U.S. patent application number 17/137519 was filed with the patent office on 2021-08-05 for vehicle and autonomous driving system.
This patent application is currently assigned to TOYOTA JIDOSHA KABUSHIKI KAISHA. The applicant listed for this patent is TOYOTA JIDOSHA KABUSHIKI KAISHA. Invention is credited to Yuta OHASHI, Ikuma SUZUKI.
Application Number | 20210237722 17/137519 |
Document ID | / |
Family ID | 1000005343670 |
Filed Date | 2021-08-05 |
United States Patent
Application |
20210237722 |
Kind Code |
A1 |
SUZUKI; Ikuma ; et
al. |
August 5, 2021 |
VEHICLE AND AUTONOMOUS DRIVING SYSTEM
Abstract
A vehicle comprises an autonomous driving system and a vehicle
platform that controls the vehicle in response to a command
received from the autonomous driving system. In the present
vehicle, when the autonomous driving system issues a first command
to request the vehicle platform to provide deceleration to stop the
vehicle and a first signal indicates 0 km/h or a prescribed
velocity or less, the autonomous driving system issues a second
command to request the vehicle platform to maintain stationary. And
after brake hold control is finished, a second signal indicates
standstill. Until the second signal indicates standstill, the first
command continues to request the vehicle platform to provide
deceleration.
Inventors: |
SUZUKI; Ikuma; (Okazaki-shi,
JP) ; OHASHI; Yuta; (Toyota-shi, JP) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
TOYOTA JIDOSHA KABUSHIKI KAISHA |
Toyota-shi |
|
JP |
|
|
Assignee: |
TOYOTA JIDOSHA KABUSHIKI
KAISHA
Toyota-shi
JP
|
Family ID: |
1000005343670 |
Appl. No.: |
17/137519 |
Filed: |
December 30, 2020 |
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
B60W 30/0953 20130101;
B60W 30/0956 20130101; B60W 2510/188 20130101; B60W 10/18 20130101;
B60W 30/09 20130101; B60W 60/001 20200201 |
International
Class: |
B60W 30/09 20060101
B60W030/09; B60W 10/18 20060101 B60W010/18; B60W 30/095 20060101
B60W030/095; B60W 60/00 20060101 B60W060/00 |
Foreign Application Data
Date |
Code |
Application Number |
Jan 31, 2020 |
JP |
2020-015719 |
Claims
1. A vehicle comprising: an autonomous driving system; and a
vehicle platform that controls the vehicle in response to a command
received from the autonomous driving system, wherein the autonomous
driving system sends to the vehicle platform a command including a
first command to request acceleration and deceleration and a second
command to request to maintain stationary, the autonomous driving
system obtains a first signal indicating a longitudinal velocity of
the vehicle and a second signal indicating a standstill status, and
when the autonomous driving system issues the first command to
request the vehicle platform to provide deceleration to stop the
vehicle and the first signal indicates 0 km/h or a prescribed
velocity or less, the autonomous driving system issues the second
command to request the vehicle platform to maintain stationary,
after brake hold control is finished, the second signal indicates
standstill, and until the second signal indicates standstill, the
first command continues to request the vehicle platform to provide
deceleration.
2. The vehicle according to claim 1, wherein the first command
continues to request a constant deceleration value during a period
from when the second command requests to maintain stationary until
the second signal indicates standstill.
3. The vehicle according to claim 2, wherein the constant
deceleration value is -0.4 m/s.sup.2.
4. The vehicle according to claim 1, wherein the autonomous driving
system further obtains a third signal indicating a moving direction
of the vehicle, and the brake hold control is started when the
first command requests deceleration, the second command requests to
maintain stationary, and the third signal indicates standstill.
5. The vehicle according to claim 1, wherein when the autonomous
driving system issues the first command to request the vehicle
platform to provide deceleration to stop the vehicle, and
thereafter, before the brake hold control is finished the request
through the first command for deceleration is cancelled,
transitioning to the brake hold control is canceled.
6. The vehicle according to claim 1, wherein when the autonomous
driving system issues the second command to request the vehicle
platform to maintain stationary, and thereafter, before the brake
hold control is finished the request through the second command to
maintain stationary is cancelled, transitioning to the brake hold
control is canceled.
7. The vehicle according to claim 1, wherein when the brake hold
control is finished and thereafter the request through the second
command to maintain stationary still continues, the vehicle
continues standstill while the request through the second command
to maintain stationary continues.
8. The vehicle according to claim 1, wherein the vehicle includes
an electric parking brake, and when the second signal continues to
indicate standstill for a prescribed period of time, the electric
parking brake is activated.
9. The vehicle according to claim 1, wherein when, in order to
start the vehicle, the autonomous driving system cancels the brake
hold control by setting the second command, the vehicle platform
controls acceleration/deceleration of the vehicle based on the
first command.
10. A vehicle comprising: a vehicle platform that controls the
vehicle; and a vehicle control interface that mediates
communication of a signal between the vehicle platform and an
autonomous driving system, wherein by attaching the autonomous
driving system to the vehicle, the vehicle platform can carry out
autonomous driving control of the vehicle in response to a command
received from the autonomous driving system, the autonomous driving
system sends to the vehicle platform through the vehicle control
interface a command including a first command to request
acceleration and deceleration and a second command to request to
maintain stationary, the vehicle control interface outputs to the
autonomous driving system a first signal indicating a longitudinal
velocity of the vehicle and a second signal indicating a standstill
status, when the autonomous driving system issues the first command
to request the vehicle platform to provide deceleration to stop the
vehicle and the first signal indicates 0 km/h or a prescribed
velocity or less, the vehicle control interface requests the
autonomous driving system to issue the second command to maintain
stationary, and the vehicle control interface requests the
autonomous driving system to continuously transmit the first
command to request deceleration until the second signal indicates
standstill in response to the second command.
11. The vehicle according to claim 10, wherein the vehicle control
interface outputs to the autonomous driving system a third signal
indicating a moving direction of the vehicle, and brake hold
control is started when the first command requests deceleration,
the second command requests to maintain stationary, and the third
signal indicates standstill.
12. The vehicle according to claim 11, wherein when the autonomous
driving system issues the first command to request the vehicle
platform to provide deceleration to stop the vehicle, and
thereafter, before the brake hold control is finished the request
through the first command for deceleration is cancelled,
transitioning to the brake hold control is canceled.
13. The vehicle according to claim 11, wherein when the autonomous
driving system issues the second command to request the vehicle
platform to maintain stationary, and thereafter, before the brake
hold control is finished the request through the second command to
maintain stationary is cancelled, transitioning to the brake hold
control is canceled.
14. The vehicle according to claim 11, wherein when the brake hold
control is finished and thereafter the request through the second
command to maintain stationary still continues, the vehicle
continues standstill while the request through the second command
to maintain stationary continues.
15. The vehicle according to claim 10, wherein the vehicle includes
an electric parking brake, and when the second signal continues to
indicate standstill for a prescribed period of time, the electric
parking brake is activated.
16. The vehicle according to claim 10, wherein when, in order to
start the vehicle, the autonomous driving system cancels the brake
hold control by setting the second command, the vehicle platform
controls acceleration/deceleration of the vehicle based on the
first command.
17. An autonomous driving system comprising a computer that sends a
command to a vehicle platform, wherein the computer sends to the
vehicle platform a command including a first command to request
acceleration and deceleration and a second command to request to
maintain stationary, the computer obtains a first signal indicating
a longitudinal velocity of the vehicle and a second signal
indicating a standstill status, when the computer issues the first
command to request the vehicle platform to provide deceleration to
stop a vehicle and the first signal indicates 0 km/h or a
prescribed velocity or less, the computer issues the second command
to request the vehicle platform to maintain stationary, and until
the second signal indicates standstill in response to the second
command, the computer issues the first command to continue to
request the vehicle platform to provide deceleration.
18. The autonomous driving system according to claim 17, wherein
the computer issues the first command to continue to request a
constant deceleration value during a period from when the second
command requests to maintain stationary until the second signal
indicates standstill.
19. The autonomous driving system according to claim 18, wherein
the constant deceleration value is -0.4 m/s.sup.2.
Description
[0001] This nonprovisional application is based on Japanese Patent
Application No. 2020-015719 filed with the Japan Patent Office on
Jan. 31, 2020, the entire contents of which are hereby incorporated
by reference.
BACKGROUND
Field
[0002] The present disclosure relates to a vehicle and an
autonomous driving system, and more specifically to a technology
used to autonomously drive a vehicle.
Description of the Background Art
[0003] Japanese Patent Laid-Open No. 2018-132015 discloses a
technology used to autonomously drive a vehicle. In the technology
described in Japanese Patent Laid-Open No. 2018-132015, an
autonomous driving ECU having a function to sense a vicinity of a
vehicle is provided to the vehicle separately from an engine ECU,
and the autonomous driving ECU issues an instruction to the engine
ECU via an in-vehicle network. The ECU for managing the power of
the vehicle and the ECU for autonomous driving that are independent
from each other allow an autonomous driving function to be added
without significantly changing an existing vehicle platform. In
addition, it is expected that a third party should accelerate
development of an autonomous driving function.
SUMMARY
[0004] It is also conceivable to make an autonomous driving system
retrofittable to a vehicular body having a vehicle platform
incorporated therein. However, a technique allowing a vehicle
platform to appropriately perform vehicle control in response to a
command received from such an autonomous driving system has not yet
been established, and there remains room for improvement.
[0005] The present disclosure has been made in order to address the
above issue, and contemplates a vehicle and autonomous driving
system capable of appropriately maintaining stationary when a
vehicle platform carries out vehicle control in response to a
command received from the autonomous driving system.
[0006] In a first aspect of the present disclosure, a vehicle
comprises an autonomous driving system and a vehicle platform that
controls the vehicle in response to a command received from the
autonomous driving system. The autonomous driving system sends to
the vehicle platform a command including a first command to request
acceleration and deceleration and a second command to request to
maintain stationary. The autonomous driving system obtains a first
signal indicating a longitudinal velocity of the vehicle and a
second signal indicating a standstill status. In the present
vehicle, when the autonomous driving system issues the first
command to request the vehicle platform to provide deceleration to
stop the vehicle and the first signal indicates 0 km/h or a
prescribed velocity or less, the autonomous driving system issues
the second command to request the vehicle platform to maintain
stationary. And after brake hold control is finished, the second
signal indicates standstill. Until the second signal indicates
standstill, the first command continues to request the vehicle
platform to provide deceleration.
[0007] According to the above configuration, acceleration of the
vehicle is suppressed in response to a request through the first
command for deceleration even after the vehicle is stopped (that
is, even after the first signal indicates 0 km/h or a prescribed
velocity or less). Thus, when the vehicle platform carries out
vehicle control in response to a command received from the
autonomous driving system, the vehicle can be appropriately
maintained stationary (that is, brake hold control can be carried
out appropriately).
[0008] In the above configuration, a trigger to issue the second
command to request to maintain stationary may be that the first
signal indicates 0 km/h or that the first signal indicates a
prescribed velocity or less. The prescribed velocity may be a value
which is small to an extent allowing the vehicle to be regarded as
being stationary (e.g., approximately 0 km/h).
[0009] The first command may continue to request a constant
deceleration value during a period from when the second command
requests to maintain stationary until the second signal indicates
standstill. Further, the constant deceleration value may be -0.4
m/s.sup.2. According to the above configuration, a state of the
vehicle when the vehicle is stopped is easily stabilized by simple
control.
[0010] In the above vehicle, the autonomous driving system may
further obtain a third signal indicating a moving direction of the
vehicle. In such a vehicle, the brake hold control may be started
when the first command requests deceleration, the second command
requests to maintain stationary, and the third signal indicates
standstill. According to the above configuration, maintaining the
vehicle stationary (that is, brake hold control) is easily,
appropriately performed. The third signal may indicate a standstill
when a prescribed number of wheels of the vehicle continue a speed
of 0 for a prescribed period of time.
[0011] In the above vehicle, when the autonomous driving system
issues the first command to request the vehicle platform to provide
deceleration to stop the vehicle, and thereafter, before the brake
hold control is finished the request through the first command for
deceleration is cancelled, transitioning to the brake hold control
may be canceled. According to the above configuration,
inappropriately maintaining the vehicle stationary (that is,
inappropriate brake hold control) can be suppressed.
[0012] In the above vehicle, when the autonomous driving system
issues the second command to request the vehicle platform to
maintain stationary, and thereafter, before the brake hold control
is finished the request through the second command to maintain
stationary is cancelled, transitioning to the brake hold control
may be canceled. According to the above configuration,
inappropriately maintaining the vehicle stationary (that is,
inappropriate brake hold control) can be suppressed.
[0013] In the above vehicle, after the brake hold control is
finished and thereafter the request through the second command to
maintain stationary still continues, the vehicle may continue
standstill while the request through the second command to maintain
stationary continues. According to the above configuration, the
vehicle can continue standstill (that is, a state of being
maintained stationary) in response to the second command.
[0014] The above vehicle may include an electric parking brake. In
the vehicle, an electric parking brake may be activated when the
second signal continues to indicate standstill for a prescribed
period of time. According to such a configuration, brake hold
control is finished and thereafter when a prescribed period of time
elapses the electric parking brake can further be applied to
enhance maintaining the vehicle stationary.
[0015] In the above vehicle, when, in order to start the vehicle,
the autonomous driving system cancels brake hold control by setting
the second command, the vehicle platform may control
acceleration/deceleration of the vehicle based on the first
command. According to this configuration, the vehicle can be
appropriately started in response to a command received from the
autonomous driving system.
[0016] In a second aspect of the present disclosure a vehicle
comprises a vehicle platform that controls the vehicle and a
vehicle control interface that mediates communication of a signal
between the vehicle platform and an autonomous driving system. By
attaching the autonomous driving system to the vehicle, the vehicle
platform can carry out autonomous driving control of the vehicle in
response to a command received from the autonomous driving system.
The autonomous driving system sends to the vehicle platform through
the vehicle control interface a command including a first command
to request acceleration and deceleration and a second command to
request to maintain stationary. The vehicle control interface
outputs to the autonomous driving system a first signal indicating
a longitudinal velocity of the vehicle and a second signal
indicating a standstill status. When the autonomous driving system
issues the first command to request the vehicle platform to provide
deceleration to stop the vehicle and the first signal indicates 0
km/h or a prescribed velocity or less, the vehicle control
interface requests the autonomous driving system to issue the
second command to maintain stationary. The vehicle control
interface requests the autonomous driving system to continuously
transmit the first command to request deceleration until the second
signal indicates standstill in response to the second command.
[0017] The vehicle does not comprise an autonomous driving system.
However, when the autonomous driving system is retrofitted to the
vehicle, the above-described control comes to be carried out when
the autonomous driving system stops the vehicle. That is, even
after the vehicle is stopped, acceleration of the vehicle is
suppressed in response to a request through the first command for
deceleration. The vehicle can thus be appropriately maintained
stationary when the vehicle platform carries out vehicle control in
response to a command received from the autonomous driving
system.
[0018] In a third aspect of the disclosure, an autonomous driving
system comprises a computer that sends a command to a vehicle
platform. The command that computer sends to the vehicle platform
includes a first command to request acceleration and deceleration
and a second command to request to maintain stationary. The
computer obtains a first signal indicating a longitudinal velocity
of the vehicle and a second signal indicating a standstill status.
When the computer issues the first command to request the vehicle
platform to provide deceleration to stop a vehicle and the first
signal indicates 0 km/h or a prescribed velocity or less, the
computer issues the second command to request the vehicle platform
to maintain stationary. Until the second signal indicates
standstill in response to the second command, the computer issues
the first command to continue to request the vehicle platform to
provide deceleration.
[0019] According to the above configuration, the above-described
control comes to be carried out when the autonomous driving system
stops the vehicle. That is, acceleration of the vehicle is
suppressed in response to a request through the first command for
deceleration even after the vehicle is stopped. The vehicle can
thus be appropriately maintained stationary when the vehicle
platform carries out vehicle control in response to a command
received from the autonomous driving system.
[0020] The foregoing and other objects, features, aspects and
advantages of the present disclosure will become more apparent from
the following detailed description of the present disclosure when
taken in conjunction with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0021] FIG. 1 is a diagram generally showing a MaaS system to which
a vehicle according to an embodiment of the present disclosure is
applied.
[0022] FIG. 2 is a diagram showing details in configuration of a
vehicle control interface, a vehicle platform, and an autonomous
driving system that the vehicle shown in FIG. 1 comprises.
[0023] FIG. 3 is a flowchart of a process performed by the
autonomous driving system in autonomous driving control according
to an embodiment of the present disclosure.
[0024] FIG. 4 is a flowchart of a process performed in the vehicle
for setting an actual moving direction according to an embodiment
of the present disclosure.
[0025] FIG. 5 is a flowchart of brake hold control carried out in
an autonomous mode according to an embodiment of the present
disclosure.
[0026] FIG. 6 is a flowchart of EPB control carried out in the
autonomous mode according to an embodiment of the present
disclosure.
[0027] FIG. 7 is a flowchart of deceleration control carried out in
the autonomous mode according to an embodiment of the present
disclosure.
[0028] FIG. 8 is a flowchart of start control carried out in the
autonomous mode according to an embodiment of the present
disclosure.
[0029] FIG. 9 is a flowchart of acceleration control carried out in
the autonomous mode according to an embodiment of the present
disclosure.
[0030] FIG. 10 is timing plots representing an exemplary operation
of a vehicle autonomously driven in the autonomous mode according
to an embodiment of the present disclosure.
[0031] FIG. 11 is a diagram of an overall configuration of
MaaS.
[0032] FIG. 12 is a diagram of a system configuration of a MaaS
vehicle.
[0033] FIG. 13 is a diagram showing a typical flow in an autonomous
driving system.
[0034] FIG. 14 is an example of timing plots of an API involved in
stopping and starting the MaaS vehicle.
[0035] FIG. 15 is an example of timing plots of an API involved in
a shift change of the MaaS vehicle.
[0036] FIG. 16 is an example of timing plots of an API involved in
locking a wheel of the MaaS vehicle.
[0037] FIG. 17 is a diagram representing a limit value of variation
in tire turning angle.
[0038] FIG. 18 is a diagram for illustrating intervention by an
accelerator pedal.
[0039] FIG. 19 is a diagram for illustrating intervention by a
brake pedal.
[0040] FIG. 20 is a diagram of an overall configuration of
MaaS.
[0041] FIG. 21 is a diagram of a system configuration of a
vehicle.
[0042] FIG. 22 is a diagram showing the vehicle's power feeding
configuration.
[0043] FIG. 23 is a diagram for illustrating a strategy taken until
the vehicle is safely brought to a standstill when a failure
occurs.
[0044] FIG. 24 is a diagram showing an arrangement of
representative functions of the vehicle.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0045] Embodiments of the present disclosure will now be described
in detail hereinafter with reference to the drawings, in which
identical or corresponding components are identically denoted and
will not be described repeatedly.
[0046] FIG. 1 is a diagram generally showing a MaaS (Mobility as a
Service) system to which a vehicle according to the present
embodiment is applied.
[0047] Referring to FIG. 1, the MaaS system comprises a vehicle 1,
a data server 500, an MSPF (Mobility Service Platform) 600, and
autonomous driving-related mobility services 700.
[0048] Vehicle 1 includes a vehicular body 10 and an ADK
(Autonomous Driving Kit) 20.
[0049] Vehicular body 10 includes a vehicle control interface 110,
a VP (Vehicle Platform) 120, and a DCM (Data Communication Module)
130. ADK 20 includes an ADS (Autonomous Driving System) 200 for
autonomously driving vehicle 1. Vehicle control interface 110
mediates communication of a signal between VP 120 and ADS 200. ADK
20 is actually attached to vehicular body 10 although FIG. 1 shows
vehicular body 10 and ADK 20 at positions distant from each other.
In the present embodiment, ADK 20 has its body attached to a roof
top of vehicular body 10. Note, however, that where ADK 20 is
mounted can be changed as appropriate.
[0050] Vehicle 1 is configured to be autonomously drivable. When
vehicle 1 is autonomously driven, VP 120 and ADS 200 communicate
signals with each other via vehicle control interface 110, and VP
120 carries out travel control (that is, autonomous driving
control) in an autonomous mode in response to a command received
from ADS 200. ADK 20 is removable from vehicular body 10. Even when
vehicular body 10 has ADK 20 removed therefrom, the user can drive
the vehicle to cause the vehicle to travel with vehicular body 10
alone. When the vehicle travels with vehicular body 10 alone, VP
120 carries out travel control in a manual mode (that is, in
response to the user's operation).
[0051] In the present embodiment, ADS 200 communicates signals with
vehicle control interface 110 through an API (Application Program
Interface) defining each signal to be communicated. ADS 200 is
configured to process various signals defined by the API. For
example, ADS 200 creates a driving plan for vehicle 1 and outputs
various commands to vehicle control interface 110 through the API
for causing vehicle 1 to travel in accordance with the created
driving plan. Hereinafter, each of the various commands output from
ADS 200 to vehicle control interface 110 will also be referred to
as an "API command." Further, ADS 200 receives various signals
indicating states of vehicular body 10 from vehicle control
interface 110 through the API, and reflects the received states of
vehicular body 10 in creating the driving plan. Hereinafter, each
of the various signals that ADS 200 receive from vehicle control
interface 110 will also be referred to as an "API signal." An API
command and an API signal both correspond to signals defined by the
API. Details in configuration of ADS 200 will be described
hereinafter (see FIG. 2).
[0052] Vehicle control interface 110 receives various API commands
from ADS 200. When vehicle control interface 110 receives an API
command from ADS 200, vehicle control interface 110 converts the
API command into a format of a signal that can be processed by VP
120. Hereinafter, an API command converted into a format of a
signal that can be processed by VP 120 will also be referred to as
a "control command." When vehicle control interface 110 receives an
API command from ADS 200, vehicle control interface 110 outputs to
VP 120 a control command corresponding to the API command.
[0053] Vehicle control interface 110 outputs to ADS 200 various API
signals indicating states of vehicular body 10. In the present
embodiment, VP 120 detects a state of vehicular body 10 and
sequentially sends various signals (e.g., a sensor signal or a
status signal) indicating the state of vehicular body 10 to vehicle
control interface 110 in real time. Vehicle control interface 110
receives a signal from VP 120 and uses the received signal to
obtain an API signal as described above. Vehicle control interface
110 may determine a value for the API signal based on the signal
received from VP 120, or may convert the signal received from VP
120 (i.e., a signal indicating a state of vehicular body 10) to a
form of an API signal. Thus, vehicle control interface 110 obtains
an API signal in which a value indicating a state of vehicular body
10 is set, and vehicle control interface 110 outputs the obtained
API signal to ADS 200. From vehicle control interface 110 to ADS
200, the API signal indicating the state of vehicular body 10 is
sequentially output in real time.
[0054] In the present embodiment, a less versatile signal defined
by, for example, an automobile manufacturer is communicated between
VP 120 and vehicle control interface 110, and a more versatile
signal (for example, a signal defined by an open API) is
communicated between ADS 200 and vehicle control interface 110.
Vehicle control interface 110 converts a signal between ADS 200 and
VP 120 to allow VP 120 to control vehicle 1 in response to a
command received from ADS 200. By attaching ADS 200 to vehicular
body 10 having VP 120 incorporated therein, VP 120 can perform
autonomous driving control for vehicular body 10 in response to a
command received from ADS 200. Note, however, that vehicle control
interface 110 functions not only to convert a signal, as described
above. For example, vehicle control interface 110 may make a
determination, as prescribed, and send a signal based on a result
of the determination (e.g., a signal for making notification, an
instruction, or a request) to at least one of VP 120 and ADS 200.
Details in configuration of vehicle control interface 110 will be
described hereinafter (see FIG. 2).
[0055] VP 120 includes various systems and various sensors for
controlling vehicular body 10. Commands are sent from ADS 200 to VP
120 through vehicle control interface 110. VP 120 carries out
vehicle control variously in response to commands received from ADS
200 (more specifically, control commands corresponding to API
commands sent by ADS 200). Various commands for causing vehicle 1
to travel in accordance with a driving plan as described above are
transmitted from ADS 200 to VP 120, and vehicle 1 is autonomously
driven by VP 120 carrying out vehicle control variously in response
to the commands. Details in configuration of VP 120 will more
specifically be described hereinafter (see FIG. 2).
[0056] DCM 130 includes a communication I/F (interface) allowing
vehicular body 10 to communicate with data server 500 wirelessly.
DCM 130 outputs various vehicle information such as a velocity, a
position, and an autonomous driving state to data server 500.
Further, DCM 130 for example receives from autonomous
driving-related mobility services 700 through MSPF 600 and data
server 500 various types of data for travelling of an autonomously
driven vehicle including vehicle 1 managed by mobility services
700.
[0057] MSPF 600 is an integrated platform to which various mobility
services are connected. In addition to autonomous driving
related-mobility services 700, various mobility services (not
shown) (for example, various mobility services provided by a
ride-share company, a car-sharing company, an insurance company, a
rent-a-car company, and a taxi company) are connected to MSPF 600.
Various mobility services including mobility services 700 can use
various functions that are provided by MSPF 600 through an API
published on MSPF 600, depending on service contents.
[0058] Autonomous driving-related mobility services 700 provide
mobility services using an autonomously driven vehicle including
vehicle 1. Mobility services 700 can obtain various types of
information (for example, driving control data of vehicle 1
communicating with data server 500, and information stored in data
server 500) from MSPF 600 through an API published on MSPF 600.
Further, mobility services 700 can transmit various types of
information (for example, data for management of an autonomously
driven vehicle including vehicle 1) to MSPF 600 through the
API.
[0059] MSPF 600 publishes an API for using various types of data on
vehicular state and vehicular control necessary for development of
an ADS, and an ADS provider can use as the API the various types of
data stored in data server 500 on vehicular state and vehicular
control necessary for development of the ADS.
[0060] FIG. 2 is a diagram showing details in configuration of
vehicle control interface 110, VP 120 and ADS 200 that vehicle 1
comprises.
[0061] Referring to FIG. 2 together with FIG. 1, ADS 200 includes
an ADC (Autonomous Driving Control) computer 210, an HMI (Human
Machine Interface) 230, sensors for perception 260, sensors for
pose 270, and a sensor cleaning 290.
[0062] ADC computer 210 includes a processor and a storage device
for storing autonomous driving software, and is configured to be
capable of executing the autonomous driving software by the
processor. The above-described API is executed by the autonomous
driving software.
[0063] HMI 230 is a device allowing a user and ADC computer 210 to
communicate information therebetween. HMI 230 may include an input
device to receive an input (including a voice input) from a user,
and a notification device to notify the user of information. For
example, ADC computer 210 may notify the user of prescribed
information (e.g., an autonomous driving state, or occurrence of
failure) through the notification device. The user can use the
input device to instruct or request ADC computer 210, change values
of parameters used in the autonomous driving software that are
permitted to be changed, and the like. HMI 230 may be a touch panel
display which functions as both the input device and the
notification device.
[0064] Sensors for perception 260 include various sensors which
obtain environment information that is information for perceiving
an environment external to vehicle 1. Sensors for perception 260
are configured to obtain environment information of vehicle 1 and
output the environment information to ADC computer 210. The
environment information is used for autonomous driving control. In
the present embodiment, sensors for perception 260 include a camera
that captures an image around vehicle 1 (including its front and
rear sides) and an obstacle detector (e.g., a millimeter-wave radar
and/or lidar) that detects an obstacle by an electromagnetic wave
or a sound wave. Note, however, that the sensors are not limited as
such, and any sensor suitable for obtaining environment information
used for autonomous driving control may be adopted as sensors for
perception 260. ADC computer 210 can recognize, for example, a
person, an object (e.g., another vehicle, a pole, a guard rail and
the like), and a line (e.g., a center line) on a road that are
present in a range perceivable from vehicle 1 by using environment
information received from sensors for perception 260. Artificial
intelligence (AI) or an image processing processor may be used for
recognition.
[0065] Sensors for pose 270 are configured to obtain pose
information, which is information regarding a pose of vehicle 1,
and output the pose information to ADC computer 210. Sensors for
pose 270 include various sensors to sense vehicle 1's acceleration,
angular velocity, and position. In the present embodiment, sensors
for pose 270 include an IMU (Inertial Measurement Unit) and a GPS
(Global Positioning System). The IMU for example detects vehicle
1's acceleration in each of the vehicle's longitudinal, lateral and
vertical directions, and detects vehicle 1's angular velocity in
each of the vehicle's roll, pitch, and yaw directions. The GPS
detects the position of vehicle 1 by using signals received from a
plurality of GPS satellites. Combining an IMU and a GPS to measure
a pose with high accuracy is a technique known in the field of
automobiles and aircraft. ADC computer 210 may for example use such
a known technique to measure a pose of vehicle 1 from the pose
information.
[0066] Sensor cleaning 290 is a device to remove soiling from a
sensor (for example, sensors for perception 260) exposed to
external air outside the vehicle. For example, sensor cleaning 290
may be configured to use a cleaning solution and a wiper to clean a
lens of the camera and an exit of the obstacle detector.
[0067] Hereinafter, how vehicle control interface 110 and VP 120
included in vehicular body 10 are configured will be described. In
vehicular body 10, for better safety, a prescribed function (for
example, braking, steering, and locking the vehicle) is provided
with redundancy. Vehicular body 10 includes a plurality of systems
to implement equivalent functions.
[0068] Vehicle control interface 110 includes VCIBs (Vehicle
Control Interface Boxes) 111 and 112. Each of VCIBs 111 and 112 is
an ECU (Electronic Control Unit) functioning as an interface and a
signal converter between ADS 200 and VP 120. Each of VCIBs 111 and
112 is communicatively connected to ADC computer 210. VCIBs 111 and
112 are both connected to a system constituting VP 120. Note,
however, that, as shown in FIG. 2, VCIB 111 and VCIB 112 are
partially different in to what they are connected. VCIB 111 and
VCIB 112 are mutually communicatively connected. Each of VCIBs 111
and 112 can operate alone, and even when one VCIB fails, the other
normally operates, and vehicle control interface 110 thus normally
operates.
[0069] Each of VCIBs 111 and 112 includes a processor, a RANI
(Random Access Memory), and a storage device. As the processor, for
example, a CPU (Central Processing Unit) can be employed. The
storage device is configured to be able to hold stored information.
As the storage device, for example, a ROM (Read Only Memory) and/or
a rewritable nonvolatile memory can be employed. The storage device
stores a program, and in addition, information (e.g., various
parameters) used in the program. A process of vehicle control
interface 110, which will be described hereinafter (see FIGS. 4 to
9), is performed by the processor executing a program stored in the
storage device (e.g., a program using the API described above).
These processes may be performed by any of VCIBs 111 and 112 or may
be performed by VCIBs 111 and 112 cooperating when they both
normally operate.
[0070] In the present embodiment, VP 120 and ADS 200 perform CAN
(Controller Area Network) communication with each other via vehicle
control interface 110. The API described above is executed
periodically as defined for each API. However, a system in which VP
120 and ADS 200 communicate is not limited to the CAN, and may be
changed as appropriate.
[0071] When any failure occurs in one of the redundant systems of
VP 120, VCIBs 111 and 112 switch/shut down a control system to
cause a normal system to operate properly. This maintains a
function of VP 120 (e.g., braking, steering, and locking the
vehicle).
[0072] VP 120 includes brake systems 121A and 121B. Each of brake
systems 121A and 121B includes a plurality of braking mechanisms
provided to each wheel of vehicular body 10, a braking actuator
serving as an actuator for driving each braking mechanism, and a
control device that controls the braking actuator. The braking
mechanism may be, for example, a hydraulic disc brake that applies
braking force to a wheel through hydraulic pressure adjustable by
the actuator. The control device controls the braking actuator in
response to a user operation (for example, a brake pedal operation)
in the manual mode, and controls the braking actuator in response
to a control command received from VCIBs 111 and 112 in the
autonomous mode. The control device of brake system 121A and the
control device of brake system 121B may be communicatively
connected to each other. Brake systems 121A and 121B both implement
a braking function and can operate alone. Therefore, even when one
brake system fails, the other normally operates, and vehicular body
10 can be braked.
[0073] VP 120 further includes a wheel speed sensor 127. Wheel
speed sensor 127 is provided to each wheel of vehicular body 10 and
senses a rotation speed of each wheel. A result of sensing by wheel
speed sensor 127 is transmitted to vehicle control interface 110.
In the present embodiment, the rotation speed of each wheel sensed
by wheel speed sensor 127 is output from wheel speed sensor 127 to
brake system 121B, and from brake system 121B to VCIB 111.
[0074] VP 120 further includes steering systems 122A and 122B. Each
of steering systems 122A and 122B includes a steering mechanism
capable of adjusting and varying a steering angle of a steering
wheel of vehicle 1, a steering actuator serving as an actuator for
driving the steering mechanism, and a control device that controls
the steering actuator. The steering mechanism may be, for example,
a rack and pinion type EPS (Electric Power Steering) capable of
adjusting a steering angle by the actuator. The control device
controls the steering actuator in response to a user operation
(e.g., a steering-wheel operation) in the manual mode, and controls
the steering actuator in response to a control command received
from VCIBs 111 and 112 in the autonomous mode. The control device
of steering system 122A and the control device of steering system
122B may be communicatively connected to each other. Steering
systems 122A and 122B both implement a steering function and can
operate alone. Therefore, even when one of steering systems 122A
and 122B fails, the other normally operates, and vehicular body 10
can thus be steered.
[0075] Pinion angle sensors 128A and 128B are connected to steering
systems 122A and 122B, respectively. Each of pinion angle sensors
128A and 128B senses a pinion angle. The pinion angle is a rotation
angle of a pinion gear coupled to a rotation shaft of the steering
mechanism or the steering actuator. The pinion angle represents a
tire turning angle. Results of sensing by pinion angle sensors 128A
and 128B are transmitted to vehicle control interface 110. In the
present embodiment, the pinion angle sensed by pinion angle sensor
128A is output from pinion angle sensor 128A to steering system
122A and from steering system 122A to VCIB 111. The pinion angle
sensed by pinion angle sensor 128B is output from pinion angle
sensor 128B to steering system 122B and from steering system 122B
to VCIB 112.
[0076] VP 120 further includes an EPB (Electric Parking Brake)
system 123A and a P (parking)-Lock system 123B.
[0077] EPB system 123A includes an EPB (electric parking brake)
that applies braking force to at least one wheel of vehicular body
10, and a control device that controls the EPB. The EPB is provided
separately from the braking mechanism described above, and locks
the wheel by an electric actuator. The EPB may be configured to
lock the wheel by operating a drum brake by the electric actuator
for parking brakes. Further, the EPB may be configured to lock the
wheel by adjusting by the electric actuator the hydraulic pressure
of a hydraulic system different from the above-described braking
actuator. The control device controls the EPB in response to a user
operation in the manual mode, and controls the EPB in response to a
control command received from VCIBs 111 and 112 in the autonomous
mode.
[0078] P-Lock system 123B includes a P-Lock mechanism provided in
the transmission of vehicular body 10, a P-Lock actuator serving as
an actuator for driving the P-Lock mechanism, and a control device
that controls the P-Lock actuator. The P-Lock mechanism may be, for
example, a mechanism to lock a position of rotation of the output
shaft of the transmission by fitting a parking lock pawl, which is
positionally adjustable by an actuator, into a gear (a lock gear)
coupled to a rotational element in the transmission and thus
provided. The control device controls the P-Lock actuator in
response to a user operation in the manual mode, and controls the
P-Lock actuator in response to a control command received from
VCIBs 111 and 112 in the autonomous mode.
[0079] EPB system 123A and P-Lock system 123B both implement a
vehicle locking function and can operate alone. Therefore, even
when one of EPB system 123A and P-Lock system 123B fails, the other
operates normally, and vehicular body 10 can be locked. The control
device of EPB system 123A and the control device of P-Lock system
123B may be communicatively connected to each other.
[0080] VP 120 further includes a propulsion system 124, a PCS
(Pre-Crash Safety) system 125, and a body system 126.
[0081] Propulsion system 124 includes a shift device that
determines a shift range (that is, a propulsion direction) and a
driving device that imparts propulsive force to vehicular body 10.
The shift device has a shift lever operated by the user, and in the
manual mode, the shift device switches a shift range in response to
a user operation (that is, a shift lever operation). In the
autonomous mode, the shift device switches a shift range in
response to a control command received from VCIBs 111 and 112. The
driving device includes, for example, a battery that stores
electric power for traveling, a motor generator that receives
electric power from the battery to rotate a wheel of vehicular body
10, and a control device that controls the motor generator. The
control device controls the motor generator in response to a user
operation (for example, an accelerator pedal operation) in the
manual mode, and controls the motor generator in response to a
control command received from VCIBs 111 and 112 in the autonomous
mode.
[0082] PCS system 125 uses a camera/radar 129 which is a camera
and/or a radar to carry out vehicle control to mitigate or avoid
damage caused by collision. PCS system 125 is communicatively
connected to brake system 121B. PCS system 125 for example uses
camera/radar 129 to determine whether there is a possibility of a
collision, and when PCS system 125 determines that there is a
possibility of a collision, PCS system 125 requests brake system
121B to increase a braking force.
[0083] Body system 126 includes body-related components (e.g., a
direction indicator, a horn, and a wiper) and a control device that
controls the body-related components. In the manual mode, the
control device controls the body-related components in response to
a user operation, and in the autonomous mode, the control device
controls the body-related components in response to a control
command received from VCIBs 111 and 112.
[0084] While in VP 120 according to the present embodiment a
control device is provided for each control system, the number of
control devices can be changed as appropriate. For example, one
control device may be configured to integrally control each control
system.
[0085] Vehicle 1 according to the present embodiment is a
four-wheel electric vehicle (EV) which does not include an engine
(an internal combustion engine). However, vehicle 1 is not limited
thereto, and may be a connected car (e.g., a hybrid vehicle)
provided with an engine. The number of wheels that vehicle 1
includes is not limited to four wheels, and may be changed as
appropriate. Vehicle 1 may include three wheels or five or more
wheels.
[0086] Vehicle 1 is configured to switchable between an autonomous
mode and a manual mode. An API signal that ADS 200 receives from
vehicle control interface 110 includes a signal Autonomy_State
indicating whether vehicle 1 is in the autonomous mode or the
manual mode. The user can select either the autonomous mode or the
manual mode via a prescribed input device. The prescribed input
device may be an input device (not shown) included in vehicular
body 10 (for example, vehicle control interface 110 or VP 120).
When any mode is selected by the user, vehicle 1 enters the
selected mode, and the selection result is reflected in the
Autonomy_State. However, when vehicle 1 is not in an autonomously
drivable state, the vehicle does not transition to the autonomous
mode even when the user selects the autonomous mode. Autonomy_State
indicating the current mode of the vehicle (i.e., the autonomous
mode/the manual mode) is sequentially output from vehicle control
interface 110 to ADS 200 in real time. In an initial state (that
is, when vehicle 1 is started), vehicle 1 is in the manual mode.
ADS 200 may be configured to obtain Autonomy_State through HMI 230
(see FIG. 2).
[0087] When vehicle 1 is in the autonomous mode, ADS 200 executes
the API to transmit a command for autonomous driving control to VP
120. FIG. 3 is a flowchart of a process performed by ADS 200 in
autonomous driving control according to the present embodiment. The
process shown in this flowchart is repeatedly performed
periodically as corresponding to the API (i.e., in accordance with
an API period) when vehicle 1 is in the autonomous mode.
[0088] Referring to FIG. 3 together with FIGS. 1 and 2, in step
(hereinafter simply referred to as "S") 11, ADS 200 obtains current
information of vehicle 1. For example, ADC computer 210 obtains
environment information and pose information of vehicle 1 from
sensors for perception 260 and sensors for pose 270. In the present
embodiment, regardless of whether vehicle 1 may be in the
autonomous mode or the manual mode, an API signal indicating a
state of vehicle 1 (Propulsion Direction by Driver,
Actual_Moving_Direction, Propulsion Direction Status,
Estimated_Max_Accel_Capability, Estimated_Max_Decel_Capability,
Longitudinal_Velocity, etc., described hereinafter) is sequentially
output from vehicle control interface 110 to ADS 200 in real time.
ADS 200 can refer to such an API signal to obtain information of
vehicle 1 to be used in generating a driving plan (S12), which will
be described hereinafter. When the Autonomy_State indicates the
manual mode, the process of series of steps shown in FIG. 3
ends.
[0089] In S12, ADC computer 210 creates a driving plan based on the
information of vehicle 1 obtained in S11. When a driving plan is
already present, the driving plan may be corrected based on the
information of vehicle 1. For example, ADC computer 210 calculates
a behavior of vehicle 1 (e.g., a pose of vehicle 1) and creates a
driving plan suitable for a state of vehicle 1 and an environment
external to vehicle 1. The driving plan is data indicating a
behavior of vehicle 1 for a prescribed period of time.
[0090] In S13, ADC computer 210 extracts a physical control
quantity (acceleration, a tire turning angle, etc.) from the
driving plan created in S12.
[0091] In S14, ADC computer 210 splits the physical quantity
extracted in S13 by a defined cycle time of each API.
[0092] In S15, ADC computer 210 executes the API using the physical
quantity split in S14. When the API is thus executed, an API
command (e.g., a Propulsion Direction Command, an Acceleration
Command, and a Standstill Command, and the like, which will be
described hereinafter) for implementing the physical quantity in
accordance with the driving plan is transmitted from ADS 200 to
vehicle control interface 110. Vehicle control interface 110
transmits a control command corresponding to the received API
command to VP 120, and VP 120 carries out autonomous driving
control of vehicle 1 in response to the control command.
[0093] In the present embodiment, it is assumed that vehicle 1 is
autonomously driven when vehicle 1 is manned. This is not
exclusive, however, and vehicle 1 may be autonomously driven when
vehicle 1 is unmanned.
[0094] In the manual mode, a shift change of vehicle 1 (i.e.,
switching a shift range) is performed in response to the driver's
shift lever operation. In the present embodiment, in the manual
mode, the driver can select any one of a P (parking) range, an N
(neutral) range, a D (drive) range, an R (reverse) range, and a B
(brake) range, for example. The D range and the B range correspond
to a traveling range. Deceleration is stronger in the B range than
in the D range.
[0095] The command sent from ADS 200 to VP 120 through vehicle
control interface 110 includes a command referred to as a
Propulsion Direction Command to request to switch a shift range to
another. In the autonomous mode, ADS 200 performs a shift change of
vehicle 1 by using the Propulsion Direction Command. In the present
embodiment, ADS 200 can only select the D range and the R range in
the autonomous mode. That is, in the autonomous mode, vehicle 1 has
a shift range which is either the D range or the R range. In the
present embodiment, the Propulsion Direction Command is set to any
one of No Request, a value (R) requesting a shift to the R range,
and a value (D) requesting a shift to the D range. In the
autonomous mode, VP 120 performs a shift change of vehicle 1 in
response to the Propulsion Direction Command.
[0096] The API signal includes a signal Propulsion Direction Status
indicating the current shift range. The Propulsion Direction Status
basically indicates a value corresponding to the current shift
range (one of P, N, D, R, and B in the present embodiment), and
indicates "Invalid Value" when the current shift range is
unknown.
[0097] The API signal includes a signal Propulsion Direction by
Driver indicating a shift lever position by a driver. The
Propulsion Direction by Driver is output from vehicle control
interface 110 to ADS 200 when the driver operates the shift lever.
The Propulsion Direction by Driver basically represents a value
corresponding to a position of the shift lever (one of P, N, D, R,
and B in the present embodiment). When the driver releases his/her
hand from the shift lever, the shift lever returns to a central
position and the Propulsion Direction by Driver indicates "No
Request."
[0098] During the autonomous mode, the driver's shift lever
operation is not reflected in the Propulsion Direction Status.
Note, however, that ADS 200 may determine a value for the
Propulsion Direction Command by referring to the Propulsion
Direction by Driver. If necessary, ADS 200 confirms the Propulsion
Direction by Driver, and requests switching a shift position to
another by the Propulsion Direction Command as necessary.
[0099] The API signal includes a signal Longitudinal_Velocity
indicating an estimated longitudinal velocity of vehicle 1.
Longitudinal_Velocity indicates, for example, a longitudinal
velocity of vehicle 1 as estimated by VP 120 using a wheel speed
sensor. Longitudinal_Velocity indicates an absolute value of the
velocity. That is, Longitudinal_Velocity indicates a positive value
both when vehicle 1 moves forward and when vehicle 1 moves
backward. The Longitudinal_Velocity according to the present
embodiment corresponds to one example of a "first signal" according
to the present disclosure.
[0100] The API signal includes a signal Actual_Moving_Direction
indicating a moving direction of vehicle 1. In the present
embodiment, Actual_Moving_Direction is set to any one of Forward,
Reverse, Standstill, and Undefined. FIG. 4 is a flowchart of a
process performed by vehicle control interface 110 for setting
Actual_Moving_Direction. The Actual_Moving_Direction according to
the present embodiment corresponds to an example of a "third
signal" according to the present disclosure.
[0101] Referring to FIG. 4 together with FIG. 2, in S21, vehicle
control interface 110 determines whether the wheels (i.e., four
wheels) of vehicle 1 all have a speed of 0.
[0102] When a determination of YES is made in S21 (that is, the
four wheels are all stopped), then, vehicle control interface 110
determines in S22 whether a prescribed period of time (for example
of 500 msec) has elapsed since the four wheels reached the speed of
0. While a determination of YES is made in S21 and a determination
of NO is made in S22 (that is, the prescribed period of time has
not yet elapsed), S21 and S22 are repeated. Once a determination of
YES is made in S22 (that is, the prescribed period of time has
elapsed), vehicle control interface 110 sets the
Actual_Moving_Direction to "Standstill" in S25.
[0103] When a determination of NO is made in S21 (that is, any of
the four wheels is rotating), vehicle control interface 110
determines in S23 whether more than half the wheels rotate forward.
When a determination of YES is made in S23 (that is, when three or
more wheels rotate forward), vehicle control interface 110 sets the
Actual_Moving_Direction to "Forward" in S26.
[0104] When a determination of NO is made in S23 (that is, when two
or less wheels rotate forward), vehicle control interface 110
determines in S24 whether more than half the wheels rotate
backward. When a determination of YES is made in S24 (that is, when
three or more wheels rotate backward), vehicle control interface
110 sets the Actual_Moving_Direction to "Reverse" in S27. In
contrast, when a determination of NO is made in S24 (that is, when
two or less wheels rotate backward), vehicle control interface 110
sets the Actual_Moving_Direction to "Undefined" in S28.
[0105] Thus, in vehicle 1 according to the present embodiment, the
Actual_Moving_Direction indicates Standstill when a prescribed
number of wheels (for example, four wheels) of vehicle 1 continue a
speed of 0 for a prescribed period of time. In the present
embodiment, the process shown in FIG. 4 is performed by vehicle
control interface 110. This is not exclusive, however, and the
process of FIG. 4 may be partially or entirely performed by VP 120.
For example, the FIGS. 4 S21 and S22 may be performed by VP 120,
rather than vehicle control interface 110, and vehicle control
interface 110 may receive a result of the steps from VP 120.
[0106] A command sent from ADS 200 to VP 120 through vehicle
control interface 110 includes an Acceleration Command and a
Standstill Command.
[0107] The Acceleration Command is a signal requesting acceleration
and deceleration in the autonomous mode. The Acceleration Command
indicates a positive value when acceleration is requested for a
direction indicated by the Propulsion Direction Status, and the
Acceleration Command indicates a negative value when deceleration
is requested in that direction. The Acceleration Command requests
acceleration (+) and deceleration (-) for the direction indicated
by the Propulsion Direction Status. Upper limit values of
acceleration and deceleration of the Acceleration Command are
determined by estimated maximum acceleration capability and
estimated maximum deceleration capability, respectively, which will
be described hereinafter. The Acceleration Command according to the
present embodiment corresponds to an example of a "first command"
according to the present disclosure.
[0108] The API signal includes a signal
Estimated_Max_Accel_Capability indicating an estimated maximum
acceleration, and a signal Estimated_Max_Decel_Capability
indicating an estimated maximum deceleration. In the present
embodiment, VP 120 calculates an acceleration provided at the time
of WOT (Wide Open Throttle), estimates a value for
Estimated_Max_Accel_Capability (that is, a possible maximum
acceleration that vehicle 1 is currently requested to provide)
based on the calculated acceleration, the current state of vehicle
1 and the current road surface condition (e.g., gradient and road
surface load), and outputs the estimated value to vehicle control
interface 110. Estimated_Max_Accel_Capability is such that a
direction in which vehicle 1 proceeds (that is, a direction
indicated by the Propulsion Direction Status) is a positive
direction and the reverse direction is a negative direction.
Estimated_Max_Decel_Capability has a value varying in a range of
-9.8 m/s.sup.2 to 0 m/s.sup.2. VP 120 estimates a value for
Estimated_Max_Decel_Capability (that is, a possible maximum
deceleration that vehicle 1 is currently requested to provide)
based on the states of brake systems 121A, 121B (e.g., a brake
mode), the current state of vehicle 1, and the current road surface
condition. Depending on the state of vehicle 1 and the road surface
condition, Estimated_Max_Decel_Capability may be 0.
[0109] The Acceleration Command has a value selected from the range
of Estimated_Max_Decel_Capability to
Estimated_Max_Accel_Capability. When VP 120 receives a request from
both the Acceleration Command and PCS system 125 (FIG. 2) for
deceleration, VP 120 selects a maximum deceleration out of the
decelerations requested by the Acceleration Command and PCS system
125. Note that deceleration is represented in magnitude by an
absolute value. That is, deceleration becomes smaller as it
approaches 0, and deceleration becomes larger as it is farther away
from 0.
[0110] The Standstill Command is a signal requesting to maintain
stationary in the autonomous mode. In the present embodiment, the
Standstill Command is set to any one of No Request, Applied (a
value requesting to maintain stationary), and Released (a value
requesting release from maintaining stationary). The Standstill
Command can be set to maintain stationary when vehicle 1 is at a
standstill (for example when the Actual_Moving_Direction is
"Standstill"). When the Acceleration Command indicates an
acceleration value (a positive value), the Standstill Command is
not set to "Applied." Once to maintain stationary (e.g., brake hold
control described hereinafter) is completed, vehicle 1 transitions
to Standstill. The Standstill Command according to the present
embodiment corresponds to an example of a "second command"
according to the present disclosure.
[0111] The API signal includes a signal Standstill Status
indicating a standstill status of vehicle 1. The Standstill Status
basically indicates either Applied (a value indicating that vehicle
1 is at a Standstill) or Released (a value indicating that vehicle
1 is not at a Standstill), and indicates "Invalid Value" when it is
unknown which standstill status vehicle 1 has. Standstill means a
state in which vehicle 1 is maintained stationary (for example,
brake hold). The Standstill Status according to the present
embodiment corresponds to an example of a "second signal" according
to the present disclosure.
[0112] In the present embodiment, when ADS 200 issues an
Acceleration Command to request VP 120 to provide deceleration to
bring vehicle 1 to a standstill, and the Longitudinal_Velocity
indicates 0 km/h, ADS 200 issues a Standstill Command to request VP
120 to maintain stationary, and VP 120 carries out brake hold
control. After the brake hold control is finished, the Standstill
Status indicates Applied. Until the Standstill Status indicates
Applied, the Acceleration Command continues to request VP 120 to
provide deceleration.
[0113] FIG. 5 is a flowchart of a process involved in brake hold
control carried out by vehicle control interface 110 in the
autonomous mode. The process shown in this flowchart is repeatedly
performed in accordance with the API period in synchronization with
a process of ADS 200 when vehicle 1 is in the autonomous mode.
[0114] Referring to FIG. 5 together with FIG. 2, in S31, vehicle
control interface 110 determines whether a deceleration request
(that is, an Acceleration Command to request deceleration) has been
received. When a determination of YES is made in S31 (that is, a
deceleration request has been received), vehicle control interface
110 determines in S32 whether a standstill request (that is, a
Standstill Command to request to maintain stationary) has been
received. When a determination of YES is made in S32 (that is, a
standstill request has been received), vehicle control interface
110 determines in S33 whether the Actual_Moving_Direction is
Standstill.
[0115] When a determination of NO is made in S33, the control
returns to the initial step (S31). When the Acceleration Command
requests deceleration (YES in S31), vehicle 1 is controlled to be
decelerated in response to the Acceleration Command (see S52 in
FIG. 7 described hereinafter). When vehicle 1 controlled to be
decelerated has its four wheels all reaching a speed of 0, the
Actual_Moving_Direction is set to Standstill (see FIG. 4), and a
determination of YES is made in S33.
[0116] When the Acceleration Command requests deceleration (YES in
S31), the Standstill Command requests to maintain stationary (YES
in S32), and the Actual_Moving_Direction indicates Standstill (YES
in S33), vehicle control interface 110 instructs VP 120 in S34 to
start brake hold (BH) control. In brake systems 121A and 121B of VP
120 (see FIG. 2), the braking actuator is controlled in accordance
with the instruction from vehicle control interface 110. When
controlling the braking actuator is completed, brake systems 121A
and 121B transmit a BH Completed signal indicating that controlling
the braking actuator is completed.
[0117] In S35, vehicle control interface 110 determines whether the
brake hold control is completed. Vehicle control interface 110
determines whether the brake hold control has been completed based
on, for example, whether the BH Completed signal has been received.
In the present embodiment, vehicle control interface 110 having
received the BH Completed signal means that VP 120 has completed
the brake hold control.
[0118] While determination of YES is made in all of S31 to S33,
brake hold control is carried out in S34, and when the brake hold
control is completed (YES in S35), then, in step S36, vehicle
control interface 110 sets the Standstill Status to Applied.
[0119] When a determination of NO is made in either S31 or S32,
vehicle control interface 110 determines in S37 whether a Release
Standstill request (that is, a Standstill Command to request
release from maintaining stationary) has been received. When a
determination of YES is made in S37 (that is, a Release Standstill
request has been received), vehicle control interface 110 instructs
VP 120 in S38 to release brake hold (BH) of vehicle 1. Thus in
brake systems 121A and 121B of VP 120 the brake actuators are
controlled and the brake hold is thus released. When it is already
released, it is held released. Then, vehicle control interface 110
sets the Standstill Status to Released in S39. In contrast, when a
determination of NO is made in S37 (that is, no Release Standstill
request has been received), the control returns to the initial step
(S31).
[0120] In vehicle 1 according to the present embodiment, when ADS
200 issues an Acceleration Command to request VP 120 to provide
deceleration to bring vehicle 1 to a standstill (YES in S31), and
thereafter, before brake hold control is completed the request
through the Acceleration Command for deceleration is cancelled (NO
in S31), transitioning to the brake hold control (S34) is canceled.
When the request is cancelled before the brake hold control starts,
transitioning to the brake hold control is not performed. When the
request is cancelled while the brake hold control has already been
started, the brake hold control currently carried out is stopped,
and brake systems 121A and 121B return to a state assumed before
the brake hold control is carried out.
[0121] In vehicle 1 according to the present embodiment, when ADS
200 issues a Standstill Command to request VP 120 to maintain
stationary (YES in S32), and thereafter, before brake hold control
is completed the request through the Standstill Command to maintain
stationary is cancelled (NO in S32), transitioning to the brake
hold control (S34) is canceled. When the request is cancelled
before the brake hold control starts, transitioning to the brake
hold control is not performed. When the request is cancelled while
the brake hold control has already been started, the brake hold
control currently carried out is stopped, and brake systems 121A
and 121B return to a state assumed before the brake hold control is
carried out.
[0122] In the present embodiment, the process shown in FIG. 5 is
performed by vehicle control interface 110. This is not exclusive,
however, and the process of FIG. 5 may partially or entirely be
performed by VP 120. When the FIG. 5 process is performed by VP
120, rather than vehicle control interface 110, then, in S34 and
S38, VP 120 per se controls brake systems 121A and 121B (i.e., to
maintain stationary/release therefrom) without receiving an
instruction from vehicle control interface 110.
[0123] In the present embodiment, the EPB (electric parking brake)
is activated after a prescribed period of time has elapsed since
the Standstill Status indicated Applied. FIG. 6 is a flowchart of a
process involved in EPB control carried out by vehicle control
interface 110 in the autonomous mode. The process shown in this
flowchart is repeatedly performed in accordance with the API period
in synchronization with a process of ADS 200 when vehicle 1 is in
the autonomous mode.
[0124] Referring to FIG. 6 together with FIG. 2, in S41, vehicle
control interface 110 determines whether the Standstill Status
indicates Applied. When a determination of YES is made in S41
(Standstill Status=Applied), vehicle control interface 110
determines in S42 whether a prescribed period of time (for example
of 3 minutes) has elapsed since the Standstill Status indicated
Applied. While the Standstill Status is maintained Applied (YES in
S41) and a determination of NO is made in S42, S41 and S42 are
repeated, and when a determination of YES is made in S42, the
control proceeds to S43. In S43, vehicle control interface 110
instructs VP 120 to activate the EPB. Thus, EPB system 123A is
controlled in VP 120, and the EPB is activated. When the EPB is
already active, the EPB is held active.
[0125] When a determination of NO is made in S41 (Standstill
Status=Released or Invalid Value), the control proceeds to S44. In
S44, vehicle control interface 110 instructs VP 120 to release the
EPB. Thus, EPB system 123A is controlled in VP 120, and the EPB is
thus released. When the EPB has already been released, the EPB is
held released.
[0126] Thus, in vehicle 1 according to the present embodiment, the
EPB (electric parking brake) is engaged after a prescribed period
of time has elapsed since the Standstill Status indicated Applied.
In the present embodiment, the process shown in FIG. 6 is performed
by vehicle control interface 110. This is not exclusive, however,
and the process of FIG. 6 may partially or entirely be performed by
VP 120. When the FIG. 6 process is performed by VP 120, rather than
vehicle control interface 110, then, in S43 and S44, VP 120 per se
controls (i.e., activates/deactivates) EPB system 123A without
receiving an instruction from vehicle control interface 110.
[0127] In the present embodiment, vehicle control interface 110
interposed between VP 120 and ADS 200 adjusts commands involved in
deceleration control, start control, and acceleration control.
Various signals communicated between VP 120 and ADS 200 are input
to and output from vehicle control interface 110.
[0128] FIG. 7 is a flowchart of a procedure of a process performed
by vehicle control interface 110 in deceleration control in the
autonomous mode. The process shown in this flowchart is started
when vehicle 1 is in the autonomous mode and vehicle control
interface 110 receives a deceleration request from ADS 200. While
vehicle control interface 110 receives a deceleration request from
ADS 200, this process is repeatedly performed in accordance with
the API period in synchronization with a process of ADS 200.
[0129] Referring to FIG. 7 together with FIG. 2, in S51, vehicle
control interface 110 determines whether a deceleration request
(that is, an Acceleration Command to request deceleration) has been
received from ADS 200. When a determination of YES is made in S51
(that is, a deceleration request has been received), in S52 vehicle
control interface 110 transmits a control command corresponding to
the Acceleration Command (an API command) received from ADS 200
(more specifically, a control command to request deceleration) to
VP 120 to carry out deceleration control for vehicle 1. In VP 120,
brake systems 121A and 121B and propulsion system 124 (see FIG. 2)
are controlled in response to the control command.
[0130] After the step of S52, in S53, vehicle control interface 110
uses a signal received from VP 120 to determine whether the
Longitudinal_Velocity indicates 0 km/h. When a determination of NO
is made in S53 (that is, Longitudinal_Velocity>0 km/h), the
control returns to the initial step (S51). When ADS 200 issues an
Acceleration Command to request VP 120 to provide deceleration to
bring vehicle 1 to a standstill, then, in response to the
deceleration request (S51), vehicle 1 is subjected to deceleration
control (S52) and thus reduced in velocity, and finally, the
Longitudinal_Velocity will indicate 0 km/h.
[0131] When a determination of YES is made in S53 (that is,
Longitudinal_Velocity=0 km/h), then, in S54, vehicle control
interface 110 requests from ADS 200 a Standstill request (i.e., a
Standstill Command to request to maintain stationary). In response
to this request, ADS 200 transmits the Standstill request to VP 120
through vehicle control interface 110.
[0132] After the step of S54, vehicle control interface 110
determines in S55 whether the Standstill Status indicates Applied.
The Standstill Status is set through the process shown in FIG. 5.
After the step of S54 in FIG. 7, when the Actual_Moving_Direction
is set to Standstill, brake hold control is carried out (S34 in
FIG. 5). When the brake hold control is completed (YES in S35 in
FIG. 5), the Standstill Status is set to Applied (S36 in FIG.
5).
[0133] After in response to the request in S54 the Standstill
Command is set to Applied before the Standstill Status is set to
Applied (that is, while a determination of NO is made in S55),
vehicle control interface 110 requests ADS 200 in S56 to set V2 for
the value of the Acceleration Command. V2 is a deceleration value
(i.e., a negative value). In response to this request, ADS 200
transmits a constant deceleration value (i.e., V2) as a value for
the Acceleration Command to VP 120 through vehicle control
interface 110. In the present embodiment, V2 is set to -0.4
m/s.sup.2.
[0134] When a determination of YES is made in S55 (Standstill
Status=Applied), vehicle control interface 110 requests ADS 200 in
S57 to set V3 for the value of the Acceleration Command. V3 is a
deceleration value or 0 m/s.sup.2. In the present embodiment, V3 is
set to 0 m/s.sup.2. In response to the above request (S57), ADS 200
transmits V3 (e.g., 0 m/s.sup.2) as a value for the Acceleration
Command to VP 120 through vehicle control interface 110. Until
start control described hereinafter (see FIG. 8) is started, ADS
200 maintains vehicle 1 at a standstill (Standstill Status=Applied)
and maintains the value of the Acceleration Command at V3. Note
that V3 is not limited to 0 m/s.sup.2. For example, V3 may be a
deceleration value smaller than V2 or may be equal to V2.
[0135] When the step of S57 is performed, the series of steps of
the process of FIG. 7 ends. The series of steps of the process of
FIG. 7 also ends when the Acceleration Command no longer requests
deceleration (NO in S51).
[0136] FIG. 8 is a flowchart of a procedure of a process performed
by vehicle control interface 110 in the start control in the
autonomous mode. The process shown in this flowchart is started
when vehicle 1 is in the autonomous mode and vehicle control
interface 110 receives a start request from ADS 200. When the
Standstill Status indicates "Applied" and a Standstill Command
received from ADS 200 changes from "Applied" to "Released" vehicle
control interface 110 determines that a start request has been
received from ADS 200.
[0137] Referring to FIG. 8 together with FIG. 2, vehicle control
interface 110 requests ADS 200 in S61 to set V4 for the value of
the Acceleration Command (more specifically, a deceleration value),
and in S62 receives the Acceleration Command from ADS 200 and
transmits a control command corresponding thereto (more
specifically, a control command to request deceleration) to VP 120
to perform deceleration control for vehicle 1. In VP 120, brake
systems 121A and 121B and propulsion system 124 (see FIG. 2) are
controlled in response to the control command. Thus, until a
determination of YES is made in S63 described hereinafter,
acceleration of vehicle 1 is suppressed and vehicle 1 is held in a
state with a vehicular velocity of 0
(Actual_Moving_Direction=Standstill). V4 is a prescribed
deceleration value (that is, a negative value). V4 may be a
deceleration value smaller than V2 or may be equal to V2.
[0138] In S63, vehicle control interface 110 determines whether a
prescribed period of time (hereinafter referred to as "AT") has
elapsed since the start request was made. .DELTA.T is for example
set to be equal to or longer than a period of time taken after the
Standstill Command is set to "Released" before the Standstill
Status is set to "Released." .DELTA.T may be selected from a range
of 1 second to 10 seconds.
[0139] ADS 200 maintains the Acceleration Command at value V4 for a
period of time after the start request is made before AT elapses
(that is, while a determination of NO is made in S63). After the
start request is made when AT elapses (YES in S63), in S64 vehicle
control interface 110 requests from ADS 200 an Acceleration Command
to request acceleration, or an acceleration request, and thereafter
the series of steps of the process of FIG. 8 ends. In response to
the request from vehicle control interface 110 (S64), ADS 200
transmits the acceleration request to VP 120 through vehicle
control interface 110. This allows transitioning to acceleration
control described hereinafter.
[0140] FIG. 9 is a flowchart of a procedure of a process performed
by vehicle control interface 110 in acceleration control in the
autonomous mode. The process shown in this flowchart is started
when vehicle 1 is in the autonomous mode and vehicle control
interface 110 receives an acceleration request from ADS 200. While
vehicle control interface 110 receives an acceleration request from
ADS 200, this process is repeatedly performed in accordance with
the API period in synchronization with a process of ADS 200.
[0141] Referring to FIG. 9 together with FIG. 2, in S71, vehicle
control interface 110 determines whether an acceleration request
has been received from ADS 200. When a determination of YES is made
in S71 (that is, an acceleration request has been received), in S72
vehicle control interface 110 transmits a control command
corresponding to an Acceleration Command received from ADS 200
(more specifically, a control command to request acceleration) to
VP 120 to carry out acceleration control for vehicle 1. In
propulsion system 124 of VP 120, the driving device is controlled
in response to the control command.
[0142] While vehicle control interface 110 receives the
acceleration request from ADS 200 (that is, while a determination
of YES is made in S71), vehicle control interface 110 continues
acceleration control for vehicle 1 (S72). In contrast, when the
Acceleration Command no longer requests acceleration (NO in S71),
the series of steps of the process in FIG. 9 ends.
[0143] In the present embodiment, the processes shown in FIGS. 7 to
9 are performed by vehicle control interface 110. This is not
exclusive, however, and the processes shown in FIGS. 7 to 9 may
partially or entirely be performed by ADS 200. For example, when
the process shown in FIG. 7 is performed by ADS 200, rather than
vehicle control interface 110, ADS 200 per se changes each
command's value in the steps of S54, S56 and S57 without receiving
a request from vehicle control interface 110. Until the Standstill
Status indicates Standstill in response to the Standstill Command
(S54) (NO in S55), ADS 200 issues the Acceleration Command to
continue to request VP 120 to provide deceleration (S56).
[0144] FIG. 10 is timing plots representing an exemplary operation
of vehicle 1 autonomously driven in the autonomous mode. Referring
to FIG. 10, in this example, the Acceleration Command (indicated by
a line L12) is set from 0 m/s.sup.2 to V1 at time t1. V1 is a
deceleration value larger than V2 (that is, a deceleration value
more negative than V2). V1 may be selected, for example, from a
range of -6.0 m/s.sup.2 to -1.0 m/s.sup.2. When the Acceleration
Command (line L12) is set to V1, vehicle 1 is subjected to
deceleration control (S52 in FIG. 7). As a result, the
Longitudinal_Velocity (indicated by a line L11) approaches 0 km/h.
Thereafter, at time t2, the Longitudinal_Velocity (line L11)
reaches 0 km/h, and in response, the Standstill Command (indicated
by a line L13) is set to "Applied" (S54 in FIG. 7) and the
Acceleration Command is set to V2 (for example, -0.4 m/s.sup.2)
(S56 in FIG. 7). Thereafter, at time t3, the
Actual_Moving_Direction (indicated by a line L15) is set to
"Standstill" and brake hold control is carried out (S34 in FIG. 5).
At time t4 the brake hold control is completed and the Standstill
Status (indicated by a line L14) is set to "Applied" (S36 in FIG.
5), and in response, the Acceleration Command (line L12) is set to
V3 (e.g., 0 m/s.sup.2) (S57 in FIG. 7). And when a prescribed
period of time has elapsed, the EPB is activated (S43 in FIG. 6).
The Acceleration Command is maintained at V2 (that is, a constant
deceleration value) after the Standstill Command (line L13) is set
to "Applied" before the Standstill Status (line L14) is set to
"Applied" (or for a period from t2 to t4).
[0145] For a period from t4 to t5, vehicle 1 maintains a
Standstill. The period from t4 to t5 may be a signal waiting
period. In vehicle 1 according to the present embodiment, when the
brake hold control is completed and a request through the
Standstill Command to maintain stationary still continues, vehicle
1 continues Standstill (Standstill Status=Applied) while the
Standstill Command requests to maintain stationary (Standstill
Command=Applied).
[0146] At time t5, the Standstill Command (line L13) is set from
"Applied" to "Released," and in response, the Acceleration Command
(line L12) is set to V4 (S61 in FIG. 8). Furthermore, as the
Standstill Command (line L13) is set to "Released," at time t6
vehicle 1 is released from the brake hold (S38 in FIG. 5), the
Standstill Status (line L14) is set to "Released" (S39 in FIG. 5),
and the EPB is released (S44 in FIG. 6). Thereafter, at time t7,
the Acceleration Command (line L12) is set to V5 (S64 in FIG. 8).
V5 is an acceleration value (i.e., a positive value). For a period
of t5 to t7, the Acceleration Command is maintained at V4. The
period of t5 to t7 corresponds to the aforementioned .DELTA.T.
[0147] In vehicle 1 according to the present embodiment, when ADS
200 cancels a Standstill Command to cancel a Maintain Stationary
request (Standstill Command=Released) in order to start vehicle 1,
brake hold applied to vehicle 1 is released and VP 120 controls
acceleration and deceleration of vehicle 1 based on an Acceleration
Command.
[0148] During a period of t7 to t8, vehicle 1 is subjected to
acceleration control (S72 in FIG. 9). As a result, the
Longitudinal_Velocity (line L11) increases. At time t8, the
Longitudinal_Velocity (line L11) reaches a target value, and in
response, the Acceleration Command is set to 0 m/s.sup.2, and the
acceleration control (FIG. 9) ends.
[0149] Thus, vehicle 1 according to the present embodiment
comprises ADS 200 and VP 120 that controls vehicle 1 in response to
a command received from ADS 200. When ADS 200 issues an
Acceleration Command to request vehicle control interface 110 to
provide deceleration to stop vehicle 1 and the
Longitudinal_Velocity indicates 0 km/h, ADS 200 issues a Standstill
Command to request VP 120 to maintain stationary. When the brake
hold control is finished, the Standstill Status indicates Applied.
Until the Standstill Status indicates Applied, the Acceleration
Command continues to request VP 120 to provide deceleration.
[0150] According to the above configuration, after vehicle 1 is
stopped, acceleration of vehicle 1 is suppressed in response to a
request through the Acceleration Command for deceleration. Thus,
when VP 120 carries out autonomous driving control in response to a
command issued from ADS 200, vehicle 1 can be appropriately
maintained stationary (that is, brake hold control can be carried
out appropriately).
[0151] Vehicle control interface 110 according to the present
embodiment is provided between ADS 200 and VP 120 that controls
vehicle 1 in response to a command received from ADS 200. When ADS
200 issues an Acceleration Command to request VP 120 to provide
deceleration to stop vehicle 1 and the Longitudinal_Velocity
indicates 0 km/h, vehicle control interface 110 requests from ADS
200 a Standstill request (i.e., a Standstill Command to request to
maintain stationary) (S54 in FIG. 7). Vehicle control interface 110
requests ADS 200 to continuously transmit a deceleration request
(that is, an Acceleration Command to request deceleration) until
the Standstill Status indicates Applied (S56 in FIG. 7). Such
vehicle control interface 110 allows acceleration of vehicle 1 to
be suppressed in response to a request through an Acceleration
Command for deceleration even after the vehicle is stopped (that
is, even after the Longitudinal_Velocity indicates 0 km/h). Thus,
when VP 120 carries out autonomous driving control in response to a
command issued from ADS 200, vehicle 1 can be appropriately
maintained stationary (that is, brake hold control can be carried
out appropriately).
[0152] In the above embodiment, the Acceleration Command changes
stepwise from 0 m/s.sup.2 to V1, from V1 to V2, and from V2 to 0
m/s.sup.2 (see FIG. 10). This is not exclusive, however, and the
Acceleration Command may change smoothly (e.g., in a curve).
[0153] In the above embodiment, in S53 of FIG. 7, whether the
Longitudinal_Velocity indicates 0 km/h is determined. This is not
exclusive, however, and in S53 of FIG. 7, whether the
Longitudinal_Velocity indicates a prescribed velocity or less may
be determined. The prescribed velocity may be a value which is
small to an extent allowing vehicle 1 to be regarded as being
stationary (e.g., approximately 0.1 km/h).
[0154] Vehicle control interface 110 may be attached to vehicular
body 10 replaceably. Vehicle control interface 110 may be mounted
in ADK 20 rather than vehicular body 10. Vehicle control interface
110 may be dispensed with by providing the above described function
of vehicle control interface 110 to at least one of VP 120 and ADS
200.
[0155] Various processes of the vehicle platform, the autonomous
driving system, and the vehicle control interface are not limited
to execution by software, and may instead be performed by dedicated
hardware (or electronic circuitry).
Example 1
[0156] Toyota's MaaS Vehicle Platform
[0157] API Specification
[0158] for ADS Developers
[0159] [Standard Edition #0.1]
[0160] History of Revision
TABLE-US-00001 TABLE 1 Date of Revision ver. Summary of Revision
Reviser 2019 May 4 0.1 Creating a new material MaaS Business
Div.
[0161] Index
TABLE-US-00002 1. Outline 4 1.1. Purpose of this Specification 4
1.2. Target Vehicle 4 1.3. Definition of Term 4 1.4. Precaution for
Handling 4 2. Structure 5 2.1. Overall Structure of MaaS 5 2.2.
System structure of MaaS vehicle 6 3. Application Interfaces 7 3.1.
Responsibility sharing of when using APIs 7 3.2. Typical usage of
APIs 7 3.3. APIs for vehicle motion control 9 3.3.1. Functions 9
3.3.2. Inputs 16 3.3.3. Outputs 23 3.4. APIs for BODY control 45
3.4.1. Functions 45 3.4.2. Inputs 45 3.4.3. Outputs 56 3.5. APIs
for Power control 68 3.5.1. Functions 68 3.5.2. Inputs 68 3.5.3.
Outputs 69 3.6. APIs for Safety 70 3.6.1. Functions 70 3.6.2.
Inputs 70 3.6.3. Outputs 70 3.7. APIs for Security 74 3.7.1.
Functions 74 3.7.2. Inputs 74 3.7.3. Outputs 76 3.8. APIs for MaaS
Service 80 3.8.1. Functions 80 3.8.2. Inputs 80 3.8.3. Outputs
80
[0162] 1. Outline
[0163] 1.1. Purpose of this Specification
[0164] This document is an API specification of Toyota Vehicle
Platform and contains the outline, the usage and the caveats of the
application interface.
[0165] 1.2. Target Vehicle
[0166] e-Palette, MaaS vehicle based on the POV (Privately Owned
Vehicle) manufactured by Toyota
[0167] 1.3. Definition of Term
TABLE-US-00003 TABLE 2 Term Definition ADS Autonomous Driving
System. ADK Autonomous Driving Kit VP Vehicle Platform. VCIB
Vehicle Control Interface Box. This is an ECU for the interface and
the signal converter between ADS and Toyota VP's sub systems.
[0168] 1.4. Precaution for Handling
[0169] This is an early draft of the document.
[0170] All the contents are subject to change. Such changes are
notified to the users. Please note that some parts are still T.B.D.
will be updated in the future.
[0171] 2. Structure
[0172] 2.1. Overall Structure of MaaS
[0173] The overall structure of MaaS with the target vehicle is
shown (FIG. 11).
[0174] Vehicle control technology is being used as an interface for
technology providers.
[0175] Technology providers can receive open API such as vehicle
state and vehicle control, necessary for development of automated
driving systems.
[0176] 2.2. System Structure of MaaS Vehicle
[0177] The system architecture as a premise is shown (FIG. 12).
[0178] The target vehicle will adopt the physical architecture of
using CAN for the bus between ADS and VCIB. In order to realize
each API in this document, the CAN frames and the bit assignments
are shown in the form of "bit assignment table" as a separate
document.
[0179] 3. Application Interfaces
[0180] 3.1. Responsibility Sharing of when Using APIs
[0181] Basic responsibility sharing between ADS and vehicle VP is
as follows when using APIs.
[0182] [ADS]
[0183] The ADS should create the driving plan, and should indicate
vehicle control values to the VP.
[0184] [VP]
[0185] The Toyota VP should control each system of the VP based on
indications from an ADS.
[0186] 3.2. Typical Usage of APIs
[0187] In this section, typical usage of APIs is described.
[0188] CAN will be adopted as a communication line between ADS and
VP. Therefore, basically, APIs should be executed every defined
cycle time of each API by ADS.
[0189] A typical workflow of ADS of when executing APIs is as
follows (FIG. 13).
[0190] 3.3. APIs for Vehicle Motion Control
[0191] In this section, the APIs for vehicle motion control which
is controllable in the MaaS vehicle is described.
[0192] 3.3.1. Functions
[0193] 3.3.1.1. Standstill, Start Sequence
[0194] The transition to the standstill (immobility) mode and the
vehicle start sequence are described. This function presupposes the
vehicle is in Autonomy_State=Autonomous Mode. The request is
rejected in other modes.
[0195] The below diagram shows an example.
[0196] Acceleration Command requests deceleration and stops the
vehicle. Then, when Longitudinal_Velocity is confirmed as 0 [km/h],
Standstill Command="Applied" is sent. After the brake hold control
is finished, Standstill Status becomes "Applied". Until then,
Acceleration Command has to continue deceleration request. Either
Standstill Command="Applied" or Acceleration Command's deceleration
request were canceled, the transition to the brake hold control
will not happen. After that, the vehicle continues to be standstill
as far as Standstill Command="Applied" is being sent. Acceleration
Command can be set to 0 (zero) during this period.
[0197] If the vehicle needs to start, the brake hold control is
cancelled by setting Standstill Command to "Released". At the same
time, acceleration/deceleration is controlled based on Acceleration
Command (FIG. 14).
[0198] EPB is engaged when Standstill Status="Applied" continues
for 3 minutes.
[0199] 3.3.1.2. Direction Request Sequence
[0200] The shift change sequence is described. This function
presupposes that Autonomy_State=Autonomous Mode. Otherwise, the
request is rejected.
[0201] Shift change happens only during
Actual_Moving_Direction="standstill"). Otherwise, the request is
rejected.
[0202] In the following diagram shows an example. Acceleration
Command requests deceleration and makes the vehicle stop. After
Actual_Moving_Direction is set to "standstill", any shift position
can be requested by Propulsion Direction Command. (In the example
below, "D".fwdarw."R").
[0203] During shift change, Acceleration Command has to request
deceleration.
[0204] After the shift change, acceleration/deceleration is
controlled based on Acceleration Command value (FIG. 15).
[0205] 3.3.1.3. WheelLock Sequence
[0206] The engagement and release of wheel lock is described. This
function presupposes Autonomy_State=Autonomous Mode, otherwise the
request is rejected.
[0207] This function is conductible only during vehicle is stopped.
Acceleration Command requests deceleration and makes the vehicle
stop. After Actual_Moving_Direction is set to "standstill",
WheelLock is engaged by Immobilization Command="Applied".
Acceleration Command is set to Deceleration until Immobilization
Status is set to "Applied".
[0208] If release is desired, Immobilization Command="Release" is
requested when the vehicle is stationary. Acceleration Command is
set to Deceleration at that time.
[0209] After this, the vehicle is accelerated/decelerated based on
Acceleration Command value (FIG. 16).
[0210] 3.3.1.4. Road_Wheel_Angle Request
[0211] This function presupposes Autonomy_State="Autonomous Mode",
and the request is rejected otherwise.
[0212] Tire Turning Angle Command is the relative value from
Estimated_Road_Wheel_Angle_Actual.
[0213] For example, in case that
Estimated_Road_Wheel_Angle_Actual=0.1 [rad] while the vehicle is
going straight;
[0214] If ADS requests to go straight ahead, Tire Turning Angle
Command should be set to 0+0.1=0.1 [rad].
[0215] If ADS requests to steer by -0.3 [rad], Tire Turning Angle
Command should be set to -0.3+0.1=-0.2 [rad].
[0216] 3.3.1.5. Rider Operation
[0217] 3.3.1.5.1. Acceleration Pedal Operation
[0218] While in Autonomous driving mode, accelerator pedal stroke
is eliminated from the vehicle acceleration demand selection.
[0219] 3.3.1.5.2. Brake Pedal Operation
[0220] The action when the brake pedal is operated. In the autonomy
mode, target vehicle deceleration is the sum of 1) estimated
deceleration from the brake pedal stroke and 2) deceleration
request from AD system.
[0221] 3.3.1.5.3. Shift_Lever_Operation
[0222] In Autonomous driving mode, driver operation of the shift
lever is not reflected in Propulsion Direction Status.
[0223] If necessary, ADS confirms Propulsion Direction by Driver
and changes shift position by using Propulsion Direction
Command.
[0224] 3.3.1.5.4. Steering Operation
[0225] When the driver (rider) operates the steering, the maximum
is selected from
[0226] 1) the torque value estimated from driver operation angle,
and
[0227] 2) the torque value calculated from requested wheel
angle.
[0228] Note that Tire Turning Angle Command is not accepted if the
driver strongly turns the steering wheel. The above-mentioned is
determined by Steering_Wheel_Intervention flag.
[0229] 3.3.2. Inputs
TABLE-US-00004 TABLE 3 Signal Name Description Redundancy
Propulsion Direction Request to switch between forward (D N/A
Command range) and back (R range) Immobilization Command Request to
engage/release WheelLock Applied Standstill Command Request to
maintain stationary Applied Acceleration Command Request to
accelerate/decelerate Applied Tire Turning Angle Command Request
front wheel angle Applied Autonomization Command Request to
transition between manual Applied mode and autonomy mode
[0230] 3.3.2.1. Propulsion Direction Command
[0231] Request to switch between forward (D range) and back (R
range)
[0232] Values
TABLE-US-00005 TABLE 4 value Description Remarks 0 No Request 2 R
Shift to R range 4 D Shift to D range other Reserved
[0233] Remarks [0234] Only available when
Autonomy_State="Autonomous Mode" [0235] D/R is changeable only the
vehicle is stationary (Actual_Moving_Direction="standstill").
[0236] The request while driving (moving) is rejected. [0237] When
system requests D/R shifting, Acceleration Command is sent
deceleration (-0.4 m/s.sup.2) simultaneously. (Only while brake is
applied.) [0238] The request may not be accepted in following
cases. [0239] Direction_Control_Degradation_Modes="Failure
detected"
[0240] 3.3.2.2. Immobilization Command
[0241] Request to engage/release WheelLock
[0242] Values
TABLE-US-00006 TABLE 5 value Description Remarks 0 No Request 1
Applied EPB is turned on and TM shifts to P range 2 Released EPB is
turned off and TM shifts to the value of Propulsion Direction
Command
[0243] Remarks [0244] Available only when
Autonomy_State="Autonomous Mode" [0245] Changeable only when the
vehicle is stationary (Actual_Moving_Direction="standstill") [0246]
The request is rejected when vehicle is running. [0247] When
Apply/Release mode change is requested, Acceleration Command is set
to deceleration (-0.4 m/s.sup.2). (Only while brake is
applied.)
[0248] 3.3.2.3. Standstill Command
[0249] Request the vehicle to be stationary
[0250] Values
TABLE-US-00007 TABLE 6 value Description Remarks 0 No Request 1
Applied Standstill is requested 2 Released
[0251] Remarks [0252] Only available when
Autonomy_State="Autonomous Mode" [0253] Confirmed by Standstill
Status="Applied" [0254] When the vehicle is stationary
(Actual_Moving_Direction="standstill"), transition to Stand Still
is enabled. [0255] Acceleration Command has to be continued until
Standstill Status becomes "Applied" and Acceleration Command's
deceleration request (-0.4 m/s.sup.2) should be continued. [0256]
There are more cases where the request is not accepted. Details are
T.B.D.
[0257] 3.3.2.4. Acceleration Command
[0258] Command vehicle acceleration
[0259] Values
[0260] Estimated_Max_Decel_Capability to
Estimated_Max_Accel_Capability [m/s.sup.2]
[0261] Remarks [0262] Only available when
Autonomy_State="Autonomous Mode" [0263] Acceleration (+) and
deceleration (-) request based on Propulsion Direction Status
direction [0264] The upper/lower limit will vary based on
Estimated_Max_Decel_Capability and Estimated_Max_Accel_Capability.
[0265] When acceleration more than Estimated_Max_Accel_Capability
is requested, the request is set to Estimated_Max_Accel_Capability.
[0266] When deceleration more than Estimated_Max_Decel_Capability
is requested, the request is set to Estimated_Max_Decel_Capability.
[0267] Depending on the accel/brake pedal stroke, the requested
acceleration may not be met. See 3.4.1.4 for more detail. [0268]
When Pre-Collision system is activated simultaneously, minimum
acceleration (maximum deceleration) is selected.
[0269] 3.3.2.5. Tire Turning Angle Command
[0270] Command tire turning angle
[0271] Values
TABLE-US-00008 TABLE 7 value Description Remarks -- [unit: rad]
[0272] Remarks [0273] Left is positive value (+). Right is negative
value (-). [0274] Available only when Autonomy_State="Autonomous
Mode" [0275] The output of Estimated_Road_Wheel_Angle_Actual when
the vehicle is going straight, is set to the reference value (0).
[0276] This requests relative value of
Estimated_Road_Wheel_Angle_Actual. (See 3.4.1.1 for details) [0277]
The requested value is within Current_Road_Wheel_Angle_Rate_Limit.
[0278] The requested value may not be fulfilled depending on the
steer angle by the driver.
[0279] 3.3.2.6. Autonomization Command
[0280] Request to transition between manual mode and autonomy
mode
[0281] Values
TABLE-US-00009 TABLE 8 value Description Remarks 00b No Request For
Autonomy 01b Request For Autonomy 10b Deactivation Request means
transition request to manual mode
[0282] The mode may be able not to be transitioned to Autonomy
mode. (e.g. In case that a failure occurs in the vehicle
platform.)
[0283] 3.3.3. Outputs
TABLE-US-00010 TABLE 9 Signal Name Description Redundancy
Propulsion Direction Status Current shift range N/A Propulsion
Direction by Driver Shift lever position by driver N/A
Immobilization Status Output of EPB and Shift P Applied
Immobilization Request by Driver EPB switch status by driver N/A
Standstill Status Stand still status N/A Estimated_Coasting_Rate
Estimated vehicle deceleration when throttle is closed N/A
Estimated_Max_Accel_Capability Estimated maximum acceleration
Applied Estimated_Max_Decel_Capability Estimated maximum
deceleration Applied Estimated_Road_Wheel_Angle_Actual Front wheel
steer angle Applied Estimated_Road_Wheel_Angle_Rate_Actual Front
wheel steer angle rate Applied Steering_Wheel_Angle_Actual Steering
wheel angle N/A Steering_Wheel_Angle_Rate_Actual Steering wheel
angle rate N/A Current_Road_Wheel_Angle_Rate_Limit Road wheel angle
rate limit Applied Estimated_Max_Lateral_Acceleration_Capability
Estimated max lateral acceleration Applied
Estimated_Max_Lateral_Acceleration_Rate_Capability Estimated max
lateral acceleration rate Applied Accelerator_Pedal_Position
Position of the accelerator pedal (How much is the N/A pedal
depressed?) Accelerator_Pedal_Intervention This signal shows
whether the accelerator pedal is N/A depressed by a driver
(intervention) Brake_Pedal_Position Position of the brake pedal
(How much is the pedal T.B.D. depressed?) Brake_Pedal_Intervention
This signal shows whether the brake pedal is T.B.D. depressed by a
driver (intervention) Steering_Wheel_Intervention This signal shows
whether the steering wheel is T.B.D. turned by a driver
(intervention) Shift_Lever_Intervention This signal shows whether
the shift lever is controlled T.B.D. by a driver (intervention)
WheelSpeed_FL wheel speed value (Front Left Wheel) N/A
WheelSpeed_FL_Rotation Rotation direction of wheel (Front Left) N/A
WheelSpeed_FR wheel speed value (Front Right Wheel) N/A
WheelSpeed_FR_Rotation Rotation direction of wheel (Front Right)
N/A WheelSpeed_RL wheel speed value (Rear Left Wheel) Applied
WheelSpeed_RL_Rotation Rotation direction of wheel (Rear Left)
Applied WheelSpeed_RR wheel speed value (Rear Right Wheel) Applied
WheelSpeed_RR_Rotation Rotation direction of wheel (Rear Right)
Applied Actual_Moving_Direction Moving direction of vehicle Applied
Longitudinal_Velocity Estimated longitudinal velocity of vehicle
Applied Longitudinal_Acceleration Estimated longitudinal
acceleration of vehicle Applied Lateral_Acceleration Sensor value
of lateral acceleration of vehicle Applied Yawrate Sensor value of
Yaw rate Applied Autonomy_State State of whether autonomy mode or
manual mode Applied Autonomy_Ready Situation of whether the vehicle
can transition to Applied autonomy mode or not Autonomy_Fault
Status of whether the fault regarding a functionality in Applied
autonomy mode occurs or not
[0284] 3.3.3.1. Propulsion Direction Status
[0285] Current Shift Range
[0286] Values
TABLE-US-00011 TABLE 10 value Description remarks 0 Reserved 1 P 2
R 3 N 4 D 5 B 6 Reserved 7 Invalid value
[0287] Remarks [0288] When the shift range is indeterminate, this
output is set to "Invalid Value". [0289] When the vehicle becomes
the following status during VO mode, [Propulsion Direction Status]
will turn to "P". [0290] [Longitudinal_Velocity]=0 [km/h] [0291]
[Brake_Pedal_Position]<Threshold value (T.B.D.) (in case of
being determined that the pedal isn't depressed) [0292]
[1st_Left_Seat_Belt_Status]=Unbuckled [0293]
[1st_Left_Door_Open_Status]=Opened
[0294] 3.3.3.2. Propulsion Direction by Driver
[0295] Shift Lever Position by Driver Operation
[0296] Values
TABLE-US-00012 TABLE 11 value Description remarks 0 No Request 1 P
2 R 3 N 4 D 5 B 6 Reserved 7 Invalid value
[0297] Remarks [0298] Output based on the lever position operated
by driver [0299] If the driver releases his hand of the shift
lever, the lever returns to the central position and the output is
set as "No Request". [0300] When the vehicle becomes the following
status during NVO mode, [Propulsion Direction by Driver] will turn
to "1(P)". [0301] [Longitudinal_Velocity]=0 [km/h] [0302]
[Brake_Pedal_Position]<Threshold value (T.B.D.) (in case of
being determined that the pedal isn't depressed) [0303]
[1st_Left_Seat_Belt_Status]=Unbuckled [0304]
[1st_Left_Door_Open_Status]=Opened
[0305] 3.3.3.3. Immobilization Status
[0306] Output EPB and Shift-P status
[0307] Values
[0308] <Primary>
TABLE-US-00013 TABLE 12 Value Shift EPB Description Remarks 0 0
Shift set to other than P, and EPB Released 1 0 Shift set to P and
EPB Released 0 1 Shift set to other than P, and EPB applied 1 1
Shift set to P and EPB Applied
[0309] <Secondary>
TABLE-US-00014 TABLE 13 Value Shift Description Remarks 0 0 Other
than Shift P 1 0 Shift P 0 1 Reserved 1 1 Reserved
[0310] Remarks [0311] Secondary signal does not include EPB lock
status.
[0312] 3.3.3.4. Immobilization Request by Driver
[0313] Driver operation of EPB switch
[0314] Values
TABLE-US-00015 TABLE 14 value Description remarks 0 No Request 1
Engaged 2 Released 3 Invalid value
[0315] Remarks [0316] "Engaged" is outputted while the EPB switch
is being pressed. [0317] "Released" is outputted while the EPB
switch is being pulled.
[0318] 3.3.3.5. Standstill Status
[0319] Vehicle stationary status
[0320] Values
TABLE-US-00016 TABLE 15 Value Description remarks 0 Released 1
Applied 2 Reserved 3 Invalid value
[0321] Remarks [0322] When Standstill Status=Applied continues for
3 minutes, EPB is activated. [0323] If the vehicle is desired to
start, ADS requests Standstill Command="Released".
[0324] 3.3.3.6. Estimated_Coasting_Rate
[0325] Estimated vehicle deceleration when throttle is closed
[0326] Values
[0327] [unit: m/s.sup.2]
[0328] Remarks [0329] Estimated acceleration at WOT is calculated.
[0330] Slope and road load etc. are taken into estimation. [0331]
When the Propulsion Direction Status is "D", the acceleration to
the forward direction shows a positive value. [0332] When the
Propulsion Direction Status is "R", the acceleration to the reverse
direction shows a positive value.
[0333] 3.3.3.7. Estimated_Max_Accel_Capability
[0334] Estimated Maximum Acceleration
[0335] Values
[0336] [unit: m/s.sup.2]
[0337] Remarks [0338] The acceleration at WOT is calculated. [0339]
Slope and road load etc. are taken into estimation. [0340] The
direction decided by the shift position is considered to be
plus.
[0341] 3.3.3.8. Estimated_Max_Decel_Capability
[0342] Estimated maximum deceleration
[0343] Values [0344] -9.8 to 0 [unit: m/s.sup.2]
[0345] Remarks [0346] Affected by Brake_System_Degradation_Modes.
Details are T.B.D. [0347] Based on vehicle state or road condition,
cannot output in some cases
[0348] 3.3.3.9. Estimated_Road_Wheel_Angle_Actual
[0349] Front wheel steer angle
[0350] Values
TABLE-US-00017 TABLE 16 value Description Remarks others [unit:
rad] Minimum Value Invalid value The sensor is invalid.
[0351] Remarks [0352] Left is positive value (+). Right is negative
value (-). [0353] Before "the wheel angle when the vehicle is going
straight" becomes available, this signal is Invalid value.
[0354] 3.3.3.10. Estimated_Road_Wheel_Angle_Rate_Actual
[0355] Front wheel steer angle rate
[0356] Values
TABLE-US-00018 TABLE 17 value Description Remarks others [unit:
rad/s] Minimum Value Invalid value
[0357] Remarks [0358] Left is positive value (+). Right is negative
value (-).
[0359] 3.3.3.11. Steering_Wheel_Angle_Actual
[0360] Steering wheel angle
[0361] Values
TABLE-US-00019 TABLE 18 Value Description Remarks others [unit:
rad] Minimum Value Invalid value
[0362] Remarks [0363] Left is positive value (+). Right is negative
value (-). [0364] The steering angle converted from the steering
assist motor angle [0365] Before "the wheel angle when the vehicle
is going straight" becomes available, this signal is Invalid
value.
[0366] 3.3.3.12. Steering_Wheel_Angle_Rate_Actual
[0367] Steering Wheel Angle Rate
[0368] Values
TABLE-US-00020 TABLE 19 Value Description Remarks others [unit:
rad/s] Minimum Value Invalid value
[0369] Remarks [0370] Left is positive value (+). Right is negative
value (-). [0371] The steering angle rate converted from the
steering assist motor angle rate
[0372] 3.3.3.13. Current_Road_Wheel_Angle_Rate_Limit
[0373] Road wheel angle rate limit
[0374] Values [0375] When stopped: 0.4 [rad/s] [0376] While
running: Show "Remarks"
[0377] Remarks
[0378] Calculated from the "vehicle speed-steering angle rate"
chart like below
[0379] A) At a very low speed or stopped situation, use fixed value
of 0.4 [rad/s]
[0380] B) At a higher speed, the steering angle rate is calculated
from the vehicle speed using 2.94 m/s.sup.3
[0381] The threshold speed between A and B is 10 [km/h] (FIG.
17).
[0382] 3.3.3.14. Estimated_Max_Lateral_Acceleration_Capability
[0383] Estimated max lateral acceleration
[0384] Values
[0385] 2.94 [unit: m/s.sup.2] fixed value
[0386] Remarks [0387] Wheel Angle controller is designed within the
acceleration range up to 2.94 m/s.sup.2.
[0388] 3.3.3.15.
Estimated_Max_Lateral_Acceleration_Rate_Capability
[0389] Estimated max lateral acceleration rate
[0390] Values
[0391] 2.94 [unit: m/s.sup.3] fixed value
[0392] Remarks [0393] Wheel Angle controller is designed within the
acceleration range up to 2.94 m/s.sup.3.
[0394] 3.3.3.16. Accelerator Pedal Position
[0395] Position of the accelerator pedal (How much is the pedal
depressed?)
[0396] Values
[0397] 0 to 100 [unit: %]
[0398] Remarks [0399] In order not to change the acceleration
openness suddenly, this signal is filtered by smoothing process.
[0400] In normal condition [0401] The accelerator position signal
after zero point calibration is transmitted. [0402] In failure
condition [0403] Transmitted failsafe value (0.times.FF)
[0404] 3.3.3.17. Accelerator_Pedal_Intervention
[0405] This signal shows whether the accelerator pedal is depressed
by a driver (intervention).
[0406] Values
TABLE-US-00021 TABLE 20 Value Description Remarks 0 Not depressed 1
depressed 2 Beyond autonomy acceleration
[0407] Remarks [0408] When Accelerator_Pedal_Position is higher
than the defined threshold value (ACCL_INTV), this signal
[Accelerator_Pedal_Intervention] will turn to "depressed".
[0409] When the requested acceleration from depressed acceleration
pedal is higher than the requested acceleration from system (ADS,
PCS etc.), this signal will turn to "Beyond autonomy acceleration".
[0410] During NVO mode, accelerator request will be rejected.
Therefore, this signal will not turn to "2".
[0411] Detail design (FIG. 18)
[0412] 3.3.3.18. Brake_Pedal_Position
[0413] Position of the brake pedal (How much is the pedal
depressed?)
[0414] Values
[0415] 0 to 100 [unit: %]
[0416] Remarks [0417] In the brake pedal position sensor failure:
[0418] Transmitted failsafe value (0.times.FF) [0419] Due to
assembling error, this value might be beyond 100%.
[0420] 3.3.3.19. Brake Pedal Intervention
[0421] This signal shows whether the brake pedal is depressed by a
driver (intervention).
[0422] Values
TABLE-US-00022 TABLE 21 Value Description Remarks 0 Not depressed 1
depressed 2 Beyond autonomy deceleration
[0423] Remarks [0424] When Brake_Pedal_Position is higher than the
defined threshold value (BRK_INTV), this signal [Brake Pedal
Intervention] will turn to "depressed". [0425] When the requested
deceleration from depressed brake pedal is higher than the
requested deceleration from system (ADS, PCS etc.), this signal
will turn to "Beyond autonomy deceleration".
[0426] Detail design (FIG. 19)
[0427] 3.3.3.20. Steering_Wheel_Intervention
[0428] This signal shows whether the steering wheel is turned by a
driver (intervention).
[0429] Values
TABLE-US-00023 TABLE 22 Value Description Remarks 0 Not turned 1
Turned collaboratively Driver steering torque + steering motor
torque 2 Turned by human driver
[0430] Remarks [0431] In "Steering_Wheel_Intervention=1",
considering the human driver's intent, EPS system will drive the
steering with the Human driver collaboratively. [0432] In
"Steering_Wheel_Intervention=2", considering the human driver's
intent, EPS system will reject the steering requirement from
autonomous driving kit. (The steering will be driven the human
driver.)
[0433] 3.3.3.21. Shift Lever Intervention
[0434] This signal shows whether the shift lever is controlled by a
driver (intervention).
[0435] Values
TABLE-US-00024 TABLE 23 Value Description Remarks 0 OFF 1 ON
Controlled (moved to any shift position)
[0436] Remarks [0437] N/A
[0438] 3.3.3.22. WheelSpeed_FL, WheelSpeed_FR, WheelSpeed_RL,
WheelSpeed_RR
[0439] Wheel Speed Value
[0440] Values
TABLE-US-00025 TABLE 24 Value Description Remarks others Velocity
[unit: m/s] Maximum Value Invalid value The sensor is invalid.
[0441] Remarks [0442] T.B.D.
[0443] 3.3.3.23. WheelSpeed_FL_Rotation, WheelSpeed_FR_Rotation,
WheelSpeed_RL_Rotation, WheelSpeed_RR_Rotation
[0444] Rotation direction of each wheel
[0445] Values
TABLE-US-00026 TABLE 25 value Description remarks 0 Forward 1
Reverse 2 Reserved 3 Invalid value The sensor is invalid.
[0446] Remarks [0447] After activation of ECU, until the rotation
direction is fixed, "Forward" is set to this signal. [0448] When
detected continuously 2 (two) pulses with the same direction, the
rotation direction will be fixed.
[0449] 3.3.3.24. Actual_Moving_Direction
[0450] Rotation direction of wheel
[0451] Values
TABLE-US-00027 TABLE 26 value Description remarks 0 Forward 1
Reverse 2 Standstill 3 Undefined
[0452] Remarks [0453] This signal shows "Standstill" when four
wheel speed values are "0" during a constant time. [0454] When
other than above, this signal will be determined by the majority
rule of four WheelSpeed_Rotations. [0455] When more than two
WheelSpeed_Rotations are "Reverse", this signal shows "Reverse".
[0456] When more than two WheelSpeed_Rotations are "Forward", this
signal shows "Forward". [0457] When "Forward" and "Reverse" are the
same counts, this signal shows "Undefined".
[0458] 3.3.3.25. Longitudinal_Velocity
[0459] Estimated Longitudinal Velocity of Vehicle
[0460] Values
TABLE-US-00028 TABLE 27 Value Description Remarks others Velocity
[unit: m/s] Maximum Value Invalid value The sensor is invalid.
[0461] Remarks [0462] This signal is output as the absolute
value.
[0463] 3.3.3.26. Longitudinal_Acceleration
[0464] Estimated longitudinal acceleration of vehicle
[0465] Values
TABLE-US-00029 TABLE 28 value Description Remarks others
Acceleration [unit: m/s.sup.2] Minimum Value Invalid value The
sensor is invalid.
[0466] Remarks [0467] This signal will be calculated with wheel
speed sensor and acceleration sensor. [0468] When the vehicle is
driven at a constant velocity on the flat road, this signal shows
"0".
[0469] 3.3.3.27. Lateral_Acceleration
[0470] Sensor Value of Lateral Acceleration of Vehicle
[0471] Values
TABLE-US-00030 TABLE 29 Value Description Remarks others
Acceleration [unit: m/s.sup.2] Minimum Value Invalid value The
sensor is invalid.
[0472] Remarks [0473] The positive value means counterclockwise.
The negative value means clockwise.
[0474] 3.3.3.28. Yawrate
[0475] Sensor Value of Yaw Rate
[0476] Values
TABLE-US-00031 TABLE 30 Value Description Remarks others Yaw rate
[unit: deg/s] Minimum Value Invalid value The sensor is
invalid.
[0477] Remarks [0478] The positive value means counterclockwise.
The negative value means clockwise.
[0479] 3.3.3.29. Autonomy_State
[0480] State of whether autonomy mode or manual mode
[0481] Values
TABLE-US-00032 TABLE 31 value Description Remarks 00 Manual Mode
The mode starts from Manual mode. 01 Autonomous Mode
[0482] Remarks [0483] The initial state is the Manual mode. (When
Ready ON, the vehicle will start from the Manual mode.)
[0484] 3.3.3.30. Autonomy_Ready
[0485] Situation of whether the vehicle can transition to autonomy
mode or not
[0486] Values
TABLE-US-00033 TABLE 32 value Description Remarks 00b Not Ready For
Autonomy 01b Ready For Autonomy 11b Invalid means the status is not
determined.
[0487] Remarks [0488] This signal is a part of transition
conditions toward the Autonomy mode.
[0489] Please see the summary of conditions.
[0490] 3.3.3.31. Autonomy_Fault
[0491] Status of whether the fault regarding a functionality in
autonomy mode occurs or not
[0492] Values
TABLE-US-00034 TABLE 33 value Description Remarks 00b No fault 01b
Fault 11b Invalid means the status is not determined.
[0493] Remarks [0494] [T.B.D.] Please see the other material
regarding the fault codes of a functionality in autonomy mode.
[0495] [T.B.D.] Need to consider the condition to release the
status of "fault".
[0496] 3.4. APIs for BODY control
[0497] 3.4.1. Functions
[0498] T.B.D.
[0499] 3.4.2. Inputs
TABLE-US-00035 TABLE 34 Signal Name Description Redundancy
Turnsignallight_Mode_Command Command to control the turnsignallight
N/A mode of the vehicle platform Headlight_Mode_Command Command to
control the headlight mode of N/A the vehicle platform
Hazardlight_Mode_Command Command to control the hazardlight mode
N/A of the vehicle platform Horn_Pattern_Command Command to control
the pattern of horn N/A ON-time and OFF-time per cycle of the
vehicle platform Horn_Number_of_Cycle_Command Command to control
the Number of horn N/A ON/OFF cycle of the vehicle platform
Horn_Continuous_Command Command to control of horn ON of the N/A
vehicle platform Windshieldwiper_Mode_Front_Command Command to
control the front windshield N/A wiper of the vehicle platform
Windshieldwiper_Intermittent_Wiping_Speed_Command Command to
control the Windshield wiper N/A actuation interval at the
Intermittent mode Windshieldwiper_Mode_Rear_Command Command to
control the rear windshield N/A wiper mode of the vehicle platform
Hvac_1st_Command Command to start/stop 1st row air N/A conditioning
control Hvac_2nd_Command Command to start/stop 2nd row air N/A
conditioning control Hvac_TargetTemperature_1st_Left_Command
Command to set the target temperature N/A around front left area
Hvac_TargetTemperature_1st_Right_Command Command to set the target
temperature N/A around front right area
Hvac_TargetTemperature_2nd_Left_Command Command to set the target
temperature N/A around rear left area
Hvac_TargetTemperature_2nd_Right_Command Command to set the target
temperature N/A around rear right area
Hvac_Fan_Level_1st_Row_Command Command to set the fan level on the
front N/A AC Hvac_Fan_Level_2nd_Row_Command Command to set the fan
level on the rear N/A AC Hvac_1st_Row_AirOutlet_Mode_Command
Command to set the mode of 1st row air N/A outlet
Hvac_2nd_Row_AirOutlet_Mode_Command Command to set the mode of 2nd
row air N/A outlet Hvac_Recirculate_Command Command to set the air
recirculation mode N/A Hvac_AC_Command Command to set the AC mode
N/A
[0500] 3.4.2.1. Turnsignallight_Mode_Command
[0501] Command to control the turnsignallight mode of the vehicle
platform
[0502] Values
TABLE-US-00036 TABLE 35 value Description remarks 0 OFF Blinker OFF
1 Right Right blinker ON 2 Left Left blinker ON 3 reserved
[0503] Remarks
[0504] T.B.D.
[0505] Detailed Design
[0506] When Turnsignallight_Mode_Command=1, vehicle platform sends
left blinker on request.
[0507] When Turnsignallight_Mode_Command=2, vehicle platform sends
right blinker on request.
[0508] 3.4.2.2. Headlight_Mode_Command
[0509] Command to control the headlight mode of the vehicle
platform
[0510] Values
TABLE-US-00037 TABLE 36 Value Description remarks 0 No Request Keep
current mode 1 TAIL mode request side lamp mode 2 HEAD mode request
Lo mode 3 AUTO mode request 4 HI mode request 5 OFF Mode Request
6-7 reserved
[0511] Remarks [0512] This command is valid when
Headlight_Driver_Input=OFF or Auto mode ON. [0513] Driver input
overrides this command. [0514] Headlight mode changes when Vehicle
platform receives once this command.
[0515] 3.4.2.3. Hazardlight_Mode_Command
[0516] Command to control the hazardlight mode of the vehicle
platform
[0517] Values
TABLE-US-00038 TABLE 37 value Description remarks 0 OFF command for
hazardlight OFF 1 ON command for hazardlight ON
[0518] Remarks [0519] Driver input overrides this command. [0520]
Hazardlight is active during Vehicle Platform receives ON
command.
[0521] 3.4.2.4. Horn Pattern Command
[0522] Command to control the pattern of horn ON-time and OFF-time
per cycle of the vehicle platform
[0523] Values
TABLE-US-00039 TABLE 38 value Description remarks 0 No request 1
Pattern 1 ON-time: 250 ms OFF-time: 750 ms 2 Pattern 2 ON-time: 500
ms OFF-time: 500 ms 3 Pattern 3 reserved 4 Pattern 4 reserved 5
Pattern 5 reserved 6 Pattern 6 reserved 7 Pattern 7 Reserved
[0524] Remarks [0525] Pattern 1 is assumed to use single short ON,
Pattern 2 is assumed to use ON-OFF repeating. [0526] Detail is
under internal discussion.
[0527] 3.4.2.5. Horn_Number_of_Cycle_Command
[0528] Command to control the Number of horn ON/OFF cycle of the
vehicle platform
[0529] Values
[0530] 0.about.7 [-]
[0531] Remarks [0532] Detail is under internal discussion.
[0533] 3.4.2.6. Horn_Continuous_Command
[0534] Command to control of horn ON of the vehicle platform
[0535] Values
TABLE-US-00040 TABLE 39 value Description remarks 0 No request 1 ON
request
[0536] Remarks [0537] This command overrides Horn Pattern Command,
Horn_Number_of_Cycle_Command. [0538] Horn is active during Vehicle
Platform receives ON command. [0539] Detail is under internal
discussion.
[0540] 3.4.2.7. Windshieldwiper_Mode_Front_Command
[0541] Command to control the front windshield wiper of the vehicle
platform
[0542] Values
TABLE-US-00041 TABLE 40 value Description remarks 0 OFF mode
request 1 Lo mode request 2 Hi mode request 3 Intermittent mode
request 4 Auto mode request 5 Mist mode request One-Time Wiping 6,
7 Reserved
[0543] Remarks [0544] This command is under internal discussion the
timing of valid. [0545] This command is valid when
Windshieldwiper_Front_Driver_Input=OFF or Auto mode ON. [0546]
Driver input overrides this command. [0547] Windshieldwiper mode is
kept during Vehicle platform is receiving the command.
[0548] 3.4.2.8.
Windshieldwiper_Intermittent_Wiping_Speed_Command
[0549] Command to control the Windshield wiper actuation interval
at the Intermittent mode
[0550] Values
TABLE-US-00042 TABLE 41 value Description remarks 0 FAST 1 SECOND
FAST 2 THIRD FAST 3 SLOW
[0551] Remarks [0552] This command is valid when
Windshieldwiper_Mode_Front_Status=INT. [0553] Driver input
overrides this command. [0554] Windshieldwiper intermittent mode
changes when Vehicle platform receives once this command.
[0555] 3.4.2.9. Windshieldwiper Mode Rear Command
[0556] Command to control the rear windshield wiper mode of the
vehicle platform
[0557] Values
TABLE-US-00043 TABLE 42 value Description Remarks 0 OFF mode
request 1 Lo mode request 2 reserved 3 Intermittent mode request
4-7 reserved
[0558] Remarks [0559] Driver input overrides this command. [0560]
Windshieldwiper mode is kept during Vehicle platform is receiving
the command. [0561] Wiping speed of intermittent mode is not
variable.
[0562] 3.4.2.10. Hvac_1st_Command
[0563] Command to start/stop 1st row air conditioning control
[0564] Values
TABLE-US-00044 TABLE 43 value Description Remarks 00 No request 01
ON means turning the 1st air conditioning control to ON 02 OFF
means turning the 1st air conditioning control to OFF
[0565] Remarks [0566] The hvac of S-AM has a synchronization
functionality.
[0567] Therefore, in order to control 4 (four) hvacs
(1st_left/right, 2nd_left/right) individually, VCIB achieves the
following procedure after Ready-ON. (This functionality will be
implemented from the CV.)
[0568] #1: Hvac_1st_Command=ON
[0569] #2: Hvac_2nd_Command=ON
[0570] #3: Hvac_TargetTemperature_2nd_Left_Command
[0571] #4: Hvac_TargetTemperature_2nd_Right_Command
[0572] #5: Hvac_Fan_Level_2nd_Row_Command
[0573] #6: Hvac_2nd_Row_AirOutlet_Mode_Command
[0574] #7: Hvac_TargetTemperature_1st_Left_Command
[0575] #8: Hvac_TargetTemperature_1st_Right_Command
[0576] #9: Hvac_Fan_Level_1st_Row_Command
[0577] #10: Hvac_1st_Row_AirOutlet_Mode_Command
[0578] * The interval between each command needs 200 ms or
more.
[0579] * Other commands are able to be executed after #1.
[0580] 3.4.2.11. Hvac_2nd_Command
[0581] Command to start/stop 2nd row air conditioning control
[0582] Values
TABLE-US-00045 TABLE 44 value Description Remarks 00 No request 01
ON means turning the 2nd air conditioning control to ON 02 OFF
means turning the 2nd air conditioning control to OFF
[0583] Remarks [0584] N/A
[0585] 3.4.2.12. Hvac_TargetTemperature_1st_Left_Command
[0586] Command to set the target temperature around front left
area
[0587] Values
TABLE-US-00046 TABLE 45 value Description Remarks 0 No request 60
to 85 [unit: .degree. F.] (by 1.0.degree. F.) Temperature
direction
[0588] Remarks [0589] N/A
[0590] 3.4.2.13. Hvac_TargetTemperature_1st_Right_Command
[0591] Command to set the target temperature around front right
area
[0592] Values
TABLE-US-00047 TABLE 46 value Description Remarks 0 No request 60
to 85 [unit: .degree. F.] (by 1.0.degree. F.) Temperature
direction
[0593] Remarks [0594] N/A
[0595] 3.4.2.14. Hvac_TargetTemperature_2nd_Left_Command
[0596] Command to set the target temperature around rear left
area
[0597] Values
TABLE-US-00048 TABLE 47 value Description Remarks 0 No request 60
to 85 [unit: .degree. F.] (by 1.0.degree. F.) Temperature
direction
[0598] Remarks [0599] N/A
[0600] 3.4.2.15. Hvac_TargetTemperature_2nd_Right_Command
[0601] Command to set the target temperature around rear right
area
[0602] Values
TABLE-US-00049 TABLE 48 value Description Remarks 0 No request 60
to 85 [unit: .degree. F.] (by 1.0.degree. F.) Temperature
direction
[0603] Remarks [0604] N/A
[0605] 3.4.2.16. Hvac_Fan_Level_1st_Row_Command
[0606] Command to set the fan level on the front AC
[0607] Values
TABLE-US-00050 TABLE 49 value Description Remarks 0 No request 1 to
7 (Maximum) Fan level direction
[0608] Remarks [0609] If you would like to turn the fan level to 0
(OFF), you should transmit "Hvac_1st_Command=OFF". [0610] If you
would like to turn the fan level to AUTO, you should transmit
"Hvac_1st_Command=ON".
[0611] 3.4.2.17. Hvac_Fan_Level_2nd_Row_Command
[0612] Command to set the fan level on the rear AC
[0613] Values
TABLE-US-00051 TABLE 50 value Description Remarks 0 No request 1 to
7 (Maximum) Fan level direction
[0614] Remarks [0615] If you would like to turn the fan level to 0
(OFF), you should transmit "Hvac_2nd_Command=OFF". [0616] If you
would like to turn the fan level to AUTO, you should transmit
"Hvac_2nd_Command=ON".
[0617] 3.4.2.18. Hvac_1st_Row_AirOutlet_Mode_Command
[0618] Command to set the mode of 1st row air outlet
[0619] Values
TABLE-US-00052 TABLE 51 value Description Remarks 000b No Operation
001b UPPER Air flows to the upper body 010b U/F Air flows to the
upper body and feet 011b FEET Air flows to the feet. 100b F/D Air
flows to the feet and the windshield defogger operates
[0620] Remarks [0621] N/A
[0622] 3.4.2.19. Hvac_2nd_Row_AirOutlet_Mode_CommandCommand to set
the mode of 2nd row air outlet
[0623] Values
TABLE-US-00053 TABLE 52 value Description Remarks 000b No Operation
001b UPPER Air flows to the upper body 010b U/F Air flows to the
upper body and feet 011b FEET Air flows to the feet.
[0624] Remarks [0625] N/A
[0626] 3.4.2.20. Hvac_Recirculate_Command
[0627] Command to set the air recirculation mode
[0628] Values
TABLE-US-00054 TABLE 53 value Description Remarks 00 No request 01
ON means turning the air recirculation mode ON 02 OFF means turning
the air recirculation mode OFF
[0629] Remarks [0630] N/A
[0631] 3.4.2.21. Hvac_AC_Command
[0632] Command to set the AC mode
[0633] Values
TABLE-US-00055 TABLE 54 value Description remarks 00 No request 01
ON means turning the AC mode ON 02 OFF means turning the AC mode
OFF
[0634] Remarks [0635] N/A
[0636] 3.4.3. Outputs
TABLE-US-00056 TABLE 55 Signal Name Description Redundancy
Turnsignallight_Mode_Status Status of the current turnsignallight
N/A mode of the vehicle platform Headlight_Mode_Status Status of
the current headlight mode N/A of the vehicle platform
Hazardlight_Mode_Status Status of the current hazardlight N/A mode
of the vehicle platform Horn_Status Status of the current horn of
the N/A vehicle platform Windshieldwiper_Mode_Front_Status Status
of the current front windshield N/A wiper mode of the vehicle
platform Windshieldwiper_Mode_Rear_Status Status of the current
rear windshield N/A wiper mode of the vehicle platform
Hvac_1.sup.st_Status Status of activation of the 1.sup.st row N/A
HVAC Hvac_2.sup.nd_Status Status of activation of the 2.sup.nd row
N/A HVAC Hvac_Temperature_1.sup.st_Left_Status Status of set
temperature of 1.sup.st row N/A left
Hvac_Temperature_1.sup.st_Right_Status Status of set temperature of
1.sup.st row N/A right Hvac_Temperature_2.sup.nd_Left_Status Status
of set temperature of 2.sup.nd row N/A left
Hvac_Temperature_2.sup.nd_Right_Status Status of set temperature of
2.sup.nd row N/A right Hvac_Fan_Level_1.sup.st_Row_Status Status of
set fan level of 1.sup.st row N/A
Hvac_Fan_Level_2.sup.nd_Row_Status Status of set fan level of
2.sup.nd row N/A Hvac_1st_Row_AirOutlet_Mode_Status Status of mode
of 1st row air outlet N/A Hvac_2nd_Row_AirOutlet_Mode_Status Status
of mode of 2nd row air outlet N/A Hvac_Recirculate_Status Status of
set air recirculation mode N/A Hvac_AC_Status Status of set AC mode
N/A 1st_Right_Seat_Occupancy_Status Seat occupancy status in 1st
left -- seat 1st_Left_Seat_Belt_Status Status of driver's seat belt
buckle -- switch 1st_Right_Seat_Belt_Status Status of passenger's
seat belt -- buckle switch 2nd_Left_Seat_Belt_Status Seat belt
buckle switch status in 2nd -- left seat 2nd_Right_Seat_Belt_Status
Seat belt buckle switch status in 2nd -- right seat
[0637] 3.4.3.1. Turnsignallight_Mode_Status
[0638] Status of the current turnsignallight mode of the vehicle
platform
[0639] Values
TABLE-US-00057 TABLE 56 value Description Remarks 0 OFF Turn lamp =
OFF 1 Left Turn lamp L = ON (flashing) 2 Right Turn lamp R = ON
(flashing) 3 invalid
[0640] Remarks [0641] At the time of the disconnection detection of
the turn lamp, state is ON. [0642] At the time of the short
detection of the turn lamp, State is OFF.
[0643] 3.4.3.2. Headlight_Mode_Status
[0644] Status of the current headlight mode of the vehicle
platform
[0645] Values
TABLE-US-00058 TABLE 57 Value Description Remarks 0 OFF 1 TAIL 2 Lo
3 reserved 4 Hi 5-6 reserved 7 invalid
[0646] Remarks
[0647] N/A
[0648] Detailed Design [0649] At the time of tail signal ON,
Vehicle Platform sends 1. [0650] At the time of Lo signal ON,
Vehicle Platform sends 2. [0651] At the time of Hi signal ON,
Vehicle Platform sends 4. [0652] At the time of any signal above
OFF, Vehicle Platform sends 0.
[0653] 3.4.3.3. Hazardlight_Mode_Status
[0654] Status of the current hazard lamp mode of the vehicle
platform
[0655] Values
TABLE-US-00059 TABLE 58 Value Description Remarks 0 OFF Hazard lamp
= OFF 1 Hazard Hazard lamp = ON (flashing) 2 reserved 3 invalid
[0656] Remarks
[0657] N/A
[0658] 3.4.3.4. Horn_Status
[0659] Status of the current horn of the vehicle platform
[0660] Values
TABLE-US-00060 TABLE 59 Value Description Remarks 0 OFF 1 ON 2
reserved (unsupport) 3 invalid (unsupport)
[0661] Remarks [0662] cannot detect any failure. [0663] Vehicle
platform sends "1" during Horn Pattern Command is active, if the
horn is OFF.
[0664] 3.4.3.5. Windshieldwiper_Mode_Front_Status
[0665] Status of the current front windshield wiper mode of the
vehicle platform
[0666] Values
TABLE-US-00061 TABLE 60 Value Description Remarks 0 OFF Front wiper
stopped 1 Lo Front wiper being active in LO mode (also including
being active in MIST, being active in coordination with washer, and
being wiping at speed other than HI) 2 Hi Front wiper being active
in HI mode 3 INT Front wiper being active in INT mode (also
including motor stop while being active in INT mode and being
active in INT mode owing to vehicle speed change function) 4-5
reserved 6 fail Front wiper failed 7 invalid
TABLE-US-00062 TABLE 61 Value Description Remarks 0 OFF Front wiper
is stopped. 1 Lo Front wiper is in LO mode (include in MIST mode,
operation with washer, Medium speed). 2 Hi Front wiper is in HI
mode. 3 INT Front wiper is in INT mode (include motor stopped
between INT mode, INT operation of vehicle speed change function).
4-5 reserved 6 fail Front wiper is fail. 7 invalid
[0667] Remarks
[0668] Fail Mode Conditions [0669] detect signal discontinuity
[0670] cannot detect except the above failure.
[0671] 3.4.3.6. Windshieldwiper_Mode_Rear_Status
[0672] Status of the current rear windshield wiper mode of the
vehicle platform
[0673] Values
TABLE-US-00063 TABLE 62 Value Description Remarks 0 OFF Rear wiper
stopped 1 Lo Rear wiper being in LO mode 2 reserved 3 INT Rear
wiper being in INT mode 4-5 reserved 6 fail Rear wiper failed 7
invalid
[0674] Remarks [0675] cannot detect any failure.
[0676] 3.4.3.7. Hvac_1st_Status
[0677] Status of activation of the 1st row HVAC
[0678] Values
TABLE-US-00064 TABLE 63 value Description remarks 0b OFF 1b ON
[0679] Remarks [0680] N/A
[0681] 3.4.3.8. Hvac_2nd_Status
[0682] Status of activation of the 2nd row HVAC
[0683] Values
TABLE-US-00065 TABLE 64 value Description remarks 0b OFF 1b ON
[0684] Remarks [0685] N/A
[0686] 3.4.3.9. Hvac_Temperature_1st_Left_Status
[0687] Status of set temperature of 1st row left
[0688] Values
TABLE-US-00066 TABLE 65 value Description remarks 0 Lo Max cold 60
to 85 [unit: .degree. F.] Target temperature 100 Hi Max hot FFh
Unknown
[0689] Remarks [0690] N/A
[0691] 3.4.3.10. Hvac_Temperature_1st_Right_Status
[0692] Status of set temperature of 1st row right
[0693] Values
TABLE-US-00067 TABLE 66 value Description remarks 0 Lo Max cold 60
to 85 [unit: .degree. F.] Target temperature 100 Hi Max hot FFh
Unknown
[0694] Remarks [0695] N/A
[0696] 3.4.3.11. Hvac_Temperature_2nd_Left_Status
[0697] Status of set temperature of 2nd row left
[0698] Values
TABLE-US-00068 TABLE 67 value Description remarks 0 Lo Max cold 60
to 85 [unit: .degree. F.] Target temperature 100 Hi Max hot FFh
Unknown
[0699] Remarks [0700] N/A
[0701] 3.4.3.12. Hvac_Temperature_2nd_Right_Status
[0702] Status of set temperature of 2nd row right
[0703] Values
TABLE-US-00069 TABLE 68 value Description remarks 0 Lo Max cold 60
to 85 [unit: .degree. F.] Target temperature 100 Hi Max hot FFh
Unknown
[0704] Remarks [0705] N/A
[0706] 3.4.3.13. Hvac_Fan_Level_1st_Row_Status
[0707] Status of set fan level of 1st row
[0708] Values
TABLE-US-00070 TABLE 69 value Description remarks 0 OFF 1-7 Fan
Level 8 Undefined
[0709] Remarks [0710] N/A
[0711] 3.4.3.14. Hvac_Fan_Level_2nd_Row_Status
[0712] Status of set fan level of 2nd row
[0713] Values
TABLE-US-00071 TABLE 70 value Description remarks 0 OFF 1-7 Fan
Level 8 Undefined
[0714] Remarks [0715] N/A
[0716] 3.4.3.15. Hvac_1st_Row_AirOutlet_Mode_Status
[0717] Status of mode of 1st row air outlet
[0718] Values
TABLE-US-00072 TABLE 71 value Description remarks 000b ALL OFF when
Auto mode is set 001b UPPER Air flows to the upper body 010b U/F
Air flows to the upper body and feet 011b FEET Air flows to the
feet. 100b F/D Air flows to the feet and the windshield defogger
operates 101b DEF The windshield defogger operates 111b
Undefined
[0719] Remarks [0720] N/A
[0721] 3.4.3.16. Hvac_2nd_Row_AirOutlet_Mode_Status
[0722] Status of mode of 2nd row air outlet
[0723] Values
TABLE-US-00073 TABLE 72 value Description remarks 000b ALL OFF when
Auto mode is set 001b UPPER Air flows to the upper body 010b U/F
Air flows to the upper body and feet 011b FEET Air flows to the
feet. 111b Undefined
[0724] Remarks [0725] N/A
[0726] 3.4.3.17. Hvac Recirculate Status
[0727] Status of set air recirculation mode
[0728] Values
TABLE-US-00074 TABLE 73 value Description remarks 00 OFF means that
the air recirculation mode is OFF 01 ON means that the air
recirculation mode is ON
[0729] Remarks [0730] N/A
[0731] 3.4.3.18. Hvac_AC_Status
[0732] Status of set AC mode
[0733] Values
TABLE-US-00075 TABLE 74 value Description remarks 00 OFF means that
the AC mode is OFF 01 ON means that the AC mode is ON
[0734] Remarks [0735] N/A
[0736] 3.4.3.19. 1st_Right_Seat_Occupancy_Status
[0737] Seat occupancy status in 1st left seat
[0738] Values
TABLE-US-00076 TABLE 75 value Description remarks 0 Not occupied 1
Occupied 2 Undecided IG OFF or signal from sensor being lost 3
Failed
[0739] Remarks
[0740] When there is luggage on the seat, this signal may be set to
"Occupied".
[0741] 3.4.3.20. 1st_Left_Seat_Belt_Status
[0742] Status of driver's seat belt buckle switch
[0743] Values
TABLE-US-00077 TABLE 76 value Description remarks 0 Buckled 1
Unbuckled 2 Undetermined 3 Fault of a switch
[0744] Remarks [0745] When Driver's seat belt buckle switch status
signal is not set, [undetermined] is transmitted.
[0746] It is checking to a person in charge, when using it.
(Outputs "undetermined=10" as an initial value.) [0747] The
judgement result of buckling/unbuckling shall be transferred to CAN
transmission buffer within 1.3 s after IG_ON or before allowing
firing, whichever is earlier.
[0748] 3.4.3.21. 1st_Right_Seat_Belt_Status
[0749] Status of passenger's seat belt buckle switch
[0750] Values
TABLE-US-00078 TABLE 77 value Description remarks 0 Buckled 1
Unbuckled 2 Undetermined 3 Fault of a switch
[0751] Remarks [0752] When Passenger's seat belt buckle switch
status signal is not set, [undetermined] is transmitted.
[0753] It is checking to a person in charge, when using it.
(Outputs "undetermined=10" as an initial value.) [0754] The
judgement result of buckling/unbuckling shall be transferred to CAN
transmission buffer within 1.3 s after IG_ON or before allowing
firing, whichever is earlier.
[0755] 3.4.3.22. 2nd_Left_Seat_Belt_Status
[0756] Seat belt buckle switch status in 2nd left seat
[0757] Values
TABLE-US-00079 TABLE 78 value Description remarks 0 Buckled 1
Unbuckled 2 Undetermined 3 Reserved
[0758] Remarks [0759] cannot detect sensor failure.
[0760] 3.4.3.23. 2nd_Right_Seat_Belt_Status
[0761] Seat belt buckle switch status in 2nd right seat
[0762] Values
TABLE-US-00080 TABLE 79 value Description remarks 0 Buckled 1
Unbuckled 2 Undetermined 3 Reserved
[0763] Remarks [0764] cannot detect any failure.
[0765] 3.5. APIs for Power control
[0766] 3.5.1. Functions
[0767] T.B.D.
[0768] 3.5.2. Inputs
TABLE-US-00081 TABLE 80 Signal Name Description Redundancy
Power_Mode_Request Command to control the power N/A mode of the
vehicle platform
[0769] 3.5.2.1. Power_Mode_Request
[0770] Command to control the power mode of the vehicle
platform
[0771] Values
TABLE-US-00082 TABLE 81 Value Description Remarks 00 No request 01
Sleep means "Ready OFF" 02 Wake means that VCIB turns ON 03 Resd
Reserved for data expansion 04 Resd Reserved for data expansion 05
Resd Reserved for data expansion 06 Driving Mode means "Ready
ON"
[0772] Remarks [0773] Regarding "wake", let us share how to achieve
this signal on the CAN. (See the other material) Basically, it is
based on "ISO11989-2:2016". Also, this signal should not be a
simple value. Anyway, please see the other material. [0774] This
API will reject the next request for a certain time [4000 ms] after
receiving a request.
[0775] The followings are the explanation of the three power modes,
i.e. [Sleep][Wake][Driving Mode], which are controllable via
API.
[0776] [Sleep]
[0777] Vehicle power off condition. In this mode, the high voltage
battery does not supply power, and neither VCIB nor other VP ECUs
are activated.
[0778] [Wake]
[0779] VCIB is awake by the low voltage battery. In this mode, ECUs
other than VCIB are not awake except for some of the body
electrical ECUs.
[0780] [Driving Mode]
[0781] Ready ON mode. In this mode, the high voltage battery
supplies power to the whole VP and all the VP ECUs including VCIB
are awake.
[0782] 3.5.3. Outputs
TABLE-US-00083 TABLE 82 Signal Name Description Redundancy
Power_Mode_Status Status of the current power N/A mode of the
vehicle platform
[0783] 3.5.3.1. Power_Mode_Status
[0784] Status of the current power mode of the vehicle platform
[0785] Values
TABLE-US-00084 TABLE 83 Value Description Remarks 00 Resd Reserved
for same data align as mode request 01 Sleep means "Ready OFF" 02
Wake means that the only VCIB turns ON 03 Resd Reserved for data
expansion 04 Resd Reserved for data expansion 05 Resd Reserved for
data expansion 06 Driving Mode means "Ready ON" 07 unknown means
unhealthy situation would occur
[0786] Remarks [0787] VCIB will transmit [Sleep] as
Power_Mode_Status continuously for 3000 [ms] after executing the
sleep sequence. And then, VCIB will be shutdown.
[0788] 3.6. APIs for Safety
[0789] 3.6.1. Functions
[0790] T.B.D.
[0791] 3.6.2. Inputs
TABLE-US-00085 TABLE 84 Signal Name Description Redundancy
T.B.D.
[0792] 3.6.3. Outputs
TABLE-US-00086 TABLE 85 Signal Name Description Redundancy Request
for Operation Request for operation according to status of vehicle
platform toward ADS Passive_Safety_Functions_Triggered Collision
detection signal -- Brake_System_Degradation_Modes Indicates
Applied Brake_System_Degradation_Modes
Propulsive_System_Degradation_Modes Indicates N/A
Propulsive_System_Degradation_Modes
Direction_Control_Degradation_Modes Indicates N/A
Direction_Control_Degradation_Modes
WheelLock_Control_Degradation_Modes Indicates Applied
WheelLock_Control_Degradation_Modes
Steering_System_Degradation_Modes Indicates Applied
Steering_System_Degradation_Modes Power_System_Degradation_Modes
Indicates Applied Power_System_Degradation_Modes
Communication_Degradation_Modes
[0793] 3.6.3.1. Request for Operation
[0794] Request for operation according to status of vehicle
platform toward ADS
[0795] Values
TABLE-US-00087 TABLE 86 value Description remarks 0 No request 1
Need maintenance 2 Need back to garage 3 Need stopping safely
immediately Others Reserved
[0796] Remarks [0797] T.B.D.
[0798] 3.6.3.2. Passive_Safety_Functions_Triggered
[0799] Crash detection Signal
[0800] Values
TABLE-US-00088 TABLE 87 value Description remarks 0 Normal 5 Crash
Detection (airbag) 6 Crash Detection (high voltage circuit is shut
off) 7 Invalid Value Others Reserved
[0801] Remarks [0802] When the event of crash detection is
generated, the signal is transmitted 50 consecutive times every 100
[ms]. If the crash detection state changes before the signal
transmission is completed, the high signal of priority is
transmitted.
[0803] Priority: crash detection>normal [0804] Transmits for 5 s
regardless of ordinary response at crash, because the vehicle
breakdown judgment system shall send a voltage OFF request for 5 s
or less after crash in HV vehicle.
[0805] Transmission interval is 100 ms within fuel cutoff motion
delay allowance time (1 s) so that data can be transmitted more
than 5 times. In this case, an instantaneous power interruption is
taken into account.
[0806] 3.6.3.3. Brake_System_Degradation_Modes
[0807] Indicate Brake_System status
[0808] Values
TABLE-US-00089 TABLE 88 value Description remarks 0 Normal -- 1
Failure detected --
[0809] Remarks [0810] When the Failure is detected, Safe stop is
moved.
[0811] 3.6.3.4. Propulsive_System_Degradation_Modes
[0812] Indicate Powertrain_System status
[0813] Values
TABLE-US-00090 TABLE 89 value Description remarks 0 Normal -- 1
Failure detected --
[0814] Remarks [0815] When the Failure is detected, Safe stop is
moved.
[0816] 3.6.3.5. Direction_Control_Degradation_Modes
[0817] Indicate Direction_Control status
[0818] Values
TABLE-US-00091 TABLE 90 value Description remarks 0 Normal -- 1
Failure detected --
[0819] Remarks [0820] When the Failure is detected, Safe stop is
moved. [0821] When the Failure is detected, Propulsion Direction
Command is refused.
[0822] 3.6.3.6. WheelLock_Control_Degradation_Modes
[0823] Indicate WheelLock_Control status
[0824] Values
TABLE-US-00092 TABLE 91 value Description remarks 0 Normal -- 1
Failure detected --
[0825] Remarks [0826] Primary indicates EPB status, and Secondary
indicates SBW indicates. [0827] When the Failure is detected, Safe
stop is moved.
[0828] 3.6.3.7. Steering_System_Degradation_Modes
[0829] Indicate Steering_System status
[0830] Values
TABLE-US-00093 TABLE 92 value Description remarks 0 Normal -- 1
Failure detected -- 2 Stationary steering Temporary lowering in
performance not possible due to high temperature or the like
[0831] Remarks [0832] When the Failure are detected, Safe stop is
moved.
[0833] 3.6.3.8. Power_System_Degradation_Modes
[0834] [T.B.D]
[0835] 3.6.3.9. Communication_Degradation_Modes
[0836] [T.B.D]
[0837] 3.7. APIs for Security
[0838] 3.7.1. Functions
[0839] T.B.D.
[0840] 3.7.2. Inputs
TABLE-US-00094 TABLE 93 Signal Name Description Redundancy
1st_Left_Door_Lock_Command Command to control each door N/A
1st_Right_Door_Lock_Command lock of the vehicle platform N/A
2nd_Left_Door_Lock_Command Lock command supports only N/A
2nd_Right_Door_Lock_Command ALL Door Lock. N/A Unlock command
supports 1st-left Door unlock only, and ALL Door unlock. Trunk Door
Lock/unlock command include in ALL Door lock/unlock
Central_Vehicle_Lock_Exterior_Command Command to control the all
door N/A lock of the vehicle platform
[0841] 3.7.2.1. 1st_Left_Door_Lock_Command,
1st_Right_Door_Lock_Command, 2nd_Left_Door_Lock_Command,
2nd_Right_Door_Lock_Command
[0842] Command to control each door lock of the vehicle
platform
[0843] Values
TABLE-US-00095 TABLE 94 Value Description Remarks 0 No Request 1
Lock (unsupported) 2 Unlock 3 reserved
[0844] Remarks [0845] Lock command supports only ALL Door Lock.
[0846] Unlock command supports 1st-left Door unlock only, and ALL
Door unlock.
[0847] 3.7.2.2. Central Vehicle Lock Exterior Command
[0848] Command to control the all door lock of the vehicle
platform.
[0849] Values
TABLE-US-00096 TABLE 95 Value Description Remarks 0 No Request 1
Lock (all) include trunk lock 2 Unlock (all) include trunk unlock 3
reserved
[0850] Remarks [0851] Lock command supports only ALL Door Lock.
[0852] Unlock command supports 1st-left Door unlock only, and ALL
Door unlock.
[0853] 3.7.3. Outputs
TABLE-US-00097 TABLE 96 Signal Name Description Redundancy
1st_Left_Door_Lock_Status Status of the current 1st-left door N/A
lock mode of the vehicle platform 1st_Right_Door_Lock_Status Status
of the current 1st-right door N/A lock mode of the vehicle platform
2nd_Left_Door_Lock_Status Status of the current 2nd-left door N/A
lock mode of the vehicle platform 2nd_Right_Door_Lock_Status Status
of the current 2nd-right door N/A lock mode of the vehicle platform
Central_Vehicle_Exterior_Locked_Status Status of the current all
door lock N/A mode of the vehicle platform Vehicle_Alarm_Status
Status of the current vehicle alarm N/A of the vehicle platform
[0854] 3.7.3.1. 1st_Left_Door_Lock_Status
[0855] Status of the current 1st-left door lock mode of the vehicle
platform
[0856] Values
TABLE-US-00098 TABLE 97 value Description Remarks 0 reserved 1
Locked D seat locked 2 Unlocked D seat unlocked 3 invalid
[0857] Remarks [0858] cannot detect any failure.
[0859] 3.7.3.2. 1st_Right_Door_Lock_Status
[0860] Status of the current 1st-right door lock mode of the
vehicle platform
[0861] Values
TABLE-US-00099 TABLE 98 value Description remarks 0 reserved 1
Locked P seat locked 2 Unlocked P seat unlocked 3 invalid
[0862] Remarks [0863] cannot detect any failure.
[0864] 3.7.3.3. 2nd_Left_Door_Lock_Status
[0865] Status of the current 2nd-left door lock mode of the vehicle
platform
[0866] Values
TABLE-US-00100 TABLE 99 Value Description remarks 0 Reserved 1
Locked RL seat locked 2 Unlocked RL seat unlocked 3 invalid
[0867] Remarks [0868] cannot detect any failure.
[0869] 3.7.3.4. 2nd_Right_Door_Lock_Status
[0870] Status of the current 2nd-right door lock mode of the
vehicle platform
[0871] Values
TABLE-US-00101 TABLE 100 value Description remarks 0 reserved 1
Locked RR seat locked 2 Unlocked RR seat unlocked 3 invalid
[0872] Remarks [0873] cannot detect any failure.
[0874] 3.7.3.5. Central_Vehicle_Exterior_Locked_Status
[0875] Status of the current all door lock mode of the vehicle
platform
[0876] Values
TABLE-US-00102 TABLE 101 value Description remarks 0 Reserved
(unsupport) 1 All Locked (unsupport) 2 Anything Unlocked
(unsupport) 3 invalid (unsupport)
[0877] Remarks [0878] Vehicle platform refers to each door lock
status, [0879] in case any door unlocked, sends 0. [0880] in case
all door locked, sends 1.
[0881] 3.7.3.6. Vehicle_Alarm_Status
[0882] Status of the current vehicle alarm of the vehicle
platform
[0883] Values
TABLE-US-00103 TABLE 102 Value Description remarks 0 Disarmed Auto
alarm system not active 1 Armed Auto alarm system active .cndot.
not on alert 2 Active Auto alarm system active .cndot. on alert 3
invalid
[0884] Remarks
[0885] N/A
[0886] 3.8. APIs for MaaS Service
[0887] 3.8.1. Functions
[0888] T.B.D.
[0889] 3.8.2. Inputs
TABLE-US-00104 TABLE 103 Signal Name Description Redundancy
T.B.D.
[0890] 3.8.3. Outputs
TABLE-US-00105 TABLE 104 Signal Name Description Redundancy
T.B.D.
Example 2
[0891] Toyota's MaaS Vehicle Platform
[0892] Architecture Specification
[0893] [Standard Edition #0.1]
[0894] History of Revision
TABLE-US-00106 TABLE 105 Date of Revision ver. Summary of Revision
Reviser 2019 Nov. 4 0.1 Creating a new material MaaS Business
Div.
[0895] Index
TABLE-US-00107 1. General Concept 4 1.1. Purpose of this
Specification 4 1.2. Target Vehicle Type 4 1.3. Target Electronic
Platform 4 1.4. Definition of Term 4 1.5. Precaution for Handling 4
1.6. Overall Structure of MaaS 4 1.7. Adopted Development Process 6
1.8. ODD (Operational Design Domain) 6 2. Safety Concept 7 2.1.
Outline 7 2.2. Hazard analysis and risk assessment 7 2.3.
Allocation of safety requirements 8 2.4. Redundancy 8 3. Security
Concept 10 3.1. Outline 10 3.2. Assumed Risks 10 3.3.
Countermeasure for the risks 10 3.3.1. The countermeasure for a
remote attack 11 3.3.2. The countermeasure for a modification 11
3.4. Addressing Held Data Information 11 3.5. Addressing
Vulnerability 11 3.6. Contract with Operation Entity 11 4. System
Architecture 12 4.1. Outline 12 4.2. Physical LAN architecture
(in-Vehicle) 12 4.3. Power Supply Structure 14 5. Function
Allocation 15 5.1. in a healthy situation 15 5.2. in a single
failure 16 6. Data Collection 18 6.1. At event 18 6.2. Constantly
18
[0896] 1. General Concept
[0897] 1.1. Purpose of this Specification
[0898] This document is an architecture specification of Toyota's
MaaS Vehicle Platform and contains the outline of system in vehicle
level.
[0899] 1.2. Target Vehicle Type
[0900] This specification is applied to the Toyota vehicles with
the electronic platform called 19ePF [ver.1 and ver.2].
[0901] The representative vehicle with 19ePF is shown as
follows.
[0902] e-Palette, Sienna, RAV4, and so on.
[0903] 1.3. Definition of Term
TABLE-US-00108 TABLE 106 Term Definition ADS Autonomous Driving
System. ADK Autonomous Driving Kit VP Vehicle Platform. VCIB
Vehicle Control Interface Box. This is an ECU for the interface and
the signal converter between ADS and Toyota VP's sub systems.
[0904] 1.4. Precaution for Handling
[0905] This is an early draft of the document.
[0906] All the contents are subject to change. Such changes are
notified to the users. Please note that some parts are still T.B.D.
will be updated in the future.
[0907] 2. Architectural Concept
[0908] 2.1. Overall Structure of MaaS
[0909] The overall structure of MaaS with the target vehicle is
shown (FIG. 20).
[0910] Vehicle control technology is being used as an interface for
technology providers.
[0911] Technology providers can receive open API such as vehicle
state and vehicle control, necessary for development of automated
driving systems.
[0912] 2.2. Outline of System Architecture on the Vehicle
[0913] The system architecture on the vehicle as a premise is shown
(FIG. 21).
[0914] The target vehicle of this document will adopt the physical
architecture of using CAN for the bus between ADS and VCIB. In
order to realize each API in this document, the CAN frames and the
bit assignments are shown in the form of "bit assignment chart" as
a separate document.
[0915] 2.3. Outline of Power Supply Architecture on the Vehicle
[0916] The power supply architecture as a premise is shown as
follows (FIG. 22).
[0917] The blue colored parts are provided from an ADS provider.
And the orange colored parts are provided from the VP.
[0918] The power structure for ADS is isolate from the power
structure for VP. Also, the ADS provider should install a redundant
power structure isolated from the VP.
[0919] 3. Safety Concept
[0920] 3.1. Overall Safety Concept
[0921] The basic safety concept is shown as follows.
[0922] The strategy of bringing the vehicle to a safe stop when a
failure occurs is shown as follows (FIG. 23).
[0923] 1. After occurrence of a failure, the entire vehicle
executes "detecting a failure" and "correcting an impact of
failure" and then achieves the safety state 1.
[0924] 2. Obeying the instructions from the ADS, the entire vehicle
stops in a safe space at a safe speed (assumed less than 0.2G).
[0925] However, depending on a situation, the entire vehicle should
happen a deceleration more than the above deceleration if
needed.
[0926] 3. After stopping, in order to prevent slipping down, the
entire vehicle achieves the safety state 2 by activating the
immobilization system.
TABLE-US-00109 TABLE 107 category content Precondition Only one
single failure at a time across the entire integrated vehicle.
(Multiple failures are not covered) After the initial single
failure, no other failure is anticipated in the duration in which
the functionality is maintained. Responsibility In case of a single
failure, the integrated vehicle should for the vehicle maintain the
necessary functionality for safety stop. platform until The
functionality should be maintained for 15 (fifteen) safety state 2
seconds. Basic [For ADS] Responsibility The ADS should create the
driving plan, and should Sharing indicate vehicle control values to
the VP. [For Toyota vehicle platform] The Toyota VP should control
each system of the VP based on indications from the ADS.
[0927] See the separated document called "Fault Management"
regarding notifiable single failure and expected behavior for the
ADS.
[0928] 3.2. Redundancy
[0929] The redundant functionalities with Toyota's MaaS vehicle are
shown.
[0930] Toyota's Vehicle Platform has the following redundant
functionalities to meet the safety goals led from the functional
safety analysis.
[0931] Redundant Braking
[0932] Any single failure on the Braking System doesn't cause loss
of braking functionality. However, depending on where the failure
occurred, the capability left might not be equivalent to the
primary system's capability. In this case, the braking system is
designed to prevent the capability from becoming 0.3 G or less.
[0933] Redundant Steering
[0934] Any single failure on the Steering System doesn't cause loss
of steering functionality. However, depending on where the failure
occurred, the capability left might not be equivalent to the
primary system's capability. In this case, the steering system is
designed to prevent the capability from becoming 0.3 G or less.
[0935] Redundant Immobilization
[0936] Toyota's MaaS vehicle has 2 immobilization systems, i.e. P
lock and EPB. Therefore, any single failure of immobilization
system doesn't cause loss of the immobilization capability.
However, in the case of failure, maximum stationary slope angle is
less steep than when the systems are healthy.
[0937] Redundant Power
[0938] Any single failure on the Power Supply System doesn't cause
loss of power supply functionality. However, in case of the primary
power failure, the secondary power supply system keeps supplying
power to the limited systems for a certain time.
[0939] Redundant Communication
[0940] Any single failure on the Communication System doesn't cause
loss of all the communication functionality. System which needs
redundancy has physical redundant communication lines. For more
detail information, see the chapter "Physical LAN architecture
(in-Vehicle)".
[0941] 4. Security Concept
[0942] 4.1. Outline
[0943] Regarding security, Toyota's MaaS vehicle adopts the
security document issued by Toyota as an upper document.
[0944] 4.2. Assumed Risks
[0945] The entire risk includes not only the risks assumed on the
base e-PF but also the risks assumed for the Autono-MaaS
vehicle.
[0946] The entire risk is shown as follows.
[0947] [Remote Attack] [0948] To vehicle [0949] Spoofing the center
[0950] ECU Software Alternation [0951] DoS Attack [0952] Sniffering
[0953] From vehicle [0954] Spoofing the other vehicle [0955]
Software Alternation for a center or an ECU on the other vehicle
[0956] DoS Attack to a center or other vehicle [0957] Uploading
illegal data [0958] [Modification] [0959] Illegal Reprogramming
[0960] Setting up an illegal ADK [0961] Installation of an
unauthenticated product by a customer
[0962] 4.3. Countermeasure for the Risks
[0963] The countermeasure of the above assumed risks is shown as
follows.
[0964] 4.3.1. The Countermeasure for a Remote Attack
[0965] The countermeasure for a remote attack is shown as
follows.
[0966] Since the autonomous driving kit communicates with the
center of the operation entity, end-to-end security should be
ensured. Since a function to provide a travel control instruction
is performed, multi-layered protection in the autonomous driving
kit is required. Use a secure microcomputer or a security chip in
the autonomous driving kit and provide sufficient security measures
as the first layer against access from the outside. Use another
secure microcomputer and another security chip to provide security
as the second layer. (Multi-layered protection in the autonomous
driving kit including protection as the first layer to prevent
direct entry from the outside and protection as the second layer as
the layer below the former)
[0967] 4.3.2. The Countermeasure for a Modification
[0968] The countermeasure for a modification is shown as
follows.
[0969] For measures against a counterfeit autonomous driving kit,
device authentication and message authentication are carried out.
In storing a key, measures against tampering should be provided and
a key set is changed for each pair of a vehicle and an autonomous
driving kit. Alternatively, the contract should stipulate that the
operation entity exercise sufficient management so as not to allow
attachment of an unauthorized kit. For measures against attachment
of an unauthorized product by an Autono-MaaS vehicle user, the
contract should stipulate that the operation entity exercise
management not to allow attachment of an unauthorized kit.
[0970] In application to actual vehicles, conduct credible threat
analysis together, and measures for addressing most recent
vulnerability of the autonomous driving kit at the time of LO
should be completed.
[0971] 5. Function Allocation
[0972] 5.1. In a Healthy Situation
[0973] The allocation of representative functionalities is shown as
below (FIG. 24).
[0974] [Function Allocation]
TABLE-US-00110 TABLE 108 Function category Function name Related to
# remarks Planning Plan for driving path 0 Calculating control 0
e.g. longitudinal G indications Overall API Pub/Sub 1 One system
with redundancy Security Autonomy Driving Kit 1 One system with
Authentication redundancy Message 1 One system with Authentication
redundancy Door locking control 8 Longitudinal/Lateral Motion
control 2 (Primary), 3 (Secondary) Propulsion control 4 Braking
control 2, 3 Two units controlled according to deceleration
requirement Steering control 5 One system with redundancy
Immobilization control 2 (EPB), 6 (P Lock) Shift control 6 Power
supply Secondary battery 7 control Vehicle power control 10 For
more information, see the API specification. Access/Comfort Body
control 8 Turn signal, Headlight, Window, etc. HVAC control 9 Data
Data logging (at event) 1 Data logging 1 (constantly)
[0975] 5.2. In a Single Failure
[0976] See the separated document called "Fault Management"
regarding notifiable single failure and expected behavior for the
ADS.
[0977] Though embodiments of the present disclosure have been
described above, it should be understood that the embodiments
disclosed herein are illustrative and non-restrictive in every
respect. The scope of the present invention is defined by the terms
of the claims and is intended to include any modifications within
the scope and meaning equivalent to the terms of the claims.
* * * * *