Safety Related Fault Tolerant Systems in Vehicles

During the X-By-Wire project a framework for fault tolerant electronics architecture has been developed, which suits the needs for safety related applications in vehicles. The consortium emphasized on solutions that support electronic systems without mechanical or hydraulic backup in order to establish the possibility to introduce new active safety functionality. These active safety functions will increase overall vehicle safety by liberating the driver from routine tasks and assisting the driver to find solutions in critical situations. The realisation of such intelligent driver assistance systems requires direct electronic control of the steering, braking, suspension and powertrain actuators. As a consequence there is a need for a standardized dependable, and cost-effective electronic realisation for mass production. With present implementation strategies active safety systems, or even just a subset thereof, cannot be realised within the typical constraints of mass production: low costs, reliability, system modularity, maintainability in the field, whilst meeting the requirements for safety certification. It cannot be expected that cost-effective manufacturable x-by-wire solutions will rely on expensive mechanical backup. Today's fail-safe systems have in general a reduced limp-home and a driver dependent functionality in case of one significant failure. A fault-tolerant system, on the other hand, guarantees the whole functionality even after a major failure has occurred. The results of the project are based on a set of automotive industry requirements for safety critical electronic onboard systems (x-by-wire systems) under the constraints of mass production. These requirements have been summarized in an system requirement specification. Based on these requirements the general architecture for a scaleable fault tolerant electronic system for vehicles has been defined. This architecture is the framework for highly reliable and manufacturable cost-effective systems and components linked by a reliable network. It suits the needs for adequate development and maintenance processes. For all aspects of the architecture, existing approaches (aeronautic, railway, nuclear, ships) were investigated concerning their suitability for vehicle requirements and manufacturability. Especially, work which had already been done in other EC-Projects was taken into account in order to realise a technology transfer from research status into production. During the project a general fault tolerant architecture was defined and agreed upon. After that, a more detailed definition of the different architectural aspects of a fault tolerant system such as dependability, development process, communication system, ardware, software and certification was performed. A widely distributed European team has implemented a steer-by-wire prototype without conventional backup which was regarded as the most demanding challenge. With this prototype the feasibility of the fault tolerant architecture, including fault tolerant actuator coupling, has been demonstrated. The project showed the scalability and scopability of the architecture. It is obvious that an architecture which fulfils these requirements is able to meet most of the requirements for other by-wire applications. The viability of tools to design and develop a time-triggered architecture has been shown as well. Software techniques for the detection and management of software and hardware errors in a fault-tolerant distributed safety related system have been established. Additionally the recommendations for software development in the MISRA Guidelines are appropriate for the implementation of production level software for X-By-Wire commercial systems. It has to be stated that the state of current component technology was behind the anticipated level, hence more basic work was required than anticipated. The basic technology is complete. However, the pre-conditions for mass production have not been met and some of the tools need to be brought up to commercial strength. The main project results have already been disseminated and discussed in international conferences in order to get the necessary input that the recommended architectural solutions are widely accepted and suitable to become a de-facto standard. Recommendations for the design process and rules for certification and maintenance of x-by-wire systems have been proposed. The success of the project emerges from the agreement on the overall approach among all partners.