CN114997688A - Unmanned card-collecting safety integrity level evaluation method - Google Patents

Unmanned card-collecting safety integrity level evaluation method Download PDF

Info

Publication number
CN114997688A
CN114997688A CN202210683499.5A CN202210683499A CN114997688A CN 114997688 A CN114997688 A CN 114997688A CN 202210683499 A CN202210683499 A CN 202210683499A CN 114997688 A CN114997688 A CN 114997688A
Authority
CN
China
Prior art keywords
level
unmanned
severity
safety integrity
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210683499.5A
Other languages
Chinese (zh)
Inventor
张晋
耿劲松
罗经天
陈泊通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongfeng Yuexiang Technology Co Ltd
Original Assignee
Dongfeng Yuexiang Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongfeng Yuexiang Technology Co Ltd filed Critical Dongfeng Yuexiang Technology Co Ltd
Priority to CN202210683499.5A priority Critical patent/CN114997688A/en
Publication of CN114997688A publication Critical patent/CN114997688A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/20Administration of product repair or maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services
    • G06Q50/265Personal security, identity or safety
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/40Business processes related to the transportation industry

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • Economics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • Educational Administration (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Development Economics (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Game Theory and Decision Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Traffic Control Systems (AREA)

Abstract

The application relates to an unmanned card-collecting safety integrity grade evaluation method, which comprises the following steps: determining a failure event which can cause the unmanned card concentrator to be potentially harmful and an operation scene during failure; evaluating the severity level, the exposure rate level and the controllability level of the unmanned card collection when a failure event occurs based on the failure event and the operation scene; and judging the safety integrity level of the unmanned card concentrator based on the severity level, the exposure rate level and the controllability level. According to the method, the severity grade is redefined, the problem that the ASIL grade evaluation is inaccurate due to the fact that no person participates in the field when an accident occurs on the unmanned truck, and the development cannot be effectively guided in the design and development process is effectively solved, meanwhile, the method is beneficial to guiding the research and development of the vehicle concept design stage and testing and verification of the vehicle safety performance, helps to reduce the accident probability and loss caused when the electric function of the unmanned truck fails, and improves the safety of the unmanned truck.

Description

Unmanned truck safety integrity level evaluation method
Technical Field
The present application relates to the field of unmanned trading cards, and in particular, to the field of unmanned trading card security integrity level assessment.
Background
With the progress of science and technology, the unmanned technology gradually comes into the sight of the public. At present, it has become a reality to apply a class L4 (highly autonomous) autonomous vehicle to some limited parks, such as unmanned trucks (unmanned container trucks) at ports, docks, although there is still some distance from the unmanned application to a passenger car running on a public road.
The unmanned truck needs to complete high-degree automatic driving on one hand, and needs to cooperate with equipment such as cranes, gantry cranes and the like of ports and docks to complete loading and unloading of containers on the other hand. Therefore, unmanned cards require numerous electrical devices to cooperate to support the functions described above. However, as the number of electrical devices of automobiles increases, the performance of the automobiles is improved, and the failure risk of the whole automobiles is also improved.
The ISO 26262 standard provides a concept of asil (automatic Safety integrity level) car Safety integrity level, which can evaluate and quantify the risk brought by failure (fault) to achieve the Safety target. And carrying out hazard analysis and risk assessment on the system in the product concept design stage, identifying the hazard of the system, and if the safety risk of the system is higher, the corresponding safety requirement level is higher, and the ASIL level of the system is higher. Although ISO 26262-2018 can effectively solve the hazard caused by electrical faults in the whole life cycle of a vehicle, the hazard (severity) of the vehicle is more to emphasize the hazard to people when the hazard occurs, and the hazard is confirmed according to casualty conditions, so that the vehicle cannot be applied to unmanned trucks. The reason is that in the actual operation process of the port, firstly, in the types of possible accidents of the vehicles, the accident probability of collision with a container in a storage yard, collision with a bridge crane, rushing out of the sea surface and the like without personnel participation is higher, so that the personnel are not injured when the accident occurs; in addition, even if personnel are involved in the event, the personnel are able to avoid the danger due to the safety training and some safety measures that the personnel receive. In both cases, if the conventional ASIL method is used, the estimated hazard is low and the safety integrity level is substantially low. This would allow the assessment to comply with the functional safety requirements of the ISO standard, but it is clear that the vehicle is still at risk for an unmanned truck. Such a result is unacceptable to vehicle development companies and port vehicle operation and use companies. Therefore, the application of the standard of ISO 26262 to unmanned trucks does not achieve significant results, and some analysis methods which are not related to human but seriously affect the safety of the application functions of the assets such as vehicles, containers and the like cannot be avoided.
In the prior art, a set of complete safety integrity evaluation aiming at the unmanned card collection and a method for effectively guiding the unmanned card collection development do not exist. It is important to have a reasonable methodology for assessing the safety integrity of an unmanned card and effectively guiding the development of an unmanned card.
The above problems become a problem to be solved.
Disclosure of Invention
The purpose of the present application is to overcome the deficiencies of the prior art, and to provide a safety integrity level assessment method for unmanned card concentrator, the application of an ASIL grade evaluation standard in the unmanned truck is adapted by redefining the severity grade and combining with the value definition of E, C in the functional safety standard, a set of evaluation standards of the ASIL grade which are more suitable for the vehicle safety integrity grade of a special vehicle such as the unmanned truck is obtained, when an accident happens to the unmanned truck, because the ASIL grade can not effectively guide the development for QM due to unreasonable evaluation standards, the invention provides a set of ASIL grade evaluation method for unmanned truck vehicles, the safety integrity level of the unmanned truck can be evaluated more reasonably, the research and development of the vehicle concept design stage and the test verification of the safety performance of the vehicle are guided, and the safety of the unmanned truck is improved.
The purpose of the application is realized by the following technical scheme:
the application provides an unmanned card-collecting safety integrity level evaluation method, which comprises the following steps:
determining a failure event which can cause the unmanned card concentrator to be potentially harmful and an operation scene during failure;
evaluating the severity level, the exposure rate level and the controllability level of the unmanned card concentrator when the failure event occurs based on the failure event and the operation scene;
judging the safety integrity level of the unmanned card collection based on the severity level, the exposure rate level and the controllability level;
wherein the severity level is classified according to whether the failure event causes an accident when occurring and the degree of influence of the accident on the vehicle and objects in the environment.
According to the method, the severity grade is redefined, and the severity grade is hooked with the loss/damage degree of objects in vehicles and environments caused by failure events, so that the method suitable for safety integrity evaluation of the unmanned truck is obtained.
Optionally, the severity level comprises: s0, S1, S2, S3;
s0 shows that when failure events occur, accidents do not occur;
s1 shows that after the failure event happens, the object in the vehicle or environment is slightly injured;
s2 shows that after the failure event occurs, the object in the vehicle or environment can continue to work after the simple maintenance caused by the accident;
s3 indicates that after the failure event occurs, the accident results in the object in the vehicle or environment needing extensive maintenance, or the object in the vehicle or environment being scrapped.
The method for evaluating the safety integrity of the unmanned truck collection is obtained by redefining the severity level, and specifically, the severity level is divided into four levels according to whether the fault (failure) causes the accident or not and the severity of the accident: s0, S1, S2 and S3 solve the problem that ASIL grades cannot effectively guide development due to unreasonable evaluation standards when accidents happen to the unmanned truck, are beneficial to guiding research and development in the vehicle concept design stage and test verification of vehicle safety performance, and improve the safety of the unmanned truck.
Optionally, the determining, based on the severity level, the exposure level, and the controllability level, a safety integrity level of the unmanned card concentrator includes:
and acquiring a numerical value corresponding to the safety integrity grade according to the calculated first numerical value S corresponding to the severity grade, the calculated second numerical value E corresponding to the exposure rate grade and the calculated third numerical value C corresponding to the controllability grade, and acquiring a final safety integrity grade according to the numerical value corresponding to the safety integrity grade.
In the application, the severity grade, the exposure rate grade and the controllability grade can correspond to specific numerical values, each grade is evaluated and represented through the numerical values, and after the numerical values of the three grades are determined, the safety integrity grade of the unmanned card concentrator is calculated according to the three numerical values.
Optionally, the obtaining a final safety integrity level according to the value corresponding to the safety integrity level includes:
when (S + E + C) < = first threshold, or when S × E × C =0, the unmanned aggregate card safety integrity level is a first level;
when (S + E + C) = second threshold, the unmanned aggregate card security integrity level is a second level;
when (S + E + C) = third threshold, the unmanned aggregate card security integrity level is a third level;
when (S + E + C) = fourth threshold, the unmanned aggregate card security integrity level is a fourth level;
when (S + E + C) = fifth threshold, the unmanned aggregate card security integrity level is a fifth level;
the first threshold, the second threshold, the third threshold, the fourth threshold and the fifth threshold are sequentially increased in number; the levels of the first level, the second level, the third level, the fourth level and the fifth level are sequentially increased.
The application further provides a method for evaluating the safety integrity level of the unmanned truck by using numerical values corresponding to the severity level, the exposure rate level and the controllability level, and the safety integrity level is finally determined based on the comparison of the sum of the three numerical values and a certain threshold value. The method is scientific and reasonable, and the evaluation method suitable for the unmanned card collection can be obtained through simple calculation and judgment. A higher level of safety integrity indicates a greater safety risk to the system and a higher requirement on functional safety.
Optionally, the exposure rate rating comprises: e0, E1, E2, E3, E4;
where E0 indicates impossibility and E1 indicates very low probability; e2 denotes low probability; e3 denotes medium probability; e4 denotes high probability. The level of exposure (probability of exposure) may represent the probability that a person or property may be affected when the risk occurs. The specific probability may be, for example, that the very low probability indicates that the probability of being affected is less than 0.01%, and the low probability indicates that the probability of being affected is between the threshold of the very low probability and 1%; the medium probability means that the affected probability is between 1% and 10%; a high probability indicates a probability of being affected of more than 10%. Of course, there may be differences between vendors for the threshold values corresponding to the probabilities of the respective levels in practice.
Optionally, the controllability level comprises: c0, C1, C2, C3;
wherein C0 denotes controllable; c1 denotes simple controllable; c2 denotes generally controllable; c3 indicates difficult or uncontrollable control.
In the present application, Controllability (Controllability) means the level of ability to avoid injury. For example, it may be that C0 represents a generally controllable, i.e., even if some failure occurs, it does not affect vehicle operation or cause an accident; c1 indicates that generally at least 99% of the traffic participants can avoid injury; c2 indicates that 90% -99% of the traffic participants are protected from injury; c3 indicates that less than 90% of the traffic participants can avoid injury. Of course, in practice, the above described division of probabilities or levels may differ slightly from manufacturer to manufacturer.
Optionally, the failure event comprises an electrical functional failure. With the improvement of the degree of automation of the vehicle, the number of the vehicle-mounted electrical devices is increased, the functions are more and more complicated, and the failure of the electrical functions becomes an item which cannot be ignored in the design of the vehicle. The safety integrity evaluation of the electrical function failure in a specific scene is necessary to improve the safety of the unmanned card collection.
Optionally, assessing the severity level comprises:
p1: judging whether an accident is possibly caused or not when a failure event occurs; if not, the severity level is S0; if yes, go to P2;
p2: judging whether the continuous operation of the vehicle is influenced or whether objects in the environment are continuously used under the condition of not maintaining; if not, the severity level is S1; if yes, go to P3;
p3: judging whether the required maintenance is complex, if so, the severity grade is S3, and if not, entering P4;
p4: and judging the maintenance cost condition or judging whether the parts needing to be replaced relate to high-cost parts, if the maintenance cost is greater than a preset value or the parts needing to be replaced relate to the high-cost parts, the severity grade is S3, and if not, the severity grade is S2.
The method is simple in process, easy to judge and capable of being universally used in safety integrity level evaluation of all unmanned collecting cards.
Optionally, in P1, if the severity level is determined to be S0, the safety integrity level is a first level;
in P2, if it is determined that the severity level is S1, the safety integrity level is a third level;
in P3, if it is determined that the severity level is S3, the safety-integrity level is a fifth level;
in P4, if the severity level is determined to be S2, the safety integrity level is a fourth level, and if the severity level is determined to be S3, the safety integrity level is a fifth level.
In the operation process of the unmanned card concentrator, the highest exposure rate can reach the level of E4 in the normal use scene; when the trouble takes place, because unmanned set card non-driver's operation, there is network delay and communication reliability in the platform is controlled, and the security personnel handle takes over can not follow a car in whole journey, so the controllability of vehicle accident is relatively poor, and the highest controllability level can all reach the C3 level, based on this, can directly judge the safety integrality grade of whole car according to the severity grade, and is simple and convenient.
Optionally, the required maintenance is determined to be complicated based on the time of maintenance and/or the number of persons participating in the maintenance and/or whether parts are replaced.
The present application further proposes a computer-readable storage medium storing a computer program, wherein the computer program is configured to implement the above method for assessing the security integrity level of an unmanned truck when executed.
The beneficial effect of this application does:
(1) the safety integrity grade evaluation method for the unmanned truck is provided, and by selecting a proper severity grade evaluation standard, the safety integrity grade of the unmanned truck can be evaluated more reasonably, so that the research and development of a vehicle concept design stage and the test verification of the vehicle safety performance are guided;
(2) the problem that ASIL grade evaluation is inaccurate and development cannot be effectively guided in the design and development process due to the fact that no person participates in the site when an accident occurs to an unmanned truck is effectively solved;
(3) the situation that the design phase of the vehicle accident is unreasonable is effectively solved, the safety of the unmanned truck vehicle is improved, and the accident probability and loss caused by the fact that the unmanned truck vehicle has electrical function failure are reduced.
Drawings
FIG. 1 is a method for evaluating a security integrity level of an unmanned hub according to an embodiment of the present application;
FIG. 2 is a table of severity levels provided by an embodiment of the present application;
FIG. 3 is a table of exposure levels provided by an embodiment of the present application;
FIG. 4 is a table of controllability levels provided by an embodiment of the present application;
FIG. 5 is an ASIL rating table provided in accordance with an embodiment of the present application;
fig. 6 is a security integrity level evaluation method for an unmanned hub according to another embodiment of the present application.
Detailed Description
The technical solution of the present application is further described in detail with reference to the following specific examples, but the scope of the present application is not limited to the following.
Referring to fig. 1, an embodiment of the present application provides a method for evaluating a security integrity level of an unmanned truck, which includes: determining a failure event which can cause the unmanned card concentrator to be potentially harmful and an operation scene during failure; evaluating the severity level, the exposure rate level and the controllability level of the unmanned card gathering when the failure event occurs based on the failure event and the operation scene; judging the safety integrity level of the unmanned card concentrator based on the severity level, the exposure rate level and the controllability level; wherein the severity level is classified according to whether the failure event causes an accident when occurring and the degree of influence of the accident on the vehicle and objects in the environment.
Where a vehicle represents the unmanned card itself, and an object in the environment represents an object other than the unmanned card that may be affected by the failure event of the unmanned card, including, for example, containers, bridge cranes, tire cranes, other vehicles, etc. in the environment. In addition, it should be noted that the failure event described in the present application may also be regarded as a failure.
Optionally, the severity level comprises: s0, S1, S2, S3; s0 shows that when failure events occur, accidents do not occur; s1 shows that after the failure event happens, the object in the vehicle or environment is slightly injured; s2 shows that after the failure event occurs, the object in the vehicle or environment can continue to work after the simple maintenance caused by the accident; s3 indicates that the object in the vehicle or environment requires extensive maintenance or is scrapped after the failure event occurs. Wherein, at S3, the object in the vehicle or environment reaches the degree of serious damage or even rejection.
It should be noted that, in the unmanned aggregate card Safety integrity Level evaluation, namely, the unmanned aggregate card ASIL Safety integrity Level (automatic Safety integrity Level-automobile Safety integrity Level) evaluation, the Safety integrity Level is defined to evaluate and quantify the risk brought by failure so as to achieve the Safety objective. The rank is established mainly by three factors: s (severity), E (probability of exposure), and C (controllability). The definitions of values of E and C may be consistent with the definitions in ISO 26262 functional safety standard. For example, exposure rate may represent the probability that a person or property may be affected when a risk occurs. Controllability (Controllability) represents the level of ability to avoid injury.
The severity S is redefined for the unmanned hub, see fig. 2, and the factors of influence S of the ASIL classes are totally divided into four classes S0, S1, S2, S3. Wherein S0 shows that when the fault occurs, no accident occurs, such as when the vehicle runs on an open straight road, the speed of the vehicle is momentarily out of control but no accident occurs; s1 shows that after the fault occurs, objects (such as containers, bridge cranes, tyre cranes, etc.) in the vehicle or environment are only slightly injured (such as slight scratch) and do not affect the continuous operation of the vehicle and the continuous use of the objects in the environment, such as the vehicle and the container are rubbed due to short positioning deviation when the vehicle runs at low speed in a storage yard area; s2 shows that after a fault occurs, the object in the vehicle or the environment cannot be used directly due to an accident, and the vehicle or the environment can continue to work only after simple maintenance, for example, the position of the sensor deviates due to the accident, the position of the sensor needs to be recalibrated, or the sensor with lower cost such as a camera and a millimeter wave radar needs to be replaced when damaged; s3 shows that after the fault occurs, the accident causes the vehicle or the object in the environment to be seriously damaged, and the vehicle or the object in the environment can be continuously used after complex maintenance, for example, the vehicle is collided with the object when the speed is too fast, the vehicle is damaged in a large area, or the ultrasonic radar, the inertial navigation and other sensors and controllers with higher cost are damaged, or the vehicle rushes into the sea surface and the like.
According to the method, a set of assessment standards based on the safety integrity level (ASIL) of the unmanned truck, which are more suitable for a special vehicle such as the unmanned truck and based on the functional safety, is obtained by defining the assessment standard of S (safety) in the functional safety and combining the value definition of E, C in the functional safety standard, and the risks brought by the failure of the unmanned truck, such as software and hardware functions and electrical functions, are assessed and quantified, so that the safety target is achieved, and the development and the test of the unmanned truck are effectively guided.
Alternatively, referring to fig. 3, the exposure rate ratings include: e0, E1, E2, E3, E4; where E0 denotes impossible and E1 denotes extremely low probability; e2 denotes low probability; e3 denotes medium probability; e4 denotes high probability. As previously mentioned, exposure rate may represent the probability that a person or property may be affected when a risk occurs. It is understood that E0 represents that people or property are not affected, E1 represents that people or property are likely to be affected with a very low probability, and E2 represents that people or property are likely to be affected with a low probability; e3 indicates that the person or property may be affected to a moderate degree; e4 indicates that the probability that a person or property may be affected is high. The specific probability may be, for example, that the very low probability indicates that the probability of being affected is less than 0.01%, and the low probability indicates that the probability of being affected is between the threshold of the very low probability and 1%; the medium probability means that the affected probability is between 1% and 10%; a high probability indicates a probability of being affected of more than 10%. Of course, there may be differences between the threshold values for the probabilities of the respective levels in practice. The application is not limited herein.
Alternatively, referring to fig. 4, the controllability level includes: c0, C1, C2, C3; wherein C0 denotes controllable; c1 denotes simple controllable; c2 denotes generally controllable; c3 indicates difficult or uncontrollable control. In the present application, Controllability (Controllability) means the level of ability to avoid injury. For example, it may be that C0 indicates that it is generally controllable, i.e., does not affect vehicle operation or cause an accident, even if some failure occurs; c1 indicates that generally 99% of traffic participants can avoid injury; c2 indicates that 90% -99% of the traffic participants can avoid injury; c3 indicates that less than 90% of the traffic participants can avoid injury. Of course, in practice, the above described division of probabilities or levels may differ slightly from manufacturer to manufacturer.
It will be appreciated that the failure events that may potentially compromise the invalid hub come primarily from both software failures and hardware failures. The hardware failure includes controller failure, actuator failure, sensor failure, and the like.
Optionally, the failure event is an electrical function failure. When a failure event occurs in a vehicle, it does not mean that a hazardous event or danger necessarily exists. The hazard potential is only increased or increased when a failure event exists in a particular driving or operational scenario. Therefore, a level of risk of compromise, i.e. a safety integrity level, needs to be done in connection with the failure event and the specific operational scenario. The operation scenes comprise all scenes such as sunny days, daytime, rainy days, nights, wet and slippery road surfaces, steering, straight traveling, storage yard removal, charging area removal, bridge crane removal and the like. In particular, individual scenarios may be selected on a targeted basis, such as operation scenarios that are more dangerous when disabled, e.g. when the operation scenario is a turn, a turn signal lamp fails; brake failure in rainy days and slippery roads, and the like.
In one possible implementation, the determining the safety integrity level of the unmanned truck based on the severity level, the exposure level and the controllability level includes:
and acquiring a numerical value corresponding to the safety integrity grade according to the calculated first numerical value S corresponding to the severity grade, the calculated second numerical value E corresponding to the exposure rate grade and the calculated third numerical value C corresponding to the controllability grade, and acquiring a final safety integrity grade according to the numerical value corresponding to the safety integrity grade.
One embodiment provides a specific way to determine the safety integrity level of an unmanned card concentrator, which is implemented as follows:
after a first numerical value S corresponding to the severity grade, a second numerical value E corresponding to the exposure rate grade and a third numerical value C corresponding to the controllability grade are obtained, summing the three values and judging as follows:
when (S + E + C) < = first threshold, or when S × E × C =0, the unmanned aggregate card safety integrity level is a first level;
when (S + E + C) = second threshold, the unmanned aggregate card security integrity level is a second level;
when (S + E + C) = third threshold, the unmanned aggregate card security integrity level is a third level;
when (S + E + C) = fourth threshold, the unmanned aggregate card security integrity level is a fourth level;
when (S + E + C) = fifth threshold, the unmanned aggregate card security integrity level is a fifth level;
the first threshold, the second threshold, the third threshold, the fourth threshold and the fifth threshold are sequentially increased in size, and the requirements of the corresponding first grade, the corresponding second grade, the corresponding third grade, the corresponding fourth grade and the corresponding fifth grade on the function safety are also sequentially increased in size. The fifth level is the highest automotive safety integrity level, with the highest requirements for functional safety. It can be understood as five levels QM, a, B, C, D, which in turn correspond to the conventional ASIL levels.
Optionally, the numerical values corresponding to E0, E1, E2, E3, and E4 are 0, 1, 2, 3, and 4 in sequence; the numerical values corresponding to C0, C1, C2 and C3 are 0, 1, 2 and 3 in sequence; similarly, S0, S1, S2 and S3 correspond to values of 0, 1, 2 and 3 in this order. At this time, the first threshold value is 6, and the second threshold value, the third threshold value, the fourth threshold value and the fifth threshold value are 7, 8, 9 and 10 in sequence. Of course, the present application is not limited thereto, and the above threshold values may be configured according to the needs.
Based on the above method, fig. 5 shows a ASIL level mapping table, which does not consider the case where the severity level, the controllability level, and the exposure level are 0, that is, the case where the severity level is S0, the controllability level is C0, and the exposure level is E0, and it is considered that the failure case does not cause injury or loss in a specific driving scenario. For convenience of evaluation, an optional manner is to directly compare the severity level, the controllability level, and the exposure rate level with the table in fig. 5 after evaluation, and directly obtain a final safety integrity level according to the mapping relationship. Of course, the determination may be performed according to the above-described determination formula. The present application is not limited thereto.
Optionally, the failure event comprises an electrical function failure. With the improvement of the degree of automation of the vehicle, the number of the vehicle-mounted electrical devices is increased, the functions are more and more complicated, and the failure of the electrical functions becomes an item which cannot be ignored in the design of the vehicle. The safety integrity evaluation of the electrical function failure in a specific scene is necessary to improve the safety of the unmanned card collection.
Another embodiment of the present application provides a simplified method for confirming a severity level, which further includes the following steps after obtaining a failure event and an operation scenario:
p1: judging whether an accident is possibly caused or not when a failure event occurs; if not, the severity level is S0; if yes, go to P2;
p2: judging whether the continuous operation of the vehicle is influenced or whether objects in the environment are continuously used under the condition of not maintaining; if not, the severity level is S1; if yes, go to P3;
p3: judging whether the required maintenance is complex, if so, the severity grade is S3, and if not, entering P4;
p4: and judging the maintenance cost condition or judging whether the parts to be replaced relate to high-cost parts, wherein if the maintenance cost is greater than a preset value or the parts to be replaced relate to the high-cost parts, the severity grade is S3, otherwise, the severity grade is S2.
It will be appreciated that prior to step P1, it is necessary to determine the electrical function failures (or other failures) that may potentially compromise the entire vehicle and the more dangerous operational scenarios at which such failures are encountered. When P1 judges that the vehicle is possible to have an accident, the severity grade is high, at the moment, whether the vehicle can continue to operate without maintenance or whether objects in the environment can continue to be used without maintenance needs to be judged, if yes, the severity grade is judged to be S1, if not, the complexity of maintenance needs to be further judged, for example, whether simple maintenance can meet the requirement or not is considered by considering maintenance time and the number of people participating in maintenance, it needs to be explained that the replacement of parts belongs to simple maintenance, if the simple maintenance cannot meet the requirement, the severity grade is considered to be the highest grade S3, and the safety integrity grade is the highest grade D. If the simple maintenance can meet the use requirement, at this time, the maintenance cost is further judged, specifically, whether the maintenance cost is higher than a preset cost, for example, one ten thousand yuan (the cost threshold value can be adjusted as required), or whether the parts to be replaced relate to high-cost parts, for example, high-cost sensors and controllers such as a laser radar, a combined inertial navigation system, an automatic driving controller and the like. And (4) judging that the maintenance cost is higher than a certain value, or judging that the cost of the parts needing to be replaced is high, determining that the severity grade is higher, and determining that the severity grade is S3, otherwise, determining that the severity grade is S2. It should be noted that actually determining the high or low component cost is one way of determining the cost, and actually, only the cost determination may be performed without specially determining the component cost.
Understandably, in the operation process of the unmanned truck, the highest exposure rate of all scenes in normal use, such as sunny days, daytime, nighttime, steering, straight traveling, storage yard removal, charging removal areas, bridge crane removal and the like, can reach the level of E4; when a fault occurs, because the unmanned truck is not operated by a driver, network delay and communication reliability exist in platform control, and a safety worker handle takes over the vehicle without following the vehicle in the whole process, the controllability of the vehicle accident is poor, and the highest controllability level can reach the C3 level.
At this time, as for the safety-integrity level, referring to fig. 5, in P1, if it is determined that the severity level is S0, the safety-integrity level is a first level; in P2, if it is determined that the severity level is S1, the safety integrity level is a third level; in P3, if it is determined that the severity level is S3, the safety integrity level is a fifth level; in P4, if the severity level is determined to be S2, the safety integrity level is a fourth level, and if the severity level is determined to be S3, the safety integrity level is a fifth level.
In another aspect, the present application further provides a computer-readable storage medium, which stores a computer program, where the computer program is executed to implement the foregoing method for evaluating the safety integrity level of an unmanned collective card.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. An unmanned card-assembling safety integrity level assessment method is characterized by comprising the following steps:
determining a failure event which can cause the unmanned card concentrator to be potentially harmful and an operation scene during failure;
evaluating the severity level, the exposure rate level and the controllability level of the unmanned card concentrator when the failure event occurs based on the failure event and the operation scene;
judging the safety integrity level of the unmanned card concentrator based on the severity level, the exposure rate level and the controllability level;
wherein the severity level is classified according to whether the failure event causes an accident when occurring and the degree of influence of the accident on the vehicle and objects in the environment.
2. The unmanned card concentrator safety integrity level assessment method of claim 1, wherein the severity level comprises: s0, S1, S2, S3;
s0 shows that when failure events occur, accidents do not occur;
s1 shows that after the failure event happens, the object in the vehicle or environment is slightly injured;
s2 shows that after the failure event occurs, the vehicle or the object in the environment can continue to work after the simple maintenance caused by the accident;
s3 indicates that the accident results in substantial maintenance of the object in the vehicle or environment or rejection of the object in the vehicle or environment after the failure event.
3. The unmanned card concentrator safety integrity level assessment method according to claim 2, wherein the determining the safety integrity level of the unmanned card concentrator based on the severity level, the exposure level and the controllability level comprises:
and acquiring a value corresponding to the safety integrity level according to a first value S corresponding to the severity level, a second value E corresponding to the exposure rate level and a third value C corresponding to the controllability level, and acquiring a final safety integrity level according to the value corresponding to the safety integrity level.
4. The method for evaluating the safety integrity level of the unmanned card concentrator as claimed in claim 3, wherein the obtaining a final safety integrity level according to the value corresponding to the safety integrity level comprises:
when (S + E + C) < = first threshold, or when S × E × C =0, the unmanned aggregate card safety integrity level is a first level;
when (S + E + C) = second threshold, the unmanned aggregate card security integrity level is a second level;
when (S + E + C) = third threshold, the unmanned aggregate card security integrity level is a third level;
when (S + E + C) = fourth threshold, the unmanned aggregate card security integrity level is a fourth level;
when (S + E + C) = fifth threshold, the unmanned aggregate card security integrity level is a fifth level;
the first threshold, the second threshold, the third threshold, the fourth threshold and the fifth threshold are sequentially increased in size, and the levels of the first level, the second level, the third level, the fourth level and the fifth level are sequentially increased.
5. The unmanned card concentrator security integrity level assessment method of claim 4, wherein the exposure rate level comprises: e0, E1, E2, E3, E4; the controllability levels include: c0, C1, C2, C3; where E0 denotes impossible and E1 denotes extremely low probability; e2 denotes low probability; e3 denotes medium probability; e4 denotes high probability; c0 denotes controllable; c1 denotes simple controllable; c2 denotes generally controllable; c3 indicates difficult or uncontrollable control.
6. The unmanned card concentrator safety integrity level assessment method of claim 1, wherein: the failure event includes an electrical functional failure.
7. The unmanned truck-mounted safety integrity level assessment method according to any of claims 1-6, wherein assessing said severity level comprises:
p1: judging whether an accident is possibly caused or not when a failure event occurs; if not, the severity level is S0; if yes, go to P2;
p2: judging whether the continuous operation of the vehicle is influenced or whether objects in the environment are continuously used under the condition of not maintaining; if not, the severity level is S1; if yes, go to P3;
p3: judging whether the required maintenance is complex, if so, the severity grade is S3, and if not, entering P4;
p4: and judging the maintenance cost condition or judging whether the parts to be replaced relate to high-cost parts, wherein if the maintenance cost is greater than a preset value or the parts to be replaced relate to the high-cost parts, the severity grade is S3, otherwise, the severity grade is S2.
8. The unmanned truck-mounted safety integrity level assessment method according to claim 7, characterized in that:
in P1, if it is determined that the severity level is S0, the safety integrity level is a first level;
in P2, if it is determined that the severity level is S1, the safety integrity level is a third level;
in P3, if it is determined that the severity level is S3, the safety integrity level is a fifth level;
in P4, if the severity level is determined to be S2, the safety integrity level is a fourth level, and if the severity level is determined to be S3, the safety integrity level is a fifth level.
9. The method for assessing the safety integrity level of an unmanned truck concentrator as claimed in claim 8, wherein in P3, it is determined whether the required maintenance is complicated or not according to the maintenance time and/or the number of persons participating in the maintenance and/or whether parts are replaced.
10. A computer-readable storage medium storing a computer program, wherein the computer program when executed implements the method for unmanned hub security integrity level assessment according to any of claims 1-9.
CN202210683499.5A 2022-06-17 2022-06-17 Unmanned card-collecting safety integrity level evaluation method Pending CN114997688A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210683499.5A CN114997688A (en) 2022-06-17 2022-06-17 Unmanned card-collecting safety integrity level evaluation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210683499.5A CN114997688A (en) 2022-06-17 2022-06-17 Unmanned card-collecting safety integrity level evaluation method

Publications (1)

Publication Number Publication Date
CN114997688A true CN114997688A (en) 2022-09-02

Family

ID=83035145

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210683499.5A Pending CN114997688A (en) 2022-06-17 2022-06-17 Unmanned card-collecting safety integrity level evaluation method

Country Status (1)

Country Link
CN (1) CN114997688A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020013685A1 (en) * 1998-02-04 2002-01-31 Scott D. Kidd System and method for acquiring and quantifying vehicular damage information
US10354230B1 (en) * 2016-01-28 2019-07-16 Allstate Insurance Company Automatic determination of rental car term associated with a vehicle collision repair incident
CN110362077A (en) * 2019-07-03 2019-10-22 上海交通大学 Automatic driving vehicle urgent danger prevention decision system, method and medium
CN110909419A (en) * 2019-11-20 2020-03-24 上海汽车集团股份有限公司 Automobile safety integrity performance grade calculation method and device and server
CN111123887A (en) * 2019-12-10 2020-05-08 新石器慧通(北京)科技有限公司 Unmanned vehicle fault processing method and device, electronic equipment and storage medium
US20220019713A1 (en) * 2020-07-14 2022-01-20 Zenuity Ab Estimation of probability of collision with increasing severity level for autonomous vehicles
CN114348009A (en) * 2022-01-27 2022-04-15 中国第一汽车股份有限公司 Functional safety concept stage analysis method and brake control system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020013685A1 (en) * 1998-02-04 2002-01-31 Scott D. Kidd System and method for acquiring and quantifying vehicular damage information
US10354230B1 (en) * 2016-01-28 2019-07-16 Allstate Insurance Company Automatic determination of rental car term associated with a vehicle collision repair incident
CN110362077A (en) * 2019-07-03 2019-10-22 上海交通大学 Automatic driving vehicle urgent danger prevention decision system, method and medium
CN110909419A (en) * 2019-11-20 2020-03-24 上海汽车集团股份有限公司 Automobile safety integrity performance grade calculation method and device and server
CN111123887A (en) * 2019-12-10 2020-05-08 新石器慧通(北京)科技有限公司 Unmanned vehicle fault processing method and device, electronic equipment and storage medium
US20220019713A1 (en) * 2020-07-14 2022-01-20 Zenuity Ab Estimation of probability of collision with increasing severity level for autonomous vehicles
CN114348009A (en) * 2022-01-27 2022-04-15 中国第一汽车股份有限公司 Functional safety concept stage analysis method and brake control system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
林波;贺兴;黄嵘;李岩;: "严重安全性能故障的对比分析研究", 标准科学, no. 07, 16 July 2020 (2020-07-16) *

Similar Documents

Publication Publication Date Title
US11878643B2 (en) Event-based connected vehicle control and response systems
US10976737B2 (en) Systems and methods for determining safety events for an autonomous vehicle
CN106364486B (en) A kind of intelligent vehicle lane change control method based on hazard analysis
CN112613169B (en) Expected function safety analysis method for misoperation of automatic driving vehicle
CN112950974B (en) Vehicle speed limit prompting method, device, equipment and storage medium
US20220270486A1 (en) Accident prediction and consequence mitigation calculus
CN111123735A (en) Automatic driving simulation operation method and device
CN112596500B (en) Expected function safety analysis method for error/omission recognition of automatic driving vehicle
CN108369102A (en) Automobile driver is assisted to bypass rotary island
CN111105622B (en) Illegal parking correction method and device and storage medium
CN112506179A (en) Distributed computing system for autonomous vehicle operation
CN105976526A (en) Method and system for vehicle management based on V2X
CN110020471A (en) A kind of functional simulation detection system of autonomous driving vehicle
CN105632203A (en) Traffic safety early-warning method and system
Noh et al. Toward highly automated driving by vehicle-to-infrastructure communications
CN108810850A (en) Vehicle mounted failure broadcasting system, method, equipment and storage medium
Shadrin et al. Testing procedures and certification of highly automated and autonomous road vehicles
CN110533794A (en) Vehicle risk management method, computer installation and computer readable storage medium
CN110794802B (en) Fault diagnosis processing method and device
CN105946578A (en) Accelerator pedal control method and device and vehicle
CN114997688A (en) Unmanned card-collecting safety integrity level evaluation method
CN201961311U (en) Auxiliary system for safe driving of automobile
CN114973179A (en) Long downhill safety prevention and control method, device, electronic equipment and system
Romero et al. Robotics and road transportation: A review
Krysiuk et al. Driver's tasks in the context of the increase in the degree of automation of road transport

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination