AbstractFuel economy and emission challenges are pushing automotive OEMs to develop alternative hybrid-electric, and full-electric powertrains, increasing variation in potential powertrain architectures, which exacerbates the complexity of control software used to coordinate various propulsion devices. Safety of this control software must be ensured through high-integrity software monitoring functions that detect faults and ensure safe mitigating action is taken. This monitoring functionality has itself become complex, requiring extensive modification for each new powertrain architecture to develop, calibrate, and verify the software to ensure safety as defined by ISO 26262. However, it must also be robust against false fault-detection, thereby maximising vehicle performance availability to the customer. It is therefore desirable to investigate whether novel approaches for software safety monitoring can address the manufacturer’s complexity and calibration burden whilst robustly achieving safety with minimal effect on availability.
In this thesis, two novel functional safety monitoring concepts have been conceived and developed. First, an Adaptive Safety Monitor is introduced that aims to directly reduce the necessary safety software fidelity through new reasoning surrounding safety and driver expectation. An improvement in robustness is demonstrated by successfully using a low-fidelity safety software coupled with an adaptive safety monitor instead of a conventional high-fidelity model approach, and was shown to both accurately detect erroneous torque demand and prevent false-positive detection. Secondly, a novel Principal Component Analysis based safety monitor is introduced. An automated PCA model derivation process is developed that derives safety software automatically from the control software, with minimal effort from the OEM, and is shown to both quantitatively and qualitatively detect software faults within 5Nm of torque demand. These concepts are supported by a literature review, development context in relation to the ISO 26262 standard, and a set of ideal monitoring attributes derived from ISO 26262, ISO 25010, and expert opinion. A Matlab/Simulink electric vehicle model was created to serve as a simulation test-bed for both concepts. Lastly, considerations for verification and validation are explored before both developed concepts are evaluated according to the derived ideal attributes.
|Date of Award||19 Jun 2019|
|Supervisor||Marina De Vos (Supervisor), Sam Akehurst (Supervisor), Andrew Hillis (Supervisor) & David McGeoch (Supervisor)|