Path: EDN Asia >> Design Centre >> Automotive >> Enhancing automotive safety, reliability with SafeAdapt
Automotive Share print

Enhancing automotive safety, reliability with SafeAdapt

21 Mar 2016  | Gereon Weiss

Share this page with your friends

Highly automated driving assumes the vehicle can correct faults on its own until the driver is in a position to intervene. That means guaranteeing the fault tolerance of critical functions in the vehicle E/E system. To date for example, a mechanical brake has usually served as a backup whenever the electric motor takes over the braking system. Although a temporary solution, from a long-term perspective one must come to the conclusion that this approach is not only costly, but also makes the vehicle unnecessarily heavy. This approach is also at odds with the concept of energy efficiency, and in the end leads to an extremely complex vehicle with many parts.

With this in mind, in future vehicles it would be advantageous for the electric motor to take over the braking system by itself through interaction with the vehicle E/E system and software. This places other demands on safety however, particularly in the case of highly automated driving. The German Association of Automobile Manufacturers (VDA) defines this degree of automation as stage 3 because the driver is no longer required to constantly monitor the vehicle and traffic, which is the case with partially-automated driving. The vehicle thus acts as the first fallback level, rectifying the error until the driver takes over again. For example, when an electronic control unit (ECU) fails, the vehicle must initially compensate and notify the driver so that he can take over the wheel again. Until that happens however, the vehicle must continue to drive more or less autonomously for several seconds.

This requires a paradigm shift in automobile safety concepts. It no longer requires a "fail silent" approach, meaning the system shuts down when an error occurs. Instead, the keyword is "fail operational," which means that when a fault occurs, the function or the ECU must continue to work until the vehicle can be brought to a safe operational state. Although avionic systems rely on multiple redundancy, this approach cannot simply be ported over to automotive platforms because of the high cost. A new approach is therefore needed.


Increased safety, lower development costs
This type of concept is the focus of the SafeAdapt project funded by the EU. More precisely, SafeAdapt involves the development of a new, flexible architecture that provides system-wide or generic fail-operational functionality. In other words, this feature will not be implemented for each function on an individual basis, rather for the system as a whole, thus reducing the effort and costs. The foundation of this concept is referred to as safe and controlled adaptation, an approach that rectifies faults by dynamically reallocating the functions and adapting the vehicle system to current situations at runtime. This also includes the possibility of reconfiguration through heterogeneous ECUs in order to implement flexible problem resolution in systems that are subject to strict safety demands.

More specifically, the objective of the SafeAdapt project is to reduce the development costs for future electric vehicles by establishing a generic problem resolution and expansion mechanism, thus ensuring functional safety. The SafeAdapt approach furthermore reduces material costs because it eliminates the need for functional redundancy. Finally, shifting the functions to existing ECUs reduces the overall number of ECUs that are required, thus improving energy efficiency.


Generic fault management
The foundation of the SafeAdapt approach is the interaction between the hardware and software. The presumption is that future vehicles have access to the sensors and actuators without having to rely on the actual control units. These intelligent sensors and actuators can be addressed directly or via network gateways. To ensure that a periphery component fault does not impact the functionality of the entire system, redundancy must be available. This applies to the individual sensors and actuators, as well to the existing communication paths. In order to reliably rectify individual faults, that means at least two communication paths must exist between all communication partners. The figure illustrates a vehicle architecture with two Ethernet paths between each of the individual participants. This ensures the participants can continue to communicate if an individual component or communications link fails.


Figure 1: Two separate Ethernet data paths connect the sub-systems to ensure fail-safe operation.


1 • 2 • 3 Next Page Last Page


Want to more of this to be delivered to you for FREE?

Subscribe to EDN Asia alerts and receive the latest design ideas and product news in your inbox.

Got to make sure you're not a robot. Please enter the code displayed on the right.

Time to activate your subscription - it's easy!

We have sent an activate request to your registerd e-email. Simply click on the link to activate your subscription.

We're doing this to protect your privacy and ensure you successfully receive your e-mail alerts.


Add New Comment
Visitor (To avoid code verification, simply login or register with us. It is fast and free!)
*Verify code:
Tech Impact

Regional Roundup
Control this smart glass with the blink of an eye
K-Glass 2 detects users' eye movements to point the cursor to recognise computer icons or objects in the Internet, and uses winks for commands. The researchers call this interface the "i-Mouse."

GlobalFoundries extends grants to Singapore students
ARM, Tencent Games team up to improve mobile gaming


News | Products | Design Features | Regional Roundup | Tech Impact