Lateral Thinking: Steering Safely

towards Autonomous Driving

01 October 2019

AESIN 2019 2

Scope Product High-Autonomy Steering System (Actuation)

Vehicle Application from Tricycles to Trucks from Urban Mobility to Hypercars

Engineering Development Product Line Variant product, reconfigurable, scalable, tunable

Market Public Roads, Closed Environments, Off-Highway, Track Low-volume, One-offs, niche vehicles

Functional Safety, Systems and Software Engineering Services 3

Public Trust in Driverless Car Scenarios Trust: Adoption Barrier Risk Perception - Absent an understanding of: 1. Technology 2. Engineering or

Product Complexity required for the ODD

3. Safety implications From: Journal of Engineering and

Technology Management 48 (2018)

4

SAE J3016 – reprise on Autonomy levels

5

ISO26262– reprise on relevant terminology

6

Vehicle Speed Column Torque

and Angle Sensors

Torque and Angle

Steering Column

EPS ECU

Motor Drive

Motor and Gearbox

Steering Rack

Column Torque and Angle Sensors

Torque and Angle

Steering Column

Motor Position, Speed and Current

EPS ECU

Motor Drive

Motor and Gearbox

Steering Rack

Vehicle Speed

From EPAS to EPS – Driver ability in Fallback

7

J3016 – Steering Dynamic Driving Task & Fallback

8

EPS – System Redundancy and Failure Modes

9

Vehicle Speed Column Torque

and Angle Sensors

Torque and Angle

Steering Column

EPS ECU

Motor Drive

Motor and Gearbox

Steering Rack

Vehicle Speed

Steering Commands

EPS ECU

Motor Drive

Motor and Gearbox

Steering Rack

EPS – System Control Philosophy

10

Sense: Steering Handwheel Torque Steering Handwheel Angle Vehicle Speed Remote Commands Motor (Rotor) Speed Motor (Electrical) Angle Motor (Phase) Current

Control: Validate Arbitrate Calculate (Demand) Monitor / Diagnose Mitigate or Accommodate Report

Actuate: Motor Torque – Magnitude Motor Torque – Direction Motor Speed Isolation Controls Status Signals

Sa Ma La

Torque demand

Clarke IUVWIαβ

ParkIαβ Idq Control Id

Electrical angle

Control IqVq

Vd

Inverse Park

VdqVαβ

Electrical angle

Vα

Vβ

PWM calculation

MOSFET driver MOSFETs

Measure IUVW

Measure VUVW

Calculate Iq and Id set points

Verify torque Verify angle

Motor

eMotor Control and Steering Actuation

11

Sa Ma La

A or B Decision

Sb Mb Lb

Sa Ma La

Sb Mb Lb

Redundant System Architecture Candidates (1oo2/D)

12

Sa Ma La

Sb Mb Lb

Lc

Sa Ma La

Sb Mb Lb

Lc Sc Mc

More System Architecture Candidates (TMR)

TMR has great Full ODD availability Put potentially poor reliability Complexity, Cost, Size, Weight Reduction: Obviously potential problems here ‘Centre’ influences both Conflicts between ‘Centre’ & ‘Outside’ Reduced availability

13

Sa Ma La

Sb Mb Lb

Lc

A Route to Compromise

Multiple homed sensors – best promise of detecting/diagnosing Reduced motors – best promise cost, weight, size for availability (slightly less than TMR) Tertiary system (centre) becomes high-fidelity monitor

14

Common-cause Failures Hardware (Electronic and Electrical) diversity is easily argued Technology, geometry, specification , but less ‘clear cut’ with software External events are unlikely to be common software effect – logical flaws are!

Clear academic evidence that independent interpretation of software specification does NOT lead to independent implementation (sufficiently for 99% significance - ASIL D).

Software diversity requires deliberate process alteration, compiler choices, mathematical and algorithmic sequencing, design attention tp memory allocation and data representation, to minimise the likelihood of CCF.

A systematic approach is likely to be cheaper and more effective than secondary engineering! 15

Functional & Safety Engineering for Variant Product

16

17

With Thanks to Titan Motorsport