LAYERED ARCHITECTURE SUPPORTS DISTRIBUTED FAILOVER FOR APPLICATIONS

US 20080046142A1
Filed: 06/29/2006
Published: 02/21/2008
Est. Priority Date: 06/29/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for vehicle control wherein vehicle devices are controlled by one of a plurality of computing nodes assigned to control one or more vehicle devices, with each computing node running a control application adapted to control the one or more vehicle devices based on input data from one or more input sources to effect a vehicle function, wherein the method comprises:

initiating a first control application for a vehicle function in a first computing node;

receiving in said first computing node messages containing input data from an input source;

processing said input data in said first control application to determine a control output;

sending messages containing said control output from said first control application to the appropriate vehicle devices to control the vehicle devices; and

implementing a failover measure in dependence upon a criticality of said first control application.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for distributed failover in a vehicle network, including processor load shedding to reallocate processing power to applications controlling critical vehicle functions and providing for failover in a vehicle network according to the criticality of the affected vehicle function. In embodiments of the presently disclosed vehicle control method and system, the components of the system, including sensors, actuators, and controllers, are implemented as nodes in a network or switch fabric capable of communicating with other nodes.

52 Citations

View as Search Results

20 Claims

1. A method for vehicle control wherein vehicle devices are controlled by one of a plurality of computing nodes assigned to control one or more vehicle devices, with each computing node running a control application adapted to control the one or more vehicle devices based on input data from one or more input sources to effect a vehicle function, wherein the method comprises:
- initiating a first control application for a vehicle function in a first computing node;
  
  receiving in said first computing node messages containing input data from an input source;
  
  processing said input data in said first control application to determine a control output;
  
  sending messages containing said control output from said first control application to the appropriate vehicle devices to control the vehicle devices; and
  
  implementing a failover measure in dependence upon a criticality of said first control application.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein implementing said failover measure in dependence upon said criticality of said first control application includes:
    - upon detecting failure of said first computing node, initiating a backup control application for the vehicle function in a second computing node; and
      
      thereafterredirecting messages containing input data from the input source from said first computing node to said second computing node;
      
      receiving said messages containing input data in said second computing node;
      
      processing said input data in said backup control application being run on said second computing node to determine a control output; and
      
      sending messages containing said control output from said backup control application to the appropriate vehicle devices to control the vehicle devices.
  - 3. The method of claim 2 wherein redirecting said messages containing input data from the input source from said first computing node to said second computing node includes sending messages from the input source directly addressed to said second computing node.
  - 4. The method of claim 1 wherein implementing said failover measure in dependence upon said criticality of said first control application includes:
    - initiating a backup control application for the vehicle function in a second computing node, said backup control application for concurrently processing input data identically to said first control application to determine a second control output without sending messages containing said second control output;
      
      routing messages containing input data to said second computing node in addition to said first computing node;
      
      receiving said messages containing said input data in said second computing node;
      
      concurrently processing, identically to said first control application, said input data in said backup control application to determine a control output; and
      
      upon detecting failure of said first computing node, sending messages containing said control output to vehicle devices from said backup control application to control the one or more vehicle devices formerly controlled by said first control application.
  - 5. The method of claim 1 wherein implementing said failover measure in dependence upon said criticality of said first control application includes:
    - initiating an identical backup control application for the vehicle function in a second computing node;
      
      routing messages containing input data to said second computing node in addition to said first computing node;
      
      receiving said messages containing said input data in said second computing node;
      
      processing said input data in said backup control application being run on said second computing node to determine a control output;
      
      sending messages containing said control output from said backup control application to the same vehicle devices as receiving messages containing control outputs from said first control application;
      
      determining, in a vehicle device, if said first computing node has failed; and
      
      upon detecting failure of said first computing node, controlling said vehicle device according to said second control output from said control application rather than said first control output from said first control application.

6. A vehicle control system for a vehicle comprising:
- a plurality of nodes;
  
  a vehicle network interconnecting said plurality of nodes, said vehicle network operating according to a communication protocol;
  
  a plurality of vehicle devices for controlling the vehicle, with each of said vehicle devices being coupled to at least two of said nodes through said vehicle network;
  
  a plurality of vehicle sensors for providing input data to at least two nodes through said vehicle network;
  
  processors at two or more of said nodes, with a first processor running a first control application for controlling vehicle devices assigned to that processor to effect a vehicle function, with said control application including program instructions for processing received input from one or more vehicle sensors to obtain a first result and for sending control messages to an assigned vehicle device according to said first result; and
  
  program instructions running on a processor for reassigning control of said vehicle devices to a second processor in dependence upon a criticality of said vehicle function in the case that said first processor fails.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The vehicle control system of claim 6 wherein said program instructions running on said processor for reassigning control of said vehicle devices to said second processor include program instructions forreconfiguring the vehicle control system to have messages from said vehicle devices sent to said second processor;
    - andinitiating a second control application in said second processor;
      
      wherein said second control application includes program instructions for receiving input data from said vehicle sensors;
      
      processing received input data from said vehicle sensors to obtain a second result; and
      
      sending control messages to the assigned vehicle device according to said second result.
  - 8. The vehicle control system of claim 7 wherein said program instructions for reconfiguring the vehicle control system to have messages from said vehicle devices sent to said second processor include program instructions for the vehicle devices to send messages directly addressed to said second processor.
  - 9. The vehicle control system of claim 7 wherein said program instructions for reconfiguring the vehicle control system to have messages from said vehicle devices sent to said second processor include program instructions for reconfiguring said vehicle network to route messages to said second processor.
  - 10. The vehicle control system of claim 6 further comprising:
    - a redundant control application being run on the second processor for controlling said vehicle devices assigned to that processor, with said redundant control application including program instructions for processing input data to obtain a second result, but not send control messages;
      
      wherein said program instructions running on said processor for reassigning control of devices to said second processor comprise program instructions for notifying said redundant control application to send control messages to said assigned vehicle device according to said second result.
  - 11. The vehicle control system of claim 6 further comprising:
    - a second processor running a redundant control application for controlling said vehicle devices assigned to that processor, with said redundant control application including program instructions for processing input data identical to received input data processed by said control application being run on said first processor to obtain a second result and for sending control messages to said assigned vehicle device according to said result; and
      
      a third processor in the assigned vehicle device, with said third processor running program instructions, the program instructions including;
      
      instructions for processing received control messages from said first and second processors to determine if said node containing said first processor has failed;
      
      instructions for utilizing control messages from said first processor if said node containing said first processor has not failed and for utilizing control messages from said second processor if said node containing said first processor has failed; and
      
      instructions for controlling said coupled vehicle devices according to the utilized control message.
  - 12. The vehicle control system of claim 6 wherein said program instructions being run on said processor for reassigning control of said vehicle devices are substantially run on a processor dedicated to managing the vehicle control system.
  - 13. The vehicle control system of claim 6 wherein said program instructions being run on said processor for reassigning control of said vehicle devices are substantially run on said second processor.

14. A method for distributed failover in a vehicle control system wherein actuators are controlled by one of a plurality of computing nodes receiving input data from sensors, with each computing node running a control application to process the input, and each computing node is assigned to control one or more actuators to effect a vehicle function, wherein the method comprises:
- detecting failure of a first computing node running a first control application;
  
  initiating a backup control application on a second computing node;
  
  routing messages containing input data from the sensors providing input data from the first computing node to the second computing node; and
  
  reassigning control of the one or more actuators controlled by the first computing node to the second computing node.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14 further comprising:
    - determining that more system resources are required to initiate said backup control application than are available on the second computing node;
      
      determining that the vehicle function of said first control application being run on the first computing node is of a higher priority than the vehicle function of a second control application currently being run on the second computing node; and
      
      terminating the second control application being run on the second computing node prior to initiating the backup control application in the second computing node.
  - 16. The method of claim 15 wherein determining that the vehicle function of the first control application is of a higher priority than the vehicle function of the second control application currently being run on the second computing node includes comparing a pre-defined priority value for each vehicle function.
  - 17. The method of claim 15 wherein determining that the vehicle function of the first control application is of a higher priority than the vehicle function of the second control application comprises:
    - determining the priority value of each vehicle function in dependence upon vehicle conditions; and
      
      comparing said priority value for each vehicle function.
  - 18. The method of claim 14 further comprising:
    - determining that more system resources are required to initiate the backup control application on the second computing node than are available;
      
      determining that the vehicle function of the first control application being run on the first computing node is of a higher priority than the vehicle function of a second control application currently being run on the second computing node; and
      
      restricting the second control application currently being run on the second computing node to lower processing demands prior to initiating the backup control application in the second computing node.
  - 19. The method of claim 18 wherein determining that the vehicle function of the first control application is of a higher priority than the vehicle function of the second control application being executed on the second computing node comprises comparing a pre-defined priority value for each vehicle function.
  - 20. The method of claim 18 wherein determining that the vehicle function of the first control application is of a higher priority than the vehicle function of the second control application comprises:
    - determining the priority value of each vehicle function in dependence upon vehicleconditions; and
      
      comparing said priority value for each vehicle function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
FEHR, WALTON L., LEVENSON, SAMUEL M., KARTHA, PRAKASH U., DONG, HAI, REMBOSKI, DONALD J., JORDAN, PATRICK D., JOHNSON, HUGH W.

Application Number

US11/427,574
Publication Number

US 20080046142A1
Time in Patent Office

Days
Field of Search
US Class Current

701/36
CPC Class Codes

H04L 12/40195   by using a plurality of nodes

H04L 2012/40215   Controller Area Network CAN

H04L 2012/40273   the transportation system b...

LAYERED ARCHITECTURE SUPPORTS DISTRIBUTED FAILOVER FOR APPLICATIONS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

LAYERED ARCHITECTURE SUPPORTS DISTRIBUTED FAILOVER FOR APPLICATIONS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links