The challenge
The electrical and electronic systems of modern road vehicles are becoming increasingly complex, which is why manufacturers must validate their safety systems before placing them on the market. The methods of ISO 26262 describe in detail the processes of quality management. Even if all components have been developed, built and secured accordingly, the OEM cannot simply transfer responsibility to the supplier. Ultimately, the OEM will not be able to avoid investigating and documenting the effects of a component defect on the entire vehicle in accordance with the principles of product and manufacturer liability.
The company GeneSys Elektronik GmbH has developed a test and validation system for this purpose.
Motivation
To evaluate a vehicle according to ASIL (Automotive Safety Integrity Level), it is necessary to first assess the probability of occurrence of a risk – the controllability by the driver in the event of a fault event as well as the severity of the hazard to the user or his environment.
This is already done during the development process of the individual components, but must also be applied to the entire vehicle. Modern simulation methods already deliver very good and reliable results here. Even so, there will be no getting around real driving tests, at least on a random basis, to validate and document the results.
Modern vehicles have many areas that can be affected.
Here are just a few examples.
Vehicle dynamics control
- Lateral acceleration sensor
- Yaw rate sensor
- Steering angle sensor
- Wheel speed sensor
ADAS and Autonomous Driving
- Radar
- Lidar
- Ultrasound
- Cameras
Steering
- Steering angle sensor
- Steering torque sensor
- Power supply
- Power modules (such as MOSFET)Â
Transmission
- Faulty switching, incorrect actuation of valves
Test setup
Driving tests are typically conducted on a suitable cordoned-off proving ground such as the dynamic area of a proving ground.
A manufacturer-specific gateway stimulates corresponding errors in the aforementioned control units or the associated sensors. This could be sensor break, creeping offset, jump offset, sign error and much more.
The lane deviation from the target trajectory that a vehicle experiences after a fault has occurred is observed in order to assess the degree of danger that can be expected after a fault has occurred. If the vehicle deviates by more than 0.5 m (to be defined individually) within the driver’s reaction time of 1s (to be defined individually), a considerable risk is assumed, as the vehicle could then already collide with oncoming traffic.
Equipping the vehicle to be tested (VUT, Vehicle Under Test) with measurement technology and sensors is very easy and can be done in just a few minutes.
At the heart of the system is the GeneSys ADMA-G-Pro+ GNSS-aided inertial measurement system with its high- performance fiber optic gyros (FOG). It is provided on a quick mount (on-seat adapter for rear seat or passenger seat). ADMA determines the actual trajectory with an accuracy of up to +/- 1 cm, as well as other vehicle dynamic variables such as acceleration, yaw rates, angle and velocity.
There is also room for the data acquisition (DAQ) on the bracket. Any DAQ system that can record data fully synchronously can be used. Prefabricated plug-ins for the ADMA inertial system, such as those offered by Vector (CANape), digitalwerk (ADTF), DEWESoft and DEWETRON, are practical.
DEWESoft has developed the appropriate data logger SIRIUS R2DB for this application.
In addition to the measurement data of the inertial measurement unit (IMU), it can also acquire data from vehicle buses (CAN, Flexray, CAN-FD, etc.) as well as the fault connection and, if necessary, optical, acoustic and haptic warning signals fully synchronously.
The target trajectory is displayed in special software and the vehicle deviation is determined online in relation to it after the fault has occurred.
The parameters can then also be freely set to validate online whether the test was valid at all and whether the vehicle remained within the prescribed deviations.
Prepared setups can be processed in sequence.
- Driving straight ahead
- Driving through curves
- Euler spiral (also called “dog’s curve”)
And that is even with the different types of error stimulation mentioned earlier, as well as at different velocities.
Accessories
Some maneuvers cannot be performed manually with sufficient precision. Here we recommend the use of steering robots or steering wheel fixations.
To achieve an accuracy of +/- 1 cm, GNSS receivers require terrestrially generated DGNSS correction data. GeneSys has suitable weatherproof and mobile DGNSS base stations for the test track in its range.
Alternatively, correction data can be obtained from private operators such as SAPOS, AXIO-NET or HEXAGON using NTRIP modem.
Summary
ISO 26262 has been internationally established as the standard for the functional safety of passenger cars since 2011.
The above test equipment enables simple and rational testing of the electronic systems in the complete vehicle.
The revision in December 2018 also included motorcycles and commercial vehicles. Miniaturized inertial systems (e.g. ADMA-Slim) in the tank bag are used for motorcycles. The assembly time also takes just a few minutes.
As the level of automation increases, new functions will also need to be validated. The potential impact of cybercrime in particular will come into focus.
As the number of test cases has increased exponentially, the testing effort has also increased dramatically. For this reason, a large part of the testing will be conducted in simulation in the future. Or both at the same time: as with VIL – Vehicle in the Loop.