Model-Based Design (MBD) is a mathematical and visual method of addressing problems associated with designing complex control systems ...

MBD provides an efficient approach for establishing a common framework for communication throughout the design process while supporting the development cycle ...

NASA, NESC
Unintended Acceleration Report

MODEL-BASED DESIGN and SIMULATION in COMBAT ZONES
THIS IS NOT A VIDEO GAME

Elaborate systems that simulate combat in great detail are changing the nature of training and the conduct of war itself.

Indeed, simulation software is even being used in combat [...] In some types of fighting, senior commanders have time to use simulation software to rule out losing strategies before sending orders to commanders on the battlefield.

MBD and simulation provide the ability to get things wrong without loss of life. This represents a profound transformation in the conduct of war.

The Economist
Technology Quarterly: Q1 2012

Home > Solutions > Automotive Systems > The Case for Automative Model-Based Design

The Case for Automotive Model-Based Design

Is modelling optional?

The world is realizing it can and it needs to demand the safe engineering of complex, inter-connected, real-time systems controlling distributed plant – in this case modern automobiles.

The advent of standards for functional safety (ISO 26262) and safety (IEC 61508) and their beginning adoption by OEMs and Tier1s has brought the issue of lack of rigor in the automotive industry, and the use of modelling to remedy this, into sharp relief – guarantee safety at and between plant, ECUs, subsystems and the systems.

Modelling and simulation are the only tools in the toolkit of automotive designers and engineers that can quantify Schwartz and Buechl’s notion of well-engineered – refer extract below:

Safety turns out to be one of the key issues of future automobile development. New functionality not only in the area of driver assistance but also in vehicle dynamics control as well as in active and passive safety systems increasingly touches the domain of safety engineering. With the trend of increasing complexity, software content and mechatronic implementation, potentially there are increasing challenges from systematic faults and random hardware faults.
When is a safety-related E/E-system reasonably well-engineered in order to avoid malfunctions?

In contrast to other industries like aviation, rail or process industry, the topic of functional safety has only started to be discussed in detail a few years ago within the automotive industry.   ,,,,,   In contrast to that, a plane shouldn’t have remaining critical faults already at the very first flight. Nevertheless the development of new safety systems within automotive industry like active safety systems, driver assistance systems and currently the electrification of the powertrain, lead to new functionality, which is mainly based on E/E-systems. Failures in these systems may have also an impact on vehicle safety, as the competence of these systems is growing
2009, Schwartz, J., Daimler AG and Buechl, J., Audi AG. Preparing the Future for Functional Safety of Automotive E/E-Systems.

The reasonably qualification that the authors place on well engineered is absolutely unreasonable when considering hazardous safety critical systems. As in the aerospace industry, such systems must be extremely well engineered and, for particular safety critical subsystems, demonstrated to be failure tolerant. This approach to design is not common in the automotive industry. It requires an exploration of the design space that not only yields, for each design assessed, its quantified level of (i) risk mitigation, (ii) optimality, and (iii) economic cost – where cost is also a proxy for simplicity. These are the basics of safe engineering of any systems, including automotive systems. Simple systems are inherently easier to also make safe systems and require less verification. Sufficient searching of the relatively high-dimensional architecture and design space is only feasible using modelling and simulation.

Comprehensive verification and calibration of an automotive vehicle’s real-time control system, which consists of networked electronic control units (ECUs) executing software to regulate their conjoined plant is fundamental to substantiating a vehicle’s safety, integrity, and efficiency. Building the necessary verification suites to accomplish the required level of verification is done with greater efficiency when the coordinates of the high fidelity specification (mathematical) and operational (proximal physical - structural/behavioural - models that execute software) models within the design space are known. The objective is to extend the Schwartz-Buechl’s rule from aerospace systems to automotive systems: an automotive vehicle employing active safety subsystems that take control of a vehicle in safety critical situations shouldn’t have remaining critical faults already at the very first drive by a customer.

The goal of specification, architecture, optimization, design and verification of modern automotive vehicles should be the simplest, least costly design that achieves the automotive extended Schwarz-Buechl rule. This is only achievable through the model-based design and simulation that uses both high fidelity specification and operational models of control together with high performance simulation to determine a traverse through the design space that yields sufficiently optimal outcomes.

The seriousness of vehicle safety is highlighted by the annual global statistics reported by the World Health Organization (WHO) www.who.int/violence_injury_prevention/road_safety_status/2009/en. In 2009, WHO reported ~1.3 million deaths and 20m-50 million injuries were caused in motor vehicle crashes. With ~50% of deaths due to driver error. In contrast, ~1,100 deaths occurred in 122 commercial aviation crashes with a similar number of injuries.

Further support for model-based design in the development of safe vehicles comes from the 2009, 2010 forensic study of unintended acceleration (UA) initiated by the US National Highway Traffic Safety Administration (NHTSA) that was contracted to the National Aeronautics and Space Administration (NASA) Engineering and Safety Center (NESC). The final report was released by NHTSA in January 2012.

NASA, NESC UA Report – ‘… Model-based design provides an efficient approach for establishing a common framework for communication throughout the design process …’