Abstract: This paper suggests a design methodology for the hardware and software of the electronic control unit (ECU) of safety-critical vehicle applications such as braking and steering. The architecture of the hardware is a high integrity system such thatit incorporates a high performance 32-bit CPU and a separate peripheral controlprocessor (PCP) together with an external watchdog CPU. Communication between the main CPU and the PCP is executed via a common area of RAM and events on either processor which are invoked by interrupts. Safety-related software is also implemented to provide a reliable, self-testing computing environment for safety critical and high integrity applications. The validity of the design approach is shown by using the hardware-in-the-loop simulation (HILS)for electric power steering(EPS) systemswhich consists of the EPS mechanism, the designed ECU, and monitoring tools.
Abstract: In this paper, we propose a hardware and software
design method for automotive Electronic Control Units (ECU)
considering the functional safety. The proposed ECU is considered for
the application to Electro-Mechanical Actuator systems and the
validity of the design method is shown by the application to the
Electro-Mechanical Brake (EMB) control system which is used as a
brake actuator in Brake-By-Wire (BBW) systems. The importance of a
functional safety-based design approach to EMB ECU design has been
emphasized because of its safety-critical functions, which are executed
with the aid of many electric actuators, sensors, and application
software. Based on hazard analysis and risk assessment according to
ISO26262, the EMB system should be ASIL-D-compliant, the highest
ASIL level. To this end, an external signature watchdog and an
Infineon 32-bit microcontroller TriCore are used to reduce risks
considering common-cause hardware failure. Moreover, a software
design method is introduced for implementing functional
safety-oriented monitoring functions based on an asymmetric dual
core architecture considering redundancy and diversity. The validity
of the proposed ECU design approach is verified by using the EMB
Hardware-In-the-Loop (HILS) system, which consists of the EMB
assembly, actuator ECU, a host PC, and a few debugging devices.
Furthermore, it is shown that the existing sensor fault tolerant control
system can be used more effectively for mitigating the effects of
hardware and software faults by applying the proposed ECU design
method.