METHOD FOR PROCESSING DATA FOR A DRIVING FUNCTION OF A VEHICLE

Abstract

A method for processing data for a driving function of a vehicle is described, a predefined quantity of computation units being provided; the computation units supplying data, in particular redundant data, to a decision unit; the decision unit deciding, based on a comparison of the data delivered by the computation units, whether the data are correct; a synchronization unit being provided; the synchronization unit synchronizing the computation units in such a way that the computation units deliver the data to the decision unit in a specified time period; and the synchronization unit informing the decision unit as to when the data are transmitted by the computation units, so that the decision unit can specify which data of the computation units are used for a check of the data.

Claims

1-15. (canceled)

16. A method for processing data for a driving function of a vehicle, using a predefine quantity of computation units being provided, the method comprising: supplying, by the computation units, redundant data, to a decision unit; deciding, by the decision unit, based on a comparison of the data delivered by the computation units, whether the data are correct; synchronizing, by a synchronization unit, the computation units in such a way that the computation units deliver the data to the decision unit in a specified time period; and informing the decision unit, by the synchronization unit, as to when the data are transmitted by the computation units, so that the decision unit can specify which data of the computation units are used for a check of the data.

17. The method as recited in claim 16, wherein the synchronization unit conveys synchronization signals to the computation units and to the decision unit.

18. The method as recited in claim 17, wherein at least one of: i) electrical signals being transferred via a signal lead as the synchronization signals, and ii) data signals being transferred via a data interface as the synchronization signals.

19. The method as recited in claim 17, wherein the synchronization unit is connected to each of the computation units via a respective signal line or data interface.

20. The method as recited in claim 17, wherein the synchronization unit is connected to each of the computation units at least one of: i) via several signal leads, and ii) via several data interfaces.

21. The method as recited in claim 16, further comprising: starting, by the synchronization unit, processing of a task in the computation units.

22. The method as recited in claim 16, further comprising: conveying to the computation units and to the decision unit, by the synchronization unit, a number of a current synchronization cycle.

23. The method as recited in claim 16, further comprising: conveying, by the computation units conveying to the synchronization unit via a reply interface, information as to which input data are received in what sequence.

24. The method as recited in claim 23, wherein the reply interface is configured at least one of: i) in the form of interfaces, ii) in the form of bidirectional interfaces, iii) as multi-master-capable bus interfaces, and iv) in the form of unidirectional interfaces.

25. The method as recited in claim 16, further comprising: informing the calculation units, by the synchronization unit via a control interface, as to which of received input data are processed in a subsequent task, the synchronization unit specifying at at least one of a sequence of tasks and a beginning of the respective task.

26. The method as recited in claim 25, wherein the computation units convey checksums of the input data to the synchronization unit via the reply interface.

27. The method as recited in claim 26, wherein at least one of: i) the input data are grouped into time-related blocks and the checksums each being calculated over one block, ii) a quantity of messages in which the input data are received are incorporated into the checksum, iii) the input data are equipped with a time stamp, and the time stamps being incorporated into the checksum; and iv) the input data being received from the computation units via a network interface, the input data having network checksums and the network checksums being incorporated into the checksum calculation.

28. A decision unit for processing data for a driving function of a vehicle, having at least one input for the reception of data from a predefined number of computation units, the decision unit being configured to decide, based on the delivered data of the computation units, whether the data are correct; and the decision unit having a sync input for receiving a synchronization signal of a synchronization unit, the synchronization signal indicating that the data of the computation units are delivered to the decision unit in a specified time period, so that the decision unit can specify which data of the computation units are to be used for a check.

29. A computation unit for processing data for a driving function of a vehicle, having at least one input for the reception of at least one operating parameter of the vehicle; the operating parameter being processed by the computation unit, according to a predefined method, into data and conveyed via an output to a decision unit; the computation unit having a sync input for receiving a synchronization signal of a synchronization unit; the synchronization signal indicating that the data of the computation unit are to be delivered to the decision unit in a specified time period.

30. A system for processing data for a driving function of a vehicle, comprising: at least a predefined quantity of computation units; a decision unit; and a synchronization unit, the computation units designed to supply data to a decision unit; the decision unit designed to decide, based on the delivered data, whether the data are correct and can be used for the driving function of the vehicle, the synchronization unit designed to synchronize the computation units in such a way that the computation units transmit the data to the decision unit in a specified time period;, and the synchronization unit designed to inform the decision unit as to when the data are transmitted from the computation units to the decision unit, so that the decision unit can specify which data of the computation units are used for a check.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0032] FIG. 1 shows a first embodiment of an integrated computer system.

[0033] FIG. 2 shows an embodiment for a data connection between a synchronization unit and a computation unit.

[0034] FIG. 3 shows a further embodiment for the data connection between a synchronization unit and a computation unit.

[0035] FIG. 4 shows a further embodiment of an integrated computer system.

[0036] FIG. 5 shows a further embodiment of an integrated computer system.

[0037] FIG. 6 shows a further embodiment for an integrated computer system.

[0038] FIG. 7 shows a further embodiment for an integrated computer system.

[0039] FIG. 8 shows an additional embodiment for an integrated computer system.

[0040] FIG. 9 schematically depicts execution of a task in a computation unit.

[0041] FIG. 10 schematically depicts execution of a further task in a computation unit.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS

[0042] An object of the present invention is to implement synchronization between a decision unit and several computation units in such a way that synchronicity exists between the computation units, and optionally that the input data on the computation units and the decision unit are synchronized. The results calculated from the input data are thus synchronized for comparison in the decision unit. In addition, restarting and resynchronization of individual computation units should optionally be possible. As one example embodiment, a synchronization unit is provided which performs the mutual synchronization among the computation units and the synchronization of the computation units with the decision unit. An advantage of the system described, and of the method described, is that the decision unit can decide unambiguously, based on a synchronization information item of the synchronization unit, which data can be utilized for verifying the correctness of the data of the computation units. The method additionally makes possible an increase in availability as a result of restarting (the system is completely available again after a successful restart of individual computation units recognized as faulty). The method ensures that this kind of individual restarting of individual computation units is possible.

[0043] An object of the decision unit is, for example, to check, from a predefined quantity N of data of a quantity N of computation units, whether the data conveyed from the N computation units are correct. In the simplest case the same input data are received, and the same tasks processed, by the computation units, so that the data of the computation units which are conveyed to the decision unit should be identical. If the decision unit recognizes that the data of the N computation units are identical, the data are then recognized as correct and are used for the driving function of the vehicle, in particular for an automatic driving function of the vehicle.

[0044] For a precise check of the data of the various computation units, it is advantageous if the computation units are precisely synchronized with one another and the computation units are precisely synchronized with the decision unit. In the event of discrepancies in synchronization, defective recognition of fault situations by the decision unit can occur, so that the failure rate of the computer system is increased.

[0045] FIG. 1 schematically depicts a computer system made up of a quantity N of computation units 1 that are in communication with a decision unit 2 and with a synchronization unit 3. Synchronization unit 3 is connected to decision unit 2 via a first data connection 4. In addition, each computation unit 1 is connected to decision unit 2 via a further respective data connection 9. The N computation units 1 thus supply N data, in parallel, to decision unit 2. Synchronization unit 3 furthermore conveys synchronization signals to computation units N via first data connection 4, and to decision unit 2 via second data connection 5. First and second data connection 4, 5 can also be configured in part as a common data connection or as separate data connections. Each computation unit 1 furthermore has an input 8 for the reception of input data. Computation units 1 use the input data in order to execute, in particular to calculate, predefined tasks. The results of the tasks are transferred to decision unit 2 as data via the further data connections 9. Decision unit 2 has an output 10 by way of which a data item or data recognized as correct, and/or the information that a data item is correct, is outputted. The output of decision unit 2 is used, for example, to perform a driving function of a vehicle, for example autonomous driving or steering of the vehicle.

[0046] The synchronization signals can be transferred in the form of electrical signals via electrical leads. In this embodiment the second data connections are thus configured in the form of electrical leads. Synchronization of computation units 1 and decision unit 2 is implemented, for example, by the fact that tasks of the computation units are started by way of a synchronization signal. The electrical signal can start the pertinent task processing of the computation units, for example, with the aid of a level change, for example by way of an interrupt.

[0047] In a further embodiment, the synchronization signal is transferred, for example serially, via a data interface (FIG. 3). In a further embodiment, the synchronization signals are transferred in parallel fashion via a data interface.

[0048] In a further embodiment (FIG. 2), the synchronization signal can be transferred in parallel fashion, in the form of an analog or digital signal, via several leads or data connections, each respective lead or data connection having part of the synchronization signal. Combinations of the above-described transfer methods can also be used; synchronization unit 3 can be in communication with each of the quantity N of computation units 1 via a quantity N of respective separate data connections or interfaces. Fail-safe performance is thereby enhanced (FIG. 5).

[0049] Depending on the embodiment selected, the tasks of computation units 1 can be started by synchronization unit 3.

[0050] In a further embodiment, in addition to transfer of the synchronization signal by synchronization unit 3, a number of a current synchronization cycle is conveyed to the N computation units 1 and to decision unit 2. A reset line of the computation units can be used for signaling the synchronization signal and/or for signaling the number of the current synchronization cycle. For example, upon a reset signal the number of the synchronization cycle can be set to a predetermined value, for example 0.

[0051] In a further embodiment, an additional lead can set the number of the current synchronization cycle in the N computation units and in the decision unit to a predetermined value, for example to the value 0, for example via a level change and thus via additional signaling that a setting state has been reached.

[0052] In addition, in a further embodiment the synchronization signal can be transferred in the selected data connections by way of an additional code, the code setting the number of the synchronization cycle in the N computation units and in the decision unit to a predetermined value, for example to the value 0.

[0053] In a further embodiment, the number of the synchronization cycle can be additionally transferred and can be established by synchronization unit 3.

[0054] In a further embodiment, the N computation units 1 additionally have a reply interface to synchronization unit 3 (FIGS. 6, 7). The computation units can transfer via the reply interface the information as to which input data have been received, in what time-related sequence, by the individual computation units 1. As a rule, all computation units 1 receive the same input data. Based on the information obtained via the reply interface, synchronization unit 3 can ascertain which input data have already been received on all N computation units 1.

[0055] A control interface can additionally be provided between synchronization unit 3 and the computation units (FIG. 6). The synchronization unit informs computation units 1 via the interface unit, for example, as to which of the previously received input data need to be processed in the next task or tasks. It is thereby possible to ensure that all N computation units 1 use the same input data in the pertinent tasks. Depending on the embodiment selected, the synchronization unit can specify both the sequence of the tasks and/or the beginning of the tasks and/or the input data belonging to the tasks. It is thereby possible to ensure that all N computation units are working with the same data.

[0056] Depending on the embodiment selected, the reply interface can be implemented, for example, by N separate data interfaces from the N computation units 1 to synchronization unit 3 (FIG. 2). The control interface can furthermore be configured additionally in the form of N separate data interfaces from synchronization unit 3 to the N computation units 1. Depending on the embodiment selected, the control interface and the reply interface can be implemented via one common bidirectional interface (FIG. 7). The control interface can furthermore be implemented via previously existing first data connections 4 of synchronization unit 3. In a further embodiment, the N reply interfaces can be grouped into one multi-master-capable bus interface, for example CAN, I2C, bus arbiter, and so forth (FIG. 7).

[0057] In a further embodiment, the control interface can be configured via one common one-to-N unidirectional interface, for example CAN, SPI, I2C, BUS, etc.

[0058] In a further embodiment, the multi-master-capable bus interface can be configured in the form of a specified quantity M of redundant multi-master-capable bus interfaces. Fail-safe performance is thereby enhanced.

[0059] In a further embodiment, the unidirectional interface can be configured in the form of a quantity M of redundant unidirectional interfaces. A combination of the above-described data connections can also be implemented.

[0060] In a further embodiment, unique checksums of the input data can be conveyed to synchronization unit 3 via the reply interface. The amount of data to be transferred is thereby considerably reduced. It is no longer necessary to transfer the input data themselves. The unique checksums are also conveyed via the control interface from synchronization unit 3 to the N computation units 1. The input data which are to be processed, and in which tasks, are thereby specified. The checksums must be unique for the N computation units. This can be achieved, for example, by the fact that the input data are grouped into time-related blocks, and the checksum is calculated over the entire block. In a further embodiment, message counters can be incorporated into the checksum calculation. Message counters are provided as a rule, for example, when the input data are received via the network, for example CAN, FlexRay, Ethernet, etc. In a further embodiment, a time stamp that belongs to the input data can additionally be incorporated into the checksum calculation. This time stamp must be created, if applicable, from the synchronization information or at least synchronized with it. Upon reception via a network interface, the network checksums belonging to the data can be incorporated into the checksum calculation. Combinations of the above-described methods can also be used.

[0061] FIG. 2 shows a portion of an integrated computer system in which a computation unit 1 is connected to synchronization unit 3 via M separate data connections 4 in the form of electrical leads 15. Fail-safe performance is thereby enhanced. The other computation units are likewise connected to synchronization unit 3 in the same manner.

[0062] FIG. 3 shows a portion of an integrated computer system in which synchronization unit 3 is connected to a computation unit 1 via two redundant data interfaces 16. The other computation units are likewise connected to synchronization unit 3 in the same manner. The data interface can transfer the synchronization signals, for example, serially.

[0063] FIG. 4 shows a quantity N of computation units 1, each computation unit 1 being connected to synchronization unit 3 via a separate first data connection 4. Synchronization unit 3 is connected to decision unit 2 via a second data connection 5.

[0064] FIG. 5 schematically depicts an implementation of an integrated computer system, the quantity N of computation units 1 being connected to synchronization unit 3 via a quantity M of redundant interfaces. The number M is preferably selected to be less than the quantity N, but greater than 1.

[0065] FIG. 6 schematically depicts an integrated computer system in which the quantity N of computation units 1 is connected to synchronization unit 3 via a common reply interface 6. Synchronization unit 3 is furthermore in communication with the N computation units 1 via a common control interface 7.

[0066] FIG. 7 shows a further embodiment in which each of the N computation units 1 is connected to synchronization unit 2 respectively via a reply interface 6 and a control interface 7. Reply interface 6 and control interface 7 are embodied as bidirectional interfaces.

[0067] For better clarity, the further data connections 9 between computation units 1 and decision unit 2 are not depicted in FIGS. 4 to 7. The N computation units 1 transfer the N data to decision unit 2 in parallel fashion via further data connections 9. The quantity N of computation units can be greater than the quantity 2.

[0068] FIG. 8 is a further schematic depiction of an integrated computer system having the quantity N of computation units 1 that receive input data via inputs 8. Each computation unit 1 is furthermore in communication with decision unit 2 via a further data connection 9. Synchronization unit 3 is furthermore connected to the N computation units and to decision unit 2 via the respective first and second data connection 4, 5. The N computation units 1 are also connected to synchronization unit 3 via reply interfaces 6. Synchronization unit 3 is also connected to the N computation units via control interfaces 7.

[0069] Decision unit 2 has an output 10 through which data item or data recognized as correct, and/or the information that a data item is correct, is outputted. The output of decision unit 2 is used, for example, in order to use the data of the computation units for a driving function of a vehicle, for example autonomous driving or steering of the vehicle.

[0070] FIG. 9 schematically depicts an operating mode of a computation unit 1. Computation unit 1 receives, via an input 8, input data that are loaded into an input memory 11. Depending on the embodiment selected, computation unit 1 forwards the stored input data themselves, or a checksum of the stored input data, to synchronization unit 3 via reply interface 6. Computation unit 1 furthermore receives via control interface 7 the information as to which input data need to be used for the processing of tasks 14, in particular which tasks 14.

[0071] Computation unit 1 correspondingly uses the specified input data to execute specified tasks 14 in a processing block 12. Computation unit 1 furthermore receives, via first data connection 4, a synchronization signal that specifies the start for carrying out task 14 and/or the time for conveying the result of task 14 to decision unit 2 via further data connection 9. Depending on the embodiment selected, only the point in time for transferring the result of task 14 to decision unit 2, or the starting point for carrying out task 14, can be specified by synchronization unit 3 with the aid of the synchronization signal.

[0072] FIG. 10 shows a further embodiment of a computation unit 1 that is constructed substantially in accordance with the embodiment of FIG. 9, except that in a second processing block 13 computation unit 1 ascertains a checksum from the input data stored in input memory 11, and forwards the checksum to synchronization unit 3 via reply interface 6.

[0073] The input data can be grouped into time-related blocks, and the checksum can be calculated over one respective block.

[0074] The input data can furthermore be received serially in the form of multiple messages. The messages can be counted, and the quantity of messages can be incorporated into the calculation of the checksum. The input data can moreover be provided with a time stamp. The time stamp can likewise be incorporated into the calculation of the checksum. The input data can furthermore be received from the computation units via a network interface, the input data having network checksums. The network checksums can also be incorporated into the checksum calculation.