GM Engineers Develop Analysis Tool for Brake-by-Wire Systems

GM Engineers Develop Analysis Tool for Brake-by-Wire Systems

General Motors engineers developed a System Analysis Tool for evaluating Brake-by-Wire architectures in Software Defined Vehicles, enabling systematic fault analysis and fail-operational validation.

Technical Abstract Contribution by SAE International

General Motors researchers have introduced a System Analysis Tool designed to evaluate and optimize Brake-by-Wire architectures within Software Defined Vehicles. The tool addresses the growing complexity of safety-critical braking systems that eliminate traditional mechanical backup in favor of fully electronic control and fail-operational redundancy.

Highlights

  • System Analysis Tool (SAT) enables systematic evaluation of component failures, logical interdependencies, and cumulative impacts of multiple simultaneous faults in Brake-by-Wire systems
  • Fail-operational requirements demand ASIL D quantitative safety targets of 10 FIT (no more than 10 failures per billion hours of operation) for critical braking loss scenarios
  • Model-based methodology supports V-model development lifecycle from early concept design through system verification testing
  • Iterative design capability allows engineers to rapidly assess trade-offs between cost, complexity, and safety across distributed electronic architectures

Understanding Brake-by-Wire in Software Defined Vehicles

Brake-by-Wire technology replaces the traditional hydraulic connection between brake pedal and foundation brakes with electronic control systems during both normal operation and degraded modes. In conventional braking systems, mechanical backup provides a direct hydraulic pathway allowing drivers to manually generate braking force through physical pedal effort.

BbW systems operate differently. Pressing the brake pedal sends electronic signals from travel sensors via serial data to centralized brake controls, which then command four independent Electro-Mechanical Brake corner actuators to generate braking torque at each wheel.

This architecture demands robust redundancy in computing and communication. The absence of mechanical backup means all fail-operational capabilities must be provided electronically to maintain braking performance under fault conditions.

The SDV Architecture Challenge

Software Defined Vehicles centralize control software while decentralizing sensors and actuators. This approach offers advantages including improved efficiency, modular designs, reduced mechanical complexity, and opportunities for new functionalities through software enhancements.

However, the integration creates significant challenges for failure management. A single component failure in SDV-based BbW systems can have cascading impacts across distributed networks of power, communication, sensing, and actuation elements.

The stringent redundancy requirements add complexity due to distributed communications among control, sensing, and actuation elements. Each module, component, wire, and electrical connector represents a potential failure point requiring rigorous analysis.

SAT Modeling Architecture

The System Analysis Tool uses three main modeling elements:

  • ECUs – Logical groupings of related system functions serving as containers for components that define specific functionalities such as sensing, actuation, diagnostics, or decision-making
  • Components – Functional building blocks inside an ECU including power inputs, sensors, actuators, diagnostic states, or software processing elements where initial failures originate
  • Connections – Define how failures propagate between components through one-way links, two-way links, or Boolean logic gates (AND, OR, NOT)

The tool distinguishes between initial failures representing direct component-level malfunctions and secondary failures resulting from propagation through logical or physical dependencies.

Hierarchical System State Framework

The SAT structures system states across three levels:

Component Level states are directly determined by individual component statuses, diagnostics, and sensor signals such as sensor faults or ECU errors.

Supervisory Level states consolidate multiple component-level states into broader categories reflecting overall health of key subsystems including power distribution system health and communication bus integrity.

System Level integrates supervisory-level and critical component-level states to determine overall system functionality and identify which MCU should assume control.

Practical Application Through Failure Analysis

The simplified system model architecture analyzed in the paper produced 59 potential single-point failures and 1,654 dual-point failures. Each failure scenario triggers propagated calculation of 32 unique system states defined in the example model.

Production-level BbW systems scale this complexity significantly, potentially resulting in hundreds of single-point failures, tens of thousands of dual-point failures, and several dozen distinct system states.

The researchers demonstrated two architecture variations analyzing power grid failure scenarios:

Original architecture – Power Grid 1 failure causes Main MCU, EMB_LF, and EMB_RR to lose power, forcing transition to redundant brake controls with limited functionality

Modified architecture – Connecting Main MCU to both power grids with fault-tolerant power management circuitry maintains main brake control availability despite single power grid failure

Aligning with ISO 26262 Compliance

The SAT complements formal safety processes outlined in ISO 26262, providing dynamic modeling capability that enhances traditional hazard analysis. The tool supports systematic ASIL allocation and verification across the BbW system while enabling visualization and rapid iteration through failure propagation scenarios.

System reliability estimation uses Failure in Time rates derived from industry-standard reliability handbooks and empirical warranty data. The tool quantifies relationships between system performance levels and aggregate failure rates causing specific performance degradations.

Verification and Requirement Generation

The SAT generates targeted test cases based on defined system states and associated failure conditions. Test cases utilize Gherkin syntax (Given-When-Then) to explicitly define test scenarios, preconditions, and expected outcomes.

Python code within the SAT explicitly defines the logic used to calculate system states, serving as a direct executable representation of intended system behavior. This structured approach enables efficient allocation of derived requirements to appropriate elements within the overall system architecture.

The tool also facilitates development of production vehicle verification plans by assigning Diagnostic Trouble Codes to specific component failures, enabling automated generation of software test cases.

Industry Implications

The methodology provides an effective means of managing system complexity inherent in SDVs while optimizing both system design and iterative refinements. Engineering teams gain quantifiable metrics essential for informed decision-making throughout the entire system development lifecycle.

Future work will expand the SAT’s modeling capabilities, incorporate more advanced aggregate failure rate analysis algorithms, and enhance integration into automated design and verification workflows. The research team is also working to expand SAT usage to other safety-critical vehicle systems.

Full abstract can be found HERE.

About SAE International

SAE International serves as the global leader in advancing mobility knowledge and solutions for the automotive, aerospace, and commercial vehicle industries. The organization develops technical standards, provides professional development resources, and publishes peer-reviewed research that shapes engineering practices worldwide.

The full technical paper (SAE 2025-01-0355) authored by Edward Heil, Sean Zuzga, and Caitlin Babul of General Motors LLC is available through SAE International at doi:10.4271/2025-01-0355.

SAE Brake Colloquium & Exhibition

Industry professionals seeking deeper engagement with brake-by-wire technology, fail-operational system design, and emerging braking innovations should mark their calendars for the 44th Annual SAE Brake Colloquium & Exhibition in Palm Springs, California, in September 2026.

For more than four decades, the SAE Brake Colloquium has served as the premier gathering for brake engineers, standards developers, and solution providers from OEMs and Tier I and II suppliers. The dual-track technical program covers the entirety of brake componentry with focus on ADAS, autonomous vehicle safety systems, and braking technologies for both internal combustion and electric propulsion vehicles.

Topics addressed at the annual event include friction materials innovation, brake mechatronics and controls, NVH performance, regenerative braking integration, Euro 7 standards compliance, and wheel bearing developments. Visit sae.org/events/brake for registration information and call-for-papers deadlines.

Subscribe Today!

Sign up for our weekly eNewsletter and get a free copy of our quarterly digital magazine.

Yes, sign me up!
The BRAKE Report Magazine
The BRAKE Report
The BRAKE Report

The BRAKE Report is an online media platform dedicated to the automotive and commercial vehicle brake segments. Our mission is to provide the global brake community with the latest news & headlines from around the industry.

Related Posts