CN112540599A - Safety processing method, safety processing system and intelligent driving system - Google Patents
Safety processing method, safety processing system and intelligent driving system Download PDFInfo
- Publication number
- CN112540599A CN112540599A CN202011606518.1A CN202011606518A CN112540599A CN 112540599 A CN112540599 A CN 112540599A CN 202011606518 A CN202011606518 A CN 202011606518A CN 112540599 A CN112540599 A CN 112540599A
- Authority
- CN
- China
- Prior art keywords
- component
- intelligent driving
- driving system
- state
- track
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 96
- 238000003672 processing method Methods 0.000 title claims abstract description 13
- 238000012544 monitoring process Methods 0.000 claims abstract description 109
- 238000004891 communication Methods 0.000 claims abstract description 61
- 230000004044 response Effects 0.000 claims abstract description 25
- 230000007613 environmental effect Effects 0.000 claims description 26
- 238000000034 method Methods 0.000 claims description 22
- 230000002159 abnormal effect Effects 0.000 claims description 9
- 230000007246 mechanism Effects 0.000 abstract description 8
- 230000001960 triggered effect Effects 0.000 abstract description 6
- 238000007781 pre-processing Methods 0.000 description 37
- 230000004927 fusion Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003213 activating effect Effects 0.000 description 2
- 238000005034 decoration Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05D—SYSTEMS FOR CONTROLLING OR REGULATING NON-ELECTRIC VARIABLES
- G05D1/00—Control of position, course, altitude or attitude of land, water, air or space vehicles, e.g. using automatic pilots
- G05D1/0088—Control of position, course, altitude or attitude of land, water, air or space vehicles, e.g. using automatic pilots characterized by the autonomous decision making process, e.g. artificial intelligence, predefined behaviours
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V20/00—Scenes; Scene-specific elements
- G06V20/50—Context or environment of the image
- G06V20/56—Context or environment of the image exterior to a vehicle by using sensors mounted on the vehicle
- G06V20/58—Recognition of moving objects or obstacles, e.g. vehicles or pedestrians; Recognition of traffic objects, e.g. traffic signs, traffic lights or roads
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Multimedia (AREA)
- Game Theory and Decision Science (AREA)
- Medical Informatics (AREA)
- Aviation & Aerospace Engineering (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Automation & Control Theory (AREA)
- Traffic Control Systems (AREA)
Abstract
The invention discloses a safety processing method, a safety processing system and an intelligent driving system.A state monitoring component judges whether each component in the intelligent driving system normally operates or not based on a communication state and an operating state, and generates a first safety processing decision based on a judgment result. According to the scheme, when each component in the intelligent driving system breaks down, a safety processing mechanism is triggered to obtain a first safety processing decision, the track collision check is carried out on the obtained expected track, if the track collision happens, a fault signal is obtained, a fault response decision is executed, and the safety performance of intelligent driving is improved through the first safety processing decision and the fault response decision.
Description
Technical Field
The invention relates to the technical field of intelligent driving, in particular to a safety processing method, a safety processing system and an intelligent driving system.
Background
With the development of intelligent driving technology, the application of the intelligent driving technology is more and more extensive. The intelligent driving technology integrates multiple functions of environment perception, planning decision, motion control and execution and the like, and covers multidisciplinary knowledge of machinery, control, sensor technology, signal processing, mode recognition, artificial intelligence, computing technology and the like.
The existing intelligent driving only provides the running condition of the vehicle and the basic functions provided by the intelligent driving, does not consider the safety condition of the vehicle in the intelligent driving, and cannot provide safety measures when the intelligent driving is influenced by external unsafe factors, such as huge pits appear in the front of a road, so that the safety performance of the existing intelligent driving is low.
Disclosure of Invention
In view of the above, the invention discloses a safety processing method, a safety processing system and an intelligent driving system, when each component in the intelligent driving system fails, a safety processing mechanism is triggered to obtain a first safety processing decision, the obtained expected track is subjected to track collision check, if the track collision occurs, a fault signal is obtained, a fault response decision is executed, and the safety performance of intelligent driving is improved through the first safety processing decision and the fault response decision.
In order to achieve the purpose, the technical scheme disclosed by the invention is as follows:
the invention discloses a safety processing method, which is applied to a safety processing system, wherein the safety processing system is arranged in an intelligent driving system, the safety processing system comprises a communication monitoring component, an operation monitoring component, a state monitoring component and an asymmetric redundancy planning component, and the method comprises the following steps:
the communication monitoring component monitors the communication state among all components in the intelligent driving system in real time and sends the communication state to the state monitoring component;
the operation monitoring component monitors the operation state among all components in the intelligent driving system in real time and sends the operation state to the state monitoring component;
the state monitoring component judges whether each component in the intelligent driving system normally operates or not based on the communication state and the operation state, and generates a first safety processing decision based on a judgment result;
the asymmetric redundant planning component determines an expected track based on environment element information acquired in advance, performs track collision check on the expected track, and sends a fault signal to the state monitoring component if track collision occurs, wherein the environment element information at least comprises obstacle information, lane information and/or passable area information;
the condition monitoring component performs a fault response decision based on the fault signal.
Preferably, the safety processing system further comprises a redundant trajectory planning component, and the state monitoring component executes a fault response decision based on the fault signal, including:
the state monitoring component determines that the asymmetric redundancy planning component fails based on a fault signal of the asymmetric redundancy planning component, and sends a second safety processing decision to the redundant track planning component;
the redundant trajectory planning component re-trajectory plans the desired trajectory based on the second safety processing decision.
Preferably, the secure processing system further comprises a reactive planning component, and the method further comprises:
and the reactive planning component judges whether the system is in a dangerous state or not based on the environment element information, generates control information if the system is in the dangerous state, and executes safety processing operation based on the control information.
Preferably, the determining, by the state monitoring component, whether each component in the intelligent driving system normally operates based on the communication state and the operation state includes:
the state monitoring component detects each component in the intelligent driving system based on the communication state, and if communication faults occur among the components in the intelligent driving system, the abnormal operation of each component in the intelligent driving system is determined; if no communication fault occurs among all components in the intelligent driving system, determining that all components in the intelligent driving system normally operate;
the state monitoring component detects each component in the intelligent driving system based on the running state, and if running faults occur among the components in the intelligent driving system, the abnormal running of each component in the intelligent driving system is determined; and if no operation fault occurs among all the components in the intelligent driving system, determining that all the components in the intelligent driving system normally operate.
Preferably, the asymmetric redundant planning component includes a trajectory planning component and a trajectory checking component, the asymmetric redundant planning component determines an expected trajectory based on the environmental element information acquired in advance, performs trajectory collision check on the expected trajectory, and sends a fault signal to the state monitoring component if a trajectory collision occurs, and the method includes:
the track planning component determines an expected track based on the environment element information acquired in advance;
and the track checking component carries out track collision check on the expected track based on the environment element information, and sends a fault signal to the state monitoring component if track collision occurs.
The invention discloses a safety processing system, which is arranged in an intelligent driving system and comprises a communication monitoring component, an operation monitoring component, a state monitoring component, a track checking component and an asymmetric redundancy planning component;
the communication monitoring component is used for monitoring the communication state among all components in the intelligent driving system in real time and sending the communication state to the state monitoring component;
the operation monitoring component is used for monitoring the operation state among all components in the intelligent driving system in real time and sending the operation state to the state monitoring component;
the state monitoring component is used for judging whether each component in the intelligent driving system normally operates or not based on the communication state and the operation state, and generating a first safety processing decision based on a judgment result;
the asymmetric redundant planning component is used for determining an expected track based on pre-acquired environmental element information, performing track collision check on the expected track, and sending a fault signal to the state monitoring component if the track collision occurs, wherein the environmental element information at least comprises obstacle information, lane information and/or passable area information;
the condition monitoring component is used for executing fault response decision based on the fault signal.
Preferably, the method further comprises the following steps: a redundant trajectory planning component;
the state monitoring component is used for determining that the asymmetric redundancy planning component fails based on a fault signal of the asymmetric redundancy planning component and sending a second safety processing decision to the redundant track planning component;
the redundant trajectory planning component is configured to re-plan the desired trajectory based on the second safety processing decision.
Preferably, the method further comprises the following steps: a reactive planning component;
and the reactive planning component is also used for judging whether the environment element information is in a dangerous state or not based on the environment element information, generating control information if the environment element information is in the dangerous state, and executing safety processing operation based on the control information.
Preferably, the status monitoring component is specifically configured to:
detecting each component in the intelligent driving system based on the communication state, and determining that each component in the intelligent driving system abnormally operates if communication faults occur among the components in the intelligent driving system; if no communication fault occurs among all components in the intelligent driving system, determining that all components in the intelligent driving system normally operate; detecting each component in the intelligent driving system based on the running state, and determining that each component in the intelligent driving system runs abnormally if running faults occur among the components in the intelligent driving system; and if no operation fault occurs among all the components in the intelligent driving system, determining that all the components in the intelligent driving system normally operate.
The invention discloses an intelligent driving system in a third aspect, which comprises any one of the safety processing systems disclosed in the second aspect of the invention.
According to the technical scheme, the state monitoring component judges whether each component in the intelligent driving system normally operates or not based on the communication state and the operation state, a first safety processing decision is generated based on the judgment result, the asymmetric redundancy planning component determines an expected track based on the environment element information acquired in advance, track collision check is carried out on the expected track, if track collision occurs, a fault signal is sent to the state monitoring component, and the state monitoring component executes a fault response decision based on the fault signal. According to the scheme, when each component in the intelligent driving system breaks down, a safety processing mechanism is triggered to obtain a first safety processing decision, the track collision check is carried out on the obtained expected track, if the track collision happens, a fault signal is obtained, a fault response decision is executed, and the safety performance of intelligent driving is improved through the first safety processing decision and the fault response decision.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a block diagram of a secure processing system according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a security processing method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It can be known from the background art that, in the prior art, only the running condition of the vehicle and the basic functions provided by intelligent driving are provided in the intelligent driving, and the safety condition of the vehicle in the intelligent driving is not considered, when the intelligent driving is affected by external unsafe factors, such as a huge pit appears in the front of a road, safety measures cannot be provided, so that the safety performance of the existing intelligent driving is low.
In order to solve the problems, the invention discloses a safety processing method, a safety processing system and an intelligent driving system, wherein a state monitoring component judges whether each component in the intelligent driving system normally operates or not based on a communication state and an operation state, a first safety processing decision is generated based on a judgment result, an asymmetric redundancy planning component determines an expected track based on environment element information acquired in advance, track collision check is carried out on the expected track, if the track collision occurs, a fault signal is sent to the state monitoring component, and the state monitoring component executes a fault response decision based on the fault signal. According to the scheme, when each component in the intelligent driving system breaks down, a safety processing mechanism is triggered to obtain a first safety processing decision, the track collision check is carried out on the obtained expected track, if the track collision happens, a fault signal is obtained, a fault response decision is executed, and the safety performance of intelligent driving is improved through the first safety processing decision and the fault response decision. The specific implementation is specifically illustrated by the following examples.
As shown in fig. 1, an architecture diagram of a safety processing system disclosed in an embodiment of the present invention is provided, where the safety processing system is disposed in an intelligent driving system, the safety processing system includes a communication monitoring component 101, an operation monitoring component 102, a state monitoring component 103, and an asymmetric redundancy planning component 104, and the intelligent driving system includes a data acquisition component, a data preprocessing component, a sensor data fusion component, a trajectory planning component, a motion control component, a map processing component, a system state machine component, a human-computer interaction data processing component, and an actuator.
The data acquisition assembly comprises a first forward-looking camera, a second forward-looking camera, a laser radar, a millimeter wave radar and an ultrasonic radar.
The data preprocessing component comprises a forward-looking camera data preprocessing component, a laser data preprocessing component, a millimeter wave data preprocessing component and an ultrasonic data preprocessing component.
A first front-view camera for acquiring environment description information.
The environment description information includes obstacle information, lane information and/or passable area information.
And the second front-view camera is used for acquiring the environment description information.
And sending the environment description information acquired by the second front-view camera to the reactive planning component to judge the dangerous condition.
And the laser radar is used for acquiring the environment description information.
And the millimeter wave radar is used for acquiring the environment description information.
And the ultrasonic radar is used for acquiring the environment description information.
The forward-looking camera data preprocessing component is used for preprocessing the data and diagnosing the fault of the environment description information acquired by the first forward-looking camera.
The forward-looking camera data preprocessing component performs data preprocessing operation on the environment description information acquired by the first forward-looking camera to acquire forward-looking obstacle information, forward-looking lane line information, forward-looking passable area information and the like.
When the forward-looking camera data preprocessing component detects that the first forward-looking camera is malfunctioning, first forward-looking camera malfunction information is generated and sent to the state monitoring component 103.
And sending the environmental description information preprocessed by the forward-looking camera data preprocessing component to the sensor data fusion component.
And the laser data preprocessing component is used for preprocessing the data and diagnosing the faults of the obstacle information and the passable area information acquired by the laser radar.
The laser data preprocessing component is used for carrying out data preprocessing operation on environment description information acquired by the laser radar to obtain laser radar obstacle information, laser radar passable area information and the like.
When the laser data preprocessing component detects that the laser radar has a fault, laser radar fault information is generated and sent to the state monitoring component 103.
And sending the environmental description information preprocessed by the laser data preprocessing component to the sensor data fusion component.
And the millimeter wave data preprocessing component is used for preprocessing data and diagnosing faults of the obstacle information acquired by the millimeter wave radar.
The millimeter wave data preprocessing component is used for carrying out data preprocessing operation on environment description information acquired by the millimeter wave radar to obtain millimeter wave radar obstacle information.
When the millimeter wave data preprocessing component detects that the millimeter wave radar fails, millimeter wave radar failure information is generated and sent to the state monitoring component 103.
And sending the environment description information preprocessed by the millimeter wave data preprocessing component to the sensor data fusion component.
And the ultrasonic data preprocessing component is used for preprocessing the data and diagnosing faults of the environmental element information acquired by the ultrasonic radar.
The environmental element information acquired by the ultrasonic data preprocessing component is subjected to data preprocessing operation to obtain ultrasonic detection distance, ultrasonic passable area information and the like.
When the ultrasonic data preprocessing component detects that the ultrasonic radar has a fault, ultrasonic radar fault information is generated and sent to the state monitoring component 103.
And sending the environmental description information preprocessed by the ultrasonic data preprocessing component to the sensor data fusion component.
And the sensor data fusion component is used for packaging the same type of environment element information preprocessed by the forward-looking camera data preprocessing component, the laser data preprocessing component, the millimeter wave data preprocessing component and/or the ultrasonic data preprocessing component and sending the packaged environment element information to the trajectory planning component.
For example, the sensor data fusion component packages the forward-looking obstacle information obtained by the forward-looking camera data preprocessing component, the laser radar obstacle information obtained by the laser data preprocessing component, and the millimeter wave radar obstacle information obtained by the millimeter wave data preprocessing component.
And the motion control assembly is used for calculating expected torque, motor torque and brake pressure based on the track information to obtain expected values corresponding to the expected torque, the expected values corresponding to the motor torque and the expected values corresponding to the brake pressure, and sending the expected values to corresponding actuators.
And the map processing component is used for extracting the road information from the off-line map.
And the system state machine component is used for displaying the current state information of the intelligent driving system.
The current state information of the intelligent driving system comprises normal state information, abnormal state information, fault state information and the like.
And the human-computer interaction data processing component is used for displaying the state information of the current intelligent driving system to a user.
And the actuator is used for executing corresponding processing operation based on the expected value corresponding to the expected torque, the expected value corresponding to the motor torque and the expected value corresponding to the brake pressure.
The actuators comprise a torque actuator, a motor torque actuator, a braking force actuator and the like.
The number of actuators may be 1 or more, and the number of specific actuators is not particularly limited in the present invention.
And the communication monitoring component 101 is used for monitoring the communication state among the components in the intelligent driving system in real time and sending the communication state to the state monitoring component.
Wherein the communication state comprises a normal communication state and an abnormal communication state.
And the operation monitoring component 102 is used for monitoring the operation state among the components in the intelligent driving system in real time and sending the operation state to the state monitoring component.
The running state comprises a normal running state and an abnormal running state.
And the state monitoring component 103 is used for judging whether each component in the intelligent driving system normally operates or not based on the communication state and the operation state, and generating a first safety processing decision based on the judgment result.
If each component in the intelligent driving system is abnormally operated, the state monitoring component 103 generates fault information and generates a first safety processing decision based on the fault information.
The state monitoring component 103 receives fault types and failure types output by all components in the intelligent driving system, performs a unified first safety processing decision according to the driving environment, broadcasts the first safety processing decision to each component for execution, and simultaneously feeds back fault information, failure information and the first safety processing decision to the system state Machine component for switching the intelligent driving function state and notifying a Human Machine Interface (HMI).
The intelligent driving function states comprise states of closing, waiting, activating, failure and the like.
The HMI notification may be used to alert the driver of the current state of the smart driving system.
Further, the state monitoring component 103 is specifically configured to detect each component in the intelligent driving system based on a communication state, and determine that each component in the intelligent driving system is abnormally operated if a communication fault occurs between each component in the intelligent driving system; if no communication fault occurs among all components in the intelligent driving system, determining that all components in the intelligent driving system normally operate; detecting each component in the intelligent driving system based on the running state, and determining that each component in the intelligent driving system runs abnormally if running faults occur among the components in the intelligent driving system; and if no operation fault occurs among the components in the intelligent driving system, determining that the components in the intelligent driving system normally operate.
The asymmetric redundancy planning component 104 is configured to determine an expected track based on the pre-acquired environmental element information, perform track collision check on the expected track, and send a fault signal to the state monitoring component 103 if a track collision occurs.
The asymmetric redundant programming component 104 determines an expected track based on the pre-acquired environmental element information, and performs track collision check on the expected track, and if no track collision occurs, the track check operation is passed.
The desired trajectory is the trajectory calculated by the asymmetric redundant planning component 104 for the desired vehicle operation.
The asymmetric redundant programming component 104 determines an expected track based on the pre-acquired environmental element information, performs track collision check on the expected track, and if no track collision occurs, the track collision check is passed.
If the vehicle travels along a trajectory passing the trajectory collision check, no collision occurs with other vehicles, pedestrians, or obstacles.
Further, the asymmetric redundancy planning component 104 includes a trajectory planning component and a trajectory inspection component.
And the trajectory planning component is used for determining the expected trajectory based on the environment element information acquired in advance.
And the track planning component obtains decision-making behaviors based on the packed environment element information, and carries out track planning based on the packed environment element information and the decision-making behaviors to obtain the expected track.
The decision-making behaviors include lane keeping, lane switching and the like.
And the track checking component is used for carrying out track collision check on the expected track based on the environment element information, and sending a fault signal to the state monitoring component 103 if the track collision occurs.
The track planning component and the track checking component are distributed on different Central Processing Unit (CPU) cores, so as to avoid mutual interference.
A condition monitoring component 103 for performing fault response decisions based on the fault signals.
The fault response decision comprises the operations of parking at the side, starting an emergency lamp, prompting the fault, and braking in an emergency.
Optionally, the safety processing system further comprises a redundancy planning component.
The status monitoring component 103 determines that the asymmetric redundancy planning component 104 fails based on the failure signal of the asymmetric redundancy planning component 104, and sends a second safety processing decision to the redundant trajectory planning component.
The redundant trajectory planning component re-plans the desired trajectory based on the second safety processing decision.
The redundancy planning component and the complex algorithm are arranged in different computing chips of the same computing platform, and the algorithm part of the redundancy planning component is arranged in the computing chip with weaker computing power and higher safety according to the design principle of the computing platform.
The input of the redundancy planning component is millimeter wave data, foresight data and ultrasonic data, the redundancy planning component uses limited sensor data to realize sensing data processing, data fusion and decision planning, and ensures that the redundancy planning component covers the same operating environment of the main algorithm.
The redundancy planning component can be used as a planner for redundancy backup, when the main algorithm has short-time faults, such as the crash of the main algorithm track planning component and the damage of a main algorithm chip, the control of the vehicle in a short time is realized, and the fault-tolerant redundancy mechanism ensures the safety of the intelligent driving system and also ensures the practicability.
Optionally, the secure processing system further comprises a reactive planning component.
And the reactive planning component is used for judging whether the system is in a dangerous state or not based on the environment element information, generating control information if the system is in the dangerous state, and executing safety processing operation based on the control information.
The control information may be active braking control information, side parking control information, emergency lamp control starting information, and the like.
The safety processing operation can be an active brake control operation, an edge parking control operation, an emergency light control starting operation and the like.
The input of the reactive planning component is a single-source sensor, in this embodiment, the reactive planning component is a second front-view camera, and the reactive planning component does not need to pack the environmental element information acquired by the second front-view camera, and only needs to judge the current dangerous situation according to the environmental element information acquired by the second front-view camera.
The control information output by the reactive planning component is preferentially responded in the scheme.
The embodiment of the invention discloses a safety processing system.A state monitoring component judges whether each component in an intelligent driving system normally operates or not based on a communication state and an operating state, and generates a first safety processing decision based on a judgment result. According to the scheme, when each component in the intelligent driving system breaks down, a safety processing mechanism is triggered to obtain a first safety processing decision, the track collision check is carried out on the obtained expected track, if the track collision happens, a fault signal is obtained, a fault response decision is executed, and the safety performance of intelligent driving is improved through the first safety processing decision and the fault response decision.
Based on the above-mentioned security processing system disclosed in the embodiment of the present invention, as shown in fig. 2, it is a schematic flow chart of a security processing method disclosed in the embodiment of the present invention, and the security processing method is applicable to the above-mentioned security processing system disclosed in the embodiment of the present invention, and the security processing method mainly includes the following steps:
s201: the communication monitoring component monitors the communication state among all components in the intelligent driving system in real time and sends the communication state to the state monitoring component.
Wherein the communication state comprises a normal communication state and an abnormal communication state.
S202: the operation monitoring component monitors the operation state among all components in the intelligent driving system in real time and sends the operation state to the state monitoring component.
The running state comprises a normal running state and an abnormal running state.
S203: the state monitoring component judges whether each component in the intelligent driving system normally operates or not based on the communication state and the operation state, and generates a first safety processing decision based on a judgment result.
When each component in the intelligent driving system abnormally operates, the state monitoring component generates fault information and generates a first safety processing decision based on the fault information.
The state monitoring component receives fault types and failure types output by all components in the intelligent driving system, carries out unified first safety processing decisions according to the driving environment, broadcasts the first safety processing decisions to be executed by all the components, and simultaneously feeds back fault information, failure information and safety processing decisions to the system state machine component to carry out switching of the intelligent driving function state and notification of a human-machine interface (HMI).
The intelligent driving function states comprise states of closing, waiting, activating, failure and the like.
The HMI notification may be used to alert the driver of the current state of the smart driving system.
The above-mentioned process of the state monitoring component in S203 determining whether each component in the smart driving system normally operates based on the communication state and the operation state is as shown in a1-a 5.
A1: the state monitoring component detects each component in the intelligent driving system based on the communication state.
A2: and if communication faults occur among all components in the intelligent driving system, determining that all the components in the intelligent driving system abnormally operate.
A3: and if no communication fault occurs among the components in the intelligent driving system, determining that the components in the intelligent driving system normally operate.
A4: the state monitoring component detects each component in the intelligent driving system based on the running state, and determines that each component in the intelligent driving system runs abnormally if running faults occur among the components in the intelligent driving system.
A5: and if no operation fault occurs among the components in the intelligent driving system, determining that the components in the intelligent driving system normally operate.
S204: the asymmetric redundancy planning component determines an expected track based on the pre-acquired environmental element information, performs track collision check on the expected track, and sends a fault signal to the state monitoring component if the track collision occurs.
Wherein the environmental element information at least includes obstacle information, lane information and/or passable area information.
The expected track is a track calculated by the asymmetric redundant planning component and expected to run by the vehicle.
The asymmetric redundant planning component determines an expected track based on the pre-acquired environmental element information, performs track collision check on the expected track, and if no track collision occurs, the track collision check is passed.
If the vehicle travels along a trajectory passing the trajectory collision check, no collision occurs with other vehicles, pedestrians, or obstacles.
In the above S204, the asymmetric redundant programming module determines an expected trajectory based on the environmental element information acquired in advance, performs trajectory collision check on the expected trajectory, and sends a fault signal to the state monitoring module if a trajectory collision occurs, as shown in B1-B2.
The asymmetric redundant planning component comprises a track planning component and a track checking component.
B1: the trajectory planning component determines a desired trajectory based on the pre-acquired environmental element information.
B2: and the track checking component carries out track collision check on the expected track based on the environmental element information, and sends a fault signal to the state monitoring component if the track collision occurs.
S205: the condition monitoring component performs a fault response decision based on the fault signal.
The fault response decision comprises the operations of parking at the side, starting an emergency lamp, prompting the fault, and braking in an emergency.
The embodiment of the invention discloses a safety processing method, wherein a state monitoring component judges whether each component in an intelligent driving system normally operates or not based on a communication state and an operation state, a first safety processing decision is generated based on a judgment result, an asymmetric redundancy planning component determines an expected track based on pre-acquired environmental element information, track collision check is carried out on the expected track, if the track collision occurs, a fault signal is sent to the state monitoring component, and the state monitoring component executes a fault response decision based on the fault signal. According to the scheme, when each component in the intelligent driving system breaks down, a safety processing mechanism is triggered to obtain a first safety processing decision, the track collision check is carried out on the obtained expected track, if the track collision happens, a fault signal is obtained, a fault response decision is executed, and the safety performance of intelligent driving is improved through the first safety processing decision and the fault response decision.
Optionally, the state monitoring component determines that the asymmetric redundancy planning component fails based on a failure signal of the asymmetric redundancy planning component, and sends a second safety processing decision to the redundant trajectory planning component.
The redundant trajectory planning component re-plans the desired trajectory based on the second safety processing decision.
The redundancy planning component and the complex algorithm are arranged in different computing chips of the same computing platform, and the algorithm part of the redundancy planning component is arranged in the computing chip with weaker computing power and higher safety according to the design principle of the computing platform.
The input of the redundancy planning component is millimeter wave data, foresight data and ultrasonic data, the redundancy planning component uses limited sensor data to realize sensing data processing, data fusion and decision planning, and ensures that the redundancy planning component covers the same operating environment of the main algorithm.
The redundancy planning component can be used as a planner for redundancy backup, when the main algorithm has short-time faults, such as the crash of the main algorithm track planning component and the damage of a main algorithm chip, the control of the vehicle in a short time is realized, and the fault-tolerant redundancy mechanism ensures the safety of the intelligent driving system and also ensures the practicability.
Optionally, the reactive planning component determines whether the mobile terminal is in a dangerous state based on the environment element information, generates control information if the mobile terminal is in the dangerous state, and executes a safety processing operation based on the control information.
The control information may be active braking control information, side parking control information, emergency lamp control starting information, and the like.
The safety processing operation can be an active brake control operation, an edge parking control operation, an emergency light control starting operation and the like.
The input of the reactive planning component is a single-source sensor, in this embodiment, the reactive planning component is a second front-view camera, and the reactive planning component does not need to pack the environmental element information acquired by the second front-view camera, and only needs to judge the current dangerous situation according to the environmental element information acquired by the second front-view camera.
The scheme preferentially responds to the control information output by the reactive planning component.
In the embodiment of the invention, whether the system is in a dangerous state is judged by the reactive planning component based on the environmental element information, if so, control information is generated, and safety processing operation is preferentially executed based on the control information.
While, for purposes of simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present invention is not limited by the illustrated ordering of acts, as some steps may occur in other orders or concurrently with other steps in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The steps in the method of each embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A safety processing method is applied to a safety processing system, the safety processing system is arranged in an intelligent driving system, the safety processing system comprises a communication monitoring component, an operation monitoring component, a state monitoring component and an asymmetric redundancy planning component, and the method comprises the following steps:
the communication monitoring component monitors the communication state among all components in the intelligent driving system in real time and sends the communication state to the state monitoring component;
the operation monitoring component monitors the operation state among all components in the intelligent driving system in real time and sends the operation state to the state monitoring component;
the state monitoring component judges whether each component in the intelligent driving system normally operates or not based on the communication state and the operation state, and generates a first safety processing decision based on a judgment result;
the asymmetric redundant planning component determines an expected track based on environment element information acquired in advance, performs track collision check on the expected track, and sends a fault signal to the state monitoring component if track collision occurs, wherein the environment element information at least comprises obstacle information, lane information and/or passable area information;
the condition monitoring component performs a fault response decision based on the fault signal.
2. The method of claim 1, wherein the safety processing system further comprises a redundant trajectory planning component, the condition monitoring component performing fault response decisions based on the fault signals, comprising:
the state monitoring component determines that the asymmetric redundancy planning component fails based on a fault signal of the asymmetric redundancy planning component, and sends a second safety processing decision to the redundant track planning component;
the redundant trajectory planning component re-trajectory plans the desired trajectory based on the second safety processing decision.
3. The method of claim 1, wherein the secure processing system further comprises a reactive planning component, the method further comprising:
and the reactive planning component judges whether the system is in a dangerous state or not based on the environment element information, generates control information if the system is in the dangerous state, and executes safety processing operation based on the control information.
4. The method of claim 1, wherein the condition monitoring component determines whether each component in the smart driving system is operating normally based on the communication status and the operating status, comprising:
the state monitoring component detects each component in the intelligent driving system based on the communication state, and if communication faults occur among the components in the intelligent driving system, the abnormal operation of each component in the intelligent driving system is determined; if no communication fault occurs among all components in the intelligent driving system, determining that all components in the intelligent driving system normally operate;
the state monitoring component detects each component in the intelligent driving system based on the running state, and if running faults occur among the components in the intelligent driving system, the abnormal running of each component in the intelligent driving system is determined; and if no operation fault occurs among all the components in the intelligent driving system, determining that all the components in the intelligent driving system normally operate.
5. The method according to claim 1, wherein the asymmetric redundant planning component includes a trajectory planning component and a trajectory checking component, the asymmetric redundant planning component determines an expected trajectory based on the environmental element information acquired in advance, performs trajectory collision check on the expected trajectory, and sends a fault signal to the state monitoring component if a trajectory collision occurs, including:
the track planning component determines an expected track based on the environment element information acquired in advance;
and the track checking component carries out track collision check on the expected track based on the environment element information, and sends a fault signal to the state monitoring component if track collision occurs.
6. A safety processing system is characterized by being arranged in an intelligent driving system and comprising a communication monitoring component, an operation monitoring component, a state monitoring component, a track checking component and an asymmetric redundancy planning component;
the communication monitoring component is used for monitoring the communication state among all components in the intelligent driving system in real time and sending the communication state to the state monitoring component;
the operation monitoring component is used for monitoring the operation state among all components in the intelligent driving system in real time and sending the operation state to the state monitoring component;
the state monitoring component is used for judging whether each component in the intelligent driving system normally operates or not based on the communication state and the operation state, and generating a first safety processing decision based on a judgment result;
the asymmetric redundant planning component is used for determining an expected track based on pre-acquired environmental element information, performing track collision check on the expected track, and sending a fault signal to the state monitoring component if the track collision occurs, wherein the environmental element information at least comprises obstacle information, lane information and/or passable area information;
the condition monitoring component is used for executing fault response decision based on the fault signal.
7. The system of claim 6, further comprising: a redundant trajectory planning component;
the state monitoring component is used for determining that the asymmetric redundancy planning component fails based on a fault signal of the asymmetric redundancy planning component and sending a second safety processing decision to the redundant track planning component;
the redundant trajectory planning component is configured to re-plan the desired trajectory based on the second safety processing decision.
8. The system of claim 6, further comprising: a reactive planning component;
and the reactive planning component is also used for judging whether the environment element information is in a dangerous state or not based on the environment element information, generating control information if the environment element information is in the dangerous state, and executing safety processing operation based on the control information.
9. The system of claim 6, wherein the condition monitoring component is specifically configured to:
detecting each component in the intelligent driving system based on the communication state, and determining that each component in the intelligent driving system abnormally operates if communication faults occur among the components in the intelligent driving system; if no communication fault occurs among all components in the intelligent driving system, determining that all components in the intelligent driving system normally operate; detecting each component in the intelligent driving system based on the running state, and determining that each component in the intelligent driving system runs abnormally if running faults occur among the components in the intelligent driving system; and if no operation fault occurs among all the components in the intelligent driving system, determining that all the components in the intelligent driving system normally operate.
10. An intelligent driving system, characterized in that the intelligent driving system comprises the safety processing system of any one of claims 6 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011606518.1A CN112540599A (en) | 2020-12-28 | 2020-12-28 | Safety processing method, safety processing system and intelligent driving system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011606518.1A CN112540599A (en) | 2020-12-28 | 2020-12-28 | Safety processing method, safety processing system and intelligent driving system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112540599A true CN112540599A (en) | 2021-03-23 |
Family
ID=75017986
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011606518.1A Pending CN112540599A (en) | 2020-12-28 | 2020-12-28 | Safety processing method, safety processing system and intelligent driving system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112540599A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN202003216U (en) * | 2010-12-20 | 2011-10-05 | 河南鸿马实业有限公司 | Remote monitoring system for status of electric automobile |
| CN103455409A (en) * | 2013-09-17 | 2013-12-18 | 张家港美核电子科技有限公司 | System and method for monitoring safety of dangerous chemical transport in real time |
| CN104299475A (en) * | 2014-10-23 | 2015-01-21 | 上海自仪泰雷兹交通自动化系统有限公司 | Simulator used for automatic monitoring system of train |
| CN204557162U (en) * | 2015-04-14 | 2015-08-12 | 黄斌 | A kind of safety monitoring device for truck |
| CN106274986A (en) * | 2016-08-30 | 2017-01-04 | 北京终南山科技发展有限公司 | Vehicle monitor terminal and safety of railway traffic monitoring system |
| CN110606106A (en) * | 2019-09-26 | 2019-12-24 | 北京唐智科技发展有限公司 | Comprehensive monitoring system and method for safe operation of train and fault diagnosis instrument |
| CN110979014A (en) * | 2019-11-21 | 2020-04-10 | 中国第一汽车股份有限公司 | Power supply safety monitoring method, device and system and vehicle |
| CN111240328A (en) * | 2020-01-16 | 2020-06-05 | 中智行科技有限公司 | Vehicle driving safety monitoring method and device and unmanned vehicle |
-
2020
- 2020-12-28 CN CN202011606518.1A patent/CN112540599A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN202003216U (en) * | 2010-12-20 | 2011-10-05 | 河南鸿马实业有限公司 | Remote monitoring system for status of electric automobile |
| CN103455409A (en) * | 2013-09-17 | 2013-12-18 | 张家港美核电子科技有限公司 | System and method for monitoring safety of dangerous chemical transport in real time |
| CN104299475A (en) * | 2014-10-23 | 2015-01-21 | 上海自仪泰雷兹交通自动化系统有限公司 | Simulator used for automatic monitoring system of train |
| CN204557162U (en) * | 2015-04-14 | 2015-08-12 | 黄斌 | A kind of safety monitoring device for truck |
| CN106274986A (en) * | 2016-08-30 | 2017-01-04 | 北京终南山科技发展有限公司 | Vehicle monitor terminal and safety of railway traffic monitoring system |
| CN110606106A (en) * | 2019-09-26 | 2019-12-24 | 北京唐智科技发展有限公司 | Comprehensive monitoring system and method for safe operation of train and fault diagnosis instrument |
| CN110979014A (en) * | 2019-11-21 | 2020-04-10 | 中国第一汽车股份有限公司 | Power supply safety monitoring method, device and system and vehicle |
| CN111240328A (en) * | 2020-01-16 | 2020-06-05 | 中智行科技有限公司 | Vehicle driving safety monitoring method and device and unmanned vehicle |
Non-Patent Citations (2)
| Title |
|---|
| 余伶俐等: "智能驾驶技术 路径规划与导航控制", vol. 1, 31 May 2020, 机械工业出版社, pages: 123 - 125 * |
| 肖贵平等: "交通安全工程(第二版)", vol. 1, 20 February 2011, 中国铁道出版社, pages: 234 - 237 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107531250B (en) | Vehicle safety electronic control system | |
| CN110709303B (en) | Vehicle control device | |
| CN109213115B (en) | Control command detection method and device for automatic driving vehicle | |
| CN107908186B (en) | Method and system for controlling operation of unmanned vehicle | |
| US20200074769A1 (en) | Vehicle Fault Handling Method, Apparatus, Device and Storage Medium | |
| CN110271559B (en) | Improved control system and improved control method for autonomously controlling a motor vehicle | |
| CN109204189A (en) | Automated driving system, fault alarm method and device | |
| EP3980309B1 (en) | Autonomous vehicle control system | |
| JP2008505012A (en) | Redundant data bus system | |
| CN112622930A (en) | Unmanned vehicle driving control method, device and equipment and automatic driving vehicle | |
| KR102452555B1 (en) | Apparatus for controlling fail-operational of vehicle, and method thereof | |
| CN113895450A (en) | Safety redundancy system and control method for unmanned vehicle sensing system | |
| CN106054852A (en) | Architecture for scalable fault tolerance in integrated fail-silent and fail-operational systems | |
| CN110053630A (en) | Control method for vehicle and device | |
| CN112585550A (en) | Driving function monitoring based on neural network | |
| CN114265303A (en) | Automatic driving control system and vehicle | |
| KR101914624B1 (en) | Processor for preventing accident of automatic driving system and method of the same | |
| CN110533947A (en) | Control system, method, electronic equipment and the computer storage medium of the vehicles | |
| CN112540599A (en) | Safety processing method, safety processing system and intelligent driving system | |
| CN110427014B (en) | Fault vehicle control method and device and chassis control instruction execution method and device | |
| US20230192139A1 (en) | Method and system for addressing failure in an autonomous agent | |
| CN116384755A (en) | Method and device for determining cooperative driving safety of vehicle Lu Yun, vehicle and storage medium | |
| JP2020032963A (en) | Vehicle control device | |
| CN110857072B (en) | Method for ensuring functional safety and integrity of a shut-off device and vehicle | |
| Zhang | Vehicle health monitoring for AVCS malfunction management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |