The implementation of automated driving functions is accompanied with a changing approach in safety design, explained Rainer Denkelmann, Technical Manager Advanced Engineering at Delphi Germany, during a presentation at the Technical Congress of the German Automotive Industry Association VDA. While hitherto cars have been designed to achieve a fail-safe behaviour, these principles will not suffice to build cars that drive along autonomously, allowing the driver to exercise other activities than to constantly monitor the vehicle. As a consequence, the vehicle must be capable of autonomously gap at least several seconds in the case of a major failure – simply stopping in the middle of a busy high-speed highway is no option.
Instead, the systems have to be designed to achieve a certain degree of fault tolerance, Denkelmann said. While for most driving-related functions in the car, some kind of fall-back level or redundancy is available, in today’s vehicle power distribution architectures this is not the case. “ISO 26262 (the automotive functional safety standard) must be applied to the power distribution architecture of the car”, Denkelmann claimed. “Today’s power distribution tree topology does not meet the requirements of automated driving.”
To ensure reliable power supply for all safety-critical components, it is necessary to devise some means of predicting power demands in all parts of the vehicle. A safe system requires independent supply of particular loads based on failure analysis. To achieve this goal, it also would be necessary to integrate accurate means of current sensing to all load paths.
Obviously, if the power line to a critical actuator is cut due to an accident or other malfunctiion, this actuator – for example, an electrically activated brake – would no longer be able to function properly. To avoid such potentially catastrophic failures, would it be necessary to integrate decentralised short-term power supplies (supercaps, for example) integrated into the respective actuator or controller? “This is something we are considering”, Denkelmann said.