Functional Safety Compliant ECU Design for Electro-Mechanical Brake (EMB) System 2013-01-2062

In this paper, we propose a hardware and a software design method considering functional safety for an electro-mechanical brake (EMB) control system which is used as a brake actuator in a brake-by-wire (BBW) system. A BBW system is usually composed of electro-mechanical calipers, a pedal simulator, and a control system. This simple by-wire structure eliminates the majority of bulky hydraulic brake devices such as boosters and master cylinders. The other benefit of a BBW system is its direct and independent response; this leads to enhanced controllability, thus resulting in not only improved basic braking performance but also considerably easier cooperative regenerative braking in hybrid, fuel-cell, and electric cars. The importance of a functional safety based approach to EMB electronic control unit (ECU) design has been emphasized because of its safety critical functions, which are executed with the aid of many electric actuators, sensors, and application software. Based on hazard analysis and risk assessment according to ISO26262, the EMB system should be ASIL-D compliant, the highest ASIL level. To this end, an external signature watchdog and an Infineon 32-bit microcontroller TriCore are used to reduce risks considering common-cause failure. Moreover, a software design method is introduced for implementing functional safety oriented monitoring functions based on an asymmetric dual core architecture considering redundancy and diversity. The validity of the proposed ECU design approach is verified by using the EMB hardware-in-the-loop simulation (HILS). Furthermore, it is shown that the existing sensor fault tolerant control system can be used more effectively for mitigating the effects of hardware and software faults by applying the proposed functional safety oriented ECU design method.