CN116165875A - Cold backup control system and method for vehicle chassis controller - Google Patents
Cold backup control system and method for vehicle chassis controller Download PDFInfo
- Publication number
- CN116165875A CN116165875A CN202310113594.6A CN202310113594A CN116165875A CN 116165875 A CN116165875 A CN 116165875A CN 202310113594 A CN202310113594 A CN 202310113594A CN 116165875 A CN116165875 A CN 116165875A
- Authority
- CN
- China
- Prior art keywords
- control system
- backup
- main control
- power supply
- mcu1
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B9/00—Safety arrangements
- G05B9/02—Safety arrangements electric
- G05B9/03—Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
The invention provides a vehicle chassis controller and a cold backup control system and method, comprising a main control system, a backup control system and a backup switching circuit, wherein the main control system comprises a main controller MCU1 and a main power chip SBC connected with the MCU1, the backup control system comprises a backup controller MCU2 and a backup power supply connected with the MCU2, a power supply Vin is respectively connected with the SBC and the backup switching circuit of the main control system, and the backup switching circuit can automatically control the main control system to switch the backup control system. The control system and the method can ensure that the main control system is automatically switched to the backup control system in time when the main control system is abnormal, can also prevent the main control system from activating the backup control system by mistake when the main control system is reset, and the independently working backup switching circuit is simple and practical, thereby being particularly suitable for reliably controlling the chassis control system of the vehicle.
Description
Technical Field
The invention relates to the technical field of vehicle electronic control, in particular to a cold backup control system and method of a vehicle chassis controller.
Background
The safety performance of the vehicle chassis is an extremely important link of vehicle safety, and has extremely high requirements on the reliability of functions. Especially, for new energy vehicles such as unmanned vehicles, when the vehicle is in automatic driving, if a control system for controlling the chassis has serious faults, the control system needs to recover work from the faults as soon as possible for system safety, and the vehicle needs to be ensured to still normally run during the fault period.
However, the multi-core MCU controller scheme commonly used at present can only process the faults of the MCU itself and can not block the faults outside the MCU. By adopting redundancy schemes such as hot backup, the reliability of the system can be improved, but the hidden trouble that the two systems fail simultaneously cannot be eliminated. Therefore, under complex environmental conditions, a cold-standby control system is required, so that the system of the vehicle chassis controller is switched from a fault to another mode, and the vehicle can safely take over and transition before the serious fault is eliminated. For example, CN201811324479.9 discloses a dual-redundancy unmanned aerial vehicle brake controller and a cold backup control method, but the dual-redundancy unmanned aerial vehicle brake controller is a cold backup system specially used for braking on an aircraft, and does not consider the sudden failure of an MCU and a power supply module thereof, and also needs to collect various status signals sent by the MCU by using a monitoring arbitration unit which always works, so as to cache the current PWM signal duty ratio instruction, and the automatic switching between the main system and the standby system cannot be completed when the monitoring arbitration unit is abnormal.
Therefore, it is necessary to specifically perform a specific cold-standby design on the signal and control system of the vehicle chassis controller to further improve the reliability of the chassis controller in complex and harsh environments.
Disclosure of Invention
First, the technical problem to be solved
The invention provides a cold backup control system and a method of a vehicle chassis controller, which can ensure that a main control system is automatically switched to the backup control system in time when an abnormality occurs through the acquisition of key signals of the system, can also prevent the main control system from activating the backup control system by mistake when the main control system is reset, and has simple and practical independently working backup switching circuit, thereby being particularly suitable for reliably controlling the vehicle chassis control system; in addition, the backup control system can monitor and analyze the state of the main control system circuit when the main control circuit has serious faults through the self monitoring circuit and the control method so as to determine the fault type and the potential risk.
(II) technical scheme
The invention provides a cold backup control system of a vehicle chassis controller, which is characterized by comprising a main control system, a backup control system and a backup switching circuit, wherein the main control system comprises a main controller MCU1 and a main power supply chip SBC connected with the MCU1, the backup control system comprises a backup controller MCU2 and a backup power supply connected with the MCU2, a power supply Vin is respectively connected with the SBC and the backup switching circuit of the main control system, and the backup switching circuit can automatically control the main control system to switch the backup control system; the backup switching circuit comprises resistors R1-R4, a capacitor C1, an NMOS tube Q1, a PMOS tube Q2 and a PMOS tube Q3, wherein a DIS1 signal output by the MCU1 is connected with one end of the R1, the other end of the R1 is connected with a grid electrode of the Q1 and one end of the C1, the other end of the C1 is connected with a source electrode of the Q1 and then grounded, a drain electrode of the Q1 is connected with a grid electrode of the Q2 and one end of the R2 respectively, a drain electrode of the Q2 is connected with one end of the R3, one end of the R4 and the grid electrode of the Q3 respectively, the other end of the R4 is grounded, a power supply Vin is connected with the other end of the R2, the source electrode of the R3 and the source electrode of the Q3 respectively, and the drain electrode of the Q3 is connected with the power supply end of the backup power supply.
Preferably, the R1 and the C1 form a delay circuit, and the delay time of the delay circuit is set to be greater than the reset time of the main controller MCU 1.
Preferably, the system further comprises a monitoring circuit connected with the MCU2, wherein the monitoring circuit is respectively connected with the MCU1 and the SBC to monitor the fault state after the failure of the main control system.
Preferably, the power supply circuit further comprises a resistor R5, an NMOS tube Q4 and a resistor R6, wherein the DIS2 signal of the main controller MCU1 is connected with one end of the resistor R5, the other end of the resistor R5 is connected with the grid electrode of the Q4, the source electrode of the Q4 is grounded, the drain electrode of the Q4 is connected with the power supply enabling end EN of the backup power supply, the power supply Vin is connected with the power supply end of the backup power supply, and the power supply Vin is connected with the power supply enabling end EN of the DC/DC power supply and the drain electrode of the Q4 respectively through the resistor R6.
Preferably, the backup power supply is specifically a DC/DC power supply, and the power supply Vin is specifically connected to an SBC and a backup switching circuit in the main control system through a protection circuit.
Preferably, the Controller Area Network (CAN) transceiver further comprises a CAN transceiver 1 and a CAN transceiver 2, the main power chip SBC supplies power for the MCU1 and the CAN transceiver 1, the backup power supply supplies power for the MCU2 and the CAN transceiver 2, the MCU1 is in bidirectional communication connection with the CAN transceiver 1, the MCU2 is in bidirectional communication connection with the CAN transceiver 2, and the CAN transceiver 1 and the CAN transceiver 2 are respectively in communication connection with a CAN bus.
In another aspect, the present invention further discloses a control method of the cold backup control system of the vehicle chassis controller, where the control method of the MCU1 in the main control system includes:
step A: when the main control system works normally, the DIS1 and DIS2 signals are set to be 1;
and (B) step (B): and reporting the working state of the current main control system through real-time communication with the CAN bus.
Preferably, after the master control system fails, the backup control system establishes a periodic task with a preset time to monitor the state of the SBC and the MCU1 of the master control system, and the control method of the MCU2 in the backup control system includes:
step 1: the backup control system initializes system parameters, and status flags ST1 and ST2 are set to 1 by default;
step 2: the backup control system works and judges whether the preset time is exceeded, if yes, the next step 3 is carried out, and if not, the step 2 is continuously carried out;
step 3: judging whether the status flag bit ST1 or ST2 is1, if so, executing the next step 4, and if not, ending the control method;
step 4: judging whether the SBC power supply of the main control system is normal, if so, executing the next step 5, if not, setting ST1 to 0, setting ST2 to 0, reporting that the current main control system has a fault 1 through a CAN bus, namely that both the SBC and the MCU1 have faults, and jumping to the step 2;
step 5: judging whether the MCU1 state of the main control system is normal, if so, executing the next step 6, if not, setting ST1 to 1, setting ST2 to 0, reporting that the current main control system has a fault 2 through a CAN bus, namely that the MCU1 has a fault, and jumping to the step 2 when the SBC is normal;
step 6: the main control system is reset and both status flags ST1 and ST2 are set to 1 to start the next cycle.
Preferably, resetting the main control system in step 6 specifically includes resetting the main controller MCU1, where the preset time is 100ms.
In another aspect, the invention also discloses a vehicle, which comprises the cold backup control system of the vehicle chassis controller.
(III) beneficial effects
The cold backup control system and the control method of the vehicle chassis controller have the following advantages:
1) The main control system and the backup control system are mutually independent, so that the power supply is mutually independent, and the input signal acquisition and the output control are also mutually independent; so that no coupling circuit exists between the main control system and the backup system; the backup control system is not a copy of the main control system, and the cold backup system only collects key signals of the system from the angles of controllable cost and system risk and controls the safety-affecting function, so that the system is a derating control system of the main control system; when the main control system works, the backup control system is in a power-off state, and at the moment, signal acquisition, communication and output control of the main control system are irrelevant to the backup control system, and the backup system is in an isolation state. When the main control system fails, the backup control system is triggered, and the controller enters a working mode of the backup system. In addition, the main control system switches the backup system to be automatically controlled, and when the main control system fails, the MCU1 loses the control function; the process is realized by a hardware circuit in the backup switching control system without system instructions or system intervention by switching the backup controller to the backup control system. In addition, DIS2 and Q4 are also redundantly provided to disable the backup power of the backup system.
2) The invention does not need to monitor and arbitrate unit which is always supplied with power and collect complex state signals to complete active main-standby switching, and designs a set of cold backup control system of the vehicle chassis controller with the backup switching circuit to ensure that the backup switching circuit can independently realize the following functions under the condition of being isolated from the main-standby system: a) When the MCU1 supplies power normally and sends out DIS1 high level, delay can be realized to avoid false activation of the backup system (the delay time is set to be longer than the reset time of the MCU1 by a delay circuit consisting of R1 and C1), and the backup power supply of DC/DC is cut off to work to prevent the MCU1 in the main control system from false activation of the backup control system during reset; b) When MCU1 is abnormal and DIS1 output is 0, DC/DC backup power is normally supplied, and delay is not carried out at the moment, so that the aim of timely switching to backup power is fulfilled, the overall structure of the circuit is simplified and reliable, functions of delay, power supply, cold backup switching control and the like are integrated, the cold backup function is started in an off-line control mode through signal acquisition critical to the system, and the method is particularly suitable for reliability control of a vehicle chassis controller.
3) In addition, the control method of the invention effectively monitors the state marks ST1 and ST2 of the SBC and MCU1, so that the backup control system can monitor and reset the main control system circuit when the main control circuit has serious faults through the self monitoring circuit. The monitoring of the power supply modules SBC and MCU in the main control system is realized, and the monitoring is used for analyzing the fault type and potential risk of the main control system. When the main control system fails, after the backup system is started, the backup control system has an independent CAN channel to report the failure, so that the background cannot misjudge the current state of the vehicle.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a circuit diagram of a cold-standby control system of a vehicle chassis controller of the present invention;
FIG. 2 is a block diagram of the power and communications of the cold-standby control system of the vehicle chassis controller of the present invention;
FIG. 3 is a flow chart of a control method of the main control system of the present invention;
FIG. 4 is a flow chart of a control method of the backup control system in the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In order to solve the safety and reliability problems of the electric control system of the chassis of the vehicle, the controller of the invention adopts the design of a cold backup system, and the backup control system is a set of independent hardware and software platform; under normal working conditions, the main control system is dominant, the backup system is forbidden, and the power consumption of the controller is only the power consumption of the main control system. However, since the main controller MCU (micro controller) and the main power chip SBC (i.e., the system base chip System Basis Chip, which may have a power supply function, a bus transceiving function, a diagnostic monitoring function, and a wake-up management function) of the vehicle chassis main control system may have serious faults such as sudden power failure, it cannot be guaranteed that the fault signal is actively sent in time to complete the switching of the backup control system, so that the backup control system is not only prevented from being activated by mistake when the main control system is normally powered, but also needs to be switched from the backup control system back to the main control system in time to resume normal operation after the fault is removed, so that it is necessary to design a cold backup control system of the vehicle chassis controller that simultaneously meets the above requirements.
Referring to fig. 1, the invention designs a cold backup control system of a vehicle chassis controller, which comprises a main control system (also simply referred to as a main control system), a backup control system (also simply referred to as a backup system) and a backup switching circuit, wherein the main control system comprises a main controller MCU1 and a main power supply chip SBC, the backup control system comprises a backup controller MCU2 and a backup power supply, and the main power supply chip SBC and the backup power supply power to the main controller MCU1 and the backup controller MCU2 respectively so as to be mutually independent internal power supplies. The input power supply Vin is respectively connected with the SBC and the backup switching circuit of the main control system. The backup switching circuit is used for automatically controlling the main control system to switch the backup control system, the backup switching circuit specifically comprises resistors R1-R4, a capacitor C1, an NMOS tube Q1, a PMOS tube Q2 and a PMOS tube Q3, a DIS1 signal output by the main controller MCU1 is connected with one end of the R1, the other end of the R1 is connected with a grid electrode of the Q1 and one end of the C1, the other end of the C1 is grounded after being connected with a source stage of the Q1, a drain electrode of the Q1 is respectively connected with a grid electrode of the Q2 and one end of the R2, one end of the R4 and the grid electrode of the Q3, the other end of the R4 is grounded, a power supply Vin is respectively connected with the other end of the R2, the source stage of the R3 and the source stage of the Q3, and the drain electrode of the Q3 is connected with the power supply end of the backup power supply.
In summary, the automatic switching between the main control system and the backup control system is mainly realized by the backup switching circuit, when the main control system works normally, the signal DIS1 sent actively is set to 1, the nmos transistor Q1 is turned on, and the common terminal of R2 and Q2 is grounded. Because Q2 is PMOS, when the control G is extremely low, because the source S is the high-level power supply Vin, the negative pressure conduction condition of Vgs is satisfied, Q2 is conducted, and the G pole and the S pole of the PMOS tube Q3 are both set to be the source voltage after Q2 is conducted, so that no pressure difference exists between GS, and therefore Q3 is cut off, and at the moment, the main loop power supply port of the backup system is in an off state. On the contrary, when the fault occurs, when the output of the DIS1 is 0 (including the state that the MCU1 is powered off), at this time, Q1 and Q2 are both turned off, and Q3 is turned on, and the power supply Vin directly supplies power to the backup power supply through Q3, so as to activate the MCU2 to start entering the cold backup operation mode. In addition, R1 and C1 form a delay circuit for avoiding false activation of the backup system, and the delay time of the delay circuit is set to be longer than the reset time of the main controller MCU1, so that the backup control system is ensured not to be triggered by mistake when the main controller is reset.
It should be noted that, in order to realize that the backup system can be automatically activated when the main control system is abnormal, and the backup control system can be prevented from being activated by mistake when the main control system supplies power normally; the invention improves the output mode of the key signals of the system, so that the DIS1 signal sent by the MCU1 during normal operation is a high-level control signal 1, when abnormality occurs, the MCU1 may stop working and can not send out a signal, at the moment, the output DIS1 signal is a low-level signal 0, and the DIS1 signal is matched with a uniquely designed backup switching circuit to control the backup control system to work, thereby finally realizing the functions.
In addition, in the invention, devices such as various resistors, MOS tubes and the like of the backup switching circuit are necessary, for example: the delay circuit is formed by R1 and R2 and the Vgs negative voltage difference forming Q2 is formed, and the functions of R3 and R4 are as follows: 1. when the Q1 pipe is not controlled to be cut off by DIS1, the source voltage is divided by R3 and R4, the GS voltage difference of Q3 is larger than the starting threshold value, and Q3 is conducted, so that the source is communicated through Q3; 2. when the Q1 pipe is controlled to be conducted by DIS1, the Q2 is conducted, and after the Q2 is conducted, the power supply voltage passes through a S, D pole of the Q2; therefore, the voltage drop of R3 is approximately 0, so that the G pole and the S pole of the PMOS tube Q3 are both set as the source voltage, the GS is approximately not different in voltage, the GS of the Q3 tube is approximately conducted, and therefore, the Q3 tube is closed, and the power supply to the backup source DC/DC is cut off.
In another embodiment, the backup power source may be particularly preferably a DC/DC power source (i.e., a direct current voltage source) for derating control of the vehicle chassis controller. In addition, the input power supply Vin can be connected with the SBC and the backup switching circuit in the main control system through a protection circuit respectively, so as to achieve the purpose of protecting the power supply circuit or the whole circuit.
In addition, although the MCU1 and the MCU2 work alternately, in order to realize the signal isolation input/output function of the MCU1 and the MCU2, the input signal input inputs signals into the MCU1 and the MCU2 from two pins through the input module, and the output signal output receives output signals sent by the MCU1 and the MCU2 through two pins of the output module, so that signals of the active and standby systems are independent from each other.
In another embodiment, referring to fig. 2, to implement the primary control system and the backup control system independently of each other, both use separate channels for the input/output signals. Preferably, the CAN buses of the main and standby systems all use independent transceivers, namely a CAN transceiver 1 and a CAN transceiver 2 are respectively used for completing the communication between the main and standby systems and the CAN buses, and a transceiver power supply module is a power supply module of the main and standby systems. The main power supply chip SBC supplies power for the MCU1 and the CAN transceiver 1, the DC/DC power supply supplies power for the MCU2 and the CAN transceiver 2, the MCU1 is in bidirectional communication connection with the CAN transceiver 1, the MCU2 is in bidirectional communication connection with the CAN transceiver 2, and the CAN transceiver 1 and the CAN transceiver 2 are respectively connected with a CAN bus.
In another embodiment, from the perspective of redundancy, the present invention can additionally disable the main power DC/DC of the backup system, and the main controller MCU1 also outputs the same signal DIS2 as DIS1 (or can be directly controlled by the DIS1 signal), so as to redundantly control the DC/DC power in the backup system, specifically, the DIS2 signal of the main controller MCU1 is connected to one end of the resistor R5, the other end of the resistor R5 is connected to the gate of the NMOS transistor Q4, the source of the Q4 is grounded, the drain of the Q4 is connected to the power enable end EN of the DC/DC power, the input power Vin is connected to the power supply end of the DC/DC power, and is connected to the power enable ends EN and the drain of the Q4 of the DC/DC power through the resistor R6, respectively. Therefore, Q4 is controlled by the DIS2 signal, when DIS2 is set to 1, NMOS transistor Q4 is turned on, and power supply enable terminal EN of DC/DC is grounded, so that DC/DC of the backup system is disabled. When DIS2 is 0, Q4 is turned off, and input power 2 split from power supply Vin sets power supply enable end EN of DC/DC to 1 through R6, so as to ensure normal operation of DC/DC power supply redundantly, and improve reliability.
The main control system controls the power supply of the backup system through the backup switching circuit, and after the power is on, DIS1 and DIS2 are set to 1. From the perspective of reducing hardware cost, the backup system is a derated control system; the backup control system can monitor the failure state of the main control system after failure through a monitoring circuit connected with the MCU2, the monitoring circuit is respectively connected with the MCU1 and the SBC, when the SBC and the MCU1 of the main control system are in normal states, the corresponding zone bits (ST 1 and ST 2) are set to 1, the main control system is tried to be reset, and the backup control system is switched back to the main control system to work so as to control the chassis of the vehicle.
In addition, referring to fig. 3, the control method of the MCU1 in the master control system includes:
step A: when the main control system works normally, the DIS1 and DIS2 signals are set to be 1;
and (B) step (B): and reporting the working state of the current main control system through real-time communication with the CAN bus.
After the main control system fails, the backup system establishes a period task of 100ms to monitor the states of the SBC and the MCU1 of the main control system, and assigns values for the states ST1 and ST2 of the SBC and the MCU1, wherein ST1 corresponds to the state of the SBC and ST2 corresponds to the state of the MCU 1; in a default state, after the backup system is started, the initial values of the state flag bits ST1 and ST2 are set to be 1 when system parameters are initialized; and when the backup system monitors that the states of the SBC and the MCU1 are faults, setting ST1 and ST2 to 0, and thus exiting the monitoring of the main control system. In the monitoring process, the fault type of the main control system is reported through the CAN bus so as to make a decision in the background.
Referring to fig. 4, after the master control system fails, the backup control system establishes a periodic task of 100ms to monitor the state of the SBC and the MCU1 of the master control system, and the control method of the MCU2 in the backup system specifically includes:
step 1: the backup control system initializes system parameters, and status flags ST1 and ST2 are set to 1 by default;
step 2: the backup control system works and judges whether the period task time exceeds 100ms, if so, the next step 3 is entered, and if not, the step 2 is continuously executed;
step 3: judging whether the status flag bit ST1 or ST2 is1, if so, executing the next step 4, and if not, ending the control method;
step 4: judging whether the SBC power supply of the main control system is normal, if so, executing the next step 5, if not, setting ST1 to 0, setting ST2 to 0, reporting that the current main control system has a fault 1 through a CAN bus, namely that both the SBC and the MCU1 have faults, and jumping to the step 2;
step 5: judging whether the MCU1 state of the main control system is normal, if so, executing the next step 6, if not, setting ST1 to 1, setting ST2 to 0, reporting that the current main control system has a fault 2 through a CAN bus, namely that the MCU1 has a fault, and jumping to the step 2 when the SBC is normal;
step 6: the main control system is reset (including resetting MCU 1) and both status flags ST1 and ST2 are set to 1 to begin the next cycle.
According to the control method, when the control system is in the working mode of the backup system, the backup control system monitors the fault states of the main power chip SBC (System Basis Chip) and the MCU1 of the main control system, and if the SBC state signal (ST 1) of the main control system is normal, the backup system judges the MCU1 state (ST 2) of the main control system; if the SBC power supply of the main control system is abnormal, the state judgment of the MCU1 is not needed, and ST1 and ST2 are set to 0; simultaneously reporting faults through a CAN bus; if the SBC state is normal and the MCU1 state is also normal, the backup system will attempt to reset the primary control system and set ST1 and ST2 to 1, facilitating the next (100M period) state monitoring of the primary control system. Therefore, through the zone bits ST1 and ST2 and the monitoring circuit, the backup control system can quickly and effectively confirm the fault type of the main control system, timely recover the work of the main control system after the fault is removed, and send a DIS1 signal to disable the backup system to perform cold backup work after the main control system starts to work.
In another aspect, the invention also claims an automobile, wherein the cold backup control system of the automobile chassis controller is arranged. Preferably, the automobile is a new energy automobile, and the automobile can have an unmanned function.
The advantages of the invention over the prior art are the following:
1. the reliability of the controller is realized, the main control system and the backup control system work alternately, and when the MCU1 of the main control system loses the control function, the control system is automatically switched to the backup control system and is not influenced by the circuit of the main control system, so that the reliability of the system is ensured;
2. the relation between the main control system and the backup system is as follows: during normal operation, the main control system works and the backup system is powered off; when the main control system is abnormal, the backup system takes over the control task, and the backup system is derated control and only controls signals and driving signals affecting the functional safety;
3. and the fault reporting function is used for automatically identifying and judging the fault of the main control system and reporting the fault after the backup control system takes over the work when the main control system fails, so that the background is facilitated to make a correct decision.
4. Derating control of the backup control system functionally collects and controls key signals affecting safety. Thus, not only hardware cost is reduced, but also safety control of the vehicle is realized.
5. The backup switching control system switches and activates cold backup through the control of the main control system on the on-off state of the MOS tube, and when the main control system works, a circuit for supplying power to the backup system is in a closed state; only when the master control system MCU1 loses the control function, the backup system can be powered on to work.
6. When the backup system works, the SBC power supply and MCU1 state of the main control system are monitored, emergency task taking over is carried out after the failure state of the SBC power supply and the MCU1 state is confirmed, the safe mode is entered, the normal working mode of the main control system is quickly switched back after the recovery of the SBC power supply and the MCU1 state is confirmed, and the cold backup working mode is automatically exited.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. The cold backup control system of the vehicle chassis controller is characterized by comprising a main control system, a backup control system and a backup switching circuit, wherein the main control system comprises a main controller MCU1 and a main power supply chip SBC connected with the MCU1, the backup control system comprises a backup controller MCU2 and a backup power supply connected with the MCU2, a power supply Vin is respectively connected with the SBC and the backup switching circuit of the main control system, and the backup switching circuit can automatically control the main control system to switch the backup control system; the backup switching circuit comprises resistors R1-R4, a capacitor C1, an NMOS tube Q1, a PMOS tube Q2 and a PMOS tube Q3, wherein a DIS1 signal output by the MCU1 is connected with one end of the R1, the other end of the R1 is connected with a grid electrode of the Q1 and one end of the C1, the other end of the C1 is connected with a source electrode of the Q1 and then grounded, a drain electrode of the Q1 is connected with a grid electrode of the Q2 and one end of the R2 respectively, a drain electrode of the Q2 is connected with one end of the R3, one end of the R4 and the grid electrode of the Q3 respectively, the other end of the R4 is grounded, a power supply Vin is connected with the other end of the R2, the source electrode of the R3 and the source electrode of the Q3 respectively, and the drain electrode of the Q3 is connected with the power supply end of the backup power supply.
2. The cold-standby control system of a vehicle chassis controller according to claim 1, wherein R1 and C1 constitute a delay circuit, and a delay time of the delay circuit is set to be longer than a reset time of the main controller MCU 1.
3. The cold-standby control system of a vehicle chassis controller according to claim 2, further comprising a monitoring circuit connected to the MCU2, the monitoring circuit being connected to the MCU1 and the SBC, respectively, to monitor a failure state after failure of the main control system.
4. A cold-standby control system of a vehicle chassis controller according to any one of claims 1-3, further comprising a resistor R5, an NMOS transistor Q4 and a resistor R6, wherein the DIS2 signal of the main controller MCU1 is connected to one end of R5, the other end of R5 is connected to the gate of Q4, the source of Q4 is grounded, the drain of Q4 is connected to the power supply enable end EN of the standby power supply, the power supply Vin is connected to the power supply end of the standby power supply, and is connected to the power supply enable ends EN of the DC/DC power supply and the drain of Q4 through the R6, respectively.
5. A cold-backup control system for a vehicle chassis controller according to any of claims 1-3, characterized in that the backup power source is in particular a DC/DC power source, and the power supply Vin is in particular connected to an SBC and a backup switching circuit in the main control system, respectively, via a protection circuit.
6. A cold-standby control system for a vehicle chassis controller according to any of claims 1-3, further comprising a CAN transceiver 1 and a CAN transceiver 2, said main power chip SBC powering the MCU1 and the CAN transceiver 1, said standby power source powering the MCU2 and the CAN transceiver 2, said MCU1 being in bi-directional communication with the CAN transceiver 1, said MCU2 being in bi-directional communication with the CAN transceiver 2, said CAN transceiver 1 and CAN transceiver 2 being in respective communication with a CAN bus.
7. A control method of a cold-standby control system of a vehicle chassis controller according to any one of claims 1 to 6, characterized in that the control method of the MCU1 in the main control system includes:
step A: when the main control system works normally, the DIS1 and DIS2 signals are set to be 1;
and (B) step (B): and reporting the working state of the current main control system through real-time communication with the CAN bus.
8. The control method according to claim 7, wherein after the master control system fails, the backup control system establishes a periodic task for a preset time to perform state monitoring on SBC and MCU1 of the master control system, and the control method of MCU2 in the backup control system includes:
step 1: the backup control system initializes system parameters, and status flags ST1 and ST2 are set to 1 by default;
step 2: the backup control system works and judges whether the preset time is exceeded, if yes, the next step 3 is carried out, and if not, the step 2 is continuously carried out;
step 3: judging whether the status flag bit ST1 or ST2 is1, if so, executing the next step 4, and if not, ending the control method;
step 4: judging whether the SBC power supply of the main control system is normal, if so, executing the next step 5, if not, setting ST1 to 0, setting ST2 to 0, reporting that the current main control system has a fault 1 through a CAN bus, namely that both the SBC and the MCU1 have faults, and jumping to the step 2;
step 5: judging whether the MCU1 state of the main control system is normal, if so, executing the next step 6, if not, setting ST1 to 1, setting ST2 to 0, reporting that the current main control system has a fault 2 through a CAN bus, namely that the MCU1 has a fault, and jumping to the step 2 when the SBC is normal;
step 6: the main control system is reset and both status flags ST1 and ST2 are set to 1 to start the next cycle.
9. The control method according to claim 8, wherein resetting the main control system in step 6 specifically includes resetting the main controller MCU1, and the preset time is 100ms.
10. A vehicle comprising a cold-standby control system of the vehicle chassis controller of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310113594.6A CN116165875A (en) | 2023-02-14 | 2023-02-14 | Cold backup control system and method for vehicle chassis controller |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310113594.6A CN116165875A (en) | 2023-02-14 | 2023-02-14 | Cold backup control system and method for vehicle chassis controller |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116165875A true CN116165875A (en) | 2023-05-26 |
Family
ID=86421521
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310113594.6A Pending CN116165875A (en) | 2023-02-14 | 2023-02-14 | Cold backup control system and method for vehicle chassis controller |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116165875A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117148704A (en) * | 2023-10-31 | 2023-12-01 | 格陆博科技有限公司 | Intelligent chassis domain controller with hardware full redundancy design |
-
2023
- 2023-02-14 CN CN202310113594.6A patent/CN116165875A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117148704A (en) * | 2023-10-31 | 2023-12-01 | 格陆博科技有限公司 | Intelligent chassis domain controller with hardware full redundancy design |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110262297B (en) | Relay control device and power supply system | |
| CN108493904B (en) | IGBT safety turn-off system and method for turning off vehicle motor | |
| KR20220026873A (en) | Power control apparatus and method for autonomous vehicle | |
| US10497189B2 (en) | Vehicular control device and method of controlling vehicular control device | |
| KR101967464B1 (en) | Method for preventing battery discharge and electronic control unit using the same | |
| CN116165875A (en) | Cold backup control system and method for vehicle chassis controller | |
| CN216904359U (en) | Intelligent driving power management system and vehicle | |
| CN109212958A (en) | Double redundancy unmanned plane brake controller and cold standby control method | |
| CN214450872U (en) | Redundant braking system, automatic driving system and vehicle | |
| CN108112145B (en) | Multifunctional automobile tail lamp control system based on CAN bus and control method thereof | |
| CN218858337U (en) | State holding circuit of signal relay and vehicle body area control system | |
| CN219096584U (en) | Electronic controller and vehicle | |
| CN202502362U (en) | Vehicle body power management system based on dual core control | |
| EP4087118A1 (en) | Electric motor control system and vehicle having same | |
| CN109263574B (en) | Finished automobile power supply mode redundancy control system and method | |
| CN113126586B (en) | Wake-up diagnostic device and wake-up diagnostic method | |
| CN113459832A (en) | Circuit system of vehicle power chassis | |
| CN202975754U (en) | A power control system of multiple controllers and engineering machinery equipment | |
| CN219904274U (en) | Intelligent power distribution unit of automobile | |
| CN115179964B (en) | VCU redundancy control system based on functional safety and application thereof | |
| CN216508228U (en) | Safe output control circuit and car based on two watchdog of isomerism | |
| CN112987896B (en) | Power supply device, power supply method and electronic control system | |
| CN208781005U (en) | Double redundancy unmanned plane brake controller | |
| CN115268312A (en) | Control system | |
| CN219893173U (en) | Electric motor car owner discharge circuit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |