CN115892060A - Automatic driving fault handling method and automatic driving system - Google Patents
Automatic driving fault handling method and automatic driving system Download PDFInfo
- Publication number
- CN115892060A CN115892060A CN202211176948.3A CN202211176948A CN115892060A CN 115892060 A CN115892060 A CN 115892060A CN 202211176948 A CN202211176948 A CN 202211176948A CN 115892060 A CN115892060 A CN 115892060A
- Authority
- CN
- China
- Prior art keywords
- detection result
- fault
- vehicle control
- running state
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Hardware Redundancy (AREA)
Abstract
Description
技术领域technical field
本发明涉及自动驾驶技术领域,尤其涉及一种自动驾驶故障处理方法及自动驾驶系统。The invention relates to the technical field of automatic driving, in particular to an automatic driving fault processing method and an automatic driving system.
背景技术Background technique
随着自动驾驶技术的发展,安全作为一个不可忽视的问题受到了更多的关注。针对L3及其以上级别的自动驾驶汽车,通常都会对内部包含微处理器(MPU)和微控制器(MCU)的自动驾驶域控制器(ADCU)以及控制车身、底盘转向、底盘制动等整车执行控制器ASC有冗余要求,以确保达到更高的功能安全等级,比如达到最高程度的汽车危险(ASIL D)。在ADCU内部正常运行时,MPU模块算力强,主要负责视觉、定位、规划、传感器融合和车辆控制等算法模块的运行,MCU具备实时性和较高的安全性,主要负责ASC的控制及MPU失效时的规划和车辆控制。With the development of autonomous driving technology, safety, as an issue that cannot be ignored, has received more attention. For L3 and above-level self-driving cars, the automatic driving domain controller (ADCU) which contains a microprocessor (MPU) and a microcontroller (MCU) inside and control the body, chassis steering, chassis braking, etc. The vehicle actuator controller ASC has redundancy requirements to ensure higher functional safety levels, such as the highest level of automotive hazards (ASIL D). When the ADCU is running normally, the MPU module has strong computing power and is mainly responsible for the operation of algorithm modules such as vision, positioning, planning, sensor fusion and vehicle control. The MCU has real-time and high security and is mainly responsible for ASC control and MPU. Failure planning and vehicle control.
随着备份系统的引入,系统复杂度提高,需要实现主系统和冗余系统的同步策略以及处理异常,比如当驾驶员激活自动驾驶后,在运行时MPU因为软硬件异常无法输出车辆控制命令或异常控制命令(例如过大的转向和刹车指令),此时MCU需要对故障进行检测并根据检测结果控制车辆减速和停车,同时通知驾驶员及时接管;再比如,一侧的MCU发生失效时,需要冗余侧立即接管车辆控制,否则在故障发生时,驾驶员无法立即意识并进行车辆接管,极易发生危险。With the introduction of the backup system, the complexity of the system increases, and it is necessary to implement the synchronization strategy of the main system and the redundant system and handle exceptions. For example, when the driver activates automatic driving, the MPU cannot output vehicle control commands or Abnormal control commands (such as excessive steering and braking commands), at this time the MCU needs to detect the fault and control the vehicle to decelerate and stop according to the detection results, and at the same time notify the driver to take over in time; for another example, when the MCU on one side fails, The redundant side needs to take over the vehicle control immediately, otherwise, when a fault occurs, the driver cannot immediately realize and take over the vehicle, which is extremely dangerous.
发明内容Contents of the invention
本发明提供一种自动驾驶故障处理方法及自动驾驶系统,用以解决现有技术中自动驾驶域控制器内部软硬件失效时驾驶员无法及时接管车辆的缺陷,实现自动驾驶域控制器内软硬件发生失效时的安全减速和停车。The present invention provides an automatic driving fault processing method and an automatic driving system, which are used to solve the defect that the driver cannot take over the vehicle in time when the internal software and hardware of the automatic driving domain controller fail in the prior art, and realize the software and hardware in the automatic driving domain controller Safe deceleration and stopping in the event of a failure.
本发明提供一种自动驾驶故障处理方法,包括:接收微处理器发送的车辆控制指令和第一运行状态;根据所述车辆控制指令和所述第一运行状态,并结合第一预设故障检测机制,得到第一检测结果;根据所述第一检测结果,执行对应故障处理方法。The present invention provides a method for processing automatic driving faults, including: receiving vehicle control instructions and a first operating state sent by a microprocessor; according to the vehicle control instructions and the first operating state, combined with first preset fault detection mechanism to obtain a first detection result; and execute a corresponding fault handling method according to the first detection result.
根据本发明提供的一种自动驾驶故障处理方法,根据所述车辆控制指令和所述第一运行状态,并结合第一预设故障检测机制,得到第一检测结果,包括:对所述车辆控制指令进行有效性检测,得到第一有效性检测结果;对所述第一运行状态进行状态检测,得到第一运行状态检测结果;基于接收所述微处理器发送的车辆控制指令和第一运行状态,进行通信超时检测,得到第一通信超时检测结果;基于接收的车辆控制指令和第一运行状态,对所述微处理器进行端到端保护检测,得到第一端到端保护检测结果;根据所述第一有效性检测结果、所述第一运行状态检测结果、所述第一通信超时检测结果和所述第一端到端保护检测结果,得到第一检测结果。According to the automatic driving fault handling method provided by the present invention, according to the vehicle control instruction and the first running state, combined with the first preset fault detection mechanism, the first detection result is obtained, including: controlling the vehicle Instructing to perform validity detection to obtain a first validity detection result; to perform state detection on the first operating state to obtain a first operating state detection result; based on receiving the vehicle control instruction sent by the microprocessor and the first operating state , performing communication timeout detection to obtain a first communication timeout detection result; based on the received vehicle control command and the first running state, performing an end-to-end protection detection on the microprocessor to obtain a first end-to-end protection detection result; according to The first validity detection result, the first running state detection result, the first communication timeout detection result, and the first end-to-end protection detection result obtain a first detection result.
根据本发明提供的一种自动驾驶故障处理方法,根据所述第一检测结果,执行对应故障处理方法,包括:若所述第一检测结果为失效或故障,则屏蔽所述微处理器发送的车辆控制指令和第一运行状态,并进行感知和定位以生成第一车辆控制请求;将所述第一车辆控制请求发送至主整车执行控制器,以进行车道内减速和停车,并生成驾驶员接管提醒,以通知驾驶员进行车辆接管。According to an automatic driving fault processing method provided by the present invention, according to the first detection result, executing the corresponding fault processing method includes: if the first detection result is failure or fault, shielding the message sent by the microprocessor vehicle control command and the first operating state, and perform perception and positioning to generate the first vehicle control request; send the first vehicle control request to the main vehicle execution controller to perform lane deceleration and parking, and generate a driving Takeover reminder to notify the driver to take over the vehicle.
根据本发明提供的一种自动驾驶故障处理方法,在将所述第一车辆控制请求发送至主整车执行控制器之后,包括:接收主整车执行控制器基于所述第一车辆控制请求返回的第二运行状态;对所述第二运行状态进行状态检测,得到第二运行状态检测结果;若所述第二运行状态检测结果为运行故障,则切换为热备份模式,并请求所述主整车执行控制器退出工作模式并切换为热备份模式,以及将所述第二运行状态检测结果发送至冗余微控制器,以供所述冗余微控制器和与所述冗余微控制器通信的冗余整车执行控制器由所述热备份模式切换为所述工作模式。According to an automatic driving fault handling method provided by the present invention, after sending the first vehicle control request to the main vehicle execution controller, it includes: receiving a response from the main vehicle execution controller based on the first vehicle control request The second operating state of the second operating state; the state detection is carried out on the second operating state to obtain the second operating state detection result; if the second operating state detection result is an operating failure, switch to the hot backup mode and request the main The vehicle executive controller exits the working mode and switches to the hot backup mode, and sends the detection result of the second running state to the redundant microcontroller for the redundant microcontroller and the redundant microcontroller The redundant whole-vehicle executive controller communicating with the controller is switched from the hot backup mode to the working mode.
根据本发明提供的一种自动驾驶故障处理方法,所述第二运行状态为所述主整车执行控制器基于所述第一车辆控制请求和第二预设故障检测机制进行故障检测、并根据故障检测结果确定无故障后返回的所述主整车执行控制器的运行状态;According to a method for handling automatic driving faults provided by the present invention, the second operating state is that the main vehicle execution controller performs fault detection based on the first vehicle control request and the second preset fault detection mechanism, and according to The operating status of the main vehicle executive controller returned after the fault detection result confirms that there is no fault;
所述基于所述第一车辆控制请求和第二预设故障检测机制进行故障检测,包括:基于接收所述第一车辆控制请求,进行通信超时检测;根据所述第一车辆控制请求,进行端到端保护检测。The performing fault detection based on the first vehicle control request and the second preset fault detection mechanism includes: performing communication timeout detection based on receiving the first vehicle control request; performing terminal End-to-end protection detection.
根据本发明提供的一种自动驾驶故障处理方法,还包括:向冗余微控制器发送第二心跳信号,或向所述冗余微控制器发送所述第二心跳信号和显示为失效或故障的第二运行状态检测结果,以供所述冗余微控制器根据所述第二心跳信号和第三预设故障检测机制进行故障检测的结果确定是否从热备份模式切换至工作模式,以及是否进行感知和定位以生成第二车辆控制请求并将所述第二车辆控制请求发送至冗余整车执行控制器。According to the automatic driving failure processing method provided by the present invention, it also includes: sending a second heartbeat signal to the redundant microcontroller, or sending the second heartbeat signal to the redundant microcontroller and displaying it as failure or failure The second running state detection result, for the redundant microcontroller to determine whether to switch from the hot backup mode to the working mode according to the second heartbeat signal and the result of the fault detection by the third preset fault detection mechanism, and whether Sensing and positioning are performed to generate a second vehicle control request and send the second vehicle control request to a redundant vehicle executive controller.
根据本发明提供的一种自动驾驶故障处理方法,还包括:接收冗余微控制器发送的第一心跳信号,或接收冗余微控制器发送的第一心跳信号和显示为失效或故障的第三运行状态检测结果,所述第三运行状态检测结果为所述冗余微控制器根据冗余整车执行控制器发送的第三运行状态进行状态检测得到的;根据所述第一心跳信号,并结合第四预设故障检测机制,得到第二检测结果;基于所述第二检测结果为失效或故障,确定所述冗余微控制器失效;基于显示为失效或故障的第三运行状态检测结果,确定所述冗余整车执行控制器失效。According to the automatic driving failure processing method provided by the present invention, it also includes: receiving the first heartbeat signal sent by the redundant microcontroller, or receiving the first heartbeat signal sent by the redundant microcontroller and the first heartbeat signal displayed as failure or failure 3. Running state detection result, the third running state detection result is obtained by the redundant micro-controller performing state detection according to the third running state sent by the redundant vehicle executive controller; according to the first heartbeat signal, And combined with the fourth preset fault detection mechanism, a second detection result is obtained; based on the second detection result being failure or failure, it is determined that the redundant microcontroller is failure; based on the third operating state detection shown as failure or failure As a result, it is determined that the redundant vehicle executive controller fails.
本发明还提供一种自动驾驶故障处理装置,包括:数据接收模块,接收微处理器发送的车辆控制指令和第一运行状态;故障检测模块,根据所述车辆控制指令和所述第一运行状态,并结合第一预设故障检测机制,得到第一检测结果;故障处理模块,根据所述第一检测结果,执行对应故障处理方法。The present invention also provides an automatic driving fault processing device, including: a data receiving module, receiving the vehicle control command and the first running state sent by the microprocessor; a fault detection module, according to the vehicle control command and the first running state , combined with the first preset fault detection mechanism to obtain a first detection result; the fault processing module executes a corresponding fault processing method according to the first detection result.
本发明还提供一种自动驾驶系统,应用如上任一所述的自动驾驶故障处理方法,包括微处理器和主微控制器,其中:所述微处理器向所述主微控制器发送车辆控制指令和第一运行状态;所述主微控制器根据接收的车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果;所述主微控制器根据所述第一检测结果,执行对应故障处理方法。The present invention also provides an automatic driving system, applying the automatic driving fault processing method described above, including a microprocessor and a main microcontroller, wherein: the microprocessor sends vehicle control to the main microcontroller instruction and the first operating state; the main microcontroller obtains the first detection result according to the received vehicle control instruction and the first operating state, combined with the first preset fault detection mechanism; the main microcontroller obtains the first detection result according to the For the first detection result, execute the corresponding fault handling method.
本发明还提供一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如上述任一种所述自动驾驶故障处理方法的步骤。The present invention also provides an electronic device, including a memory, a processor, and a computer program stored on the memory and operable on the processor. When the processor executes the program, the automatic driving failure described in any of the above-mentioned ones can be realized. The steps of the processing method.
本发明还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如上述任一种所述自动驾驶故障处理方法的步骤。The present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of any one of the automatic driving fault handling methods described above are realized.
本发明还提供一种计算机程序产品,包括计算机程序,所述计算机程序被处理器执行时实现如上述任一种所述自动驾驶故障处理方法的步骤。The present invention also provides a computer program product, including a computer program. When the computer program is executed by a processor, the steps of any one of the automatic driving fault handling methods described above are realized.
本发明提供的自动驾驶故障处理方法及自动驾驶系统,通过接收的微处理器发送的车辆控制指令和第一运行状态,结合第一预设故障检测机制,对微处理器进行故障检测,以便于根据微处理器是否发生故障,确定对应故障处理方法以控制车辆安全停车,提高了自动驾驶的安全性和可靠性;另外,结合第一预设故障检测机制,对微处理器进行故障检测,可以在软硬件发生失效的情况下,确保车辆能够安全减速和停车,从而有效保证行车安全。The automatic driving fault processing method and the automatic driving system provided by the present invention, through receiving the vehicle control command and the first running state sent by the microprocessor, combined with the first preset fault detection mechanism, the fault detection is performed on the microprocessor, so as to facilitate According to whether the microprocessor fails, determine the corresponding fault handling method to control the safe parking of the vehicle, which improves the safety and reliability of automatic driving; in addition, combined with the first preset fault detection mechanism, the fault detection of the microprocessor can be In the event of hardware and software failure, ensure that the vehicle can safely decelerate and stop, thereby effectively ensuring driving safety.
附图说明Description of drawings
为了更清楚地说明本发明或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the present invention or the technical solutions in the prior art, the accompanying drawings that need to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the accompanying drawings in the following description are the present invention. For some embodiments of the invention, those skilled in the art can also obtain other drawings based on these drawings without creative effort.
图1是本发明提供的自动驾驶故障处理方法的流程示意图;Fig. 1 is a schematic flow chart of the automatic driving fault processing method provided by the present invention;
图2是本发明提供的自动驾驶故障处理装置的结构示意图;Fig. 2 is a structural schematic diagram of an automatic driving fault processing device provided by the present invention;
图3是本发明提供的自动驾驶系统的结构示意图;Fig. 3 is a schematic structural diagram of an automatic driving system provided by the present invention;
图4是本发明提供的电子设备的结构示意图。Fig. 4 is a schematic structural diagram of an electronic device provided by the present invention.
具体实施方式Detailed ways
为使本发明的目的、技术方案和优点更加清楚,下面将结合本发明中的附图,对本发明中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the present invention clearer, the technical solutions in the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the present invention. Obviously, the described embodiments are part of the embodiments of the present invention , but not all examples. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.
图1示出了本发明一种自动驾驶故障处理方法的流程示意图,该方法包括:Fig. 1 shows a schematic flow chart of an automatic driving fault handling method of the present invention, the method comprising:
S11,接收微处理器发送的车辆控制指令和第一运行状态。S11. Receive the vehicle control instruction and the first running state sent by the microprocessor.
S12,根据车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果。S12. Obtain a first detection result according to the vehicle control instruction and the first running state, combined with a first preset fault detection mechanism.
S13,根据第一检测结果,执行对应故障处理方法。S13. Execute a corresponding fault handling method according to the first detection result.
需要说明的是,本说明书中的S1N不代表自动驾驶故障处理方法的先后顺序,下面具体描述本发明的自动驾驶故障处理方法。It should be noted that the S1N in this specification does not represent the order of the automatic driving fault handling methods, and the automatic driving fault handling method of the present invention will be described in detail below.
步骤S11,接收微处理器发送的车辆控制指令和第一运行状态。Step S11, receiving the vehicle control command and the first running state sent by the microprocessor.
需要说明的是,本方法的执行主体为主微控制器(MCU-A),主微控制器(MCU-A)接收微处理器(MPU)发送的车辆控制指令和第一运行状态,第一运行状态是MPU自身的运行状态。It should be noted that the execution subject of this method is the main microcontroller (MCU-A), and the main microcontroller (MCU-A) receives the vehicle control instruction and the first running state sent by the microprocessor (MPU), and the first The running state is the running state of the MPU itself.
步骤S12,根据车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果。Step S12, according to the vehicle control command and the first running state, combined with the first preset fault detection mechanism, the first detection result is obtained.
在本实施例中,根据车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果,包括:对车辆控制指令进行有效性检测,得到第一有效性检测结果;对第一运行状态进行状态检测,得到第一运行状态检测结果;基于接收微处理器发送的车辆控制指令和第一运行状态,进行通信超时检测,得到第一通信超时检测结果;基于接收的车辆控制指令和第一运行状态,对微处理器进行端到端保护检测,得到第一端到端保护检测结果;根据第一有效性检测结果、第一运行状态检测结果、第一通信超时检测结果和第一端到端保护检测结果,得到第一检测结果。需要说明的是,通过MCU-A对MPU进行故障检测,以判断MPU是否故障,从而便于后续根据故障检测结果确定对应的故障处理方式。具体而言:In this embodiment, according to the vehicle control command and the first running state, combined with the first preset fault detection mechanism, the first detection result is obtained, including: performing a validity detection on the vehicle control command to obtain the first validity detection result ; Perform state detection on the first operating state to obtain the first operating state detection result; based on receiving the vehicle control command and the first operating state sent by the microprocessor, perform communication timeout detection to obtain the first communication timeout detection result; based on the received Carry out end-to-end protection detection on the microprocessor to obtain the first end-to-end protection detection result based on the vehicle control command and the first running state; according to the first validity detection result, the first running state detection result, and the first communication timeout detection The result and the first end-to-end protection detection result are used to obtain the first detection result. It should be noted that the MCU-A performs fault detection on the MPU to determine whether the MPU is faulty, so as to facilitate subsequent determination of a corresponding fault handling method according to the fault detection result. in particular:
对车辆控制指令进行有效性检测,包括:根据车辆控制指令,进行范围检查,若车辆控制指令不符合预设范围,则认为无效。比如,预设范围为最大减速度不大于4m/s2,则车辆控制指令中请求的最大减速度不能大于4m/s2,否则车辆控制指令为失效指令。The validity detection of the vehicle control command includes: checking the range according to the vehicle control command, and if the vehicle control command does not meet the preset range, it is considered invalid. For example, if the preset range is that the maximum deceleration is not greater than 4m/s 2 , then the maximum deceleration requested in the vehicle control command cannot be greater than 4m/s 2 , otherwise the vehicle control command is an invalid command.
对第一运行状态进行状态检测,包括:检测第一运行状态是否正常,从而判断微处理器是否正常运行。The state detection of the first operating state includes: detecting whether the first operating state is normal, thereby judging whether the microprocessor is operating normally.
基于接收微处理器发送的车辆控制指令和第一运行状态,进行通信超时检测,包括:基于预设通信周期,接收微处理器发送的车辆控制指令和第一运行状态;检测接收的车辆控制指令和第一运行状态的次数是否符合预设通信周期的周期数。Based on receiving the vehicle control command and the first running state sent by the microprocessor, performing communication overtime detection, including: receiving the vehicle control command and the first running state sent by the microprocessor based on a preset communication cycle; detecting the received vehicle control command and whether the number of times of the first running state matches the number of cycles of the preset communication cycle.
需要补充的是,预设通信周期可以根据实际通信需求设置,此处不作进一步地限定,比如为10毫秒作为一个周期,MPU向MCU-A发送一次车辆控制指令和第一运行状态;另外,预设阈值可以根据实际检测需求设置,比如预设阈值为5,则对应的每隔5个周期,检测接收相应数据的次数是否为5次。What needs to be added is that the preset communication cycle can be set according to actual communication requirements, and is not further limited here. For example, 10 milliseconds is used as a cycle, and the MPU sends a vehicle control command and the first running state to the MCU-A once; in addition, the preset The threshold can be set according to the actual detection requirements. For example, if the preset threshold is 5, then correspondingly every 5 cycles, it is detected whether the number of receiving corresponding data is 5 times.
此外,基于接收的车辆控制指令和第一运行状态,对微处理器进行端到端(End-to-End,简称E2E)保护检测,包括:基于接收的车辆控制指令和第一运行状态,利用E2E算法,进行E2E保护检测。需要说明的是,E2E算法可以是现有算法,比如保证数据一致性的CRC16算法、保证数据实时性的Rolling counter算法等,或者是基于特定需求设计用于E2E保护检测的算法。In addition, based on the received vehicle control command and the first running state, performing end-to-end (End-to-End, E2E) protection detection on the microprocessor, including: based on the received vehicle control command and the first running state, using E2E algorithm for E2E protection detection. It should be noted that the E2E algorithm can be an existing algorithm, such as the CRC16 algorithm to ensure data consistency, the Rolling counter algorithm to ensure real-time data, etc., or an algorithm designed for E2E protection detection based on specific requirements.
举例而言,当采用CRC16算法时,基于接收的车辆控制指令和第一运行状态,利用E2E算法,进行E2E保护检测,包括:接收车辆控制指令和第一运行状态,其中,车辆控制指令和第一运行状态中预先添加了CRC控制字段;评估车辆控制指令和第一运行状态中的CRC控制字段,并对CRC控制字段进行计算;判断计算结果是否符合预设接收内容。For example, when the CRC16 algorithm is used, based on the received vehicle control command and the first running state, the E2E algorithm is used to perform E2E protection detection, including: receiving the vehicle control command and the first running state, wherein the vehicle control command and the first running state A CRC control field is pre-added in the first running state; evaluating the vehicle control instruction and the CRC control field in the first running state, and calculating the CRC control field; judging whether the calculation result conforms to the preset receiving content.
当采用Rolling counter算法时,基于接收的车辆控制指令和第一运行状态,利用E2E算法,进行E2E保护检测,包括:接收车辆控制指令和第一运行状态,其中,车辆控制指令和第一运行状态中预先添加了Rolling counter字段;基于Rolling counter字段的增加量进行诊断。需要注意的是,在接收微处理器发送的车辆控制指令和第一运行状态之前,微处理器向待发送的车辆控制指令和第一运行状态添加Rolling counter字段,且按预设计数规则进行计数;另外,预设计数规则为每当执行一次后,计数器按预设数值增加,并在达到预设最大值后清零。预设设置可以根据实际设置需求设置,比如为1时,对应的计数器对应每次的计数值按照0->1->2->3->...->14->15->0->1->...类推。When the Rolling counter algorithm is used, based on the received vehicle control command and the first running state, the E2E algorithm is used to perform E2E protection detection, including: receiving the vehicle control command and the first running state, wherein the vehicle control command and the first running state The Rolling counter field is added in advance; diagnose based on the increase in the Rolling counter field. It should be noted that before receiving the vehicle control command and the first running state sent by the microprocessor, the microprocessor adds a Rolling counter field to the vehicle control command and the first running state to be sent, and counts according to the preset counting rule ; In addition, the default counting rule is that the counter increases by the preset value every time it is executed, and is cleared to zero after reaching the preset maximum value. The preset setting can be set according to the actual setting requirements. For example, when it is 1, the corresponding counter corresponds to each count value according to 0->1->2->3->...->14->15->0- >1->... and so on.
得到第一检测结果,包括:基于第一有效性检测结果、第一运行状态检测结果、第一通信超时检测结果和第一端到端保护检测结果中至少一个为失效或故障,则第一检测结果为失效或故障;基于第一有效性检测结果、第一运行状态检测结果、第一通信超时检测结果和第一端到端保护检测结果均为有效或正常,则第一检测结果为有效或正常。Obtaining the first detection result includes: based on at least one of the first validity detection result, the first running state detection result, the first communication timeout detection result and the first end-to-end protection detection result being failure or failure, then the first detection The result is failure or failure; based on the first validity detection result, the first running state detection result, the first communication timeout detection result and the first end-to-end protection detection result are all valid or normal, then the first detection result is valid or normal.
在一个可选实施例中,在MPU将车辆控制指令和第一运行状态发送至MCU-A时,还包括:将车辆控制指令和第一运行状态发送至冗余微控制器(MCU-B),以利用MCU-B根据接收的车辆控制指令和第一运行状态,对MPU进行故障检测,具体对MPU进行故障检测的方式可参照主微控制器根据车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果的方式,此处不作进一步地限定。In an optional embodiment, when the MPU sends the vehicle control instruction and the first operating state to the MCU-A, it also includes: sending the vehicle control instruction and the first operating state to the redundant microcontroller (MCU-B) , to use the MCU-B to detect the fault of the MPU according to the received vehicle control command and the first running state. The specific way to detect the fault of the MPU can refer to the main micro-controller according to the vehicle control command and the first running state, combined with The first default fault detection mechanism and the manner of obtaining the first detection result are not further limited here.
步骤S13,根据第一检测结果,执行对应故障处理方法。Step S13, according to the first detection result, execute a corresponding fault handling method.
在本实施例中,根据第一检测结果,执行对应故障处理方法,包括:若第一检测结果为失效或故障,则屏蔽微处理器发送的车辆控制指令和第一运行状态,并进行感知和定位以生成第一车辆控制请求;将第一车辆控制请求发送至主整车执行控制器(ASC-A),以进行车道内减速和停车,并生成驾驶员接管提醒,以通知驾驶员进行车辆接管。需要注意的是,此时MCU-A和ASC-A处于工作模式,热备份模式是系统处于正常运转状态下的备份模式。另外,进行感知和定位可以通过激活其内部的感知模块和定位模块实现。In this embodiment, according to the first detection result, the corresponding fault processing method is executed, including: if the first detection result is a failure or fault, shielding the vehicle control command and the first operating state sent by the microprocessor, and performing perception and Position to generate the first vehicle control request; send the first vehicle control request to the main vehicle executive controller (ASC-A) for in-lane deceleration and parking, and generate a driver takeover reminder to notify the driver to proceed with the vehicle take over. It should be noted that at this time, MCU-A and ASC-A are in the working mode, and the hot backup mode is the backup mode when the system is in normal operation. In addition, perception and positioning can be realized by activating its internal perception module and positioning module.
在一个可选实施例中,根据第一检测结果,执行对应故障处理方法,还包括:若第一检测结果为有效或正常,则表明MPU运行正常无故障,则还需对MCU-A、ASC-A、ASC-B和冗余整车执行控制器(ASC-B)的进行故障检测,以便于确定对应故障处理方式。In an optional embodiment, according to the first detection result, executing the corresponding fault handling method also includes: if the first detection result is valid or normal, it indicates that the MPU is running normally without failure, and then the MCU-A, ASC -A, ASC-B and redundant vehicle executive controller (ASC-B) perform fault detection, so as to determine the corresponding fault handling method.
具体地,利用主微控制器对主整车执行控制器进行故障检测,即在将第一车辆控制请求发送至主整车执行控制器之后,包括:接收主整车执行控制器基于第一车辆控制请求返回的第二运行状态;基于第二运行状态进行运行状态检测,并结合第二预设故障检测机制,得到第二检测结果;若第二检测结果为运行异常或故障,则切换为热备份模式,并请求主整车执行控制器退出工作模式并切换为热备份模式,以及将第二运行状态检测结果发送至冗余微控制器,以便于冗余微控制器和与冗余微控制器通信的冗余整车执行控制器由热备份模式切换为工作模式,从而对车辆进行减速,并生成驾驶员接管提醒,以通知驾驶员进行车辆接管。Specifically, using the main micro-controller to detect the failure of the main vehicle executive controller, that is, after sending the first vehicle control request to the main vehicle executive controller, including: receiving the main vehicle executive controller based on the first vehicle The second operating state returned by the control request; the operating state is detected based on the second operating state, and combined with the second preset fault detection mechanism, the second detection result is obtained; if the second detection result is abnormal operation or failure, switch to hot Backup mode, and request the main vehicle executive controller to exit the working mode and switch to the hot backup mode, and send the second running state detection result to the redundant microcontroller, so that the redundant microcontroller and the redundant microcontroller The redundant vehicle execution controller of the controller communication is switched from the hot backup mode to the working mode, thereby decelerating the vehicle, and generating a driver takeover reminder to notify the driver to take over the vehicle.
需要补充的是,若第二运行状态检测结果为运行正常,则微处理器、主微控制器和主挂车执行控制器均保持工作模式不变,冗余微控制器和冗余整车执行控制器均保持热备份模式不变。What needs to be added is that if the detection result of the second operating state is normal operation, the microprocessor, the main microcontroller and the main trailer executive controller all maintain the same working mode, and the redundant microcontroller and the redundant vehicle executive control All devices remain in hot backup mode.
另外,第二运行状态为主整车执行控制器基于第一车辆控制请求和第二预设故障检测机制进行故障检测、并根据故障检测结果确定无故障后返回的主整车执行控制器的运行状态。换言之,主整车执行控制器在接收第一车辆控制请求之后,基于第二预设故障检测机制,对主微控制器进行故障检测,并基于故障检测结果为无故障,将自身的运行状态(即第二运行状态)发送至主微控制器。In addition, in the second operating state, the main vehicle execution controller performs fault detection based on the first vehicle control request and the second preset fault detection mechanism, and returns to the operation of the main vehicle execution controller after determining that there is no fault according to the fault detection result state. In other words, after the main vehicle execution controller receives the first vehicle control request, based on the second preset fault detection mechanism, it detects the fault of the main micro-controller, and based on the result of the fault detection that there is no fault, it changes its own running state ( That is, the second operating state) is sent to the main microcontroller.
具体地,基于第一车辆控制请求,并结合第二预设故障检测机制进行故障检测,包括:基于接收第一车辆控制请求,进行通信超时检测,得到第二通信超时检测结果;根据第一车辆控制请求,进行端到端保护检测,得到第二端到端保护检测结果。需要说明的是,得到第二通信超时检测结果和得到第二端到端保护检测结果的过程可参照上述,得到第一通信超时检测结果和得到第一端到端保护检测结果,此处不作重复阐述。Specifically, performing fault detection based on the first vehicle control request in combination with a second preset fault detection mechanism includes: performing communication timeout detection based on receiving the first vehicle control request to obtain a second communication timeout detection result; according to the first vehicle Control the request, perform end-to-end protection detection, and obtain a second end-to-end protection detection result. It should be noted that the process of obtaining the second communication timeout detection result and obtaining the second end-to-end protection detection result can refer to the above, obtain the first communication timeout detection result and obtain the first end-to-end protection detection result, which will not be repeated here elaborate.
在一个可选实施例中,利用主微控制器对冗余微控制器进行故障检测,包括:接收冗余微控制器发送的第一心跳信号,或接收冗余微控制器发送的第一心跳信号和显示为失效或故障的第三运行状态检测结果,第三运行状态检测结果为冗余微控制器根据冗余整车执行控制器发送的第三运行状态进行状态检测得到的;根据第一心跳信号,并结合第四预设故障检测机制,得到第二检测结果;基于第二检测结果为失效或故障,确定冗余微控制器失效;基于显示为失效或故障的第三运行状态检测结果,确定冗余整车执行控制器失效。In an optional embodiment, using the main microcontroller to detect the fault of the redundant microcontroller includes: receiving the first heartbeat signal sent by the redundant microcontroller, or receiving the first heartbeat signal sent by the redundant microcontroller The signal and the third operating state detection result displayed as failure or failure, the third operating state detection result is obtained by the redundant microcontroller according to the third operating state sent by the redundant vehicle execution controller; according to the first The heartbeat signal, combined with the fourth preset failure detection mechanism, obtains a second detection result; based on the second detection result being failure or failure, it is determined that the redundant microcontroller fails; based on the third operating state detection result displayed as failure or failure , it is determined that the redundant vehicle executive controller fails.
应当注意的是,由于冗余微控制器处于热备份模式,并非处于工作模式,且无紧急的安全风险,因此可正常按照故障处理流程,对应的主微控制器和主整车执行控制器保持工作模式,冗余微控制器保持热备份模式,当主微控制器接收冗余微控制器发送的第一心跳信号时,冗余整车执行控制器也处于热备份模式;当主微控制器接收冗余微控制器发送的第一心跳信号和显示为失效或故障的第三运行状态检测结果时,对应冗余整车执行控制器失效。It should be noted that since the redundant microcontroller is in the hot backup mode, not in the working mode, and there is no urgent safety risk, the corresponding main microcontroller and the main vehicle executive controller can be maintained normally according to the fault handling process. In the working mode, the redundant microcontroller maintains the hot backup mode. When the main microcontroller receives the first heartbeat signal sent by the redundant microcontroller, the redundant vehicle execution controller is also in the hot backup mode; when the main microcontroller receives the redundant microcontroller When the first heartbeat signal sent by the microcontroller and the detection result of the third running state indicated failure or failure, the corresponding redundant vehicle executive controller fails.
在本实施例中,根据第一心跳信号,并结合第四预设故障检测机制,得到第二检测结果,包括:对第一心跳信号进行心跳信号检测,以判断目标时间段内心跳信号是否丢失;基于接收第一心跳信号,进行通信超时检测。需要说明的是,对第一心跳信号进行心跳信号检测,包括:基于预设周期,接收冗余微控制器发送的第一心跳信号;判断接收的心跳信号次数是否符合预设周期数量,从而判断目标时间段内是否出现心跳信号丢失的情况。In this embodiment, according to the first heartbeat signal, combined with the fourth preset fault detection mechanism, the second detection result is obtained, including: performing heartbeat signal detection on the first heartbeat signal to determine whether the heartbeat signal is lost within the target time period ; Perform communication timeout detection based on receiving the first heartbeat signal. It should be noted that the detection of the first heartbeat signal includes: receiving the first heartbeat signal sent by the redundant microcontroller based on the preset cycle; Whether the heartbeat signal is lost within the target time period.
需要说明的是,基于接收第一心跳信号,进行通信超时检测可参照上文基于接收微处理器发送的车辆控制指令和第一运行状态,进行通信超时检测,此处不作重复阐述。另外,第三运行状态为冗余整车执行控制器根据冗余微控制器发送的第二车辆控制请求返回的自身运行状态,具体可参见下文,此处不作重复阐述。It should be noted that the communication timeout detection based on receiving the first heartbeat signal can refer to the communication timeout detection based on receiving the vehicle control command and the first running state sent by the microprocessor above, which will not be repeated here. In addition, the third operating state is the own operating state returned by the redundant vehicle execution controller according to the second vehicle control request sent by the redundant microcontroller. For details, please refer to the following, which will not be repeated here.
在一个可选实施例中,利用冗余微控制器对主微控制器进行故障检测,包括:向冗余微控制器发送第二心跳信号,或向冗余微控制器发送第二心跳信号和显示为失效或故障的第二运行状态检测结果,以供冗余微控制器根据第二心跳信号和第三预设故障检测机制进行故障检测的结果确定是否从热备份模式切换至工作模式,以及是否进行感知和定位以生成第二车辆控制请求并将第二车辆控制请求发送至冗余整车执行控制器。In an optional embodiment, using the redundant microcontroller to detect the failure of the main microcontroller includes: sending a second heartbeat signal to the redundant microcontroller, or sending a second heartbeat signal and A second operating state detection result displayed as a failure or fault, for the redundant microcontroller to determine whether to switch from the hot backup mode to the working mode according to the second heartbeat signal and the result of the fault detection by the third preset fault detection mechanism, and Whether to perform sensing and positioning to generate a second vehicle control request and send the second vehicle control request to the redundant vehicle execution controller.
具体而言,主微控制器向冗余微控制器发送第二心跳信号,或向冗余微控制器发送第二心跳信号和显示为失效或故障的第二运行状态检测结果;冗余微控制器接收第二心跳信号,或接收第二心跳信号和显示为失效或故障的第二运行状态检测结果。Specifically, the main microcontroller sends a second heartbeat signal to the redundant microcontroller, or sends a second heartbeat signal and a second operating status detection result indicating failure or failure to the redundant microcontroller; the redundant microcontroller The device receives a second heartbeat signal, or receives a second heartbeat signal and a second operating state detection result indicating failure or failure.
在一种可能的实现方式中,冗余微控制器接收第二心跳信号,此时,主整车执行控制器处于无故障状态,则根据第二心跳信号并结合第三预设故障检测机制,得到第三检测结果;基于第三检测结果为失效或故障,确定主微控制器失效,主微控制器失效也意味着主微控制器无法正常运行并输出对主整车执行控制器控制,因此需要将主整车执行控制器由工作模式调整为热备份模式。In a possible implementation, the redundant microcontroller receives the second heartbeat signal. At this time, the main vehicle executive controller is in a fault-free state, then according to the second heartbeat signal and combined with the third preset fault detection mechanism, The third detection result is obtained; based on the third detection result being failure or failure, it is determined that the main microcontroller is invalid, and the failure of the main microcontroller also means that the main microcontroller cannot operate normally and outputs the controller to execute the control of the main vehicle. Therefore It is necessary to adjust the main vehicle executive controller from working mode to hot backup mode.
另外,冗余微控制器从热备份模式切换至工作模式,以及进行感知和定位以生成第二车辆控制请求并将第二车辆控制请求发送至冗余整车执行控制器,以利用冗余微控制器对冗余整车执行控制器进行故障检测;主微控制器通过硬线连接控制向微处理器供电,则在主微控制器失效的情况下,此时为共因失效,即主微控制器失效导致微处理器也同时失效。需要说明的是,利用冗余微控制器对冗余整车执行控制器进行故障检测可参照上文所述利用MCU-A对ASC-A进行故障检测,此处不作进一步描述。In addition, the redundant microcontroller switches from the hot backup mode to the working mode, senses and locates to generate a second vehicle control request and sends the second vehicle control request to the redundant vehicle executive controller, so as to utilize the redundant microcontroller The controller detects the failure of the redundant vehicle executive controller; the main microcontroller controls the power supply to the microprocessor through a hard-wired connection. If the main microcontroller fails, it is a common cause failure, that is, the main microcontroller Failure of the controller causes the microprocessor to fail at the same time. It should be noted that the fault detection of the redundant vehicle executive controller by using the redundant microcontroller can refer to the fault detection of the ASC-A by the MCU-A described above, and no further description is given here.
在另一种可能的实现方式中,冗余微控制器接收第二心跳信号和显示为失效或故障的第二运行状态检测结果,此时,由于第二运行状态检测结果显示为失效或故障,对应的主整车执行控制器失效,则根据第二心跳信号并结合第三预设故障检测机制,得到第三检测结果;若第三检测结果为失效或故障,确定主微控制器失效,此时,可参照上文所述第三检测结果为失效或故障,确定主微控制器失效时的故障处理方式,此处不进行赘述;若第三检测结果为正常,则可根据上文所述利用MCU-A对ASC-A进行故障检测及对应故障处理方式,此处不进行赘述。In another possible implementation manner, the redundant microcontroller receives the second heartbeat signal and the second operating state detection result displayed as failure or failure. At this time, because the second operating state detection result indicates failure or failure, If the corresponding main vehicle executive controller fails, the third detection result is obtained according to the second heartbeat signal combined with the third preset fault detection mechanism; When the failure or failure of the third detection result mentioned above can be referred to, the fault handling method when the main micro-controller fails is determined, which will not be repeated here; if the third detection result is normal, the above-mentioned Use MCU-A to perform fault detection on ASC-A and the corresponding fault handling methods, which will not be described here.
综上所述,本发明实施例通过接收的微处理器发送的车辆控制指令和第一运行状态,结合第一预设故障检测机制,对微处理器进行故障检测,以便于根据微处理器是否发生故障,确定对应故障处理方法以控制车辆安全停车,提高了自动驾驶的安全性和可靠性;另外,结合第一预设故障检测机制,对微处理器进行故障检测,可以在软硬件发生失效的情况下,确保车辆能够安全减速和停车,从而有效保证行车安全。To sum up, the embodiment of the present invention detects the fault of the microprocessor by receiving the vehicle control instruction and the first running state sent by the microprocessor, in combination with the first preset fault detection mechanism, so as to detect the fault according to whether the microprocessor When a fault occurs, determine the corresponding fault handling method to control the safe parking of the vehicle, which improves the safety and reliability of automatic driving; in addition, combined with the first preset fault detection mechanism, the fault detection of the microprocessor can prevent the failure of the software and hardware. Under certain circumstances, ensure that the vehicle can safely decelerate and stop, so as to effectively ensure driving safety.
下面对本发明提供的自动驾驶故障处理装置进行描述,下文描述的自动驾驶故障处理装置与上文描述的自动驾驶故障处理方法可相互对应参照。The automatic driving fault processing device provided by the present invention is described below, and the automatic driving fault processing device described below and the automatic driving fault processing method described above can be referred to in correspondence.
图2示出了本发明一种自动驾驶故障处理装置的结构示意图,该装置,包括:Fig. 2 shows a schematic structural diagram of an automatic driving fault processing device of the present invention, which device includes:
数据接收模块21,接收微处理器发送的车辆控制指令和第一运行状态;The
故障检测模块22,根据车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果;The fault detection module 22 obtains a first detection result according to the vehicle control instruction and the first running state, combined with the first preset fault detection mechanism;
故障处理模块23,根据第一检测结果,执行对应故障处理方法。The fault processing module 23 executes a corresponding fault processing method according to the first detection result.
在本实施例中,故障检测模块22,包括:指令检测单元,对车辆控制指令进行有效性检测,得到第一有效性检测结果;状态检测单元,对第一运行状态进行状态检测,得到第一运行状态检测结果;第一通信超时检测单元,基于接收微处理器发送的车辆控制指令和第一运行状态,进行通信超时检测,得到第一通信超时检测结果;端到端保护检测单元,基于接收的车辆控制指令和第一运行状态,对微处理器进行端到端保护检测,得到第一端到端保护检测结果;结果获取单元,根据第一有效性检测结果、第一运行状态检测结果、第一通信超时检测结果和第一端到端保护检测结果,得到第一检测结果。需要说明的是,通过MCU-A对MPU进行故障检测,以判断MPU是否故障,从而便于后续根据故障检测结果确定对应的故障处理方式。In this embodiment, the fault detection module 22 includes: a command detection unit, which detects the validity of the vehicle control command, and obtains the first validity detection result; a state detection unit, which detects the state of the first operating state, and obtains the first Running state detection results; the first communication timeout detection unit, based on receiving the vehicle control command and the first running state sent by the microprocessor, performs communication timeout detection, and obtains the first communication timeout detection result; the end-to-end protection detection unit, based on receiving Carry out end-to-end protection detection on the microprocessor to obtain the first end-to-end protection detection result; the result acquisition unit, according to the first validity detection result, the first operation state detection result, The first communication timeout detection result and the first end-to-end protection detection result are used to obtain the first detection result. It should be noted that the MCU-A performs fault detection on the MPU to determine whether the MPU is faulty, so as to facilitate subsequent determination of a corresponding fault handling method according to the fault detection result.
更进一步地说,指令检测单元,包括:范围检查子单元,根据车辆控制指令,进行范围检查,若车辆控制指令不符合预设范围,则认为无效。比如,预设范围为最大减速度不大于4m/s2,则车辆控制指令中请求的最大减速度不能大于4m/s2,否则车辆控制指令为失效指令。。Furthermore, the command detection unit includes: a range checking subunit, which performs a range check according to the vehicle control command, and considers it invalid if the vehicle control command does not meet the preset range. For example, if the preset range is that the maximum deceleration is not greater than 4m/s 2 , then the maximum deceleration requested in the vehicle control command cannot be greater than 4m/s 2 , otherwise the vehicle control command is an invalid command. .
状态检测单元,包括:状态检测子单元,检测第一运行状态是否正常,从而判断微处理器是否正常运行。The state detection unit includes: a state detection subunit, which detects whether the first operating state is normal, thereby judging whether the microprocessor operates normally.
第一通信超时检测单元,包括:数据接收子单元,基于预设通信周期,接收微处理器发送的车辆控制指令和第一运行状态;检测接收的车辆控制指令和第一运行状态的次数是否符合预设通信周期的周期数。The first communication overtime detection unit includes: a data receiving subunit, based on a preset communication cycle, receiving the vehicle control instruction and the first operating state sent by the microprocessor; detecting whether the received vehicle control instruction and the number of times of the first operating state conform to The number of cycles of the preset communication cycle.
端到端保护检测单元,基于接收的车辆控制指令和第一运行状态,利用E2E算法,进行E2E保护检测。需要说明的是,E2E算法可以是现有算法,比如保证数据一致性的CRC16算法、保证数据实时性的Rolling counter算法等,或者是基于特定需求设计用于E2E保护检测的算法。The end-to-end protection detection unit uses the E2E algorithm to perform E2E protection detection based on the received vehicle control command and the first running state. It should be noted that the E2E algorithm can be an existing algorithm, such as the CRC16 algorithm to ensure data consistency, the Rolling counter algorithm to ensure real-time data, etc., or an algorithm designed for E2E protection detection based on specific requirements.
举例而言,当采用CRC16算法时,指令检测单元,包括:数据接收子单元,接收车辆控制指令和第一运行状态,其中,车辆控制指令和第一运行状态中预先添加了CRC控制字段;评估计算子单元,评估车辆控制指令和第一运行状态中的CRC控制字段,并对CRC控制字段进行计算;判断子单元,判断计算结果是否符合预设接收内容。For example, when the CRC16 algorithm is used, the instruction detection unit includes: a data receiving subunit, which receives the vehicle control instruction and the first operating state, wherein the CRC control field is pre-added in the vehicle control instruction and the first operating state; The calculation subunit evaluates the vehicle control instruction and the CRC control field in the first running state, and calculates the CRC control field; the judgment subunit judges whether the calculation result conforms to the preset received content.
当采用Rolling counter算法时,指令检测单元,包括:数据接收子单元,接收车辆控制指令和第一运行状态,其中,车辆控制指令和第一运行状态中预先添加了Rollingcounter字段;诊断子单元,基于Rolling counter字段的增加量进行诊断。When the Rolling counter algorithm is adopted, the command detection unit includes: a data receiving subunit, which receives the vehicle control command and the first running state, wherein the Rollingcounter field is pre-added in the vehicle control command and the first running state; the diagnosis subunit, based on The increase in the Rolling counter field is used for diagnosis.
结果获取单元,包括:第一结果获取子单元,基于第一有效性检测结果、第一运行状态检测结果、第一通信超时检测结果和第一端到端保护检测结果中至少一个为失效或故障,则第一检测结果为失效或故障;第二结果获取子单元,基于第一有效性检测结果、第一运行状态检测结果、第一通信超时检测结果和第一端到端保护检测结果均为有效或正常,则第一检测结果为有效或正常。The result acquisition unit, including: a first result acquisition subunit, based on at least one of the first validity detection result, the first running state detection result, the first communication timeout detection result and the first end-to-end protection detection result being a failure or failure , then the first detection result is failure or failure; the second result acquisition subunit is based on the first validity detection result, the first running state detection result, the first communication timeout detection result and the first end-to-end protection detection result being valid or normal, the first detection result is valid or normal.
相应地,故障处理模块23,包括:屏蔽单元,若第一检测结果为失效或故障,则屏蔽微处理器发送的车辆控制指令和第一运行状态;第一请求生成单元,进行感知和定位以生成第一车辆控制请求;第一请求发送单元,将第一车辆控制请求发送至主整车执行控制器(ASC-A),以进行车道内减速和停车,并生成驾驶员接管提醒,以通知驾驶员进行车辆接管。Correspondingly, the failure processing module 23 includes: a shielding unit, if the first detection result is a failure or failure, then shielding the vehicle control command and the first running state sent by the microprocessor; the first request generating unit for sensing and positioning to Generate the first vehicle control request; the first request sending unit sends the first vehicle control request to the main vehicle executive controller (ASC-A) for deceleration and parking in the lane, and generates a driver takeover reminder to notify The driver takes over the vehicle.
在一个可选实施例中,在第一请求发送单元将第一车辆控制请求发送至主整车执行控制器之后,利用主微控制器对主整车执行控制器进行故障检测,即故障检测模块,还包括:第二状态接收单元,接收主整车执行控制器基于第一车辆控制请求返回的第二运行状态;第一检测单元,基于第二运行状态进行运行状态检测,并结合第二预设故障检测机制,得到第二检测结果。In an optional embodiment, after the first request sending unit sends the first vehicle control request to the main vehicle execution controller, the main microcontroller is used to perform fault detection on the main vehicle execution controller, that is, the fault detection module , further comprising: a second state receiving unit, which receives the second running state returned by the main vehicle executive controller based on the first vehicle control request; a first detection unit, which detects the running state based on the second running state, and combines the second predetermined A fault detection mechanism is set up to obtain a second detection result.
相应地,故障处理模块23,包括:模式切换单元,基于第二检测结果为运行异常或故障,则切换为热备份模式,并请求主整车执行控制器退出工作模式并切换为热备份模式;状态发送单元,将第二运行状态检测结果发送至冗余微控制器,以便于冗余微控制器和与冗余微控制器通信的冗余整车执行控制器由热备份模式切换为工作模式,从而对车辆进行减速,并生成驾驶员接管提醒,以通知驾驶员进行车辆接管。Correspondingly, the failure processing module 23 includes: a mode switching unit, which switches to the hot backup mode based on the second detection result of abnormal operation or failure, and requests the main vehicle executive controller to exit the working mode and switch to the hot backup mode; The state sending unit sends the second operating state detection result to the redundant microcontroller, so that the redundant microcontroller and the redundant vehicle execution controller communicating with the redundant microcontroller can switch from the hot backup mode to the working mode , so as to decelerate the vehicle and generate a driver takeover reminder to notify the driver to take over the vehicle.
第一检测单元,包括:通信超时检测子单元,基于接收第一车辆控制请求,进行通信超时检测,得到第二通信超时检测结果;端到端保护检测子单元,根据第一车辆控制请求,进行端到端保护检测,得到第二端到端保护检测结果。The first detection unit includes: a communication timeout detection subunit, which performs communication timeout detection based on receiving the first vehicle control request, and obtains a second communication timeout detection result; an end-to-end protection detection subunit, according to the first vehicle control request, performs The end-to-end protection detection is performed to obtain a second end-to-end protection detection result.
在一个可选实施例中,故障检测模块22,还用于对冗余微控制器进行故障检测,具体包括:数据接收单元,接收冗余微控制器发送的第一心跳信号,或接收冗余微控制器发送的第一心跳信号和显示为失效或故障的第三运行状态检测结果,第三运行状态检测结果为冗余微控制器根据冗余整车执行控制器发送的第三运行状态进行状态检测得到的;第二检测单元,根据第一心跳信号,并结合第四预设故障检测机制,得到第二检测结果;故障确定单元,基于第二检测结果为失效或故障,确定冗余微控制器失效;基于显示为失效或故障的第三运行状态检测结果,确定冗余整车执行控制器失效。In an optional embodiment, the fault detection module 22 is also used for fault detection of the redundant microcontroller, specifically including: a data receiving unit, receiving the first heartbeat signal sent by the redundant microcontroller, or receiving the redundant microcontroller The first heartbeat signal sent by the microcontroller and the detection result of the third operating state indicated as failure or failure, the third operating state detection result is the redundant microcontroller according to the third operating state sent by the redundant vehicle executive controller Obtained by state detection; the second detection unit, according to the first heartbeat signal, combined with the fourth preset fault detection mechanism, obtains the second detection result; the fault determination unit determines that the redundant micro The controller is invalid; based on the detection result of the third operating state indicated as failure or failure, it is determined that the redundant vehicle executive controller is invalid.
进一步地,第二检测单元,包括:信号检测子单元,对第一心跳信号进行心跳信号检测,以判断目标时间段内心跳信号是否丢失;第二通信超时检测单元,基于接收第一心跳信号,进行通信超时检测。需要说明的是,信号检测子单元,包括:信号接收孙单元,基于预设周期,接收冗余微控制器发送的第一心跳信号;判断孙单元,判断接收的心跳信号次数是否符合预设周期数量,从而判断目标时间段内是否出现心跳信号丢失的情况。Further, the second detection unit includes: a signal detection subunit, which performs heartbeat signal detection on the first heartbeat signal to determine whether the heartbeat signal is lost in the target time period; the second communication timeout detection unit, based on receiving the first heartbeat signal, Perform communication timeout detection. It should be noted that the signal detection subunit includes: the signal receiving grandson unit, based on the preset cycle, receiving the first heartbeat signal sent by the redundant microcontroller; the judging grandchildren unit, judging whether the number of received heartbeat signals conforms to the preset cycle Quantity, so as to determine whether the heartbeat signal is lost within the target time period.
在一个可选实施例中,为便于冗余微控制器对主微控制器进行故障检测,该装置还包括:数据发送装置,向冗余微控制器发送第二心跳信号,或向冗余微控制器发送第二心跳信号和显示为失效或故障的第二运行状态检测结果,以供冗余微控制器根据第二心跳信号和第三预设故障检测机制进行故障检测的结果确定是否从热备份模式切换至工作模式,以及是否进行感知和定位以生成第二车辆控制请求并将第二车辆控制请求发送至冗余整车执行控制器。In an optional embodiment, in order to facilitate the fault detection of the main microcontroller by the redundant microcontroller, the device further includes: a data sending device, which sends a second heartbeat signal to the redundant microcontroller, or sends a second heartbeat signal to the redundant microcontroller. The controller sends the second heartbeat signal and the second operating state detection result displayed as failure or failure, so that the redundant microcontroller can determine whether the thermal The backup mode is switched to the working mode, and whether sensing and positioning are performed to generate a second vehicle control request and send the second vehicle control request to the redundant vehicle execution controller.
在一种可能的实现方式中,冗余微控制器接收第二心跳信号,此时,主整车执行控制器处于无故障状态,则根据第二心跳信号并结合第三预设故障检测机制,得到第三检测结果;基于第三检测结果为失效或故障,确定主微控制器失效,主微控制器失效也意味着主微控制器无法正常运行并输出对主整车执行控制器控制,因此需要将主整车执行控制器由工作模式调整为热备份模式。In a possible implementation, the redundant microcontroller receives the second heartbeat signal. At this time, the main vehicle executive controller is in a fault-free state, then according to the second heartbeat signal and combined with the third preset fault detection mechanism, The third detection result is obtained; based on the third detection result being failure or failure, it is determined that the main microcontroller is invalid, and the failure of the main microcontroller also means that the main microcontroller cannot operate normally and outputs the controller to execute the control of the main vehicle. Therefore It is necessary to adjust the main vehicle executive controller from working mode to hot backup mode.
另外,冗余微控制器从热备份模式切换至工作模式,以及进行感知和定位以生成第二车辆控制请求并将第二车辆控制请求发送至冗余整车执行控制器,以利用冗余微控制器对冗余整车执行控制器进行故障检测;主微控制器通过硬线连接控制向微处理器供电,则在主微控制器失效的情况下,此时为共因失效,即主微控制器失效导致微处理器也同时失效。需要说明的是,利用冗余微控制器对冗余整车执行控制器进行故障检测可参照上文所述利用MCU-A对ASC-A进行故障检测,此处不作进一步描述。In addition, the redundant microcontroller switches from the hot backup mode to the working mode, senses and locates to generate a second vehicle control request and sends the second vehicle control request to the redundant vehicle executive controller, so as to utilize the redundant microcontroller The controller detects the failure of the redundant vehicle executive controller; the main microcontroller controls the power supply to the microprocessor through a hard-wired connection. If the main microcontroller fails, it is a common cause failure, that is, the main microcontroller Failure of the controller causes the microprocessor to fail at the same time. It should be noted that the fault detection of the redundant vehicle executive controller by using the redundant microcontroller can refer to the fault detection of the ASC-A by the MCU-A described above, and no further description is given here.
在另一种可能的实现方式中,冗余微控制器接收第二心跳信号和显示为失效或故障的第二运行状态检测结果,此时,由于第二运行状态检测结果显示为失效或故障,对应的主整车执行控制器失效,则根据第二心跳信号并结合第三预设故障检测机制,得到第三检测结果;若第三检测结果为失效或故障,确定主微控制器失效,此时,可参照上文所述第三检测结果为失效或故障,确定主微控制器失效时的故障处理方式,此处不进行赘述;若第三检测结果为正常,则可根据上文所述利用MCU-A对ASC-A进行故障检测及对应故障处理方式,此处不进行赘述。In another possible implementation manner, the redundant microcontroller receives the second heartbeat signal and the second operating state detection result displayed as failure or failure. At this time, because the second operating state detection result indicates failure or failure, If the corresponding main vehicle executive controller fails, the third detection result is obtained according to the second heartbeat signal combined with the third preset fault detection mechanism; When the failure or failure of the third detection result mentioned above can be referred to, the fault handling method when the main micro-controller fails is determined, which will not be repeated here; if the third detection result is normal, the above-mentioned Use MCU-A to perform fault detection on ASC-A and the corresponding fault handling methods, which will not be described here.
综上所述,本发明实施例利用故障检测模块根据数据接收模块接收的微处理器发送的车辆控制指令和第一运行状态,结合第一预设故障检测机制,对微处理器进行故障检测,以便于根据微处理器是否发生故障,从而便于故障处理模块确定对应故障处理方法以控制车辆安全停车,提高了自动驾驶的安全性和可靠性;另外,结合第一预设故障检测机制,对微处理器进行故障检测,可以在软硬件发生失效的情况下,确保车辆能够安全减速和停车,从而有效保证行车安全。To sum up, the embodiment of the present invention uses the fault detection module to detect the fault of the microprocessor according to the vehicle control instruction and the first running state received by the microprocessor received by the data receiving module, combined with the first preset fault detection mechanism, In order to facilitate the fault processing module to determine the corresponding fault processing method to control the safe parking of the vehicle according to whether the microprocessor is faulty or not, the safety and reliability of automatic driving are improved; in addition, combined with the first preset fault detection mechanism, the micro The processor performs fault detection, which can ensure that the vehicle can safely decelerate and stop in the event of hardware and software failure, thereby effectively ensuring driving safety.
本发明还提供一种自动驾驶系统,应用如上任一所述的自动驾驶故障处理方法,包括微处理器和主微控制器,其中:微处理器(MPU)向主微控制器(MCU-A)发送车辆控制指令和第一运行状态;主微控制器(MCU-A)根据接收的车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果;主微控制器(MCU-A)根据第一检测结果,执行对应故障处理方法。The present invention also provides an automatic driving system, which uses the automatic driving fault processing method as described above, including a microprocessor and a main microcontroller, wherein: the microprocessor (MPU) sends a message to the main microcontroller (MCU-A) ) sends the vehicle control command and the first running state; the main microcontroller (MCU-A) obtains the first detection result according to the received vehicle control command and the first running state, combined with the first preset fault detection mechanism; the main microcontroller The controller (MCU-A) executes a corresponding fault handling method according to the first detection result.
参考图3,在一个可选实施例中,该自动驾驶系统还包括冗余微控制器(MCU-B),则在MPU将车辆控制指令和第一运行状态发送至MCU-A时,还包括:MPU将车辆控制指令和第一运行状态发送至MCU-B,以利用MCU-B根据接收的车辆控制指令和第一运行状态,对MPU进行故障检测,具体对MPU进行故障检测的方式可参照主微控制器根据车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果的方式,此处不作进一步地限定。Referring to Fig. 3, in an optional embodiment, the automatic driving system also includes a redundant microcontroller (MCU-B), and when the MPU sends the vehicle control command and the first operating state to the MCU-A, it also includes : The MPU sends the vehicle control command and the first running state to the MCU-B, so as to use the MCU-B to detect the fault of the MPU according to the received vehicle control command and the first running state. For the specific fault detection method of the MPU, please refer to The manner in which the main microcontroller obtains the first detection result according to the vehicle control instruction and the first operating state in combination with the first preset fault detection mechanism will not be further limited here.
在一种可能的实现方式中,该自动驾驶系统还包括:主整车执行控制器(ASC-A),若第一检测结果为失效或故障,则MCU-A屏蔽微处理器发送的车辆控制指令和第一运行状态,并进行感知和定位以生成第一车辆控制请求;MCU-A将第一车辆控制请求发送至ASC-A,以进行车道内减速和停车,并生成驾驶员接管提醒,以通知驾驶员进行车辆接管。In a possible implementation, the automatic driving system also includes: the main vehicle executive controller (ASC-A), if the first detection result is a failure or fault, the MCU-A shields the vehicle control system sent by the microprocessor command and the first operating state, and perform perception and positioning to generate the first vehicle control request; MCU-A sends the first vehicle control request to ASC-A for deceleration and parking in the lane, and generates a driver takeover reminder, To notify the driver to take over the vehicle.
若第一检测结果为有效或正常,则表明MPU运行正常无故障,则该自动驾驶系统还需对MCU-A、ASC-A、ASC-B和冗余整车执行控制器(ASC-B)的进行故障检测,以便于确定对应故障处理方式。If the first detection result is valid or normal, it indicates that the MPU is operating normally without failure, and the automatic driving system also needs to execute the controller for MCU-A, ASC-A, ASC-B and redundant vehicle (ASC-B) Carry out fault detection in order to determine the corresponding fault handling method.
具体地,利用MCU-A对ASC-A进行故障检测,即在MCU-A将第一车辆控制请求发送至ASC-A之后,包括:MCU-A接收ASC-A基于第一车辆控制请求返回的第二运行状态;MCU-A基于第二运行状态进行运行状态检测,并结合第二预设故障检测机制,得到第二检测结果;若第二检测结果为运行异常或故障,则MCU-A切换为热备份模式,并请求ASC-A退出工作模式并切换为热备份模式,以及将第二运行状态检测结果发送至MCU-B,以便于MCU-B和与MCU-B通信的ASC-B由热备份模式切换为工作模式,从而对车辆进行减速,并生成驾驶员接管提醒,以通知驾驶员进行车辆接管。Specifically, using MCU-A to perform fault detection on ASC-A, that is, after MCU-A sends the first vehicle control request to ASC-A, includes: MCU-A receiving the information returned by ASC-A based on the first vehicle control request The second operating state: MCU-A performs operating state detection based on the second operating state, and combines the second preset fault detection mechanism to obtain the second detection result; if the second detection result is abnormal operation or failure, MCU-A switches It is a hot backup mode, and requests ASC-A to exit the working mode and switch to a hot backup mode, and send the second running state detection result to MCU-B, so that MCU-B and ASC-B communicating with MCU-B are controlled by The hot backup mode is switched to the working mode, thereby decelerating the vehicle, and generating a driver takeover reminder to notify the driver to take over the vehicle.
另外,ASC-A在接收第一车辆控制请求之后,基于第二预设故障检测机制,对主微控制器MCU-A进行故障检测,并基于故障检测结果为无故障,将自身的运行状态(即第二运行状态)发送至MCU-A。In addition, after receiving the first vehicle control request, ASC-A performs fault detection on the main microcontroller MCU-A based on the second preset fault detection mechanism, and based on the fault detection result being no fault, changes its own operating state ( That is, the second running state) is sent to MCU-A.
在一个可选实施例中,利用MCU-A对MCU-B进行故障检测,包括:MCU-A接收MCU-B发送的第一心跳信号,或MCU-A接收MCU-B发送的第一心跳信号和显示为失效或故障的第三运行状态检测结果,第三运行状态检测结果为MCU-B根据ASC-B发送的第三运行状态进行状态检测得到的;MCU-A根据第一心跳信号,并结合第四预设故障检测机制,得到第二检测结果;MCU-A基于第二检测结果为失效或故障,确定MCU-B失效;MCU-A基于显示为失效或故障的第三运行状态检测结果,确定ASC-B失效。In an optional embodiment, using MCU-A to perform fault detection on MCU-B includes: MCU-A receiving the first heartbeat signal sent by MCU-B, or MCU-A receiving the first heartbeat signal sent by MCU-B and the third operating state detection result displayed as failure or failure, the third operating state detection result is obtained by MCU-B according to the third operating state sent by ASC-B; MCU-A according to the first heartbeat signal, and Combined with the fourth preset fault detection mechanism, the second detection result is obtained; MCU-A determines that MCU-B is invalid based on the second detection result as failure or failure; MCU-A is based on the third operating state detection result shown as failure or failure , to determine that ASC-B is invalid.
应当注意的是,由于MCU-B处于热备份模式,并非处于工作模式,且无紧急的安全风险,因此可正常按照故障处理流程,对应的MCU-A和ASC-A保持工作模式,MCU-B保持热备份模式,当MCU-A接收MCU-B发送的第一心跳信号时,ASC-B也处于热备份模式;当MCU-A接收MCU-B发送的第一心跳信号和显示为失效或故障的第三运行状态检测结果时,对应ASC-B失效。It should be noted that since MCU-B is in the hot backup mode, not in the working mode, and there is no urgent safety risk, the corresponding MCU-A and ASC-A can remain in the working mode according to the normal fault handling process, and MCU-B Maintain hot backup mode, when MCU-A receives the first heartbeat signal sent by MCU-B, ASC-B is also in hot backup mode; when MCU-A receives the first heartbeat signal sent by MCU-B and displays as failure or failure When the detection result of the third operating state of the corresponding ASC-B fails.
在一个可选实施例中,利用MCU-B对MCU-A进行故障检测,包括:MCU-A向MCU-B发送第二心跳信号,或MCU-A向MCU-B发送第二心跳信号和显示为失效或故障的第二运行状态检测结果,以供MCU-B根据第二心跳信号和第三预设故障检测机制进行故障检测的结果确定是否从热备份模式切换至工作模式,以及是否进行感知和定位以生成第二车辆控制请求并将第二车辆控制请求发送至ASC-B。In an optional embodiment, using MCU-B to perform fault detection on MCU-A includes: MCU-A sends a second heartbeat signal to MCU-B, or MCU-A sends a second heartbeat signal to MCU-B and displays It is the second operating state detection result of failure or fault, for MCU-B to determine whether to switch from hot backup mode to working mode according to the result of fault detection by the second heartbeat signal and the third preset fault detection mechanism, and whether to sense and positioned to generate a second vehicle control request and send the second vehicle control request to the ASC-B.
在一种可能的实现方式中,MCU-B接收第二心跳信号,此时,ASC-A处于无故障状态,则MCU-B根据第二心跳信号并结合第三预设故障检测机制,得到第三检测结果;MCU-B基于第三检测结果为失效或故障,确定MCU-A失效,MCU-A失效也意味着MCU-A无法正常运行并输出对ASC-A控制,因此需要将ASC-A由工作模式调整为热备份模式。In a possible implementation, MCU-B receives the second heartbeat signal, and at this time, ASC-A is in a fault-free state, then MCU-B obtains the second heartbeat signal in combination with the third preset fault detection mechanism. Three detection results; MCU-B determines that MCU-A is invalid based on the third detection result. The failure of MCU-A also means that MCU-A cannot operate normally and outputs control to ASC-A, so ASC-A needs to be Adjust from working mode to hot backup mode.
另外,MCU-B从热备份模式切换至工作模式,以及进行感知和定位以生成第二车辆控制请求并将第二车辆控制请求发送至ASC-A,以利用MCU-B对ASC-B进行故障检测;MCU-A通过硬线连接控制向MPU供电,则在MCU-A失效的情况下,此时为共因失效,即MCU-A失效导致MPU也同时失效。需要说明的是,利用MCU-A对ASC-B进行故障检测可参照上文所述利用MCU-A对ASC-A进行故障检测,此处不作进一步描述。In addition, MCU-B switches from hot backup mode to working mode, and senses and locates to generate a second vehicle control request and sends the second vehicle control request to ASC-A to troubleshoot ASC-B with MCU-B Detection; MCU-A controls the power supply to the MPU through a hard-wired connection, and in the case of MCU-A failure, it is a common cause failure at this time, that is, the MCU-A failure causes the MPU to also fail at the same time. It should be noted that the fault detection of ASC-B by using MCU-A may refer to the fault detection of ASC-A by using MCU-A described above, and no further description will be made here.
在另一种可能的实现方式中,MCU-B接收第二心跳信号和显示为失效或故障的第二运行状态检测结果,此时,由于第二运行状态检测结果显示为失效或故障,对应的ASC-A失效,则根据第二心跳信号并结合第三预设故障检测机制,得到第三检测结果;若第三检测结果为失效或故障,确定MCU-A失效,此时,可参照上文所述第三检测结果为失效或故障,确定MCU-A失效时的故障处理方式,此处不进行赘述;若第三检测结果为正常,则可根据上文所述利用MCU-A对ASC-A进行故障检测及对应故障处理方式,此处不进行赘述。In another possible implementation, the MCU-B receives the second heartbeat signal and the second operating state detection result indicated as failure or failure. At this time, since the second operating state detection result indicates failure or failure, the corresponding If ASC-A fails, the third detection result is obtained according to the second heartbeat signal combined with the third preset fault detection mechanism; if the third detection result is failure or failure, it is determined that MCU-A is invalid. At this time, refer to the above Described the 3rd detection result is invalidation or fault, and the fault handling mode when determining MCU-A failure, does not go into details here; If the 3rd detection result is normal, then can utilize MCU-A to ASC- A performs fault detection and corresponding fault handling methods, which will not be described here.
图4示例了一种电子设备的实体结构示意图,如图4所示,该电子设备可以包括:处理器(processor)41、通信接口(Communications Interface)42、存储器(memory)43和通信总线44,其中,处理器41,通信接口42,存储器43通过通信总线44完成相互间的通信。处理器41可以调用存储器43中的逻辑指令,以执行自动驾驶故障处理方法,该方法包括:接收微处理器发送的车辆控制指令和第一运行状态;根据车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果;根据第一检测结果,执行对应故障处理方法。Fig. 4 illustrates the schematic diagram of the entity structure of a kind of electronic equipment, as shown in Fig. 4, this electronic equipment can comprise: processor (processor) 41, communication interface (Communications Interface) 42, memory (memory) 43 and
此外,上述的存储器43中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the logic instructions in the above-mentioned
另一方面,本发明还提供一种计算机程序产品,所述计算机程序产品包括计算机程序,计算机程序可存储在非暂态计算机可读存储介质上,所述计算机程序被处理器执行时,计算机能够执行上述各方法所提供的自动驾驶故障处理方法,该方法包括:接收微处理器发送的车辆控制指令和第一运行状态;根据车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果;根据第一检测结果,执行对应故障处理方法。On the other hand, the present invention also provides a computer program product. The computer program product includes a computer program that can be stored on a non-transitory computer-readable storage medium. When the computer program is executed by a processor, the computer can Executing the automatic driving fault handling method provided by the above methods, the method includes: receiving the vehicle control command and the first running state sent by the microprocessor; according to the vehicle control command and the first running state, combined with the first preset fault detection mechanism to obtain a first detection result; and execute a corresponding fault handling method according to the first detection result.
又一方面,本发明还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各方法提供的自动驾驶故障处理方法,该方法包括:接收微处理器发送的车辆控制指令和第一运行状态;根据车辆控制指令和第一运行状态,并结合第一预设故障检测机制,得到第一检测结果;根据第一检测结果,执行对应故障处理方法。In another aspect, the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, it is implemented to execute the automatic driving fault handling method provided by the above-mentioned methods, the method Including: receiving the vehicle control command and the first running state sent by the microprocessor; according to the vehicle control command and the first running state, combined with the first preset fault detection mechanism, obtaining the first detection result; according to the first detection result, executing Corresponding troubleshooting method.
以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network elements. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without any creative effort.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。Through the above description of the implementations, those skilled in the art can clearly understand that each implementation can be implemented by means of software plus a necessary general hardware platform, and of course also by hardware. Based on this understanding, the essence of the above technical solution or the part that contributes to the prior art can be embodied in the form of software products, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic discs, optical discs, etc., including several instructions to make a computer device (which may be a personal computer, server, or network device, etc.) execute the methods described in various embodiments or some parts of the embodiments.
最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211176948.3A CN115892060A (en) | 2022-09-26 | 2022-09-26 | Automatic driving fault handling method and automatic driving system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211176948.3A CN115892060A (en) | 2022-09-26 | 2022-09-26 | Automatic driving fault handling method and automatic driving system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115892060A true CN115892060A (en) | 2023-04-04 |
Family
ID=86492336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211176948.3A Pending CN115892060A (en) | 2022-09-26 | 2022-09-26 | Automatic driving fault handling method and automatic driving system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115892060A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116588185A (en) * | 2023-05-06 | 2023-08-15 | 广州文远知行科技有限公司 | Steering control method, device, equipment and storage medium |
| CN119773809A (en) * | 2024-12-31 | 2025-04-08 | 广州小鹏汽车科技有限公司 | Vehicle automatic driving redundant system, control method and vehicle |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103661378A (en) * | 2012-08-28 | 2014-03-26 | 通用汽车环球科技运作有限责任公司 | Active safety systems of vehicles with graphical microprocessors |
| US20170166182A1 (en) * | 2015-12-14 | 2017-06-15 | Hyundai Motor Company | Method for preventing engine clutch hazard of hybrid vehicle |
| CN107315359A (en) * | 2016-04-27 | 2017-11-03 | 华为技术有限公司 | Control method for vehicle and system |
| CN109709963A (en) * | 2018-12-29 | 2019-05-03 | 百度在线网络技术(北京)有限公司 | Unmanned controller and automatic driving vehicle |
| CN110488597A (en) * | 2019-08-18 | 2019-11-22 | 中车永济电机有限公司 | Locomotive Main Processor Unit dual redundant control method |
| CN112109726A (en) * | 2019-07-17 | 2020-12-22 | 上汽通用五菱汽车股份有限公司 | Fault processing method for automatic driving vehicle, vehicle and readable storage medium |
| CN113247022A (en) * | 2021-06-23 | 2021-08-13 | 智己汽车科技有限公司 | Automatic driving redundancy control system and method |
| CN113874861A (en) * | 2019-06-27 | 2021-12-31 | 奥迪股份公司 | Controller for motor vehicle and motor vehicle |
-
2022
- 2022-09-26 CN CN202211176948.3A patent/CN115892060A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103661378A (en) * | 2012-08-28 | 2014-03-26 | 通用汽车环球科技运作有限责任公司 | Active safety systems of vehicles with graphical microprocessors |
| US20170166182A1 (en) * | 2015-12-14 | 2017-06-15 | Hyundai Motor Company | Method for preventing engine clutch hazard of hybrid vehicle |
| CN107315359A (en) * | 2016-04-27 | 2017-11-03 | 华为技术有限公司 | Control method for vehicle and system |
| CN109709963A (en) * | 2018-12-29 | 2019-05-03 | 百度在线网络技术(北京)有限公司 | Unmanned controller and automatic driving vehicle |
| CN113874861A (en) * | 2019-06-27 | 2021-12-31 | 奥迪股份公司 | Controller for motor vehicle and motor vehicle |
| CN112109726A (en) * | 2019-07-17 | 2020-12-22 | 上汽通用五菱汽车股份有限公司 | Fault processing method for automatic driving vehicle, vehicle and readable storage medium |
| CN110488597A (en) * | 2019-08-18 | 2019-11-22 | 中车永济电机有限公司 | Locomotive Main Processor Unit dual redundant control method |
| CN113247022A (en) * | 2021-06-23 | 2021-08-13 | 智己汽车科技有限公司 | Automatic driving redundancy control system and method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116588185A (en) * | 2023-05-06 | 2023-08-15 | 广州文远知行科技有限公司 | Steering control method, device, equipment and storage medium |
| CN119773809A (en) * | 2024-12-31 | 2025-04-08 | 广州小鹏汽车科技有限公司 | Vehicle automatic driving redundant system, control method and vehicle |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12330665B2 (en) | Vehicle control device | |
| EP4049910B1 (en) | Automatic driving control system, control method and device | |
| CN111038480B (en) | Automatic driving execution system and automatic driving control command execution method | |
| CN115892060A (en) | Automatic driving fault handling method and automatic driving system | |
| US11398944B2 (en) | Vehicle fault handling method, apparatus, device and storage medium | |
| CN110682876B (en) | Automatic driving method and system for vehicle, storage medium and automatic driving automobile | |
| US9604585B2 (en) | Failure management in a vehicle | |
| CN113085885A (en) | Driving mode switching method, device and equipment and readable storage medium | |
| CN105515739A (en) | Fail-safe E/E architecture for automated driving | |
| CN107065830A (en) | A kind of dual redundant hot backup system based on arbitration mode | |
| CN105700419B (en) | Control method, device and the control method of finished of entire car controller, system | |
| CN104049530A (en) | Fault tolerant control system | |
| US10521313B2 (en) | Uninterrupted data availability during failure in redundant micro-controller system | |
| CN110053630B (en) | Vehicle control method and device | |
| CN110320895A (en) | A kind of fault detection method and device, vehicle | |
| CN113968237A (en) | Steering system of unmanned vehicle, operation method and storage device | |
| CN117022158A (en) | Vehicle power loss safety control method, device, equipment and storage medium | |
| WO2021218900A1 (en) | Vehicle control method, apparatus and system | |
| CN115465284B (en) | Automatic driving control device, system, method, vehicle and storage medium | |
| CN110427014B (en) | Fault vehicle control method and device and chassis control instruction execution method and device | |
| CN117125041A (en) | Chassis braking method, device, system and storage medium | |
| CN106873572B (en) | Automatic driving cut-off device, automatic driving cut-off method and system | |
| CN118283091A (en) | Remote driving control method and device, electronic equipment and storage medium | |
| US20250091554A1 (en) | Wheel side braking apparatus and vehicle | |
| CN115352522A (en) | Wire-controlled steering system, failure operation method and vehicle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |