This invention relates to fault-tolerant electronic braking systems.
In recent years, automobile manufacturers have sought to replace many expensive mechanical components with electronic components. Future automotive designs contemplate the removal of even more mechanical components, particularly in respect of control linkages to the engine, wheels, etc., replacing them with xe2x80x98by-wirexe2x80x99 technology, partially derived from the xe2x80x98fly-by-wirexe2x80x99 technology associated with the aircraft industry.
For example, the hydraulic or mechanical braking system of an automobile may be replaced by a microprocessor controlled system, having a pedal which, upon actuation by the driver, transmits electronic signals to brake actuators located in proximity to the brakes. The brake actuators apply the brakes in dependence upon the electronic signals.
In safety critical applications, such as the brake system described above, the system must be fault-tolerant, such that if a fault should occur, at least some functionality of the system will continue. Known arrangements to provide fault-tolerance include redundant systems having two or more microprocessors which operate independently of each other and cross-check each other to detect faults.
A problem with this arrangement is that the larger the number of processors, the more cost is added to the system, and the fewer the number of processors, the greater the chances of all processors in the system developing a fault.
This invention seeks to provide a fault-tolerant electronic braking system which mitigates the above mentioned disadvantages.
According to the present invention there is provided a fault-tolerant electronic braking system for a vehicle, comprising: a user operated input arranged to provide a first signal in response to operation thereof; and, at least three braking nodes coupled to the user operated input, each node being arranged to control at least one brake actuator, each node having control means arranged for processing the first signal to provide a second signal for controlling the at least one brake actuator, and to provide a plurality of third signals to the at least two other control means, the third signals being expected second signal results of the at least two other control means; wherein each control means is arranged to compare the second signal with the third signals received from the at least two other control means such that errors detected between the second and third signals indicate faults in the at least three control means.
Preferably upon detection of a fault, each control means uses a voting scheme to determine which of the second and third signals is to be used as a fourth signal to control each of the brake actuators.
Each control means is also preferably arranged to transmit the fourth signal to the at least two other control means, in order to verify whether the voting scheme has been used correctly.
The at least three brake nodes are preferably distributed in mutually remote locations the vehicle. Preferably the first signal is adapted such that it is transmitted to the at least three brake nodes in a synchronous manner.
The first signal is preferably re-transmitted by each of the control means, for further fault detection. Preferably the at least three brake nodes comprise four brake nodes, each arranged to control one of four brake actuators.
In this way a fault-tolerant electronic braking system is provided which is cost effective, with improved fault-tolerance and enhanced fault-detection.