CN-121697658-B - Function safety and expected function guarantee method and system for vehicle-mounted bus

Abstract

The invention relates to a method and a system for guaranteeing the functional safety and the expected function of a vehicle-mounted bus, and relates to an intelligent driving safety technology, comprising the steps of collecting the running state signal of a main computing unit; performing fault diagnosis based on the running state signals to obtain fault grades, determining a safety response strategy according to the fault grades, collecting environment sensing data and a credibility evaluation value, performing expected functional safety risk evaluation by combining the environment sensing data and the credibility evaluation value to obtain risk grades, matching corresponding expected functional safety processing strategies according to the risk grades, and controlling safety island hardware and a main computing unit to cooperatively execute the safety response strategy and the expected functional safety processing strategy so as to realize double guarantee of functional safety and expected functional safety. The invention has the effect of improving the overall safety of the system.

Inventors

• TONG LINHUI
• DONG YING
• ZHANG YANG

Assignees

• 宁波市海曙雪利曼电子仪表有限公司

Dates

Publication Date

20260512

Application Date

20260213

Claims (7)

1. 1. A functional safety and intended function guarantee method for a vehicle-mounted bus, comprising: collecting an operation state signal of a main computing unit; Performing fault diagnosis based on the running state signal to obtain a fault grade; Determining a safety response strategy according to the fault level; Collecting environment perception data and a credibility evaluation value; Performing expected functional security risk assessment by combining the environment perception data and the credibility assessment value to obtain a risk level; matching corresponding expected functional security processing strategies according to the risk level; The control safety island hardware and the main computing unit cooperatively execute a safety response strategy and an expected functional safety processing strategy so as to realize double guarantee of functional safety and expected functional safety; the security response policy includes: when the fault level is a preset serious fault level, controlling independent safety island hardware to take over the control right of the bottom layer of the vehicle, and collecting the current running state and the current environment information of the vehicle; determining a minimum risk path based on the current operating state of the vehicle and the current environmental information; Controlling safety island hardware to execute basic braking and basic steering operation, guiding a vehicle to run along a minimum risk path, and collecting vehicle position information and vehicle posture information; judging whether the vehicle is in a safe parking state or not according to the vehicle position information, the vehicle posture information and the current environment information; When the vehicle is in a safe parking state, triggering the system to safely lock and sending remote alarm information; the security response policy further includes: When the fault level is not the preset serious fault level, matching a function degradation scheme from a preset degradation strategy library according to the fault level; Determining a limit function range based on the function degradation scheme; The redundant computing unit is controlled to take over the computing task of the main computing unit, corresponding function limiting operation is executed according to the limiting function range, a driver is prompted to take over, and meanwhile, the state information of the driver is collected; evaluating takeover readiness based on the driver status information; Determining an alarm level and a prompting mode based on the takeover readiness, prompting based on the alarm level and the prompting mode, and gradually exiting the automatic driving function when the effective takeover of the driver is detected; The intended functional security treatment policy includes: When the risk level is high risk, starting a preset container and a compensation mechanism to output an uncertainty warning to a human-computer interaction interface and reduce the confidence level of the system function; collecting historical environment data and multi-sensor real-time data; Correcting the environment perception data through a preset compensation algorithm based on the historical environment data and the multi-sensor real-time data; generating a high-confidence environmental model according to the corrected environmental perception data, and re-evaluating the risk level based on the high-confidence environmental model; and deciding the execution state of the target automatic driving function according to the re-estimated risk level.
2. 2. The method for guaranteeing functional safety and intended functions of an on-board bus according to claim 1, further comprising a method for determining a failure level: obtaining abnormal characteristic parameters based on the running state signals; determining the number of abnormal features according to the abnormal feature parameters; Calculating a system health score by the number of abnormal features; determining the fault grade according to the system health grade through a preset fault grade mapping rule.
3. 3. The method for guaranteeing functional safety and intended functions of an on-board bus according to claim 1, further comprising an intelligent compensation method of: generating a normal data feature library based on the historical environmental data, and retrieving historical normal data based on the normal data feature library; Identifying abnormal perception data according to the normal data feature library and the multi-sensor real-time data; generating data compensation parameters based on the historical normal data and the multi-sensor real-time data; and correcting the abnormal sensing data according to the data compensation parameters, thereby finishing the correction of the environment sensing data.
4. 4. The method for guaranteeing functional safety and intended functions of an on-board bus according to claim 1, further comprising: determining the working state of the camera based on the credibility evaluation value; When the working state of the camera is a camera shielding state, shielding image information is collected; extracting features of the shielding area from shielding image information to obtain a specific shielding state; Identifying a specific occlusion region based on occlusion image information and preset occlusion characteristics; When the specific shielding state is a preset close-range covering shielding state, determining blowing cleaning parameters according to the specific shielding area, and directionally cleaning the lens of the camera according to the blowing cleaning parameters.
5. 5. The method for guaranteeing functional safety and intended functions of an on-board bus as set forth in claim 4, further comprising: When the specific shielding state is not the preset close-range covering shielding, determining a relative motion vector based on shielding image information and the specific shielding area; determining a target obstacle avoidance direction according to the relative motion vector; determining a cradle head deflection parameter based on the target obstacle avoidance direction; And controlling the camera holder to execute obstacle avoidance movement according to the holder deflection parameters.
6. 6. The method for guaranteeing functional safety and intended functions of an on-board bus as defined in claim 5, further comprising: After the camera holder is controlled to execute obstacle avoidance movement according to the holder deflection parameters or directionally clean the lens of the camera according to the blowing cleaning parameters, acquiring and processing image information; determining a camera reliability evaluation value based on processing the image information; when the reliability evaluation value of the camera reaches a preset recovery threshold, recovering the normal weight of the camera in the perception fusion algorithm; and when the reliability evaluation value of the camera does not reach a preset recovery threshold value, keeping the camera data at the lowest weight level and starting a multi-sensor data compensation mechanism.
7. 7. A functional safety and intended functional safety system for a vehicle bus, comprising: The acquisition module is used for acquiring the running state signals, the environment sensing data and the credibility evaluation value; a memory for storing a program for implementing a function safety and intended function guarantee method of an in-vehicle bus according to any one of claims 1 to 6; and the processor is used for loading and executing the programs stored in the memory.

Description

Function safety and expected function guarantee method and system for vehicle-mounted bus Technical Field The invention relates to the field of intelligent driving safety technology, in particular to a method and a system for guaranteeing functional safety and expected functions of a vehicle-mounted bus. Background The vehicle controller is a vehicle-mounted core controller integrating functions of a plurality of electronic control units of the vehicle and realizing integration of calculation, communication and control. At present, the vehicle controller generally adopts independent safety island hardware and multiple monitoring mechanisms, and can rapidly take over the control of the vehicle bottom layer when the failure of the main controller is detected, so as to realize basic safety functions such as braking, steering and the like. Meanwhile, through a multi-sensor fusion algorithm and reliability evaluation, anomalies of sensing data such as cameras, radars and the like can be identified and filtered, and the risk of misjudgment is reduced. When the system has hardware faults (such as downtime of a main computing unit) and perception anomalies (such as failure of a sensor due to environmental influence) at the same time, the functional safety mechanism and the expected functional safety mechanism lack of cooperation, so that response strategy conflict or insufficient coverage is caused, the overall safety of the system is reduced, and the improvement is needed. Disclosure of Invention In order to improve the overall safety of the system, the invention provides a functional safety and expected functional guarantee method and system of a vehicle-mounted bus. In a first aspect, the present invention provides a method for guaranteeing functional safety and expected functions of a vehicle bus, which adopts the following technical scheme: a function safety and expected function guarantee method of a vehicle-mounted bus comprises the following steps: collecting an operation state signal of a main computing unit; Performing fault diagnosis based on the running state signal to obtain a fault grade; Determining a safety response strategy according to the fault level; Collecting environment perception data and a credibility evaluation value; Performing expected functional security risk assessment by combining the environment perception data and the credibility assessment value to obtain a risk level; matching corresponding expected functional security processing strategies according to the risk level; The control security island hardware and the main computing unit cooperatively execute a security response policy and an expected functional security processing policy so as to realize double guarantee of functional security and expected functional security. By adopting the technical scheme, the synchronous monitoring and diagnosis of hardware faults and perceived risks are realized by processing the running state signals and the environment perceived data in parallel, a consistent safety response strategy and an expected functional safety processing strategy are generated based on the dynamic matching of the fault level and the risk level, and finally, a complete safety closed loop from fault processing to risk coping is formed through the cooperative execution of the safety island hardware and the main computing unit, so that the problems of response conflict and coverage blind areas caused by the isolated operation of the functional safety and the expected functional safety mechanism in the traditional scheme are effectively solved, and the system robustness and the overall safety of the vehicle controller under the complex running environment are remarkably improved. Optionally, the method for determining the fault level further comprises the following steps: obtaining abnormal characteristic parameters based on the running state signals; determining the number of abnormal features according to the abnormal feature parameters; Calculating a system health score by the number of abnormal features; determining the fault grade according to the system health grade through a preset fault grade mapping rule. By adopting the technical scheme, the system health degree scoring model based on the feature quantity is established by extracting the multidimensional abnormal feature parameters from the running state signals, and then the automatic division of the fault grade is realized by the fault grade mapping rule, so that the gradual change process of the system health state can be accurately identified, a precise decision basis is provided for the subsequent grading safety response, and the accuracy of fault diagnosis and the fault tolerance of the system are effectively improved. Optionally, the security response policy includes: when the fault level is a preset serious fault level, controlling independent safety island hardware to take over the control right of the bottom layer of the vehicle, and collecting the curren