Automotive ECU Design with Functional Safety for Electro-Mechanical Actuator Systems
Authors: Kyung-Jung Lee, Young-Hun Ki, Hyun-Sik Ahn
Abstract:
In this paper, we propose a hardware and software design method for automotive Electronic Control Units (ECU) considering the functional safety. The proposed ECU is considered for the application to Electro-Mechanical Actuator systems and the validity of the design method is shown by the application to the Electro-Mechanical Brake (EMB) control system which is used as a brake actuator in Brake-By-Wire (BBW) systems. The importance of a functional safety-based design approach to EMB ECU design has been emphasized because of its safety-critical functions, which are executed with the aid of many electric actuators, sensors, and application software. Based on hazard analysis and risk assessment according to ISO26262, the EMB system should be ASIL-D-compliant, the highest ASIL level. To this end, an external signature watchdog and an Infineon 32-bit microcontroller TriCore are used to reduce risks considering common-cause hardware failure. Moreover, a software design method is introduced for implementing functional safety-oriented monitoring functions based on an asymmetric dual core architecture considering redundancy and diversity. The validity of the proposed ECU design approach is verified by using the EMB Hardware-In-the-Loop (HILS) system, which consists of the EMB assembly, actuator ECU, a host PC, and a few debugging devices. Furthermore, it is shown that the existing sensor fault tolerant control system can be used more effectively for mitigating the effects of hardware and software faults by applying the proposed ECU design method.
Keywords: BBW (Brake-By-wire), EMB (Electro-Mechanical Brake), Functional Safety, ISO26262.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1087281
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 7002References:
[1] Maron, C., Dieckmann, T., Hauck, S., and Prinzler, H.,"Electromechanical Brake System: Actuator ControlDevelopment System," SAE Technical Paper 970814, 1997,doi:0.4271/970814.
[2] Schwarz, R., Isermann, R., Bohm, J., Nell, J., andRieth P.,"Clamping Force Estimation for a Brake-by-WireActuator,"SAE Technical Paper 1999-01-0482, 1999, doi:10.4271/1999-01-0482.
[3] Zhai, Z. and Corbiere, T., "Achieving ASIL D for Microcontroller in Safety-Critical Drive-by-Wire System," SAE Technical Paper 2009-01-0759, 2009, doi:10.4271/2009-01-0759.
[4] ISO 26262-3 Road Vehicles - Functional safety — Part10: Guideline on ISO 26262, 2011.
[5] ISO 26262-3 Road Vehicles - Functional safety — Part3: Concept Phase, 2011.
[6] Cheon, J., Kim, J., Jeon, J., and Lee, S., "Brake By Wire Functional Safety Concept Design for ISO/DIS 26262,"SAE Technical Paper 2011-01-2357, 2011, doi:10.4271/2011-01-2357.
[7] Van Eikema Hommes, Q., "Review and Assessment of the ISO 26262 Draft Road Vehicle - Functional Safety,"SAE Technical Paper 2012-01-0025, 2012, doi:10.4271/2012-01-0025.
[8] Christiaens, S., Ogrzewalla, J., and Pischinger, S., "Functional Safety for Hybrid and Electric Vehicles,"SAE Technical Paper 2012-01-0032, 2012, doi:10.4271/2012-01-0032.
[9] ISO 26262-SRoad Vehicles - Functional safety — PartS: Product development at the hardware level, 2011.
[10] Sundaram, P. and D'Ambrosio, J., "Controller Integrity in Automotive Failsafe System Architectures," SAE Technical Paper 2006-01-0840, 2006, doi:10.4271/2006-01-0840.
[11] Ki, Y., Ahn, H., and Cheon, J., "Fault-Tolerant Control of EMB Systems," SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 5(2):579-589, 2012, doi:10.4271/2012-01-1795.