CN117341713A - Failure processing method for automatic driving, driving device, and computer-readable storage medium - Google Patents
Failure processing method for automatic driving, driving device, and computer-readable storage medium Download PDFInfo
- Publication number
- CN117341713A CN117341713A CN202210741673.7A CN202210741673A CN117341713A CN 117341713 A CN117341713 A CN 117341713A CN 202210741673 A CN202210741673 A CN 202210741673A CN 117341713 A CN117341713 A CN 117341713A
- Authority
- CN
- China
- Prior art keywords
- failure
- driving device
- failure level
- driving
- functional module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 11
- 238000000034 method Methods 0.000 claims abstract description 43
- 230000009471 action Effects 0.000 claims abstract description 28
- 230000004044 response Effects 0.000 claims abstract description 6
- 230000006870 function Effects 0.000 claims description 153
- 238000004891 communication Methods 0.000 claims description 133
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012544 monitoring process Methods 0.000 description 130
- 238000010586 diagram Methods 0.000 description 10
- 230000010485 coping Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 230000033001 locomotion Effects 0.000 description 3
- 230000008447 perception Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 230000009133 cooperative interaction Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000013499 data model Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60W—CONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
- B60W50/00—Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
- B60W50/02—Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
- B60W50/0205—Diagnosing or detecting failures; Failure detection models
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60W—CONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
- B60W50/00—Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
- B60W50/02—Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
- B60W50/029—Adapting to failures or work around with other constraints, e.g. circumvention by avoiding use of failed parts
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60W—CONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
- B60W60/00—Drive control systems specially adapted for autonomous road vehicles
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60W—CONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
- B60W50/00—Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
- B60W50/02—Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
- B60W50/0205—Diagnosing or detecting failures; Failure detection models
- B60W2050/021—Means for detecting failure or malfunction
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60W—CONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
- B60W50/00—Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
- B60W50/02—Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
- B60W50/0205—Diagnosing or detecting failures; Failure detection models
- B60W2050/0215—Sensor drifts or sensor failures
Landscapes
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Human Computer Interaction (AREA)
- Transportation (AREA)
- Mechanical Engineering (AREA)
- Traffic Control Systems (AREA)
Abstract
The application discloses a fault handling method of automatic driving, which is applied to a driving device and comprises the following steps: the failure of the functional module is detected, the current failure level is determined according to the failure level of the functional module, the driving function correspondingly provided by the functional module and the speed of the driving device, and the driving device is controlled to execute corresponding fault response actions according to the failure level. According to the fault processing method for automatic driving, disclosed by the application, the automatic driving device can determine the failure level according to the failed functional module and the current driving speed and make different safe driving actions according to the failure level, so that the safety of the driving device is improved. The present application also includes a driving apparatus and a computer-readable storage medium implementing the foregoing failure processing method of automated driving.
Description
Technical Field
The present application relates to the field of autopilot technology, and in particular, to a fault handling method for autopilot, a driving apparatus, and a computer readable storage medium.
Background
The automatic driving has greatly developed due to the advantages of saving labor cost, reducing accident rate, reducing oil consumption and the like. With the development of various vehicle-mounted sensor technologies and artificial intelligence technologies, the automatic driving technology is also becoming commercialized. However, due to the complexity of road scenes, there is a very high requirement for the automatic driving vehicle, and the best response scheme is needed to be made as far as possible for different situations, so that the automatic driving vehicle has higher reliability and safety.
At present, the automatic driving automobile has single coping schemes for different faults and different vehicle speeds in different faults, and can not make more reasonable and targeted automatic driving actions corresponding to various faults.
Disclosure of Invention
In view of the above-mentioned shortcomings of the prior art, the present application proposes a fault handling method for automatic driving with a relatively high fault pertinence, which is applied to a driving device, where the driving device includes a plurality of functional modules, and the functional modules are configured to provide corresponding driving functions for the driving device; the fault handling method for automatic driving comprises the following steps: the failure of the functional module is detected, the current failure level is determined according to the failure type of the functional module, the driving function correspondingly provided by the functional module and the speed of the driving device, and the driving device is controlled to execute corresponding fault response actions according to the failure level.
Optionally, the driving device presets and stores a failure level table, wherein the failure level table comprises the failure type of the functional module, the driving function correspondingly provided by the functional module, and the corresponding relation between the speed of the driving device and the failure level; determining the current failure level according to the failure type of the functional module, the driving function correspondingly provided by the functional module and the speed of the driving device comprises: when any one of the functional modules is detected to fail, determining the current failure level of the driving device in the failure level table according to the failure type of the functional module, the driving function provided by the failed functional module and the current speed of the driving device.
Optionally, detecting the functional module failure includes: detecting that a plurality of functional modules fail; determining the current failure level according to the failure type of the functional module, the driving function correspondingly provided by the functional module and the speed of the driving device comprises: and respectively determining a plurality of failure grades corresponding to the failure grades in the failure grade table according to the failure types of the plurality of functional modules, the driving functions provided by the failure functional modules and the current speed of the driving device, and taking the failure grade of the highest grade in the failure grades as the current failure grade of the driving device.
Optionally, determining the current failure level according to the failure type of the functional module, the driving function provided by the functional module correspondingly, and the speed of the driving device includes: if the map function module fails in communication, judging whether the map provided by the map function module is updated, and if so, determining a first failure level in the failure level table as a current failure level; if the updating is not completed, the second failure level in the failure level table is determined to be the current failure level. The controlling the driving device to execute the corresponding fault coping actions according to the failure level comprises controlling the driving device to keep the original automatic driving state to run according to the first failure level, or controlling the driving device to reduce the speed of the driving device to be in an automatic driving state according to the second failure level so as to reduce the speed of the driving device from the first speed range to the second speed range or from the second speed range to the third speed range, wherein the lowest speed in the first speed range is greater than the highest speed in the second speed range, and the lowest speed in the second range is greater than the highest speed in the third range.
Optionally, determining the current failure level according to the failure type of the functional module, the driving function provided by the functional module correspondingly, and the speed of the driving device includes: if the decision-making function module is in communication or algorithm failure and the speed of the driving device is in the second speed range, determining a third failure level in the failure level table as a current failure level, if the decision-making function module is in communication or algorithm failure and the speed of the driving device is in the third speed range, determining a fourth failure level in the failure level table as a current failure level, and if the decision-making function module is in communication or algorithm failure and the speed of the driving device is in the first speed range, determining a fifth failure level in the failure level table as a current failure level. Controlling the driving device to execute the corresponding fault handling action according to the failure level further comprises: and controlling the driving device to execute the side parking according to the third failure level, or controlling the driving device to execute the speed reduction in the lane according to the fourth failure level, or controlling the driving device to enter a safety emergency area according to the fifth failure level to carry out emergency avoidance.
Optionally, the fault handling method further comprises: when the driving function provided by the corresponding invalid function module is detected to be the first driving function, the function module with the first driving function in the plurality of function modules which are controlled to normally run executes the first driving function of the driving device; determining the current failure level according to the failure type of the functional module, the driving function correspondingly provided by the functional module and the speed of the driving device comprises: and determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function and the speed of the driving device.
Optionally, the first driving function is an obstacle sensing function, and the functional module with the obstacle sensing function in the driving device includes a camera, a laser radar, a millimeter wave radar and an ultrasonic radar. Determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function, and the speed of the driving device includes: if the laser radar, the ultrasonic radar and the camera are in communication failure, the function module currently executing the obstacle sensing function is a millimeter wave radar, and the speed of the driving device is in the first speed range, determining a second failure level in the failure level table as the current failure level. Controlling the driving device to execute corresponding fault response actions according to the failure level comprises: and controlling the driving device to execute reduced-order automatic driving according to the second failure level so as to reduce the speed of the driving device from the first speed range to the second speed range.
Optionally, the first driving function is an obstacle sensing function, and the functional module with the obstacle sensing function in the driving device comprises a camera, a laser radar, a millimeter wave radar and an ultrasonic radar;
Determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function, and the speed of the driving device includes: and if the communication of the camera, the laser radar and the millimeter wave radar fails, determining a sixth failure level in the failure level table as the current failure level. Controlling the driving device to execute the corresponding fault handling action according to the failure level further comprises: and controlling the driving device to prolong the driving data before failure according to the sixth failure level, and withdrawing automatic driving within a preset period of time and prompting the driver to take over.
Optionally, the first driving function is a positioning function, and the functional module with the positioning function in the driving device comprises an inertial navigation unit, a GPS unit, a camera and a laser radar; determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function, and the speed of the driving device includes: if the inertial navigation unit, the GPS unit and the camera are in communication failure, the functional module currently executing the positioning function is a laser radar, the speed of the driving device is in a first speed range, a fifth failure level in the failure level table is determined to be the current failure level, if the inertial navigation unit, the GPS unit and the camera are in communication failure, the functional module currently executing the positioning function is a laser radar, the speed of the driving device is in a second speed range, a third failure level in the failure level table is determined to be the current failure level, and if the inertial navigation unit, the GPS unit and the camera are in communication failure, the functional module currently executing the positioning function is a laser radar, and the speed of the driving device is in the third speed range, the first failure level in the failure level table is determined to be the current failure level. Controlling the driving device to execute corresponding fault response actions according to the failure level comprises: and controlling the driving device to enter a safety emergency area to carry out emergency avoidance according to the fifth failure level, or controlling the driving device to execute side parking according to the third failure level, or controlling the driving device to keep the original automatic driving state to drive according to the first failure level.
Optionally, the functional module with a positioning function in the driving device further comprises an ultrasonic radar. Determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function, and the speed of the driving device includes: if the inertial navigation unit, the GPS unit, the laser radar and the camera are in communication failure, the functional module for currently executing the positioning function is an ultrasonic radar, the speed of the driving device is in a first speed range or in a second speed range, the sixth failure level in the failure level table is determined to be the current failure level, and if the inertial navigation unit, the GPS unit, the laser radar and the camera are in communication failure, the functional module for currently executing the positioning function is an ultrasonic radar, the speed of the driving device is in a third speed range, the first failure level in the failure level table is determined to be the current failure level. Controlling the driving device to execute the corresponding fault handling action according to the failure level further comprises: and controlling the driving device to prolong the driving data before failure according to the sixth failure level, and backing out automatic driving in a preset period of time and prompting the driver to take over, or controlling the driving device to keep the original automatic driving state to run according to the first failure level.
The application also discloses a driving device comprising a processor and a memory, wherein the memory stores a computer program, and when the processor executes the computer program, the fault processing method for the automatic driving is realized.
The present application also discloses a computer readable storage medium storing a computer program comprising program instructions which, when executed by a processor, perform the aforementioned method of fault handling for autopilot.
Compared with the prior art, the automatic driving method disclosed by the embodiment of the application can monitor the communication nodes and the algorithm nodes of different modules in the functional module in real time, so that the position of the fault and the reason of the fault can be effectively detected and identified, different failure grades can be determined according to the type of the failure module and the speed of the current driving device, and different fault processing actions can be made according to the failure grades, so that the driving device has higher safety and higher intellectualization in the driving process.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a block schematic diagram of a driving apparatus disclosed in a first embodiment of the present application;
FIG. 2 is a functional block diagram of the driving apparatus of FIG. 1;
fig. 3 is a flowchart of a fault handling method for automatic driving according to a second embodiment of the present application;
FIG. 4 is a schematic diagram showing the distribution of communication nodes of each functional module in FIG. 2;
FIG. 5 is a schematic diagram of the algorithm node distribution of each functional module in FIG. 4;
FIG. 6 is a schematic diagram of a relationship between a communication node and an algorithm node in each functional module in FIG. 5;
FIG. 7 is a flow chart of a method for handling failures in communication between the perception-type functional modules of FIG. 4;
FIG. 8 is a flow chart of a fault handling method for failure of the communication node of the functional module of FIG. 4;
FIG. 9 is a flow chart of a fault handling method for failure of the functional module algorithm nodes of FIG. 5.
Detailed Description
In order to facilitate an understanding of the present application, a more complete description of the present application will now be provided with reference to the relevant figures. Preferred embodiments of the present application are shown in the accompanying drawings. This application may, however, be embodied in many different forms and is not limited to the embodiments described herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
The following description of the embodiments refers to the accompanying drawings, which illustrate specific embodiments that can be used to practice the present application. The numbering of the components itself, e.g. "first", "second", etc., is used herein merely to distinguish between the described objects and does not have any sequential or technical meaning. The terms "coupled" and "connected," as used herein, are intended to encompass both direct and indirect coupling (coupling), unless otherwise indicated. Directional terms referred to in this application, such as "upper", "lower", "front", "rear", "left", "right", "inner", "outer", "side", etc., are merely directions referring to the attached drawings, and thus, directional terms are used for better, more clear description and understanding of the present application, rather than indicating or implying that the apparatus or element being referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present application.
In the description of the present application, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; may be a mechanical connection; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the terms in this application will be understood by those of ordinary skill in the art in a specific context. It should be noted that the terms "first," "second," and the like in the description and claims of the present application and in the drawings are used for distinguishing between different objects and not for describing a particular sequential order.
Furthermore, the terms "comprises," "comprising," "includes," "including," "may be" or "including" as used in this application mean the presence of the corresponding function, operation, element, etc. disclosed, but not limited to other one or more additional functions, operations, elements, etc. Furthermore, the terms "comprises" or "comprising" mean that there is a corresponding feature, number, step, operation, element, component, or combination thereof disclosed in the specification, and that there is no intention to exclude the presence or addition of one or more other features, numbers, steps, operations, elements, components, or combinations thereof. Furthermore, when describing embodiments of the present application, use of "may" means "one or more embodiments of the present application. Also, the term "exemplary" is intended to refer to an example or illustration.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
Referring to fig. 1, fig. 1 is a schematic block diagram of a driving apparatus according to a first embodiment of the present disclosure. As shown in fig. 1, the driving apparatus 1 includes a memory 10 and a processor 20. The memory 10 stores a computer program, and the processor 20 can execute the computer program in the memory 10 to control the driving device 1 to execute self-driving and a corresponding fault handling method.
Referring to fig. 2, fig. 2 is a schematic functional block diagram of the driving device in fig. 1. As shown in fig. 2, the driving device 1 includes a functional module 100 and a safety monitoring module 200, the functional module 100 is used for providing sensing, positioning, route planning and other functions for the driving device 1, and the safety monitoring module 200 is used for performing real-time detection on each functional module in the functional module 100.
The functional module 100 includes a sensing module 101, a positioning module 102, a map module 103, a navigation module 104, a prediction module 105, a decision planning module 106, a control module 107, and a Controller area network bus (Controller AreaNetwork, CAN), i.e., a CAN bus 108.
The sensing module 101 is used for providing various sensing signals for the driving device 1, and the map module 103 is used for providing a high-resolution map for the driving device 1 in the driving process, so that the real-time performance and the accuracy are high. The positioning module 102 is used for accurately positioning the current position of the driving device 1. The navigation module 104 is used for integrating the data of the perception module 101, the map module 103 and the positioning module 102 to provide an optimal driving route for the driving device 1 to drive. The prediction module 105 is configured to predict a cooperative interaction problem between the driving device 1 and other moving objects in the surrounding environment according to the sensing signal provided by the sensing module 101. The decision planning module 106 is configured to comprehensively decide a final driving path of the driving device 1 according to the optimal route data provided by the navigation module 104 and the data of the driving environment of the driving device 1 provided by the prediction module 105. The control module 107 is configured to control the driving device 1 to automatically travel according to the optimal path data provided by the decision planning module 106. The CAN bus 108 is used for transmitting various types of data in the driving apparatus 1.
The security monitoring module 200 includes a monitoring module 201 and a human-machine interface 202. The monitoring module 201 is configured to monitor working states of each module and each module communication node and algorithm node, and provide corresponding solutions according to failure states. The man-machine interface 202 provides a man-machine interface for the user to read the operation of each module in the functional module 100 and facilitate the user control.
Specifically, the sensing module 101 includes various vehicle-mounted sensors for providing various sensing signals to the driving apparatus 1. For example, cameras, millimeter wave radars, lidars, ultrasonic radars, hardware synchronization, sensor calibration, computer vision, and the like.
The map module 103 is a new map data model serving the driving apparatus 1, and is a new map data model of an automatically driven car, compared with a general navigation electronic map, and the absolute position accuracy of the map module 103 is close to 1m, and the relative position accuracy is in the centimeter level. The map may be divided into two levels, a static map and a dynamic map, respectively. The static map is positioned at the bottom layer and consists of a lane model of semantic information, road components, road attribute three vector information and a characteristic map layer for multi-sensor positioning. The dynamic map is built on the basis of the static map and mainly comprises real-time dynamic information, such as information of other traffic participants and signals of the traffic participants.
The positioning module 102 is used for positioning the current position of the driving device 1, and mainly comprises a global positioning system (GNSS, global Navigation Satellite System) and an inertial navigation system (INS, inertial Navigation System), and provides a positioning function for the driving device 1 in combination with the related data provided by the map module 103 and the sensing module 101.
The navigation module 104 is used for comprehensively processing the vehicle information and the environment information provided by the sensing module 101, the map module 103 and the positioning module 102, and calculating the shortest running path or the optimal running path of the driving device 1.
The predictive module 105 is used to address the problem of collaborative interaction of an autonomous vehicle with other moving objects (vehicles, pedestrians, etc.) in the surrounding environment. The module predicts the behavior intention of the moving object detected by the sensing module in a period of time in the future, and converts the predicted result into a track in the time dimension and the space dimension. By taking the predicted track of the moving objects such as the obstacle vehicles, pedestrians, non-motor vehicles and the like as input, the automatic driving vehicle can make more reasonable driving decisions and plan more reasonable and safer vehicle movement behaviors.
The decision-making module 106 includes three levels, first receiving the optimal global path calculated by the navigation module 104. A specific behavioral decision is then made in conjunction with the perception module 101. (including other vehicles, pedestrians, obstacles, and traffic regulation information on the road, such as selecting whether to pass or follow). Finally, a Motion Planning (Motion Planning) layer plans and generates a track meeting specific constraint conditions according to specific behavior decisions, and the track is used as input of a control module to determine a final driving path of the vehicle. (e.g., dynamic constraints of the vehicle itself, collision avoidance, occupant comfort, etc.).
The control module 107 is used for processing more details according to various sensing signals. For example, a road surface has a pit which causes rolling of a vehicle, smoothness of a throttle brake, control convergence under various environmental disturbances, accuracy, stability, rapidity of track tracking, and the like.
The CAN bus is used for providing the functions of mutual communication and state reading for the modules.
The monitoring module 201 is configured to monitor working states of the communication nodes and the algorithm nodes of each functional module, and provide corresponding countermeasures according to the failure states. Such as providing corresponding countermeasures when various types of functional modules fail, providing corresponding countermeasures when various types of functional module communication nodes fail, and providing corresponding countermeasures when various module algorithm nodes fail.
The man-machine interface 202 provides a man-machine interface for the user to read the operation of each module in the functional module 100 and facilitate the user control.
Referring to fig. 3, fig. 3 is a flowchart of a fault handling method for automatic driving according to a second embodiment of the present application. As shown in fig. 3, the fault handling method for automatic driving specifically includes the following steps:
step S101, a failure of the functional module is detected.
The communication nodes and the algorithm nodes of each functional module are monitored in real time through the safety monitoring module 200, and whether each functional module fails or not is judged.
Specifically, referring to fig. 4, fig. 4 is a schematic diagram illustrating the distribution of communication nodes of each functional module in fig. 2, and as shown in fig. 4, the communication nodes are distributed in each functional module and each sensor, and the monitoring module 201 in the security monitoring module 200 can monitor the communication state of each module through each communication node.
Specifically, the functional module 100 further includes four sensing sensors and two positioning sensors, wherein the four sensing sensors are a first sensor 101A, a second sensor 101B, a third sensor 101C and a fourth sensor 101D, the first sensor 101A to the fourth sensor 101D correspond to the first communication node T1 to the fourth communication node T4, respectively, and the sensing module 101 sets a fifth communication node T5. The sensing module 101 receives various sensing signals through the first to fourth sensors 101A to 101D, and the first to fourth sensors 101A to 101D may be cameras, millimeter wave radars, lidars, and ultrasonic radars, respectively. The monitoring module 201 monitors the communication states of the first to fourth sensors 101A to 101D through the first to fourth communication nodes T1 to T4.
In an exemplary embodiment, the sensing module may include any number of sensors for providing sensing signals to the sensing module 101, without limitation.
The two positioning sensors are an inertial navigation unit 102A and a global positioning system (Global Positioning System, GPS) unit 102B, respectively, a sixth communication node T6 is provided in the inertial navigation unit 102A, a seventh communication node T7 is provided in the GPS unit, and an eighth communication node T8 is provided in the positioning module 102 itself. The positioning module 102 performs real-time positioning of the driving apparatus 1 through the inertial navigation unit 102A and the GPS unit 102B, and the monitoring module 201 monitors the communication states of the positioning module 102, the inertial navigation unit 102A, and the GPS unit 102B in real time through the sixth communication node T6 to the eighth communication node T8 provided therein.
The map module 103, the navigation module 104, the prediction module 105, the decision planning module 106, the control module 107, the CAN bus 108, correspond to the ninth communication node T9 to the fourteenth communication node T14, respectively. In the security monitoring module 200, the monitoring module 201 and the human-computer interface 202 correspond to the fifteenth communication node T15 and the sixteenth communication node T16, respectively. The fifteenth communication node T15 corresponding to the monitoring module 201 is connected to the communication nodes corresponding to the modules in the functional module 100, and the monitoring module 201 monitors the communication states of the navigation module 104, the prediction module 105 decision planning module 106, the control module 107 and the CAN bus 108 through the ninth communication node T9 to the fourteenth communication node.
Referring to fig. 5, fig. 5 is a schematic diagram illustrating the distribution of algorithm nodes of each functional module in fig. 4, and as shown in fig. 5, the algorithm nodes are distributed in each functional module and each sensor, and the monitoring module 201 in the security monitoring module 200 can monitor the algorithm running state of each module through each algorithm node.
Specifically, the sensing module 101, the positioning module 102, the map module 103, the navigation module 104, the prediction module 105, the decision planning module 106, the control module 107, and the CAN bus 108 in the functional module 100 respectively set a first algorithm node S1 to an eighth algorithm node S8. In the security monitoring module 200, the monitoring module 201 and the human-computer interface 202 respectively set a ninth algorithm node S9 and a tenth algorithm node S10. The ninth algorithm node S9 is connected to the algorithm nodes corresponding to the modules in the functional module 100, and monitors the algorithm running states of the sensing module 101, the positioning module 102, the map module 103, the navigation module 104, the prediction module 105, the decision planning module 106, the control module 107 and the CAN bus 108 through the monitoring module 201 and the first algorithm node S1 to the eighth algorithm node S8.
Referring to fig. 6, fig. 6 is a schematic diagram showing a relationship between a communication node and an algorithm node in each functional module in fig. 5, as shown in fig. 5, the communication node and the algorithm node of each functional module in the driving device 1 are separately disposed and communicate through multithreading, that is, each functional module includes both the communication node and the algorithm node, and the communication node and the algorithm node communicate through multithreading. The monitoring module 201 performs monitoring on the algorithm nodes of each module, and monitors whether the algorithm of each module can normally operate.
And because the communication node and the algorithm node are separately arranged, the monitoring module 201 can monitor the communication node and the algorithm node at the same time, and can monitor the communication node and the algorithm node for independent types of nodes, such as independent monitoring of the communication node or independent monitoring of the algorithm node.
With continued reference to fig. 3, step S102 determines a current failure level according to the failure type of the functional module, the driving function provided by the functional module, and the speed of the driving device.
Specifically, a failure level table is preset and stored in the driving device 1, and the failure level table includes failure types of the function modules, driving functions provided by the function modules correspondingly, and correspondence between the speed of the driving device 1 and the failure level. In this embodiment, as shown in Table 1-1, six failure levels FL-A, first to sixth failure levels FL-F, respectively, are set in the failure level table. The failure levels rise in order from the first failure level FL-a to the sixth failure level FL-F, and the progressively higher the failure level, the greater the influence of the failure module or node on the normal running of the driving apparatus 1.
The driving apparatus 1 is provided with an automatic driving speed range including a first speed range V1, a second speed range V2, and a third speed range V3, wherein a lowest speed within the first speed range V1 is greater than a highest speed in the second speed range V2, and a lowest speed in the second speed range V2 is greater than a highest speed in the third speed range V3.
In an exemplary embodiment, the first speed range may be set to be higher than 60KM/H, the second speed range may be set to be 20-60 KM/H, and the third speed range may be set to be lower than 20KM/H, although other speed ranges may be adjusted as needed in particular, and the present application is not limited thereto.
When the communication node and/or the algorithm node of any one of the functional modules 100 fails, the current failure level of the driving device is determined in the failure level table according to the failure type of the functional module, the driving function provided by the failed functional module and the current speed of the driving device 1.
For example, when a sensor in the sensing module 101 fails, such as a camera or millimeter wave radar or lidar communication fails, the failure level is a first failure level FL-a no matter how much the speed of the driving apparatus 1 has on the sensing, but if the communication of the camera and lidar fails, the size of the surrounding obstacle is difficult to sense due to millimeter wave radar and ultrasonic radar, and when the speed of the driving apparatus 1 is within the first speed range V1, the monitoring module 201 evaluates that the failure level is correspondingly raised, such as the failure level is raised to a second failure level FL-B. When the failure of the plurality of functional modules is detected, a plurality of failure levels in the failure level tables corresponding to the plurality of functional modules are respectively determined according to the failure types of the plurality of functional modules, the driving functions provided by the failed functional modules and the current speed of the driving device 1, and the failure level of the highest level in the plurality of failure levels is used as the current failure level of the driving device. For example, when the sensing module 101, the predicting module 105 and the control module 107 fail in communication, the corresponding failure levels are the first failure level FL-a, the second failure level FL-B and the sixth failure level FL-F, respectively, and at this time, the sixth failure level FL-F is the current failure level, and the corresponding control driving device 1 performs the automatic driving for the preset period, and prompts the driver to take over.
Step S103, the driving device is controlled to execute corresponding fault handling actions according to the failure level.
And setting corresponding fault coping actions aiming at different failure grades, and controlling the driving device to execute the corresponding fault coping actions when the current failure grade is determined.
As shown in table 1-1, when the monitoring module 201 evaluates that the current failure level is the first failure level FL-a, the driving apparatus 1 keeps the original automatic driving apparatus running, indicating that the failed node or module at this time has little influence on the current normal automatic driving.
When the monitoring module 201 evaluates that the current failure level is the second failure level FL-B, the driving device 1 reduces the step-down autopilot, which means that the failed node or module has a certain influence on the current normal autopilot, and the driving device 1 needs to reduce the current driving speed such that the speed of the driving device is reduced from the first speed range V1 to the second speed range V2 or from the second speed range V2 to the third speed range V3.
When the monitoring module 201 evaluates that the current failure level is the third failure level FL-C, the driving apparatus 1 stops by side, indicating that the failed node or module cannot guarantee the safety of the automatic driving of the driving apparatus 1, and needs to stop by side.
When the monitoring module 201 evaluates that the current failure level is the fourth failure level FL-D, the fifth failure level FL-E and the sixth failure level FL-F, it indicates that the driving device 1 cannot safely control the driving device 1 to run safely at this time, and according to the current specific vehicle speed, control schemes such as speed reduction and stopping of the own lane, emergency avoidance of a safety emergency area, manual takeover and the like are respectively executed. When the safety monitoring module 200 determines that the current failure level is lower than the second failure level FL-B, the dual flash is started simultaneously when the fault handling method corresponding to the subsequent failure level is executed, and if the parking is involved, the P gear needs to be engaged, and the electronic parking brake (Electrical Park Brake, EPB) is pulled up.
In an exemplary embodiment, the fault handling method corresponding to the failure level of the functional module may also be set according to a specific situation, which is not limited in this application.
TABLE 1-1
| Failure rating | Fault handling actions |
| FL-A | Continuously keeping the original automatic driving |
| FL-B | Reduced-order autopilot |
| FL-C | Side parking |
| FL-D | Speed-reducing parking for own vehicle |
| FL-E | Emergency avoidance at a secure emergency area |
| FL-F | Manual connecting pipe |
Referring to fig. 7, fig. 7 is a flowchart of a fault handling method for communication failure of the perception-type functional module in fig. 4.
Specifically, as shown in fig. 7, when it is detected that the driving function provided correspondingly to the failed function module is the first driving function, the function module having the first driving function among the plurality of function modules controlling the normal operation executes the first driving function of the driving apparatus 1. When the monitoring module 201 in the security monitoring module 200 detects that the communication node of the sensor in the functional module fails, a specific fault handling method is as follows:
Step S201, detecting a communication failure of the functional module having the obstacle sensing function and/or the functional module having the positioning function.
The monitoring module 201 in the safety monitoring module 200 performs real-time monitoring on four sensing sensors, i.e., the first to fourth sensors 101A to 101D, in the sensing module 101 having the obstacle sensing function and the positioning sensors, i.e., the inertial navigation unit 102A and the GPS unit 102B, in the positioning module 102 having the positioning function through the first to fourth communication nodes T1 to T4 and the sixth and seventh communication nodes T6 and T7.
Step S202, determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function and the speed of the driving device.
The monitoring module 200 is preset with a failure level table of the sensing functional module and the positioning module, and a plurality of failure levels correspond to different states of the communication nodes and/or the algorithm nodes in the functional modules, and the different states of the communication nodes and/or the algorithm nodes correspond to the states of the sensors. The failure level table of the obstacle sensing function module, i.e. the sensing sensor part, in the failure level table is shown in tables 1-2, and the function modules with the obstacle sensing function in the driving device 1 are the first sensor 101A to the fourth sensor 101D, which correspond to the camera, the millimeter wave radar, the laser radar and the ultrasonic radar, respectively. When the first driving function is the obstacle sensing function, determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function and the speed of the driving device, and controlling each functional module in the functional module 100 to execute the corresponding running state by the safety monitoring module 200 according to the current failure level, thereby controlling the driving device 1 to execute the corresponding fault handling driving method, wherein the specific failure level determination is shown in tables 1-2:
When the monitoring module 201 detects that the camera or the millimeter wave radar or the laser radar is in failure through the first communication node T1 to the fourth communication node T4, the failure level is determined as the first failure level FL-a no matter how much the speed of the current driving device 1 affects the sensing module 101.
When the monitoring module 201 detects that both the camera and the lidar are disabled through the first to fourth communication nodes T1 to T4, the failure level is determined as the second failure level FL-B because the millimeter wave radar and the ultrasonic radar are hard to perceive the size of the peripheral obstacle, the failure level is determined as the first failure level FL-a for the autonomous parking (Automated Valet Parking, AVP) or the full automatic parking (Auto Parking Assist, APA) scenario of the third speed range V3.
When the monitoring module 201 detects that the camera and the ultrasonic radar or the camera and the millimeter wave radar are in failure in two-by-two communication through the first communication node T1 to the fourth communication node T4, the sensing function of the sensing module 101 is not greatly affected by the automatic driving at different speeds and the application scene, and the failure level is determined to be the first failure level FL-a.
When the monitoring module 201 detects that the laser radar and the ultrasonic radar or the laser radar and the millimeter wave radar are in failure in two-by-two communication through the first communication node T1 to the fourth communication node T4, the sensing function of the sensing module 101 is not greatly affected by the automatic driving at different speeds and the application scene, and the failure level is determined to be the first failure level FL-a.
When the monitoring module 201 detects that the ultrasonic radar and the millimeter wave radar fail in two-by-two communication through the first communication node T1 to the fourth communication node T4, the sensing function of the sensing module 101 is not greatly affected by the automatic driving at different speeds and the application scenario, and the failure level is determined as the first failure level FL-a.
When the monitoring module 201 detects that the communication among the camera, the laser radar and the ultrasonic radar is invalid through the first communication node T1 to the fourth communication node T4, the failure level is determined to be the second failure level FL-B, and since the millimeter wave radar can work normally, the driving device 1 with the speed in the first speed range V1 performs the reduced-order autopilot, and the speed of the driving device 1 is reduced from the first speed range V1 to the second speed range V2, and specifically the reduced-order mode is the adaptive cruise control (Adaptive Cruise Control, ACC) mode, that is, the ACC following mode.
When the monitoring module 201 detects that the communication of the ultrasonic radar, the millimeter wave radar and the camera or the communication of the ultrasonic radar, the millimeter wave and the laser radar fails through the first communication node T1 to the fourth communication node T4, the influence of different speed autopilot and application scenes on the perception is not great, and the failure level is determined as the first failure level FL-a.
When the monitoring module 201 detects a failure of the communication of the camera, the laser radar, and the millimeter wave radar through the first communication node T1 to the fourth communication node T4, the failure level is determined as a sixth failure level FL-F,
the monitoring module 201 controls the driving device 1 to delay the driving data before failure according to the sixth failure level FL-F, and prompts the driver to take over and exit from automatic driving in a preset period, wherein the preset period can be set to 10s, or can be set to 15s or 20s according to specific needs, and the application is not limited. When the monitoring module 201 detects that the camera, the laser radar, the millimeter wave radar and the ultrasonic radar are all disabled through the first communication node T1 to the fourth communication node T4, the disabling level is determined to be the sixth disabling level FL-F, and the monitoring module 201 controls the driving device 1 to delay driving data before disabling according to the sixth disabling level FL-F, prompts the driver to take over and exit from automatic driving in a preset period, wherein the preset period can be set to 10s, or can be set to 15s or 20s according to specific needs, and the application is not limited.
TABLE 1-2
Description: 1 denotes failure of the communication node of the sensor, and X denotes arbitrary speed
When the first driving function is a positioning function, the functional modules having the positioning function include an inertial navigation unit 102A and a GPS unit 102B. When the inertial navigation unit 102A and the GPS unit 102B fail, the safety monitoring module 200 may multiplex the sensor with the positioning function to perform the positioning function, and the normal running of the driving apparatus 1 may not be affected. The sensing sensor with the positioning function comprises a camera and a laser radar.
If the positioning sensor fails, and at the same time, part of the sensing sensors fail, at this time, the safety monitoring module 200 determines the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function and the speed of the driving device, so as to control the driving device 1 to execute the corresponding fault processing method.
The failure level table of the positioning function module in the failure level table is shown in tables 1-3, when the safety monitoring module 200 detects that the first sensor 101A, that is, the camera communication, the inertial navigation unit 102A and the GPS unit 102B fail, the safety monitoring module 200 can multiplex the laser radar for positioning, but considering that the real-time performance of the laser radar algorithm processing by the hardware is limited, when the speed of the driving device 1 is within the first speed range V1, the safety monitoring module 200 determines that the current failure level is the fifth failure level FL-E, and controls the driving device 1 to execute the emergency region emergency avoidance scheme. When the speed of the driving device 1 is within the second speed range V2, the safety monitoring module 200 determines that the current failure level is the third failure level FL-C, and controls the driving device 1 to perform the side parking. When the speed of the driving device 1 is within the third speed range V3, that is, when the driving device 1 is in the low speed scene, that is, the AVP or APA scene, the safety monitoring module 200 determines that the current failure level is the first failure level FL-a, and controls the driving device 1 to maintain the current autopilot state.
When the monitoring module 200 detects that the third sensor 101C, that is, the laser radar, the inertial navigation unit 102A and the GPS unit 102B, are in communication failure, the monitoring module 200 may multiplex the first sensor 101A, that is, the camera, for positioning. At this time, if the speed of the driving apparatus 1 is within the first speed range V1 or the second speed range V2, the safety monitoring module 200 determines that the current failure level is the second failure level FL-B, and controls the driving apparatus 1 to reduce the step-down automatic driving, that is, to reduce the step-down to the ACC following mode. If the speed of the driving device 1 is within the third speed range V3, that is, in the low speed AVP or APA scene, the current failure level is determined to be the first failure level FL-a, and the driving device 1 is controlled to maintain the current autopilot state.
When the monitoring module 200 detects that the first sensor 101A, the third sensor 101C, the inertial navigation unit 102A and the GPS unit 102B are in communication failure, the safety monitoring module 200 may multiplex the fourth sensor 101D, i.e. the ultrasonic radar, for positioning. At this time, if the speed of the driving device 1 is within the first speed range V1 or the second speed range V2, the safety monitoring module 200 determines that the current failure level is the sixth failure level FL-F, controls the driving device 1 to exit the automatic driving within the preset period, and prompts the driver to take over. If the speed of the driving device 1 is within the third speed range V3, the safety monitoring module 200 determines that the current failure level is the first failure level FL-a, and controls the driving device 1 to maintain the current automatic driving state.
When the monitoring module detects that the first sensor 101A, the third sensor 101C, the fourth sensor 101D, the inertial navigation unit 102A and the GPS unit 102B are in communication failure, the speed of the driving device 1 is within any speed range, and is determined to be the sixth failure level FL-F, the monitoring module 200 controls the driving device 1 to withdraw from automatic driving within a preset period, and prompts the driver to take over.
When the first to fourth sensors 101A to 101D and the inertial navigation unit 102A and the GPS unit 102B fail in communication, the driving apparatus 1 determines that the driving apparatus 1 is at the sixth failure level FL-F in any speed range, and the monitoring module 200 controls the driving apparatus 1 to exit the automatic driving within a preset period of time and prompts the driver to take over.
In the exemplary embodiment, the sensor multiplexing may also be other manners and combinations according to circumstances, and the application is not limited.
Tables 1 to 3
Description: 1 denotes failure of the communication node of the sensor, and X denotes arbitrary speed
Step S203, the driving device is controlled to execute corresponding fault handling actions according to the failure level.
According to the determination of the current failure level of the driving device 1 by the safety monitoring module 200, the driving device 1 is controlled to execute the corresponding fault coping action.
Referring to fig. 8, fig. 8 is a flow chart of a fault handling method for failure of the communication node of the functional module in fig. 4. As shown in fig. 8, when the monitoring module 201 detects that the communication node of each functional module fails, a specific fault handling method thereof is as follows:
In step S301, a communication failure of the functional module is detected.
The monitoring module 201 in the safety monitoring module 200 performs real-time monitoring on the sensing module 101, the positioning module 102, the map module 103, the navigation module 104, the prediction module 105, the decision planning module 106, the control module 107 and the CAN bus 108 in the functional module 100 through the fifth communication node T5 to the fourteenth communication node T14, and the safety monitoring module 200 determines whether each functional module operates normally according to whether the communication of the communication node of each functional module is normal.
Step S302, determining the current failure level according to the driving function correspondingly provided by the functional module and the speed of the driving device.
As shown in tables 1-4, when the monitoring module 201 in the safety monitoring module 200 detects that the communication of the map module 103 fails through the ninth communication node T9, if the map function is in the initial stage, that is, the complete global map is not updated yet, the control module 107 determines that the current failure level is the second failure level FL-B. If the map function fails during the automatic driving process, the monitoring module 201 determines the failure level as the first failure level FL-a because the map is updated without a large influence.
When the monitoring module 201 in the safety monitoring module 200 detects the communication failure of the navigation module 104 through the tenth communication node T10 or the communication failure of the prediction module 105 through the eleventh communication node T11, the monitoring module 201 may multiplex the sensing sensors, i.e., the first sensor 101A to the fourth sensor 101D, to perform the sensing function while controlling the driving apparatus 1 to reduce the level of automatic driving, and at this time, determine that the failure level is the second failure level FL-B.
When the monitoring module 201 in the safety monitoring module 200 detects that the sensing module 101 or the decision-making module 106 fails in communication through the fifth communication node T5 or the twelfth communication node T12, if the speed of the driving device 1 is within the first speed range V1, the monitoring module 201 determines that the current failure level is the fifth failure level FL-E, drives away from the current lane to the emergency avoidance risk at the safety emergency area according to the information of other modules, and if the speed of the driving device 1 is within the second speed range V2, the monitoring module 201 determines that the current failure level is the third failure level FL-C. If the speed of the driving apparatus 1 is within the third speed range V3 at this time, the monitoring module 201 determines that the current failure level is the fourth failure level FL-D.
When the monitoring module 201 in the safety monitoring module 200 detects that the positioning module 102 fails in communication through the eighth communication node T8, the safety monitoring module 200 multiplexes the sensing sensors, i.e., the first sensor 101A to the fourth sensor 101D, to execute the positioning function instead of the positioning module 102, and the safety monitoring module 200 determines that the current failure level is the first failure level FL-a, so as to control the driving device 1 to maintain the current automatic driving.
When the monitoring module 201 detects the communication failure of the control module 107 through the thirteenth communication node T13 or the communication failure of the CAN bus 108 through the fourteenth communication node T14, the monitoring module 201 determines that the current failure level is the sixth failure level FL-F, and the safety monitoring module 200 controls the driving device 1 to withdraw from the automatic driving within the preset period and prompts the driver to take over.
When the monitoring module 201 detects that the plurality of functional modules fail in communication, the monitoring module 201 controls the driving apparatus 1 to execute the safety control strategy of the highest failure level according to the failure level of each functional module. For example, when the monitoring module 201 detects that the sensing module 101, the prediction module 105 and the control module 107 are all disabled in communication, the monitoring module 201 selects the module with the highest failure level of the three modules, and controls each functional module in the functional module 100 to execute the corresponding running state, so as to control the driving device 1 to execute the corresponding fault processing method.
Tables 1 to 4
Description: 1 denotes failure of a communication node of a functional module, and X denotes arbitrary speed
Step S303, the driving device is controlled to execute corresponding fault handling actions according to the failure level.
The functional module 100 executes a corresponding fault handling method according to the failure levels determined by the monitoring module 201, i.e., the first failure level FL-a to the sixth failure level FL-F, so as to control the driving device 1 to execute a corresponding fault handling action.
Referring to fig. 9, fig. 9 is a flowchart of a fault handling method for failure of the functional module algorithm in fig. 5. As shown in fig. 9, when the monitoring module 201 detects that the algorithm node of the functional module fails, a specific fault handling method thereof is as follows:
in step S401, a failure of the functional module algorithm is detected.
The monitoring module 201 in the safety monitoring module 200 performs real-time monitoring on the sensing module 101, the positioning module 102, the map module 103, the navigation module 104, the prediction module 105, the decision planning module 106, the control module 107 and the CAN bus 108 in the functional module 100 through the first algorithm node S1 to the eighth algorithm node S8, and the safety monitoring module 200 judges whether each functional module CAN normally output an operation result according to whether the algorithm nodes of each functional module are normal. For example, the safety monitoring module 200 detects that the sensing module 101 cannot input the sensor signal or cannot output the sensing result through the first algorithm node S1, and detects that the decision planning module cannot input the navigation information, the sensing result, the prediction result, the optimal local track information with the control attribute and the like through the sixth algorithm node S6, which indicates that the algorithm operation of the functional module fails.
Step S402, determining the current failure level according to the driving function correspondingly provided by the functional module and the speed of the driving device.
As shown in tables 1-5, when the monitoring module 201 in the safety monitoring module 200 detects that the algorithm of the map module 103 fails through the third algorithm node S3, if the map module 103 does not acquire the complete global map, the control module 107 determines that the current failure level is the second failure level FL-B. If the map function fails during the automatic driving process, the monitoring module 201 determines the failure level as the first failure level FL-a because the map is updated without a large influence.
When the monitoring module 201 in the safety monitoring module 200 detects the algorithm failure of the navigation module 104 through the fourth algorithm node S4 or the prediction module 105 through the fifth algorithm node S5, the monitoring module 201 may multiplex the sensing sensors, i.e. the first sensor 101A to the fourth sensor 101D, to replace them, and control the driving device 1 to perform the automatic driving reduced-order processing, and then determine that the failure level is the second failure level FL-B.
When the monitoring module 201 in the safety monitoring module 200 detects that the algorithm of the decision planning module 106 fails through the sixth algorithm node S6, the control module 107 is used to replace executing the decision planning function, if the speed of the driving device 1 is within the first speed range V1 or the second speed range V2, the safety monitoring module 200 determines that the current failure level is the second failure level FL-B, and if the speed of the driving device 1 is within the third speed range V3 or in the APA or AVP scene, the safety monitoring module 200 determines that the current failure level is the first failure level FL-a.
In one embodiment, when the monitoring module 201 in the safety monitoring module 200 detects that the algorithm of the decision planning module 106 fails through the sixth algorithm node S6, if the speed of the driving device 1 is within the first speed range V1, the monitoring module 201 determines that the current failure level is the fifth failure level FL-E, drives away from the current lane to the emergency avoidance risk at the safety emergency area according to the information of other modules, and if the speed of the driving device 1 is within the second speed range V2, the monitoring module 201 determines that the current failure level is the third failure level FL-C. If the speed of the driving apparatus 1 is within the third speed range V3 at this time, the monitoring module 201 determines that the current failure level is the fourth failure level FL-D. When the monitoring module 201 in the safety monitoring module 200 detects that the algorithm of the sensing module 101 fails through the first algorithm node S1, so as to cause the algorithm node of the prediction module 105 to fail, the decision-making module 106 may multiplex the sensing sensors, i.e. the first sensor 101A to the fourth sensor 101D, and if the speed of the driving device 1 is in the first speed range V1 or the second speed range V2, the safety monitoring module 200 determines that the current failure level is the second failure level FL-B. If the speed of the driving device 1 is in the third speed range V3 or in the low speed APA or AVP scenario, the safety monitoring module 200 determines that the current failure level is the first failure level FL-a.
When the monitoring module 201 in the safety monitoring module 200 detects that the algorithm of the positioning module 102 fails through the second algorithm node S2, the safety monitoring module 200 performs the positioning function by multiplexing the sensing sensor instead of the positioning module 102, and the safety monitoring module 200 determines that the current failure level is the first failure level FL-a, so as to control the driving device 1 to keep the current automatic driving.
When the monitoring module 201 detects an algorithm failure of the control module 107 through the seventh algorithm node S7 or detects an algorithm failure of the CAN bus 108 through the eighth algorithm node S8, the monitoring module 201 determines that the current failure level is the sixth failure level FL-F.
When the plurality of function module algorithm nodes fail, the monitoring module 201 controls the driving apparatus 1 to execute the safety control strategy of the highest failure level according to the failure level of each algorithm node. For example, when the monitoring module 201 detects that the algorithms of the sensing module 101, the predicting module 105 and the control module 107 are all failed, the monitoring module 201 selects the module with the highest failure level of the three modules, and controls the functional module 100 to execute the corresponding running state, so as to control the driving device 1 to execute the corresponding fault processing method.
In this embodiment, only the failure level corresponding to the failure of a part of the functional modules is listed, and of course, the failure level may also correspond to the combination of other various failure functional modules.
Tables 1 to 5
Description: 1 represents the failure of algorithm nodes of the functional module, and X represents any speed
Step S403, the driving device is controlled to execute corresponding fault handling actions according to the failure level.
The functional module 100 executes a corresponding fault handling method according to the failure levels determined by the monitoring module 201, i.e., the first failure level FL-a to the sixth failure level FL-F, so as to control the driving device 1 to execute a corresponding fault handling action.
The embodiments of the present application also provide a computer readable storage medium, wherein the computer readable storage medium stores a computer program, the computer program including program instructions, which when executed by a processor, perform the foregoing method of fault handling for autopilot.
According to the fault processing method for automatic driving disclosed by the embodiment of the application, the communication nodes and algorithm nodes of different modules in the functional module 100 can be monitored in real time, so that the position of a fault and the reason of the fault can be effectively detected and identified, meanwhile, the current failure level can be determined according to the failure type of the functional module, the driving function correspondingly provided by the functional module and the current speed of the driving device, and the driving device 1 is controlled to have higher safety and more intelligentization in the automatic driving process according to the failure level.
It is to be understood that the invention is not limited in its application to the examples described above, but is capable of modification and variation in light of the above teachings by those skilled in the art, and that all such modifications and variations are intended to be included within the scope of the appended claims.
Claims (12)
1. The fault processing method of automatic driving is applied to a driving device and is characterized in that the driving device comprises a plurality of functional modules, and the functional modules are used for providing corresponding driving functions for the driving device;
the fault handling method for automatic driving comprises the following steps:
detecting that the functional module fails;
determining a current failure level according to the failure type of the functional module, the driving function correspondingly provided by the functional module and the speed of the driving device;
and controlling the driving device to execute corresponding fault response actions according to the failure level.
2. The method for handling a failure in automatic driving according to claim 1, wherein,
the driving device presets and stores an invalidation level table, wherein the invalidation level table comprises the invalidation type of the functional module, driving functions correspondingly provided by the functional module and the corresponding relation between the speed of the driving device and the invalidation level;
The determining the current failure level according to the failure type of the functional module, the driving function provided by the functional module correspondingly and the speed of the driving device comprises:
when any one of the functional modules is detected to fail, determining the current failure level of the driving device in the failure level table according to the failure type of the functional module, the driving function correspondingly provided by the failed functional module and the current speed of the driving device.
3. A failure processing method for automatic driving according to claim 1 or 2, characterized in that,
the detecting of the functional module failure includes: detecting a plurality of functional module failures;
the determining the current failure level according to the failure type of the functional module, the driving function provided by the functional module correspondingly and the speed of the driving device comprises:
and respectively determining a plurality of failure grades corresponding to the plurality of functional modules in the failure grade table according to the failure types of the plurality of functional modules, the driving functions provided by the failed functional modules and the current speed of the driving device, and taking the failure grade of the highest grade in the failure grades as the current failure grade of the driving device.
4. The method for handling a failure in automatic driving according to claim 1, wherein,
the determining the current failure level according to the failure type of the functional module, the driving function provided by the functional module correspondingly and the speed of the driving device comprises:
if the communication of the map functional module fails, judging whether the map provided by the map functional module is updated;
if the updating is completed, determining a first failure level in the failure level table as a current failure level;
if the updating is not completed, determining a second failure level in the failure level table as the current failure level;
the controlling the driving device to execute the corresponding fault handling action according to the failure level includes:
controlling the driving device to keep the original automatic driving state to run according to the first failure level;
or controlling the driving device to reduce the step of automatic driving according to the second failure level so as to reduce the speed of the driving device from the first speed range to the second speed range or from the second speed range to the third speed range;
wherein a lowest speed in the first speed range is greater than a highest speed in the second speed range, and a lowest speed in the second speed range is greater than a highest speed in the third speed range.
5. The method for handling a failure in automatic driving according to claim 1, wherein,
the determining the current failure level according to the failure type of the functional module, the driving function provided by the functional module correspondingly and the speed of the driving device comprises: if the decision-making planning function module is in communication or algorithm failure and the speed of the driving device is in the second speed range, determining a third failure level in the failure level table as a current failure level;
if the decision-making planning function module is in communication or algorithm failure and the speed of the driving device is in the third speed range, determining a fourth failure level in the failure level table as a current failure level;
if the decision-making planning function module is in communication or algorithm failure and the speed of the driving device is in a first speed range, determining a fifth failure level in the failure level table as a current failure level;
the controlling the driving device to execute the corresponding fault handling action according to the failure level further includes:
controlling the driving device to execute side parking according to the third failure level;
or controlling the driving device to execute deceleration on the own lane according to the fourth failure level;
Or controlling the driving device to enter a safety emergency area according to the fifth failure level to avoid emergency.
6. The method for handling a failure in automatic driving according to claim 1, wherein,
the fault handling method further comprises the steps of: when the failure of the driving function provided by the corresponding function module is detected to be the first driving function, the function module with the first driving function in the function modules which are controlled to normally operate executes the first driving function of the driving device; the determining the current failure level according to the failure type of the functional module, the driving function provided by the functional module correspondingly and the speed of the driving device comprises: and determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function and the speed of the driving device.
7. The method for handling an autopilot fault as claimed in claim 6, wherein,
the first driving function is an obstacle sensing function, and the functional module with the obstacle sensing function in the driving device comprises a camera, a laser radar, a millimeter wave radar and an ultrasonic radar;
The determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function, and the speed of the driving device includes: if the laser radar, the ultrasonic radar and the camera are in communication failure, the function module currently executing the obstacle sensing function is a millimeter wave radar, and the speed of the driving device is in a first speed range, determining a second failure level in the failure level table as a current failure level;
the controlling the driving device to execute the corresponding fault handling action according to the failure level includes: and controlling the driving device to execute reduced-order automatic driving according to the second failure level so as to enable the speed of the driving device to be reduced from the first speed range to the second speed range.
8. The method for handling an autopilot fault as claimed in claim 6, wherein,
the first driving function is an obstacle sensing function, and the functional module with the obstacle sensing function in the driving device comprises a camera, a laser radar, a millimeter wave radar and an ultrasonic radar;
The determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function, and the speed of the driving device includes: if the communication of the camera, the laser radar and the millimeter wave radar fails, determining a sixth failure level in the failure level table as a current failure level;
the controlling the driving device to execute the corresponding fault handling action according to the failure level further includes: and controlling the driving device to prolong the driving data before failure according to the sixth failure level, and withdrawing automatic driving within a preset period of time and prompting a driver to take over.
9. The method for handling an autopilot fault as claimed in claim 6, wherein,
the first driving function is a positioning function, and the functional module with the positioning function in the driving device comprises an inertial navigation unit, a GPS unit, a camera and a laser radar; the determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function, and the speed of the driving device includes:
If the inertial navigation unit, the GPS unit and the camera are in communication failure, the function module currently executing the positioning function is a laser radar, and the speed of the driving device is in a first speed range, determining a fifth failure level in the failure level table as a current failure level;
if the inertial navigation unit, the GPS unit and the camera are in communication failure, the function module for currently executing the positioning function is a laser radar, and the speed of the driving device is in the second speed range, determining a third failure level in the failure level table as a current failure level;
if the inertial navigation unit, the GPS unit and the camera are in communication failure, the function module for currently executing the positioning function is a laser radar, and the speed of the driving device is in a third speed range, determining a first failure level in the failure level table as a current failure level;
the controlling the driving device to execute the corresponding fault handling action according to the failure level includes:
controlling the driving device to enter a safety emergency area according to the fifth failure level to avoid emergency;
Or controlling the driving device to execute side parking according to the third failure level;
or controlling the driving device to keep the original automatic driving state to run according to the first failure level.
10. The method for handling a failure in automatic driving according to claim 9, wherein,
the functional module with a positioning function in the driving device further comprises an ultrasonic radar;
the determining the current failure level in the failure level table according to the type of the failed functional module, the type of the functional module currently executing the first driving function, the failure type of the functional module, the first driving function, and the speed of the driving device includes: if the inertial navigation unit, the GPS unit, the laser radar and the camera are in communication failure, the functional module currently executing the positioning function is the ultrasonic radar, and the speed of the driving device is in a first speed range or in a second speed range, determining a sixth failure level in the failure level table as a current failure level;
if the inertial navigation unit, the GPS unit, the laser radar and the camera are in communication failure, the functional module currently executing the positioning function is the ultrasonic radar, and the speed of the driving device is in a third speed range, determining a first failure level in the failure level table as a current failure level;
The controlling the driving device to execute the corresponding fault handling action according to the failure level further includes: controlling the driving device to prolong the driving data before failure according to the sixth failure level, and withdrawing automatic driving within a preset period of time and prompting a driver to take over;
or controlling the driving device to keep the original automatic driving state to run according to the first failure level.
11. A driving apparatus comprising a processor and a memory, the memory storing a computer program, the processor implementing the method of fault handling for automated driving according to any one of claims 1-10 when executing the computer program.
12. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions, which when executed by a processor, implement the fault handling method of autopilot according to any one of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210741673.7A CN117341713A (en) | 2022-06-28 | 2022-06-28 | Failure processing method for automatic driving, driving device, and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210741673.7A CN117341713A (en) | 2022-06-28 | 2022-06-28 | Failure processing method for automatic driving, driving device, and computer-readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117341713A true CN117341713A (en) | 2024-01-05 |
Family
ID=89356201
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210741673.7A Pending CN117341713A (en) | 2022-06-28 | 2022-06-28 | Failure processing method for automatic driving, driving device, and computer-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117341713A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118144806A (en) * | 2024-05-06 | 2024-06-07 | 北京茵沃汽车科技有限公司 | Camera sensor and fault detection method thereof |
-
2022
- 2022-06-28 CN CN202210741673.7A patent/CN117341713A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118144806A (en) * | 2024-05-06 | 2024-06-07 | 北京茵沃汽车科技有限公司 | Camera sensor and fault detection method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111688663B (en) | Motor vehicle and method for controlling automatic driving operation thereof | |
| CN107908186B (en) | Method and system for controlling operation of unmanned vehicle | |
| Wei et al. | Towards a viable autonomous driving research platform | |
| CN109532719B (en) | Electric automobile based on multisensor information fusion | |
| US20170297576A1 (en) | State-based operation for autonomous vehicles | |
| CN109808682B (en) | Unmanned vehicle parking method and device and terminal | |
| US20230391368A1 (en) | Vehicle for performing minimal risk maneuver and method for operating the same | |
| CN112977453A (en) | Automatic lane changing device and method for vehicle | |
| CN113895450A (en) | Safety redundancy system and control method for unmanned vehicle sensing system | |
| EP3932768B1 (en) | Arithmetic operation device for automobiles | |
| WO2021089608A1 (en) | Adaptive cruise control | |
| US12033391B2 (en) | Systems and methods for detecting deep neural network inference quality using image/data manipulation without ground truth information | |
| US20230278580A1 (en) | Vehicle with mountable and removable autonomous driving system | |
| CN115071680B (en) | Safety limiting method for vehicle driving auxiliary transverse control system and readable storage medium | |
| CN116215571A (en) | Automatic driving system and method for vehicle | |
| CN117341713A (en) | Failure processing method for automatic driving, driving device, and computer-readable storage medium | |
| CN116279468A (en) | Control method and device of vehicle power system, vehicle and storage medium | |
| US11733701B2 (en) | Vehicle | |
| CN116166011A (en) | Vehicle guiding method and device, vehicle and storage medium | |
| WO2019012848A1 (en) | Parking assistance device | |
| WO2023287906A1 (en) | System and method in the prediction of target vehicle behavior based on image frame and normalization | |
| JP7226238B2 (en) | vehicle control system | |
| EP4337507A1 (en) | A method for controlling a vehicle | |
| CN112289027A (en) | Automatic driving architecture system meeting automobile function safety standard | |
| CN114132317B (en) | Intelligent curve side driving control method, system, vehicle and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |