典型主动容错车辆控制系统架构

2018-10-22 22:22:03·  来源:洞云书屋  
 
(注:本文是译文,original author:Daniel Wanner)A typical active FTC structure (Figure 1) includes:一个典型的主动FTC结构包括:easy reconfigurable con

(注:本文是译文,original author: Daniel Wanner)

A typical active FTC structure (Figure 1) includes: 一个典型的主动FTC结构包括:

  • easy reconfigurable controller,
  • a highly sensitive, but robust fault detection and diagnosis scheme,
  • reconfiguration mechanism that ultimately achieves the pre-fault performance,
  • a reference governor.
  • 易于重构控制器
  • 一个高度敏感但鲁棒的故障检测和诊断方案,
  • 重新配置机制,最终实现故障前的性能

One critical issue is the limited amount of time for FDD and control system reconfiguration. From that, the two main design objectives can be derived. First of all, a precise FDD scheme shall be provided, which delivers information about a fault (time, type and magnitude) and the post-fault model. Secondly, the compensation of the fault-induced changes within new reconfigured control scheme shall be designed, so that the stability and acceptable closed-loop system performance can be maintained. Therefore the parameters of the controllers and, what is even more important, the structure of the new controllers (in terms of order, numbers and types) might have changed.

一个关键的问题是FDD和控制系统重新配置的时间有限。由此,可以导出两个主要的设计目标。首先,提供一个精确的FDD方案,它提供关于故障(时间、类型和大小)和故障后模型的信息。其次,对新配置控制方案中的故障引起的变化进行补偿,使系统的稳定性和可接受的闭环系统性能得以维持。因此,控制器的参数,甚至更重要的是,新控制器的结构(按顺序、数量和类型)可能发生了变化。

Other than that, the FTC strategies are often derived from other domains. Recently more attention is brought to it through by-wire vehicles. A hybrid active FTC approach is presented by [65]. Dynamical systems often consist of a continuous and a discrete time process, where these two are connected with logical or decision-making processes, are called hybrid systems. Different hybrid systems are presented and analysed in simulation and tested in a prototype vehicle. A combination of the linear quadratic control method and the control Lyapunov function technique are applied. Four different failure modes are analysed; complete break-down of a wheel torque controller, deterioration of wheel torque controller gain, complete break-down of a steering controller and deterioration of steering controller gain.

除此之外,FTC策略经常来自其他领域。近年来,越来越多的关注有线车辆。提出了一种混合主动FTC方法。动态系统通常由连续的和离散的过程组成,其中两个过程与逻辑或决策过程相联系,称为混合系统。不同的混合动力系统在仿真中被提出和分析,并在原型车辆中进行测试。将线性二次型控制方法与控制李雅普诺夫函数法相结合。分析了四种不同的失效模式:车轮扭矩控制器的完全分解、车轮扭矩控制器增益的降级、转向控制器的完全分解和转向控制器增益的降级。

Fault detection and diagnosis

故障检测与诊断

A fault-tolerant control structure incorporates a fault detection and diagnosis system. The fault detection shall make a decision whether a fault has occurred or not. This objective is achieved by different types of methods that can be classified into analytical and heuristic symptom generation. The first is based on quantifiable information like measured process parameters (e.g. limit value checking and signal analysis of direct, measure-able signals as well as process analysis by using mathematical process models), while the latter are based on qualitative information such as statistical data gained from experience (former faults, repairs, wear, load measures, etc.). Fault diagnosis consists of the fault isolation and fault identification and determines the type, size and location of a fault, as well as its time of detection [11, 71]. In order to process the detected fault two kinds of fault diagnosis and evaluation methods can be used. The heuristic classification methods include statistical and geometrical methods, neural networks or fuzzy logic. The second type is inference methods based on explicit conditions and conclusions, e.g. fault-tree analysis.

容错控制结构结合了故障检测和诊断系统。故障检测应判定是否发生故障。这一目标是通过不同类型的方法,可分为分析和启发式症状生成。第一种是基于可量化的信息,如测量的过程参数(例如,极限值检查和信号分析,可测量的信号,以及过程分析,数学过程模型),而后者是基于定性信息,如统计。从经验获得的数据(以前的故障、修理、磨损、负载措施等)。故障诊断包括故障隔离和故障识别,确定故障的类型、大小和位置,以及故障的检测时间。为了对检测到的故障进行处理,可以采用两种故障诊断和评估方法。启发式分类方法包括统计和几何方法、神经网络或模糊逻辑。第二类是基于前述条件和结论的推理方法,例如故障树分析。

Automotive network systems

汽车网络系统

The shift towards integrated control leads to new requirements for the control architecture in order to cope with the changed complexity. Besides smart actuators, smart sensors and fault-tolerant control, the communication architecture has also to be dependable to achieve a fault-tolerant over-all system.

向集成控制的转变导致对控制体系结构的新要求,以应对变化的复杂性。除了智能执行器、智能传感器和容错控制之外,通信体系结构也可以是可靠的,以实现对所有系统的容错。

Control architecture

控制体系结构

The fault cycle and vehicle control are embedded in the vehicle control architecture. The structure of this architecture has evolved from a decentralized coexistent control, where each function is controlled independently from each other, to a centralized supervisory control, where all function are managed from one master controller and assigned to the appropriate subsystem.

故障周期和车辆控制被嵌入到车辆控制体系结构中。这种体系结构已经从分散的共存控制演变而来,其中每个功能彼此独立地控制,到集中监控,其中所有功能由一个主控制器管理并分配给适当的子系统。

Communication architecture

通信体系结构

On the physical and data link layer depend-able communication systems have to be provided in real-time. Their dependability includes deterministic and time-triggered behaviour, support for distributed control, fault-tolerant services and fast data transfer [75]. The event-triggered CAN protocol does not fulfil these requirements. Protocols with time-triggered behaviour and a global synchronized time are implemented instead. Messages describing the cur-rent state (e.g. ”brake pressure 50%”) instead of an event (e.g. ”deceleration started”) and the time slot allocation, which results in less time delays at fluctuating load conditions, enables an exact prediction of the time delay of each state message [75–77]. Communication protocols for fault-tolerant systems are designed according to the fault hypothesis, which have certain requirements describing number, type and arrival rate of tolerated faults [78]. A methodology for the development and analysis of time-triggered sys-tems is established for existing software development process of the automotive industry [79].

在物理链路和数据链路层上,必须实时地提供可依赖的通信系统。它们的可靠性包括确定性和时间触发行为、支持分布式控制、容错服务和快速数据传输。事件触发CAN协议不满足这些要求。相反,具有时间触发行为和全局同步时间的协议被实现。描述电流状态的消息(例如“制动压力50%”)而不是事件(例如“减速启动”)和时隙分配,这导致波动负载条件下的时间延迟减少,使得能够准确预测每个状态消息的时间延迟。容错系统的通信协议是根据故障假设来设计的,它对容忍故障的数量、类型和到达率有一定的要求。针对汽车行业现有软件开发过程,建立了时间触发系统的开发与分析方法。

TTCAN

 

The Time-Triggered CAN protocol is essentially built upon the event-triggered CAN structure with the difference that all data is sent within a time-triggered system matrix. A redundant time master ensures the deterministic behavior [80, 81]. The system matrix consists of several basic cycles that can have different amounts of deterministic and non-deterministic windows. TTCAN supports no dependability services, but implementation as middleware is possible [81]. Different TTCAN buses can be synchronized to achieve fault-tolerant TTCAN networks [82]. Transfer rates are limited to the typical CAN bandwidth of 1 Mbit/s.

时间触发CAN协议本质上是建立在事件触发的CAN结构上,不同的是,所有数据都是在时间触发的系统矩阵内发送的。冗余时间主机确保确定性行为。系统矩阵由数个基本循环组成,可具有不同数量的确定性和非确定性窗口。TTCAN不支持可靠性服务,但可以作为中间件。不同的TTCAN总线可以同步以实现容错TTCAN网络。传输速率仅限于1兆比特/秒的典型CAN带宽。

TTP/C

The Time Triggered Protocol (TTP/C) is a pure time-triggered protocol. Safety is its main objective, thus strict deterministic sequential order leads to a low flexibility. Redundancy on two channels is given. Dependability services such as bus guardian, the group membership algorithm, clique avoidance algorithm and the support for mode changes are available directly in the protocol without the need of middleware [75, 80, 83]. The fault hypothesis for TTP/C is well defined and restrictive as faults have to arrive at least two rounds apart. Outside the fault hypothesis the recovery strategy is well defined with a ”never gives up” strategy as well [78, 80]. A degraded mode is then activated for keeping the system operational.

时间触发协议(TTP/C)是一种纯时间触发协议。安全是其主要目标,因此严格的确定性顺序导致了低灵活性。给出了两个通道的冗余度。可靠的服务,如总线监护,组成员算法,团避免算法和模式改变的支持,可直接在协议中不需要中间件。TTP/C的故障假设是明确的和限制性的,因为故障必须至少到达两个回合。在故障假设之外,恢复策略被明确定义为“永不放弃”策略。然后激活降级模式以保持系统运行。

Middleware

中间件

Dependability services for x-by-wire applications are achieved by middleware, a software layer located above the platform. The automotive industry has developed a modularized architecture called AUTOSAR (AUTomotive Open Sys-tem Architecture) [86]. This standardized and open software architecture enables an easy integration and update of new software and hard-ware modules into an existing structure. Hence prospective safety requirements for vehicles can be met, so that a high E/E system reliability is given.

X -线控应用的可靠性服务是通过中间件,一个位于平台之上的软件层来实现的。汽车工业已经开发了一种模块化的体系结构,称为AutoSar(汽车开放系统体系结构)。这种标准化和开放的软件体系结构使新软件和硬件模块易于集成和更新成现有结构。因此,可以满足对车辆的预期安全要求,从而给出了高的E/E系统可靠性。

分享到:
 
反对 0 举报 0 收藏 0 评论 0
沪ICP备11026917号-25