WO2018130474A1 - Method for optimizing safety parameter of vehicle electronic control system - Google Patents

Method for optimizing safety parameter of vehicle electronic control system Download PDF

Info

Publication number
WO2018130474A1
WO2018130474A1 PCT/EP2018/050299 EP2018050299W WO2018130474A1 WO 2018130474 A1 WO2018130474 A1 WO 2018130474A1 EP 2018050299 W EP2018050299 W EP 2018050299W WO 2018130474 A1 WO2018130474 A1 WO 2018130474A1
Authority
WO
WIPO (PCT)
Prior art keywords
failure
safety
failure mode
signal
sensor
Prior art date
Application number
PCT/EP2018/050299
Other languages
French (fr)
Inventor
Fangfang WANG
Jietong LIN
Original Assignee
Continental Teves Ag & Co. Ohg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Continental Teves Ag & Co. Ohg filed Critical Continental Teves Ag & Co. Ohg
Publication of WO2018130474A1 publication Critical patent/WO2018130474A1/en

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60TVEHICLE BRAKE CONTROL SYSTEMS OR PARTS THEREOF; BRAKE CONTROL SYSTEMS OR PARTS THEREOF, IN GENERAL; ARRANGEMENT OF BRAKING ELEMENTS ON VEHICLES IN GENERAL; PORTABLE DEVICES FOR PREVENTING UNWANTED MOVEMENT OF VEHICLES; VEHICLE MODIFICATIONS TO FACILITATE COOLING OF BRAKES
    • B60T17/00Component parts, details, or accessories of power brake systems not covered by groups B60T8/00, B60T13/00 or B60T15/00, or presenting other characteristic features
    • B60T17/18Safety devices; Monitoring
    • B60T17/22Devices for monitoring or checking brake systems; Signal devices
    • B60T17/221Procedure or apparatus for checking or keeping in a correct functioning condition of brake systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/10Geometric CAD
    • G06F30/15Vehicle, aircraft or watercraft design

Definitions

  • the present invention relates to the technical field of motor vehicle safety, in particular to a method for optimizing a safety parameter of a vehicle electronic control system.
  • Vehicle safety means the performance of a vehicle in terms of avoiding accidents during travel, and ensuring the safety of pedestrians, the driver and the vehicle passengers.
  • An electronic braking system is a control unit for increasing vehicle safety, which enables the vehicle to operate stably without deviating from a set route of travel, not only during braking and ac ⁇ celeration when traveling in a straight line, but also when turning left or right, in different road surface conditions (e.g. icy surface, wet and slippery road surface) , and increases the vehicle's ability to avoid accidents, being able to ensure vehicle safety even in emergencies.
  • Typical electronic braking systems include Anti-lock Braking Systems (ABS) and Electronic Stability Control (ESC) systems.
  • wheel speed sensors fitted to the wheels collect rotation speed signals from the four wheels, and send these signals to an electronic control unit to calculate the rotation speed of each wheel; the deceleration of the vehicle and the slip rate of the wheels are then calculated.
  • the electronic control unit of the ABS system adjusts braking pressure during braking by means of a hydraulic control unit according to calculated parameters, achieving the objective of preventing wheel locking.
  • the principal function of an ESC system is to monitor vehicle operating conditions such as vehicle wheel speed, deflection angular velocity and yaw rate, and at the same time determine a driver' s driving intention according to steering wheel rotation angle and cornering angle, to control the braking system and the motive power system appropriately, and thereby ensure that the vehicle exhibits the behavior desired by the driver and maintains a certain degree of stability and comfort.
  • the "Road vehicles - Functional safety" standard IS026262 grades the safety of vehicle control systems according to degree of risk and harm, and is divided into four safety integrity levels from ASIL A to ASIL D, wherein ASIL D is the highest level, with the highest safety requirements.
  • ASIL D is the highest level, with the highest safety requirements.
  • existing design methods In order to enable a vehicle's electronic control system to attain a higher safety integrity level, and meet higher safety parameter requirements, existing design methods generally use one sensor input signal processing unit/controller unit of a high safety integrity level; or use two sensor input signal processing units/controller units of a lower safety integrity level.
  • a method for optimizing a safety parameter of a vehicle electronic control system comprising a sensor signal input unit, a control unit and an execution unit connected in sequence.
  • the method comprises: acquiring all failure modes of a sensor input signal; analysing whether each type of failure mode violates a safety goal ; if the type of failure mode will cause violation of a safety goal, then retaining the failure mode in a sensor input signal failure mode sequence, and recording a result of the type of failure mode; if the type of failure mode will not cause violation of a safety goal, then rejecting the failure mode from a sensor input signal failure mode sequence; rearranging all retained failure modes;
  • the vehicle electronic control system is an electronic braking system
  • the control unit is a function application control module of an anti-lock braking system and/or electronic stability control system of the electronic braking system.
  • the electronic braking system is an electronic stability control system
  • the sensor signal is one or more of signals from a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor .
  • all retained failure modes are divided into one or more of the following classes: electrical failure, a signal or a signal gradient exceeding a range, and signal distortion.
  • a first safety mechanism is used for a failure mode in the electrical failure class, whereby electricity and signal state are monitored;
  • a second safety mechanism is used for a failure mode in which a signal or a signal gradient exceeds a range, whereby sin ⁇ gle-channel signal authenticity monitoring is used, with signal range, variation gradient and deviation being monitored;
  • a third safety mechanism is used for a failure mode in the signal distortion class, whereby multi-channel signal authenticity or correctness monitoring is used.
  • a residual failure rate for a particular class of failure mode of the sensor input signal is x(l-DC) , wherein f FMi 1 S a failure rate of the type of failure mode of the sensor input signal, and DCi is a diagnostic coverage of the first-order safety mechanism applied to the type of failure mode of the sensor input signal; the range of DCi is 60% - 99%.
  • the analysis logic is what function is the signal applied to, and what kind of effect will a particular class of failure mode of the signal have on the function; a corresponding safety mechanism is applied on the basis of an analysis result, forming the second-order safety mechanism.
  • the function is analysed, and the second-order safety mechanism is designed according to characteristics of a sensor output signal and the function .
  • KF- L x (l -£>C) x (l -£>C.)
  • f FM i is a failure rate of the class of failure mode of the sensor input signal
  • DCi and DC j are diagnostic coverages of the first-order and second-order safety mechanisms applied to the class of failure mode of the sensor input signal respectively; the ranges of DCi and DC j are 60% - 99%.
  • the vehicle electronic control system further comprises a first-order safety mechanism applied to each class of failure mode of the sensor input signal, and a second-order safety mechanism applied to each class of consequence of all failure modes, wherein the first-order safety mechanism is an input circuit diagnostic unit, and the sec ⁇ ond-order safety mechanism is a control safety protection unit; an input end of the input circuit diagnostic unit receives the sensor input signal, and an output end of the input circuit diagnostic unit is connected to the control unit; an input end of the control safety protection unit is connected to the output end of the input circuit diagnostic unit and an output end of the sensor signal input unit; and an output end of the control safety protection unit is connected to the execution unit.
  • the first-order safety mechanism is an input circuit diagnostic unit
  • the sec ⁇ ond-order safety mechanism is a control safety protection unit
  • an input end of the input circuit diagnostic unit receives the sensor input signal, and an output end of the input circuit diagnostic unit is connected to the control unit
  • an input end of the control safety protection unit is connected to the output end of the input circuit diagnostic unit and an
  • a higher safety parameter index is attained, and the safety of the electronic control system is increased, by first of all analysing and classifying failure modes, then adopting targeted safety measures, without significantly increasing hardware costs, and without increasing design difficulty.
  • the present invention adopts a second-order optimization solution, i.e. applies safety measures to failure modes of a sensor input signal and effects thereof respectively, to form a second-order op ⁇ timization solution; in relation to a conventional first-order optimization solution, the optimization efficiency is better, and the result is more favorable.
  • Fig. 1 is a schematic diagram of some functional modules of a typical vehicle electronic control system
  • fig. 2 is a flow chart of a method for optimizing a safety parameter of a vehicle electronic control system according to a preferred embodiment of the present invention
  • fig. 3 is a schematic diagram of some functional modules of an optimized vehicle electronic control system.
  • the present invention provides a method for optimizing a safety parameter of a vehicle electronic control system, which can significantly improve a safety parameter of a vehicle electronic control system, without significantly increasing starting material costs and without increasing design difficulty.
  • the present invention significantly improves a safety pa ⁇ rameter of a vehicle electronic control system, without sig ⁇ nificantly increasing starting material costs and without increasing design difficulty, by the method of analysing failure results, and subjecting failure modes which would violate a safety goal to integrated classification, and then increasing effective diagnosis of the integrated failure modes.
  • a safety-related parameter of the item should meet the requirements in the IS026262 standard, wherein the random hardware failure target value (PMHF) and single point fault metric (SPFM) should meet the requirements in table 1.
  • PMHF random hardware failure target value
  • SPFM single point fault metric
  • a vehicle electronic control system is a typical example of the abovementioned item.
  • a method for optimizing a safety parameter of a vehicle electronic control system is expounded below with reference to the vehicle electronic control system shown in fig . 1.
  • a typical vehicle electronic control system comprises a sensor signal input unit, a control unit and an execution unit connected in sequence.
  • the sensor signal input unit processes a sensor input signal from the vehicle electronic control system, to obtain an input parameter needed by the system.
  • the sensor input signal is one of, or a combination of more than one of, signals from a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor.
  • the control unit may be a function application control module of an electronic braking system ABS and/or ESC function.
  • the method for optimizing a safety parameter of a vehicle electronic control system is explained by taking as an example the case of a safety parameter optimization solution for failure of a sensor input signal.
  • the method can optimize the vehicle electronic control system shown in fig. 1.
  • the method comprises the following steps:
  • Step S101 acquiring all failure modes of a sensor input signal.
  • the failure modes of the sensor input signal are denoted FMi...FM m .
  • Step S102 analysing an effect of each failure mode FM X , and determining whether the failure mode will violate a safety goal of an item.
  • Step S103 if the failure mode affects the safe execution of a function of the electronic control system, i.e. the failure mode will violate a safety goal of an item, retaining the failure mode in a failure mode sequence of the sensor input signal.
  • Step S104 if the failure mode does not affect the safe execution of a function of the electronic control system, i.e. the failure mode will not violate a safety goal of an item, rejecting the failure mode from a failure mode sequence of the sensor input signal.
  • Step S105 rearranging all of the retained failure modes, recording them as a sequence FMi . . . FM n (n ⁇ m) , where the number of rejected failure modes is (m - n) , and recording corresponding failure rates as f F m...f F M nr wherein m and n are both integers.
  • Step S106 classifying the failure mode sequence retained in step S105, and applying a first-order safety mechanism to each class of failure mode. Specifically, to reduce the complexity and repetition rate of the safety mechanism, first of all the retained failure mode sequence is analysed, the retained failure modes are classified according to an analysis result, and a safety mechanism SMi is designed and applied to each class of failure mode.
  • the diagnostic capability of the safety mechanism is limited, and is referred to as diagnostic coverage in IS026262; the diagnostic coverage of the safety mechanism SMi is recorded as DCi.
  • a first-order optimization design solution with a reduced dangerous failure rate for a sensor input signal is accomplished above.
  • a residual failure rate for a par- ticular class of failure mode of a sensor input signal is
  • f FM i is the failure rate of the type of failure mode of the sensor input signal
  • DCi is the diagnostic coverage of the first-order safety mechanism applied to the type of failure mode of the sensor input signal
  • the range of DCi is 60% - 99%.
  • the first class is electrical failure, typically manifested as signal calibration being invalid, the signal itself being invalid, the signal lacking continuity, the signal not being initialized, or the signal exceeding a range
  • the second class is the signal or a signal gradient exceeding a range, typically manifested as the signal being too high, the signal being too low, the signal exceeding a range, signal deviation exceeding a range, or a signal variation gradient exceeding a range
  • the third class is signal distortion, typically manifested as a signal value error, or a signal tolerance error, etc.
  • the retained failure modes may comprise one or more of the three categories: electrical failure, the signal or a signal gradient exceeding a range, and signal distortion.
  • the three signal failure types cover most sensor signal failure types, and are not limited to sensors used in a vehicle electronic control system such as a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor, but are also suitable for sensors used in the field of industrial control .
  • the safety mechanisms designed for the three classes of failure mode generally include three types.
  • a first safety mechanism is used for the first class of failure mode, whereby electricity and signal state are monitored.
  • a second safety mechanism is used for the second class of failure mode, whereby single-channel signal authenticity monitoring is used, with signal range, variation gradient and deviation etc. being monitored.
  • a third safety mechanism is used for the third class of failure mode, whereby multi-channel signal authenticity or correctness monitoring is used; this safety mechanism is es ⁇ tablished on the basis that there is another independent signal input source, and the authenticity of the sensor input signal is determined by comparing independent signals which are not from the same source.
  • the three safety mechanism design solutions designed for sensor signal failures are not limited to sensors used in a vehicle electronic control system such as a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor, but are also suitable for sensors used in the field of industrial control.
  • step S107 analysing and classifying effects of all the failure modes of the sensor input signal in step S105 on an item (i.e. the vehicle electronic control system) , and applying a sec ⁇ ond-order safety mechanism to each class of effect.
  • an item i.e. the vehicle electronic control system
  • a safety mechanism SMj is designed and applied to each class of effect, and the diagnostic coverage thereof is recorded as DC .
  • step S107 first of all an application condition of the sensor input signal is analysed, wherein the analysis logic is what function is the signal applied to, and what kind of effect will a particular class of failure mode of the signal have on the function; a corresponding safety mechanism is applied on the basis of an analysis result, forming the second-order safety mechanism.
  • the second-order safety mechanism is a control safety protection unit.
  • a typical example of the analysis is that a steering wheel rotation angle input signal exceeds a certain range or a variation gradient thereof exceeds a certain range, or signal deviation exceeds a permissible range, causing a loss of vehicle stability, and violating a safety goal; in this case, the step of turning off the ESC system is taken in the control safety protection unit, to ensure vehicle safety.
  • the analysis and design method is not limited to sensors used in a vehicle electronic control system such as a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor, but is also suitable for sensors used in the field of industrial control.
  • a second-order safety control mechanism can be designed by this method according to the specific control system and safety goal.
  • step S107 starting from a vehicle electronic control system function itself, the function is analysed, and a control safety protection unit is designed according to characteristics of a sensor output signal and the function.
  • Typical examples of the method are ABS and an ESC system, which themselves have many functions, but the output of the different functions thereof is principally the control of braking torque. If output braking torque is too large, this will cause a loss of vehicle stability, violating a safety goal; if output braking torque is too small, this will result in in ⁇ sufficient vehicle braking, violating a safety goal and the requirements of ECE R13 regulations.
  • a safety mechanism is designed in the control safety protection unit to limit output braking torque; a typical design solution is that a maximum value does not exceed a braking intention of the driver, and a minimum value should be able to meet the requirements of ECE R13 regulations with regard to minimum braking force.
  • the analysis and design method is not limited to a vehicle electronic control system using sensors such as a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor, but is also suitable for optimization of safety-related parameters of Functional Safety of Electrical/Electronic/Programmable
  • a second-order optimization design solution with a reduced dangerous failure rate for a sensor input signal is accomplished above .
  • a residual failure rate for a particular class of failure mode of a sensor input signal is
  • the optimized vehicle electronic control system further comprises a first-order safety mechanism applied to each class of failure mode of a sensor input signal, the first-order safety mechanism in this embodiment being an input circuit diagnostic unit; and a second-order safety mechanism applied to each class of consequence of all failure modes, the second-order safety mechanism in this embodiment being a control safety protection unit.
  • An input end of the input circuit diagnostic unit receives a sensor input signal, and an output end of the input circuit diagnostic unit is connected to the control unit; an input end of the control safety protection unit is connected to the output end of the input circuit diagnostic unit and an output end of the sensor signal input unit; and an output end of the control safety protection unit is connected to the execution unit.
  • a residual failure rate for a particular class of failure mode of a sensor input ⁇ f FU - x (l - DC )(l - DC.)
  • f FM i is the failure rate of the class of failure mode of the sensor input signal
  • DCi and DC j are the diagnostic coverage of the first-order safety mechanism applied to the class of failure mode of the sensor input signal and the diagnostic coverage of the second-order safety mechanism applied to the class of consequence of all failure modes respectively; the ranges of DCi and DC j are 60% - 99%.
  • the present invention has designed first-order and second-order safety control mechanisms through analysis of failure modes of a sensor input signal and the effect thereof on system functions, thereby increasing the safety of a control system; moreover, this method can reduce a residual failure rate of the system in a targeted manner.
  • a single point failure of a sensor input signal is converted to a residual failure; the residual failure rate can be reduced to less than 20% of a value before optimization, and in an ideal situation, can be reduced to one ten-thousandth of the value before op ⁇ timization.
  • the single point failure rate and residual failure rate can be reduced effectively, thereby effectively optimizing the safety parameters SPFM and PMHF, such that the control system attains a higher ASIL safety level.
  • the solution proposed in the present invention provides an effective method for realizing a system design with a high ASIL safety level.
  • the present invention has the following beneficial effects: the present invention first of all analyses and classifies failure modes and consequences thereof, then adopts targeted safety measures, without significantly increasing hardware costs, and without increasing design difficulty, but attains a higher safety parameter index, and increases the safety of the electronic control system.
  • the present invention adopts a second-order optimization solution, i.e. applies safety measures to failure modes of a sensor input signal and effects thereof respectively, to form a second-order optimization solution; in relation to a conventional first-order optimization solution, the optimization efficiency is better, and the result is more favorable.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Geometry (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Optimization (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Transportation (AREA)
  • Mechanical Engineering (AREA)
  • Regulating Braking Force (AREA)
  • Valves And Accessory Devices For Braking Systems (AREA)

Abstract

Disclosed in the present invention is a method for optimizing a safety parameter of a vehicle electronic control system. The vehicle electronic control system comprises a sensor signal input unit, a control unit and an execution unit connected in sequence. The method comprises: acquiring all failure modes of a sensor input signal; analysing whether each type of failure mode violates a safety goal;if the type of failure mode will cause violation of a safety goal, then retaining the failure mode in a sensor input signal failure mode sequence, and recording a result of the type of failure mode; rearranging all retained failure modes; classifying all retained failure modes according to a failure mode feature, and applying a first-order safety mechanism to each class of failure mode; classifying consequences of all retained failure modes, and applying a second-order safety mechanism to each class of consequence; and recalculating a safety parameter, to obtain an optimized vehicle electronic control system safety parameter.

Description

Description
Method for optimizing safety parameter of vehicle electronic control system
Technical field
The present invention relates to the technical field of motor vehicle safety, in particular to a method for optimizing a safety parameter of a vehicle electronic control system.
Background art
As the standard of public road infrastructure rises and the use of motorized vehicles becomes more widespread, transport is becoming busier by the day, traffic accidents are increasing day by day, and the resultant casualties and loss of property are attracting ever more attention in society, so vehicle safety has become a prominent world problem.
Vehicle safety means the performance of a vehicle in terms of avoiding accidents during travel, and ensuring the safety of pedestrians, the driver and the vehicle passengers. An electronic braking system is a control unit for increasing vehicle safety, which enables the vehicle to operate stably without deviating from a set route of travel, not only during braking and ac¬ celeration when traveling in a straight line, but also when turning left or right, in different road surface conditions (e.g. icy surface, wet and slippery road surface) , and increases the vehicle's ability to avoid accidents, being able to ensure vehicle safety even in emergencies. Typical electronic braking systems include Anti-lock Braking Systems (ABS) and Electronic Stability Control (ESC) systems. In an ABS system, wheel speed sensors fitted to the wheels collect rotation speed signals from the four wheels, and send these signals to an electronic control unit to calculate the rotation speed of each wheel; the deceleration of the vehicle and the slip rate of the wheels are then calculated. The electronic control unit of the ABS system adjusts braking pressure during braking by means of a hydraulic control unit according to calculated parameters, achieving the objective of preventing wheel locking. The principal function of an ESC system is to monitor vehicle operating conditions such as vehicle wheel speed, deflection angular velocity and yaw rate, and at the same time determine a driver' s driving intention according to steering wheel rotation angle and cornering angle, to control the braking system and the motive power system appropriately, and thereby ensure that the vehicle exhibits the behavior desired by the driver and maintains a certain degree of stability and comfort.
In the case of a vehicle which does not have ABS and ESC systems installed, when the driver steps on the brake pedal, a wheel will lock if the braking force exceeds the frictional force between the wheel and the ground. If a front wheel locks, the driver will be unable to control the direction of travel of the vehicle; if a rear wheel locks, side slipping and tail swinging readily occur. When the vehicle deviates from the driver's intentions, it is not possible to intervene to bring the wheels back to the path desired by the driver. All of the situations above reflect the important role played by an electronic braking system in improving vehicle safety, but any failure of safety-related software or hardware in an electronic braking system might cause serious consequences for people, equipment and the environment, and vehicle recalls triggered thereby will cause huge economic losses for enter¬ prises; hence, the assessment of the safety attributes of the electronic braking system itself is of particular importance. The "Road vehicles - Functional safety" standard IS026262 grades the safety of vehicle control systems according to degree of risk and harm, and is divided into four safety integrity levels from ASIL A to ASIL D, wherein ASIL D is the highest level, with the highest safety requirements. There are different safety parameter requirements for different safety integrity levels, e.g. the SPFM (single point fault metric) which measures the design rationality of hardware architecture, and the PMHF (random hardware failure target value) which measures the overall level of random hardware failures, are two important safety parameter indices .
Table 1 : Two important safety parameter indices in the "Road vehicles - Functional safety" standard IS026262
Figure imgf000004_0001
In order to enable a vehicle's electronic control system to attain a higher safety integrity level, and meet higher safety parameter requirements, existing design methods generally use one sensor input signal processing unit/controller unit of a high safety integrity level; or use two sensor input signal processing units/controller units of a lower safety integrity level.
However, the abovementioned solution has the following shortcomings :
If one sensor input signal processing unit/controller unit of a high safety integrity level is used, research and development costs are high because of the high level of design difficulty. If two sensor input signal processing units/controller units of a lower safety integrity level are used, the starting material cost is twice as much as that of a system using one set of sensor input signal processing unit/controller unit; moreover, such a solution cannot ensure that better safety parameters will be achieved .
Content of the invention
According to one aspect of the present invention, a method for optimizing a safety parameter of a vehicle electronic control system is provided, the vehicle electronic control system comprising a sensor signal input unit, a control unit and an execution unit connected in sequence. The method comprises: acquiring all failure modes of a sensor input signal; analysing whether each type of failure mode violates a safety goal ; if the type of failure mode will cause violation of a safety goal, then retaining the failure mode in a sensor input signal failure mode sequence, and recording a result of the type of failure mode; if the type of failure mode will not cause violation of a safety goal, then rejecting the failure mode from a sensor input signal failure mode sequence; rearranging all retained failure modes;
classifying all retained failure modes according to a failure mode feature, and applying a first-order safety mechanism to each class of failure mode; classifying consequences of all retained failure modes, and applying a second-order safety mechanism to each class of consequence; and
recalculating a safety parameter, to obtain an optimized vehicle electronic control system safety parameter.
In an optional embodiment, the vehicle electronic control system is an electronic braking system, and the control unit is a function application control module of an anti-lock braking system and/or electronic stability control system of the electronic braking system.
In an optional embodiment, the electronic braking system is an electronic stability control system, and the sensor signal is one or more of signals from a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor .
In an optional embodiment, in the step of classifying all retained failure modes according to a failure mode feature, all retained failure modes are divided into one or more of the following classes: electrical failure, a signal or a signal gradient exceeding a range, and signal distortion.
In an optional embodiment, there are corresponding safety mechanisms for categories of the failure modes; a first safety mechanism is used for a failure mode in the electrical failure class, whereby electricity and signal state are monitored; a second safety mechanism is used for a failure mode in which a signal or a signal gradient exceeds a range, whereby sin¬ gle-channel signal authenticity monitoring is used, with signal range, variation gradient and deviation being monitored; a third safety mechanism is used for a failure mode in the signal distortion class, whereby multi-channel signal authenticity or correctness monitoring is used.
In an optional embodiment, in the vehicle electronic control system after the application of the first-order safety mechanism, a residual failure rate for a particular class of failure mode of the sensor input signal is
Figure imgf000006_0001
x(l-DC) , wherein f FMi 1 S a failure rate of the type of failure mode of the sensor input signal, and DCi is a diagnostic coverage of the first-order safety mechanism applied to the type of failure mode of the sensor input signal; the range of DCi is 60% - 99%. In an optional embodiment, in the step of classifying consequences of all retained failure modes, first of all an application condition of the sensor input signal is analysed, wherein the analysis logic is what function is the signal applied to, and what kind of effect will a particular class of failure mode of the signal have on the function; a corresponding safety mechanism is applied on the basis of an analysis result, forming the second-order safety mechanism.
In an optional embodiment, in the step of classifying consequences of all retained failure modes, starting from a vehicle electronic control system function itself, the function is analysed, and the second-order safety mechanism is designed according to characteristics of a sensor output signal and the function . In an optional embodiment, in the step of recalculating a safety parameter, in the vehicle electronic control system after the application of the second-order safety mechanism, a residual failure rate for a particular class of failure mode of the sensor
KF- = L x (l -£>C) x (l -£>C.)
input signal is ' 1 , wherein fFMi is a failure rate of the class of failure mode of the sensor input signal, and DCi and DCj are diagnostic coverages of the first-order and second-order safety mechanisms applied to the class of failure mode of the sensor input signal respectively; the ranges of DCi and DCj are 60% - 99%. In an optional embodiment, the vehicle electronic control system further comprises a first-order safety mechanism applied to each class of failure mode of the sensor input signal, and a second-order safety mechanism applied to each class of consequence of all failure modes, wherein the first-order safety mechanism is an input circuit diagnostic unit, and the sec¬ ond-order safety mechanism is a control safety protection unit; an input end of the input circuit diagnostic unit receives the sensor input signal, and an output end of the input circuit diagnostic unit is connected to the control unit; an input end of the control safety protection unit is connected to the output end of the input circuit diagnostic unit and an output end of the sensor signal input unit; and an output end of the control safety protection unit is connected to the execution unit.
In an optional technical solution of the present invention, a higher safety parameter index is attained, and the safety of the electronic control system is increased, by first of all analysing and classifying failure modes, then adopting targeted safety measures, without significantly increasing hardware costs, and without increasing design difficulty. The present invention adopts a second-order optimization solution, i.e. applies safety measures to failure modes of a sensor input signal and effects thereof respectively, to form a second-order op¬ timization solution; in relation to a conventional first-order optimization solution, the optimization efficiency is better, and the result is more favorable.
Description of the accompanying drawings The accompanying drawings described here are intended to furnish further understanding of the present invention, and form part of the present invention. The schematic embodiments of the present invention and the explanations thereof are intended to explain the present invention, without constituting an inap- propriate limitation thereof. In the drawings:
Fig. 1 is a schematic diagram of some functional modules of a typical vehicle electronic control system; fig. 2 is a flow chart of a method for optimizing a safety parameter of a vehicle electronic control system according to a preferred embodiment of the present invention; and fig. 3 is a schematic diagram of some functional modules of an optimized vehicle electronic control system. 0
o
Particular embodiments
The present invention is explained in detail below with reference to the accompanying drawings in conjunction with embodiments. It must be explained that where no conflict arises, embodiments in the present invention may be combined, and features in embodiments may be combined.
Improving the design of a vehicle electronic control system, based on the shortcomings in the prior art, so as to optimize safety parameters of the vehicle electronic control system, is an important method of enabling an electronic braking system to attain a higher safety integrity level. The present invention provides a method for optimizing a safety parameter of a vehicle electronic control system, which can significantly improve a safety parameter of a vehicle electronic control system, without significantly increasing starting material costs and without increasing design difficulty.
The present invention significantly improves a safety pa¬ rameter of a vehicle electronic control system, without sig¬ nificantly increasing starting material costs and without increasing design difficulty, by the method of analysing failure results, and subjecting failure modes which would violate a safety goal to integrated classification, and then increasing effective diagnosis of the integrated failure modes.
According to the requirements in the IS026262 standard, on the basis of harm analysis and risk assessment, there will be one or more safety goals for an item defined in the motor vehicle electrical and electronic field. For each safety goal, a safety-related parameter of the item should meet the requirements in the IS026262 standard, wherein the random hardware failure target value (PMHF) and single point fault metric (SPFM) should meet the requirements in table 1. _
y
A vehicle electronic control system is a typical example of the abovementioned item. A method for optimizing a safety parameter of a vehicle electronic control system is expounded below with reference to the vehicle electronic control system shown in fig . 1.
As shown in fig. 1, a typical vehicle electronic control system comprises a sensor signal input unit, a control unit and an execution unit connected in sequence. The sensor signal input unit processes a sensor input signal from the vehicle electronic control system, to obtain an input parameter needed by the system. The sensor input signal is one of, or a combination of more than one of, signals from a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor. The control unit may be a function application control module of an electronic braking system ABS and/or ESC function.
In the following text, referring to fig.2, the method of the present invention for optimizing a safety parameter of a vehicle electronic control system is explained by taking as an example the case of a safety parameter optimization solution for failure of a sensor input signal. The method can optimize the vehicle electronic control system shown in fig. 1. The method comprises the following steps:
Step S101: acquiring all failure modes of a sensor input signal. The failure modes of the sensor input signal are denoted FMi...FMm .
Step S102: analysing an effect of each failure mode FMX, and determining whether the failure mode will violate a safety goal of an item.
Step S103: if the failure mode affects the safe execution of a function of the electronic control system, i.e. the failure mode will violate a safety goal of an item, retaining the failure mode in a failure mode sequence of the sensor input signal. Step S104: if the failure mode does not affect the safe execution of a function of the electronic control system, i.e. the failure mode will not violate a safety goal of an item, rejecting the failure mode from a failure mode sequence of the sensor input signal.
Step S105: rearranging all of the retained failure modes, recording them as a sequence FMi . . . FMn (n < m) , where the number of rejected failure modes is (m - n) , and recording corresponding failure rates as fFm...fFMnr wherein m and n are both integers.
Step S106: classifying the failure mode sequence retained in step S105, and applying a first-order safety mechanism to each class of failure mode. Specifically, to reduce the complexity and repetition rate of the safety mechanism, first of all the retained failure mode sequence is analysed, the retained failure modes are classified according to an analysis result, and a safety mechanism SMi is designed and applied to each class of failure mode. The diagnostic capability of the safety mechanism is limited, and is referred to as diagnostic coverage in IS026262; the diagnostic coverage of the safety mechanism SMi is recorded as DCi.
A first-order optimization design solution with a reduced dangerous failure rate for a sensor input signal is accomplished above. In an electronic braking system that has undergone first-order optimization, a residual failure rate for a par- ticular class of failure mode of a sensor input signal is
f^ x Q - DC,)
, wherein fFMi is the failure rate of the type of failure mode of the sensor input signal, and DCi is the diagnostic coverage of the first-order safety mechanism applied to the type of failure mode of the sensor input signal; the range of DCi is 60% - 99%.
There are generally three classes of sensor input signal failure mode: the first class is electrical failure, typically manifested as signal calibration being invalid, the signal itself being invalid, the signal lacking continuity, the signal not being initialized, or the signal exceeding a range; the second class is the signal or a signal gradient exceeding a range, typically manifested as the signal being too high, the signal being too low, the signal exceeding a range, signal deviation exceeding a range, or a signal variation gradient exceeding a range; the third class is signal distortion, typically manifested as a signal value error, or a signal tolerance error, etc. In step S106, the retained failure modes may comprise one or more of the three categories: electrical failure, the signal or a signal gradient exceeding a range, and signal distortion. The three signal failure types cover most sensor signal failure types, and are not limited to sensors used in a vehicle electronic control system such as a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor, but are also suitable for sensors used in the field of industrial control .
The safety mechanisms designed for the three classes of failure mode generally include three types. A first safety mechanism is used for the first class of failure mode, whereby electricity and signal state are monitored. A second safety mechanism is used for the second class of failure mode, whereby single-channel signal authenticity monitoring is used, with signal range, variation gradient and deviation etc. being monitored. A third safety mechanism is used for the third class of failure mode, whereby multi-channel signal authenticity or correctness monitoring is used; this safety mechanism is es¬ tablished on the basis that there is another independent signal input source, and the authenticity of the sensor input signal is determined by comparing independent signals which are not from the same source.
The three safety mechanism design solutions designed for sensor signal failures are not limited to sensors used in a vehicle electronic control system such as a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor, but are also suitable for sensors used in the field of industrial control.
S107: analysing and classifying effects of all the failure modes of the sensor input signal in step S105 on an item (i.e. the vehicle electronic control system) , and applying a sec¬ ond-order safety mechanism to each class of effect. In other words, the effects at system level of the failure modes of the sensor input signal are analysed and classified, a safety mechanism SMj is designed and applied to each class of effect, and the diagnostic coverage thereof is recorded as DC .
In step S107, first of all an application condition of the sensor input signal is analysed, wherein the analysis logic is what function is the signal applied to, and what kind of effect will a particular class of failure mode of the signal have on the function; a corresponding safety mechanism is applied on the basis of an analysis result, forming the second-order safety mechanism. In the embodiment shown in fig. 2, the second-order safety mechanism is a control safety protection unit. A typical example of the analysis is that a steering wheel rotation angle input signal exceeds a certain range or a variation gradient thereof exceeds a certain range, or signal deviation exceeds a permissible range, causing a loss of vehicle stability, and violating a safety goal; in this case, the step of turning off the ESC system is taken in the control safety protection unit, to ensure vehicle safety.
The analysis and design method is not limited to sensors used in a vehicle electronic control system such as a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor, but is also suitable for sensors used in the field of industrial control. A second-order safety control mechanism can be designed by this method according to the specific control system and safety goal.
In another embodiment, in step S107, starting from a vehicle electronic control system function itself, the function is analysed, and a control safety protection unit is designed according to characteristics of a sensor output signal and the function. Typical examples of the method are ABS and an ESC system, which themselves have many functions, but the output of the different functions thereof is principally the control of braking torque. If output braking torque is too large, this will cause a loss of vehicle stability, violating a safety goal; if output braking torque is too small, this will result in in¬ sufficient vehicle braking, violating a safety goal and the requirements of ECE R13 regulations. Based on such an analysis result, a safety mechanism is designed in the control safety protection unit to limit output braking torque; a typical design solution is that a maximum value does not exceed a braking intention of the driver, and a minimum value should be able to meet the requirements of ECE R13 regulations with regard to minimum braking force.
It can be understood that the analysis and design method is not limited to a vehicle electronic control system using sensors such as a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor, but is also suitable for optimization of safety-related parameters of Functional Safety of Electrical/Electronic/Programmable
Electronic Safety-related Systems IEC61508 in similar systems in the field of industrial control; a second-order safety control mechanism can be designed by this method according to the specific control system and safety goal.
A second-order optimization design solution with a reduced dangerous failure rate for a sensor input signal is accomplished above . S108: recalculating a safety parameter for the optimized system. In an electronic braking system that has undergone second-order optimization, a residual failure rate for a particular class of failure mode of a sensor input signal is
= f™ x (l - DC) x (l - £>C.)
Wl Jfm' ° >' , wherein fFMl is the failure rate of the class of failure mode of the sensor input signal, and DCi and DCj are the diagnostic coverages of the first-order and second-order safety mechanisms applied to the type of failure mode of the sensor input signal respectively; the ranges of DCi and DCj are 60% - 99%.
Some functional modules of a vehicle electronic control system optimized by the method shown in fig. 2 are as shown in fig. 3. The optimized vehicle electronic control system further comprises a first-order safety mechanism applied to each class of failure mode of a sensor input signal, the first-order safety mechanism in this embodiment being an input circuit diagnostic unit; and a second-order safety mechanism applied to each class of consequence of all failure modes, the second-order safety mechanism in this embodiment being a control safety protection unit. An input end of the input circuit diagnostic unit receives a sensor input signal, and an output end of the input circuit diagnostic unit is connected to the control unit; an input end of the control safety protection unit is connected to the output end of the input circuit diagnostic unit and an output end of the sensor signal input unit; and an output end of the control safety protection unit is connected to the execution unit.
In an optimized electronic braking system, a residual failure rate for a particular class of failure mode of a sensor input π = fFU- x (l - DC )(l - DC.)
signal is ' 1 , wherein fFMi is the failure rate of the class of failure mode of the sensor input signal, and DCi and DCj are the diagnostic coverage of the first-order safety mechanism applied to the class of failure mode of the sensor input signal and the diagnostic coverage of the second-order safety mechanism applied to the class of consequence of all failure modes respectively; the ranges of DCi and DCj are 60% - 99%.
SPFM = \-^-HW
SR,HW wherein SPF is single point failure rate, and X^ is residual failure rate.
PMHF= J (λ8ΡΡΚΡ+1MPFL)
SR'HW wherein SPF is single point failure rate, and X^ is residual failure rate.
On the basis of the above text with reference to the demonstrative embodiments shown in figs. 1 and 3, and the method steps of the demonstrative embodiment shown in fig. 2, the present invention has designed first-order and second-order safety control mechanisms through analysis of failure modes of a sensor input signal and the effect thereof on system functions, thereby increasing the safety of a control system; moreover, this method can reduce a residual failure rate of the system in a targeted manner. In an optimized electronic braking system, a single point failure of a sensor input signal is converted to a residual failure; the residual failure rate can be reduced to less than 20% of a value before optimization, and in an ideal situation, can be reduced to one ten-thousandth of the value before op¬ timization. The single point failure rate and residual failure rate can be reduced effectively, thereby effectively optimizing the safety parameters SPFM and PMHF, such that the control system attains a higher ASIL safety level. Thus, the solution proposed in the present invention provides an effective method for realizing a system design with a high ASIL safety level.
In relation to the prior art, the present invention has the following beneficial effects: the present invention first of all analyses and classifies failure modes and consequences thereof, then adopts targeted safety measures, without significantly increasing hardware costs, and without increasing design difficulty, but attains a higher safety parameter index, and increases the safety of the electronic control system. The present invention adopts a second-order optimization solution, i.e. applies safety measures to failure modes of a sensor input signal and effects thereof respectively, to form a second-order optimization solution; in relation to a conventional first-order optimization solution, the optimization efficiency is better, and the result is more favorable.
The embodiments above are merely preferred embodiments of the present invention, which are not intended to limit it. Various changes and alterations could be made to the present invention by a person skilled in the art. Any amendments, equivalent substitutions or improvements etc. made within the spirit and principles of the present invention should be included in the scope of protection thereof.

Claims

Patent claims
1. A method for optimizing a safety parameter of a vehicle electronic control system, the vehicle electronic control system comprising a sensor signal input unit, a control unit and an execution unit connected in sequence, characterized in that the method comprises: acquiring all failure modes of a sensor input signal; analysing whether each type of failure mode violates a safety goal; if the type of failure mode will cause violation of a safety goal, then retaining the failure mode in a sensor input signal failure mode sequence, and recording a result of the type of failure mode; if the type of failure mode will not cause violation of a safety goal, then rejecting the failure mode from a sensor input signal failure mode sequence; rearranging all retained failure modes; classifying all retained failure modes according to a failure mode feature, and applying a first-order safety mechanism to each class of failure mode; classifying consequences of all retained failure modes, and applying a second-order safety mechanism to each class of consequence; and
recalculating a safety parameter, to obtain an optimized vehicle electronic control system safety parameter.
2. The method as claimed in claim 1, wherein the vehicle electronic control system is an electronic braking system, and the control unit is a function application control module of an anti-lock braking system and/or electronic stability control system of the electronic braking system.
3. The method as claimed in claim 2, wherein the electronic braking system is an electronic stability control system, and the sensor signal is one or more of signals from a wheel speed sensor, a steering wheel rotation angle sensor, a vacuum sensor and a brake pedal travel sensor.
4. The method as claimed in claim 1, wherein in the step of classifying all retained failure modes according to a failure mode feature, all retained failure modes are divided into one or more of the following classes: electrical failure, a signal or a signal gradient exceeding a range, and signal distortion.
5. The method as claimed in claim 4, wherein there are cor¬ responding safety mechanisms for categories of the failure modes; a first safety mechanism is used for a failure mode in the electrical failure class, whereby electricity and signal state are monitored; a second safety mechanism is used for a failure mode in which a signal or a signal gradient exceeds a range, whereby single-channel signal authenticity monitoring is used, with signal range, variation gradient and deviation being monitored; a third safety mechanism is used for a failure mode in the signal distortion class, whereby multi-channel signal authenticity or correctness monitoring is used.
6. The method as claimed in claim 1 or 5, wherein in the vehicle electronic control system after the application of the first-order safety mechanism, a residual failure rate for a particular class of failure mode of the sensor input signal is
Kv = fvu x(l-DC) , wherein fFMi is a failure rate of the type of failure mode of the sensor input signal, and DCi is a diagnostic coverage of the first-order safety mechanism applied to the type of failure mode of the sensor input signal; the range of values of DCi is 60% - 99%.
7. The method as claimed in claim 1, wherein in the step of classifying consequences of all retained failure modes, first of all an application condition of the sensor input signal is analysed, wherein the analysis logic is what function is the signal applied to, and what kind of effect will a particular class of failure mode of the signal have on the function; a corre¬ sponding safety mechanism is applied on the basis of an analysis result, forming the second-order safety mechanism.
8. The method as claimed in claim 1, wherein in the step of classifying consequences of all retained failure modes, starting from a vehicle electronic control system function itself, the function is analysed, and the second-order safety mechanism is designed according to characteristics of a sensor output signal and the function.
9. The method as claimed in claim 1, 7 or 8, wherein in the step of recalculating a safety parameter, in the vehicle electronic control system after the application of the second-order safety mechanism, a residual failure rate for a particular class of failure mode of the sensor input signal is
KF- = L x (l -£>C) x (l -£>C.)
Jm> l) , wherein fFMl is a failure rate of the class of failure mode of the sensor input signal, and DCi and DCj are diagnostic coverages of the first-order and second-order safety mechanisms applied to the class of failure mode of the sensor input signal respectively; the ranges of DCi and DCj are 60% - 99%.
10. The method as claimed in any one of claims 1 - 5 and 7 - 8, wherein the vehicle electronic control system further comprises a first-order safety mechanism applied to each class of failure mode of the sensor input signal, and a second-order safety mechanism applied to each class of consequence of all failure modes, wherein the first-order safety mechanism is an input circuit diagnostic unit, and the second-order safety mechanism is a control safety protection unit; an input end of the input circuit diagnostic unit receives the sensor input signal, and an output end of the input circuit diagnostic unit is connected to the control unit; an input end of the control safety protection unit is connected to the output end of the input circuit di¬ agnostic unit and an output end of the sensor signal input unit; and an output end of the control safety protection unit is connected to the execution unit.
PCT/EP2018/050299 2017-01-10 2018-01-05 Method for optimizing safety parameter of vehicle electronic control system WO2018130474A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710017443.5A CN108287931B (en) 2017-01-10 2017-01-10 Method for optimizing safety parameters of vehicle electronic control system
CN201710017443.5 2017-01-10

Publications (1)

Publication Number Publication Date
WO2018130474A1 true WO2018130474A1 (en) 2018-07-19

Family

ID=60997463

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/050299 WO2018130474A1 (en) 2017-01-10 2018-01-05 Method for optimizing safety parameter of vehicle electronic control system

Country Status (2)

Country Link
CN (1) CN108287931B (en)
WO (1) WO2018130474A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113232640A (en) * 2021-05-31 2021-08-10 重庆长安汽车股份有限公司 Vacuum failure auxiliary brake control system of electric automobile
CN113295919A (en) * 2021-05-11 2021-08-24 联合汽车电子有限公司 Signal detection circuit, DC/DC converter, detection method, and storage medium
WO2023064200A1 (en) * 2021-10-11 2023-04-20 Argo AI, LLC Methods and systems for determining diagnostic coverage of sensors to prevent goal violations of autonomous vehicles

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120330501A1 (en) * 2011-06-24 2012-12-27 GM Global Technology Operations LLC Vehicle hardware integrity analysis systems and methods
US20130018692A1 (en) * 2011-07-13 2013-01-17 Siemens Aktiengesellschaft Apparatus, method, and computer program product for scenario-based identification of complete safety-based requirements specification
US20130346783A1 (en) * 2010-09-28 2013-12-26 Samsung Sdi Co Ltd Method and Arrangement for Monitoring at least one Battery, Battery having such an Arrangement, and Motor Vehicle having a Corresponding Battery
WO2014188764A1 (en) * 2013-05-23 2014-11-27 日立オートモティブシステムズ株式会社 Functional safety control device
US20150175170A1 (en) * 2013-12-20 2015-06-25 Denso Corporation Electronic control unit
US20150268263A1 (en) * 2014-03-19 2015-09-24 Infineon Technologies Ag Speed sensor device, speed sensor method, electronic control unit and control method
US20160103173A1 (en) * 2014-10-14 2016-04-14 Infineon Technologies Ag Apparatus and a method for providing an output parameter and a sensor device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103745113B (en) * 2014-01-16 2017-03-29 大陆泰密克汽车系统(上海)有限公司 Method for determining the remaining crash rate of signal chains

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130346783A1 (en) * 2010-09-28 2013-12-26 Samsung Sdi Co Ltd Method and Arrangement for Monitoring at least one Battery, Battery having such an Arrangement, and Motor Vehicle having a Corresponding Battery
US20120330501A1 (en) * 2011-06-24 2012-12-27 GM Global Technology Operations LLC Vehicle hardware integrity analysis systems and methods
US20130018692A1 (en) * 2011-07-13 2013-01-17 Siemens Aktiengesellschaft Apparatus, method, and computer program product for scenario-based identification of complete safety-based requirements specification
WO2014188764A1 (en) * 2013-05-23 2014-11-27 日立オートモティブシステムズ株式会社 Functional safety control device
US20150175170A1 (en) * 2013-12-20 2015-06-25 Denso Corporation Electronic control unit
US20150268263A1 (en) * 2014-03-19 2015-09-24 Infineon Technologies Ag Speed sensor device, speed sensor method, electronic control unit and control method
US20160103173A1 (en) * 2014-10-14 2016-04-14 Infineon Technologies Ag Apparatus and a method for providing an output parameter and a sensor device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113295919A (en) * 2021-05-11 2021-08-24 联合汽车电子有限公司 Signal detection circuit, DC/DC converter, detection method, and storage medium
CN113295919B (en) * 2021-05-11 2024-04-16 联合汽车电子有限公司 Signal detection circuit, DC/DC converter, detection method, and storage medium
CN113232640A (en) * 2021-05-31 2021-08-10 重庆长安汽车股份有限公司 Vacuum failure auxiliary brake control system of electric automobile
CN113232640B (en) * 2021-05-31 2022-12-09 重庆长安汽车股份有限公司 Vacuum failure auxiliary brake control system of electric automobile
WO2023064200A1 (en) * 2021-10-11 2023-04-20 Argo AI, LLC Methods and systems for determining diagnostic coverage of sensors to prevent goal violations of autonomous vehicles

Also Published As

Publication number Publication date
CN108287931A (en) 2018-07-17
CN108287931B (en) 2021-11-05

Similar Documents

Publication Publication Date Title
US10239526B2 (en) Adaptive cruise control system
CN106553628B (en) Brake control method, system and the vehicle of vehicle
WO2018130474A1 (en) Method for optimizing safety parameter of vehicle electronic control system
US9956959B2 (en) Method for controlling a delay device of a vehicle
CN107600070A (en) A kind of control method of automatic emergency brake system, device, controller and automobile
US20160236678A1 (en) Method for controlling at least one safety function for a motor vehicle
CN109849933B (en) Method and device for determining driver demand torque, vehicle and readable storage medium
CN103738198A (en) Vehicle electrical motor control system with safety monitoring function and monitoring method of vehicle electrical motor control system
CN102756669B (en) Multiplex control system, transport device with multiplex control system and control method
JPWO2018181807A1 (en) Vehicle brake system
CN106828113A (en) A kind of vehicle brake control method and system based on accelerator pedal
Dhivya et al. Intelligent car braking system with collision avoidance and ABS
KR101229457B1 (en) Transmission control unit for prohibiting unreasonable acceleration and deceleration of a vehicle and method thereof
CN113844437A (en) Distributed driving vehicle tire burst control method based on vehicle-to-vehicle communication
Shaout et al. Real-time systems in automotive applications: Vehicle stability control
CN113696863A (en) System and method for improving braking delay of intelligent driving vehicle
CN111746560A (en) Automobile control method based on automatic control technology
CN110667580A (en) Overspeed and speed limiting prevention control device and method for automobile
US9393940B2 (en) Method and system for controlling anti-lock brake system operation of vehicle
CN108099879B (en) Oil-gas composite ABS anti-lock brake system
CN105857289A (en) Safe driving control method and system based on air pressure information
Verghese et al. Fuzzy logic based integrated control of anti-lock brake system and collision avoidance system using can for electric vehicles
US9421870B2 (en) Regenerative braking setpoint matching
Mutoh et al. A control method to suitably distribute electric braking force between front and rear wheels in electric vehicle systems with independently driven front and rear wheels
KR20190032756A (en) In-wheel system with autonomous emergency braking utility and control method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18700541

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18700541

Country of ref document: EP

Kind code of ref document: A1