Microcontroller Approach to Functional Safety Critical Factors in Electro-Mechanical Brake (EMB) System 2014-01-2527
Currently major investments by Tier1 and vehicle manufacturers are made to implement and optimize safety critical automotive systems according to the ISO standard 26262 “Road vehicles functional safety”. The ISO 26262 standard describes methods to detect the safety critical faults of a system designed according to the rules of functional safety, but it does not describe how an actual implementation shall look like.
Development of ISO 26262 standard compliant systems concentrates on optimizing and improving cost and performance in a competitive environment. More competitive and practical implementations use fewer additional hardware and software resources for safety control and error detection and have higher performance with less overhead. Microcontrollers already have implemented many safety related hardware functions, so called safety mechanisms to mitigate safety critical risks. Depending on how these safety mechanisms are used, functional safety compliant system can get optimized for cost and performance.
In order to implement electric and electronic (E/E) system to meet required automotive safety integrity levels (ASIL), semiconductor components are to be integrated in electric control unit (ECU) which has been also developed according to the ISO 26262 standard. The documentation of these components is typically describing the component as a safety element out of context (SEooC) with a certain assumption of use. The most commonly used SEooC component in an ECU is a microcontroller.
To improve the braking performance and energy efficiency, the brake-by-wire (BBW) system has been researched to replace conventional hydraulic and mechanical parts with fully E/E systems and electro-mechanical brake (EMB) system has been mainly considered as a braking actuator for BBW system. Based on hazard analysis and risk assessment for EMB system according to the ISO26262 standard, the EMB system shall typically be compliant with the highest level of ASIL, i.e. ASIL-D.
This paper will describe examples for optimizing safety critical operations in EMB systems in terms of data acquisition, processing and actuator control which need higher degree of rigor in hardware and software design. It will be shown that how effectively hardware resources and safety mechanisms implemented in microcontroller can be used for safety critical relevant functions in EMB system. With considerations of redundancy and diversity, a method of hardware resource partitioning of a microcontroller and safety critical software allocation will be introduced.