The main goal of brake by wire technology is the development of compact, cheap and flexible braking systems. Since neither brake fluid nor hydraulic lines are used, brake by wire electro-mechanical actuation is a favourable solution both for production process and environmental aspect, and offer a precise control of braking torque amplitude. One of the most critical aspect is the lack of traditional link between brake pedal and brakes (calliper); this mean a potential safety problem to be correctly managed through the system architecture, redundancies, diagnosis and recoveries. During CRF brake by wire system development several architectures were deeply analysed using PHA, FMEA, and FTA methodology to identify the best configuration for production intent. The selected one is a fault-tolerant architecture based on a time-triggered communication network connecting fail-silent nodes. From safety analysis were defined critical events and system diagnosis and recovery requirements specifications. This paper describes the steps followed in the brake by wire software development, and its validation with respect to safety needs. For this purpose a three levels design and validation process was exploited. First of all, it was defined the complete simulation template including calliper electro-mechanical actuators and theirs ECU, time-triggered communication network and vehicle control ECU. The brake by wire system was interfaced to a complete vehicle dynamics model specifically developed for control design and validation purpose. Within this environment the control software was developed and the strategies were verified applying Software In the Loop technique. Then the ECU software was automatically generated using a customised tool chain based on Real Time Workshop Embedded Coder. Than, Hardware In the Loop testing was adopted to deeply verified high level software (application), low level software (OS, API, drivers,...) and hardware. HIL bench include the complete brake by wire system and a real time platform running the same vehicle model used during previous phase. Finally, vehicle testing phases complete the evaluation in the real environment and allows the system control development and tuning toward performances and subjective aspects. In each phase the system is tested both in normal and faulty conditions; a fault injection campaign was carried on to verify system response to fault with respect to the expected one. The process is cyclical, and a new loop has to be activated for each changes in the system. At the same time, testing complexity increases in order to guarantee the system safety.

This content is only available via PDF.
You do not currently have access to this content.