Faults and Their Influence On The Dynamic Behaviour of Electric Vehicles

Faults and their influence on the dynamic
behaviour of electric vehicles
Daniel Wanner
Licentiate Thesis in Vehicle Engineering
TRITA-AVE 2013:48
ISSN 1651-7660
Postal address Visiting address Telephone Internet

Royal Institute of Technology Teknikringen 8 +46 8 790 6000 www.ave.kth.se
Vehicle Dynamics Stockholm Telefax
SE-100 44 Stockholm +46 0 790 9290
Typeset in LATEX
ISSN 1651-7660
Faults and their influence on the dynamic behaviour of electric vehicles
Daniel Wanner
Licentiate Thesis
Academic thesis, which with the approval of Kungliga Tekniska Högskolan, will be
presented for public review in fulfillment of the requirements for a Licentiate of Engi-
neering in Mechanical Engineering.
c 2013, Daniel Wanner

Acknowledgements
This research has been performed at KTH Vehicle Dynamics, Royal Institute of Tech-
nology in Stockholm, Sweden. The financial support by SHC, the Swedish Hybrid
Vehicle Center, is gratefully acknowledged.
I would like to express my gratitude to all people involved, especially my academic
supervisor Annika Stensson Trigell and co-supervisor Lars Drugge for their constant
support, encouragement and patience provided during the project. I am grateful for the
countless fruitful discussions and stimulating advice from my industrial advisor Mats
Jonasson at Volvo Car Corporation. Further, I would like to thank Oskar Wallmark at
KTH Electrical Energy Conversion for the excellent collaboration on all topics related
to electrical engineering. Many thanks for constructive feedback during the steering
group meetings are extended to Leo Laine, Olof Noréus, Mats Leksell, Gunnar Olsson
and Matthijs Klomp. I also wish to thank my fellow colleagues at KTH Vehicle Dy-
namics Johannes Edrén, Malte Rothhämel, Mikael Nybacka, Jenny Jerrelind, Sigvard
Zetterström and Mohammad Mehdi Davari for their support during this work.
Finally,
Thank you all for your assistance, which has undoubtedly contributed to this licentiate
thesis.
I
Abstract
The increase of electronics in road vehicles comes along with a broad variety of pos-
sibilities in terms of safety, handling and comfort for the users. A rising complexity
of the vehicle subsystems and components accompanies this development and has to
be managed by increased electronic control. More potential elements, such as sensors,
actuators or software codes, can cause a failure independently or by mutually influ-
encing each other. There is a need of a structured approach to sort the faults from a
vehicle dynamics stability perspective.
This thesis tries to solve this issue by suggesting a fault classification method and fault-
tolerant control strategies. Focus is on typical faults of the electric driveline and the
control system, however mechanical and hydraulic faults are also considered. During
the work, a broad failure mode and effect analysis has been performed and the faults
have been modeled and grouped based on the effect on the vehicle dynamic behaviour.
A method is proposed and evaluated, where faults are categorized into different levels
of controllability, i. e. levels on how easy or difficult it is to control a fault for the driver,
but also for a control system.
Further, fault-tolerant control strategies are suggested that can handle a fault with a
critical controllability level. Two strategies are proposed and evaluated based on the
control allocation method and an electric vehicle with typical faults. It is shown that
the control allocation approaches give less critical trajectory deviation compared to no
active control and a regular Electronic Stability Control algorithm.
To conclude, this thesis work contributes with a methodology to analyse and develop
fault-tolerant solutions for electric vehicles with improved traffic safety.
III
Sammanfattning
Den ökande användningen av elektronik i vägfordon leder till många nya lösningar
för ökad säkerhet, förbättrade köregenskaper samt högre komfort för användarna. En
följd av denna utveckling är mer komplexa fordonssystem och komponenter, vilka ofta
behöver hanteras genom införandet av ytterligare reglerteknik. Dessa nya element
i vägfordonen, såsom sensorer, aktuatorer och mjukvarukoder, kan i sin tur orsaka
fel oberoende av varandra, eller genom att påverka varandra, vilket kan leda till nya
problem med trafiksäkerheten. Tidigare har denna frågeställning inte angripits på ett
strukturerat sätt för att sortera möjliga fel utifrån ett fordonsdynamiskt perspektiv.
Denna licentiatuppsats har som ambition att lösa detta genom att föreslå en felklas-
sificeringsmetod samt feltoleranta reglerstrategier. Fokus är på typiska fel i elektriska
drivlinor och reglersystem, men även mekaniska och hydrauliska fel har analyserats. I
arbetet har en stor mängd möjliga fel kartlagts, modellerats och grupperats utifrån sin
inverkan på det fordonsdynamiska beteendet. En metod har utvecklats som bygger
på att kategorisera felen i olika nivåer av kontrollerbarhet, dvs. nivåer som beskriver
hur lätt eller svårt det är för föraren eller ett aktivt fordonssystem att kontrollera
fordonet då ett fel uppstår.
Dessutom föreslås ett sätt att hantera fel som leder till kritiska kontrollbarhetsnivåer,
s.k. feltoleranta reglerstrategier. Två strategier baserade på kraftallokering föreslås
och utvärderas för ett elfordon med typiska fel. Det visas att jämfört med ett fordon
utan reglering samt med fordon med vanlig ESC-reglering fås väsentligt förbättrade
egenskaper.
Sammanfattningsvis presenterar detta arbete en metodik för hur man kan analysera
och ta fram feltoleranta lösningar för mer trafiksäkra elektriska fordon.
V
Appended papers
Paper A
Wanner, D., Stensson Trigell, A., Drugge, L. and Jerrelind, J.: Survey on fault-tolerant
vehicle design. Proceedings of the 26th Electric Vehicle Symposium (EVS26), Los An-
geles, USA, May 6–9, 2012.
Contribution of authors: Wanner conducted the literature study, wrote the paper and
presented the work at EVS26. Stensson Trigell, Drugge and Jerrelind supervised the
work, provided useful ideas, valuable comments and proofread the paper.
Paper B
Wanner, D., Drugge, L. and Stensson Trigell, A.: Fault classification method for driv-
ing safety of electrified vehicles. Submitted for publication in August, 2013.
Contribution of authors: Wanner designed the vehicle model, the fault models and the
driving scenario, performed the simulations, developed the methodology, performed
the analysis and wrote the paper. Drugge and Stensson Trigell supervised the work,
provided useful ideas, valuable comments and proofread the paper.
Paper C
Wanner, D., Edrén, J., Jonasson, M., Wallmark, O., Drugge, L. and Stensson Trigell,
A. Fault-tolerant control of electric vehicles with in-wheel motors through tyre-force
allocation. Proceedings of the 11th International Symposium on Advanced Vehicle
Control (AVEC 12), Seoul, Korea, September 9–12, 2012.
Contribution of authors: Wanner designed the scenario, performed the simulations,

conducted the analysis, wrote the paper and presented the work at AVEC12. Wanner,
Edrén and Jonasson built the vehicle model and the controller. Wallmark developed
the power train model. Drugge and Stensson Trigell supervised the work, provided
useful ideas, valuable comments and proofread the paper.
VII
Contents
1 Introduction 1
1.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Research scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Thesis layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Faults in vehicles 5
2.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Fault types and statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3 Fault collection and grouping . . . . . . . . . . . . . . . . . . . . . . . . 12
2.4 Fault group modelling . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3 Classification of faults 19
3.1 Objective evaluation criteria . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.1.1 Stationary evaluation . . . . . . . . . . . . . . . . . . . . . . . . 20
3.1.2 Non-stationary evaluation . . . . . . . . . . . . . . . . . . . . . . 20
3.1.3 Choice of evaluation criteria . . . . . . . . . . . . . . . . . . . . . 25
3.2 Fault classification method . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.2.1 Controllability ranking method . . . . . . . . . . . . . . . . . . . 26
3.3 Classified fault groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4 Fault handling 33
4.1 Fault-tolerant control systems . . . . . . . . . . . . . . . . . . . . . . . . 33
4.1.1 Fault detection and isolation . . . . . . . . . . . . . . . . . . . . 34
4.1.2 Active and passive fault-tolerant control . . . . . . . . . . . . . . 34
4.2 Applied fault-tolerant control method . . . . . . . . . . . . . . . . . . . 35
4.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5 Summary of appended papers 41

5.1 Fault-tolerant vehicle design (Paper A) . . . . . . . . . . . . . . . . . . . 41
5.2 Fault classification method (Paper B) . . . . . . . . . . . . . . . . . . . 41
5.3 Fault-tolerant control strategies (Paper C) . . . . . . . . . . . . . . . . . 42
6 Scientific contribution 43
7 Conclusions and recommendations for future work 45

7.1 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
7.2 Recommendations for future work . . . . . . . . . . . . . . . . . . . . . 46
IX
Contents
Bibliography 47
Nomenclature 51
Appended Papers 57
A Survey on fault-tolerant vehicle design 57
B Fault classification method for driving safety of electrified vehicles 73
C Fault-tolerant control of electric vehicles with in-wheel motors through 91

tyre-force allocation
X
1 Introduction
1.1 Background
When asking people on the street about their opinion on electric vehicles1 (EV), they
will name beneficial aspects such as environmentally friendly, zero emissions (especially
no CO2 emissions), low operating costs as no fossil fuel is needed and low noise emis-
sions. However, humans are commonly reluctant towards technological changes such
as the electrification of electric drivelines. Thus, drawbacks will be present in their
minds as well; namely low range, long charging times, safety of the battery pack and
high vehicle prices [1, 2]. The battery pack is the main concern regarding safety, but
there are other components in electric vehicles that can have a defect during operation
and lead to safety critical situations or even accidents. These components are often
forgotten to be mentioned as they are hidden for the customer.
The beginning of electronic components in road vehicles started decades ago. The real
breakthrough however came with the introduction of fast, reliable and cheap micro-
electronics in the automotive sector. Two decades ago, chassis systems extended the
handling capabilities and novel functionalities that increase the safety margins of the
vehicles with systems like the Anti-lock Braking System (ABS) and the Electronic Sta-
bility Control (ESC) were implemented. Further, it enabled to incorporate conflicting
objectives like better ride comfort and improved handling, both in the same vehicle.
A century ago, electric machines were competing with internal combustion engines as
driveline system for passenger cars. The latter previaled as standard solutions and
alternatives emerged only in recent years for mass-produced cars. The main drivers
of this development are the shortage of natural fossil resources and the environmental
impact of the traffic and the whole society. This led to an engagement of the politics,
both giving out incentives for vehicles with lower emissions and legislative regulations
promoting them at the same time. A further driver is the emerging sustainable and
environmental mind-set of the society, thus social responsibility and acceptance in so-
ciety are the incitements for the car buyers. Chassis and driveline systems will further
increase the degree of vehicle over-actuation and thereby advance flexibility of the ve-
hicle behaviour. This comes along with an increase of complexity meaning also that
more electric and electronic (E/E) components lead to more possible failures. How-
ever, failures in these systems can influence the vehicle stability that can lead to safety
critical situations or even accidents.
1 The term electric vehicle will be used in this thesis representing all forms of electrified drivelines
independent of its energy source, no matter if it is fossil fuels for internal combustion engines,
hydrogen used in fuel cells or traction batteries.
1
1 Introduction
The occurrence of faults cannot be completely avoided for sure. Thus, the vehicle
should be able to handle the faults in a way that the operation is not influenced or at
least that the vehicle comes to a safe stop. Control methods that are new to the vehicle
sector can be employed to handle faults and increase vehicle dynamic safety. These
so called fault-tolerant control strategies exploit the given over-actuation2 of a vehicle
by adapting its control strategy in case a fault occurs. These strategies are able to
reduce the severity of faults. Fig. 1.1 shows a vehicle with and without fault-tolerant
control strategy. After a fault occurs that leads to a failure braking the rear left wheel,
only the vehicle with fault-tolerant control (green trajectory) keeps the vehicle stable
avoiding an accident.
Figure 1.1: Fault during normal driving operation. No fault-tolerant control (red tra-
jectory). Fault-tolerant control (green trajectory).
1.2 Research scope
The objective of this research is to identify faults that influence vehicle dynamic sta-
bility and develop solutions that compensate for the occurring faults. In a bottom-up
approach, faults are analysed and classified regarding their consequences on the dy-
namic behaviour of the vehicle caused by the identified faults. These developed fault
classes are applied to find adequate control strategies to be able to handle each fault in
the best way. The focus is put on vehicles with electric drivelines, especially in-wheel
motor concepts. The following questions will be answered in this thesis:
• Classification of faults in electric vehicles
– Which faults are relevant for vehicle stability and what is their influence?
– How severe is a fault and does it lead to vehicle instability?
– How can faults be analysed and grouped?
2 An over-actuated system has more actuators than degrees of freedom that are to be controlled.
This allows that force constraints of the vehicle can be exploited at a high level and the vehicle
can be controlled more freely [3].
2
1.3 Thesis layout
• Fault handling control strategies

– How can the vehicle stability under a fault condition be improved?
– How do over-actuation and novel control approaches come into play?
1.3 Thesis layout
This thesis consists of an extended summary of the conducted research and three re-
search articles. Chapter 2 of the extended summary provides basic definitions and
types of faults, statistics of accidents and technical failures, the conducted collection
and grouping of faults as well as the modelling of fault groups. The classification of
faults is presented in Chapter 3 and includes a literature review about objective evalu-
ation criteria in the field of vehicle dynamics, the developed fault classification method
with examples and the resulting classified fault groups. In Chapter 4, fault-tolerant
control systems are introduced and results of the proposed control strategies are pre-
sented. Chapter 5 summarises the results of the research and the appended papers,
Chapter 6 describes the novelty of the results, i. e. the scientific contribution. Finally,
the thesis conclusions and recommendations for future work are presented in Chap-
ter 7. In Paper A, a general overview of fault-tolerant premises, control strategies and
regulations is given. Probabilities and relevance of faults and the developed classifi-
cation method of faults is presented in Paper B. Specific control strategies for fault
handling in an electric driveline are studied in Paper C.
3
1 Introduction
4
2 Faults in vehicles
A fault inside a component or a subsystem of a vehicle can lead to a vehicle failure

affecting normal vehicle operation and deteriorating vehicle dynamic stability. Vehicle
breakdowns and accidents compromising the traffic safety for occupants and surround-
ing traffic are decreasing in recent years [4, 5]. However, it is not guaranteed that this
trend continues with the launch of vehicles with electrified driveline systems. The con-
ducted failure and accident analysis gives an indication on probabilities of failures. A
fault collection and failure effect analysis is derived as a consequence.
2.1 Definitions
Before faults that can occur in a vehicle are described, a clarification of the technical
terms is presented. These technical terms are mainly derived from the ISO 26262
functional safety standard for road vehicles [6] and some other sources describing the
terms in a more descriptive way [7–10].
Fault
A fault is the basic defect, i.e. an unpermitted deviation of at least one characteristic
property of the system from the acceptable, usual, standard condition.
A fault occurs on the physical level and can be either of hardware or of software type.
It may not affect the correct functioning of the system and even be independent of
whether the system is in operation or not. Therefore it is often difficult to detect
a fault. The state of a fault can occur abruptly, transient or intermittent and may
initiate a failure or a malfunction. Failures and malfunctions are events and usually
arise after start-up or when increasing the stress on a system. Examples of a fault can
be a tyre that has a puncture, i. e. a hole occurs in the tyre, a bad solder spot on a
semiconductor of the power electronics or a leakage in the brake fluid piping.
Error
An error is the discrepancy between a computed, observed or measured value or condi-

tion, and the true, specified, or theoretically correct value or condition.
5
An error is an incorrect state on the process level, which is caused by the fault and
can lead to a failure. In case of the given examples of faults, corresponding errors are
a low tyre pressure due to a hole, a missing control signal to the semiconductor or if
the brake fluid drops to a low level.
Failure
A failure is a termination of the ability of an element, to perform a function as required.

A failure acts on the operational level and is the observed deviation from the require-
ment. The user perceives the failure as being the problem. It can occur randomly,
deterministically or systematically. In the first example, this means that the tyre pa-
rameters degrade and lead to vehicle instabilities. The semiconductor does not switch,
delivering no current to the motor and the drive cannot operate as desired. The brake
performance is degraded and the brake system fails to deliver the requested braking
torque.
Malfunction
A malfunction is an intermittent irregularity in the fulfilment of a system’s desired

function.
A malfunction can be seen as a temporal interruption of the system that degrades the
performance of the system, but the system does not fail. It can become permanent
and loose its degraded performance completely, thus leading to a failure. The semi-
conductor can have interrupted connectivity due to e. g. vibrations and therefore may
work correctly by intermittence.
2.2 Fault types and statistics
Faults can be of mechanical, electric1 , electronic2 and software3 types and have dif-
ferent characteristics that occur in various forms, time behaviours and extents. An
overview of faults is given in Table 2.1. Wrong specifications, design mistakes or wrong
coding lead to systematic faults for electronic hardware and software. The type of fault
that happens mostly for hardware E/E components is random with all kinds of time
behaviour [7]. Electrical faults however appear in general more randomly than me-
chanical faults. Electronic faults can appear in either form and to either extent. A
1 The term electric defines the general concept of electricity, i. e. generation, distribution, transfor-
mation and utilisation of electricity applying electric elements.
2 The term electronic describes devices that are powered by electricity and consist of one or more
electric devices.
3 The term software describes the program code that is used to control electronic devices.
6
brief overview of fault types and their causes is presented in Paper A and Paper B.
Faults influencing vehicle directional stability of passenger cars can be derived from
vehicle accident and breakdown statistics of road vehicles.
Table 2.1: Different types of faults [7].

Type of fault Mechanical Electrical Electronical Software
Systematic x x x
Form
Random x x
Permanent x x
Abrupt x x x x
Time Transient x x x
behaviour Intermittent x x x
Noise x x
Drift x x x
Local x x x x
Extent
Global x x
Accident statistics
The accident statistics from NHTSA [11] give an overview of injuries in the United
States between 2005 and 2007. A weighted sample of four million drivers that crashed
during a period of 2.5 years from the data base records of NHTSA was used. 0.8 %
of all accidents are fatal. Accidents with incapacitating injuries are 10.5 %. About
half of all accidents go along without injuries. Light and non-incapacitating injuries
contribute with 36 %. Within the European Union, the fatalities were at an annual
level of 23 465 fatalities for the EU-15 in 2009. Accidents including all kind of injuries
reach a number of 1.13 million injured persons in the EU-15 the same year [5].
Accidents are occurring due to several different reasons and factors such as weather
conditions, crowded traffic situations or driver behaviour to give some examples. In this
work, these factors are grouped into different categories, namely the driver, external
disturbances and technical failures. The most common cause of an accident is the
driver. Recognition, decision, performance and non-performance errors can be made
by the driver. Most of all accidents are attributed to the driver, i. e. more than 75 %
according to [11]. These categories can be interconnected for any accident as seen in
the NHTSA statistics. A driver can for instance decide to take a curve too fast under
an icy weather condition, which however would need a reduction of speed in order to
avoid an accident. Therefore, external disturbances that are caused by deteriorated
7
driving conditions or obstacles on the road are reason for more than 50 % of all
accidents with any kind of injury. Accident causes due to technical failures of vehicles
are in the order of 10 % in Germany [12]. The statistics presented in [5, 12] show
that the number of fatalities and injuries massively decreased since the introduction of
the safety belt [13, 14] and later other passive safety systems such as airbags. Recent
studies have shown the effect of active safety systems. It has been found that vehicles
with electronic stability control systems reduce single vehicle accidents by 50 % [15].
Even though the majority of accidents happen without harming traffic participants,
there is a strong need to reduce this number further. Every accident that can be
avoided does not only increase the safety of individuals, but also the social costs
of traffic accidents4 , which are significant [16], can be decreased. The technological
enablers like electrification of driveline and chassis systems started to be delivered to
customers in recent years. The gross of the vehicle fleet is however still based on mature
technologies such as the internal combustion engine and mechanical differential that
have been on the market for decades. In order to reach the same level of reliability for
electrified road vehicles, these have to be developed first and achive a certain maturity
level.
Reliability of passenger cars
Breakdown statistics of passenger cars are studied to obtain an overview of the main
reasons for stranded vehicles and hazardous situations that can lead to accidents.
NHTSA [11] shows that the amount of accidents resulting out of mechanical failures
is around 2 % of all accidents. What this means can be derived from the breakdown
statistics of the German Automobile Club ADAC of the last four years, see Fig. 2.1.
It shows a constantly high rate of over 41 % of electric components such as battery,
starter motor or generator. Electronic and software breakdowns are mainly due to
internal combustion engine (ICE) control and count in with 19 %. The mechanical
based breakdowns (excluding the ICE mechanics with 14 %) are at 13.5 % [4]. 5
These statistics will certainly change with the increasing amount of EVs in the vehicle
fleet. The existing vehicle fleet has already a high rate of E/E and software failures.
Assuming an increase of EVs in the fleet, E/E components will have a higher impact on
the amount of vehicle breakdowns. In order to quantify possible scenarios, breakdown
analyses of several E/E components in other applications are shown in the next section.
4 The social cost of (road) traffic accidents include the cost components: physical damage to vehicles,
infrastructure, properties, and natural environment; legal, police, and emergency service costs;
costs of injuries and fatalities, such as medical and funeral costs; psychological costs of pain and
suffering; production losses [16].
5 The percentages are cumulated values from the ADAC breakdown statistics 2009 to 2012.
8
others
(e.g. punc-
ture)
mechanical
ICE electrical
mechanical
electronic
and software
Figure 2.1: Vehicle breakdown statistics in Germany during 2012 [4].
Reliability of electric driveline components
In the literature, no study on components specifically for electric drivelines of road

vehicles has been found. Moreover, the results of reliability studies conducted for the
two main components in an electric driveline, i.e. electrical machine and electronic
power converter, are analysed.
The reliability of electrical machines is the aim of several analyses. When studying
large scale electrical AC drives, it can be found that about 50 % of all failures are caused
by mechanical reasons due to bearings, stator windings and external equipment [17].
Mechanical failures mainly occur due to bearing failures with 95 %. Winding failures
cause only 5 % of the failures in the analysed direct driven electrical machines, without
interim gearbox [18].
The reliability of electronic power converters has been scope of research for years
in areas where high reliability is necessary, such as megawatt rated variable speed
drive system and uninterruptible power supplies [19, 20]. Solutions that are easy to
implement are often applied. Simple redundancy solutions such as a second power
source on stand-by are technically not feasible in for example aircraft design due to
weight and packaging restrictions and cannot be justified due to cost [18]. This applies
also for automotive design in a similar way. A study from Kastha and Bose investigates
selected failure modes of a voltage-fed inverter running induction machines [21]. They
identified and simulated important faults:
• input supply single line to ground fault,
• rectifier diode short circuit fault,
• transistor base drive open fault and
• transistor short circuit fault.
9
The analysis shows the zones of operation where the drive can continue to operate safely
in a degraded mode, which is crucial information for a high reliability process and its
fault-tolerant control. The results can be extended to other converter configurations
or drives with other types of control. The reliability of power electronics has been
an important issue since the early power electronics applications, however it greatly
improved in the recent years. A survey on requirements and expectations of reliability
in electronic power converters was carried out by Yang [22]. According to the survey,
power semiconductor devices are ranked as the most fragile components, followed by
capacitors and gate drives, whereas failures caused by resistor or inductor faults are
rather seldom. The failures at semiconductor level are mainly caused by mechanical
errors due to overload, temperature or moisture as well as quick transient behaviour of
the system. Thus quality of mechanical components within E/E components for power
converters is crucial for the system dependability. Mechanical failures seem to be the
most likely kind of failures and therefore quality in development and manufacturing
is absolutely necessary. However, it also shows the need for solutions that can handle
these faults. Therefore, the second stage of ensuring safe vehicles is the development
of a fault-tolerant system as not all failures can be diminished.
Mechanical faults
Mechanical components of road vehicles are usually based on mature technologies, thus
designed and manufactured with such high quality standards that failures only occur
due to normal wear or lack of maintenance. Main mechanical problems that can lead
to accidents are exemplified in Table 2.2.
Table 2.2: Examples for typical mechanical faults that can evolve to vehicle failures.
Mechanical faults Failure risk
Under-inflated tyres Leads to overheating and eventually to a tyre
failure.
Worn/uneven tyres Loss of safe traction on wet ground. Can lead
to tyre failure.
Worn/damaged steering and sus- Lead to a loose steering feel (play) and degraded
pension links and bushings directional stability.
Leakage/encapsulated air in Brake pedal sinks, pulsates or is soft, can lead
brake system or ABS failure to malfunction or failure of brake system.
Worn brake pads and shoes Deterioration of brake performance.
Worn ball joints Suspension can collapse, loss of steer-ability.
Wheel bearing failure Loss of wheel, thus loss of steer-ability.
10
Failures due to mechanical faults can often be avoided by a high level of maintenance.
However, a fault-tolerant control approach can further reduce the probability of dan-
gerous situations also due to mechanical failures.
Software faults
Software faults are systematic types of faults and can be distinguished from hardware
faults occurring in mechanical and electrical components. Software is deterministic
and does not change until an updated version overwrites the current version or the
micro-controller and its memory is changed, i.e. the output produced by a specific
input will always be the same as long as the software is not changed [23]. This makes
it resistant regarding external influences, however a redundancy with the exact same
software does not work either as a fault is just reproduced. Redundancy can be enabled
by using different software and programming languages or different development teams.
The probability of failures in aircraft design are extremely low as shown in Fig. 2.2.
Bennett [18] analysed different studies on failure types and found that most common
failures are due to command signals, thus software failures. Software is much less
standardised and far more complex than hardware. The range of faults can cover
everything from a silent fault, that is not detected from the vehicle, to a fault that
leads to an unstable vehicle. Therefore, most of the failures that occur on the vehicle
level can be based on software faults and thus no extra faults are considered in this
study from the software side.
Loss of
aircraft:
1.0 · 10−9
Mechanical failure: 2.2 · 10−6
Motor winding failure: 1.4 · 10−8
Controller failure: 8.6 · 10−5
Power supply failure: 5.4 · 10−5
Command signal failure: 1.3 · 10−5
Figure 2.2: Probability of failures in aircraft design [18].
11
2.3 Fault collection and grouping
A systematic mind mapping approach was applied, where each subsystem along the
physical path of the vehicle was studied, from the tyre contact patch via the differ-
ent subsystems for directional vehicle control to the traction battery and the software
controller. The introduction of electric drivelines containing power electronics and elec-
trical machines raises questions concerning reliability and unknown behaviour during
electrical faults which, indirectly affects passenger safety. Therefore, a separate fault
collection and failure mode and effect analysis is carried out for the electric driveline
as it is the crucial distinction from a regular vehicle with ICE and no such analysis
was carried out before according to [24]. This includes the electrical traction machine,
which is in this study a permanent magnet synchronous machine (PMSM), the traction
battery and the electronic power converter. Excluded is the low voltage part, which
includes the communication buses, micro-controllers, sensors and actuators that are
fed by the standard 12 V car battery. For more detail see [24] and Paper B.
251 potential faults were collected and more than 600 variations considering the dif-
ferent possible locations where the fault can occur on the vehicle. Subsequently, the
failure effects of the faults onto the vehicle behaviour are analysed and faults with
similar effects are pooled in 31 fault groups, see Table 2.3.
All 31 fault groups are described in Table 2.3 including failure effect and example.
Two short examples on the results of the failure effect analysis are shown in Table 2.4.
The electric fault inverter shutdown is given the name fault group FG2. The second
example, fault group FG9, lists three out of several faults that can lead to a loss of
wheel.
Table 2.3: List of all fault groups. For definitions, see Nomenclature.
Fault
Fault description Main failure effect Example
group
FG1 Fault in electrical machine Negative fx,i 3-phase balanced
short circuit
FG2 Fault in power electronics Negative fx,i Inverter shut-
down
FG3 Inverter delivers wrong currents Negative fx,i Single transistor
turn on failure
FG4 Current sensor sends wrong signal Negative fx,i Current sensor
misalignment
FG5 Maximum traction torque Increased fx,i Failure in motor
control
FG6 Pressure reduction in tyre Reduction of fx,i , Puncture
fy,i , Cx and Cy
FG7 Large decrease of friction coeff. µ Large reduction of Icy road
fx,i and fy,i
Continued on next page
12
2.3 Fault collection and grouping
Table 2.3 – continued from previous page.

Fault
group
FG8 Locked wheel(s) Maximum negative Gear box failure
fx,i
FG9 Loss of wheel fx,i and fy,i vanish Fatigue of mate-
and fz,i changes rial
FG10 Out-of-roundness/ wheel unbal- Fluctuation of fx,i Misalignment
ance and fy,i
FG11 Intermediate braking force Intermed. reduction Wheel hub bear-
of fx,i ing fails
FG12 High braking force on wheel(s) Large reduction of Gear box mal-
fx,i function
FG13 Free rolling tyre No positive or nega- Blocked caliper
tive fx,i
FG14 Steering angle zeros out δ is set to zero due to Material failure
aligning torque
FG15 Ride height increase zw increases Active suspen-
sion failure
FG16 Ride height decrease zw decreases Active suspen-
sion failure
FG17 Soft tyre side walls Intermed. reduction Tyre side wall de-
of Cx and Cy terioration
FG18 Small decrease of friction coeffi- Small reduction of Wet road
cient µ fx,i and fy,i
FG19 Intermediate decrease of friction Intermed. reduction Snowy road
coeff. µ of fx,i and fy,i
FG20 Intermittent decrease of friction Temporary reduced Bridge entry
coeff. µ fx,i and fy,i
FG21 Brake force reduction Demanded fx,i re- Air in brake fluid
duced during braking
FG22 Halt brake force Demanded negative Foot mat
fx,i after braking
FG23 Steering angle locked δ is fixed in current Mechanical lock-
position ing
FG24 Steering speed reduction Less δ̇ than de- Control failure of
manded EPS
FG25 Full steering speed inversion Opposing δ̇ than de- Control failure of
manded EPS
FG26 Steering speed inversion by 50 % Opposing δ̇ than de- Control failure of
manded EPS
FG27 Reduction of spring stiffness ks,i decreases Broken main
spring
FG28 Increase of spring stiffness ks,i increases Stuck main
spring
Continued on next page
13
Table 2.3 – continued from previous page.

Fault
group
FG29 Loss of stabilizer stiffness ks,i decreases Broken stabilizer
FG30 Decrease of damper coefficient cs,i decreases Broken damper
FG31 Increase of damper coefficient cs,i increases Stuck damper
Table 2.4: Two examples of fault collection and grouping.

Fault group: FG2
Failure: Dynamic brake torque on wheel
Failure effect: Negative torque delivered (only in field-weakening range)
Modeling comment: Disable power electronic during field-weakening operation
Fault item: Fault: Error: Failure:
In-wheel Loose inverter power Electro-magnetic sta- Wrong inverter volt-
motor source cable leads to tor field that sup- age leads to braking
inverter shutdown presses the rotor field torque
vanishes
Fault group: FG9

Failure: No lateral and longitudinal force transfer
Failure effect: Loss of wheel
Modelling comment: Block wheel, adjust tyre model and decrease ride height
Fault item: Fault: Error: Failure:
Rim Bad material quality Rim material breaks Loss of rim
Lug bolt Fatigue in material Lug bolt breaks Loss of rim
Lug bolt Bad maintenance, Lug bolts get lose Loss of rim
lug bolts not fastened
2.4 Fault group modelling
All fault groups are modelled and simulated in a co-simulation environment of IPG
CarMaker and Matlab/Simulink. A simulation study that describes the fault mod-
elling for all fault groups is found in Paper B. Fault groups including electrical faults
14
Table 2.5: Parameters for the studied electric driveline with in-wheel motor.
Parameter Symbol Value
Rated torque Tr 170 Nm
Rated speed nr 850 rpm
Torque at maximum speed Tn,max 40 Nm
Maximum speed nmax 1872 rpm
Inner radius ri 148 mm
Outer radius ro 216 mm
DC-voltage udc 400 V
Transmission ratio i 1 : 1.6
are based on a simulation model of an electric driveline with a synchronous machine

representing an in-wheel motor. This electrical machine is of permanent-magnet type
and aims for an implementation in small to medium-sized passenger cars. The required
specifications for operating the vehicle are limited by motor placement, packaging and
battery properties. The parameters of the analysed driveline concept are given in
Table 2.5. As the driveline simulation model runs at a much higher sampling rate as
the vehicle model, the fault models based on electric driveline faults are discretised
and implemented with non-linear fitted equations. For example, fault group FG2 is
represented by an inverter shutdown of the given electric driveline model. The inverter
shutdown shows its potential risk especially in the field-weakening range. While oper-
ating with a speed below the nominal speed of the electrical machine, the torque will
be reduced to zero in case of a failure. The inverter will produce a magnetic field in
the stator counteracting the magnetic field of the magnet in the rotor if the working
speed is above this nominal speed. This helps the machine to turn faster than the
nominal speed at the cost of less torque development, see Paper B for more detail.
If the inverter shuts down during the field-weakening, the suppression of the natural
magnetic field disappears and the PMSM develops a braking torque. This braking
torque depends strongly on the speed of the PMSM and increases with higher speeds.
During reversing nothing will happen as the speed of the electrical machine is below
the field-weakening range. The modelled and discretised fault torque characteristics
for the operating point Tdes = 100 Nm and vx = 130 km/h of this fault are shown in
Fig. 2.3 (a). Rapid torque decrease and quick settling time around the mean of the
faulted torque are seen in the behaviour. The discretised fault torque TF is described
by Equation 2.1, with the correction factor Kc , the mean value KT and the amplitude
K|T | .
TF (t) = KT (ω) − K|T | (ω)sin(Kc (ω)πt) (2.1)
15
Its parameters for the first quadrant of the electrical machine are found in the look-up
tables, see Fig. 2.3 (b)-(d). Parameters are defined in the Nomenclature.
Mechanical faults are modelled by manipulating the subsystems of the vehicle model.
Fault group FG9 has less longitudinal and lateral force transfer in the tyre, representing
a loss of a wheel. It is modelled by decreasing the ride height in one or more vehicle
corners. A sudden ride height change during the simulation is introduced. A second
adjustment is the tyre model. This represents the force transfer of steel on ground,
corresponding to the brake disc or another metal suspension component touching the
ground. The scaling factors of the applied Magic Formula combined slip tyre model
are adjusted for the peak friction coefficient in x- and y-direction, λµx and λµy , as
well as for brake slip λKxκ and cornering stiffness λKyα . Both slip curves are shown
in Fig. 2.4.
(a) (b)
5000
200 Simulation model
Simplified model 4000
3000
T in Nm
100
c
2000
K
F
0
1000
0
−100
−1000
0 0.05 0.1 0.15 0 50 100 150
Time in s Speed in km/h
(c) (d)
0 20
−50 15
KT in Nm
in Nm
−100 10
|T|
−150
K
5
−200
0
−250
0 50 100 150 0 50 100 150
Speed in km/h Speed in km/h
Figure 2.3: (a) Characteristic torque of an inverter shutdown with fault induction at
t = 0.05 s plotted together with a simplified model of fault torque. Note the
offset of the simplified model by 100 Nm for visualisation purposes. The
factors of the simplified fault torque model are given as: (b) Correction
factor Kc , (c) Mean value KT , (d) Amplitude K|T | .
Breakdown and accident statistics as well as the mind mapping of faults in road ve-
hicles with electric driveline have led to extended compilation of faults. These faults
were grouped together in fault groups and subsequently modelled and implemented
in a simulation environment. The reader is referred to Paper B for more informa-
16
Longitudinal force in kN 4 4
Lateral force in kN
2 2
0 0
−2 −2
No fault
Fault 9
−4 −4
−100 −50 0 50 100 −20 −10 0 10 20
Longitudinal slip in % Lateral slip in °
Figure 2.4: Longitudinal and lateral slip for a healthy tyre and a tyre representing
fault group FG9.
tion on fault collection, grouping and modelling. In the next chapter, the conducted
simulations will be evaluated and results will be presented.
17
18
3 Classification of faults
The fault classification method is developed to indicate the severity of a fault in a

vehicle. The collected faults are grouped into 31 fault groups based on how the faults
will affect the vehicle as described in Chapter 2. The classification of faults is based on
objective vehicle handling criteria to evaluate the influence of a fault onto the vehicle
dynamic behaviour. Below, an overview of different objective evaluation criteria on
vehicle handling is presented. A ranking method is developed based on the selected
criteria according to the functional safety standard ISO 26262. The 31 fault groups are
classified into four Controllability Classes according to their vehicle dynamic stability,
trajectory deviation risk and hazard for collision. A general scheme is shown in Fig. 3.1.
Fault collection Fault grouping Fault classes
N=600+ N=31 N=4
C3
C2
C1
C0
Figure 3.1: General scheme of fault classification.
3.1 Objective evaluation criteria
Vehicles are evaluated according to subjective and objective criteria. Subjective crite-
ria are human descriptions of the vehicle behaviour. Objective criteria on the other
hand depend only upon measured parameters. A selection of parameters that can
be used for objective evaluation is given in Table 3.1. The criteria can further be
distinguished between stationary and non-stationary evaluation. For the objective
evaluation of the fault groups, non-stationary criteria are necessary as a fault can
arise suddenly and changes the vehicle state during operation.
19
Table 3.1: Measurable parameters applicable for objective evaluation of vehicle be-
haviour.
Measurable parameter Symbol
Longitudinal, lateral and vertical acceleration ax , ay , az
Longitudinal and lateral velocity vx , vy
Longitudinal and lateral position X, Y
Yaw acceleration, yaw velocity and yaw angle ψ̈, ψ̇, ψ
Roll acceleration, roll velocity and roll angle φ̈, φ̇, φ
Pitch acceleration, pitch velocity and pitch angle θ̈, θ̇, θ
Lateral deviation from reference course scd
Body slip angle β
Steering angle velocity and steering angle δ̇, δ
3.1.1 Stationary evaluation
The most common criterion for objective evaluation is the understeering behaviour
of a vehicle. The original determination of understeering behaviour with the differ-
ence of front and rear slip angle was replaced with the steering sensitivity in modern
evaluation because the objective measures did not match the subjective driving experi-
ence [25]. The understeering gradient (often also referred to as self-steering gradient)
is the steering angle gradient described as a function of lateral acceleration. Thus, if
the steering angle has an exponential increase, while lateral acceleration shows a lin-
ear increase, the understeering gradient is positive, corresponding to an understeered
vehicle. This counts vice versa for oversteering. The vehicle is neutral steered if both
parameters are linear, i. e. the understeering gradient is zero. This evaluation criterion
is stationary and used for determining basic vehicle handling properties. In this work,
transient behaviour of the vehicle is of interest, thus non-stationary evaluation criteria
are used.
3.1.2 Non-stationary evaluation
Usually the objective evaluation measures for vehicle stability and handling are of non-
stationary character. Numerous other criteria are found in the literature, describing
non-stationary driving. The vehicle is seen as a system in control theory, i. e. the ve-
hicle can be described as a transfer function. The inputs can be in lateral (step, sinus
or impulse steer) or longitudinal direction (braking or load transfer) or triggered by
external disturbances (crosswind). The outputs describe the vehicle handling proper-
20
ties and are related to the longitudinal, lateral and the yaw motion. Several common
non-stationary evaluation criteria are listed below, based on studies from [25–27].
• A typical objective measure that is widely adopted for vehicle characterisation
is the step steering manoeuvre. Hereby a predefined steering wheel angle is
introduced in the vehicle. The step response of the vehicle is described by the
time delays tR,ψ̇ until 90 % of the final vehicle reaction is reached and tR,ψ̇,max
until the first maximum. Further, the overshoot characteristics are determined
with the step response overshoot ratio P O = ψ̇max/ψ̇stat , see Fig. 3.2. A small
time delay, a low overshoot and a fast decay of the yaw rate response are desirable.
However, these values are conflicting each other [25].
δ0
δ0
2
time in s
ψ̇
PO
tR,ψ̇
tR,ψ̇,max
time in s
Figure 3.2: Step steer input and step response of the yaw velocity including the char-
acteristic parameters [26].
• Another common evaluation criterion is the sinusoidal steering manoeuvre. A

sinusoidal steering wheel input with a fixed amplitude between 0.2 and 2 Hz
is introduced in the vehicle. The frequency response of the vehicle reaction is
described by the yaw rate amplitude ratio and the yaw rate phase shift, see
Fig. 3.3 [26].
• Crolla et.al. [28] assessed vehicle handling criteria employing subjective-objective
correlation. It was found that the frequency response results, i.e. lateral acceler-
ation gain, yaw rate gain, steering gain and steering phase, are highly significant
for the entire vehicle response characteristics over the whole frequency range. It
proves the fact that frequency response should be of greater value for vehicle
21
yaw velocity ψ̇
ψ̇, δsw
ψ̇
δsw
time in s
steering wheel angle δsw

∆t
Figure 3.3: Sinusoidal steering wheel input and yaw velocity response [26].
performance assessment as it is to date. The study also shows the correlation of

roll angle, lateral acceleration and yaw rate.
• Starkey [29] derives yaw rate and side-slip frequency responses with steering
angle input for a highway vehicle. Key finding are that the natural frequency
of a vehicle decreases with increasing vehicle speed. Further, the damping in-
creases for an oversteered vehicle and decreases for an understeered vehicle with
increasing vehicle speed.
• Reichelt [30] conducted a simulator experiment with sudden lane changes to test
transient vehicle behaviour and driver reactions. The results were analysed with
typical parameters for a step response, i.e. peak response time and amplification
factor for yaw rate and lateral acceleration, yaw rate amplitude and the TB-value,
which is the product of yaw rate peak response time and the body slip angle. The
frequency responses are derived as well and typical parameters as the yaw rate
amplification factor, resonance increase and frequency and the equivalent time
delay, which is the reciprocal value of the radian frequency at which the phase
response of the yaw rate reaches −45 ◦ , are analysed. Five parameters were found
to correlate well between the objective measurement and subjective ranking by
the test persons, namely the amplification, peak response time and overshoot
factor of the yaw rate, the TB-value and the equivalent time delay.
• El-Gindy et. al. [27, 31] evaluated the sensitivity of the yaw rate response to
sinusoidal steering input. With increasing speed of the vehicle the yaw rate gain
and the sensitivity of the yaw rate gain increases logarithmically. They conclude
that the location of the centre of gravity has the strongest influence on the yaw
rate gain. One of El-Gindy’s previous studies deal with the vehicle’s directional
response during rapid lane-change manoeuvres. It is pointed out that the delay
response time must be minimised for obtaining better directional response and
22
thus the lateral stiffness of the rear tires must be greater than that of the front
tires [32].
• Braking behaviour is often analysed with the skidpad braking manoeuvre as ap-
plying the brakes during cornering is a major cause for accidents. This criterion
evaluates the lateral course deviation, the size of the yaw angle and the body
slip angle at time t after initial brake input, i. e. the yaw stability [25]. Fig. 3.4
shows the determination of the vehicle characteristics during skidpad braking
according to Equation 3.1, with the initial and actual yaw rate ψ̇0 and ψ̇, the
mean braking deceleration āx , the speed reduction ∆vx , the speed vx and the
turning radius R.
∆vx ψ̇ vx
ax = and = (3.1)
t ψ̇0 Rψ̇0
small deceleration large deceleration
ψ̇ ψ̇
time in s time in s
vx vx
time in s time in s
evaluation time evaluation time
ψ̇
ψ̇0
āx
Figure 3.4: Generation of characteristic values from skidpad braking manoeuvre [25].
• Lane keeping and vehicle stability are evaluated either as the lateral deviation
from the reference course or as the correction effort to regain the planned path.
The latter can be measured with
– Yaw velocity at time t as function of the mean longitudinal acceleration
until t, written as ψ̇(ax ),
– Yaw acceleration at time t as function of the mean longitudinal acceleration
until t, written as ψ̈(ax ) or
23
– Lateral acceleration at time t as function of the mean longitudinal acceler-

ation until t, written as ay (ax ).
• Otto [33] proposes an evaluation criterion for vehicle stability during load change
behaviour. Simulations and experimental tests are conducted for steady-state
cornering manoeuvre with sudden load change reactions. The mean yaw velocity
difference between healthy and faulty vehicle state ∆ψ̇m and the mean yaw
acceleration of the faulty vehicle state ψ̈f,m are taken into account in one criterion
during the evaluation. The deviation of the yaw rate between the vehicle state
before and after the load change as well as the yaw acceleration of the vehicle
after the load change is considered and merged according to Equation 3.2. This
covers both, a short but strong build-up of yaw rate that quickly evens out, and
a constant change in yaw acceleration with changing yaw rate.
∆ψ̇m
Q(tr ) = + ψ̈f,m . (3.2)
tr
• Another evaluation criterion according to Otto [33] is the lane departure time. It
is the time given in seconds that the first wheel takes to leave a given lane after
the load change, see Fig. 3.5. This additional criterion is a measure for comfort
of the vehicle’s lane keeping behaviour. Together with a certain track width, the
lane departure time tld is determined as
tld = min (ti ), (3.3)
where ti is the intersection time between the edge of the lane on either side and
the wheel i, which represents the wheel location from front left to rear right.
time of load curvature

change
lane width
tld in s
Figure 3.5: Evaluation criterion for comfort of a vehicle’s lane keeping behaviour [33].
• Crosswind behaviour is a problematic external disturbance that influences vehicle

directional stability. Juhlin [34] evaluated crosswind on buses using the criteria
lateral displacement, yaw angle deviation and maximum yaw rate. The study
24
analyses the influence of different vehicle parameters on the mentioned evaluation

criteria. In order to see the effects of the parameter changes onto the transient
behaviour, the time delay of the sinusoidal steering input on the peak response
of the yaw velocity is applied.
3.1.3 Choice of evaluation criteria
If a fault occurs, the vehicle state is changing in a non-stationary way. Therefore,

the objective evaluation criteria for the fault classification method are derived from
two of the methods presented in subsection 3.1.2. The time delay and amplification
characteristics of the yaw velocity are crucial measures for the vehicle stability and
behaviour. Here, the evaluation criteria for vehicle stability and the lane departure
time during load change behaviour by Otto [33] are applied in the proposed method.
Not only is the load change manoeuvre similar to an occurring fault, but the criteria
are verified and thresholds are proposed.
The effects are analysed with the parameters yaw motion, lateral deviation and vehicle
deceleration, each standing for one degree of freedom. The yaw motion covers the
rotation around the vertical z-axis of the vehicle, which is the most critical influence
on vehicle dynamic stability. The applied criterion for the yaw motion is called vehicle
stability index Qz and is based on Otto’s vehicle stability criterion [33]. The lateral
deviation covers the offset in y-direction from the planned track and is thus a risk
indicator for potential accidents. The name lane keeping index Qy represents this
aspect and is also based on Otto’s work.
The deceleration of the vehicle copes with the surrounding traffic, i. e. rear-end col-
lisions due to hard braking by a fault are covered. The criterion is called collision
avoidance index Qx . This index is developed for the longitudinal direction based on
the vehicle stability index. Equation 3.4 comprises the mean longitudinal velocity dif-
ference between healthy and faulty vehicle state ∆v̄x as well as the mean longitudinal
acceleration āx,f of the faulty vehicle state. Including both is beneficial as a short and
strong change in longitudinal velocity that quickly evens out and a constant longitudi-
nal acceleration with changing longitudinal velocity is covered. This index is explained
in Fig. 3.6 and expressed as
∆v̄x
Qx (tr ) = + āx,f . (3.4)
tr
A fault is expected to happen suddenly during regular driving. Even if the driver is
focused on driving and not distracted in the best case, an occurring fault is still not
expected. Thus, the driver needs a certain time to react on the fault. Reaction times
as presented in literature are studied in Paper B. For both indices Qz and Qx , the
25
velocity in m/s
af,m
vf,m
∆vm
vh,m
∆tr
tf tr time in s
Figure 3.6: Generation of the collision avoidance index Qx .
reaction time tr = 0.75 s after fault induction and the corresponding time window for
this is given by ∆tr = 0.5 s are chosen.
Other parameters such as roll angle, roll rate and lateral acceleration are analysed
during the development of the fault classification method. A high correlation between
roll motion, lateral acceleration and yaw motion was found as is also stated in [28].
Thus, the existing criterion from Otto is considered to be adequate.
3.2 Fault classification method
The ranking method is developed in two stages. First, all effects on the vehicle are
analysed and ranked separately for all fault groups. In the second step, the fault groups
are merged in a fault classification ranking scheme according to their controllability.
For more details, see Paper B.
3.2.1 Controllability ranking method
All evaluation indices are ranked according to the four controllability classes of ISO
26262. These range from C0 - easy-to-control to C3 - uncontrollable. Table 3.2 shows
the controllability class limitations for each index used in this work.
Each criterion gets a score Q∗z,y,x based on the determined classification class as ap-
pointed in Table 3.3. The fault controllability class Qr is then determined by adding
the three scores together according to
Qr = Q∗z + Q∗y + Q∗x . (3.5)
26
3.3 Classified fault groups
Table 3.2: Controllability class definition of the three indices according to Paper B.
Controllability classes C0 C1 C2 C3
| Qz | in ◦/s2 <2 2 − 3.5 3.5 - 5 >5
| Qy | in s >5 5−3 3-2 <2
| Qx | in m/s 2
< 0.8 0.8 − 2.25 2.25 - 3 >3
The fault controllability class limitations are non-linear. This ensures a higher impact
of a C3 rating, if only one criterion is not controllable. Thus, the fault controllability
class will also be rated with C3 .
Table 3.3: Ranking of the controllability classes of the three indices and the final fault
influence index according to Paper B.
Q∗x,y,z 1 2 3 9
Qr 3 4 5−8 >= 9
The fault group classification is based on steady-state manoeuvres with no or low

to medium lateral accelerations, thus straight line driving and steady-state cornering.
The results of the five electric driveline faults and of mechanical faults with high
probabilities, i. e. puncture and low friction level, and highest impact, i. e. locking
wheel, are found in Paper B. Detailed results from the two previously mentioned fault
groups in Chapter 2 are presented in Figs. 3.7 and 3.8. The colour code for the results
is depicted in Table 3.4.
Fault group FG2, e. g. an inverter shutdown, shows a clear tendency for higher severity
during high velocities, thus in the field-weakening range. Thereby, the vehicle stability
index Qz has the highest influence on the fault classification, see Fig. 3.7. At motorway
speeds, the controllability class reaches C3 for all wheel locations but the third. The
Table 3.4: Colour code for the controllability classes of the indices
Legend color white light gray gray dark gray
27
Fault group FG2 Qz Qy Qx Qr

ay location 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4
speed
50
70
0 90
110
130
50
70
2 90
110
130
50
4 70
90
Figure 3.7: Controllability ranking results of fault group FG2.
collision avoidance index Qx has the least influence with C1 for velocities of 90 km/h or
higher.
Fault group FG9, representing a wheel loss, has a strong impact on the vehicle stability
index Qz during cornering manoeuvres, see Fig. 3.8. At a lateral acceleration of 4 m/s2 ,
the controllability class C3 is reached for all speeds. At a lower lateral acceleration of
2 m/s2 , the controllability class C3 is reached for the inner wheels, however not for the
outer wheels. The front inner wheel loses ground contact during the first 0.2 seconds
as the vehicle needs time to roll and pitch into a new steady position. Thus, tractive
force or lateral force vanishes on the faulty inner wheel. This leads to reduced side
forces on the front axle, i. e. more understeering. In the same way the lateral forces
on the rear axle is reduced, and results in oversteering, i. e. the directional stability of
the vehicle is lost. The high detail of the vehicle model gives a different insight to the
vehicle behaviour due to this specific fault, showing that faulty wheel 3 is the most
critical location for the yaw stability.
The summarised results for all fault groups that are discussed in detail in Paper B are
depicted in Figs. 3.9 and 3.10. The plots show the highest controllability rating Qr of
all locations over the vehicle speed and lateral acceleration respectively.
• Fault group FG2 has a increasing controllability rating from the speed 90 km/h.
The controllability class C3 is reached for motorway speeds.
• Fault group FG9 is stronger influenced by the manoeuvre itself, thus the lateral
acceleration. For straight line driving, the controllability class increases slightly
from C1 at 50 km/h to a medium C2 at motorway speeds.
28
Fault group FG9 Qz Qy Qx Qr

ay location 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4
speed
50
70
0 90
110
130
50
70
2 90
110
130
50
4 70
90
Figure 3.8: Controllability ranking results of fault group FG9.
• Fault groups FG10, FG11 and FG13 are uncritical since the classes C0 and C1
prevail over all speeds and lateral accelerations.
• Fault group FG12, which applies a high brake force on one or more wheels, has
a constant critical C3 class for all manoeuvres and speeds.
• Fault group FG14 is only uncritical during straight line driving. This fault group
is returning the steering wheel angle to zero.
• Fault group FG15 is constantly at the controllability class C3 . An increase of
ride height deteriorates the stability of the vehicle, especially if the fault acts on
the rear axle or on all four wheels.
• Fault group FG16 has a correlation with the vehicle speed. Secondly, an incline
with higher lateral acceleration is also noticeable. Straight line driving is ranging
from C0 to C2 . Medium lateral acceleration of 2 m/s2 is between classes C1 and C2 .
The controllability class C2 to C3 is reached for the higher lateral acceleration
of 4 m/s2 .
• Fault group FG17 is constantly inside the critical class C3 , except for the lower
speeds during straight line driving. This fault group limits the lateral force
transfer of the faulty wheel. If appearing on the rear axle, it has a strong influence
on the directional stability of the vehicle.
• Fault groups FG18 and FG20 are uncritical, whereas a correlation with the speed
is visible for both. For higher lateral accelerations, fault group FG20 is shifting
to controllability class C2 .
29
0 m/s2 2 m/s2 4 m/s2
C3 9
10
11
12
13
C2 14
C1
C0
50 70 90 110 130 50 70 90 110 130 50 70 90
speed in km/h speed in km/h speed in km/h
Figure 3.9: Controllability ratings of the selected faults for three studied lateral accel-
erations.
0 m/s2 2 m/s2 4 m/s2
15
C3 16
17
18
19
C2 20
C1
C0
50 70 90 110 130 50 70 90 110 130 50 70 90
speed in km/h speed in km/h speed in km/h
Figure 3.10: Controllability ratings of the selected faults for three studied lateral ac-
celerations.
30
• Fault group FG19 correlates with the speed and is highly sensitive towards an
increase in lateral acceleration. At the high lateral acceleration of 4 m/s2 , this
fault group reaches the controllability class C3 . Medium lateral acceleration
shows a strong increase of the influence of the fault with speed increase.
In this Chapter, objective evaluation criteria for vehicle dynamics were presented. The
adapted criteria are then used to evaluate the simulation results of the different fault
groups. Information about the influence of each fault group on a faulty vehicle is
valuable for the design of control strategies that can handle faults. In the following
chapter these strategies are presented and analysed for an exemplified fault group.
31
32
4 Fault handling
This chapter will give a short introduction about fault-tolerant control systems. A
study that applies one of these control methods is presented and results are discussed.
4.1 Fault-tolerant control systems
When designing fault-tolerant control (FTC) systems, a fault-tolerant mindset is ben-

eficial. The questions what can go wrong and how could it go wrong? should be asked.
Fault tolerance is the ability of a system to continue to perform a required function in
the presence of faults. FTC systems preserve normal or degraded operation of a system
in case of a fault. It prevents a fault from causing a failure at the system level [35], i. e.
component failures can be accommodated automatically, and thus improving reliability
and availability at a desirable performance.
The structure of fault-tolerant control systems is depicted in Fig. 4.1. On the execution
level it represents an usual feedback controller and the system. Most of the closed-
loop control activities is taking place on this level, including adjustment to external
disturbances d, such as noise. This level is extended by a supervisory level for FTC and
f
Controller
FDI
re-design Supervision
level
Execution
f d
level
yref
u y
Controller System
Figure 4.1: Architecture of a fault-tolerant control system according to [35].
includes two stages. The first stage is the constant surveillance of the system’s health
in the fault detection and isolation (FDI). Hereby, the system is analysed constantly
to detect and isolate a fault as fast and precise as possible. The second stage is only
33
4 Fault handling
active in the case a fault occurs and is identified by the FDI. If the controller re-design
is triggered by the FDI, it adjusts the feedback controller to the new situation with
fault. The main control loop acts independently, once the controller is reconfigured
and is adapted to the fault. The fault-tolerance is induced into the execution level by
the means of the supervision level [35].
4.1.1 Fault detection and isolation
Fault detection and isolation subsumes the detection, diagnosis, isolation, identification
and estimation of a fault. Often, it is found under various names in literature, and
therefore a short definition of terms follows.
• Fault detection determines whether or not a fault has occurred and then, at what
time. The types of fault detection are either signal- or model-based. Signal-based
methods postprocess the output of a system to find abnormal behaviour. Model-
based methods compare the original system with an internal system model to
find if differences occur.
• Fault isolation finds the component where a fault did occur. The location of the
fault is determined.
• Fault identification determines how strong the fault is. Type, size, time-variant
behaviour and other characteristic values of the fault are found with analytic or
heuristic methods.
Fault detection and isolation is a vast research field itself and is not considered in
this thesis. The knowledge of the fault is here assumed to be instantly available when
a fault occurs instead. Recommendations for further information on FDI are found
in [7, 35, 36].
4.1.2 Active and passive fault-tolerant control
FTC is divided into two different types - passive and active. The passive fault-tolerant
control strategies have a fixed controller design and react only to a predefined set
of faults. Often also referred to as Robust Control, these strategies are designed
with respect to robustness and adaptability to disturbances and certain faults. It
is represented by only the execution level of the FTC structure in Fig. 4.1. FDI
or controller re-design is not needed for this approach; however this limits the fault-
tolerant capabilities [37, 38].
Active FTC strategies have a reconfigurable controller design, and work with a broader
set of faults. Two types of active FTC strategies are distinguished - one with predefined
control laws for reconfiguration and one that is synthesizing new control laws online.
Consistent transient and steady-state performance for the controlled system in normal
34
4.2 Applied fault-tolerant control method
operation and under fault condition shall be achieved by active FTC. A crucial aspect
is the fast shifting of the controller between normal and faulty operation. Active FTC
requires FDI to provide the fault information before reconfiguration can be initiated
[35, 37].
4.2 Applied fault-tolerant control method
The general goal of fault-tolerant control in road vehicles is to handle faults acting
on the vehicle behaviour that endanger the vehicle directional stability. Various dif-
ferent control methods can be applied for active FTC strategies. In Paper C, two
control strategies for fault handling, which are based on control allocation method,
are proposed, analysed and compared.
Control allocation is a method that solves a mathematically under-determined prob-
lem. This occurs as soon as the number of controllable actuators is higher than the
number of degrees of freedom, i. e. as it is in case of an over-actuated vehicle. The
forces of the vehicle are distributed to the tyre forces as shown in Fig. 4.2. The first
algorithm to solve for the given objectives is a least square optimisation approach.
This approach needs however high computing power and is therefore not capable for
real-time applications. The second control allocation method tackles this issue by
solving an approximate analytical solution to work in a real-time environment. A
simplified approach is utilised based on the Moore-Penrose pseudo-inverse approach.
The analysis presented in Paper C investigates to which extent the second approach
is applicable even though it is no optimisation, i. e. a correctly feasible solution is not
always guaranteed.
fx1 fx2
fy1 fy2
Fx
Mz
Fy control allocation
fx3 fx4
fy3 fy4
Figure 4.2: Principle of control allocation for road vehicles.
35
4 Fault handling
4.3 Results
Paper C studies an electric vehicle with four electrical in-wheel motors that experiences
an inverter shutdown, thus fault group FG2. The two presented control allocation ap-
proaches are compared to two reference vehicles. The reference vehicle with a simple
Electronic Stability Control system (ESC) shows an improvement compared to the un-
controlled vehicle. The vehicle without any controller visualises the maximum lateral
devation. The study is conducted with the same vehicle parameters as in the fault
classification study. The driving scenario is a typical high speed steady-state cornering
manoeuvre with a vehicle speed of vx = 120 km/h and a turning radius of R = 225 m.
The driver parameters are fixed during the manoeuvre, i. e. the steering wheel angle,
calculated from the turning radius, and the vehicle speed are constant reference values
during the simulation.
The deviations from the fault-free reference path is shown in Fig. 4.3 for each control
strategy. The fault is induced at t = 1 s. The optimised control allocation strategy
shows the least deviation from the fault-free path. The results of the simplified control
strategy reach almost the same quality in maintaining the trajectory. For the reference
ESC controller, the deviation is about 4 m at 4 s after the fault induction, while the
uncontrolled vehicle deviates as much as 6 m.
1
10
Deviation from reference path in m
0
10
−1
10
−2
10
OFA
−3
10 SFA
ESC
No CTRL
−4
10
0 1 2 3 4 5
t in s
Figure 4.3: Overall deviations from the reference path during steady-state cornering
for different control strategies – OCA (optimal control allocation); SCA
(simple control allocation); ESC (electronic stability control); No CTRL
(uncontrolled vehicle).
The selected manoeuvre does not reach the actuator limitations. The vehicle motions
for all control strategies are shown in Fig. 4.4. The control allocation strategies show
36
4.3 Results
lateral acceleration yaw rate

8
7 0.25
ψ in rad/s
a in m/s2
6 0.2
d
y
5 0.15
4 0.1
0 1 2 3 4 5 0 1 2 3 4 5
longitudinal velocity lateral velocity

34 0
33
−1
vx in m/s
vy in m/s
OCA
32
SCA
31 ESC −2
No CTRL
30
No fault
−3
29
0 1 2 3 4 5 0 1 2 3 4 5
t in s
Figure 4.4: Vehicle responses with fault induction at t = 1 s.
Table 4.1: Controllability classes of all indices for the analysed vehicle control strategies
Fault group Qz Qy Qx Qf
OCA 1 1 1 3
SCA 1 1 1 3
ESC 3 2 1 6
No CTRL 9 3 1 13
only little devation from the fault-free vehicle motions. The ESC controlled vehicle
shows also a clear improvement over the uncontrolled vehicle. However, the lateral
devation is higher compared to both control allocation approaches as no additional
driving torque can be applied to the wheels. Fig. 4.4 shows the characteristic yaw rate
fluctuations of the ESC system due to the pulsating brake intervention. This leads to a
substantial reduction in vehicle speed and thus increases the risk of rear-end collisions.
The application of the developed fault classification method confirms the potential of
the control allocation strategies as seen in Table 4.1.
Reducing the turning radius brings the vehicle closer to its vehicle stability boundaries.
For the driveline setup used in this study this means also that the actuator limitations
are reached. The desired torque allocated to the actuator and the actual torque at
the wheel are shown in Fig. 4.5 for each wheel and both control allocation strategies.
Allocated and actual torques correlate well for the OCA strategy, while the SCA
37
4 Fault handling
allocated wheel torques for OCA allocated wheel torques for SCA
600 600
Tref in Nm 400 400
Tref in Nm
200 200
w
w
0 0
4 5 6 7 8 9 4 5 6 7 8 9
t in s
actual wheel torques for OCA actual wheel torques for SCA
600 600
400 400
Tact in Nm
Tact in Nm
200 200
w
w
0 0
4 5 6 7 8 9 4 5 6 7 8 9
t in s t in s
Figure 4.5: Allocated and actual torque characteristics for wheel 1 (dotted), 2 (dashed),
3 (solid) and 4 (dash-dotted) with actuator limitation at 370 Nm.
1
10
Deviation from reference path in m
0
10
−1
10
−2
10
−3
OCA
10 SCA
ESC
No CTRL
−4
10
0 1 2 3 4 5
t in s
Figure 4.6: Overall deviations from the reference path during steady-state cornering
for different control strategies exceeding the actuator limits – OCA (opti-
mal control allocation); SCA (simple control allocation); ESC (electronic
stability control); No CTRL (uncontrolled vehicle).
38
4.3 Results
Table 4.2: Controllability classes of all indices for the analysed vehicle control strategies
(reduced turning radius)
Fault group Qz Qy Qx Qf
OCA 1 1 1 3
SCA 1 2 1 4
ESC 9 2 1 12
No CTRL 9 3 1 13
strategy does not. The latter strategy cannot work with constraints and thus produces
only good results inside the actuator limits of the vehicle. Fig. 4.6 shows the deviations
of the second manoeuvre, which makes the vehicle to reach a situation that exceeds
the actuator limitations. The SCA strategy shows an inferior result than before, closer
to the result of the ESC strategy. For the manoeuvre with reduced turning radius, the
fault classification method shows the degradation of the simplified control allocation
strategy as seen in Table 4.2.
This chapter has successfully demonstrated the potential of control allocation approach
applied for fault handling. It is a suitable control strategy that can switch instantly
between different control algorithms when a fault occurs and knowledge about the fault
is available. For the simplified and the optimised control allocation, the trajectory of
the faulty vehicle is almost identical with the path of the healthy vehicle. Only when
reaching the actuator limitations, the results of the simplified approach deteriorates
from the healthy solution. Nevertheless, it outperforms a typical ESC strategy that is
commonly used in today’s road vehicles.
39
4 Fault handling
40
5 Summary of appended papers
5.1 Fault-tolerant vehicle design (Paper A)
This paper presents an extended overview of the inter-disciplinary research domain

fault-tolerant systems, with focus on aspects related to the automotive area. The
main target is to ensure the vehicle’s operation even though a fault occurs and leads
to a component or subsystem failure. The vehicle system is fault-tolerant, if the nor-
mal operation or at least a degraded state of operation can be maintained, enabling
the driver to stop the vehicle safely. Fault-tolerant design premises such as types
of redundancy, levels of degradation and the main aspects of a fault-tolerant design
process are discussed. At first the question why a fault-tolerant system has to be con-
sidered in future vehicles is answered. Recent and prospective development of vehicle
motion control with integrated chassis control and passive and active fault-tolerant
control are highlighted. A short excurse to fault detection and diagnosis methods
is made. Together with the emerging fault-tolerant control, the automotive network
systems will change to ensure fault-tolerant communication between different subsys-
tems, components and controllers. Network architectures, communication protocols
and network topologies will be adapted to comply with the electrified automotive sys-
tems. The role of functional safety standards and regulations to enable fault-tolerant
vehicle design concludes the survey. Fault-tolerant vehicle design is concluded to be a
viable approach to cope with the increasing electrification of road vehicles and enable
a dependable system, thus maintain or even increase vehicle safety.
5.2 Fault classification method (Paper B)
In this article, a method for fault classification is proposed. The classification is based
on the functional safety standard ISO 26262, and applies its controllability levels to
classify the influence of a fault on the vehicle dynamic stability. A broad spectrum
of faults is collected and their effects on the vehicle dynamic stability are analysed.
Focus is set on typical faults in an electric drive train. Faults in mechanical, hydraulic
or control systems are also taken into account. The results show the controllability for
these faults depending on the fault location on the vehicle as well as the travelling speed
and lateral acceleration. The controllability level for each simulation result indicates
the potential risk for vehicle safety. Faults that can become dangerous situations
occur mainly at higher velocities. A few faults however show high impact on the
41
5 Summary of appended papers
vehicle stability at lower speeds, thus a clear trend for all faults cannot be derived
and depends on the specific failure. The proposed method has shown to be a generic
classification tool for any kind of fault that influences vehicle stability.
5.3 Fault-tolerant control strategies (Paper C)
In order to be able to handle faults that influence vehicle directional stability, vehicle
control strategies have to be applied. The paper proposes and analyses two fault han-
dling strategies and compares and evaluates them to the regular Electronic Stability
Control algorithm. An electric vehicle with four in-wheel motors is simulated in a high
speed steady-state cornering manoeuvre. Both strategies are based on control alloca-
tion methods. The first strategy is a non-linear optimisation. The second strategy is
based on the pseudo-inverse control allocation, which has an analytical solution. The
former assumes constant knowledge of the tyre force constraints; however it cannot
be calculated online like the latter. The faults in consideration are electrical faults
that can arise in in-wheel motors of permanent-magnet type. Both control allocation
methods result in an improved re-allocation after the fault is induced and thus results
in an improved state trajectory recovery. Additionally, it is compared to a vehicle
with no active control, showing the highest deviation of all analysed control strategies.
Through these fault-tolerant control strategies it is shown that it is possible to get a
safer vehicle behaviour, even in the case of a fault.
42
6 Scientific contribution
This chapter lists the main scientific contributions of the thesis and its appended
papers:
1. A broad failure mode and effect analysis for an electric vehicle with in-wheel
motors is presented. The focus is on the electric driveline with a newly designed
permanent magnet synchronous machine purposely developed for automotive
in-wheel applications.
2. Faults with similar effects on the vehicle directional stability have been grouped
in fault groups, using the developed methodology.
3. Fault models applicable for vehicle dynamic simulations have been derived to be
able to analyse their effects on the vehicle stability.
4. A fault classification method is developed to determine the influence of a fault on
the vehicle, compromising traffic safety. Three indices are developed to cover and
detect all possible vehicle responses, namely vehicle stability index, lane keeping
index and collision avoidance index. The controllability of all three indices is
classified according to ISO 26262 and merged in a final fault influence index.
5. Two control strategies are proposed in order to compensate for faults. Both
fault handling strategies, which are based on the control allocation method, are
implemented, analysed and compared for a specific electric vehicle and its faults.
Two manoeuvres were tested, where one of them reaches the actuator limitations.
The optimal control algorithm can handle the fault for both manoeuvres without
deteriorating vehicle stability. The simplified control allaction approach performs
as well as long as the actuator limits are not reached. Under real-time conditions,
only the simplified method is fast enough to produce applicable results.
43
6 Scientific contribution
44
7 Conclusions and recommendations for future work
7.1 Conclusions
The work presented in this thesis is aimed to improve the vehicle safety of electric
and hybrid electric vehicles. The implementation of new electric driveline systems can
lead to unforseen failures, resulting in unpredictable vehicle behaviour and threathen
passengers and other traffic participants. These potential failures have been analysed
and classified in a systematic approach regarding their consequences on the dynamic
behaviour of the vehicle. Strategies to compensate for the failures are developed,
enabling the vehicle to come to a safe stop.
In this work, a fault classification method is suggested to classify failures according
to their influence on the dynamic behaviour of the vehicle. This method is based on
the ISO 26262 functional safety standard and is developed in a way that the overall
influence of the fault on the vehicle is classified. Additionally, the longitudinal, lateral
and yaw motion are classified independently of each other. A broad failure mode and
effect analysis has been conducted for a vehicle propelled by an electric driveline. It is
shown that typical faults that have been non-existent in regular vehicles can influence
the new generation of electric vehicles. The generic nature of this fault classification
method is suitable for various vehicles types and drivelines as well as other than the
analysed faults and user-defined boundary conditions. Findings have been presented
that a general statement about correlation between vehicle states and influence of a
fault cannot be made, rather that each fault has to be analysed separately.
Fault handling strategies to accommodate the faults are shown to be effective for en-
hanced vehicle safety. With an optimised and a simplified control allocation approach,
two reconfiguration strategies to handle faults in vehicles are analysed. Both can ac-
commodate certain faults in the same way and maintain the original trajectory as long
as the actuator limitations are not exceeded. If the limit on one of the actuators is
reached, the simplified approach will deviate from the trajectory while the optimised
approach will deliver reasonable results further on. The implementation into vehicles
is however only given for the simplified approach due to computational restrictions.
Further, an overview of aspects for dependable and fault-tolerant vehicles has been
presented in an holistic approach. Different areas in which the fault-tolerent topic
is well-established are examined in order to point how a harmonised level of fault-
tolerance can be achieved in vehicle design. Passive and active fault-tolerant control are
new approaches to the automotive field indicating high potential to realise dependable
individual transportation.
45
7 Conclusions and recommendations for future work
7.2 Recommendations for future work
The proposed improvements for vehicle safety of electric vehicles should be further
investigated. There is a need to validate the presented fault classification method
with experiments, such as a moving-base driving simulator or a full-size experimental
vehicle. The generic character of this method could be improved by analysing the
impact of one failure mode on different types of vehicles. The influence of vehicle
parameters during a fault should be identified in a parameter study.
The driver is not considered in this work. Therefore, experimental studies that include
a set of drivers during the occurrence of a fault are recommended to be conducted. The
reactions of these drivers should be analysed and aspects to which extent a driver can
handle a fault should be investigated. This knowledge about the driver is critical when
a control strategy is designed.
The analysed fault handling strategies show promising results and encurage for future
research in this area including vehicle validation. The latter could be conducted in
a prototype vehicle for the analysis of fault handling. Different active and passive
fault-tolerant control strategies that are applicable for real-time applications should
be investigated and compared to each other. Further on, complete knowledge about
the appearance of the fault is assumed in this work. Therefore, the implementation of
a fault detection and isolation system is recommended.
46
Bibliography
[1] T. Franke, I. Neumann, F. Bühler, P. Cocron, and J. Krems, “Experiencing range

in an electric vehicle - understanding psychological barriers,” Applied Psychology,
vol. 61, no. 3, pp. 368–391, 2012.
[2] W. Bernhart and M. Valentine-Urbschat, “Powertrain 2020 - the future drives
electric,” Roland Berger, Tech. Rep., 2009.
[3] M. Jonasson, “Exploiting individual wheel actuators to enhance vehicle dynamics
and safety in electric vehicles,” Doctoral Thesis, KTH Royal Institute of Technol-
ogy, Stockholm, Sweden, 2009.
[4] ADAC e.V. (2008–2013) ADAC Pannenstatistik 2008–2013. 2013-01-17. [Online].
Available: http://www.adac.de/
[5] European Union Road Federation, “European road statistics 2011,” European
Union Road Federation, Tech. Rep., 2011.
[6] International Standard ISO/DIS 26262 - Road vehicles–Functional safety, Inter-
national Organization for Standardization (ISO) Std.
[7] R. Isermann, Fault-diagnosis systems: an introduction from fault detection to fault
tolerance. Springer Verlag, 2006.
[8] B. Parhami, “Defect, fault, error,..., or failure?” IEEE Trans. Rel., vol. 46, no. 4,
pp. 450–451, 1997.
[9] B. Hanmer, Patterns for fault-tolerant software. Wiley, 2007.
[10] S. Anwar, Ed., Fault Tolerant Drive By Wire Systems: Impact on Vehicle Safety
and Reliability. Bentham eBooks, 2012.
[11] NHTSA, “National motor vehicle crash causation survey, report to congress,”
National Highway Traffic Safety Administration, Tech. Rep., 2008.
[12] N.N. (2011) Unfallursachen. Destatis - Federal Statistical Office Germany.
[Online]. Available: http://www.destatis.de/
[13] A. C. Wagenaar, R. G. Maybee, and K. P. Sullivan, “Mandatory seat belt laws in
eight states: A time-series evaluation,” Journal of Safety Research, vol. 19, no. 2,
pp. 51–70, 1988.
[14] A. Harvey and J. Durbin, “The effects of seat belt legislation on british road
casualties: A case study in structural time series modelling,” Journal of the Royal
Statistical Society. Series A (General), vol. 149, no. 3, pp. 187–227, 1986.
47
Bibliography
[15] A. Erke, “Effects of electronic stability control on accidents: A review of empirical

evidence,” Accident Analysis & Prevention, vol. 40, no. 1, pp. 167–173, 2008.
[16] E. Verhoef, “External effects and social costs of road transport,” Transportation
Research Part A: Policy and Practice, vol. 28, no. 4, pp. 273–287, 1994.
[17] O. Thorsen and M. Dalva, “A survey of faults on induction motors in offshore oil
industry, petrochemical industry, gas terminals, and oil refineries,” IEEE Trans.
Ind. Applicat., vol. 31, no. 5, pp. 1186–1196, 1995.
[18] J. Bennett, G. Atkinson, B. Mecrow, and D. Atkinson, “Fault-tolerant design con-
siderations and control strategies for aerospace drives,” IEEE Trans. Ind. Elec-
tron., vol. 59, no. 5, pp. 2049–2058, 2012.
[19] R. Klug and A. Mertens, “Reliability of megawatt drive concepts,” in Proc. IEEE
Int. Industrial Technology Conf., 2003, pp. 636–641.
[20] K. Doishita, M. Hashiwaki, T. Aoki, Y. Kawagoe, and N. Murakami, “Highly
reliable uninterruptible power supply using a bi-directional converter,” in Proc.
IEEE Int. Telecommunication Energy Conf., 1999, paper 11-3.
[21] D. Kastha and B. Bose, “Investigation of fault modes of voltage-fed inverter sys-
tem for induction motor drive,” IEEE Trans. Ind. Applicat., vol. 30, no. 4, pp.
1028–1038, 1994.
[22] S. Yang, A. Bryant, P. Mawby, D. Xiang, L. Ran, and P. Tavner, “An industry-
based survey of reliability in power electronic converters,” in Proc. IEEE Energy
Conversion Congress and Exposition, 2009.
[23] E. Dubrova, Fault-Tolerant Design. Springer Verlag, 2013.
[24] Y. Liao, “Analysis of fault conditions in permanent-magnet in-wheel motors,”
Master’s thesis, KTH Royal Institute of Technology, 2011.
[25] B. Heissing and M. Ersoy, Chassis Handbook, B. Heissing and M. Ersoy, Eds.
Vieweg and Teubner, 2010.
[26] K. Rompe and B. Heissing, Objektive Testverfahren für die Fahreigenschaften von
Kraftfahrzeugen. Verlag TÜV Rheinland, 1984.
[27] P. Uys, P. Els, and M. Thoresson, “Criteria for handling measurement,” Journal
of Terramechanics, vol. 43, no. 1, pp. 43–67, 2006.
[28] D. Crolla, D. Chen, J. Whitehead, and C. Alstead, “Vehicle handling assessment
using a combined subjective-objective approach,” in SAE Transactions, 1998, pa-
per 980226.
[29] J. Starkey, “The effects of vehicle design parameters on handling frequency re-
sponse characteristics,” Vehicle Design, vol. 14, no. 5/6, pp. 497–510, 1993.
48
Bibliography
[30] W. Reichelt, “Correlation analysis of open/closed loop data for objective as-
sessment of handling characteristics of cars,” in SAE Transactions, 1991, paper
910238.
[31] M. El-Gindy and E. Mikulcik, “Sensitivity of a vehicle’s yaw rate response: appli-
cation to a three-axle truck,” Vehicle Design, vol. 14, no. 4, pp. 325–352, 1993.
[32] M. El-Gindy and L. Ilosvai, “Computer simulation study on a vehicle’s directional
response in some severe manoeuvres. part 1: rapid lane-change manoeuvres,” Ve-
hicle Design, vol. 4, no. 4, pp. 386–401, 1983.
[33] H. Otto, “Lastwechselreaktion von pkw bei kurvenfahrt,” Ph.D. dissertation, TU
Braunschweig, 1987.
[34] M. Juhlin and P. Eriksson, “A vehicle parameter study on crosswind sensitivity
of buses,” in SAE Transactions. Society of Automotive Engineers, 2004, paper
2004-01-2612.
[35] M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki, Eds., Diagnosis and
fault-tolerant control. Springer Verlag, 2006.
[36] J. Gertler, Fault detection and diagnosis in engineering systems. Marcel Dekker
Inc, 1998.
[37] Y. Zhang and J. Jiang, “Bibliographical review on reconfigurable fault-tolerant
control systems,” Annual Reviews in Control, vol. 32, no. 2, pp. 229–252, 2008.
[38] T. Steffen, Control reconfiguration of dynamical systems: linear approaches and
structural tests. Springer Verlag, 2005.
49
Bibliography
50
Nomenclature
Notation
Parameter Unit Description

ax m/s2 Vehicle longitudinal acceleration at the center of gravity (CG).
āx,f m/s2 Mean longitudinal acceleration of the faulty vehicle state
ay m/s2 Lateral acceleration of the vehicle
az m/s2 Vertical acceleration of the vehicle
cs,i N/s Damping coefficient on the i-th wheel
fx,i N Longitudinal tyre force on the i-th wheel
fy,i N Lateral tyre force on the i-th wheel
i Transmission ratio
ks,i N/m Spring coefficient on the i-th wheel
nn,max rpm Maximum speed
nr rpm Rated speed
ri m Inner radius of electric machine
ro m Outer radius of electric machine
scd m Lateral deviation from reference course
t s Time
tld s Lane departure time
tr s Reaction time
tR,ψ̇ s Time delay of yaw rate
tR,ψ̇,max s Time delay of yaw rate maximum
udc V DC-voltage
vx km/h Longitudinal velocity of the vehicle
vy km/h Lateral velocity of the vehicle
zw m Vertical wheel travel
Ci Controllability class1 with i = 0, 1, 2, 3
Cx N/rad Longitudinal tyre stiffness
Cy N/rad Lateral tyre stiffness
Fx N Longitudinal vehicle force at the center of gravity
Fy N Lateral vehicle force at the center of gravity
Kc Correction factor of fault torque
K|T | Nm Mean value of fault torque
1 According to ISO 26262.
51
Nomenclature
KT Nm Amplitude of fault torque

Mz N Vehicle yaw torque at the center of gravity
PO Step response overshot ratio
Qx m/s2 Collision avoidance index
Qy t Lane keeping index
Qz ◦/s2 Vehicle stability index
Q∗i Fault classification with respective index i = x, y, z
Qf Fault influence index
R m Turning radius
Tdes Nm Desired torque
TF Nm Fault torque
Tn,max Nm Torque at maximum speed
Tr Nm Rated torque
X m Longitudinal position
Y m Lateral position
β ◦ Body slip angle
δ ◦ Steering angle
δ̇ ◦/s Steering velocity
θ ◦ Pitch angle
θ̇ ◦/s Pitch velocity
θ̈ ◦/s2 Pitch acceleration
λµx Scaling factor for the longitudinal peak friction coefficient
λµy Scaling factor for the lateral peak friction coefficient
λKxκ Scaling factor for brake slip
λKyα Scaling factor for cornering stiffness
µ Friction coefficient
φ ◦ Roll angle
φ̇ ◦/s Roll velocity
φ̈ ◦/s2 Roll acceleration
ψ ◦ Yaw angle
ψ̇ ◦/s Yaw velocity
ψ̇0 ◦/s Initial yaw velocity
ψ̇m ◦/s Mean yaw velocity between healthy and faulty vehicle state
ψ̇max ◦/s Maximum yaw velocity after step function input
ψ̇stat ◦/s Static yaw velocity after step function input
ψ̈ ◦/s2 Yaw acceleration
ψ̈f,m ◦/s2 Mean yaw acceleration of faulty vehicle state
∆ Any difference
52
List of abbreviations
ABS Anti-lock Braking System

AC Alternating Current
ADAC German Automobile Club
DC Direct Current
CTRL Controlled
E/E Electric and Electronic
EPS Electronic Power Steering
ESC Electronic Stability Control
EU-15 European Union of 15 member states
EV Electric Vehicle
FDI Fault Detection and Isolation
FG Fault Group
FTC Fault-Tolerant Control
ICE Internal Combustion Engine
ISO International Organization for Standardization
NHTSA National Highway Traffic Safety Administration
OCA Optimal Control Allocation
PMSM Permanent Magnet Synchronous Machine
SCA Simplified Control Allocation
53
Nomenclature
54
Appended Papers

Faults and Their Influence On The Dynamic Behaviour of Electric Vehicles

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Faults and Their Influence On The Dynamic Behaviour of Electric Vehicles

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Faults and Their Influence On The Dynamic Behaviour of Electric Vehicles

Uploaded by

Copyright:

Available Formats

Faults and their influence on the dynamic

behaviour of electric vehicles

Licentiate Thesis in Vehicle Engineering

Postal address Visiting address Telephone Internet

Faults and their influence on the dynamic behaviour of electric vehicles

c 2013, Daniel Wanner

Contribution of authors: Wanner designed the scenario, performed the simulations,

5 Summary of appended papers 41

7 Conclusions and recommendations for future work 45

B Fault classification method for driving safety of electrified vehicles 73

C Fault-tolerant control of electric vehicles with in-wheel motors through 91

1.2 Research scope

• Fault handling control strategies

1.3 Thesis layout

A fault inside a component or a subsystem of a vehicle can lead to a vehicle failure

An error is the discrepancy between a computed, observed or measured value or condi-

A failure is a termination of the ability of an element, to perform a function as required.

A malfunction is an intermittent irregularity in the fulfilment of a system’s desired

2.2 Fault types and statistics

Table 2.1: Different types of faults [7].

Reliability of passenger cars

Figure 2.1: Vehicle breakdown statistics in Germany during 2012 [4].

Reliability of electric driveline components

In the literature, no study on components specifically for electric drivelines of road

Mechanical failure: 2.2 · 10−6

Motor winding failure: 1.4 · 10−8

Controller failure: 8.6 · 10−5

Power supply failure: 5.4 · 10−5

Command signal failure: 1.3 · 10−5

Figure 2.2: Probability of failures in aircraft design [18].

2.3 Fault collection and grouping

Table 2.3 – continued from previous page.

Table 2.3 – continued from previous page.

Table 2.4: Two examples of fault collection and grouping.

Fault group: FG9

2.4 Fault group modelling

are based on a simulation model of an electric driveline with a synchronous machine

TF (t) = KT (ω) − K|T | (ω)sin(Kc (ω)πt) (2.1)

The fault classification method is developed to indicate the severity of a fault in a

Figure 3.1: General scheme of fault classification.

3.1 Objective evaluation criteria

3.1.1 Stationary evaluation

3.1.2 Non-stationary evaluation

• Another common evaluation criterion is the sinusoidal steering manoeuvre. A

steering wheel angle δsw

performance assessment as it is to date. The study also shows the correlation of

small deceleration large deceleration

– Lateral acceleration at time t as function of the mean longitudinal acceler-

tld = min (ti ), (3.3)

time of load curvature

• Crosswind behaviour is a problematic external disturbance that influences vehicle

analyses the influence of different vehicle parameters on the mentioned evaluation

3.1.3 Choice of evaluation criteria

If a fault occurs, the vehicle state is changing in a non-stationary way. Therefore,

3.2 Fault classification method

3.2.1 Controllability ranking method

Qr = Q∗z + Q∗y + Q∗x . (3.5)