The invention relates to a control system for a vehicle having a plurality of signal processing levels and actuators, in particular for brake, steering, engine and gearbox, for converting actuation signals, and to a method for controlling a vehicle.
Control systems of the generic type for vehicles are also referred to as drive-by-wire systems or x-by-wire systems. In such systems, the steering, brake and drive of a vehicle are controlled electronically without a continuous mechanical connection between the steering wheel and the steered wheels or without a continuous mechanical or hydraulic connection between the brake pedal and the service brake for the wheels.
The German laid-open application DE 41 11 023 A1 discloses a control system for a vehicle which is constructed in hierarchy levels run through in a predefined sequence during the processing of signals. The processing of signals for steering, wheel drive and chassis is carried out separately as a result the signal processing path branches in the lower hierarchy levels resulting in a complex structure of the control system. There is no provision for a safety system which allows for the possible failure of components.
In the vehicle control system described in German patent DE 40 39 005 C2, in order to ensure the operational capability of the system there is provision that, in addition to a connection of an operator control element to a central control unit and to an actuator with a subcontroller via a databus, there is an additional, direct connection between the operator control element and the actuator with the subcontroller. Thus, there are two differently structured cabling arrangements of the system present at the same time.
The European laid-open application EP 0 754 611 A1 discloses a braking and steering system for a vehicle in which an attempt is made to ensure operational reliability with fault tolerance and redundancy devices when components fail. Fault tolerance is the term used to describe the capability of a system to fulfil its specific function even with a limited number of faulty subsystems. Redundancy is the term used to refer to the presence of more means than are necessary for the execution of the envisaged tasks per se.
The invention provides a safe and reliable control system with a comparatively simple structure, and a reliable and safe method for controlling a vehicle.
According to the invention, a control system for a vehicle is provided with a plurality of signal processing levels and actuators, in particular for brake, steering, engine and gearbox, for converting actuation signals, in which the following signal processing levels are provided: an input level with devices for inputting continuous stipulations of a driver and for converting the stipulations into setpoint value signals, or an input level with devices for inputting discrete stipulations of a driving system and an automation level with first signal processing modules for converting the stipulations of the input level into setpoint value signals; a predictive level with second signal processing modules for correcting the setpoint value signals with reference to a prediction of driving states and/or a reactive level with third signal processing modules for correcting the setpoint value signals with reference to current driving states; a coordination level with fourth signal processing modules for converting the setpoint value signals into actuation signals; and an execution level with the actuators for converting the actuation signals, the actuators being connected by means of a fault-tolerant, redundant and bidirectional databus, the first, second, third and/or fourth signal processing modules being configured for redundant signal processing and devices for fault-tolerant, redundant and bidirectional transmission of data being provided between two successive signal processing levels.
As a result of these features, a control system with a simple, modular structure is provided, in which individual signal processing levels, for example the predictive level, can be omitted if their functionality is not required without sacrificing the underlying structure of the control system. As a result, in comparison to previous control systems, an extremely flexible control system is provided. The provision of a coordination level for converting the setpoint value signals into actuation signals provides a defined interface whereby the levels in which the original stipulations are processed are decoupled from the levels in which the processed stipulations are executed. Such a defined interface simplifies the structure and makes changes and expansions of the control system considerably easier. Moreover, a high degree of protection against failure of the control system is provided by redundant signal processing and fault-tolerant and redundant transmission of data. The bidirectional processing of data between successive signal processing levels, i.e. also between the actuators and the coordination level, permits setpoint value signals to be transmitted and actual value signals and diagnostic value signals to be fed back.
According to one aspect of the invention, the reactive level is arranged between the coordination level and the execution level. As a result, the actuation signals for the actuators are corrected with reference to current driving states. This can be advantageous for a rapid reaction to critical driving states because the actuation signals for the actuators are corrected immediately.
At least one actuator is advantageously directly assigned a reactive signal processing module for reacting to critical, current driving states. This embodiment of the invention is also advantageous in terms of a rapid reaction to critical driving states. For example, an anti-lock brake system can thus be assigned directly to the wheel brake.
In another aspect devices are provided for supplying power for all the signal processing levels to be embodied redundantly. This measure contributes to a considerably increased protection of the control system against failure.
It is also advantageous for the bidirectional transmission of data to be embodied as optical waveguides. Optical waveguides permit a high-speed transmission of data which is comparatively independent of external disruptive influences.
In a further development of the invention, at least two physically separate first, second, third and fourth signal processing modules for redundant signal processing are provided in each of the automation level, the predictive level, the reactive level and the coordination level. Such hardware redundancy improves the reliability of the control system.
As a further development measure software is provided in the first, second, third and fourth signal processing modules to be embodied redundantly. As a result, the reliability of the control system is improved further.
The invention also proposes a method for controlling a vehicle, in particular its brake, steering, engine and gearbox, which has the following steps: inputting of continuous stipulations of a driver or discrete stipulations of a driving system and conversion of the stipulations into setpoint value signals; correction of the setpoint value signals with reference to a prediction of driving states and/or correction of the setpoint value signals with reference to current driving states; conversion of the setpoint value signals into actuation signals and execution of the actuation signals by actuators, the actuation signals being transmitted to the actuators, and actual value signals and diagnostic signals being transmitted by the actuators via a databus in a fault-tolerant and redundant fashion, the conversion of the stipulations into setpoint value signals, the correction of the setpoint value signals and the conversion of the setpoint value signals into actuation signals being carried out in a redundant fashion and setpoint value signals, actual value signals and diagnostic signals being transmitted on common data lines in a fault-tolerant, redundant and bidirectional fashion.