Technical Safety Concept Lane Assistance

Document Version: 1.0, Released on 2018-07-01

Template Version 1.0, Released on 2017-06-21

!
Document history

Date Version Editor Description

07/01/2018 1.0 Anand Mandapati Initial Version

Table of Contents
Document history

Table of Contents

Purpose of the Technical Safety Concept

Inputs to the Technical Safety Concept

Functional Safety Requirements
Refined System Architecture from Functional Safety Concept
Functional overview of architecture elements

Technical Safety Concept

Technical Safety Requirements
Refinement of the System Architecture
Allocation of Technical Safety Requirements to Architecture Elements
Warning and Degradation Concept
Purpose of the Technical Safety Concept
The purpose of the Technical Safety Concept portion of the Safety Plan is to derive more
detailed technical hardware and software requirements from the functional safety requirements
to mitigate the identified risks in the electrical and electronic components that constitute the
Lane Assistance System. The requirements are then allocated to the appropriate location in the
system architecture.

Inputs to the Technical Safety Concept

Functional Safety Requirements

ID Functional Safety Requirement A Fault Safe State

S Tolerant
IL Time
Interval
Functional The Electronic Power Steering ECU shall C 50 ms Reduce steering
Safety ensure that the lane departure oscillation torque to zero
Requirement torque amplitude is below
01-01 Max_Torque_Amplitude.
Functional The Electronic Power Steering ECU shall C 50 ms Reduce steering
Safety ensure that the lane departure oscillation torque to zero
Requirement torque frequency is below
01-02 Max_Torque_Frequency.
Functional The Electronic Power Steering ECU shall B 500 ms Reduce steering
Safety ensure that the lane keeping assistance torque to zero
Requirement torque is applied for only Max_Duration.
02-01
Refined System Architecture from Functional Safety Concept

!
Functional overview of architecture elements
Element
Camera Sensor
Camera Sensor ECU - Lane Sensing
Camera Sensor ECU - Torque request
generator
Car Display
Car Display ECU - Lane Assistance On/
Off Status
Car Display ECU - Lane Assistant
Active/Inactive
Car Display ECU - Lane Assistance
malfunction warning
Driver Steering Torque Sensor
Electronic Power Steering (EPS) ECU -
Driver Steering Torque
EPS ECU - Normal Lane Assistance
Functionality
EPS ECU - Lane Departure Warning
Safety Functionality
EPS ECU - Lane Keeping Assistant
Safety Functionality
EPS ECU - Final Torque
Motor
Description
Provides the Camera Display ECU with images of
the roadway in front of the vehicle.
Detects lane lines, the vehicle position with respect
to the lanes, and whether the vehicle is outside the
ego lane.
Provides a correction torque if the vehicle is
departing the ego lane.
Displays various information to the driver.
Provides the Car Display with information of the
On/Off state of the Lane Assistance System.
Provides the Car Display with information of the
Active/Inactive state of the Lane Assistance
system.
Provides the Car Display with information of a
possible malfunction of the Lane Assistance
system.
Senses the steering torque provided by the driver.
Measure the steering torque sensed by the Driver
Steering Torque Sensor.
Implements both Lane Assistance functions.
Receives torque requests from Camera Sensor
ECU and generates any augmented steering
torque.
Ensures that torque amplitude and frequency are
below Max_Torque_Amplitude and
Max_Torque_Frequency.
Ensures that the LKA function is not activated for
longer than Max_Duration time.
Combines torque requests from LKA and LDW
functions with the Driver Steering Torque to
generate the final torque to be sent to the motor.
Applies the final torque to the steering wheel of the
vehicle.
Technical Safety Concept

Technical Safety Requirements

Lane Departure Warning (LDW) Requirements:

Functional Safety Requirement 01-01 with its associated system elements

(derived in the functional safety concept)
ID Functional Safety Requirement Electronic Camera Car Display
Power ECU ECU
Steering
ECU
Functional The lane keeping item shall
Safety ensure that the lane departure
Requirement X
oscillating torque amplitude is
01-01
below Max_Torque_Amplitude
Technical Safety Requirements related to Functional Safety Requirement 01-01 are:
ID Technical Safety A Fault Architecture Safe State
Requirement S Tolerant Allocation
IL Time
Interval
Technical The LDW safety component C 50ms EPS ECU - LDW torque
Safety shall ensure that the amplitude LDW Safety output is set
Requirem of the ‘LDW_Torque_Request’ Component to zero.
ent sent to the ‘Final electronic
01
power steering Torque’
component is below
‘Max_Torque_Amplitude’
Technical As soon as the LDW function C 50ms EPS ECU - LDW torque
Safety deactivates the LDW feature, LDW Safety output is set
Requirem the ‘LDW Safety’ software Component to zero.
ent block shall send a signal to the
02
car display ECU to turn on a
warning light.
Technical As soon as a failure is C 50ms EPS ECU - LDW torque
Safety detected by the LDW function, LDW Safety output is set
Requirem it shall deactivate the LDW Component to zero.
ent feature and the
03
‘LDW_Torque_Request’ shall
be set to zero.
Technical The validity and integrity of the C 50ms EPS ECU – LDW torque
Safety data transmission for Data output is set
Requirem ‘LDW_Torque_Request’ signal Transmission to zero.
ent shall be ensured. Integrity
04 Check
Technical Memory test shall be A Ignition EPS ECU – LDW torque
Safety conducted at startup of the cycle Safety output is set
Requirem EPS ECU to check for any Startup to zero.
ent faults in memory. Memory Test
05

Functional Safety Requirement 01-2 with its associated system elements

(derived in the functional safety concept)
ID Functional Safety Requirement Electronic Camera Car Display
Power ECU ECU
Steering
ECU
Functional The lane keeping item shall
Safety ensure that the lane departure
Requirement X
oscillating torque frequency is
01-02
below Max_Torque_Frequency

Technical Safety Requirements related to Functional Safety Requirement 01-02 are:

ID Technical Safety Requirement A Fault Architecture Safe
S Tolerant Allocation State
IL Time
Interval
Technical The LDW safety component shall C 50 ms EPS ECU - Torque
Safety ensure that the amplitude of the LDW Safety Freq.
Requirement 'LDW_Torque_Request' sent to the Component set to
01 zero
'Final electronic power steering
Torque' component is below
'Max_Torque_Frequency.
Technical As soon as the LDW function C 50 ms EPS ECU - N/A
Safety deactivates the LDW feature, the LDW Safety
Requirement 'LDW Safety' software block shall Component
02 send a signal to the car display
ECU to turn on a warning light.
Technical As soon as a failure is detected by C 50 ms EPS LDW Torque
Safety the LDW function, it shall Safety set to
Requirement deactivate the LDW feature and Software zero.
03 Component
the 'LDW_Torque_Request' shall
be set to zero.
Technical The validity and integrity of the C 50 ms EPS ECU - N/A
Safety data transmission for Data
Requirement 'LDW_Torque_Request' signal Transmission
04 shall be ensured. Integrity
Check
Technical Memory test shall be conducted at A Ignition Safety Startup N/A
Safety start up of the EPS ECU to check Cycle
Requirement for any faults in memory.
05

Lane Keeping Assistance (LKA) Requirements:

Functional Safety Requirement 02-1 with its associated system elements

(derived in the functional safety concept)
ID Functional Safety Requirement Electronic Camera Car Display
Power ECU ECU
Steering
ECU
Functional The lane keeping item shall
Safety ensure that the lane keeping
Requirement X
assistance torque is applied for
02-01 only Max_Duration

Technical Safety Requirements related to Functional Safety Requirement 02-01 are:

ID Technical Safety Requirement A Fault Allocation to Safe State
S Tolerant Architecture
IL Time
Interval
Technical The LKA safety component shall B 500ms EPS ECU - Torque set
Safety ensure that the duration of the LKA Safety to zero.
Requireme lane keeping assistance torque Component
nt applied is less than
01
Max_Duration.
Technical As soon as the LKA function B 500ms EPS ECU - N/A
Safety deactivates the LKA feature, the LKA Safety
Requireme ‘LKA Safety’ software block shall Component
nt send a signal to the car display
02
ECU to turn on a warning light.
Technical As soon as a failure is detected B 500ms EPS ECU - Torque set
Safety by the LKA function, it shall LKA Safety to zero.
Requireme deactivate the LKA feature and Component
nt the ‘LKA_Torque_Request’ shall
03
be set to zero.
Technical The validity and integrity of the B 500ms EPS ECU – N/A
Safety data transmission for Data
Requireme ‘LKA_Torque_Request’ signal Transmission
nt shall be ensured. Integrity Check
04
Technical Memory test shall be conducted A Ignition EPS ECU – N/A
Safety at startup of the EPS ECU to cycle Safety Startup
Requireme check for any faults in memory.
nt
05
Refinement of the System Architecture

!
Allocation of Technical Safety Requirements to Architecture
Elements
All Technical Safety Requirements are allocated to the Electronic Power Steering ECU.

Warning and Degradation Concept

ID Degradation Trigger for Safe State Driver Warning

Mode Degradation invoked?
Mode
WDC-01 Turn off LDW Vibration Yes, LDW Lane assistance
functionality amplitude too oscillating torque functionality set
high or shall be set to inactive and
frequency too zero malfunction
high. warning to the
driver via car
display.
WDC-02 Turn off LKA Lane keeping Yes, LKA added Lane assistance
functionality assistance extra torque functionality set
duration shall be set to inactive and
exceeds zero malfunction
Max_Duration warning to the
driver via car
display.