Skip to main content
Research

How to design a fail-operational powertrain for automated vehicles

Bosch Research Blog | Post by Jochen Faßnacht, 2021-03-10

Jochen Faßnacht talks about how to design a fail-operational powertrain for automated vehicles

Co-authors: Ahmet Kilic, Christian Thulfaut, Kirill Gorelik, Rainer Walter

There is a trend towards the automation of cars, trucks and busses, fueled both by the wish of customers to increase driving comfort and the general demand to increase driver productivity and traffic safety. One example for this trend is Automated Valet Parking by Bosch. In future, the transport of passengers and goods will probably be handled by fully-automated shuttles or busses. Because such vehicles often operate in urban or suburban areas and mainly on short distances, it is expected that they will be mainly powered by electrified powertrains. But how can we ensure that the automated vehicle arrives at a safe location if arbitrary powertrain failures occur?

Demand for fail-operability of automated vehicles

It is not the end of the world if a conventional vehicle breaks down on its own lane. The reason for this is the driver, who can ensure safety by pushing the vehicle out of the danger zone or safeguard the vehicle by means of a warning triangle. The driver can also guide passengers out of the hazard zone to a safe location in the emergency lane.

But imagine a driverless automated bus or shuttle full of schoolchildren stopping in the fast lane of the highway because of a severe traction system problem. This would mean there is no adult present to guide the children out of the danger zone or put up a warning triangle. Therefore, the powertrain must ensure that the vehicle is at least able to reach a safe location in case of an arbitrary first failure.

The next figure shows a metric developed by Bosch Research to derive future requirements concerning the safety of automated vehicles. These levels are classified according to the safe location (Safe Stop Location, SSL) which must be defined for each application depending on the operational domain and addressed use case. From these SSL, the different requirements concerning operation of drivetrain, steering and braking system can be derived on vehicle level for electrified vehicles in case of a first failure.

These safety goals span from emergency braking to driving home in case of a first failure. It would be beneficial for example, if the shuttle with the schoolchildren could reach at least the nearest parking area and therefore a Safe Stop Location (SSL) B.

Metric developed by Bosch Research to derive future requirements concerning the safety of automated vehicles
Metric developed by Bosch Research to derive future requirements concerning the safety of automated vehicles

How to design a fail-operational electric drivetrain

When the required safe stop location is derived for a given use case, the task is now to develop such a fail-operational powertrain. But what does this mean? Fail-operability means that even in case of an arbitrary first failure, the powertrain provides at least sufficient acceleration, braking torque and power to avoid danger with a sufficiently high probability. The powertrain might not provide extremely high acceleration torque or power or no longer be comfortable and fast, but should at least bring the vehicle to the defined safe location or state.

It’s true that a fail-operational electrical powertrain is nothing without a fail-operational battery or fuel-cell system, but our research activity focusses on the the e-drive, the transmission and shafts. The power supply is assumed to be sufficiently reliable or fail-operational.

Different measures are possible to improve reliability or provide fail-operability of the electric powertrain as shown in the next figure.

Overview of possible measures to increase reliability of the electric powertrain
Overview of possible measures to increase reliability of the electric powertrain

Another important requirement on automotive powertrains is to be very cost-effective in order to make automated mobility affordable. This prohibits the simple use of existing concepts from aviation or power plant technology and demands that we select the right measures or combinations of measures according to the concrete necessary SSL. Redundancy and overdesign are rather expensive and only possible if the SSL requirements are very high.

Smart technologies, such as diagnosis and improved control strategies, can also significantly increase reliability and are comparably cost-effective. The challenge is now to find the right concepts for application. This can be solved by analyzing the requirements and evaluating the safety-levels reached with different measures and costs.

Fail-operational powertrain of a shuttle as an example

Let’s continue with the example from the beginning of the blog – a shuttle full of children traveling to school on urban highways. Let’s further assume that this application requires SSL A, which means a powertrain with massive redundancy is necessary as shown in the following figure.

There are two different powered axles used, each with two electric machines of different type separable by clutch. This concept, together with additional measures, will provide sufficient fail-operability, but will surely increase cost significantly.

  • Illustration of a powertrain with massive redundancy
    Illustration of a powertrain with massive redundancy
  • Illustration of a powertrain with massive redundancy

Summary

Bosch Research has developed a metric to derive the necessary requirements according to the required Safe Stop Locations of different applications. This was done in the context of national and European publicly funded projects such as AutoDrive together with leading partners from across the entire value chain. This metric and a catalog of different technical approaches are the base for the development of future competitive powertrain systems for automated vehicles.

What are your thoughts on this topic?

Please feel free to share them or to contact me directly.

Author: Jochen Faßnacht

Jochen has been working as a development engineer for Robert Bosch GmbH since 2002. Currently, he is working on the development of new traction drive systems for electromobility as a senior expert. His area of responsibility includes developing new electric traction drive and control systems and integrating them into the vehicle, along with practically all the aspects this entails..

Jochen Faßnacht

Co-authors: Ahmet Kilic, Christian Thulfaut, Kirill Gorelik, Rainer Walter

Share this on: