Modern on-board energy network architectures require diagnostic mechanisms that can quickly detect and reliably locate faults and can also switch on redundant power supply paths. In the FAT project “Diagnostic concepts for zonal and partially redundant vehicle electrical system architectures” (FAT publication series 378), which was carried out at the University of Kassel, TU Dortmund University, and the Fraunhofer Institute for Integrated Circuits (IIS), the research team demonstrated new concepts and their validation in vehicle electrical systems.

1 Background

Electrification of all driving functions is rapidly increasing. This includes the management of control elements, in particular the brakes (drive-by-wire, brake-by-wire), as well as fully electric steering (steer-by-wire), new convenience features such as soft-close functions, and the growing number of driver assistance systems and environmental sensors. The result is a bewildering array of possible architectures for the vehicle's electrical and data systems. Vehicle electrical system architectures must meet very high reliability and safety requirements. Strict quality specifications at the component level are accompanied by topological measures at the on-board energy network level. Such power supply topologies and structures include elements like backbones, zonal architecture, and redundancy. Due to the complexity of vehicle electrical system architectures, there is already a strong need for reliable, architecture-specific diagnostic functions.

A FAT working group of researchers from the vehicle systems department at the University of Kassel, the on-board systems department at TU Dortmund University, and the Engineering of Adaptive Systems (EAS) division of the Fraunhofer Institute for Integrated Circuits (IIS) has now tackled this topic. The team examined the question of how intelligent diagnostic functions in vehicles can help guarantee a high level of functional safety, even amid the rising number of variants. They investigated which architectures are suitable for fault detection, what additional costs and effort this would entail, which algorithms are good at detecting faults, and how diagnostic concepts can be tested in simulations.

2 System concepts and architectural exploration

When designing vehicle electrical systems, engineers must ensure that the systems meet given requirements. It must be possible to detect faults in complex structures in due time and to initiate suitable countermeasures. The increased demand for sensors and switch actuator technology must be taken into account and additional communication must be integrated if faults can only be detected by linking distributed information in the vehicle electrical system [1, 2].

In developing its methodology, the working group took care to ensure that electrical system architectures could initially be evaluated on the logical level with regard to the effort involved in detecting, classifying, and switching off faults such as short circuits and opens. Because the tests are so highly automated, it is possible to model and address an exceptionally large number of vehicle electrical systems. Using a generic description, over 8000 topologies with redundant power sources and power supply connections were created automatically [3].

The topologies considered here as examples consist of four distribution boxes (Power Distribution Units, or PDUs) with their connected loads, two power sources, and any interconnection between the sources and the PDUs that extends to complete dual redundancy [3], Figure 1. A PDU has several switches so that it can disconnect defective sources or connections in the event of a fault.

Figure 1
figure 1

Generic wiring system topology with all possible connections and the fault cases under consideration (© University of Kassel)

Full size image

For each topology, the researchers took into account a minimum sensor system for fault detection and a switch logic for selective fault handling. The respective topology can thus be evaluated by comparing the sensor costs and the probability of a PDU failure. A distinction was made between local detectability using sensor signals within the PDU and central detectability of faults with a corresponding communication requirement. Figure 2 shows the relative costs for minimum sensor technology with centralized fault handling and additional communication requirements in red, and the relative costs for decentralized fault handling without the need for communication in black. Decentralized fault handling requires four to six more sensors, which doubles or triples the effort involved. Consequently, it is expedient to select topologies with local or centralized fault detection capability, taking into account sensor complexity and communication requirements.

Figure 2
figure 2

Probability of failure versus relative costs, taking into account sensor costs for centralized (red) and decentralized (black) fault handling (© University of Kassel)

Full size image

3 Sensors in the vehicle electrical system and data processing

Today's vehicles already use a large number of sensors that are suitable for diagnosing the vehicle electrical system. Current diagnostic methods, however, do not locate faults or distinguish what type they are. For this reason, the working group developed data-based methods for detecting and locating faults that use voltage and current sensors, which are usually present in the electronic components. Using Artificial Intelligence (AI), the collected data provided information on both the fault itself and its location. The focus was on the real-time detection of faults that affect the voltage supply to the vehicle electrical system. These include line faults and overvoltage on the DC/DC converter output, but also individual faults in battery cells. Models for fault simulation had previously been developed by the FAT working group [4].

The researchers assume that the melting fuses commonly used today will be replaced by electronic fuses (eFuses) in future vehicle electrical systems. These monitor the flowing current and thus protect the wiring harness from overloading. In a PDU containing several eFuses, the sensors can be evaluated centrally to determine the status of the vehicle electrical system.

Using an onboard diagnostics concept, Figure 3, faults in the vehicle electrical system can be detected in real time by the centralized measurements in a PDU. Individual measuring points are combined into evaluation intervals and the measurement data are analyzed. A neural network trained with simulation data is used to classify and locate the faults based on the data available. The continuous evaluation of the system status by the neural network can be accompanied by misclassifications. A termination criterion has been introduced to avoid this and ensure greater security: A classification over several evaluation intervals must be confirmed. This is shown in Figure 4 (a) for all the faults investigated. If the observation period is extended, detection accuracy can be increased to 100 %. The detection times for optimum termination criteria are shown in Figure 4 (b) for the different types of faults.

Figure 3
figure 3

AI-based centralized diagnostic concept for vehicle electrical systems (© TU Dortmund University)

Full size image
Figure 4
figure 4

Classification: diagnostic accuracies and detection times for all faults considered (a); optimal termination times broken down by the individual fault types (b) (© TU Dortmund University)

Full size image

Using AI-based methods, the diagnostic system under consideration was able to achieve detection times of less than 50 µs for a large number of faults. Special faults, such as short-term interruptions of power supply lines (for example, loose contacts of electrical connectors) require a longer diagnosis time, as they differ only in their periodicity from line opens.

4 Evaluation of the diagnostic function through virtual testing

Demands on the reliability and safety of the vehicle electrical system are increasing, especially when it comes to automated driving. The electrical system must be not only fail-safe, but also fail-operational. Its high costs and weight require new intelligent safety concepts that go beyond conventional multiple redundancy. Its condition must be monitored over the vehicle's entire service life to detect fault conditions with low latency and maximum accuracy and to initiate appropriate safety measures.

The diagnostics themselves become a safety-critical element of the vehicle electrical system, and their fault-free functioning must be ensured and verified. In view of the large number of topology variants mentioned at the beginning of this paper and the exacting demands on the sensors and algorithms used, virtual tests are the only way to verify that the diagnostic concepts developed are indeed functioning. An automated process for modeling and simulating system behavior in response to injected faults is mandatory for efficient analysis while maintaining a high level of functional safety in the diagnostic system. Various test cases based on load scenarios, expected fault cases, and detection rates predefined according to the respective architecture must be implemented automatically in order to fully evaluate regression tests of the diagnostic functions via simulation. Finally, the results of all simulations are recorded, an overview of the fulfillment of the test objectives is presented, and the most suitable topologies are determined, Figure 5.

Figure 5
figure 5

Determination of the best topology variant using automated generation and simulation processes (© Fraunhofer IIS/EAS)

Full size image

SystemC AMS was used as the description language for modeling and simulation, which enables fault injection at simulation runtime without recompiling the model [3]. The generated code does not require any licenses, is very fast, and can run at any scale in a computing cluster.

An intuitive dashboard has been developed as a graphical user interface to operate the automated process. This makes it possible to select the topologies to be examined and the faults to be introduced as well as to automatically evaluate the simulation runs. The subsequent findings include important measures such as Diagnostic Coverage (DC) or Single-point Fault Metrics (SPFM) as well as the costs of the respective architecture, thus providing decision criteria for selecting a topology.

5 Summary

Vehicle electrical system architectures have increasingly complex structures and must supply power reliably, especially to safety-relevant loads. The findings of the described research project show how the multitude of possible topologies can be narrowed down by evaluation on the logical level and how this selection can be validated with intelligent diagnostic functions and a comprehensive methodology. The evaluation of the diagnostics itself is also based on simulations. This makes it possible to design highly safe E/E architectures.

References

  1. [1]

    Brabetz, L.; Ayeb, M.; Lehmann, J.; Löwer, B.: Evaluation of Future Topologies and Architectures for High-Reliability Electrical Distribution Systems. SAE Technical Paper 2020-01-1296, 2020

  2. [2]

    Brabetz, L.; Ayeb, M.: Assessment of Future Architectures for High-Reliability Electrical Distribution Systems (EDS). 9th International Conference on Automotive Wiring Systems, online, 2021

  3. [3]

    Jancke, R.; Gerten, M.; Ayeb, M.; Düsing, M.: Methodical Onboard Network Design for Fail-safe Energy Supply of Automated Driving Functions. In ATZworldwide 2-3/2023, pp. 56-60

  4. [4]

    Research Association of Automotive Technology (FAT): Simulationsgestützte Analyse und Bewertung der Fehlertoleranz von Kfz-Bordnetzen. Berlin: FAT publication series, No. 334 (2020)