With increased developments and interest in platooning and higher levels of automation (SAE level 3+), the need for safety systems that are capable of monitoring system health and maintain safe operation in faulty scenarios is increasing. Methods for the detection, isolation and identification of faults in automated and cooperative driving is increasing. Once the existence of a fault is known, one needs to classify its severity and decide between fail-operational and fail-safe mitigation to guarantee the safety of a faulty vehicle.
The considered scenario in this research consists out of a vehicle suffering from a severe fault, such as a power steering or rear tire failure, whilst driving in an ACC string of vehicles on the right most lane of a highway. To accommodate failures in an automated vehicle, as a first contribution of this thesis a functional-safety architecture is proposed, which can enable safe operation in faulty scenarios. This architecture uses a nominal channel, a health monitor and a safety channel to incorporate all steps between nominal vehicle operation
and fault mitigation. To demonstrate the increase in safety potential of the first contribution, its tactical decision making and fail-safe mitigation modules are implemented as a second contribution. The fail-safe mitigation uses an optimization-based algorithm to bring the faulty vehicle to a safe-state, being parked on the road shoulder. This maneuver is performed using nonlinear model predictive control (NMPC). To further highlight safety improvements of the functional-safety architecture, the prediction model of the NMPC is reconfigured. It uses the information from the fault detection and isolation module to optimize the tracking performance of the controller.
Assuming a string of ACC vehicles, results show different tactical decision making strategies the faulty-vehicle can perform to move to the road shoulder. The impact it has on the remainder of the string of vehicles shows a trade-off between stopping time and distance of the faulty vehicle and reconnection time for the remaining vehicles. Further results on the tracking performance of the NMPC show its robustness against severe faults and the increase in tracking performance when it uses the information from the proposed architecture. This highlights the safety improvement potential and need of both the functional-safety architecture and the fail-safe mitigation algorithm.
- Laura Ferranti
- Emilia Silvas (TNO)
- Chris van der Ploeg (TNO)