Search Results

According to ISO 26262, ASIL decomposition is the breakdown of a top level safety requirement derived from safety goal into redundant safety requirements with sufficient independence to achieve the safety goal independently. The usage of decomposition enables the opportunity to reduce the ASIL rating of the decomposed safety requirements of a safety goal. To apply decomposition, the decomposed safety requirements should be allocated to sufficiently independent architectural elements. If the redundant/decomposed safety requirements cannot be allocated to sufficiently independent architectural elements, then these redundant safety requirements inherit the initial ASIL of the safety goal. ASIL decomposition can be applied to the functional, technical, hardware or software safety requirements of the item.

Safety is becoming more and more important with the ever increasing level of safety related E/E Systems built into the cars. Increasing functionality of vehicle systems through electrification of power train and autonomous driving leads to complexity in designing system, hardware, software and safety architecture. The application of multicore processors in the automotive industry is becoming necessary because of the needs for more processing power, more memory and higher safety requirements. Therefore it is necessary to investigate the safety solutions particularly for Automotive Safety Integrity Level (ASIL-D) Systems. This brings additional challenges because of additional requirements of ISO 26262 for ASIL-D safety concepts. This paper presents an approach for model-based “dependent failure analysis” which is required from ISO 26262 for ASIL-D safety concepts with decomposition approach.

This paper proposes a framework for semi-autonomous longitudinal guidance for electric vehicles. To lower the risk for pedestrian collisions in urban areas, a velocity trajectory which is given by the driver is optimized with respect to safety aspects with the help of Nonlinear Model Predictive Control (NMPC). Safety aspects, such as speed limits and pedestrians on the roadway, are considered as velocity and spatial constraints within prediction horizon in NMPC formulation. A slack variable is introduced to enable overshooting of velocity constraints in situations with low risk potential to rise driver acceptance. By changing the weight of slack variable, the control authority can be shifted continuously from driver to automation. Within this work, a prototypical real-time implementation of the longitudinal guidance system is presented and the potential of the approach is demonstrated in human-in-the-loop test drives in the Stuttgart Driving Simulator.

As part of a system model, a PEM fuel cell stack model is presented for functional tests and pre-calibration of control units on hardware-in-the-loop (HiL) test benches. From the basic idea to couple a 1-D membrane model with a spatially distributed abstraction of the gas channel, a real-time capable 1-D+1-D PEM FC stack model is constructed. Fundament for the HiL usage is an explicit formulation of the commonly implicit model equations. With that, not only calculation time can be reduced, but also model accuracy is preserved. A validation using test bench data emphasizes the accuracy of the model. Finally, a runtime and eigenvalue analysis of the stack model proves the real-time capability.