Search

EP-4742042-A1 - SYSTEM AND METHOD FOR PROVIDING FUNCTIONAL SAFETY IN A SOFTWARE DEFINED VEHICLE USING SENSORS FRAMEWORK

EP4742042A1EP 4742042 A1EP4742042 A1EP 4742042A1EP-4742042-A1

Abstract

A system and method for providing functional safety in a software defined vehicle (SDV) using sensors framework is disclosed. The system includes an Emergency Controller (EC). A plurality of Zonal Controllers (ZCs), each corresponding to one of a plurality of zones of the SDV. A plurality of sets of Primary Sensors (PS), each set of PSs corresponding to one of the plurality of zones and coupled to a corresponding ZC of another zone. A plurality of sets of Tertiary Sensors (TSs), each set of TSs corresponding to one of the plurality of zones and coupled to the EC. The EC or the plurality of ZCs may be dynamically configured to receive sensor data from one of the plurality of sets of PSs, the set of SSs, or the plurality of sets of TSs based on a determination of one of a plurality of modes of the SDV.

Inventors

  • SARKAR, ARNIK
  • GHOSH, SAYANSHREE

Assignees

  • Wipro Limited

Dates

Publication Date
20260513
Application Date
20250227

Claims (12)

  1. A system for providing functional safety in a Software Defined Vehicle, SDV, using a sensor framework, comprising: an Emergency Controller ,EC; a plurality of Zonal Controllers, ZCs, each ZC corresponding to one of a plurality of zones of the SDV; a plurality of sets of Primary Sensors, PSs, each set of PSs corresponding to one zone of the plurality of zones and coupled to a corresponding ZC of that one zone; a plurality of sets of Secondary Sensors, SSs, each set of SSs corresponding to one zone of the plurality of zones and coupled to a corresponding ZC of another zone; and a plurality of sets of Tertiary Sensors, TSs, each set of TSs corresponding to one zone of the plurality of zones and coupled to the EC, wherein the EC or the plurality of ZCs are dynamically configured to receive sensor data from one of: the plurality of sets of PSs, the plurality of sets of SSs, or the plurality of sets of TSs based on a determined mode of the SDV, and wherein the determined mode is based on monitoring the plurality of sets of PSs or the plurality of sets of SSs corresponding to the plurality of zones.
  2. The system of claim 1, comprising: a Central Controller, CC, coupled to each of the plurality of ZCs and the EC, wherein one of the CC or the plurality of ZCs is configured as a Vehicle Safety Monitor, VSM, and wherein the VSM is configured to dynamically activate one of: the plurality of sets of PSs or the plurality of sets of SSs corresponding to the plurality of zones based on the monitoring.
  3. The system of claim 2, wherein each ZC of the plurality of ZCs is configured to monitor the corresponding set of PSs from the corresponding zone and the corresponding set of SSs from the other zone based on a determined plausibility score of the received sensor data.
  4. The system of any of claims 1-3, wherein the SDV is determined to be in a normal mode upon detection of each of the plurality of sets of PSs as operational based on the monitoring, and wherein in the normal mode, each of the plurality of ZCs is dynamically configured to receive the sensor data from the corresponding set of PSs from the corresponding zone.
  5. The system of any of claims 1-4, wherein the SDV is determined to be in a fault-operational mode upon detection of one of the plurality of sets of PSs as faulty based on the monitoring, and wherein in the fault-operational mode, each of the plurality of ZCs is dynamically configured to receive the sensor data from the corresponding set of SSs from the other zone.
  6. The system of any of claims 1-5, wherein the SDV is determined to be in an emergency mode upon detection of one of the plurality of sets of PSs and one of the plurality of sets of SSs as faulty based on the monitoring, and wherein in the emergency mode, the EC is dynamically configured to receive the sensor data from the plurality of sets of TSs.
  7. A method for providing functional safety in a Software Defined Vehicle, SDV) using a sensor framework, the method comprising: determining a mode of the SDV from one of a plurality of modes based on: monitoring a plurality of sets of Primary Sensors, PSs, or a plurality of sets of Secondary Sensors, SSs, corresponding to a plurality of zones of the SDV, wherein the SDV comprises: an Emergency Controller, EC, a plurality of Zonal Controllers, ZCs, each ZC corresponding to one zone of the plurality of zones of the SDV, a plurality of sets of Tertiary Sensors, TSs, wherein each set of TSs from the plurality of sets of TSs corresponds to one zone of the plurality of zones and is coupled to the EC, wherein each set of PSs from the plurality of sets of PSs corresponds to one of the plurality of zones and is coupled to a corresponding ZC of that zone, wherein each set of SSs from the plurality of sets of SSs corresponds to one of the plurality of zones and is coupled to a corresponding ZC from another zone, and dynamically receiving, by the EC or the plurality of ZCs, sensor data from one of: the plurality of sets of PSs, the plurality of sets of SSs, or the plurality of sets of TSs based on the determined mode.
  8. The method of claim 7, wherein the SDV comprises: a Central Controller, CC coupled to each of the plurality of ZCs and the EC, wherein one of the CC or the plurality of ZCs is configured as a Vehicle Safety Monitor, VSM, and wherein the monitoring comprises: dynamically activating, by the VSM, one of: the plurality of sets of PSs or the plurality of sets of SSs corresponding to the plurality of zones.
  9. The method of claim 8, comprising: determining, by each of the plurality of ZCs, a plausibility score of the received sensor data for monitoring the corresponding set of PSs from the corresponding zone and the corresponding set of SSs from the other zone.
  10. The method of any of claims 7-9, comprising: determining the mode as a normal mode upon detection of each of the plurality of sets of PSs as operational based on the monitoring; and dynamically receiving, by each of the plurality of ZCs, the sensor data from the corresponding set of PSs from the corresponding zone upon determining the normal mode.
  11. The method of any of claims 7-10, comprising: determining the mode as a fault-operational mode upon detection of one of the plurality of sets of PSs as faulty based on the monitoring; and dynamically receiving, by each of the plurality of ZCs, the sensor data from the corresponding set of SSs from the other zone upon determining the fault-operational mode.
  12. The method of any of claims 7-11, comprising: determining the mode as an emergency mode upon detection of one of the plurality of sets of PSs and one of the plurality of sets of SSs as faulty based on the monitoring; and dynamically receiving, by the EC, the sensor data from the plurality of sets of TSs upon determining the emergency mode. A non-transitory computer-readable medium storing computer-executable instructions for providing functional safety in a software defined vehicle, SDV, using a sensor framework, the computer-executable instructions, when executed by at least one processor, cause the method of any of claims 7 to 11 to be performed at the SDV.

Description

This application is a Non-Provisional Application, which claims priority to the Indian provisional patent application No. 202441087228, filed November 12, 2024, entitled "SYSTEM AND METHOD FOR ENSURING FUNCTIONAL SAFETY IN A SOFTWARE DEFINED VEHICLE." TECHNICAL FIELD This disclosure relates generally to operation of software defined vehicles, and more particularly to system and method for providing functional safety in a software defined vehicle using sensors framework. BACKGROUND In recent years, modern automobiles have become increasingly dependent on embedded electronic systems which incorporate numerous Electronic Control Units (ECUs), sensors, bus systems, and advanced technologies such as cameras, radar, and lidar. These components collectively manage various vehicle functions, from essential control systems to sophisticated features like adaptive cruise control, collision avoidance, and automated parking, etc. In modern vehicles, there can be numerous ECUs, each dedicated to specific tasks. However, with the rise of high-performance computers (HPC) in the automotive industry, this traditional architecture is evolving. Instead of being managed by a multitude of ECUs, new vehicle architectures consolidate these functionalities into a number of HPCs which leads to a significant shift towards software-defined vehicles (SDVs). Despite these advancements, providing the functional safety of SDVs presents new challenges. SDVs employ increased use of automation, connectivity, and electrification, and integrate data-center-level capabilities to support advanced features such as autonomous driving, infotainment systems, and real-time mapping, etc. The transition to software-defined architectures, where vehicle features are broken down into micro-services deployed on location-agnostic controllers, creates new points of potential failure. As vehicle functions become more dependent on complex software, the need for robust fault detection and recovery mechanisms grows significantly. Existing fail-safe systems focus primarily on fail-safe methods that ensure stopping of the vehicle in an event of a fault. However, such fail-safe methods lack a fault-operational approach that would allow continued safe operation after a fault is detected. Existing fail-safe systems for fault management in autonomous and software-defined vehicles may fall short in several critical areas. They often fail to provide sufficient redundancy across sensors and other essential components. Therefore, there is a need for an efficient methodology to provide functional safety in a software defined vehicle using sensors framework. SUMMARY OF THE INVENTION In an embodiment, a system for providing functional safety in a Software Defined Vehicle (SDV) using sensors framework. The system may include an Emergency Controller (EC). The system may further include a plurality of Zonal Controllers (ZCs), each corresponding to one of a plurality of zones of the SDV. The system may further include a plurality of sets of Primary Sensors (PSs), each set of PSs corresponding to one of the plurality of zones and coupled to a corresponding ZC of that zone. The system may further include a plurality of sets of Secondary Sensors (SSs), each set of SSs corresponding to one of the plurality of zones and coupled to a corresponding ZC of another zone. The system may further include a plurality of sets of Tertiary Sensors (TSs), each set of TSs corresponding to one of the plurality of zones and coupled to the EC. In an embodiment, the EC or the plurality of ZCs may be dynamically configured to receive sensor data from one of the plurality of sets of PSs, the plurality of sets of SSs, or the plurality of sets of TSs based on a determination of one of a plurality of modes of the SDV. In an embodiment, the one of the plurality of modes may be determined based on monitoring of the plurality of sets of PSs or the plurality of sets of SSs corresponding to the plurality of zones. In another embodiment, a method for providing functional safety in a software defined vehicle (SDV) using sensors framework is disclosed. The method may include determining one of a plurality of modes of the SDV based on monitoring of a plurality of sets of Primary Sensors (PSs) or a plurality of sets of Secondary Sensors (SSs) corresponding to a plurality of zones of the SDV. In an embodiment, the SDV may include an Emergency Controller (EC). The SDV may further include a plurality of Zonal Controllers (ZCs), each corresponding to one of the plurality of zones of the SDV. The SDV may further include a plurality of sets of Tertiary Sensors (TSs). In an embodiment, each set of TSs from the plurality of TSs corresponds to one of the plurality of zones and may be coupled to the EC. In an embodiment, each set of PSs from the plurality of sets of PSs may correspond to one of the plurality of zones and may be coupled to corresponding ZC of that zone. In an embodiment, each set of SSs from the plurality of s