Hazard Analysis and Risk Assessment (HARA) is a fundamental process within ISO 26262 that aims to ensure functional safety in automotive systems. It identifies potential hazards, analyzes their associated risks, and determines the necessary mitigation actions, classified using the Automotive Safety Integrity Levels (ASIL). For safety-critical functions such as Automated Emergency Braking (AEB), HARA ensures that potential failure modes and environmental factors are properly considered to prevent accidents. In this article, we'll explain how HARA is conducted for AEB functionality, with references to FMVSS 127 in the U.S. and relevant European standards, such as UN/ECE Regulation 152. We will also explore practical examples of how hazards are identified, the risks associated with them, and how these risks are mitigated.
1. Automated Emergency Braking (AEB) Overview
AEB is a technology designed to prevent or mitigate collisions by detecting obstacles and automatically applying the brakes when a collision is imminent. AEB systems use various sensors, such as radar, cameras, and LiDAR, to monitor the road ahead.
AEB is becoming a standard safety feature in new vehicles due to regulations like FMVSS 127 in the United States and UN/ECE Regulation 152 in Europe, which establish performance requirements for this system.
2. Key Standards for AEB Functionality
| Standard | Description | Region |
|---|---|---|
| FMVSS 127 | Specifies performance requirements for Automatic Emergency Braking Systems in the U.S. | United States |
| UN/ECE Regulation 152 | European standard outlining requirements for AEB systems, including performance in urban and highway scenarios. | Europe |
These standards ensure that AEB systems activate in time to prevent collisions and function correctly in various conditions (e.g., different speeds, weather, or road scenarios).
3. Creating HARA for AEB Functionality
The HARA process for AEB follows the structure of ISO 26262 and aims to ensure that the AEB system is fail-safe and functions correctly under all operating conditions. This process includes the identification of hazards, assessment of their risks, and definition of safety goals and requirements.
3.1 Hazard Identification
The first step in the HARA process is identifying potential hazards in the AEB system. Hazards could arise from:
- Failure to detect an obstacle (due to sensor failure or environmental interference).
- Unintended activation of the brakes (causing the vehicle to stop unexpectedly).
- Delayed braking response (leading to insufficient braking force to avoid a collision).
3.2 Hazard Scenarios and Risk Analysis
The hazards identified in HARA are evaluated based on three key parameters defined in ISO 26262:
- Severity (S): The potential impact of the hazard (ranging from no injury to life-threatening situations).
- Exposure (E): The likelihood of the vehicle being exposed to the hazardous condition.
- Controllability (C): The ability of the driver to control or mitigate the hazard.
Table 1: HARA for AEB Functionality
| Hazard | Severity (S) | Exposure (E) | Controllability (C) | ASIL Level | Safety Goal |
|---|---|---|---|---|---|
| Failure to detect obstacle | High | High | Low | ASIL D | Ensure reliable detection of obstacles in all conditions. |
| Unintended brake activation | Medium | Medium | Medium | ASIL C | Prevent false activation of brakes. |
| Delayed braking response | High | High | Low | ASIL D | Ensure timely activation of brakes in emergency situations. |
| Sensor malfunction (e.g., radar failure) | Medium | Medium | High | ASIL B | Ensure redundancy and error detection in sensors. |
| Miscommunication between sensors | Medium | Low | High | ASIL A | Ensure reliable communication between different sensors. |
Explanation:
- Severity (S): Assessed based on the potential impact of the hazard (e.g., life-threatening collisions or minor accidents).
- Exposure (E): Determined by how frequently the hazard could occur during typical vehicle operation.
- Controllability (C): Evaluated based on whether the driver can mitigate or prevent the hazardous situation.
The ASIL level for each hazard is calculated based on these three factors, dictating the necessary safety measures.
4. Defining Safety Goals and Functional Safety Requirements
Based on the ASIL classifications, safety goals are created to mitigate or eliminate the risks associated with the hazards. For AEB systems, these goals must ensure that the system behaves predictably and safely in emergency situations.
| Safety Goal | Requirement |
|---|---|
| Ensure obstacle detection in all conditions | Implement redundant sensors (radar + camera + LiDAR) to increase reliability. |
| Prevent false brake activation | Develop algorithms to cross-check inputs from sensors to avoid false positives. |
| Ensure timely brake response | Use high-speed communication protocols between the ECU and braking system. |
| Ensure sensor error detection | Develop diagnostics to detect sensor failures and switch to backup sensors. |
| Ensure robust sensor communication | Implement fail-safe communication between sensors using redundant networks (CAN, LIN). |
5. Compliance with FMVSS 127 and UN/ECE Regulation 152
FMVSS 127 and UN/ECE Regulation 152 play a significant role in defining how AEB systems must perform in real-world scenarios. These standards help guide the HARA process by providing clear performance requirements for braking systems under different conditions (e.g., urban driving, highway speeds, night-time operation).
Diagram: AEB System Safety Framework (Based on FMVSS 127 and ISO 26262)
graph LR
AEB[AEB System] -->|Sensors| S1[Camera] & S2[Radar] & S3[LiDAR]
AEB --> ECU[Electronic Control Unit]
ECU --> Brake[Braking Actuation]
ECU --> Display[Driver Notification System]
S1 -->|Data| ECU
S2 -->|Data| ECU
S3 -->|Data| ECUThis diagram illustrates the sensor fusion and communication pathways in an AEB system. By combining data from multiple sensors, the system ensures reliable detection and mitigation of hazards.
6. Verification and Validation (V&V) for AEB Systems
The Verification and Validation (V&V) process ensures that the AEB system meets the functional safety requirements defined during the HARA process. These activities include:
- Simulation Testing: Using tools like MATLAB/Simulink to simulate the behavior of the AEB system in various conditions.
- Hardware-in-the-Loop (HiL) Testing: Ensuring that the physical components of the AEB system interact correctly with the software by simulating real-world driving conditions.
- Functional Testing: Performing tests based on real-life scenarios, such as:
- Urban Driving: Testing the AEB system’s performance in stop-and-go traffic.
- Highway Driving: Ensuring timely braking in high-speed conditions.
Table 2: V&V Activities for AEB
| Test Type | Description | Objective |
|---|---|---|
| Simulation Testing | Simulating vehicle behavior in critical situations (e.g., obstacles on the road). | Ensure the AEB system responds in time to avoid collisions. |
| Hardware-in-the-Loop Testing | Simulating the entire system’s interaction with real vehicle hardware. | Validate that the AEB system correctly communicates with brakes. |
| Functional Safety Testing | Testing the system against safety-critical scenarios (e.g., sensor failure). | Ensure that the system meets the ASIL requirements. |
7. Final Steps: Implementing Functional Safety Measures
Once the HARA process and V&V activities are complete, the functional safety requirements must be implemented in the AEB system. This involves ensuring that:
- Sensors are redundant and can detect obstacles in a variety of conditions (e.g., weather, lighting).
- The ECU (Electronic Control Unit) is capable of processing data rapidly and sending signals to the brakes without delay.
- A robust communication network (CAN, LIN) is in place to ensure accurate and timely data exchange between system components.
Conclusion
The HARA process for Automated Emergency Braking (AEB) ensures that this critical safety function operates reliably under all conditions. By following ISO 26262, FMVSS 127, and UN/ECE Regulation 152, automotive engineers can ensure that AEB systems meet global safety standards. The HARA process identifies hazards, assesses risks, and defines safety goals, while V&V activities confirm that these goals are met through robust testing and simulation.
This comprehensive approach ensures that AEB systems adhere to the strict functional safety standards of ISO 26262, FMVSS 127, and UN/ECE Regulation 152, making them reliable and efficient safety features in modern vehicles.
By integrating the HARA process with robust Verification and Validation (V&V) activities, manufacturers can ensure that AEB systems are thoroughly tested, risks are mitigated, and functional safety is assured. The result is a safer driving experience for everyone on the road, as AEB systems actively prevent or mitigate collisions, even in complex and fast-evolving driving conditions.