Redundancy in software for intelligent brake systems

Automotive IQ sat down with Ajey Mohile, Chief Engineer at ZF-TRW to talk about the main challenges for a mechatronic systems to perform brake by wire functions and the most efficient redundancy strategies for brakes.

1. What are the main issues for a mechatronic systems to perform brake by wire functions?

ZF and other suppliers have developed wire brake systems that are assisted by an electric motor, this new technology replaces the conventional vacuum booster with a motor that drives the master cylinder plunger.  It does not get rid of brake lines and hydraulic fluid.

The tactile sensation between driver’s foot and brake pads is lost in electric brake systems. Much has been made of the "feel," good or bad, It’s a challenge to satisfy the expectations and feelings of discriminating drivers.

Electric boost is the expanding range of driver assist technologies and advance the cause of automated driving.  Electric boost can build hydraulic pressure more quickly.  It also removes any risk of a brief vacuum loss affecting brake operation and performance. 

Going forward, fully electric brakes should present both cost and weight advantages.   In a decade or so, we will see the first fully electric brake systems in operation.  That will be true brake-by-wire, or full electric brake actuation.  The foundation for fully electric brake systems exists in the electric parking brakes on an expanding number of production cars. These have small electric motors on one or more of the brake calipers that lock the friction pads on the rotor when the brake is set. Full electric brakes will have to be more powerful to generate the force currently provided by hydraulic fluid. Motors that are strong enough, but also small and light enough, need to be developed.

Another challenge will be working with government regulators to develop requirements for the braking redundancies currently required by safety regulations. 

2. What challenges are there in front of software design to achieve fault tolerant and fail operational behavior?

This will be the main topic of my presentation

Highly automated cars. There are redundancies required at various levels for an intelligent brake system.  For example: Vehicle Architecture, System Design, System Architecture, Hardware (Mechanical), Hardware (Electronics), Sensors and Software that Processes them, SW Architecture, SW Design etc.   Software plays a vital role in realizing the requirements that are allocated from the top-level specifications in to software logic to achieve fault tolerance and fail operational behavior at software, system and vehicle level. 

Redundancies handled by Braking Systems:

• Vehicle Level Redundancy
• System Level: Sensor Redundancy, 
• Redundancy using comparison of measured v. modeled values 
• Microcontroller Hardware Redundancy
• MultiCore Architectures separating QM and high ASIL SW components
• Smart and Safe ASICs replacing Discrete Circuits
• Safe OS
• Software Safety Mechanisms and Functional Degradation concepts 

3. What redundancy strategies for brakes (e.g. powertrain, steering, etc.) are the most efficient ones?

Complete Hydraulic Brake system that can go unnoticed without any telltale or warning is rare.   

There are no true redundancies if it really happens.  However park Brakes may provide most effective way of providing some braking.  If vehicle is equipped with electric park brakes there are features in the state of the art electric park brake systems that allow ABS like controls on the rear wheels to maintain vehicle stability and steerability.

Similarly Regen braking can only help or replace Friction braking up to certain level of deceleration and are not a full redundancy.

Electric Power Steering can be commanded to help in maintaining vehicle stability and steerability in case of half system hydraulic failure, again not a redundancy.

In case of by wire system failure there is no other way to provide redundancy other than using Secondary source for boost such as Redundant Braking ECU or fail in a “push-through” mode where driver effort is significantly increased due to lack of vacuum assist.

4. Do you think there already are benchmarked system design solutions for brake redundancies, or are they yet to come?

Deploy a Parachute?

Drop an Anchor?

Just kidding…

May be using Car2Car technology and enhanced platooning features such a car with failed brakes can be secured from behind by another car and by remotely controlling it’s steering and driving capabilities be driven to safety by an autonomous rescue vehicle. 

Unsubstantiated wild thought….

For now to reach HAD (Highly Automated Driving) Electronically Boosted Hydraulic systems with redundancy via a secondary braking source seem to be sufficient.  There is no clear winner between IBC+SBM, EBB+ESP or Split Pedal Box and PTU type concepts designed for packaging purposes.

Current trends indicate that either a combination of hydraulic and dry braking (EMB, EPB, Wedge brakes) or purely dry braking systems will eventually meet the market driven targets of cost of installation and operation, size, weight etc.  for HAD and AD.