CN115158192A - Method and device for determining fault-tolerant time intervals of a vehicle - Google Patents
Method and device for determining fault-tolerant time intervals of a vehicle Download PDFInfo
- Publication number
- CN115158192A CN115158192A CN202210716391.1A CN202210716391A CN115158192A CN 115158192 A CN115158192 A CN 115158192A CN 202210716391 A CN202210716391 A CN 202210716391A CN 115158192 A CN115158192 A CN 115158192A
- Authority
- CN
- China
- Prior art keywords
- time
- fault
- data
- vehicle
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000002159 abnormal effect Effects 0.000 claims abstract description 57
- 238000004891 communication Methods 0.000 claims description 21
- 230000005856 abnormality Effects 0.000 claims description 10
- 231100001261 hazardous Toxicity 0.000 claims description 5
- 230000006870 function Effects 0.000 description 13
- 239000000243 solution Substances 0.000 description 12
- 238000013461 design Methods 0.000 description 11
- 238000004088 simulation Methods 0.000 description 11
- 238000005259 measurement Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 6
- 230000008859 change Effects 0.000 description 6
- 230000008447 perception Effects 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 238000002347 injection Methods 0.000 description 5
- 239000007924 injection Substances 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 239000000470 constituent Substances 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 230000035772 mutation Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000001133 acceleration Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Images
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R16/00—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
- B60R16/02—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
- B60R16/023—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
- B60R16/0231—Circuits relating to the driving or the functioning of the vehicle
- B60R16/0232—Circuits relating to the driving or the functioning of the vehicle for measuring vehicle parameters and indicating critical, abnormal or dangerous conditions
Landscapes
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Mechanical Engineering (AREA)
- Electric Propulsion And Braking For Vehicles (AREA)
Abstract
The invention discloses a method and a device for determining fault tolerance time intervals of a vehicle. Wherein, the method comprises the following steps: acquiring abnormal data of an actuator of the vehicle, wherein the abnormal data of the actuator comprises a target speed; acquiring target electrical data obtained by adjusting electrical data of an actuator by abnormal data of the actuator; determining torque data of a mechanical member of the actuator based on the target electrical data; determining a first time when the vehicle is at a dangerous event based on the torque data; a first fault-tolerant time interval for the vehicle is determined based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated. The invention solves the technical problem of low accuracy of obtaining the fault tolerance time interval in the concept stage.
Description
Technical Field
The invention relates to the field of vehicles, in particular to a method and a device for determining fault tolerance time intervals of a vehicle.
Background
At present, when determining the fault tolerance time interval method, the formula and mechanism for evaluating the fault tolerance time interval parameters exist in the concept stage, but they are only based on simple assumptions for system design, but the fault tolerance time interval obtained in the concept stage is not accurate, which may possibly cause many changes in the later stage of the design of the automation equipment specification, such as software change, hardware change, and even the change of the whole system.
Aiming at the problem of low accuracy of obtaining fault tolerance time intervals in a concept stage, an effective solution is not provided at present.
Disclosure of Invention
The embodiment of the invention provides a method and a device for determining fault tolerance time interval of a vehicle, which are used for at least solving the technical problem of low accuracy of obtaining the fault tolerance time interval in a concept stage.
According to one aspect of an embodiment of the present invention, a method and apparatus for determining a fault tolerant time interval of a vehicle is provided. Wherein, the method comprises the following steps: acquiring abnormal data of an actuator of the vehicle, wherein the abnormal data of the actuator comprises a target speed; acquiring target electrical data obtained by adjusting electrical data of the actuator by abnormal data of the actuator; determining torque data for a mechanical member of the actuator based on the target electrical data; determining a first time when the vehicle is at a dangerous event based on the torque data; a first fault-tolerant time interval for the vehicle is determined based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated.
Optionally, the acquiring the target electrical data obtained by adjusting the electrical data of the actuator by the abnormal data of the actuator includes: acquiring abnormal data of a controller of a vehicle, wherein the abnormal data of the controller comprises abnormal data of a sensor of the vehicle; adjusting the speed of the controller based on the abnormal data of the controller to obtain a target speed; and adjusting the electric data of the actuator based on the target speed to obtain target electric data.
Optionally, the method further comprises: determining a second fault-tolerant time interval of the vehicle based on a fourth time when the target speed is generated, the second time and the first fault-tolerant time interval, wherein the second fault-tolerant time comprises the first fault-tolerant time.
Optionally, the method further comprises: and determining a third fault-tolerant time interval of the vehicle based on a fourth time, a fifth time and the second fault-tolerant time interval, wherein the third fault-tolerant time comprises the second fault-tolerant time, and the fifth time is the time when the abnormal data of the sensor of the vehicle is transmitted to the communication bus.
Optionally, determining a third fault-tolerant time interval of the vehicle based on the fourth time, the fifth time and the second fault-tolerant time interval comprises: determining the difference between the fourth time and the fifth time as the sensor time length; and determining the sum of the sensor time length and the second fault tolerance time interval as a third fault tolerance time interval.
Optionally, determining a second fault-tolerant time interval of the vehicle based on a fourth time when the target speed is generated, the second time and the first fault-tolerant time interval comprises: determining the difference between the fourth time and the second time as the controller time length; and determining the sum of the controller time length and the first fault tolerance time interval as a second fault tolerance time interval.
Optionally, determining a first fault tolerant time interval for the vehicle based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated comprises: determining the difference between the second time and the third time as the actuator time length; determining the difference between the first time and the second time as the time of the dangerous event is long; the sum of the actuator time duration and the hazard event time duration is determined as a first fault tolerance time interval.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for determining a fault tolerant time interval of a vehicle, including: a first acquisition unit configured to acquire abnormality data of an actuator of a vehicle, wherein the abnormality data of the actuator includes a target speed; the second acquisition unit is used for acquiring target electrical data obtained by adjusting the electrical data of the actuator by the abnormal data of the actuator; a first determination unit for determining torque data of a mechanical member of the actuator based on the target electrical data; a second determination unit for determining a first moment when the vehicle has a dangerous event based on the torque data; a third determination unit for determining a first fault-tolerant time interval of the vehicle based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated.
According to another aspect of the embodiment of the invention, a computer-readable storage medium is also provided. The computer readable storage medium includes a stored program, wherein the program, when executed, controls an apparatus of the computer readable storage medium to perform a method for determining a fault tolerance time interval of a vehicle according to an embodiment of the present invention.
According to another aspect of the embodiments of the present invention, there is also provided a processor. The processor is configured to run a program, wherein the program when executed performs a method of determining a fault tolerant time interval of a vehicle according to an embodiment of the present invention.
According to another aspect of the embodiments of the present invention, there is also provided a vehicle for performing the method of determining fault tolerant time intervals of a vehicle as claimed in the embodiments of the present invention.
In the embodiment of the invention, abnormal data of an actuator of a vehicle is acquired, wherein the abnormal data of the actuator comprises a target speed; acquiring target electrical data obtained by adjusting electrical data of the actuator by abnormal data of the actuator; determining torque data of a mechanical member of the actuator based on the target electrical data; determining a first time when the vehicle is at a dangerous event based on the torque data; a fault tolerant time interval for the vehicle is determined based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated. That is to say, according to the embodiment of the present invention, the abnormal data of the actuator of the vehicle and the target electrical data obtained by adjusting the electrical data of the actuator are obtained, the torque data of the mechanical member of the actuator are determined based on the target electrical data, the first time when the vehicle has a dangerous event is determined according to the torque data, and the first fault tolerance time interval of the vehicle is determined based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated, so that the purpose of obtaining the fault tolerance time interval of the vehicle according to the abnormal data of the actuator of the vehicle is achieved, the technical problem of low accuracy of obtaining the fault tolerance time interval in the concept stage is solved, and the technical effect of high accuracy of obtaining the fault tolerance time interval in the concept stage is achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of a method of determining a fault tolerant time interval for a vehicle according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of another method of determining a fault tolerant time interval for a vehicle according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of another method of determining fault tolerant time intervals for a vehicle according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of another method of determining a fault tolerant time interval for a vehicle according to an embodiment of the present invention;
FIG. 5 is a flow chart of another method of determining a fault tolerant time interval for a vehicle according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an apparatus for determining fault tolerant time intervals for a vehicle according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
In accordance with an embodiment of the present invention, there is provided a method of determining fault-tolerant time intervals for a vehicle, it being noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that presented herein.
Fig. 1 is a flowchart of a method of determining a fault tolerant time interval of a vehicle according to an embodiment of the present invention, which may include the steps of, as shown in fig. 1:
step S101, obtaining abnormal data of an actuator of the vehicle, wherein the abnormal data of the actuator comprises a target speed.
In the technical solution provided in step S101 of the present invention, the actuator may be an electromechanical device, and the abnormal data of the actuator may be an internal fault of the actuator of the vehicle, a fault injected into the actuator, or a target speed; and is not particularly limited herein.
And step S102, acquiring target electric data obtained by adjusting the electric data of the actuator by the abnormal data of the actuator.
In the technical solution provided by step S102 of the present invention, the electrical data of the actuator is the current value or the voltage value of the actuator, the target electrical data is the target current value or the target voltage value, and the current value when the actuator does not have a fault is adjusted to the target current value according to the executed abnormal data, or the voltage value when the actuator does not have a fault is adjusted to the target voltage value according to the executed abnormal data.
For example, when a fault occurs inside the actuator or the actuator is injected with a fault, the current value of the actuator will be changed from 20A to 50A, or the voltage value will be changed from 20V to 50V.
In step S103, torque data of the mechanical member of the actuator is determined based on the target electrical data.
In the technical solution provided by step S103 of the present invention, according to the target electrical data, the mechanical component of the actuator will convert the torque data corresponding to the current value when the actuator has no fault into the torque data corresponding to the target current value, or will convert the torque data corresponding to the voltage value when the actuator has no fault into the torque data corresponding to the target voltage value.
For example, the mechanical components of the actuator would convert 100N of torque data for a 20A current value when the actuator is not failing to 200N of torque data for a 50A target current value, wherein the length of time it takes to obtain 100N to 200N of torque data is based on consulting the response time in the actuator manual.
Step S104, based on the torque data, a first moment when the vehicle has a dangerous event is determined.
In the solution provided by the above step S104 of the present invention, the vehicle will generate a driving speed according to the torque data, and the vehicle will drive according to the driving speed until the first time when the dangerous event occurs.
For example, according to the torque data of 200N, the running speed of the vehicle is changed to 380 km/h, and the vehicle runs according to the running speed, and the time of running until the vehicle generates a dangerous event is 2 seconds.
Step S105, determining a first fault tolerance time interval of the vehicle based on the first time, the second time when the target electric data is generated and the third time when the torque data is generated.
In the invention provided in step S105, the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated are linearly processed to obtain the first fault tolerance time interval of the vehicle.
For example, the second time when the target electrical data is generated is 180 milliseconds, and the third time when the torque data is generated may be 300 milliseconds, which is not specifically limited herein, and the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated are linearly processed to obtain the first fault tolerance time interval of the vehicle.
In the above steps S101 to S105 of the present application, in the embodiment of the present invention, abnormal data of an actuator of a vehicle is obtained, where the abnormal data of the actuator includes a target speed; acquiring target electrical data obtained by adjusting electrical data of the actuator by abnormal data of the actuator; determining torque data for a mechanical member of the actuator based on the target electrical data; determining a first time when the vehicle is in a dangerous event based on the torque data; a fault tolerant time interval for the vehicle is determined based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated. That is to say, according to the embodiment of the present invention, the abnormal data of the actuator of the vehicle and the target electrical data obtained by adjusting the electrical data of the actuator are obtained, the torque data of the mechanical member of the actuator are determined based on the target electrical data, the first time when the vehicle has a dangerous event is determined according to the torque data, and the first fault tolerance time interval of the vehicle is determined based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated, so that the purpose of obtaining the fault tolerance time interval of the vehicle according to the abnormal data of the actuator of the vehicle is achieved, the technical problem of low accuracy of obtaining the fault tolerance time interval in the concept stage is solved, and the technical effect of high accuracy of obtaining the fault tolerance time interval in the concept stage is achieved.
The above-described method of this embodiment is further described below.
As an alternative embodiment, step S102, acquiring target electrical data obtained by adjusting electrical data of an actuator by abnormal data of the actuator, includes: acquiring abnormal data of a controller of a vehicle, wherein the abnormal data of the controller comprises abnormal data of a sensor of the vehicle; adjusting the speed of the controller based on the abnormal data of the controller to obtain a target speed; and adjusting the electric data of the actuator based on the target speed to obtain target electric data.
In this embodiment, the abnormal data of the controller may be an internal fault of the controller of the vehicle, a fault injected into the controller, or abnormal data of the sensor, and is not specifically limited herein, and the target speed is obtained by adjusting the speed of the controller according to the abnormal data of the controller, and the target electric data is obtained by adjusting the electric data of the actuator according to the target speed.
For example, when the controller has abnormal data, the speed of the controller is adjusted from 120 kilometers per hour to 180 kilometers per hour, and the current value of the actuator is changed from 20A to 50A or the voltage value is changed from 20V to 50V according to 180 kilometers per hour.
As an alternative embodiment, the second fault-tolerant time interval of the vehicle is determined based on the fourth time when the target speed is generated, the second time and the first fault-tolerant time interval, wherein the second fault-tolerant time includes the first fault-tolerant time.
In this embodiment, a time length is obtained by performing linear operation on the fourth time and the second time at the target speed, and the time length and the first fault-tolerant time interval are subjected to linear operation to obtain a second fault-tolerant time interval of the vehicle.
As an alternative embodiment, a third fault-tolerant time interval of the vehicle is determined based on a fourth time, a fifth time and a second fault-tolerant time interval, wherein the third fault-tolerant time includes the second fault-tolerant time, and the fifth time is a time when the abnormal data of the sensor of the vehicle is transmitted to the communication bus.
In this embodiment, the fourth time and the fifth time are linearly calculated to obtain a time length, the time length is linearly calculated with the second fault-tolerant time interval to obtain a third fault-tolerant time interval of the vehicle, and the sensor abnormality data of the vehicle is obtained for the fault produced by the sensor.
For example, the sensor may be a camera sensor, when the camera is normal, the camera sensor transmits data once in 50 milliseconds, the camera fails after 50 seconds, and when 100 milliseconds, the camera sends an error picture or a black screen picture to the communication bus, and the fifth time is 100 milliseconds.
As an optional implementation manner, determining a third fault-tolerant time interval of the vehicle based on the fourth time, the fifth time and the second fault-tolerant time interval includes: determining the difference between the fourth time and the fifth time as the sensor time length; and determining the sum of the sensor time length and the second fault tolerance time interval as a third fault tolerance time interval.
In this embodiment, the fifth time and the fourth time are subtracted to obtain a sensor duration, and the sensor duration is added to the second fault tolerance time interval to obtain a third fault tolerance time interval.
For example, if the fifth time is 100 ms, the fourth time is 120 ms, the sensor duration is 20 ms, the second fault tolerance time interval is 1880 ms, and the third fault tolerance time interval is 1990 ms.
As an optional implementation manner, determining a second fault-tolerant time interval of the vehicle based on the fourth time, the second time and the first fault-tolerant time interval when the target speed is generated includes: determining the difference between the fourth moment and the second moment as the controller time length; and determining the controller time length and the first fault tolerance time interval as a second fault tolerance time interval.
In this embodiment, the fourth time is subtracted from the second time to obtain a controller time length, and the controller time length is added to the first fault tolerance time interval to obtain a second fault tolerance time interval.
For example, the fourth time is 120 ms, the second time is 180 ms, i.e. the controller duration is 60 ms, and the first fault tolerant time interval 1820 ms, i.e. the second fault tolerant time interval is 1880 ms.
As an alternative embodiment, step S105, determining a fault tolerance time interval of the vehicle based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated, includes: determining the difference between the second time and the third time as the actuator time length; determining the difference between the first time and the second time as the time of the dangerous event is long; and determining the actuator time length and the dangerous event time length as a first fault tolerance time interval.
In this embodiment, the second time and the third time are subtracted to obtain an actuator duration, the first time and the second time are subtracted to obtain a dangerous event duration, and the actuator duration and the dangerous event duration are added to obtain a first fault tolerance time interval.
For example, according to the above steps, the difference between the second time 180 ms and the third time 300 ms is marked as 120 ms, and the actuator time is recorded as long; the difference of 1920 seconds between 2 seconds at the first moment and 180 milliseconds at the second moment is recorded as the time of the dangerous event is long, and the time of the actuator is 120 milliseconds long and the time of the dangerous event is 1920 seconds long, and is recorded as the interval of 2040 milliseconds between the first fault tolerance time and the second fault tolerance time.
In the embodiment, abnormal data of a controller of a vehicle is acquired at a fifth moment when the abnormal data of a sensor of the vehicle is sent to a communication bus, the speed of the controller is adjusted based on the abnormal data of the controller to obtain a target speed, when the target speed adjusts electric data of an actuator, torque data of a mechanical component of the actuator is determined based on the target electric data, a first moment when a dangerous event occurs in the vehicle is determined based on the torque data, a second moment when the target electric data is generated and a third moment when the torque data is generated are determined, a difference between the second moment and the third moment is determined as an actuator time length, a difference between the first moment and the second moment is determined as a dangerous event time length, a sum of the actuator time length and the dangerous event time length is determined as a first fault tolerance time interval, and a difference between the fourth moment when the target speed is generated is determined as a controller time length; determining the sum of the controller time length and the first fault tolerance time interval as a second fault tolerance time interval, and determining the difference between the fourth moment and the fifth moment as the sensor time length; the sum of the sensor time and the second fault tolerance time interval is determined as the third fault tolerance time interval, so that the technical problem of low accuracy of the fault tolerance time interval obtained in the concept stage is solved, and the technical effect of high accuracy of the fault tolerance time interval obtained in the concept stage is achieved.
Example 2
The technical solutions of the embodiments of the present invention will be illustrated below with reference to preferred embodiments.
The most challenging endeavors in vehicle driving involve the development of a sufficiently safe set of autonomous driving systems. In an autopilot system, many critical design parameters are relevant for achieving such adequate safety, including time parameters, since critical events during the operation of the autopilot must follow a strict time relationship. One of these time relationships that is of great importance is the fault tolerance interval.
When designing the ISO26262 concept phase of an autopilot system, the ISO26262 standard requires that fault tolerance time interval parameters be specified for each safety target. To meet this requirement, the key problem to be encountered is that the formulation of fault tolerant time interval parameters depends heavily on the details of the design activities, which are performed after the conceptual design phase, i.e., in the development phase. Although the formulas and mechanisms for evaluating the fault tolerance interval parameters already exist in the conceptual stage, they are based only on simple assumptions about the system design, which results in inaccurate fault tolerance intervals obtained at this time, and most likely results in many changes occurring later in the design of the automation equipment specification, such as software changes, hardware changes, and even changes to the entire system.
The use of a method and system for determining accurate fault tolerance interval parameter values during the conceptual design phase of ISO26262 functional safety becomes a hard requirement.
In order to overcome the above problems, in a related art, a method for evaluating the safety of the early function of an intelligent vehicle system based on fault injection is provided, wherein the method comprises the following steps: step one, setting; secondly, configuring a vehicle running scene; thirdly, configuring a fault injection test; fourthly, fault injection is carried out; and fifthly, analyzing data. The method provided by the invention combines the model-based design with the simulation-based fault injection technology and the virtual vehicle, provides a promising solution for the early functional safety evaluation of the intelligent vehicle system, and more intuitively shows the influence of the component level and the system level fault on the whole vehicle layer through the simulation-based fault injection mode, thereby more accurately defining the functional safety target and the attribute value of the system. In the step two of the fifth step, the calculation of the fault tolerance time interval is mentioned, but only a simulation result is given, and the fault tolerance time interval parameters are not divided into different constituent elements and are measured respectively.
In another related technology, a method for analyzing functional safety concept stages of a lateral control system of an intelligent vehicle is provided, which comprises the following steps: firstly, defining system functions and related items; secondly, analyzing an operation scene; thirdly, analyzing the damage; fourthly, risk assessment is carried out; fifthly, exporting a safety target; and sixthly, requiring functional safety. The invention considers the whole vehicle layer function safety technology of the intelligent vehicle transverse control system, sets out a function safety target according to a function fault and a function failure mode from the function safety definition, considers the architecture design of the system, and decomposes the function safety target of the system to each electronic and electrical component through fault tree analysis to form the function safety requirement of each component. In the fifth step, the fault tolerance time interval is mentioned, but no calculation or estimation is carried out, and only a pending conclusion is given.
In another related art, a system and a control method for avoiding undesired steering are provided, and the system is specifically a control module for acquiring external information of a running vehicle and transmitting the information; the system comprises a software processing strategy module for limiting unexpected steering hazard, a functional safety concept derivation module for diagnosing whether lane information is covered according to external information of a running vehicle, and a software strategy module for analyzing the functional safety of the vehicle; the invention avoids the unexpected steering hazard of the automatic driving function by a functional safety design method; and a corresponding strategy is made from the aspect of functional safety, and a function limiting strategy with unreliable function level is omitted. The invention mostly mentions that the fault tolerance time interval is 200ms, but no calculation or measurement is carried out, and no special calculation method and system are proposed. The patent provides a method and a system for specially measuring fault tolerance time interval parameter values of an automatic driving system.
The fault tolerance time interval parameter refers to the time interval between two events, namely the event that a fault occurs in the system and the subsequent hazardous event. According to ISO26262 functional safety standard, the fault tolerance time interval is defined as: in case the security mechanism is not activated, the shortest time interval from the occurrence of a failure inside the relevant item to the possible occurrence of a hazardous event.
In the above definition, the related item actually refers to a control system, while the safety mechanism refers to a technical solution for reducing the safety risk associated with a hazardous event. However, ISO26262 functional safety standards do not provide a well-defined method for calculating and decomposing the parameters of the time components associated with the fault tolerant time interval parameter. Numerous colleagues have made extensive attempts to decompose the constituent elements of the fault tolerant time interval in the hope of being able to provide accurate parameter values during the development of the concept phase. For example, the related art has introduced the concept of partial fault tolerant time interval portions to help break up the constituent elements of these times. Fig. 2 is a schematic diagram of a method for determining a fault tolerant time interval of a vehicle according to an embodiment of the invention, as shown in fig. 2 (fig. 2 also synchronously illustrates the definition of the fault tolerant time interval in ISO26262 standard). According to the related art, the fault tolerant time interval is easier to calculate or measure as its defined events-dysfunctional events such as the execution of erroneous actions by actuators, and events in which a hazard event may be prevented-are easier to identify by analysis or actual measurement. However, the calculation or evaluation of the remaining fault tolerant time interval components still has many problems.
However, the embodiment of the present invention provides a method for calculating a fault tolerant time interval, as shown in fig. 3, the general idea of the method is to decompose a fault tolerant time interval parameter into four components: sensor fault transfer time FPTs, controller fault transfer time FPTc, actuator execution time AT, and hazard time HT related to a driving scene, and a system for calculating fault-tolerant time intervals is built, as shown in fig. 4, fig. 4 is a system diagram for calculating fault-tolerant time intervals, and a main component of the system is event measurement equipment which monitors information sent by all other components on a communication bus for measuring accurate time intervals of related event identifiers.
A first way of implementing the system shown in fig. 4 is to use actual sensor ECUs, controller ECUs, actuator ECU hardware and software, and event measurement devices, where an Electronic Control Unit (ECU) is used for short. This approach constitutes a real testing platform consisting of actual components.
The second way is that all or part of the components are realized by simulation, and meanwhile, real event measurement equipment is adopted to ensure more accurate measurement.
The above method can realize the measurement of all the components of the fault tolerant time interval parameter by constructing the fault tolerant time interval measuring system as a distributed communication bus system.
Since the values of the fault tolerant time intervals need to be calculated at the conceptual stage, where the actual ECU, actuators, sensing system hardware and software may not yet be available, we use the second approach herein. After the actual ECU, actuators, sensing system hardware and software have been developed, a more accurate calculation can be made using the first method.
It should be noted that the communication bus in fig. 4 is a concept, and is not a fixed bus. For example, if the sensor ECU and the controller ECU communicate via ethernet, the sensor data of the sensor ECU is simulated to be sent to the controller ECU via ethernet, and the event measurement device is used as a listener of the ethernet bus to receive the sensor data at the same time. In addition, the data of the actuator ECU, the actuator mechanical part and the scene perception module are all notified to the event measuring device in the mode of environment variables.
The method uses the system shown in fig. 4 to calculate, evaluate or measure the related constitution of the fault tolerance time interval, and firstly, a measuring system is built according to the method shown in fig. 4, wherein the measuring system comprises: the system comprises a communication bus, a sensor ECU, a controller ECU, an actuator mechanical part and an event measuring device, wherein the sensor ECU is connected to the communication bus through a simulation interface A (a mode actually adopted by the sensor ECU, such as a controller domain network, a local area internet, an Ethernet and the like), the event measuring device is connected to the communication bus through an interface F and is used for measuring the accurate time interval of a relevant event identifier, the controller ECU is connected to the communication bus through a simulation interface B (a mode actually adopted by the controller ECU, such as a controller domain network, a local area internet, an Ethernet and the like), the actuator ECU transmits data output to the actuator mechanical part to the communication bus through a simulation interface C through an environment variable mode, the actuator mechanical part transmits data output to a scene perception module to the communication bus through a simulation interface D through an environment variable mode, and the scene perception module transmits the occurrence moment of a hazard event to the communication bus through an environment variable mode through a simulation interface E.
Calculating fault-tolerant time intervals fig. 5 is a flow chart of a method of determining fault-tolerant time intervals for a vehicle according to an embodiment of the invention.
Firstly, a sensor fault is manufactured in a simulation mode at any position in the sensor ECU in the step 4, an event measuring device records a time point T1 when the fault is sent from the sensor ECU to a communication bus, a fault tolerance time interval is calculated according to the time point, the numerical value of fault transmission time is related to the clock frequency of the controller ECU, the software scheduling period of the controller ECU and the like, the event measuring device records a time point T2 when the controller ECU sends out an abrupt change message (caused by the sensor fault), and FPTs = T2-T1.
Step 502, calculating a controller fault delivery time.
The actuator is used to process the input control data and convert the control data into control in the form of current/voltage etc. to the mechanical parts of the actuator. The value of the fault transmission time is related to the clock frequency of the actuator ECU, the software scheduling period of the actuator ECU and the like, and the event measuring device records the time point T3 when the actuator ECU sends out a sudden change (caused by a sensor fault) of the control current/voltage value (environment variable value), so that FPTc = T3-T2.
Step 503, calculate the execution time interval.
The actuator is usually an electromechanical device, the execution time delay of which is obtained by consulting the response time parameter in the actuator manual, and the event measuring device records the time point T4 when the torque value of the mechanical part of the actuator (the value of the ambient variable) is suddenly changed (due to sensor failure), AT = T4-T3.
At step 504, a hazard event interval is calculated.
The hazard event is associated with the subsystem under consideration. The number of such hazardous events is enormous for autonomous driving systems. It is assumed here that the hazard event considered is related to the unsafe distance of the host vehicle to other surrounding vehicles or to the host vehicle from the adjacent lane lines. In this case, the Hazard Time (HT) is the time interval from the sudden change of the output parameter of the mechanical part of the actuator to the transition of the behavior to a hazard event. Thus, the time delay is related to the driving scenario of the vehicle, obstacles and lane lines around the host vehicle, and the dynamic behavior and reaction of the host vehicle, and the shortest time interval from the occurrence of the fault to the possible occurrence of the hazard event is considered according to the definition of the fault tolerant time interval. Thus assuming the moment when the hazard event occurs: the distance between the vehicle and any surrounding vehicle or obstacle is 0, or the vehicle crosses a lane line, in the scene perception module, according to the transverse and longitudinal speed, the transverse and longitudinal acceleration, etc., of the vehicle, the distance between the vehicle and the surrounding vehicle or obstacle, and the distance between the vehicle and the lane line, scene simulation is carried out by modeling, wherein, sudden changes of parameters such as the transverse and longitudinal speed, the transverse and longitudinal acceleration, etc., of the vehicle are transmitted through environment variables between the mechanical part of an actuator and the scene perception module, the scene perception module transmits the occurrence time of the hazard event such as collision, lane line crossing, etc., to a communication bus through the environment variables by simulating the scene, and the event measuring device records the occurrence time point T5 of the hazard event, then HT = T5-T4.
Step 505, calculating a fault tolerance time interval.
Therefore, the sum of the sensor failure transfer time (FPTs), the controller failure transfer time (FPTc), the execution time interval (AT), and the hazard event interval (HT).
Through the measuring system and the measuring method, the numerical value of the fault tolerance time interval can be calculated. It is noted that if a fault occurs internally by the controller ECU, the fault tolerant time interval is the sum of the controller fault delivery time (FPTc), the execution time interval (AT), and the hazard event interval (HT). The fault tolerance time interval performs the sum of the time interval (AT) and the hazard event interval (HT) if the fault is internally generated by the actuator ECU.
In the embodiment, a fault system for calculating fault tolerance time intervals is set up, an event measuring device records a time point T1 when a fault is sent from a sensor ECU to a communication bus, an event measuring device records a time point T2 when a controller ECU sends a mutation message (caused by a sensor fault), an event measuring device records a time point T3 when an actuator ECU sends a control current/voltage value (environment variable value) mutation (caused by a sensor fault), an event measuring device records a time point T4 when an actuator mechanical part torque value (environment variable value) mutation (caused by a sensor fault), and an event measuring device records a time point T5 when a hazard event occurs, and the fault tolerance time intervals are obtained according to the time points T1, T2, T3, T4 and T5, so that the fault tolerance time intervals (FPTs), the controller fault transmission time (FPTc), the execution time intervals (AT) and the hazard event intervals (HT) are obtained, the fault tolerance time intervals are obtained according to the sensor fault transmission time (FPTs), the controller fault transmission time intervals (AT), the execution time intervals (AT) and the hazard event intervals (HT), the fault tolerance time intervals are obtained in the fault tolerance concept stage, and the technical problem that the fault tolerance accuracy is low is obtained in the fault tolerance time interval stage is solved.
Example 3
According to the embodiment of the invention, the device for determining the fault tolerance time interval of the vehicle is further provided. It should be noted that the apparatus for determining fault-tolerant time intervals of a vehicle may be used to execute the method for determining fault-tolerant time intervals of a vehicle in embodiment 1.
Fig. 6 is a schematic diagram of an apparatus for determining a fault tolerant time interval of a vehicle according to an embodiment of the present invention. As shown in fig. 6, the apparatus 600 for determining a fault tolerant time interval of a vehicle may include: a first acquisition unit 601, a second acquisition unit 602, a first determination unit 603, a second determination unit 604, and a third determination unit 605.
A first obtaining unit 601, configured to obtain abnormal data of an actuator of a vehicle, where the abnormal data of the actuator includes a target speed.
A second obtaining unit 602, configured to obtain target electrical data obtained by adjusting electrical data of the actuator according to the abnormal data of the actuator.
A first determination unit 603 for determining torque data of a mechanical member of the actuator based on the target electrical data.
A second determination unit 604 for determining a first moment in time when the vehicle is at risk based on the torque data.
A third determination unit 605 for determining a first fault-tolerant time interval of the vehicle based on the first time, the second time when the target electrical data is generated, and the third time when the torque data is generated.
Optionally, the first obtaining unit 602 may include: the third acquisition module acquires abnormal data of a controller of the vehicle, wherein the abnormal data of the controller comprises abnormal data of a sensor of the vehicle. Optionally, the first obtaining unit 602 may include: and the first processing module is used for adjusting the speed of the controller based on the abnormal data of the controller to obtain the target speed.
Optionally, the apparatus further comprises: and the fourth determining unit is used for determining a second fault-tolerant time interval of the vehicle based on a fourth moment, a second moment and a first fault-tolerant time interval when the target speed is generated, wherein the second fault-tolerant time comprises the first fault-tolerant time.
Optionally, the apparatus further comprises: and a fifth determining unit that determines a third fault-tolerant time interval of the vehicle based on a fourth time, a fifth time, and the second fault-tolerant time interval, wherein the third fault-tolerant time includes the second fault-tolerant time, and the fifth time is a time when the abnormal data of the sensor of the vehicle is transmitted onto the communication bus.
Alternatively, the fourth determination unit may include: and the first determining module is used for determining the difference between the fourth moment and the fifth moment as the sensor time length.
Alternatively, the fourth determination unit may include: and the second determining module is used for determining the sum of the sensor time length and the second fault tolerance time interval as a third fault tolerance time interval.
Alternatively, the fifth determination unit may include: and the first determining module is used for determining the difference between the fourth moment and the second moment as the controller time length.
Alternatively, the fifth determination unit may include: and the second determining module is used for determining the sum of the controller time length and the first fault tolerance time interval as a second fault tolerance time interval.
Optionally, the third processing unit 605 may include: and the first determination module is used for determining the difference between the second moment and the third moment as the long time of the actuator.
Optionally, the third processing unit 605 may include: and the second determining module is used for determining the difference between the first moment and the second moment as the time of the dangerous event is long.
Optionally, the third processing unit 605 may include: and the third determining module is used for determining the time length of the actuator and the time length of the dangerous event as a fault tolerance time interval.
In this embodiment, by a first acquisition unit, an abnormality data of an actuator of a vehicle is acquired, wherein the abnormality data of the actuator includes a target speed; the second acquisition unit is used for acquiring target electrical data obtained by adjusting the electrical data of the actuator by the abnormal data of the actuator; a first determination unit for determining torque data of a mechanical member of the actuator based on the target electrical data; a second determination unit for determining a first moment when the vehicle has a dangerous event based on the torque data; the third determining unit is used for determining the first fault-tolerant time interval of the vehicle based on the first moment, the second moment when the target electrical data is generated and the third moment when the torque data is generated, so that the technical problem that the accuracy of the fault-tolerant time interval obtained in the concept stage is low is solved, and the technical effect that the accuracy of the fault-tolerant time interval obtained in the concept stage is high is achieved.
Example 4
There is also provided, according to an embodiment of the present invention, a computer-readable storage medium including a stored program, wherein the program performs the method of determining a fault-tolerant time interval of a vehicle in embodiment 1.
Example 5
According to an embodiment of the present invention, there is also provided a processor for running a program, wherein the program when running performs the method of determining fault tolerant time intervals of a vehicle of embodiment 1.
Example 6
According to an embodiment of the present invention, there is also provided a vehicle for performing the method of determining a fault tolerant time interval of a vehicle of embodiment 1.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit may be a division of a logic function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or may not be executed. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be an indirect coupling or communication connection through some interfaces, units or modules, and may be electrical or in other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-only memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.
Claims (10)
1. A method of determining a fault tolerant time interval for a vehicle, comprising:
acquiring abnormal data of an actuator of a vehicle, wherein the abnormal data of the actuator comprises a target speed;
acquiring target electrical data obtained by adjusting the electrical data of the actuator by the abnormal data of the actuator;
determining torque data for a mechanical member of the actuator based on the target electrical data;
determining a first time when the vehicle is at a dangerous event based on the torque data;
determining a first fault tolerant time interval for the vehicle based on the first time, a second time when the target electrical data is generated, and a third time when the torque data is generated.
2. The method of claim 1, wherein obtaining target electrical data adjusted for the actuator electrical data by the actuator anomaly data comprises:
acquiring abnormality data of a controller of the vehicle, wherein the abnormality data of the controller includes abnormality data of a sensor of the vehicle;
adjusting the speed of the controller based on the abnormal data of the controller to obtain the target speed;
and adjusting the electric data of the actuator based on the target speed to obtain the target electric data.
3. The method of claim 1, further comprising:
determining a second fault-tolerant time interval for the vehicle based on a fourth time when the target speed was generated, the second time, and the first fault-tolerant time interval, wherein the second fault-tolerant time includes the first fault-tolerant time.
4. The method of claim 3, further comprising:
determining a third fault-tolerant time interval of the vehicle based on the fourth time, a fifth time and the second fault-tolerant time interval, wherein the third fault-tolerant time comprises the second fault-tolerant time, and the fifth time is a time when abnormal data of a sensor of the vehicle is transmitted onto a communication bus.
5. The method of claim 4, wherein determining a third fault-tolerant time interval for the vehicle based on the fourth time, the fifth time, and the second fault-tolerant time interval comprises:
determining a difference between the fourth time and the fifth time as a sensor time length;
determining a sum of the sensor time duration and the second fault-tolerant time interval as the third fault-tolerant time interval.
6. The method of claim 3, wherein determining a second fault-tolerant time interval for the vehicle based on a fourth time when the target speed was generated, the second time, and the first fault-tolerant time interval comprises:
determining a difference between the fourth time and the second time as a controller time length;
determining the sum of the controller time length and the first fault-tolerant time interval as the second fault-tolerant time interval.
7. The method of claim 1, wherein determining a first fault-tolerant time interval for the vehicle based on the first time, a second time when the target electrical data is generated, and a third time when the torque data is generated comprises:
determining a difference between the second time and the third time as an actuator time;
determining the difference between the first time and the second time as the time of the dangerous event is long;
determining the sum of the actuator time duration and the hazardous event time duration as the first fault tolerance time interval.
8. An apparatus for determining fault tolerant time intervals for a vehicle, comprising:
a first acquisition unit configured to acquire abnormality data of an actuator of a vehicle, wherein the abnormality data of the actuator includes a target speed;
the second acquisition unit is used for acquiring target electrical data obtained by adjusting the electrical data of the actuator by the abnormal data of the actuator;
a first determination unit for determining torque data of a mechanical member of the actuator based on the target electrical data;
a second determination unit for determining a first moment when the vehicle is in a dangerous event based on the torque data;
a third determination unit for determining a first fault-tolerant time interval of the vehicle based on the first time, a second time when the target electrical data is generated, and a third time when the torque data is generated.
9. A computer-readable storage medium, comprising a stored program, wherein the program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform the method of any one of claims 1 to 7.
10. A vehicle for carrying out a method of determining fault tolerant time intervals for a vehicle according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210716391.1A CN115158192B (en) | 2022-06-23 | 2022-06-23 | Method and device for determining fault tolerance time interval of vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210716391.1A CN115158192B (en) | 2022-06-23 | 2022-06-23 | Method and device for determining fault tolerance time interval of vehicle |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115158192A true CN115158192A (en) | 2022-10-11 |
| CN115158192B CN115158192B (en) | 2024-07-09 |
Family
ID=83486685
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210716391.1A Active CN115158192B (en) | 2022-06-23 | 2022-06-23 | Method and device for determining fault tolerance time interval of vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115158192B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116001708A (en) * | 2023-02-22 | 2023-04-25 | 北京理工大学深圳汽车研究院(电动车辆国家工程实验室深圳研究院) | Response speed compensation method, quick response method and storage medium of drive-by-wire chassis |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1465080A2 (en) * | 2002-12-13 | 2004-10-06 | Renault s.a.s. | Method for designing a fault tolerant system |
| CN105034988A (en) * | 2015-08-21 | 2015-11-11 | 清华大学 | Fault diagnosis and fault tolerant control method for automobile electronic stable control system sensors |
| CN111258294A (en) * | 2020-01-07 | 2020-06-09 | 北京经纬恒润科技有限公司 | Fault tolerance time testing system and method |
| CN114559957A (en) * | 2022-03-17 | 2022-05-31 | 东风汽车集团股份有限公司 | Vehicle fault tolerance time calculation method, system, medium, and electronic device |
-
2022
- 2022-06-23 CN CN202210716391.1A patent/CN115158192B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1465080A2 (en) * | 2002-12-13 | 2004-10-06 | Renault s.a.s. | Method for designing a fault tolerant system |
| CN105034988A (en) * | 2015-08-21 | 2015-11-11 | 清华大学 | Fault diagnosis and fault tolerant control method for automobile electronic stable control system sensors |
| CN111258294A (en) * | 2020-01-07 | 2020-06-09 | 北京经纬恒润科技有限公司 | Fault tolerance time testing system and method |
| CN114559957A (en) * | 2022-03-17 | 2022-05-31 | 东风汽车集团股份有限公司 | Vehicle fault tolerance time calculation method, system, medium, and electronic device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116001708A (en) * | 2023-02-22 | 2023-04-25 | 北京理工大学深圳汽车研究院(电动车辆国家工程实验室深圳研究院) | Response speed compensation method, quick response method and storage medium of drive-by-wire chassis |
| CN116001708B (en) * | 2023-02-22 | 2023-06-16 | 北京理工大学深圳汽车研究院(电动车辆国家工程实验室深圳研究院) | Response speed compensation method, quick response method and storage medium of drive-by-wire chassis |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115158192B (en) | 2024-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Nardi et al. | Functional safety methodologies for automotive applications | |
| Mariani | An overview of autonomous vehicles safety | |
| JP4749414B2 (en) | Method for demonstrating embedded systems | |
| US20190138671A1 (en) | Simulation device and program | |
| Huang et al. | Active fault tolerant control systems by the semi‐Markov model approach | |
| US8108728B2 (en) | Method and apparatus for operational-level functional and degradation fault analysis | |
| CN108802511B (en) | Method and system for testing battery management unit | |
| EP2889775B1 (en) | Computer having self-monitoring function and monitoring program | |
| EP3997528B1 (en) | System, device and method for testing autonomous vehicles | |
| EP3151122A1 (en) | Method and apparatus for generating a fault tree | |
| Wotawa et al. | Quality assurance methodologies for automated driving. | |
| CN115158192A (en) | Method and device for determining fault-tolerant time intervals of a vehicle | |
| JP6449723B2 (en) | Fault simulation apparatus and fault simulation method | |
| JP5680514B2 (en) | Computer having self-diagnosis function, software creation method, and software creation device | |
| Ham et al. | A framework for simulation-based engine-control unit inspection in manufacturing phase | |
| Sălcianu et al. | A new CAN diagnostic fault simulator based on UDS protocol | |
| Battram et al. | A Modular Safety Assurance Method considering Multi-Aspect Contracts during Cyber Physical System Design. | |
| CN110546616A (en) | probability metric for random hardware faults | |
| CN111044826B (en) | Detection method and detection system | |
| Förster et al. | Safety goals in vehicle security analyses: a method to assess malicious attacks with safety impact | |
| Hillenbrand et al. | Development of electric/electronic architectures for safety‐related vehicle functions | |
| Bock et al. | Analytical test effort estimation for multisensor driver assistance systems | |
| Price et al. | Effective automated sneak circuit analysis | |
| KR20210023722A (en) | Method for testing a system to a request | |
| Zhai et al. | Achieving ASIL D for microcontroller in safety-critical drive-by-wire system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |