basis
Capable, including on the basis of determining functional safety requires and technical security requires, constructing fault diagnosis module to steering system
Diagnosis and Analysis is carried out, and event is occurred to steering system based on Diagnosis and Analysis building safety control strategy module
It is controlled when barrier;
When to vehicle level functional safety conceptual analysis, steering system function is defined first, is then defined not
With scene is turned to, failure classification is carried out further according to different steering scenes, thereby determines that out various hazardous events, then to hazardous events
Hazard analysis and risk assessment, including the analysis of severity, degrees of exposure, degree of controllability are carried out, thereby determines that corresponding automotive safety is complete
Whole property grade makes corresponding functional safety target according to automotive safety integrity level, and functional safety target is mapped
Functional safety for steering system requires and technical security requirement;
Set 4 kinds of steering scenes, 6 kinds of failure modes, 4 kinds of steering scenes are as follows: a. pivot stud, b. drive at low speed, in c.
It drives at low speed, d. high speed drives;6 kinds of failure modes are as follows: a. loses steering capability, b. and expectation in the same direction but turns to excessive, c.
Locked, f. self-steering is turned to too small in the same direction but steering, d. counter steering, e. it is expected.
Further, the functional safety requirement and technical security requirement of steering system are mapped as according to functional safety target
Method are as follows:
1) harmful safe condition is determined by hazardous events first, to similar safe condition event progress
Merge, formulates the corresponding functional safety target of steering system;
2) by failure tree analysis (FTA) by determining functional safety goal decomposition into steering system, obtain the function of steering system
It can safety requirements;
3) designing technique safety requirements, including following aspect are required according to functional safety:
TSR1: two kinds of speed signal acquisition modes of design, and carry out authenticity verification;
TSR2: two kinds of dtc signal acquisition modes of design and carry out authenticity verification, redundant channel include control channel and
Monitor channel, monitor channel is monitored while control channel works;
TSR3: design CAN bus is able to carry out life signal verification;
TSR4: design ECU can verify whether be computed correctly torque-demand;
TSR5: design ECU can verify whether motor produces correct front wheel angle;
TSR6: design error failure Diagnostic Strategy ensures that system can detect at least 100ms and is out of order and exports accordingly
Fault code and fault time;
TSR7: design error failure alarm mechanism ensures that system carries out fault alarm according to different faults;
TSR8: design multiple-input and multiple-output model-free adaption redundancy fault-tolerant control measure ensure that tolerable event occurs for system
Vehicle maintains expected path traveling when barrier;
TSR9: design include pulling over observing, emergency braking control measure ensure system occur can not fault tolerant when vehicle
It is able to enter safe condition.
Further, the vehicle level functional safety Control System Design is in the perception of traditional automatic Pilot and decision
In system-based, fault diagnosis module and safety control strategy module are increased.
Diagnosis and Analysis method is:
1) first according to system signal state, whether detection system breaks down fault diagnosis module, if there is no
Failure, then the normal fault code of output system shows system worked well, otherwise it is assumed that the system failure, continues with rotation angular sensing
The vehicle actual steering wheel corner and desired orientation disk corner that device detects compare judgement;
If 2) detect that the absolute value of actual steering wheel corner and desired orientation disk corner difference turns for desired steering wheel
When angle, it is believed that the failure that steering system occurs at this time is to lose steering capability, then exports and lose steering capability dependent failure code;
If the product for detecting actual steering wheel corner and desired orientation disk corner is negative value, it is believed that steering system this
The failure of Shi Fasheng is counter steering, exports counter steering dependent failure code;
If detecting actual steering wheel corner and desired orientation disk corner difference and desired orientation disk corner ratio range
When between (0,1), it is believed that the failure that steering system occurs at this time is that steering is excessive or too small, and output turns to excessive or too small phase
Close fault code;
If the absolute value for detecting actual steering wheel corner and desired orientation disk corner difference is arbitrary constant, it is believed that
The failure that steering system occurs at this time is self-steering, exports self-steering dependent failure code;
If being unsatisfactory for aforementioned any situation, then it is assumed that steering system occurs to turn to locked failure, exports steering lock
Hipocratic face closes fault code.
Further, fault code and fault time of the safety control strategy module according to output, respectively for low speed, in
The steering occurred in the case of low speed, high speed is lost, is turned in the same direction but turn to steering excessive, in the same direction but turns to too small, reversed turn
To, turn to locked failure, design corresponding safety control strategy, the safety control strategy include redundancy fault-tolerant control strategy,
Fault warning strategy, pulling over observing strategy, ramp to stop strategy and emergency braking strategy.
Compared with prior art, the present invention significantly has the beneficial effect that: comparing existing steering system security control skill
Art, the present invention consider L3 grades and the above automatic driving vehicle steering system vehicle level functional safety technology, pass through analysis safety
Performance requirement, then design error failure detection architecture and security control system, can guarantee that automatic driving vehicle steering system occurs
Failure is transitioned into safe condition later, to ensure that passenger and the life and property safety of other traffic participants.
Other features and advantages of the present invention will illustrate in the following description, and partial become from specification
It is clear that understand through the implementation of the invention.
Detailed description of the invention
Fig. 1 is automatic driving vehicle steering system functional safety architecture design logic chart;
Fig. 2 is wire-controlled steering system failure tree analysis (FTA) figure;
Fig. 3 is wire-controlled steering system functional safety control logic figure;
Fig. 4 is steering wheel for vehicle corner variation diagram in embodiment;
Fig. 5 is safety control measures instruction figure in embodiment;
Fig. 6 is fault warning measure instruction figure in embodiment;
Fig. 7 is wheel of vehicle Torque distribution figure in embodiment;
Fig. 8 is car speed figure in embodiment;
Fig. 9 is vehicle real-time track figure in embodiment.
Specific embodiment
The present invention is described in detail below with reference to the accompanying drawings and embodiments, it will be appreciated by those skilled in the art that,
Following embodiment is not the unique restriction made to technical solution of the present invention, all institutes under technical solution of the present invention Spirit Essence
Any equivalents done or change are regarded as belonging to the scope of protection of the present invention.
The present invention establishes a kind of design method of distributed intelligence electric vehicle steering system functional safety framework, is to be directed to
L3 grades or more distribution drives intelligent electric vehicle wire-controlled steering system and designs, and this method integrally includes offline vehicle layer
Face functional safety conceptual analysis and vehicle level functional safety two processes of Control System Design, process logic are as shown in Figure 1.
The vehicle level functional safety conceptual analysis, including the definition of wire-controlled steering system function, failure mode classification, field
Scape definition and hazard analysis and risk assessment, have determined the corresponding functional safety target of system, and pass through event on this basis
Barrier tree method is decomposed in wire-controlled steering system all parts, to form specific functional safety requirement and technology peace
It is complete to require.
The functional safety vehicle level functional safety Control System Design be according to aforementioned determination functional safety target,
Functional safety requires to add on the basis of traditional automatic driving vehicle perception, programmed decision-making, control framework with technical security requirement
Upper fault diagnosis module and safety control strategy module, and then formation is specific to L3 grades and the above automatic driving vehicle line traffic control turns
To the functional safety framework of system.
Specific design procedure is as follows:
Step 1: offline vehicle level functional safety conceptual phase analysis
1) system function defines: system is used for L3 grades and the above automated driving system, enables the vehicle to according to driving intention
Turning travel is carried out, driver's on-line monitoring, driver intervenes adapter tube again when system prompt needs driver to take over.
2) external interface defines: to system carry out also needing to define after function definition wire-controlled steering system and vehicle other
Extraneous interface between system is the links such as subsequent execution " hazard analysis and risk assessment " and " design of functional safety system "
Enough continuous item information is provided.Since the wire-controlled steering system that the present invention designs may include power supply, vehicle control with ambient systems
Device processed, vehicle speed sensor etc. are connected, and functional safety system designs when needs to utilize these interface messages.To sum up, it defines
Wire-controlled steering system and extraneous interface include: speed signal, steering wheel torque sensor signal, steering wheel angle sensor letter
Number, motor controller oneself state signal, power supply signal and vehicle wheel speed sensor signal etc..
3) thrashing is classified: it defines wire-controlled steering system common failure mode and is divided into following six class: forfeiture steering capability,
With expectation in the same direction but turn to it is excessive, in the same direction but turn to too small, counter steering with expectation, turn to locked, self-steering.
4) scene defines: being directed to automatic driving vehicle driving scene, wire-controlled steering system functional safety scene is defined as
Following four classes: a. pivot stud, typical scene include parking lot, car carwash etc.;B. it drives at low speed, typical scene includes that traffic is stifled
Road, road (around thering is pedestrian to walk) of traffic jam of plug etc.;C. it drives at low speed in, typical scene includes intersection of roads
Or have the crossing of rotary island, expressway exit ring road etc.;D. high speed drives, and typical scene includes the city road of dry pavement
Road, highway of dry pavement etc..
5) the totally 6 kinds of mistakes of automatic driving vehicle wire-controlled steering system hazard analysis and risk assessment: are determined by above-mentioned analysis
Effect mode and 4 kinds of different Run-time scenarios, can sum up 4 × 6=24 kind hazardous events, further all to above-mentioned 24 kinds harm
Need to carry out hazard analysis and risk assessment (Hazard Analysis and Risk Assessment, HARA).Specifically,
HARA needs to refer to standard ISO 26262 come severity S, the degrees of exposure E, degree of controllability C when determining that every kind of hazardous events occur, so
Consult automotive safety integrity level table (Automotive Safety Integrity Level, ASIL) afterwards to determine every kind
The ASIL grade of hazardous events, 26262 standard regulation ASIL grade of ISO have QM, A~D totally 5 grades.Specific to L3 grades and
The determination of the above automatic driving vehicle wire-controlled steering system ASIL grade is exemplified below:
When for high speed typical case's Driving Scene dry pavement urban road, automatic driving vehicle steering system is turned to
Forfeiture carries out severity S, degrees of exposure E, degree of controllability C to system at this time and analyzes when can not be turned to: for severity S,
Vehicle dry pavement urban road when driving, it is assumed that vehicle is with opposed vehicle with 80km/h relative velocity phase when occurrence injury
It hits, generates injury (may not be able to survive) or the mortal injury of threat to life, therefore severity S is defined as S3 grades (ISO 26262
It is to define that severity is defined as S3 grades when the injury or mortal injury for generating threat to life, but which kind of is not particularly limited
Injury or the mortal injury of threat to life can be generated under scene, so based on practical experience it can be assumed that vehicle is opposite with 80km/h
When bumping against mortal injury occurs for speed);Similarly, for degrees of exposure E, it is believed that it is average to be greater than 10% for steering system in the case of high speed
Runing time, and almost occur in each drive, therefore defining degrees of exposure E is E4;For degree of controllability C, it is believed that high speed situation
Lower steering system occurs to turn to lose to collide with opposed vehicle, at this point, being less than 90% passenger or other traffic participants
It usually can or can barely avoid injuring, therefore defining degree of controllability C is C3.Automotive safety integrity level table is consulted, it can be with
It learns under the drying urban pavement Driving Scene of high speed, it is D grades that steering system, which loses turning function ASIL grade,.
The remaining 23 kinds of hazardous events of 6 kinds of failure modes of above-mentioned 4 major class are similarly analyzed, it finally can certain pivot stud
Vehicle highest ASIL grade is A grade, and highest ASIL grade is B grades when running at a low speed, in when running at a low speed highest ASIL grade be C
Grade, highest ASIL grade is D grades to high speed when driving.It is final to determine L3 grades and the above automatic driving vehicle steering system ASIL etc.
Up to D grades of grade.
6) functional safety target determines: after identifying system hazardous events that may be present by above-mentioned HARA, needing pair
The hazardous events that ASIL grade is QM or more formulate corresponding security target.The formulation criterion of security target is that should be able to prevent
The generations of locking system hazardous events mitigates extent of injury when hazardous events occur, stipulated that security target formulation when
Time can be merged accordingly, and combination principle is that each hazardous events being merged should have similar safe condition, i.e.,
The hazardous events being merged can take same or similar technological means to realize.
To sum up, in order to determine system function security target, it is necessary first to determine above-mentioned harmful safe condition, according to
Safe condition formulates security target.For example, above-mentioned pivot stud operating condition, self-steering hazardous events occur for steering system
And counter steering can make vehicle generate unexpected lateral movement, steering system, which occurs to lock, can make steering wheel is overweight to cause to turn to
The safe condition of above three hazardous events is all defined as turning to automatic driving vehicle by deficiency since speed is lower at this time
System steering order zero setting opens double flashing lights and notifies driver.Therefore can merge above three hazardous events is one
A same security target (Safety Goal 1, SG1) is as follows: when vehicle carries out pivot stud or travels on low speed, avoiding turning
To self-steering occurs for system, counter steering makes vehicle generate unexpected lateral movement, avoid occurring to turn due to steering system
Make automobile turning wheel is overweight to lead to understeer and generate traffic accident to locked.
Similarly, it determines the safe condition of remaining all hazardous events, and is closed to similar safe condition event
And it is as follows to form six functional safety targets of steering system:
SG1: vehicle driving avoids making due to self-steering, counter steering vehicle from generating unexpected lateral when low speed
Movement;It avoids making steering wheel for vehicle is overweight to lead to understeer due to turning to lock.
SG2: vehicle driving avoids making the unexpected forfeiture lateral movement control of vehicle due to turning to lose when middle low speed
Ability.
SG3: vehicle driving avoids making vehicle generation non-due to self-steering, counter steering in middle low speed and high speed
Desired lateral movement;It avoids making steering wheel for vehicle is overweight to lead to understeer due to turning to lock.
SG4: vehicle driving avoids when middle low speed due to turning to excessive or too small vehicle being made to generate unexpected lateral fortune
Dynamic/traversing (on driving desired steering).
SG5: vehicle driving avoids making vehicle generate unexpected forfeiture lateral movement due to turning to lose when high speed
The ability of control.
SG6: vehicle driving avoids making vehicle generation unexpected lateral since steering is too large or too small when high speed
Movement/traversing (on driving desired steering).
7) functional safety requires to determine: by failure tree analysis (FTA) by determining functional safety goal decomposition to steering system portion
In part grade, the functional safety requirement of system is obtained, redesigns corresponding technical security requirement further to realize the function believed
It can safety requirements.
Further, determining functional safety goal decomposition is obtained into functional safety requirement into fault tree
(Function Safety Requirement, FSR) is as follows:
FSR1: ensure that speed signal is correct;
FSR2: ensure that rotation direction sensor signal is correct;
FSR3: ensure that rotary angle transmitter signal is correct;
FSR4: ensure that CAN bus is normal;
FSR5: ensure that MCU steering torque control command is correct;
FSR6: ensure that ECU is working properly;
FSR7: ensure that actuating motor can generate correct front wheel angle according to instruction;
FSR8: system jam can detected within a certain period of time later and export corresponding fault time and failure
Code;
FSR9: trouble light can be sounded an alarm and light by ensuring to detect system when being out of order, and driver is reminded to pay attention to;
FSR10: ensure to occur to have redundancy fault-tolerant control algolithm that vehicle is made to be transitioned into safe condition when tolerable failure;
FSR11: ensure that starting pulling over observing/emergency brake operations make it into safe shape when catastrophe failure occurs for system
State;
FSR12: ensure that vehicle is transitioned into safe condition in failure tolerant time interval by system;
8) technical security requires to determine: functional safety requires to rest on abstract concept design level, accordingly how to realize
The various functions safety requirements of above-mentioned formulation, it is also necessary to the technical security requirement of specific designing system.
Further, designing technique safety requirements (Technology Safety Requirement, TSR) is as follows:
TSR1: in order to ensure speed signal is correct, design obtains speed signal from two-way difference path or mode, and carries out
Authenticity verification;
TSR2: in order to ensure torque/rotary angle transmitter signal is correct, designing redundancy structure, while from two kinds of different paths
Or mode obtains dtc signal, and carries out authenticity verification, redundant channel is respectively control channel and monitor channel, control channel
Monitor channel is monitored simultaneously for work;
TSR3:CAN bus will carry out life signal verification;
TSR4:ECU, being capable of school according to the input relevant with other signals of other control units of steering torque control command
It tests and whether has been computed correctly steering moment demand;
TSR5: in order to ensure actuating motor can generate correct front wheel angle, modelled signal feedback check ring according to instruction
Whether section, verification produce correct front wheel angle;
TSR6: in order to ensure failure can detected in 100ms and export corresponding fault code and fault time,
Need design error failure Diagnostic Strategy.
TSR7: in order to ensure detection is out of order and sounds an alarm and light trouble light, need design error failure alarm mechanism according to
Different faults carry out second level/level fault alarm.
TSR8: in order to ensure thering is algorithm redundant system to make vehicle whithin a period of time can security row when tolerable failure occurs
It sails, designs multiple-input and multiple-output model-free adaption redundancy fault-tolerant control algolithm.
TSR9: in order to ensure occur can not fault tolerant when vehicle be able to enter safe condition, design include pulling over observing/
The control measure such as emergency braking.
Step 2: vehicle level functional safety system design
With the above-mentioned vehicle level functional safety conceptual phase analysis carried out offline determining functional safety requirement and technology
Safety requirements is guideline, on the basis of traditional automatic Pilot perception, programmed decision-making, control framework, in addition fault diagnosis mould
Block forms corresponding steering system application level function security architecture with safety control strategy module, and specific design procedure is as follows:
1) fault diagnosis module: establishing fault diagnosis module, and sensor-based system is connected with fault diagnosis module, fault diagnosis
Module detects sensor signal, determines that fault type code and failure are sent out according to signal judgement and fault tree logistic diagnosis
The raw time.
Specifically, such as, whether fault diagnosis module breaks down according to system signal condition detecting system first, if do not had
It breaks down, then exports fault code " 1 " and show system worked well, otherwise it is assumed that the system failure continues with rotation angular sensing
The vehicle actual steering wheel corner and desired orientation disk corner that device detects compare judgement.
If the absolute value for detecting real-time steering wheel angle and desired orientation disk corner difference is desired steering wheel angle
When, it is believed that the failure that steering system occurs at this time is to lose steering capability, then exporting fault code is " 2 ";Turn if detected
When to the real-time steering wheel angle of system and desired orientation disk corner product being negative value, it is believed that the failure that steering system occurs at this time is
Counter steering, output fault code are " 3 ";If detecting the real-time steering wheel angle of steering system and desired orientation disk outer corner difference
When the absolute value of value and desired orientation disk corner ratio range are between (0,1), it is believed that the failure that steering system occurs at this time is
Turn to it is excessive/too small, then export fault code be " 4 ";If detecting the real-time steering wheel angle of steering system and desired orientation
When the absolute value of disk corner difference is any constant value, it is believed that the failure that steering system occurs at this time is self-steering, then exports event
Hindering code is " 5 ";Otherwise it is assumed that steering system occurs to turn to locked failure, output fault code is " 6 ".
The failure tree analysis (FTA) that wire-controlled steering system provides is as shown in Figure 2.
2) safety control strategy module: the fault code and fault time that safety governor is exported according to above-mentioned steps carry out
The selection of safety control strategy logic.Framework turns in the case of being directed to pivot stud, low speed, middle low speed, high speed respectively
Forfeiture turns in the same direction but turns to steering excessive, in the same direction but turn to too small, counter steering, turn to locked accident design accordingly
Safety control strategy, specific safety control measures may include redundancy fault-tolerant control strategy, fault warning strategy, pulling over observing plan
Slightly, ramp to stop strategy and emergency braking strategy.
Its specific security control decision logic, such as Fig. 3 are described so that controller speed operation occurs to lose steering capability as an example
It is shown.Safety control strategy module receive lose steering capability fault code and after fault time, due to considering this
When vehicle run at a low speed in, in order to reduce the adapter tube number of driver, do not notify driver to connect immediately upon failure detection
Pipe, but start redundancy fault-tolerant control algolithm first, start secondary failure alarm while starting redundancy fault-tolerant control algolithm,
Driver is reminded note that and opening double flashing lights;After starting the Redundant Control algorithm T_DES time, the system at this time that detects passes through superfluous
The control effect of remaining fault-tolerant control algorithm, if fault-tolerant effect is within an acceptable range, in automatic driving vehicle even running
The operation of retarding braking parking is executed after the T_BRAKE time;If not within the acceptable range, system is vertical for faults-tolerant control effect
Start level fault alarm, and requests driver's adapter tube vehicle, if driver does not take over after certain time interval T _ SBS, vehicle
Directly retarding braking parking.
And when for occurring to turn to excessive/too small one kind with certain steering capability failure, it is lost with aforementioned vehicle
Vehicle unlike the direct retarding braking shut-down operation of steering capability fault car can execute the behaviour of safer deceleration pulling over observing
Make;For counter steering, self-steering and turn to locked one kind can not fault tolerant, upon failure detection, vehicle can be stood
Start level fault alarm, and driver is requested to take over, if driver does not take within a certain period of time, vehicle executes tight
Anxious Brake stop operation.
Specifically, MIMO-MFAC fault-tolerant control algorithm (i.e. multiple-input and multiple-output can be used in above-mentioned redundancy fault-tolerant control algolithm
MFA control algorithm), it is worth mentioning at this point that, this redundancy fault-tolerant control algolithm considers distributed Vehicular system performance
Using MIMO-MFAC algorithm, but as long as the algorithm structure of vehicle safety can be can guarantee after wheel steering system breaks down
It all should be in the scope of patent protection.
To sum up, the present invention devises a kind of automatic driving vehicle steering system application level function security system, and one is specific real
It applies in example, steering system forfeiture turning function simulation result is as follows under high-speed case, and simulating scenes are described as follows: one is driven automatically
Vehicle is sailed in two-way two lanes, as shown in figure 4, steering system occurs to lose steering capability failure when 15s, is designed at this time
Functional safety system starts redundancy fault-tolerant control instruction as shown in Figure 5 immediately, and starts the alarm of secondary failure shown in Fig. 6 simultaneously and beat
Trouble light, fault cues sound and double flashing lights are opened, redundancy fault-tolerant control algolithm passes through to four wheel torques of vehicle as shown in Figure 7
It is allocated, so that vehicle is maintained desired speed as shown in Figure 8 and as shown in Figure 9 expectation yaw velocity traveling, guarantee vehicle
Safety starts ramp to stop operation as shown in Figure 5 after reaching the failure tolerant time, vehicle is transitioned into as safe as possible
State.Whether there is or not vehicle driving trace and desired trajectory such as Fig. 9 in the case of the control of functional safety system after vehicle breaks down
Shown, vehicle can sail out of lane when the nonfunctional security system that as can be seen from the figure fails controls and Adjacent Buildings bump against and produce
Raw serious traffic accident, and under the functional safety system control that the present invention designs, vehicle can be made to maintain desired trajectory traveling
Guarantee passenger and the safety of other vehicles.
From emulation embodiment it can be seen that a kind of distributed driving intelligent electric vehicle steering-by-wire system that the present invention designs
System functional safety framework ensure that after wheel steering system breaks down safely, ensure that passenger and other traffic participants
Life and property safety have relatively good beneficial effect.
Claims (5)
1. a kind of distributed intelligence electric vehicle steering system functional safety architecture design method, it is characterised in that: include vehicle
The conceptual analysis of level functional safety and vehicle level functional safety two processes of Control System Design;
Wherein, the Control System Design of vehicle level functional safety is carried out on the basis of vehicle level functional safety conceptual analysis
, including on the basis of determining functional safety requires and technical security requires, building fault diagnosis module to steering system into
Row Diagnosis and Analysis, and based on Diagnosis and Analysis building safety control strategy module to steering system malfunctions
When controlled;
When to vehicle level functional safety conceptual analysis, steering system function is defined first, then definition is different turns
To scene, failure classification is carried out further according to different steering scenes, thereby determines that out various hazardous events, then carry out to hazardous events
Hazard analysis and risk assessment, including the analysis of severity, degrees of exposure, degree of controllability, thereby determine that corresponding automotive safety integrality
Grade makes corresponding functional safety target according to automotive safety integrity level, and functional safety target is mapped as turning
It is required to the functional safety of system and technical security requires;
Set 4 kinds of steering scenes, 6 kinds of failure modes, 4 kinds of steering scenes are as follows: a. pivot stud, b. drive at low speed, low speed in c.
It drives, d. high speed drives;6 kinds of failure modes are as follows: a. loses steering capability, b. and expectation in the same direction but turns to excessive, c. and phase
Hope in the same direction but turn to too small, d. counter steering, e. turns to locked, f. self-steering.
2. distributed intelligence electric vehicle steering system functional safety architecture design method according to claim 1, special
Sign is: the method for functional safety requirement and the technical security requirement of steering system is mapped as according to functional safety target are as follows:
1) harmful safe condition is determined by hazardous events first, is closed to similar safe condition event
And formulate the corresponding functional safety target of steering system;
2) pass through failure tree analysis (FTA) by determining functional safety goal decomposition into steering system, the function of obtaining steering system is pacified
It is complete to require;
3) designing technique safety requirements, including following aspect are required according to functional safety:
TSR1: two kinds of speed signal acquisition modes of design, and carry out authenticity verification;
TSR2: two kinds of dtc signal acquisition modes of design, and authenticity verification is carried out, redundant channel includes control channel and monitoring
Channel, monitor channel is monitored while control channel works;
TSR3: design CAN bus is able to carry out life signal verification;
TSR4: design ECU can verify whether be computed correctly torque-demand;
TSR5: design ECU can verify whether motor produces correct front wheel angle;
TSR6: design error failure Diagnostic Strategy ensures that system can detect at least 100ms and is out of order and exports corresponding failure
Code and fault time;
TSR7: design error failure alarm mechanism ensures that system carries out fault alarm according to different faults;
TSR8: when design multiple-input and multiple-output model-free adaption redundancy fault-tolerant control measure ensure that tolerable failure occurs for system
Vehicle maintains expected path traveling;
TSR9: design include pulling over observing, emergency braking control measure ensure system occur can not fault tolerant when vehicle can
Into safe condition.
3. distributed intelligence electric vehicle steering system functional safety architecture design method according to claim 1, special
Sign is: the vehicle level functional safety Control System Design, be on the basis of the perception of traditional automatic Pilot is with decision system,
Increase fault diagnosis module and safety control strategy module.
4. distributed intelligence electric vehicle steering system functional safety architecture design method according to claim 1, special
Sign is: in the Diagnosis and Analysis stage, method is:
1) first according to system signal state, whether detection system breaks down fault diagnosis module, if there is no failure,
Then the normal fault code of output system shows system worked well, otherwise it is assumed that the system failure, continues with rotary angle transmitter inspection
The vehicle actual steering wheel corner and desired orientation disk corner measured compares judgement;
2) if the absolute value for detecting actual steering wheel corner and desired orientation disk corner difference is desired steering wheel angle,
Think that the failure that steering system occurs at this time to lose steering capability, then exports and loses steering capability dependent failure code;
If the product for detecting actual steering wheel corner and desired orientation disk corner is negative value, it is believed that steering system is sent out at this time
Raw failure is counter steering, exports counter steering dependent failure code;
If detect actual steering wheel corner and desired orientation disk corner difference and desired orientation disk corner ratio range (0,
1) when between, it is believed that the failure that steering system occurs at this time is excessive or too small to turn to, and output turns to excessive or too small related event
Hinder code;
If the absolute value for detecting actual steering wheel corner and desired orientation disk corner difference is arbitrary constant, it is believed that turn to
The failure that system occurs at this time is self-steering, exports self-steering dependent failure code;
If being unsatisfactory for aforementioned any situation, then it is assumed that steering system occurs to turn to locked failure, exports steering lock hipocratic face
Close fault code.
5. distributed intelligence electric vehicle steering system functional safety architecture design method according to claim 1 or 4,
Be characterized in that: fault code and fault time of the safety control strategy module according to output, respectively for low speed, middle low speed, in
The steering occurred under high-speed case is lost, is turned in the same direction but turn to steering excessive, in the same direction but turns to too small, counter steering, steering
Locked failure, designs corresponding safety control strategy, the safety control strategy includes redundancy fault-tolerant control strategy, fault warning
Strategy, pulling over observing strategy, ramp to stop strategy and emergency braking strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910547997.5A CN110254512B (en) | 2019-06-24 | 2019-06-24 | Design method for functional safety architecture of steering system of distributed intelligent electric vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910547997.5A CN110254512B (en) | 2019-06-24 | 2019-06-24 | Design method for functional safety architecture of steering system of distributed intelligent electric vehicle |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110254512A true CN110254512A (en) | 2019-09-20 |
| CN110254512B CN110254512B (en) | 2020-10-20 |
Family
ID=67920816
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910547997.5A Active CN110254512B (en) | 2019-06-24 | 2019-06-24 | Design method for functional safety architecture of steering system of distributed intelligent electric vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110254512B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111123887A (en) * | 2019-12-10 | 2020-05-08 | 新石器慧通(北京)科技有限公司 | Unmanned vehicle fault processing method and device, electronic equipment and storage medium |
| CN111267868A (en) * | 2020-03-30 | 2020-06-12 | 郑州精益达汽车零部件有限公司 | Motor controller optimization design method meeting passenger car function safety |
| CN111400823A (en) * | 2020-03-27 | 2020-07-10 | 清华大学 | Functional safety concept analysis method for intelligent vehicle VS-L KA system |
| CN112035954A (en) * | 2020-08-25 | 2020-12-04 | 长春一汽富晟集团有限公司 | Functional safety monitoring system and monitoring method of automatic driving test simulation platform |
| CN112849262A (en) * | 2021-02-08 | 2021-05-28 | 吉林大学 | Functional safety concept stage analysis method for intelligent vehicle transverse control system |
| CN112883500A (en) * | 2021-03-26 | 2021-06-01 | 吉林大学 | Intelligent vehicle system early function safety assessment method based on fault injection |
| CN112918459A (en) * | 2021-01-29 | 2021-06-08 | 中汽创智科技有限公司 | System for avoiding unexpected steering and control method |
| CN113075924A (en) * | 2020-01-03 | 2021-07-06 | 百度(美国)有限责任公司 | Autonomous vehicle parking scenario design |
| CN113147892A (en) * | 2021-05-11 | 2021-07-23 | 浙江吉利控股集团有限公司 | Steering transmission mechanism safety early warning method and system and vehicle |
| CN113156934A (en) * | 2019-12-31 | 2021-07-23 | 上海司南卫星导航技术股份有限公司 | Automatic driving system and method of vehicle and non-transitory computer readable storage medium |
| WO2021218277A1 (en) * | 2020-04-27 | 2021-11-04 | 湖南大学 | Analysis and test method for fault diagnosis of vehicle control unit of electric vehicle |
| CN114348009A (en) * | 2022-01-27 | 2022-04-15 | 中国第一汽车股份有限公司 | Functional safety concept stage analysis method and brake control system |
| CN114426026A (en) * | 2020-10-29 | 2022-05-03 | 观致汽车有限公司 | Safety control method, non-transitory readable storage medium, and vehicle |
| TWI768991B (en) * | 2021-06-29 | 2022-06-21 | 微馳智電股份有限公司 | Method and system for adaptively processingcar information |
| CN115230680A (en) * | 2022-09-23 | 2022-10-25 | 万向钱潮股份公司 | Vehicle steering adjustment control method and vehicle steering adjustment control system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112287466A (en) * | 2020-12-22 | 2021-01-29 | 延锋伟世通电子科技(南京)有限公司 | ADAS display function safety design method in all-liquid-crystal instrument |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102514598A (en) * | 2011-12-20 | 2012-06-27 | 北京交通大学 | High-speed rail signal system level 'fail-safe' method |
| KR20160005177A (en) * | 2014-07-03 | 2016-01-14 | 현대모비스 주식회사 | Method for fault diagnosis of motor driven power steering and apparatus thereof |
| CN107200020B (en) * | 2017-05-11 | 2019-05-31 | 江苏大学 | It is a kind of based on mixing theoretical pilotless automobile self-steering control system and method |
-
2019
- 2019-06-24 CN CN201910547997.5A patent/CN110254512B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102514598A (en) * | 2011-12-20 | 2012-06-27 | 北京交通大学 | High-speed rail signal system level 'fail-safe' method |
| KR20160005177A (en) * | 2014-07-03 | 2016-01-14 | 현대모비스 주식회사 | Method for fault diagnosis of motor driven power steering and apparatus thereof |
| CN107200020B (en) * | 2017-05-11 | 2019-05-31 | 江苏大学 | It is a kind of based on mixing theoretical pilotless automobile self-steering control system and method |
Non-Patent Citations (2)
| Title |
|---|
| 尚世亮,童菲,李波,付越: "GB/T 34590.1-2017《道路车辆 功能安全第1部分:术语》解读(之一", 《中国标准化》 * |
| 王俊明,周宏伟: "基于 ISO26262 的车道保持辅助的功能安全概念设计", 《重庆大学学报(自然科学版)》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111123887A (en) * | 2019-12-10 | 2020-05-08 | 新石器慧通(北京)科技有限公司 | Unmanned vehicle fault processing method and device, electronic equipment and storage medium |
| CN113156934A (en) * | 2019-12-31 | 2021-07-23 | 上海司南卫星导航技术股份有限公司 | Automatic driving system and method of vehicle and non-transitory computer readable storage medium |
| CN113075924A (en) * | 2020-01-03 | 2021-07-06 | 百度(美国)有限责任公司 | Autonomous vehicle parking scenario design |
| CN111400823A (en) * | 2020-03-27 | 2020-07-10 | 清华大学 | Functional safety concept analysis method for intelligent vehicle VS-L KA system |
| CN111400823B (en) * | 2020-03-27 | 2022-03-29 | 清华大学 | Functional safety concept analysis method for intelligent vehicle VS-LKA system |
| CN111267868A (en) * | 2020-03-30 | 2020-06-12 | 郑州精益达汽车零部件有限公司 | Motor controller optimization design method meeting passenger car function safety |
| CN111267868B (en) * | 2020-03-30 | 2021-09-07 | 郑州精益达汽车零部件有限公司 | Motor controller optimization design method meeting passenger car function safety |
| WO2021218277A1 (en) * | 2020-04-27 | 2021-11-04 | 湖南大学 | Analysis and test method for fault diagnosis of vehicle control unit of electric vehicle |
| CN112035954A (en) * | 2020-08-25 | 2020-12-04 | 长春一汽富晟集团有限公司 | Functional safety monitoring system and monitoring method of automatic driving test simulation platform |
| CN114426026A (en) * | 2020-10-29 | 2022-05-03 | 观致汽车有限公司 | Safety control method, non-transitory readable storage medium, and vehicle |
| CN112918459B (en) * | 2021-01-29 | 2022-07-05 | 中汽创智科技有限公司 | System for avoiding unexpected steering and control method |
| CN112918459A (en) * | 2021-01-29 | 2021-06-08 | 中汽创智科技有限公司 | System for avoiding unexpected steering and control method |
| CN112849262A (en) * | 2021-02-08 | 2021-05-28 | 吉林大学 | Functional safety concept stage analysis method for intelligent vehicle transverse control system |
| CN112883500A (en) * | 2021-03-26 | 2021-06-01 | 吉林大学 | Intelligent vehicle system early function safety assessment method based on fault injection |
| CN113147892A (en) * | 2021-05-11 | 2021-07-23 | 浙江吉利控股集团有限公司 | Steering transmission mechanism safety early warning method and system and vehicle |
| TWI768991B (en) * | 2021-06-29 | 2022-06-21 | 微馳智電股份有限公司 | Method and system for adaptively processingcar information |
| CN114348009A (en) * | 2022-01-27 | 2022-04-15 | 中国第一汽车股份有限公司 | Functional safety concept stage analysis method and brake control system |
| CN114348009B (en) * | 2022-01-27 | 2024-05-03 | 中国第一汽车股份有限公司 | Functional safety concept stage analysis method and brake control system |
| CN115230680A (en) * | 2022-09-23 | 2022-10-25 | 万向钱潮股份公司 | Vehicle steering adjustment control method and vehicle steering adjustment control system |
| CN115230680B (en) * | 2022-09-23 | 2022-12-20 | 万向钱潮股份公司 | Vehicle steering adjustment control method and vehicle steering adjustment control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110254512B (en) | 2020-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110254512A (en) | Distributed intelligence electric vehicle steering system functional safety architecture design method | |
| CN107656519A (en) | The driving control method and device of electric vehicle | |
| CN105966396A (en) | Vehicle collision avoidance control method based on driver collision avoidance behavior | |
| CN112874502B (en) | Wire control chassis information physical system in intelligent traffic environment and control method | |
| CN111400823B (en) | Functional safety concept analysis method for intelligent vehicle VS-LKA system | |
| CN103318176A (en) | Coach self-adaptive cruise control system and control method thereof | |
| CN112765722A (en) | Test scene design method for test field of automatic driving automobile | |
| CN110386153B (en) | Lane keeping auxiliary system safety analysis method based on system theory hazard analysis | |
| CN113492872B (en) | Driving mode switching method, driving mode switching system and computer readable storage medium | |
| CN114348009B (en) | Functional safety concept stage analysis method and brake control system | |
| CN109747633A (en) | Extremely active control system and control method are turned under commerial vehicle fast state | |
| CN108974003A (en) | A kind of exchange method | |
| Yu et al. | Fallback strategy for level 4+ automated driving system | |
| CN108974004A (en) | A kind of dynamical system control method | |
| CN114954503A (en) | Automatic driving steering fault prediction and redundancy control method and system and electronic equipment | |
| Xing et al. | A hazard analysis approach based on STPA and finite state machine for autonomous vehicles | |
| CN112883500B (en) | Intelligent vehicle system early function safety assessment method based on fault injection | |
| Sari et al. | Fail-operational safety architecture for ADAS systems considering domain ECUs | |
| CN115933485A (en) | Safety-critical system control method and device based on control structure hierarchical division | |
| CN112580201B (en) | Simulation test evaluation method and system for vehicle emergency steering auxiliary system | |
| CN115167360A (en) | Drive-by-wire chassis test system and method based on simulated driver | |
| Nasri et al. | Modeling and Deployment of Model‐Based Decentralized Embedded Diagnosis inside Vehicles: Application to Smart Distance Keeping Function | |
| Kongjian et al. | The Method of Functional Safety Validation Test of AEBS Based on Fault Injection | |
| US20230409704A1 (en) | Control system having isolated user computing unit and control method therefor | |
| Tian et al. | Integration And Experimental Study Of Automatic Driving System For Bus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |