Development and Optimisation of an Adaptive Safety Monitor 2018-01-0867

Fuel economy and emission challenges are pushing automotive OEMs to develop alternative hybrid-electric, and full-electric powertrains. This increases variation in potential powertrain architectures, exacerbating the already complex control software used to coordinate various propulsion devices within the vehicle. Safety of this control software must be ensured through high-integrity software monitoring functions that detect faults and ensure safe mitigating action is taken. With the complexity of the control software, this monitoring functionality has itself become complex, requiring extensive modification for each new powertrain architecture. Significant effort is required to develop, calibrate, and verify to ensure safety (as defined by ISO 26262). But this must also be robust against false fault-detection, thereby maximising vehicle availability to the customer. It is therefore desirable to investigate whether novel approaches for software safety monitoring can address the complexity and calibration burden whilst robustly achieving safety with minimal effect on availability. A novel adaptive safety monitor is proposed as an innovative software fault-detection concept, aiming to enable transferability between powertrains without modification and minimal recalibration effort. This paper will outline challenges faced by current fault-detection methods, and how an adaptive safety monitor concept can overcome them. Development of concept is then discussed, with the introduction of a two-stage algorithm, and a performance analysis is conducted through model simulation, demonstrating improved robustness against false faults. A parameter calibration and optimisation process is demonstrated through design-of-experiments (DoE), concluding with further work and an outlook into future commercial applications, both in the automotive industry and beyond.