Driver brake intention perception system and control method supporting fail-operational

Abstract

The present application relates to the technical field of brake system, in particular to a driver brake intention sensing system and control method supporting failure operation. The method is as follows: S1, the second road driver brake demand percentage is calculated according to the pedal hydraulic pressure signal by the competition mechanism, and the first road driver brake demand percentage is calculated according to the pedal stroke signal by the pedal stroke driving software, and then the two are compared; S2, when the gap between the two is greater than a certain threshold, the third road driver brake demand percentage is calculated according to the pedal force signal by the pedal force driving software to arbitrate; S3, the closer one between the first road and the second road to the third road is taken together with the third road to average, and then the average is taken as the final driver brake torque demand to be output. Compared with the prior art, when a single point failure occurs in the electronic and electrical system related to the brake pedal, the vehicle can continue to support the failure operation while maintaining the functional safety level, thereby improving the robustness of the brake system and the normal operation period.

Description

Technical Field

[0001] This invention relates to the field of braking system technology, and more specifically to a driver braking intention perception system and control method that supports failure operation. Background Technology

[0002] With the widespread adoption of brake-by-wire systems, the gradual decoupling of the brake pedal, and the introduction of the concept of expected functional safety, the safety status of driver pedal intention recognition systems has been upgraded from traditional fail-safe to fail-operation.

[0003] Traditional braking systems only have one controller, which calculates and controls all signals. When the brake pedal or controller fails, it directly leads to the paralysis of the entire vehicle, posing a safety hazard. Summary of the Invention

[0004] To overcome the shortcomings of the prior art, this invention provides a driver braking intention perception system and control method that supports failure operation. When a single point of failure occurs in the electronic and electrical system related to the brake pedal, the vehicle can continue to support failure operation while maintaining the functional safety level, thereby improving the robustness and normal operation cycle of the braking system.

[0005] To achieve the above objectives, a driver braking intention perception system supporting failure operation is designed, including a pedal simulator, a control unit, a communication bus, and wheel-side execution units. The control unit includes a central controller main unit and a central controller sub unit. Four wheel-side execution units are provided. The central controller main unit, the central controller sub unit, and the four wheel-side execution units are connected via a communication bus. The system is characterized by:

[0006] The pedal simulator is equipped with a pedal travel sensor, a pedal hydraulic pressure sensor, and a pedal force sensor.

[0007] The central controller main unit is equipped with central controller main unit software, which integrates pedal travel drive software. The pedal travel drive software calculates the first driver braking demand percentage based on the pedal travel signal and sends it to two redundant communication buses.

[0008] The central controller sub-unit is equipped with central controller sub-unit software, which integrates pedal hydraulic pressure drive software. The pedal hydraulic pressure drive software calculates the second driver braking demand percentage based on the pedal hydraulic pressure signal and sends it to the two redundant communication buses.

[0009] The four wheel-side actuators are equipped with wheel-side control unit software. Each wheel-side control unit software integrates pedal force drive software. The pedal force drive software calculates the percentage of the third driver's braking demand based on the pedal force signal and sends it to the two redundant communication buses.

[0010] The central controller main unit software also integrates a monitoring program, which includes a contention mechanism.

[0011] The pedal travel sensor is powered by the central controller main unit, and the signal from the pedal travel sensor is connected to the central controller main unit.

[0012] The pedal hydraulic pressure sensor is powered by the central controller sub-unit, and the signal from the pedal hydraulic pressure sensor is connected to the central controller sub-unit.

[0013] The pedal force sensor is powered by any one of the wheel-side control units, and the signal from the pedal force sensor is connected to that wheel-side control unit.

[0014] A control method for a driver braking intention perception system that supports failure operation, characterized in that: the specific method is as follows:

[0015] S1, the competition mechanism in the monitoring program compares the percentage of the second driver's braking demand calculated by the pedal hydraulic pressure drive software on the communication bus based on the pedal hydraulic pressure signal with the percentage of the first driver's braking demand calculated by the pedal travel drive software based on the pedal travel signal.

[0016] S2, when the difference between the two paths exceeds a certain threshold, the pedal force drive software calculates the percentage of the driver's braking demand in the third path based on the pedal force signal for arbitration.

[0017] S3, the one that is closest to the third path among the first and second paths, is averaged together with the third path and used as the final output to meet the driver's braking torque requirement.

[0018] The threshold is 20%.

[0019] When the central controller master unit receives a signal from the communication bus and it is functioning normally, it uses the current signal; when the central controller master unit fails to receive a signal from the communication bus, it switches to the central controller slave unit to receive the signal from the communication bus and reports a fault.

[0020] Compared with the prior art, the present invention provides a driver braking intention perception system and control method that supports failure operation. When a single point of failure occurs in the electronic and electrical system related to the brake pedal, the vehicle can continue to support failure operation while maintaining the functional safety level, thereby improving the robustness and normal operation cycle of the braking system. Attached Figure Description

[0021] Figure 1 This is a system connection diagram of the present invention.

[0022] Figure 2 This is a schematic diagram of the processing flow and monitoring program of the present invention. Detailed Implementation

[0023] The present invention will now be further described with reference to the accompanying drawings.

[0024] like Figure 1 As shown, the control unit includes a central controller main unit and a central controller sub-unit. There are four wheel-side execution units. The central controller main unit, the central controller sub-unit, and the four wheel-side execution units are connected through a communication bus. The pedal simulator is equipped with a pedal stroke sensor, a pedal hydraulic pressure sensor, and a pedal force sensor. The central controller main unit contains central controller main unit software, which integrates pedal travel drive software. This software calculates the first driver braking demand percentage (0% when the pedal is not pressed, 99% when the pedal is fully depressed) based on the pedal travel signal and sends it to two redundant communication buses. The central controller sub-unit contains central controller sub-unit software, which integrates pedal hydraulic pressure drive software. This software calculates the second driver braking demand percentage (0% when the pedal is not pressed, 99% when the pedal is fully depressed) based on the pedal hydraulic pressure signal and sends it to two redundant communication buses. Each of the four wheel-side actuator units contains wheel-side control unit software. Each wheel-side control unit integrates pedal force drive software, which calculates the third driver braking demand percentage (0% when the pedal is not pressed, 99% when the pedal is fully depressed) based on the pedal force signal and sends it to two redundant communication buses. The central controller main unit software also integrates a monitoring program with a contention mechanism.

[0025] The three types of sensors are physically and electromagnetically isolated, and the electrical components are independent of each other (including the power supply to the sensors). Therefore, each sensor is connected to the main unit of the central controller, the sub-unit of the central controller, and one of the wheel-side control execution units. The controllers also share sensor information with each other through the vehicle communication bus.

[0026] Each sensor has 4 pins: W is the pedal wake-up controller pin (optional), V is the sensor power supply pin, S is the sensor signal output pin, and G is the power ground pin.

[0027] The connection between the three pedal sensors and the three control units is not fixed; they can be swapped after updating the corresponding drivers.

[0028] The pedal travel sensor is powered by the central controller main unit, and the signal from the pedal travel sensor is connected to the central controller main unit; the pedal hydraulic pressure sensor is powered by the central controller sub-unit, and the signal from the pedal hydraulic pressure sensor is connected to the central controller sub-unit; the pedal force sensor is powered by any wheel-side control unit, and the signal from the pedal force sensor is connected to that wheel-side control unit.

[0029] like Figure 2 As shown, the specific method of the present invention is as follows:

[0030] S1, the competition mechanism in the monitoring program compares the percentage of the second driver's braking demand calculated by the pedal hydraulic pressure drive software on the communication bus based on the pedal hydraulic pressure signal with the percentage of the first driver's braking demand calculated by the pedal travel drive software based on the pedal travel signal.

[0031] S2, when the difference between the two paths exceeds a certain threshold (20%), the pedal force drive software calculates the percentage of the driver's braking demand in the third path based on the pedal force signal for arbitration.

[0032] S3, the one that is closest to the third path among the first and second paths, is averaged together with the third path and used as the final output to meet the driver's braking torque requirement.

[0033] Initial compensation and zero-position self-learning of control layer signals are both obtained by superimposing offset values ​​on the original zero-position values; single-channel diagnostics of sensor signals are divided into four categories of fault diagnosis: physical layer, data link layer, sensor application layer, and vehicle application layer; redundancy check: compare the difference between the driver's first-path braking torque demand and the second-path braking torque demand calculated from the pedal travel and pedal hydraulic pressure sensors, respectively; competition mechanism: when the redundancy check results show a large difference, the third-path driver braking torque demand calculated from the pedal force sensor is introduced for arbitration, thereby continuing the execution of the expected braking function.

[0034] The initial compensation offset is first determined by testing the brake pedal sensor at several characteristic midpoints during its travel using external high-precision equipment, comparing the error between these errors and the sensor's original output value. These errors are then written into the controller as calibration parameters. Finally, when the brake pedal sensor is running normally, the controller looks up the calibrated linear interpolation table based on the real-time original sensor output value to obtain the signal compensation value.

[0035] Zero-position self-learning is divided into two parts: slow learning of long-term offset terms and fast learning of short-term offset terms. Long-term zero-position offset terms refer to the offset caused by wear during the service life of the sensor unit. It is learned in small steps, sometimes even several ignition cycles, to learn the smallest step, with each small step learning 0.1%. Fast learning of short-term zero-position offset terms is to compensate for dynamic offset caused by pedal movement (e.g., faster release may result in more negative offset due to slower pedal release). It can learn the complete offset after each brake release.

[0036] Sensor signal physical layer diagnostics include communication timeout faults and sensor uncalibrated faults; sensor signal data link layer diagnostics include data length inconsistency faults, excessively large synchronization pulse faults, excessively large or small clock cycle faults, CRC check faults, etc.; sensor signal communication application layer diagnostics include data range exceeding threshold faults, verification channel error, channel flag bit error, slow channel serial data error, etc.; sensor signal vehicle application layer diagnostics include unreasonable numerical stepping faults, sensor offline detection faults, sensor offset self-learning faults, etc.

[0037] The central control master unit and the slave unit will operate simultaneously, sending "system assembly status" signals to the bus to achieve hot redundancy backup in case of failure. Under normal circumstances, other controllers receive the "system assembly status" signal from the central controller and respond to the master unit. In case of failure, other controllers receive the "system assembly status" signal from the central controller and respond abnormally, or even fail to receive the "system assembly status" signal from the master unit within the fault tolerance time interval, and then switch to responding to the slave unit.

Claims

1. A driver braking intention perception system supporting failure operation, comprising a pedal simulator, a control unit, a communication bus, and wheel-side execution units, wherein the control unit includes a central controller main unit and a central controller sub unit, and four wheel-side execution units are provided, the central controller main unit, the central controller sub unit, and the four wheel-side execution units are connected via a communication bus, characterized in that: The pedal simulator is equipped with a pedal travel sensor, a pedal hydraulic pressure sensor, and a pedal force sensor. The central controller main unit is equipped with central controller main unit software, which integrates pedal travel drive software. The pedal travel drive software calculates the first driver braking demand percentage based on the pedal travel signal and sends it to two redundant communication buses. The central controller sub-unit is equipped with central controller sub-unit software, which integrates pedal hydraulic pressure drive software. The pedal hydraulic pressure drive software calculates the second driver braking demand percentage based on the pedal hydraulic pressure signal and sends it to the two redundant communication buses. The four wheel-side actuators are equipped with wheel-side control unit software. Each wheel-side control unit software integrates pedal force drive software. The pedal force drive software calculates the percentage of the third driver's braking demand based on the pedal force signal and sends it to the two redundant communication buses. The central controller main unit software also integrates a monitoring program, which includes a contention mechanism.

2. The driver braking intention perception system supporting failure operation according to claim 1, characterized in that: The pedal travel sensor is powered by the central controller main unit, and the signal from the pedal travel sensor is connected to the central controller main unit.

3. The driver braking intention perception system supporting failure operation according to claim 1, characterized in that: The pedal hydraulic pressure sensor is powered by the central controller sub-unit, and the signal from the pedal hydraulic pressure sensor is connected to the central controller sub-unit.

4. A driver braking intention perception system supporting failure operation according to claim 1, characterized in that: The pedal force sensor is powered by any one of the wheel-side control units, and the signal from the pedal force sensor is connected to that wheel-side control unit.

5. A control method for a driver braking intention perception system supporting failure operation according to any one of claims 1 to 4, characterized in that: The specific method is as follows: S1, the competition mechanism in the monitoring program compares the percentage of the second driver's braking demand calculated by the pedal hydraulic pressure drive software on the communication bus based on the pedal hydraulic pressure signal with the percentage of the first driver's braking demand calculated by the pedal travel drive software based on the pedal travel signal. S2, when the difference between the two paths exceeds a certain threshold, the pedal force drive software calculates the percentage of the driver's braking demand in the third path based on the pedal force signal for arbitration. S3, the one that is closest to the third path among the first and second paths, is averaged together with the third path and used as the final output to meet the driver's braking torque requirement.

6. The driver braking intention perception system and control method supporting failure operation according to claim 5, characterized in that: The threshold is 20%.

7. The driver braking intention perception system and control method supporting failure operation according to claim 5, characterized in that: When the central controller master unit receives a signal from the communication bus and it is functioning normally, it uses the current signal; when the central controller master unit fails to receive a signal from the communication bus, it switches to the central controller slave unit to receive the signal from the communication bus and reports a fault.

Images