Machines like, for example, automobiles are becoming increasingly more complex. One reason for this development is, amongst others, the replacement of mechanical components by electrical or electromechanical components and the use of electronic controllers (electronic control units, ECUs). Increased complex systems are more likely to fail and thus functional safety is an important issue in the design of technical subsystems of complex machines. In the automotive sector, the international standard ISO 26262 titled “Road vehicles—Functional safety” was established in 2011 and relates to the functional safety of electrical and electronic systems used in an automobile.
Automotive Safety Integrity Level (ASIL) refers to an abstract classification of the safety risk inherent in an automotive system or subsystems and elements of such a system. In the standard ISO 26262, a specific ASIL is established by performing a risk analysis of a potential hazard by looking at the severity, exposure and controllability of the vehicle operating scenario. There are four ASILs identified by the standard: ASIL A, ASIL B, ASIL C, ASIL D. ASIL D defines the highest integrity requirements on a specific system and ASIL A the lowest. Accordingly, the desired or required ASIL level of a specific electrical or electronic system has to be considered at the time of the system design.
The powertrain of a modern automobile includes various ECUs that are used, for example, for the engine control and the transmission control. Those ECUs are responsible, for example, for controlling the fuel injections, automatic transmission and many other subsystems. In various applications, solenoid actuators are used, e.g. in fuel injectors or in solenoid valves, which may be used to control the oil pressure in hydraulic subsystems (e.g. hydraulic actuators). Dependent on the actual application, the electronic control units that are used to control and drive electric loads such as solenoid actuators usually have to be designed to comply with a specific ASIL. One approach to reduce the risk of system failure (and thus increase the ASIL) is to increase redundancy in the ECUs. However, redundant components entail increased complexity and costs. Thus, a general design goal in the design of ECUs is to avoid redundant components without increasing the risk of system failure.