Page 55 - SAEINDIA Magazine December 2020

P. 55

TECHNOLOGY

Trends

was achieved by incorporating dual-core microcontroller detecting and addressing systematic errors in advance
integrated with power management and safety through a higher degree of independence of systems to
monitoring unit thus providing high availability and realize decomposition to lower levels, which will continue
controllability for the EPS systems to decompose ASIL-C to be a challenge to design ISO 26262 compliant systems.
determination in case of LOA of steering systems.
Dr. Arunkumar Sampath
As more and more OEMs demand their suppliers to Chief Engineer and Head Innovation,
provide drivetrain control systems adhering to ISO 26262 Global Technology Centre,
standard, innovative technical solutions employing multi- Mahindra Electric Mobility
layer Functional Safety system architecture employing Limited & MC Member and
multicore microcontroller (developed as a safety element Chairman, Branding &
out of context (SEOOC)) are being pursued meeting Communications Board, SAEINDIA
ASIL C and higher requirements. The different layers of Reference:
Functional Safety simultaneously address multiple ASIL
C safety goals while also providing redundant shut-off 1. Peter Johannes Bergmiller, “Towards Functional Safety
paths in case a layer fails. in Drive by Wire Vehicles”.
https://link.sppringer.com/book/10.1007/978-3-319-
The distributed BBW architecture is the recent trend 17485-3
with multiple displacement sensors and force sensors
connected to the wheel nodes, with each wheel node 2. International Standards, “ISO 26262 Functional
calculating the actuation commands for all four wheels. of Safety for Road Vehicles, Parts 3, 4, 5,” Geneva,
The fail-safe operation is provided by constantly checking Switzerland, Second Edition 2018.
if the specific wheel nodes do not calculate the same 3. William Taylor and Jody J, Nelson, “High-Voltage
output commands for these advanced brake functions. Battery System Concepts for ISO26262 Compliance”
Each wheel node is connected to each distribution box SAE Paper 2013-01-0181.
providing redundant power supply through the use of https://www.sae.org/publications/technical-papers/
two 42V batteries that are protected from short circuits. content/2013-01-0181
The communication system itself is failure tolerant with 4. Saif Salih and Richard Olawoyin, “Computation of
the computation and control distributed to the available Safety Architecture for Electric Power Steering System
resources that verify against each other over the network.
and Compliance with ISO26262” SAE Paper 2020-01-
In Automotive systems with growing complexity, all 0649. https://www.sae.org/publications/technical-
safety goals must be satisfied simultaneously with papers/content/2020-01-0649
associated ASIL levels in a single implementation by
5. Zhihong Wu, et. al, , “Functional Safety and Secure
CAN in Motor Control System Design
for Electric Vehicles” SAE Paper 2017-
01-1255.
https://www.sae.org/
publications/technical-papers/
content/2017-01-1255
6. Nico A. Kelling and Worthy Heck,
“The BRAKE Project – Centralized
vs Distributed Redundancy for
Brake-by-Wire Systems” SAE
Paper 2002-01-0266.
https://www.sae.org/
publications/technical-papers/
Fig 16. Distributed Brake by Wire Safety Architecture (Ref. [6]) content/2002-01-0266

MOBILITY ENGINEERING DECEMBER 2020 53

50 51 52 53 54 55 56 57 58 59 60