Critical review and functional safety of a battery management system for large‑scale lithium‑ion battery pack technologies

The battery management system(BMS)is the main safeguard of a battery system for electric propulsion and machine electrifcation.It is tasked to ensure reliable and safe operation of battery cells connected to provide high currents at high voltage levels.In addition to efectively monitoring all the electrical parameters of a battery pack system,such as the voltage,current,and temperature,the BMS is also used to improve the battery performance with proper safety measures within the system.With growing acceptance of lithium-ion batteries,major industry sectors such as the automotive,renewable energy,manufacturing,construction,and even some in the mining industry have brought forward the mass transition from fossil fuel dependency to electric powered machinery and redefned the world of energy storage.Hence,the functional safety considerations,which are those relating to automatic protection,in battery management for battery pack technologies are particularly important to ensure that the overall electrical system,regardless of whether it is for electric transportation or stationary energy storage,is in accordance with high standards of safety,reliability,and quality.If the system or product fails to meet functional and other safety requirements on account of faulty design or a sequence of failure events,then the environment,people,and property could be endangered.This paper analyzed the details of BMS for electric transportation and large-scale energy storage systems,particularly in areas concerned with hazardous environment.The analysis covers the aspect of functional safety that applies to BMS and is in accordance with the relevant industrial standards.A comprehensive evaluation of the components,architecture,risk reduction techniques,and failure mode analysis applicable to BMS operation was also presented.The article further provided recommendations on safety design and performance optimization in relation to the overall BMS integration.

Functional safety verification and performance measurement of train-train communication link

The short-range wireless communication technology has advanced considerably and provides the feasibility of train-train(T2T)communication link in the communication-based train control system.The introduction of the T2T link would reduce the headway and improve operational efficiency.Formal methods are system design techniques that use rigorously specified mathematical models to ensure all behaviors work as expected.And it is exactly the functional safety verification needed.Therefore,to deal with the functional safety verification of the T2T link,an untimed colored petri net model is first constructed.Secondly,the verification process is performed.Conclusions can be drawn from the state space report and the computation tree logic queries.Lastly,the model is parameterized,and then data log files are obtained for further performance measurement.Results show that the proposed criteria are satisfied and there are no defects in the basic design requirements.The transmission delay has considered the reconnection,transmission errors and the interruption.The probability of the delay lower than 150 ms accounts for 98.106%,which meets the specification and the previous field test.

A Survey on an Emerging Safety Challenge for Autonomous Vehicles:Safety of the Intended Functionality

As the complexity of autonomous vehicles(AVs)continues to increase and artificial intelligence algorithms are becoming increasingly ubiquitous,a novel safety concern known as the safety of the intended functionality(SOTIF)has emerged,presenting significant challenges to the widespread deployment of AVs.SOTIF focuses on issues arising from the functional insufficiencies of the AVs’intended functionality or its implementation,apart from conventional safety considerations.From the systems engineering standpoint,this study offers a comprehensive exploration of the SOTIF landscape by reviewing academic research,practical activities,challenges,and perspectives across the development,verification,validation,and operation phases.Academic research encompasses system-level SOTIF studies and algorithm-related SOTIF issues and solutions.Moreover,it encapsulates practical SOTIF activities undertaken by corporations,government entities,and academic institutions spanning international and Chinese contexts,focusing on the overarching methodologies and practices in different phases.Finally,the paper presents future challenges and outlook pertaining to the development,verification,validation,and operation phases,motivating stakeholders to address the remaining obstacles and challenges.

Problems and solutions regarding generalized functional safety in cyberspace

The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical system(CPS),functional safety and cyber security are increasingly intertwined and inseparable,which evolve into the generalized functional safety(S&S)problem.The conventional reliability and cybersecurity technologies are unable to provide security assurance with quanti able design and veri cation metrics in response to the cyberattacks in hardware and software with common endogenous security problems,and the functional safety of CPS facilities or device has become a frightening ghost.The dynamic heterogeneity redundancy(DHR)architecture and coding channel theory(CCT)proposed by the cyberspace endogenous security paradigm could handle random failures and uncertain network attacks in an integrated manner,and its generalized robust control mechanism can solve the universal problem of quantitative design for functional safety under probability or improbability perturbation.As a generalized functional safety enabling structure,DHR opens up a new direction to solve the common endogenous security problems in the cross-disciplinary elds of cyberspace.

Safety Performance Functions for Traffic Signals:Phasing and Geometry

A significant proportion of urban crashes,especially serious and fatal crashes,occur at traffic signals.Many of the black-spots in both Australia and New Zealand cities occur at high volume and/or high-speed traffic signals.Given this,crash reduction studies often focus on the major signalised intersections.However,there is limited information that links the phasing configuration,degree of saturation and overall cycle time to crashes.While a number of analysis tools are available for assessing the efficiency of intersections,there are very few tools that can assist engineers in assessing the safety effects of intersection upgrades and new intersections.Safety performance functions have been developed to help quantify the safety impact of various traffic signal phasing configurations and level of intersection congestion at low and high-speed traffic signals in New Zealand and Australia.Data from 238 signalised intersection sites in Auckland,Wellington,Christchurch,Hamilton,Dunedin and Melbourne was used to develop crash prediction models for key crash-causing movements at traffic signals.Different variables(road features)effect each crash type.The models indicate that the safety of intersections can be improved by longer cycle times and longer lost inter-green times,especially all-red time,using fully protected right turns and by extending the length of right turn bays.The exception is at intersections with lots of pedestrians where shorter cycle times are preferred as pedestrian crashes increase with longer wait times.A number of factors have a negative impact on safety including,free left turns,more approach lanes,intersection arms operating near or over capacity in peak periods and higher speed limits.

Introduction to Wireless Endogenous Security and Safety:Problems, Attributes, Structures and Functions

The information security and functional safety are fundamental issues of wireless communications sytems.The endogenous security principle based on Dynamic Heterogeneous Redundancy provides a direction for the development of wireless communication security and safety technology.This paper introduces the concept of wireless endogenous security from the following four aspects.First,we sorts out the endogenous security problems faced by the current wireless communications system,and then analyzes the endogenous security and safety attributes of the wireless channel.After that,the endogenous security and safety structure of the wireless communications system is given,and finally the applications of the existing wireless communication endogenous security and safety functions are listed.

Implications of safety requirements for the treatment of THMC processes in geological disposal systems for radioactive waste

The mission of nuclear safety authorities in national radioactive waste disposal programmes is to ensure that people and the environment are protected against the hazards of ionising radiations emitted by the waste.It implies the establishment of safety requirements and the oversight of the activities of the waste management organisation in charge of implementing the programme.In Belgium,the safety requirements for geological disposal rest on the following principles:defence-in-depth,demonstrability and the radiation protection principles elaborated by the International Commission on Radiological Protection(ICRP).Applying these principles requires notably an appropriate identification and characterisation of the processes upon which the safety functions fulfilled by the disposal system rely and of the processes that may affect the system performance.Therefore,research and development(R&D)on safety-relevant thermo-hydro-mechanical-chemical(THMC)issues is important to build confidence in the safety assessment.This paper points out the key THMC processes that might influence radionuclide transport in a disposal system and its surrounding environment,considering the dynamic nature of these processes.Their nature and significance are expected to change according to prevailing internal and external conditions,which evolve from the repository construction phase to the whole heatingecooling cycle of decaying waste after closure.As these processes have a potential impact on safety,it is essential to identify and to understand them properly when developing a disposal concept to ensure compliance with relevant safety requirements.In particular,the investigation of THMC processes is needed to manage uncertainties.This includes the identification and characterisation of uncertainties as well as for the understanding of their safety-relevance.R&D may also be necessary to reduce uncertainties of which the magnitude does not allow demonstrating the safety of the disposal system.

A Novel Approach for Evaluation of Food Functions and Safety Applied in RR GM Soybeans

[Objective] This study aimed to evaluate tbe healthy risk of genetically modified （ GM ） soybeans by using a novel approach for functions and safety of food. [ Me^od] Different from traditional evaluation of substantial equivalence, three great innovations were performed in this study, involving in basic diet, evalu- ation approaches and principle, as well as the clarification of connotation differences between absolute and relative mass of organs. Hence a novel BDI-GS （Bendib Damage Index and General Score） evaluation approach was established and applied in comparative evaluation between RR GM and natural soybeans. Healthy male ICR mice during linear growth were selected; experimental mice were fed with 15% RR GM soybeans and 15% natural soybeans blending maize meal diets, and control mice were fed with single maize meal diet for 13 d; the mice were dissected after collecting blood samples and perfectly obtained nine organs or tissues to re- cord their masses and conduct statistical analyses. [Result] Plenty of matching information was obtained through simple design. The growth performance of treated mice was markedly of individual differences, some mice were thwarted due to regular intake of RR soybeans. Meanwhile, the functions and safety of RR soybeans were markedly lowered in overall nutritional and healthy effects than those of natural soybeans expressed in GS values, and presents some declines in nutrition and health of thymus, pancreas and spermary; especially, it can make thymus immune （P 〈0.05） in markedly lower level than that of natural soybeans. [ Conclusion] Therefore, major troubles and risks of RR soybeans intake are of personal risks in different degrees, in addition, it may increase sub-health and related chronic epi- demics risks, and herein it will presents certain safety issues. The creation of this novel evaluation system provides a simple and available evaluation approach for functions and potential risks revelation of food effects, and will yield far-reaching influences to safety evaluation and healthy development of GM foods, as well as public health.

Safety Management of Non-urban Roads in Israel： An Application of Empirical Bayes Evaluation

A safety management system was established to provide for continuously improved safety levels of the non-urban roads in Israel. One of the main functions of the system lies in the identification and treatment of HL （hazardous locations） on existing roads. In line with the state-of-the art in road safety, the HL identification is based on an empirical Bayes evaluation, where an HL is recognized using a high positive difference between the number of accidents expected at the site and that predicted for similar sites. The latter is estimated using safety performance functions that were developed for local conditions, including single- and dual-carriageway road sections, and various types of intersections： signalized/non-signalized, three- and four-legged. The procedure of HL identification is applied annually, serving as a basis for the working programs on road infrastructure improvements. Positive safety effects of such improvements were recently reported in the country. These activities comply with the Road Infrastructure Safety Directive that was recently introduced in the European Union.

Construction of crash prediction model of freeway basic segment based on interactive influence of explanatory variables

In order to improve the prediction precision of the safety performance function （SPF） of freeway basic segments, design and crash data of 640 segments are collected from different institutions. Three negative binomial （NB） regression models and three generalized negative binomial （GNB） regression models are built to prove that the interactive influence of explanatory variables plays an important role in fitting goodness. The effective use of the GNB model in analyzing the interactive influence of explanatory variables and predicting freeway basic segments is demonstrated. Among six models, the two models （one is the NB model and the other is the GNB model. ） which consider the interactive influence of the annual average daily traffic （AADT） and length are more reasonable for predicting results. Furthermore, a comprehensive study is carried out to prove that when considering the interactive influence, the NB and GNB models have almost the same fitting performance in estimating the crashes, among which the GNB model is slightly better for prediction performance.

保障医疗设备硬件系统功能安全的有效方法(英文)

A medical device is an instrument that includes components,parts,or accessories to diagnose or treat patients.Since the complexity of medical devices has increased in recent years,functional safety and basic safety are required to ensure the overall device safety.Functional safety is part of the overall safety that relates to the equipment under control(EUC)and to the EUC control system that depends on the correct functionality of the electrical/electronic/programmable electronic(E/E/PE)safety-related systems.This study proposes approach methods to functional safety of medical devices for which it is important to correctly identify the safety functions and the safety integrity level(SIL).The relationship between the functional safety and essential performance is identified focusing on the safety function.The essential performance of E/E/PE systems is defined as the safety function of the functional safety.The target SIL of the essential performance is determined according to the potential risk levels,based on the classification rules of medical devices.This approach is applied to the pulse oximeter as a case study.The target SIL for the functionality of the power-failure alarm condition is determined to be SIL1.The target SILs of other functions are determined as SIL2.

A Study on the Multi-Objective Optimization Method of Brackets in Ship Structures

The shape and size optimization of brackets in hull structures was conducted to achieve the simultaneous reduction of mass and high stress,where the parametric finite element model was built based on Patran Command Language codes.The optimization procedure was executed on Isight platform,on which the linear dimensionless method was introduced to establish the weighted multi-objective function.The extreme processing method was applied and proved effective to normalize the objectives.The bracket was optimized under the typical single loads and design waves,accompanied by the different proportions of weights in the objective function,in which the safety factor function was further established,including yielding,buckling,and fatigue strength,and the weight minimization and safety maximization of the bracket were obtained.The findings of this study illustrate that the dimensionless objectives share equal contributions to the multi-objective function,which enhances the role of weights in the optimization.

An approach to operational risk modeling and estimation of safety levels for deep water work class remotely operated vehicle-A case study with reference to ROSUB 6000

This paper presents a quantitative approach to operational risk modeling and estimation of safety integrity levels,required for the deep water electric work class remotely operated vehicle with reference to ROSUB6000 developed by the National Institute of Ocean Technology,India.ROSUB6000 is used for carrying out bathymetric surveys,gas hydrate surveys,poly-metallic nodule exploration,salvage operations,and meeting emergency response situations.The system is expected to be in operation for a period of 300 h per year,and has to be extremely safe and reliable.Methods and models for the quantitative assessment of operational safety and estimation of safety integrity levels for ROV are seldom available in the deep water intervention industry.The safety instrumented functions implemented in the ROV should be able to meet the SIL requirements of specific mission.This study indicates that the required safety factors are implemented into the design of the state-of-the-art ROV ROSUB 6000,considering IEC 61508/61511 recommendations on Health,Safety and Environment and it is found that the system is able to meet the required SIL for seven identified functions.This paper gives the design and safety engineers in the ROV industry,an overview of the numerical operational risk assessment methods and safety-centered ROV engineering.

International transferability of macro-level safety performance functions: a case study of the United States and Italy

Safety performance functions(SPFs),or crash-prediction models,have played an important role in identifying the factors contributing to crashes,predicting crash counts and identifying hotspots.Since a great deal of time and effort is needed to estimate an SPF,previous studies have sought to determine the transferability of particular SPFs;that is,the extent to which they can be applied to data from other regions.Although many efforts have been made to examine micro-level SPF transferability,few studies have focused on macro-level SPF transferability.There has been little transferability analysis of macro-level SPFs in the international context,especially between western countries.This study therefore evaluates the transferability of SPFs for several states in the USA(Illinois,Florida and Colorado)and for Italy.The SPFs were developed using data from counties in the United States and provincias in Italy,and the results revealed multiple common significant variables between the two countries.Transferability indexes were then calculated between the SPFs.These showed that the Italy SPFs for total crashes and bicycle crashes were transferable to US data after calibration factors were applied,whereas the US SPFs for total and bicycle crashes,with the exception of the Colorado SPF,could not be transferred to the Italian data.On the other hand,none of the pedestrian SPFs developed was transferable to other countries.This paper provides insights into the applicability of macro-level SPFs between the USA and Italy,and shows a good potential for international SPF transferability.Nevertheless,further investigation is needed of SPF transferability between a wider range of countries.

Investigating the influence of segmentation in estimating safety performance functions for roadway sections

Safety performance functions（SPFs） are crucial to science-based road safety management.Success in developing and applying SPFs, apart data quality and availability, depends fundamentally on two key factors： the validity of the statistical inferences for the available data and on how well the data can be organized into distinct homogeneous entities. The latter aspect plays a key role in the identification and treatment of road sections or corridors with problems related to safety. Indeed, the segmentation of a road network could be especially critical in the development of SPFs that could be used in safety management for roadway types, such as motorways（freeways in North America）, which have a large number of variables that could result in very short segments if these are desired to be homogeneous. This consequence, from an analytical point of view, can be a problem when the location of crashes is not precise and when there is an overabundance of segments with zero crashes. Lengthening the segments for developing and applying SPFs can mitigate this problem, but at a sacrifice of homogeneity. This paper seeks to address this dilemma by investigating four approaches for segmentation for motorways, using sample data from Italy. The best results were obtained for the segmentation based on two curves and two tangents within a segment and with fixed length segments. The segmentation characterized by a constant value of all original variables inside each segment was the poorest approach by all measures.

An Adversarial Attack on Salient Regions of Traffic Sign

The state-of-the-art deep neural networks are vulnerable to the attacks of adversarial examples with small-magnitude per-turbations.In the field of deep-learning-based automated driving,such adversarial attack threats testify to the weakness of AI models.This limitation can lead to severe issues regarding the safety of the intended functionality(SOTIF)in automated driving.From the perspective of causality,the adversarial attacks can be regarded as confounding effects with spurious corre-lations established by the non-causal features.However,few previous research works are devoted to building the relationship between adversarial examples,causality,and SOTIF.This paper proposes a robust physical adversarial perturbation genera-tion method that aims at the salient image regions of the targeted attack class with the guidance of class activation mapping(CAM).With the utilization of CAM,the maximization of the confounding effects can be achieved through the intermediate variable of the front-door criterion between images and targeted attack labels.In the simulation experiment,the proposed method achieved a 94.6%targeted attack success rate(ASR)on the released dataset when the speed-speed-limit-60 km/h(speed-limit-60)signs could be attacked as speed-speed-limit-80 km/h(speed-limit-80)signs.In the real physical experiment,the targeted ASR is 75%and the untargeted ASR is 100%.Besides the state-of-the-art attack result,a detailed experiment is implemented to evaluate the performance of the proposed method under low resolutions,diverse optimizers,and multifarious defense methods.The code and data are released at the repository:https://github.com/yebin999/rp2-with-cam.

SOTIF risk mitigation based on unified ODD monitoring for autonomous vehicles

Purpose–The purpose of this paper is to design a unified operational design domain(ODD)monitoring framework for mitigating Safety of the Intended Functionality(SOTIF)risks triggered by vehicles exceeding ODD boundaries in complex traffic scenarios.Design/methodology/approach–A unified model of ODD monitoring is constructed,which consists of three modules:weather condition monitoring for unusual weather conditions,such as rain,snow and fog;vehicle behavior monitoring for abnormal vehicle behavior,such as traffic rule violations;and road condition monitoring for abnormal road conditions,such as road defects,unexpected obstacles and slippery roads.Additionally,the applications of the proposed unified ODD monitoring framework are demonstrated.The practicability and effectiveness of the proposed unified ODD monitoring framework for mitigating SOTIF risk are verified in the applications.Findings–First,the application of weather condition monitoring demonstrates that the autonomous vehicle can make a safe decision based on the performance degradation of Lidar on rainy days using the proposed monitoring framework.Second,the application of vehicle behavior monitoring demonstrates that the autonomous vehicle can properly adhere to traffic rules using the proposed monitoring framework.Third,the application of road condition monitoring demonstrates that the proposed unified ODD monitoring framework enables the ego vehicle to successfully monitor and avoid road defects.Originality/value–The value of this paper is that the proposed unified ODD monitoring framework establishes a new foundation for monitoring and mitigating SOTIF risks in complex traffic environments.