Method for assisting in the driving of a vehicle when there is a network failure and associated system
11370460 · 2022-06-28
Assignee
Inventors
- Alban Le Chaffotec (Le Plessis Bouchard, FR)
- Laurent Legras (Jouy en Josas, FR)
- Xavier Oudin (Denney, FR)
- Barbara Cervelle (Nanterre, FR)
Cpc classification
B60W50/14
PERFORMING OPERATIONS; TRANSPORTING
B60W60/0059
PERFORMING OPERATIONS; TRANSPORTING
B60W50/082
PERFORMING OPERATIONS; TRANSPORTING
B60W2540/223
PERFORMING OPERATIONS; TRANSPORTING
B60W2540/229
PERFORMING OPERATIONS; TRANSPORTING
B60W2050/0006
PERFORMING OPERATIONS; TRANSPORTING
B60W2050/0297
PERFORMING OPERATIONS; TRANSPORTING
B60W30/16
PERFORMING OPERATIONS; TRANSPORTING
B60W60/0057
PERFORMING OPERATIONS; TRANSPORTING
B60W2050/0292
PERFORMING OPERATIONS; TRANSPORTING
B60W50/023
PERFORMING OPERATIONS; TRANSPORTING
International classification
B60W60/00
PERFORMING OPERATIONS; TRANSPORTING
B60W30/16
PERFORMING OPERATIONS; TRANSPORTING
Abstract
A method for assisting in the driving of a vehicle comprises receiving and processing data originating from an actuation module via the first network and in response to the detection of a failure in the first network, further comprising steps of: triggering a phase of manual control recovery by a driver of the vehicle, and receiving and processing the data originating from the actuation module via a second network.
Claims
1. A method for assisting in the driving of a vehicle comprising at least one assistance mode, said method being implemented by a control unit of a driver-assistance system, said control unit being connected to an actuation module comprising a plurality of actuators capable of controlling components of the vehicle via a first nominal network and a second backup network, said method comprising a step of: Receiving and processing data originating from the actuation module via the first network, said method, in response to the detection of a failure in the first network, further comprising steps of: Triggering a phase of manual control recovery by the driver of the vehicle, and Receiving and processing the data originating from the actuation module via the second network, wherein the second network is a backup network for the first network, said method, in response to the detection of a failure in the second network, further comprising steps of: Triggering a phase of manual control recovery by the driver of the vehicle, whereby, during this phase of manual control recovery, taking into account, by the control unit, data originating from the first network and does not take into account data originating from the second network.
2. The method for assisting in driving according to claim 1, wherein the detected failure is of the “babbling idiot” type, where a computer connected to the first network emits data onto the first network arbitrarily, in such a way that the functionality of the first network is disturbed or blocked.
3. The method for assisting in driving according to claim 1, wherein the actuation module comprises a plurality of actuators capable of controlling at least one of the following components of the vehicle: direction, acceleration and braking.
4. The method for assisting in driving according to claim 1, wherein the assistance mode provides control both the lateral and longitudinal movement of the vehicle.
5. The method for assisting in driving according to claim 1, wherein the duration of the manual control recovery phase is between 5 and 10 seconds.
6. The method for assisting in driving according to claim 1, wherein the first network comprises a first gateway, the actuation module being linked to the first gateway via a first link, said first gateway being linked to the control unit via a second link.
7. The method for assisting in driving according to claim 1, wherein the second network comprises a second gateway, the actuation module being linked to the second gateway via a third link, said second gateway being linked to the control the control module via a fourth link.
8. A system for assisting in the driving of a vehicle comprising at least one assistance mode, a control unit connected to an actuation module comprising a plurality of actuators capable of controlling components of the vehicle via a first nominal network and a second backup network, said system comprising: said control unit connected to the plurality of actuators by the first network and by the second network, wherein said control unit is adapted and configured for receiving and processing data originating from the actuation module via the first network, said system further comprising said control unit being adapted and configured for, in response to the detection of a failure in the first network: Triggering a phase of manual control recovery by the driver of the vehicle, wherein the control unit transmits a command to deactivate a driver-assistance mode, and Receiving and processing the data originating from the actuation module via the second network, wherein the second network is a backup network for the first network, said system further comprising said control unit being adapted and configured for, in response to the detection of a failure in the second network: Triggering a phase of manual control recovery of the vehicle by the driver, whereby, during this phase of manual control recovery, taking into account, by the control unit, data originating from the first network and does not take into account data originating from the second network.
9. A vehicle comprising the system according to claim 8.
Description
DESCRIPTION OF THE FIGURES
(1) Further features and advantages of the invention will become apparent upon examining the following detailed description and the accompanying drawings, in which:
(2)
(3)
(4)
(5) The accompanying drawings serve to complement the claimed invention, and also help in defining it.
DETAILED DESCRIPTION
(6) The vehicle implements at least one assistance mode, for example for driving in a traffic jam, providing control of both the lateral and longitudinal movement of the vehicle in heavy traffic or traffic jam situations (speed below a predetermined threshold value, for example between 50 and 70 km/h) and on divided highways, and in which the driver is not required to keep his eyes fixed on the road and can engage in other activities because the steering can be maintained for a period of a few seconds (for example between 5 and 10 sec.) before the driver recovers manual control of the vehicle.
(7) Referring to
(8) The driver surveillance module 10 comprises for example a sub-module 11 for detecting the presence of the driver's hands on the steering wheel 10 and a sub-module 12 for detecting the presence of his feet on the accelerator, brake and clutch pedals. The driver surveillance module 10 may also comprise a camera pointing toward the driver's face so as to determine his attention level and/or the direction he is looking.
(9) The driving context evaluation module 20 comprises a plurality of sensors, for example a camera that is oriented toward the front of the vehicle and that supplies data for determining the type of road being traversed (highway, fast lane or minor road) from particular characteristic parameters such as the width of the road, the marking on the road surface (color, width and spacing of the lines) and the potential presence of a barrier or median strip separating the two traffic directions. Analysis of the data provided by these sensors further makes it possible to establish the smoothness of the flow of road traffic.
(10) The module 20 further comprises a plurality of sensors measuring particular internal driving parameters such as the instantaneous speed of the vehicle and the steering angle of the steering wheel.
(11) The data collected by the two modules, the driver surveillance module 10 and driving context evaluation module 20, are channeled in real time to the control unit 30 to which the two modules are linked.
(12) The control unit 30 comprises a computer 31 and a storage module 32 comprising EEPROM or FLASH non-volatile memory and RAM.
(13) The non-volatile memory stores a process for assisting in the driving of the motor vehicle, the flow chart for which is shown in
(14) All of the information contained in this non-volatile memory can be updated by communication means or means for reading a data carrier.
(15) The control unit 30 is linked to the actuation module 40, to which it is capable of transmitting the command to activate or deactivate one of the driver-assistance modes.
(16) The actuation module 40 comprises a plurality of actuators capable of controlling particular components of the vehicle, such as the direction, acceleration, braking and the gearbox, to provide implementation of the various driver-assistance modes with which the vehicle is provided.
(17)
(18) The control unit 30 is linked to the actuation module 40 via a first network, known as the nominal network, and via a second network, known as the backup network. The control unit 30 is further linked to the driving context evaluation module 20, which comprises a plurality of sensors.
(19) Various types of networks may be used to connect the actuation module 40 to the control module. These include, by way of non-limiting example: CAN HS: standard network used by all car manufacturers. This network is formed with a pair of unshielded stranded wires, and is used primarily to transmit parameters having frequencies of up to 10 ms of 8 bytes per frame. CAN FD (for flexible data): development of the CAN HS network which makes it possible to reach data throughputs of 2 Mb/s. Flexray 10 Mb/s: this network is deterministic and can be configured redundantly so as to increase the safety level provided by the physical layer.
(20) The nominal network is used during normal operation of the vehicle. In other words, the nominal network is the network used by default if no breakdown is detected in any of the fixtures on the network. In the example, each of the actuators of the actuation module 40 is linked to the control module via a Flexray link.
(21) Advantageously, each of the actuators is linked to a first gateway 101.2 via a first link 101.1, the first gateway 101.2 being linked to the control module 30 via a second link 101.3.
(22) The backup network is used in particular when a failure in the nominal network is detected. Advantageously, the type of network used for the first network is different from that used for the second network.
(23) This feature makes it possible to avoid modes that are common to both networks. It will be recalled that in engineering a common mode (or common mode failure) refers to a plurality of failures in a system resulting from a single failure.
(24) For example, if the first network is of the Flexray type, the second network may be of the CAN or Ethernet type or even a combination of the two.
(25) Advantageously, each of the actuators is linked to a second gateway 102.2 via a third link 102.1, the gateway 102.2 being linked to the control module 30 via a fourth link 102.3.
(26) The first gateway 101.2 and second gateway 102.2 make it possible to route the data that are exchanged between the fixtures.
(27) If the first network 101 (or the second network 102) is homogeneous, then the first gateway (or the second gateway 102.2 respectively) acts as a router.
(28) By contrast, if the first network (or the second network 102) is non-homogeneous, then the first gateway 101.2 (or the second gateway 102.2 respectively) further makes it possible to convert the packets circulating on the first link 101.1 (or the third link 102.1 respectively) into packets circulating on the third link 101.3 (or the fourth link 102.3 respectively) (and vice versa).
(29) In the types of networks described above, the “babbling idiot” problem is an expression signifying that a terminal is starting to emit arbitrarily, even if a signal is already present on the network, and that it is therefore disturbing or even blocking the network.
(30) This type of problem is generally due to a failure in a network node (a computer, a gateway or any other fixtures connected to the network). This failure may be in hardware, for example a short circuit at the communications port, or in software.
(31) Advantageously, the computers of the actuation module or of the control unit continuously emit on both networks 101, 102.
(32) This feature makes it possible to switch from the first network to the second network easily and rapidly if an error is detected.
(33) Referring to
(34) This step corresponds to normal (or nominal) operation of the driving assistance system. The control module 30 and the actuation module 40 communicate via the first network 101.
(35) The method also comprises a step 301 of detecting a failure on the first network 101. As explained above, the failure is in particular a “babbling idiot” failure, for which the methods of detection are known to a person skilled in the art.
(36) In response to this detection, the method further comprises a step 302 of triggering a phase of manual control recovery of the vehicle by the driver. The duration of the phase of manual control recovery is advantageously between 5 and 10 seconds, for example 10 seconds. If redundancy is no longer being provided, the autonomous mode has to be deactivated while allowing the driver to recover manual control of the vehicle in a safe manner.
(37) The control module 30 indicates to the actuation module 40 that the second network 102 presently has to be used to transfer the data with hot redundancy.
(38) In response to this detection step 301, the method further comprises a step 304 of receiving and processing the data originating from the actuation module via the second network 102. The control module is able to take into account the data originating from the second network 102 and no longer take into account the data originating from the first network 101.
(39) Advantageously, the method for assisting in driving further comprises, in response to detection of a failure in the second network 102, a step of triggering a phase of manual control recovery by the driver of the vehicle via alert means.
(40) As indicated above, if there is a failure on the networks, the autonomous mode has to be deactivated while allowing the driver to recover manual control in a safe manner. The vehicle continues its nominal operation on the second network 102. However, the phase of manual control recovery is triggered. This leads to deactivation of the autonomous mode, either in that the customer recovers manual control or in that the vehicle is stopped on the road if the customer does not recover manual control.