Architecture and apparatus for advanced arbitration in embedded controls
US-2017277604-A1 · Sep 28, 2017 · US
Method of using a single controller (ECU) for a fault-tolerant/fail-operational self-driving system
US11634149B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11634149-B2 |
| Application number | US-202117532283-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 22, 2021 |
| Priority date | Jun 23, 2017 |
| Publication date | Apr 25, 2023 |
| Grant date | Apr 25, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In a self-driving autonomous vehicle, a controller architecture includes multiple processors within the same box. Each processor monitors the others and takes appropriate safe action when needed. Some processors may run dormant or low priority redundant functions that become active when another processor is detected to have failed. The processors are independently powered and independently execute redundant algorithms from sensor data processing to actuation commands using different hardware capabilities (GPUs, processing cores, different input signals, etc.). Intentional hardware and software diversity improves fault tolerance. The resulting fault-tolerant/fail-operational system meets ISO26262 ASIL-D specifications based on a single electronic controller unit platform that can be used for self-driving vehicles.
First claim
Opening claim text (preview).
What is claimed is: 1. A control system comprising: a first sensor; a second sensor; a third sensor; at least one input bus connected to the first sensor, the second sensor, and the third sensor; an electronic controller comprising a first processor, a second processor, and a third processor each coupled to the at least one input bus; wherein the first processor, the second processor, and the third processor each independently process signals from the at least one input bus to provide control signals; the first processor providing first control signals in response to a first combination of the first sensor, the second sensor, and the third sensor; the second processor providing second control signals in response to a second combination of the first sensor, the second sensor, and the third sensor different from the first combination; the third processor providing third control signals in response to a third combination of the first sensor, the second sensor, and the third sensor different from at least one of the first combination or the second combination; and an intelligent control signal arbitrator that receives the first control signals, the second control signals, and the third control signals and arbitrates between them to perform at least one control function. 2. The system of claim 1 , wherein the third processor performs a rationality check based on a primary path from the first processor and a redundant path from the second processor. 3. The system of claim 1 , wherein the first processor, the second processor, and the third processor are independently powered. 4. The system of claim 1 , wherein the first processor, the second processor, and the third processor execute different software to perform tasks in common between the first processor, the second processor, and the third processor. 5. The system of claim 1 , wherein the first processor, the second processor, and the third processor process different inputs from the at least one input bus to perform tasks in common between the first processor, the second processor, and the third processor. 6. The system of claim 1 , wherein the first processor is structured to perform a set of autonomous control functions, and the third processor is structured to perform autonomous functions additional to the set of autonomous control functions performed by the first processor and also to execute autonomous functions redundant to the set of autonomous control functions upon failure of the first processor. 7. The system of claim 1 , wherein the at least one input bus comprises first and second independent redundant input busses. 8. The system of claim 1 , wherein: the first processor and the second processor each independently execute the same task in parallel, and software code the first processor executes to perform the task is implemented differently than the code the second processor executes to perform the task. 9. The system of claim 8 , wherein the first processor and the second processor each have a first processing core and a second processing core different from the first processing core, the first processor being programmed to execute the task using the first processing core, the second processor being programmed to execute the task using the second processing core. 10. The system of claim 1 , wherein the first processor and the second processor are non-identical. 11. The system of claim 1 , wherein the first processor and the second processor each generate control outputs by redundantly executing a task, and control signals the first processor generates are different from control signals the second processor generates. 12. The system of claim 1 , wherein the first processor and the second processor generate the control signals asynchronously. 13. The system of claim 1 , wherein the second processor performs a task dormantly, and activates the dormant task upon detecting the first processor has failed. 14. The system of claim 1 , wherein the first processor and the second processor are structured to continually monitor the operation of each other to detect a failure. 15. The system of claim 1 , wherein the first processor and the second processor are independently powered. 16. The system of claim 1 , wherein the third processor monitors the operations of the first processor and the second processor and the second processor monitors the operation of the first processor and the third processor. 17. The system of claim 1 , wherein: the first processor and the second processor each independently and redundantly execute a task in parallel, wherein the first processor uses a first algorithm to perform the task and the second processor uses a second algorithm that is not identical to the first algorithm to perform the task. 18. The system of claim 1 , wherein: the first processor comprises a first processing core and a second processing core different from the first processing core, and the second processor comprises a third processing core and a fourth processing core, the third and fourth processing cores being different from the first processing core, the first processor and the second processor each independently and redundantly execute a task in parallel, and the first processor is programmed to execute the task using the first processing core, and the second processor is programmed to execute the task using the third processing core. 19. The system of claim 1 , wherein the first sensor comprises a RADAR sensor, the second sensor comprises a LIDAR sensor, and the third sensor comprises an optical sensor. 20. The system of claim 1 , wherein the first processor is connected to a first GPU providing first deep learning operations, and the second processor is connected to a second GPU providing second deep learning operations.
Assignees
Inventors
Classifications
- G06F11/2023Primary
Failover techniques · CPC title
based on mutual exchange of the output between redundant processing components · CPC title
Signal treatments, identification of variables or parameters, parameter estimation or state estimation · CPC title
Real-time · CPC title
including control of propulsion units · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11634149B2 cover?
- In a self-driving autonomous vehicle, a controller architecture includes multiple processors within the same box. Each processor monitors the others and takes appropriate safe action when needed. Some processors may run dormant or low priority redundant functions that become active when another processor is detected to have failed. The processors are independently powered and independently exec…
- Who is the assignee on this patent?
- Nvidia Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F11/2023. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 25 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).