CN116118773A - Automatic driving automobile safety domain error-redundancy control system and safety evaluation method - Google Patents

Automatic driving automobile safety domain error-redundancy control system and safety evaluation method Download PDF

Info

Publication number
CN116118773A
CN116118773A CN202211565754.2A CN202211565754A CN116118773A CN 116118773 A CN116118773 A CN 116118773A CN 202211565754 A CN202211565754 A CN 202211565754A CN 116118773 A CN116118773 A CN 116118773A
Authority
CN
China
Prior art keywords
module
vehicle
safety
information
reliability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211565754.2A
Other languages
Chinese (zh)
Inventor
唐怀坤
张海峰
袁源
朱晨鸣
周斌
黄明科
王江涛
宋城旭
陈慧
顾颖
李享
孙玉桃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Information Consulting and Designing Institute Co Ltd
Original Assignee
China Information Consulting and Designing Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Information Consulting and Designing Institute Co Ltd filed Critical China Information Consulting and Designing Institute Co Ltd
Priority to CN202211565754.2A priority Critical patent/CN116118773A/en
Publication of CN116118773A publication Critical patent/CN116118773A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W60/00Drive control systems specially adapted for autonomous road vehicles
    • B60W60/001Planning or execution of driving tasks
    • B60W60/0015Planning or execution of driving tasks specially adapted for safety
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • B60R16/0231Circuits relating to the driving or the functioning of the vehicle
    • B60R16/0232Circuits relating to the driving or the functioning of the vehicle for measuring vehicle parameters and indicating critical, abnormal or dangerous conditions
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W30/00Purposes of road vehicle drive control systems not related to the control of a particular sub-unit, e.g. of systems using conjoint control of vehicle sub-units
    • B60W30/08Active safety systems predicting or avoiding probable or impending collision or attempting to minimise its consequences
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W50/02Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
    • B60W50/023Avoiding failures by using redundant parts
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W60/00Drive control systems specially adapted for autonomous road vehicles
    • B60W60/005Handover processes
    • B60W60/0053Handover processes from vehicle to occupant

Landscapes

  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Mechanical Engineering (AREA)
  • Transportation (AREA)
  • Human Computer Interaction (AREA)
  • Safety Devices In Control Systems (AREA)

Abstract

The invention provides an automatic driving automobile safety domain error-tolerant control system and a safety assessment method, wherein the safety system aims at providing a multi-level fault-tolerant safety system method comprising four safety domains, and comprises a level I safety domain vehicle safety perception subsystem, a level II safety domain vehicle interconnection safety subsystem, an automatic driving and manned switching system under the emergency of a level III safety domain, a level IV safety domain automatic power-off system and a switching method between the systems, and provides an algorithm method for evaluating the reliability of a vehicle adopting the safety system method through a traffic management command system and a device for evaluating the reliability of the vehicle adopting the safety system method.

Description

Automatic driving automobile safety domain error-redundancy control system and safety evaluation method
Technical Field
The invention belongs to the technical field of traffic safety, and particularly relates to an automatic driving automobile safety domain error control system and a safety evaluation method.
Background
The traffic accident of the automatic driving vehicle frequently happens, and the safety performance of the unmanned technology becomes the focus of public attention. Because of the personal safety concerns, drivers and passengers are concerned about the reliability and fault tolerance of unmanned driving, and there is an urgent need to increase the level of safety redundancy in automatic driving.
Along with the progress of artificial intelligence technology, a great amount of scientific research force is put into the unmanned field, and the technology is divided into two technical routes of single car intelligence and intelligent network car at present. The intelligent technical route of the bicycle cannot predict that all scenes have larger potential safety hazards in advance; intelligent networking automobile routes lack vehicle intelligentization measures.
Disclosure of Invention
The invention aims to: the automatic driving vehicle needs to take advantages of the intelligent and intelligent network-connected vehicle technical route of the single vehicle into consideration, form technical complementation, reduce comprehensive cost through the technical complementation, simultaneously need to evaluate the reliability of the vehicle adopting the automatic driving safety system, need to have a set of reliability algorithm, and need to evaluate and mark annual inspection of the vehicle adopting the automatic driving technology
In order to solve the technical problems, the invention provides a multistage fault-tolerant safety system in an unmanned scene of a road vehicle, a reliability evaluation algorithm and a system device, and aims to provide a safety system equipment method, and the reliability of a vehicle adopting the safety system method is detected and evaluated, wherein the safety system comprises the simulation evaluation of an experimental field, especially unmanned, the early popularization of unmanned needs to authenticate the error level of unmanned, meanwhile, after unmanned begins to commercialize gradually, the number of vehicles in a city is increased, and the invention can evaluate the traffic safety of the city vehicle according to a traffic control command center evaluation algorithm and a system device and further optimize the road traffic strategy.
The invention provides an automatic driving automobile safety domain error-tolerant control system which comprises a level I safety domain vehicle safety sensing subsystem, a level II safety domain vehicle interconnection safety subsystem, an automatic driving and manned switching system under a level III safety domain emergency condition and a level IV safety domain automatic power-off system.
The I-level safety domain vehicle safety perception subsystem comprises an A module, a B module and a C module; the A module, the B module and the C module are mutually connected in series;
the system comprises a module A, a module B and a module C, wherein the module A comprises an anti-collision ranging assembly, the module B comprises a vehicle vision assembly, and the module C comprises a group 1 intelligent driving vehicle-mounted unit;
the module A is used for measuring the distance between the vehicle and the peripheral object, transmitting the distance measurement information to the module B in real time, identifying the peripheral object by the module B, and transmitting the object identification information to the module C; c, judging whether safety risks exist for the running of the vehicle by surrounding articles according to the information transmitted by the B module, and transmitting the information to the G module;
the II-level safety domain vehicle interconnection safety subsystem comprises a D module, an E module, an F module and a G module; the D module, the E module and the F module are connected in parallel and then connected in series with the G module;
the D module comprises a vehicle state digital acquisition subsystem which is used for acquiring the running speed, gear, tire pressure, temperature and humidity of the vehicle, the length, width and height of the vehicle, the temperature of an engine and a running starting point;
the E module comprises an interconnection module of the vehicle and is used for communicating with the vehicle, roadside facilities, mobile phone terminals of pedestrians, traffic management systems such as traffic lights and the like and satellite positioning systems (including Beidou satellite positioning systems and GPS positioning systems);
the F module comprises a traffic control command center interconnection module and is used for acquiring information, including a road traffic high-definition dynamic map and information of social events on traffic control (such as temporary traffic control of a marathon event, important road section control of an college entrance examination and the like);
the G module comprises a group 2 intelligent driving vehicle-mounted unit, wherein the G module is used for comprehensively analyzing related information acquired by the D module, the E module and the F module and judging whether safety problems exist in vehicle operation, and the G module and the C module are used for mutually exchanging information so as to realize comprehensive analysis of various information from vehicles and other articles on roads and vehicles and other equipment on roads (roadside facilities, pedestrian mobile phone terminals, traffic lights and the like);
the automatic driving and manned switching system under the emergency situation of the III-level safety domain comprises an H module, and when the I-level safety domain vehicle safety sensing subsystem and the II-level safety domain vehicle interconnection safety subsystem both report fault codes, the vehicle automatically utilizes a vehicle power control system to carry out emergency parking on the vehicle;
the IV-level safety domain automatic power-off system comprises an I module, wherein the I module is used for automatically entering an energy power-off state when a vehicle is in a runaway state in a scene of safety domain failure, and automatically turning off a power supply for an electric automobile and turning off an oil circuit for a fuel automobile.
The system performs the steps of:
step 1, a module A transmits ranging information to a module B in real time;
step 2, the module B judges the position information of related articles (such as other vehicles and road barriers) on the periphery of the vehicle through visual recognition according to the ranging information, and transmits the judging information to the module C;
step 3, the module C judges whether the related articles on the road around the vehicle have safety risks for the running of the vehicle according to the information transmitted by the module B, and transmits the information to the module G;
step 4, the D module transmits all the digital information of the vehicle to the G module, wherein the digital information of the vehicle comprises the running speed, the weight of the vehicle, the monitoring data of an instrument panel, the temperature and humidity, the starting and stopping positions and the length, width and height information of the vehicle;
step 5, the E module provides information of vehicle-to-vehicle communication, vehicle-to-roadside facilities, vehicle-to-traffic lights and vehicle-to-satellite communication for the G module, and meanwhile, the G module also feeds back driving information of the vehicle to the E module, and the E module feeds back driving information to other vehicles or facilities;
step 6, the F module provides a road traffic dynamic high-precision map for the G module, and supplements the road traffic dynamic high-precision map information by collecting the information of the G module;
step 7,G module gives running instructions to the vehicle and controls the vehicle power control system to run normally;
step 8, if the G module provides self-checking information for the safety perception subsystem of the vehicle in the I-level safety domain, and the self-checking information feeds back failure information to the C module when the interconnection safety subsystem of the vehicle in the II-level safety domain fails; meanwhile, the C module also feeds back self-checking information of the safety perception subsystem of the vehicle in the I-level safety domain to the G module;
step 9, the C module takes over the vehicle power control system according to the fault information of the II-level safety domain vehicle interconnection safety subsystem fed back by the G module, and the I-level safety domain vehicle safety perception subsystem directly controls the running action of the vehicle;
step 10, if the G module receives the failure information of the safety perception subsystem of the vehicle in the I-level safety domain sent by the C module, the safety perception subsystem of the vehicle in the I-level safety domain is not taken as a decision judgment basis, and the safety subsystem of the vehicle in the II-level safety domain is connected with each other to be taken as a decision basis to finish the automatic running of the vehicle;
step 11, the G module feeds back the conditions of the I-level safety domain vehicle safety perception subsystem and the II-level safety domain vehicle interconnection safety subsystem to the H module in real time, when fault codes of the I-level safety domain vehicle safety perception subsystem and the II-level safety domain vehicle interconnection safety subsystem are fed back, a warning that automatic driving is switched to unmanned driving is generated, and if the vehicle detects that a system is out of control and unmanned driving is not switched to manned driving, the vehicle automatically switches the energy of the vehicle;
step 12, an automatic power-off signal is fed back to the H module through the I module, and the H module reminds by voice: the two-stage automatic driving system fails, and automatic blocking of energy is performed to prevent continuous traffic accidents caused by brake failure due to system failure; at the moment, the automobile is in an autonomous parking behavior, if the switching is not completed, the automobile is always kept in a parking state, the automobile slowly pops out of the I module at the position of the steering wheel, the I module comprises a steering wheel controller, and a driver touches the I module to automatically drive and manually drive one-key switching functions, so that the manual driving of the automobile is realized.
The invention also provides an automatic driving automobile safety assessment method, which specifically comprises the following steps:
reliability R of class I safety domain vehicle safety perception subsystem The method comprises the following steps:
R =R1*R2*R3 (1)
wherein R1 represents the reliability of the A module, R2 represents the reliability of the B module, and R3 represents the reliability of the C module;
reliability R of grade II safety domain vehicle interconnection safety subsystem The method comprises the following steps:
R =(1-(1-R4)*(1-R5)*(1-R6))*R7 (2)
wherein, R4 represents the reliability of the D module, R5 represents the reliability of the E module, R6 represents the reliability of the F module, and R7 represents the reliability of the G module;
reliability R of automatic driving and manned switching system in III-level safety domain emergency The method comprises the following steps:
R =R8 (3)
wherein R8 represents the reliability of the H module;
reliability R of IV-level safety domain automatic power-off system The method comprises the following steps:
R =R9 (4)
wherein R9 represents the reliability of the I module;
the vehicle reliability Z is:
Z=1-(1-R )*(1-R )*(1-R )*(1-R ) (5)。
the method of the invention further comprises the following steps: the annual inspection method for safety evaluation specifically comprises the following steps: when the vehicle leaves the factory, the vehicle is transported to a vehicle annual inspection test place recorded by a traffic management department by a transport means, the judgment result of the traffic command control center is output to a detection device for detecting the test place, the vehicle simultaneously detects the reliability grade of the vehicle provided with the redundancy control system of the security domain of the automatic driving automobile according to the annual inspection requirement of the traffic management department during each annual inspection, and a reliability star label is attached to the vehicle;
when the vehicle reliability Z is larger than or equal to 99.99999%, 7 star-class safety is judged;
when the vehicle reliability Z is larger than or equal to 99.9999%, judging that the vehicle is 6-star-class safe;
when the vehicle reliability Z is larger than or equal to 99.999%, judging that the vehicle is 5-star safe;
when the vehicle reliability Z is less than 99.999%, the annual inspection is judged to be unqualified, and maintenance and replacement of software and hardware of the system are recommended.
The method of the invention further comprises the following steps: the vehicle reliability grade of the error-prone control system of the safety domain of the automatic driving automobile can be marked obviously in a mode of a vehicle sticker or a vehicle roof display lamp, so that the reminding effect is achieved.
The invention has the following beneficial effects:
(1) Reach the effect that promotes unmanned driving security level through the integration of car networking system: currently, both the intelligent and intelligent networking modes of unmanned single-car automobiles have security holes, and one important reason is that the security redundancy is insufficient. The invention provides multiple safety protection for the running of the vehicle through five layers of safety guarantee.
(2) Forming an unmanned reliability evaluation device system: with the use of unmanned vehicles for road tests and commercial use in urban environments, the unmanned vehicles and common manned vehicles are mixed to run, and the safety level of the urban overall vehicles needs to be evaluated in urban environments.
(4) Improving the safety level of unmanned operation: through setting up multiple guarantee mechanism, setting up test environment and operation evaluation environment, carry out the evaluation of whole network for the security evaluation that unmanned vehicles got into city and was driven, set up unmanned vehicles's market admission mechanism on the one hand, another aspect can provide more applications based on traffic control command center for the transportation trip, including unified dispatch unmanned vehicles, set up unmanned network about car platform, provide vehicle management (more abundant applications such as emergency rescue, maintenance warning and reservation, insurance warning and accident rescue service) to every unmanned vehicles through traffic control command center.
Drawings
The foregoing and/or other advantages of the invention will become more apparent from the following detailed description of the invention when taken in conjunction with the accompanying drawings and detailed description.
Fig. 1 is a diagram of a four-level safety domain redundancy control system for an automatic driving electric automobile.
Fig. 2 is a diagram of a reliability evaluation system of the four-level safety domain redundancy control system of the automatic driving electric automobile.
Detailed Description
As shown in fig. 1 and fig. 2, the invention provides a redundancy control system and a safety evaluation method for safety domains of an automatic driving automobile.
The system comprises a level I safety domain vehicle safety perception subsystem, a level II safety domain vehicle interconnection safety subsystem, a level III safety domain automatic driving and manned switching system under emergency conditions, and a level IV safety domain automatic power-off system.
The I-level safety domain vehicle safety perception subsystem comprises an A module, a B module and a C module; the A module, the B module and the C module are mutually connected in series;
the system comprises a module A, a module B and a module C, wherein the module A comprises an anti-collision ranging assembly, the module B comprises a vehicle vision assembly, and the module C comprises a group 1 intelligent driving vehicle-mounted unit;
the module A is used for measuring the distance between the vehicle and the peripheral object, transmitting the distance measurement information to the module B in real time, identifying the peripheral object by the module B, and transmitting the object identification information to the module C; c, judging whether safety risks exist for the running of the vehicle by surrounding articles according to the information transmitted by the B module, and transmitting the information to the G module;
the II-level safety domain vehicle interconnection safety subsystem comprises a D module, an E module, an F module and a G module; the D module, the E module and the F module are connected in parallel and then connected in series with the G module;
the D module comprises a vehicle state digital acquisition subsystem which is used for acquiring the running speed, gear, tire pressure, temperature and humidity of the vehicle, the length, width and height of the vehicle, the temperature of an engine and a running starting point;
the E module comprises an interconnection module of the vehicle and is used for communicating with the vehicle, roadside facilities, mobile phone terminals of pedestrians, traffic management systems such as traffic lights and the like and satellite positioning systems (including Beidou satellite positioning systems and GPS positioning systems);
the F module comprises a traffic control command center interconnection module and is used for acquiring information, including a road traffic high-definition dynamic map and information of social events on traffic control (such as temporary traffic control of a marathon event, important road section control of an college entrance examination and the like);
the G module comprises a group 2 intelligent driving vehicle-mounted unit, wherein the G module is used for comprehensively analyzing related information acquired by the D module, the E module and the F module and judging whether safety problems exist in vehicle operation, and the G module and the C module are used for mutually exchanging information so as to realize comprehensive analysis of various information from vehicles and other articles on roads and vehicles and other equipment on roads (roadside facilities, pedestrian mobile phone terminals, traffic lights and the like);
the automatic driving and manned switching system under the emergency situation of the III-level safety domain comprises an H module, and when the I-level safety domain vehicle safety sensing subsystem and the II-level safety domain vehicle interconnection safety subsystem both report fault codes, the vehicle automatically utilizes a vehicle power control system to carry out emergency parking on the vehicle;
the IV-level safety domain automatic power-off system comprises an I module, wherein the I module is used for automatically entering an energy power-off state when a vehicle is in a runaway state in a scene of safety domain failure, and automatically turning off a power supply for an electric automobile and turning off an oil circuit for a fuel automobile.
The system performs the steps of:
step 1: the vehicle A module distance measuring device transmits distance measuring information to a vehicle visual recognition system (B module) in real time;
step 2: the module B comprehensively judges the positions of the articles such as vehicles around the road traffic tool through visual recognition in combination with the information of the module A, and transmits the judging information to the 1 st group of intelligent driving vehicle-mounted units (module C);
step 3: the C module transmits the information to the group 2 intelligent driving vehicle-mounted unit (G module) after judging the information;
step 4: the D module transmits all digital information of the vehicle to the G module (comprising the running speed, the weight of the vehicle, instrument panel monitoring data, temperature and humidity, start and stop positions and length, width and height information of the vehicle);
step 5: the E module provides various information for the G module such as vehicle-to-vehicle communication, vehicle-to-roadside facilities, vehicle-to-traffic lights and vehicle-to-satellite communication. Meanwhile, the G module also feeds back the running information of the vehicle to the E module, and the E module feeds back the running information to other vehicles or facilities;
step 6: the traffic control command center access module F module provides a low-time-delay dynamic high-definition map for the G module, and supplements urban dynamic high-definition map information by collecting information of the G module;
step 7: the G module gives a running instruction to the road vehicle and controls the road vehicle power traffic system to run normally;
step 8: when the self-checking information feeds back the failure of the II system, the failure information is transmitted to the C module; meanwhile, the C module also feeds back the self-checking information of the system I to the G module;
step 9: c module takes over the power control system of the vehicle according to the fault information of the system II fed back by the G module, and the system I directly controls the running action of the vehicle;
step 10, when the G module receives the fault information of the system I received by the C module, the system I is not taken as a decision judgment basis, and the system II is taken as a decision basis to finish the running of the vehicle;
step 11, the G module feeds back the conditions of the I-level safety domain vehicle safety perception subsystem and the II-level safety domain vehicle interconnection safety subsystem to the H module in real time, when fault codes of the I-level safety domain vehicle safety perception subsystem and the II-level safety domain vehicle interconnection safety subsystem are fed back, a warning that automatic driving is switched to unmanned driving is generated, and if the vehicle detects that the system is out of control and unmanned driving is not switched to manned driving, the vehicle automatically switches the energy of the vehicle;
step 12: the automatic parking signal is fed back to the H module through the I module, and the H module reminds by voice: the two-stage automatic driving system fails, and automatic parking is executed; this is manifested as autonomous parking behavior. If the switching is not completed, the vehicle is always kept in a parking state; the vehicle slowly pops up an I module at the position of the steering wheel, the I module comprises a steering wheel controller, and a driver touches the I module to realize the functions of automatic driving and manual driving by one-key switching, so that the manual driving of the vehicle is realized;
the invention also provides an automatic driving automobile safety assessment method, which specifically comprises the following steps:
reliability R of class I safety domain vehicle safety perception subsystem The method comprises the following steps:
R =R1*R2*R3 (1)
wherein R1 represents the reliability of the A module, R2 represents the reliability of the B module, and R3 represents the reliability of the C module;
reliability R of grade II safety domain vehicle interconnection safety subsystem The method comprises the following steps:
R =(1-(1-R4)*(1-R5)*(1-R6))*R7 (2)
wherein, R4 represents the reliability of the D module, R5 represents the reliability of the E module, R6 represents the reliability of the F module, and R7 represents the reliability of the G module;
reliability R of automatic driving and manned switching system in III-level safety domain emergency The method comprises the following steps:
R =R8 (3)
wherein R8 represents the reliability of the H module;
reliability R of IV-level safety domain automatic power-off system The method comprises the following steps:
R =R9 (4)
wherein R9 represents the reliability of the I module;
the vehicle reliability Z is:
Z=1-(1-R )*(1-R )*(1-R )*(1-R ) (5)。
the method of the invention further comprises the following steps: the annual inspection method for safety evaluation specifically comprises the following steps: when the vehicle leaves the factory, the vehicle is transported to a vehicle annual inspection test place recorded by a traffic management department by a transport means, the judgment result of the traffic command control center is output to a detection device for detecting the test place, the vehicle simultaneously detects the reliability grade of the vehicle provided with the redundancy control system of the security domain of the automatic driving automobile according to the annual inspection requirement of the traffic management department during each annual inspection, and a reliability star label is attached to the vehicle;
when the vehicle reliability Z is larger than or equal to 99.99999%, 7 star-class safety is judged;
when the vehicle reliability Z is larger than or equal to 99.9999%, judging that the vehicle is 6-star-class safe;
when the vehicle reliability Z is larger than or equal to 99.999%, judging that the vehicle is 5-star safe;
when the vehicle reliability Z is less than 99.999%, the annual inspection is judged to be unqualified, and maintenance and replacement of software and hardware of the system are recommended.
The method of the invention further comprises the following steps: the vehicle reliability grade of the error-prone control system of the safety domain of the automatic driving automobile can be marked obviously in a mode of a vehicle sticker or a vehicle roof display lamp, so that the reminding effect is achieved.
The invention provides an error control system and a safety evaluation method for an automatic driving automobile safety domain, and the method and the way for realizing the technical scheme are numerous, the above description is only a preferred embodiment of the invention, and it should be noted that, for a person skilled in the art, a plurality of improvements and modifications can be made without departing from the principle of the invention, and the improvements and modifications are also considered as the protection scope of the invention. The components not explicitly described in this embodiment can be implemented by using the prior art.

Claims (8)

1. The system is characterized by comprising a level I safety domain vehicle safety sensing subsystem, a level II safety domain vehicle interconnection safety subsystem, a level III safety domain automatic driving and manned switching system under emergency conditions, and a level IV safety domain automatic power-off system;
the I-level safety domain vehicle safety perception subsystem comprises an A module, a B module and a C module; the A module, the B module and the C module are mutually connected in series;
the system comprises a module A, a module C and a module B, wherein the module A comprises an anti-collision ranging assembly, the anti-collision ranging assembly comprises an infrared sensor, the module B comprises a vehicle vision sensor, and the module C comprises a 1 st group of intelligent driving vehicle-mounted units;
the A module is used for measuring the distance between the vehicle and surrounding objects and transmitting ranging information to the B module in real time, the B module is used for identifying surrounding objects which possibly affect the safety of the vehicle by combining the distance and the running state of the vehicle, and transmitting object identification result information to the C module, and the C module is used for comprehensively judging the influence on the safety of the vehicle by integrating the vehicle distance information, the object identification result and the running state information of the vehicle.
2. The system of claim 1, wherein the class ii secure domain vehicle interconnect security subsystem comprises a D module, an E module, an F module, a G module; the D module, the E module and the F module are connected in parallel and then connected in series with the G module;
the D module comprises a vehicle state digital acquisition subsystem which is used for acquiring the running speed, gear, tire pressure, temperature and humidity of the vehicle, the length, width and height of the vehicle, the temperature of an engine and a running starting point;
the E module comprises an interconnection module of the vehicle and other vehicles, and is used for communicating with the vehicle, roadside facilities, pedestrian mobile phone terminal internet of things sensors, traffic management systems such as traffic lights and the like and satellite positioning systems;
the F module is an access terminal of a road traffic command center and is used for acquiring traffic control information, including road traffic high-definition dynamic map and traffic control information of social events;
the G module comprises a group 2 intelligent driving vehicle-mounted unit and is used for comprehensively analyzing the information acquired by the D module, the E module and the F module, judging whether the safety problem exists in the running of the vehicle, and the G module and the C module are in mutual information exchange so as to realize comprehensive analysis of various information of the vehicle and other articles on the road and various information of the vehicle and other equipment on the road.
3. The system of claim 2, wherein the class iii safety domain emergency automatic driving and manned switching system comprises an H module, wherein when the class i safety domain vehicle safety sensing subsystem and the class ii safety domain vehicle interconnection safety subsystem both report fault codes, the vehicle automatically prompts switching to the manned mode, the vehicle steering wheel automatically extends from the front console, and prompts switching to the manned mode, and the vehicle enters the automatic parking mode without response, so as to avoid running risks caused by vehicle system faults.
4. The system of claim 3, wherein the class iv safety domain automatic power-off system comprises an I module for automatically entering an energy shutdown state when the vehicle is in a runaway state in a safety domain failure scene, and automatically shutting down the power supply for the electric vehicle and shutting down the oil circuit for the fuel vehicle.
5. The system of claim 4, wherein the system performs the steps of:
step 1, a module A transmits ranging information to a module B in real time;
step 2, the module B judges the position information of the related articles on the road around the vehicle through visual recognition according to the ranging information, and transmits the judging information to the module C;
step 3, the module C judges whether the related articles on the road around the vehicle have safety risks for the running of the vehicle according to the information transmitted by the module B, and transmits the information to the module G;
step 4, the D module transmits all the digital information of the vehicle to the G module, wherein the digital information of the vehicle comprises the running speed, the weight of the vehicle, the monitoring data of an instrument panel, the temperature and humidity, the starting and stopping positions and the length, width and height information of the vehicle;
step 5, the E module provides information of vehicle-to-vehicle communication, vehicle-to-roadside facilities, vehicle-to-traffic lights and vehicle-to-satellite communication for the G module, and meanwhile, the G module also feeds back driving information of the vehicle to the E module, and the E module feeds back driving information to other vehicles or facilities;
step 6, the F module provides a road traffic dynamic high-precision map for the G module, and supplements the road traffic dynamic high-precision map information by collecting the information of the G module;
step 7,G module gives running instructions to the vehicle and controls the vehicle power control system to run normally;
step 8, if the G module provides self-checking information for the safety perception subsystem of the vehicle in the I-level safety domain, and the self-checking information feeds back failure information to the C module when the interconnection safety subsystem of the vehicle in the II-level safety domain fails; meanwhile, the C module also feeds back self-checking information of the safety perception subsystem of the vehicle in the I-level safety domain to the G module;
step 9, the C module takes over the vehicle power control system according to the fault information of the II-level safety domain vehicle interconnection safety subsystem fed back by the G module, and the I-level safety domain vehicle safety perception subsystem directly controls the running action of the vehicle;
step 10, if the G module receives the failure information of the safety perception subsystem of the vehicle in the I-level safety domain sent by the C module, the safety perception subsystem of the vehicle in the I-level safety domain is not taken as a decision judgment basis, and the safety subsystem of the vehicle in the II-level safety domain is connected with each other to be taken as a decision basis to finish the automatic running of the vehicle;
step 11, the G module feeds back the conditions of the I-level safety domain vehicle safety perception subsystem and the II-level safety domain vehicle interconnection safety subsystem to the H module in real time, when fault codes of the I-level safety domain vehicle safety perception subsystem and the II-level safety domain vehicle interconnection safety subsystem are fed back, a warning that automatic driving is switched to unmanned driving is generated, and if the vehicle detects that the system is out of control and unmanned driving is not switched to manned driving, the vehicle automatically switches the energy of the vehicle;
step 12, an automatic power-off signal is fed back to the H module through the I module, and the H module reminds by voice: the two-stage system of automatic driving fails, and the automatic blocking of energy is executed; at the moment, the automobile is in an autonomous parking behavior, if the switching is not completed, the automobile is always kept in a parking state, the automobile slowly pops out of the I module at the position of the steering wheel, the I module comprises a steering wheel controller, and a driver touches the I module to automatically drive and manually drive one-key switching functions, so that the manual driving of the automobile is realized.
6. The automatic driving automobile safety evaluation method is characterized by comprising the following steps of:
reliability R of class I safety domain vehicle safety perception subsystem The method comprises the following steps:
R =R1*R2*R3 (1)
wherein, R1 represents the reliability of the A module, R2 represents the reliability of the B module, R3 represents the reliability of the C module, and the data of the reliability is from the third party detection authentication data of the product;
reliability R of grade II safety domain vehicle interconnection safety subsystem The method comprises the following steps:
R =(1-(1-R4)*(1-R5)*(1-R6))*R7 (2)
wherein, R4 represents the reliability of the D module, R5 represents the reliability of the E module, R6 represents the reliability of the F module, and R7 represents the reliability of the G module;
reliability R of automatic driving and manned switching system in III-level safety domain emergency The method comprises the following steps:
R =R8 (3)
wherein R8 represents the reliability of the H module;
reliability R of IV-level safety domain automatic power-off system The method comprises the following steps:
R =R9 (4)
wherein R9 represents the reliability of the I module;
the vehicle reliability Z is:
Z=1-(1-R )*(1-R )*(1-R )*(1-R ) (5)。
7. the method as recited in claim 6, further comprising: the annual inspection method for safety evaluation specifically comprises the following steps: when the vehicle leaves the factory, the vehicle is transported to a vehicle annual inspection test place recorded by a traffic management department by a transport means, the determination result of the traffic command control center system is output to a detection terminal of the detection test place, the vehicle simultaneously detects the reliability grade of the vehicle provided with the system according to the annual inspection requirement of the traffic management department when in annual inspection, and a reliability star label is attached to the vehicle;
when the vehicle reliability Z is larger than or equal to 99.99999%, 7 star-class safety is judged;
when the vehicle reliability Z is larger than or equal to 99.9999%, judging that the vehicle is 6-star-class safe;
when the vehicle reliability Z is larger than or equal to 99.999%, judging that the vehicle is 5-star safe;
when the vehicle reliability Z is less than 99.999%, the annual inspection is judged to be unqualified, and the system is recommended to be maintained and upgraded.
8. The method according to claim 7, characterized in that the level of reliability of a vehicle using an autonomous car security domain error control system according to any of claims 1 to 2 can be marked by means of a car sticker or a roof light to achieve a warning effect.
CN202211565754.2A 2022-12-07 2022-12-07 Automatic driving automobile safety domain error-redundancy control system and safety evaluation method Pending CN116118773A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211565754.2A CN116118773A (en) 2022-12-07 2022-12-07 Automatic driving automobile safety domain error-redundancy control system and safety evaluation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211565754.2A CN116118773A (en) 2022-12-07 2022-12-07 Automatic driving automobile safety domain error-redundancy control system and safety evaluation method

Publications (1)

Publication Number Publication Date
CN116118773A true CN116118773A (en) 2023-05-16

Family

ID=86309017

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211565754.2A Pending CN116118773A (en) 2022-12-07 2022-12-07 Automatic driving automobile safety domain error-redundancy control system and safety evaluation method

Country Status (1)

Country Link
CN (1) CN116118773A (en)

Similar Documents

Publication Publication Date Title
US11181930B1 (en) Method and system for enhancing the functionality of a vehicle
US9896062B1 (en) Methods of theft prevention or mitigation
CN102881053B (en) Social stability maintenance supervision system on basis of vehicle identification
US10297146B2 (en) Automated highway system (AHS)
CN108961768A (en) The unmanned police cruiser of one kind and patrol method
CN204537459U (en) A kind of intelligent driving backup system based on car networking
CN111133486B (en) Method for reducing potential hazards in road traffic
CN106114502A (en) A kind of intelligent automobile aid system
US20170132919A1 (en) Automated highway system
KR101749244B1 (en) Emergency vehicle signal priority system and method thereof
CN112542054B (en) Vehicle monitoring method and device and traffic management system
CN113895450A (en) Safety redundancy system and control method for unmanned vehicle sensing system
US11200796B2 (en) Automated highway system (AHS)
CN111696328B (en) Intelligent monitoring system for bus
CN109484411B (en) Vehicle driving state detection method based on big data
CN101145281A (en) Public transit driving recording supervisory system
CN102029909B (en) A kind of Intelligent traffic safety system for avoiding drunk driving
CN113965901A (en) Expressway tunnel personnel monitoring method based on wireless probe
CN116118773A (en) Automatic driving automobile safety domain error-redundancy control system and safety evaluation method
US20230294634A1 (en) Systems and methods for communicating with third parties external to autonomous vehicles
CN116934560A (en) Intelligent management technology for automobile passenger station
CN111845594B (en) Automobile fault processing method and device
US11222489B2 (en) System for the identification and recognition of a motor vehicle based on the profile of voltage values from the onboard electrical system and corresponding identification method implemented by said system
CN202089016U (en) Car collision information detection and alarm system and car
CN113053083A (en) Early warning method and system for dangerous driving vehicle based on V2X

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination