公开(公告)号：US09740178B2

公开(公告)日：2017-08-22

申请号：US13803290

申请日：2013-03-14

Applicant: GM Global Technology Operations LLC

Inventor： Rami I. Debouk ,  Stephen M. Baker ,  Jeffrey Joyce

IPC: G05B9/02 ,  G05B9/03

CPC classification number: G05B9/02 ,  G05B9/03 ,  G05B2219/24187 ,  G05B2219/24198 ,  G05B2219/24208

Abstract: A fault tolerant controller system includes a first controller and a second controller. One of the first and second controllers designated as a primary controller for generating control signals intended to control actuation devices on a vehicle under non-fault operating conditions, and the other of the first and second controllers designated as a secondary controller generating control signals intended to control actuation devices on the vehicle. The actuation devices are responsive only to the designated primary controller. An error is detected in the primary controller and a message is transmitted from the faulty controller to the non-faulty controller identifying the error. The non-faulty controller is subsequently designated as the primary controller. The control signals including an identifier that identifies the non-faulty controller as the designated primary controller. In response to detecting the error, the faulty controller is reset to operate in a safe operating mode as the secondary controller.

公开(公告)号：US09244460B2

公开(公告)日：2016-01-26

申请号：US14144987

申请日：2013-12-31

Applicant: GM GLOBAL TECHNOLOGY OPERATIONS LLC

Inventor： Rami I. Debouk ,  Thomas E. Fuhrman ,  Stephen M. Baker ,  Kevin M. O′Dea ,  Jeffrey Joyce

IPC: B05D1/00 ,  B60W50/02 ,  B60W50/04 ,  G05D1/02 ,  G05D1/00

CPC classification number: G05D1/0055 ,  B60W50/0098 ,  B60W50/02 ,  B60W50/045 ,  B60W2050/0006 ,  G05D2201/0213

Abstract: The present disclosure relates to an automated system for use in connection with longitudinal deceleration, longitudinal acceleration, and lateral acceleration functions. The system includes an interface receiving signals from and transmitting signals to a controller. The system also includes a safety kernel system comprising safety kernel software and a set of safety rules. Also disclosed are methods for use in a motion control system in connection with vehicle deceleration, acceleration, and lateral acceleration. The methods in some cases include receiving an initial request into a safety kernel software and determining whether the safety kernel software has received an override. The methods can also include detecting a violation of any primary safeguards defined by the safety kernel software, detecting a violation within a set of secondary safeguards defined by the safety kernel software, and adjusting the initial request to a modified level; and transmitting the modified level to an actuator.

Abstract translation: 本公开涉及一种用于与纵向减速，纵向加速和横向加速功能相结合的自动化系统。 该系统包括从控制器接收信号和向控制器传输信号的接口。 该系统还包括一个包括安全内核软件和一组安全规则的安全内核系统。 还公开了用于与车辆减速，加速度和横向加速度相关的运动控制系统中的方法。 在某些情况下，方法包括将初始请求接收到安全内核软件中，并确定安全内核软件是否已经接收到覆盖。 这些方法还可以包括检测违反由安全内核软件定义的任何主要安全措施，检测由安全内核软件定义的一组次级安全措施中的冲突，并将初始请求调整到修改级别; 并将修改的电平传送到致动器。

公开(公告)号：US20150185732A1

公开(公告)日：2015-07-02

申请号：US14144987

申请日：2013-12-31

Applicant: GM GLOBAL TECHNOLOGY OPERATIONS LLC

Inventor： RAMI I. DEBOUK ,  Thomas E. Fuhrman ,  Stephen M. Baker ,  Kevin M. O'Dea ,  Jeffrey Joyce

IPC: G05D1/00 ,  B60W50/02 ,  B60W50/04 ,  G05D1/02

CPC classification number: G05D1/0055 ,  B60W50/0098 ,  B60W50/02 ,  B60W50/045 ,  B60W2050/0006 ,  G05D2201/0213

Abstract: The present disclosure relates to an automated system for use in connection with longitudinal deceleration, longitudinal acceleration, and lateral acceleration functions. The system includes an interface receiving signals from and transmitting signals to a controller. The system also includes a safety kernel system comprising safety kernel software and a set of safety rules. Also disclosed are methods for use in a motion control system in connection with vehicle deceleration, acceleration, and lateral acceleration. The methods in some cases include receiving an initial request into a safety kernel software and determining whether the safety kernel software has received an override. The methods can also include detecting a violation of any primary safeguards defined by the safety kernel software, detecting a violation within a set of secondary safeguards defined by the safety kernel software, and adjusting the initial request to a modified level; and transmitting the modified level to an actuator.

Abstract translation: 本公开涉及一种用于与纵向减速，纵向加速和横向加速功能相结合的自动化系统。 该系统包括从控制器接收信号和向控制器传输信号的接口。 该系统还包括一个包括安全内核软件和一组安全规则的安全内核系统。 还公开了用于与车辆减速，加速度和横向加速度相关的运动控制系统中的方法。 在某些情况下，方法包括将初始请求接收到安全内核软件中，并确定安全内核软件是否已经接收到覆盖。 这些方法还可以包括检测违反由安全内核软件定义的任何主要安全措施，检测由安全内核软件定义的一组次级安全措施中的冲突，并将初始请求调整到修改级别; 并将修改的电平传送到致动器。

公开(公告)号：US20140277608A1

公开(公告)日：2014-09-18

申请号：US13803290

申请日：2013-03-14

Applicant: GM GLOBAL TECHNOLOGY OPERATIONS LLC

Inventor： Rami I. Debouk ,  Stephen M. Baker ,  Jeffrey Joyce

IPC: G05B9/02

CPC classification number: G05B9/02 ,  G05B9/03 ,  G05B2219/24187 ,  G05B2219/24198 ,  G05B2219/24208

Abstract: A fault tolerant controller system includes a first controller and a second controller. One of the first and second controllers designated as a primary controller for generating control signals intended to control actuation devices on a vehicle under non-fault operating conditions, and the other of the first and second controllers designated as a secondary controller generating control signals intended to control actuation devices on the vehicle. The actuation devices are responsive only to the designated primary controller. An error is detected in the primary controller and a message is transmitted from the faulty controller to the non-faulty controller identifying the error. The non-faulty controller is subsequently designated as the primary controller. The control signals including an identifier that identifies the non-faulty controller as the designated primary controller. In response to detecting the error, the faulty controller is reset to operate in a safe operating mode as the secondary controller.

Abstract translation: 容错控制器系统包括第一控制器和第二控制器。 指定为主控制器的第一和第二控制器之一，用于产生用于在非故障操作条件下控制车辆上的致动装置的控制信号，以及指定为辅助控制器的另一控制器，其产生控制信号， 车辆上的控制致动装置。 致动装置仅响应于指定的主控制器。 在主控制器中检测到错误，并从错误的控制器将消息从错误的控制器发送到识别错误的非故障控制器。 随后将无故障控制器指定为主控制器。 控制信号包括标识无故障控制器作为指定的主控制器的标识符。 响应于检测到错误，故障控制器被复位为作为次级控制器在安全操作模式下操作。