[특허]Methods and systems for compensating for common failures in fail operational systems

Methods and systems for compensating for common failures in fail operational systems 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G01C-022/00 G05D-001/00
출원번호	US-0172906 (2014-02-05)
등록번호	US-9195232 (2015-11-24)
발명자 / 주소	Egnor, Daniel Trawick Zbrozek, Alexander Schultz, Andrew
출원인 / 주소	Google Inc.
대리인 / 주소	McDonnell Boehnen Hulbert & Berghoff LLP
인용정보	피인용 횟수 : 6 인용 특허 : 5

초록 ▼

Methods and systems for compensating for common failures in fail operational systems are described herein. An example system may include a primary controller configured to perform functions of a vehicle such as propulsion, braking and steering and a secondary controller configured in a redundant configuration with the primary controller. The controllers may perform cross-checks of each other and may each perform internal self-checks as well. Additionally, the system may include a control module configured to transfer control of the vehicle between the controllers based on detecting a fault. The control module may detect a common fault of the controllers that causes the control module to output a common fault signal. In response, the system may transfer of control to a safety controller configured to perform the vehicle functions until the system may transfer control back to the primary controller.

대표청구항 ▼

1. A system comprising: a primary controller configured to perform functions associated with control of operation of a vehicle including vehicle propulsion, braking and steering;a secondary controller configured in a redundant configuration as the primary controller, wherein the primary controller and the secondary controller are configured to operate based on execution of a first set of logic and perform cross-checks of each other;a control module configured to transfer control of operation of the vehicle between the primary controller and the secondary controller based on a detected fault at one of the primary controller and the secondary controller, wherein the control module is further configured to detect a common fault of the primary controller and the secondary controller and the control module is configured to responsively output a common fault signal;a safety controller coupled to the control module configured to operate based on execution of a second set of logic independent of operation of the primary controller and the secondary controller, and based on receiving the common fault signal the safety controller is configured to receive transfer of control of operation of the vehicle; and to perform functions associated with control of operation of the vehicle including vehicle braking. 2. The system of claim 1, wherein the common fault is based on an error in execution of the first set of logic. 3. The system of claim 1, wherein the first set of logic includes instructions for control of operation of the vehicle including vehicle propulsion, braking and steering, and the second set of logic includes instructions for control of operation of the vehicle including vehicle braking. 4. The system of claim 1, wherein the safety controller is further configured to: determine a state of operation of the vehicle; andbased on the state of operation, perform functions associated with control of operation of the vehicle including vehicle braking. 5. The system of claim 1, wherein the safety controller is further configured to: determine a state of operation of the vehicle; andbased on the state of operation, perform all functions associated with control of operation of the vehicle as were performed by the primary controller and the secondary controller. 6. The system of claim 1, further comprising a reset module configured to: reset the primary controller and the secondary controller based on detection of the common fault; andtransfer control of operation of the vehicle from the safety controller to the primary controller after reset. 7. The system of claim 1, wherein only one of the primary controller, the secondary controller, and the safety controller are set to be in control of operation of the vehicle at any given time. 8. The system of claim 1, wherein the control module is further configured to: provide a notification indicating the detected common fault; andbased on receiving an input signal, transfer control of operation of the vehicle to a human driver. 9. The system of claim 8, wherein the control module is configured to reset the primary controller and the secondary controller based on transfer of control of operation of the vehicle to the human driver. 10. The system of claim 1, wherein the vehicle is configured to operate in an autonomous manner. 11. A method comprising: providing instructions, by a primary controller, to perform functions associated with control of operation of a vehicle including vehicle propulsion, braking and steering;providing a secondary controller configured in a redundant configuration as the primary controller, wherein the primary controller and the secondary controller are configured to operate based on execution of a first set of logic and perform cross-checks of each other and to reset based on a detected fault at one of the primary controller and the secondary controller;transferring control of operation of the vehicle between the primary controller and the secondary controller based on the detected fault at one of the primary controller and the secondary controller;outputting a common fault signal based on detection of a common fault of the primary controller and the secondary controller;based on the common fault signal, transferring control of operation of the vehicle by the primary controller to a safety controller that is configured to operate based on execution of a second set of logic independent of operation of the primary controller and the secondary controller; and performing functions associated with control of operation of the vehicle at the safety controller including vehicle braking. 12. The method of claim 11, wherein transferring control of operation of the vehicle to a safety controller that is configured to perform functions associated with control of operation of the vehicle including vehicle braking comprises: transferring control of operation of the vehicle to a plurality of safety controllers, wherein a given safety controller of the plurality of safety controllers is configured to perform a respective function associated with control of operation of the vehicle. 13. The method of claim 11, further comprising: determining a state of operation of the vehicle; andbased on the state of operation, performing all functions associated with control of operation of the vehicle as were performed by the primary controller and the secondary controller. 14. The method of claim 11, wherein the common fault of the primary controller and the secondary controller causes the primary controller and the secondary controller to reset. 15. The method of claim 11, further comprising: resetting the primary controller and the secondary controller based on detection of the common fault; andtransferring control of operation of the vehicle from the safety controller to the primary controller after reset. 16. A non-transitory computer readable medium having stored therein instructions, that when executed by a computing device, cause the computing device to perform functions comprising: receiving outputs of a primary controller and a secondary controller, wherein the primary controller is configured to perform functions associated with control of operation of a vehicle including vehicle propulsion, braking and steering, and the secondary controller is configured in a redundant configuration as the primary controller, wherein the primary controller and the secondary controller are configured to operate based on execution of a first set of logic and perform cross-checks of each other;providing instructions to transfer control of operation of the vehicle between the primary controller and the secondary controller based on receiving a given output indicative of a detected fault at one of the primary controller and the secondary controller;providing instructions to transfer control of operation of the vehicle from the primary controller to a safety controller based on detection of a common fault of the primary controller and the secondary controller, wherein the safety controller is configured to operate based on execution of a second set of logic independent of operation of the primary controller and the secondary controller; and performing functions associated with control of operation of the vehicle at the safety controller including vehicle braking. 17. The non-transitory computer readable medium of claim 16, wherein the primary controller and the secondary controller are further configured to perform internal self-checks to determine whether one or both of the primary controller and the secondary controller provide outputs indicative of a detected fault. 18. The non-transitory computer readable medium of claim 16, wherein the instructions to transfer control of operation of the vehicle to a safety controller based on detection of a common fault of the primary controller and the secondary controller comprise: instructions to transfer control of operation of the vehicle to a plurality of safety controllers configured to operate in a redundant configuration.

이 특허에 인용된 특허 (5)

Bolio, Robert R.; Feller, Ross; Katrak, Kerfegar K., Methods and systems for controlling steering in a vehicle using a primary active steering functionality and a supplemental active steering functionality.
상세보기
Gudat Adam J. (Edelstein IL) Rao Prithvi N. (Pittsburgh PA) Shaffer Gary K. (Butler PA) Shi Wenfan (Pittsburgh PA) Shin Dong H. (Pittsburgh PA) Sennott James W. (Bloominton IL) Whittaker William L. (, Multi-tasked navigation system and method for an autonomous land based vehicle.
상세보기
Diekhans Norbert,DEX ; Pickert Heinz,DEX, Multiple-axle steering system for agricultural harvesting machines.
상세보기
Gudat Adam J. (Edelstein IL) Whittaker William L. (Pittsburgh PA) Kleimenhagen Karl W. (Peoria IL) Christensen Dana A. (Peoria IL) Kemner Carl A. (Peoria Heights IL) Bradbury Walter J. (Peoria IL) Ko, System and method for controlling an autonomously navigated vehicle.
상세보기
Jabe R. Luttrelll ; David Thibodeau ; Stephen Santoro, System and method for ignition spark energy optimization.
상세보기

이 특허를 인용한 특허 (6)

Fuhrman, Thomas E.; Samii, Soheil, Architecture for scalable fault tolerance in integrated fail-silent and fail-operational systems.
상세보기
Guillet, Alain; Tatham, Gilles; Brot, Patrice; Fervel, Marc; Goupil, Philippe, Device for making available navigation parameter values of a vehicle.
상세보기
She, Eric, Fail functional automated driving.
상세보기
Wang, Shige; Zeng, Shuqing; Song, Xiaofeng, High assurance lane fusion system.
상세보기
Hopsecger, Edward C.; Vazach, Joseph G., Industrial control system with integrated circuit elements partitioned for functional safety and employing watchdog timing circuits.
상세보기
Debouk, Rami I.; Baker, Stephen M.; Joyce, Jeffrey, Primary controller designation in fault tolerant systems.
상세보기

내보내기 메뉴

내보내기 구분

파일저장
인쇄
메일전송

구성항목

기본정보
상세정보

관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC

저장형식

Text(ASCII format)
Excel format
PIAS분석(.xls)

메일정보

받는사람 (필수): @
보내는사람 (선택): @
제목
내용: KISTI 검색결과 이메일 서비스

안내

총 건의 자료가 검색되었습니다.

다운받으실 자료의 인덱스를 입력하세요. (1-10,000)

검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다.

데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요)

다운로드 파일은 UTF-8 형태로 저장됩니다.
파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오.

Text(ASCII format)
Excel format

AI-Helper ※ AI-Helper는 을 사용합니다.

AI-Helper

안녕하세요, AI-Helper입니다. 좌측 "선택된 텍스트"에서 텍스트를 선택하여 요약, 번역, 용어설명을 실행하세요.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

연합인증

Methods and systems for compensating for common failures in fail operational systems 원문보기