Fail-safe system for multiple control systems having at least one common sensor for monitoring common control parameter

US 5,170,343 A
Filed: 05/10/1990
Issued: 12/08/1992
Est. Priority Date: 05/11/1989
Status: Expired due to Term

First Claim

Patent Images

1. A fail-safe system for a multiple task control system for performing mutually different first and second control tasks, said multiple task control system performing said first control task on the basis of a first parameter monitored by first monitoring means and a second parameter monitored by second monitoring means and performing said second control task on the basis of said first parameter common to said first task and a third parameter monitored by third monitoring means, said fail-safe system comprising:

first malfunction detecting means for monitoring operation of said first monitoring means to detect a faulty condition of said first monitoring means and for producing a first failure detecting signal which is indicative of failure of both of said first and second control tasks;

second malfunction detecting means for monitoring said second and third monitoring means to detect a faulty condition of one of said second and third monitoring means and for producing a second failure detecting signal which indicates failure of one of said second and third monitoring means for which said failure is detected; and

controlling means for normally performing said first and second control tasks independent of each other on the basis of said first, second and third parameters, said controlling means being responsive to said first failure detecting signal to perform a first mode fail-safe operation in both of first and second control operations and for performing said first and second tasks, and to said second failure detecting signal to perform a second mode fail-safe operation in one of said first and second control operations utilizing a faulty one of said second and third monitoring means as indicated by said second failure indicative signal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A fail-safe system for a multiple task control system which has a plurality of control channels for performing mutually independent and mutually distinct control functions detects failure in one of the control channels. In response, the fail-safe system discriminates between a failure which occurs at a common sensor which is commonly utilized for more than one control channels or a common control channel which are commonly used for more than one control channels, and a failure at other sensors for monitoring parameters to be used for a singular control channel or individual control channel for single control function. The fail-safe system performs mutually distinct modes of fail-safe operation depending upon the result of the discrimination.

Citations

27 Claims

1. A fail-safe system for a multiple task control system for performing mutually different first and second control tasks, said multiple task control system performing said first control task on the basis of a first parameter monitored by first monitoring means and a second parameter monitored by second monitoring means and performing said second control task on the basis of said first parameter common to said first task and a third parameter monitored by third monitoring means, said fail-safe system comprising:
- first malfunction detecting means for monitoring operation of said first monitoring means to detect a faulty condition of said first monitoring means and for producing a first failure detecting signal which is indicative of failure of both of said first and second control tasks;
  
  second malfunction detecting means for monitoring said second and third monitoring means to detect a faulty condition of one of said second and third monitoring means and for producing a second failure detecting signal which indicates failure of one of said second and third monitoring means for which said failure is detected; and
  
  controlling means for normally performing said first and second control tasks independent of each other on the basis of said first, second and third parameters, said controlling means being responsive to said first failure detecting signal to perform a first mode fail-safe operation in both of first and second control operations and for performing said first and second tasks, and to said second failure detecting signal to perform a second mode fail-safe operation in one of said first and second control operations utilizing a faulty one of said second and third monitoring means as indicated by said second failure indicative signal.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A fail-safe system as set forth in claim 1, wherein said second malfunction detecting means includes a first detector associated with said second monitoring means for continuously monitoring an output thereof for detecting a first abnormality and for producing a first abnormality detecting signal indicative of failure of said second monitoring means, and a second detector continuously monitoring an output thereof for detecting a second abnormality and for producing a second abnormality detecting signal indicative of failure of said third monitoring means.
  - 3. A fail-safe system as set forth in claim 1, wherein said multiple task control system includes a first control channel including a first actuator for performing said first control task and a second control channel including a second actuator for performing said second control task, and said second malfunction detecting means includes a third detector constantly monitoring a first control command to be applied to said first actuator and operation of said first actuator for detecting abnormality in said first actuator operation in terms of said first control command to produce a third abnormality detecting signal indicative of failure of said first actuator, and a second control channel including a second actuator for performing said second control task, and said second malfunction detecting means includes a third detector constantly monitoring a second control command to be applied to said second actuator and operation of said second actuator, for detecting abnormality in said second actuator operation in terms of said second control command to produce a fourth abnormality detecting signal indicative of failure of said second actuator.
  - 4. A fail-safe system as set forth in claim 3, wherein said controlling means is responsive to said second failure detecting signal of said second monitoring means for shutting off power supply for one of said first and second actuators in one of said first and second control channels in which failure of a monitoring means or an actuator is detected.
  - 5. A fail-safe system as set forth in claim 4, wherein said first and second actuators are responsive to shutting down of power supply to be placed at predetermined operational positions.
  - 6. A fail-safe system as set forth in claim 3, which further comprises a first alarm to be triggered in response to said first failure detecting signal for alarming said first mode fail-safe operation common to said first and second control channels and a second alarm to be triggered in response to said second failure detecting signal for alarming said second mode fail-safe operation for one of said first and second control channels in which failure of a monitoring means or an actuator is detected.
  - 7. A fail-safe system as set forth in claim 4, wherein said controlling means is responsive to said first failure detecting signal to perform said first mode fail-safe operation for said second monitoring means, in which said control command to be applied to said second actuator in said second control channel is modified periodically by a given rate toward a predetermined value for a predetermined position of said second actuator.

8. A multi-task control system, comprising:
- a first control channel for controlling operation of a first control load, said first control channel including first monitoring means for monitoring a first control parameter and for providing first parameter data and second monitoring means for monitoring a second control parameter different from said first control parameter, and for providing second parameter data, and said first control channel further including first signal processing means for processing said first and second control parameter data and for deriving a first command value indicative of an operational magnitude of said first control load;
  
  a second control channel for controlling operation of a second load, said second control channel including said first monitoring means which is common to said first control channel and third monitoring means for monitoring a third control parameter different from said first control parameter, and for providing third parameter data, and said second control channel further including second signal processing means for processing said first and third control parameter data and for deriving a second command value indicative of an operational magnitude of said second control load;
  
  first malfunction detecting means monitoring said first parameter data provided from said first monitoring means in order to detect abnormality of said first parameter data and produce a first failure detecting signal;
  
  second malfunction detecting means monitoring said second parameter data provided from said second monitoring means in order to detect abnormality of said second parameter data and produce a second failure detecting signal;
  
  third malfunction detecting means monitoring said third parameter data provided from said third monitoring means in order to detect abnormality of said third parameter data and produce a third failure detecting signal;
  
  first fail-safe means responsive to said first failure detecting signal for performing first mode fail-safe operation, in which fail-safe operation is commonly commanded for both of said first and second control channels for predetermined first mode fail-safe operations in each of said first and second control channels; and
  
  second fail-safe means responsive to one of said second and third failure detecting signals, for performing second mode fail-safe operation, in which fail-safe operation is selectively commanded to one of said first and second control channels corresponding to an input failure detecting signal for a predetermined second mode fail-safe operation therein.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. A multi-task control system as set forth in claim 8, wherein said first control channel includes a first actuator for operating said first control load and said second control channel includes a second actuator for operating said second control load, and said second malfunction detecting means includes a fourth malfunction detecting means constantly monitoring a first control command to be applied to said first actuator and operation of said first actuator so as to detect abnormal operation of said first actuator in terms of first control command to produce a fourth failure detecting signal indicative of failure of said first actuator, and said second malfunction detecting means includes a fifth malfunction detecting means constantly monitoring a second control command to be applied to said second actuator and operation of said second actuator so as to detect abnormal operation of said second actuator in terms of said second control command to produce a fifth failure detecting signal indicative of failure of said second actuator.
  - 10. A multi-task control system as set forth in claim 9, wherein said first fail-safe means is responsive to said first failure detecting signal from said first malfunction detecting means for shutting off power supply for said first actuator in said first control channel, and said second fail-safe means is respsonsive to said second failure detecting signal from said second malfunction detecting means for shutting off power supply for said second actuator in said second control channel.
  - 11. A multi-task control system as set forth in claim 10, wherein said first and second actuators are responsive to shutting down of power supply to be placed at predetermined operational positions.
  - 12. A multi-task control system as set forth in claim 11, wherein said first fail-safe means includes a first alarm to be triggered in response to said first failure detecting signal for alarming said first mode fail-safe operation common to said first and second control channels and said second fail-safe means includes a second alarm to be triggered in response to said second failure detecting signal for alarming said second mode fail-safe operation in said first control channel.
  - 13. A multi-task control system as set forth in claim 12, wherein said second fail-safe means is responsive to said first failure detecting signal to perform said first mode fail-safe operation for said second control channel, in which said second control command to be applied to said second actuator in said second control channel is modified periodically by a given rate toward a predetermined value for a predetermined position of said second actuator.

14. A multi-task control system for an automotive vehicle for controlling a first vehicular component associated with vehicular driving operation for adjusting first vehicular behavior and a second vehicular component associated with vehicular driving operation for adjusting second vehicular behavior, comprising:
- a first control channel for controlling operation of a first vehicular component, said first control channel including first monitoring means for monitoring a first control parameter and for providing first parameter data and second monitoring means for monitoring a second control parameter different from said first control parameter and for providing second parameter data, and said first control channel further including first signal processing means for processing said first and second control parameter data and for deriving a first command value indicative of an operational magnitude of said first vehicular component;
  
  a second control channel for controlling operation of a second vehicular component, said second control channel including said first monitoring means which is common to said first control channel and third monitoring means for monitoring a third control parameter different from said first control parameter and for providing third parameter data, and said second control channel further including second signal processing means for processing said first and third control parameter data and for deriving a second command value indicative of an operational magnitude of said second vehicular component;
  
  first malfunction detecting means monitoring said first parameter data provided from said first monitoring means in order to detect abnormality of said first parameter data and produce a first failure detecting signal;
  
  second malfunction detecting means monitoring said second parameter data provided from said second monitoring means in order to detect abnormality of said second parameter data and produce a second failure detecting signal;
  
  third malfunction detecting means monitoring said third parameter data provided from said third monitoring means in order to detect abnormality of said third parameter data and produce a third failure detecting signal;
  
  first fail-safe means responsive to said first failure detecting signal for performing first mode fail-safe operation, in which fail-safe operation is commonly commanded for both of said first and second control channels for predetermined first mode fail-safe operations in each of said first and second control channels; and
  
  second fail-safe means responsive to one of said second and third failure detecting signals, for performing second mode fail-safe operation, in which fail-safe operation is selectively commanded for one of said first and second control channels corresponding to an input failure detecting signal for a predetermined second mode fail-safe operation therein.
- View Dependent Claims (15, 16, 17, 18)
- - 15. A multi-task control system as set forth in claim 14, wherein said first control channel includes a first actuator for operating said first vehicular component and said second control channel includes a second actuator for operating said second vehicular component, and said second malfunction detecting means includes a fourth malfunction detecting means constantly monitoring a first control command to be applied to said first actuator and operation of said first actuator so as to detect abnormal operation of said first actuator in terms of said first control command to produce a forth failure detecting signal indicative of failure of said first actuator, and said second malfunction detecting means includes a fifth malfunction detecting means constantly monitoring a second control command to be applied to said second actuator and operation of said second actuator so as to detect abnormal operation of said second actuator in terms of said second control command to produce a fifth failure detecting signal indicative of failure of said second actuator.
  - 16. A multi-task control system as set forth in claim 15, wherein said first fail-safe means is responsive to said first failure detecting signal input from said first malfunction detecting means for shutting off power supply for said first actuator in said first control channel, and said second fail-safe means is responsive to said second failure detecting signal input from said second malfunction detecting means for shutting off power supply for said second actuator in said second control channel.
  - 17. A multi-task control system as set forth in claim 16, wherein said first and second actuators are responsive to shutting down of power supply to be placed at predetermined operational positions.
  - 18. A multi-task control system as set forth in claim 17, wherein said first fail-safe means includes a first alarm to be triggered in response to said first failure detecting signal for alarming said first mode fail-safe operation common to said first and second control channels and said second fail-safe means includes a second alarm to be triggered in response to said second failure detecting signal for alarming said second mode fail-safe operation in said first control channel.

19. A multi-task control system as set forth in clam 18, wherein said second fail-safe means is responsive to said first failure detecting signal to perform said first mode fail-safe operation for said second control channel, in which said second control command to be applied to said second actuator in said second control channel is modified periodically by a given rate toward a predetermined value for a predetermined position of said second actuator.

20. A multi-task control system for an automotive vehicle for performing anti-skid brake control for a vehicular brake system and power train control for adjusting distribution of driving torque generated by a prime mover to primary and subsidiary driving wheels, comprising:
- a first control channel, associated with said vehicular brake system, for performing anti-skid brake control for optimizing vehicular braking performance, said first control channel processing preselected brake control parameters for deriving a magnitude of wheel acceleration and deceleration and wheel slippage for selecting an operational mode of said brake system for selectively increasing, decreasing and holding braking pressure in said brake system;
  
  a second control channel, associated with said power train for adjusting power distribution between a primary driving wheel which is constantly connnected to said prime mover to receive driving torque and a subsidiary driving wheel, for which a controlled distrubution rate of driving torque of said prime mover is supplied, said second control channel processing preselected driving torque distribution control parameters which include at least one common parameter to said first control channel;
  
  first malfunction detecting means mointoring said common parameter in order to detect abnormality thereof and produce a first failure detecting signal;
  
  second malfunction detecting means mointoring second parameter data in said first control channel other than said common parameter in order to detect abnormality thereof and produce a second failure detecting signal;
  
  third malfunction detecting means monitoring third parameter data in said second control channel other than said common parameter in order to detect abnormality thereof and produce a third failure detecting signal;
  
  first fail-safe means responsive to said first failure detecting signal for performing first mode fail-safe operation, in which fail-safe operation is commonly commanded for both of said first and second control channels for perdetermined first mode fail-safe operations in each of said first and second control channels; and
  
  second fail-safe means responsive to one of said second and third failure detecting signals, for performing second mode fail-safe operation, in which fail-safe operation is selectively commanded for one of said first and second control channels corresponding to an inputted failure detecting signal for a predetermined second mode fail-safe operation therein.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. A multi-task control system as set forth in claim, 20, wherein said first control channel includes a first actuator for adjusting braking pressure in said brake system and said second control channel includes a second actuator for adjusting torque distribution for said subsidiary driving wheel, and said second malfunction detecting means includes a fourth malfunction detecting means constantly monitoring a first control command to be applied to said first actuator and operation of said first actuator so as to detect abnormal operation of said first actuator in terms of said first control command to produce a fourth failure detecting signal indicative of failure of said first actuator, and said second malfunction detecting means includes a fifth malfunction detecting means constantly monitoring a second control command to be applied to said second actuator and operation of said second acutator so as to detect abnormal operation of said second actuator in terms of said second control command to produce a fifth failure detecting signal indicative of failure of said second actuator.
  - 22. A multi-task control system as set forth in claim 21, wherein said first fail-safe means is responsive to said first failure detecting signal from said first malfunction detecting means for shutting off power supply for said first actuator in said first control channel, and said second fail-safe means is responsive to said second failure detecting signal input from said second malfunction detectng means for shutting off power supply for said second actuator in said second control channel.
  - 23. A multi-task control system as set forth in claim 22, wherein said first and second acutators are responsive to shutting down of power supply to be placed at predetermined operational positions.
  - 24. A multi-task control system as set forth in claim 23, wherein said first actuator operates said brake system for disabling, decreasing and holding braking pressure and permitting increasing of braking pressure in response to shutting down of power supply.
  - 25. A multi-task control system as set forth in claim 23, wherein said second actuator is responsive to shutting down of power supply to block driving torque distribution for said subsidiary driving wheel.
  - 26. A multi-task control system as set forth in claim 23, wherein said first fail-safe means includes a first alarm to be triggered in response to said first failure detecting signal for alarming said first mode fail-safe operation common to said first and second control channels and said second fail-safe means includes a second alarm to be triggered in response to said second failure detecting signal for alarming said second mode fail-safe operation in said first control channel.
  - 27. A multi-task control system as set forth in claim 26, wherein said second fail-safe means is responsive to said failure detecting signal to perform said first mode fail-safe operation for said second control channel, in which said second control command to be applied to said second actuator in said second control channel is modified periodically by a given rate toward a predetermined value for a predetermined position of said second actuator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nissan Motor Co., Ltd.
Original Assignee
Nissan Motor Co., Ltd.
Inventors
Matsuda, Toshiro
Primary Examiner(s)
Smith, Jerry
Assistant Examiner(s)
GORDON, PAUL P

Application Number

US07/521,974
Time in Patent Office

943 Days
Field of Search

364/184, 364/185, 364/426.01, 364/426.02, 303/92, 303/95, 180/197
US Class Current

700/79
CPC Class Codes

B60G 17/0185   for failure detection

B60G 2600/08   Failure or malfunction dete...

B60T 2270/413   Plausibility monitoring, cr...

B60T 8/885   using electrical circuitry

B60W 10/02   including control of drivel...

B60W 10/06   including control of combus...

B60W 10/18   including control of brakin...

B60W 10/22   including control of suspen...

B60W 2050/021   Means for detecting failure...

B60W 2050/0215   Sensor drifts or sensor fai...

B60W 2050/0295   Inhibiting action of specif...

B60W 2510/0685   Engine crank angle

B60W 2520/105   Longitudinal acceleration

B60W 2520/125   Lateral acceleration

B60W 2520/28   Wheel speed

B60W 2710/182   Brake pressure, e.g. of flu...

B60W 2720/30   Wheel torque

B60W 30/18172   Preventing, or responsive t...

B60W 50/0205   Diagnosing or detecting fai...

B60W 50/04   Monitoring the functioning ...

Fail-safe system for multiple control systems having at least one common sensor for monitoring common control parameter

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Fail-safe system for multiple control systems having at least one common sensor for monitoring common control parameter

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links