Abstract: Design and Analysis of a Robust Real-time Engine Control Network

Increasing numbers of automotive control systems are being designed as distributed systems, with critical functions linked by electronic communications. This includes Xby-wire systems, which seek to replace mechanical or hydraulic linkages with electrical or communications links. These systems raise a number of new challenges:

• Safety is a function of the whole system rather than any one system feature. Thus, safety analysis and understanding must occur at the (complex) system level.
• A robust design process is essential to ensure that complex system issues and critical analysis occur at the right development stage and cover all appropriate parts of the system.

This article provides a case study of a development project to show how these and other issues can be addressed. We describe the development of a communications network for a safety-related engine application that consists of a central electronic control unit (ECU) and a number of distributed actuators that are controlled via the network. We apply several techniques, such as hazard and scheduling analysis, to resolve safety and reliability issues.