This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Microcontroller Approach to Functional Safety Critical Factors in Electro-Mechanical Brake (EMB) System
Technical Paper
2014-01-2527
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
Currently major investments by Tier1 and vehicle manufacturers are made to implement and optimize safety critical automotive systems according to the ISO standard 26262 “Road vehicles functional safety”. The ISO 26262 standard describes methods to detect the safety critical faults of a system designed according to the rules of functional safety, but it does not describe how an actual implementation shall look like.
Development of ISO 26262 standard compliant systems concentrates on optimizing and improving cost and performance in a competitive environment. More competitive and practical implementations use fewer additional hardware and software resources for safety control and error detection and have higher performance with less overhead. Microcontrollers already have implemented many safety related hardware functions, so called safety mechanisms to mitigate safety critical risks. Depending on how these safety mechanisms are used, functional safety compliant system can get optimized for cost and performance.
In order to implement electric and electronic (E/E) system to meet required automotive safety integrity levels (ASIL), semiconductor components are to be integrated in electric control unit (ECU) which has been also developed according to the ISO 26262 standard. The documentation of these components is typically describing the component as a safety element out of context (SEooC) with a certain assumption of use. The most commonly used SEooC component in an ECU is a microcontroller.
To improve the braking performance and energy efficiency, the brake-by-wire (BBW) system has been researched to replace conventional hydraulic and mechanical parts with fully E/E systems and electro-mechanical brake (EMB) system has been mainly considered as a braking actuator for BBW system. Based on hazard analysis and risk assessment for EMB system according to the ISO26262 standard, the EMB system shall typically be compliant with the highest level of ASIL, i.e. ASIL-D.
This paper will describe examples for optimizing safety critical operations in EMB systems in terms of data acquisition, processing and actuator control which need higher degree of rigor in hardware and software design. It will be shown that how effectively hardware resources and safety mechanisms implemented in microcontroller can be used for safety critical relevant functions in EMB system. With considerations of redundancy and diversity, a method of hardware resource partitioning of a microcontroller and safety critical software allocation will be introduced.
Recommended Content
Authors
Topic
Citation
Hwang, G., Freiwald, A., and Ahn, H., "Microcontroller Approach to Functional Safety Critical Factors in Electro-Mechanical Brake (EMB) System," SAE Technical Paper 2014-01-2527, 2014, https://doi.org/10.4271/2014-01-2527.Also In
References
- Purnendu , S Architectural design and reliability analysis of a fail-operational brake-by-wire system from ISO26262 perspectives Elsevier, Reliability Engineering and System Safety 2011 10.1016/j.ress.2011.03.013
- Cheon , J. Brake By Wire System Configuration and Functions using Front EWB (Electric Wedge Brake) and Rear EMB (Electro-Mechanical Brake) Actuators SAE Technical Paper 2010-01-1708 2010 10.4271/2010-01-1708
- Kim , J. , Kim , M. , Chun , J. , and Huh , K. ABS/ESC/EPB Control of Electronic Wedge Brake SAE Technical Paper 2010-01-0074 2010 10.4271/2010-01-0074
- Cheon , J. , Kim , J. , Jeon , J. , and Lee , S. Brake By Wire Functional Safety Concept Design for ISO/DIS 26262 SAE Technical Paper 2011-01-2357 2011 10.4271/2011-01-2357
- Lee , K. , Ki , Y. , Ahn , H. , Hwang , G. et al. Functional Safety Compliant ECU Design for Electro-Mechanical Brake (EMB) System SAE Int. J. Passeng. Cars - Mech. Syst. 6 3 1476 1483 2013 10.4271/2013-01-2062
- Sundaram , P. and D'Ambrosio , J. Controller Integrity in Automotive Failsafe System Architectures SAE Technical Paper 2006-01-0840 2006 10.4271/2006-01-0840
- Zhai , Z. and Corbiere , T. Achieving ASIL D for Microcontroller in Safety-Critical Drive-by-Wire System SAE Technical Paper 2009-01-0759 2009 10.4271/2009-01-0759
- ISO 26262-5 Road Vehicles - Functional Safety - Part 5: Product development at the hardware level 2011
- ISO 26262-6 Road Vehicles - Functional Safety - Part 6: Product development at the software level 2011
- ISO/FDIS 26262-10 Road Vehicles - Functional Safety -- Part106: Guideline on ISO 26262 2012
- Brewerton , S. A New Approach to Input and Output Monitoring for Microcontrollers Supporting Functional Safety SAE Int. J. Passeng. Cars -- Electron. Electr. Syst. 6 1 136 133 2013 10.4271/2013-01-0185
- Infineon Technologies AG Aurix TC26x 32-Bit Single-Chip Microcontroller User's Manual 1.0 2013