ISO 26262-Compliant VCU Software Development for an Electric Vehicle OEM

About the Customer:

Our customer is an electric vehicle OEM offering a range of commercial EVs for multiple use cases.

Business Challenges:

Embedding safety into the software threw major challenges in the project. Most important one was segregating safety-critical functions within the Vehicle Control Unit (VCU) to ensure ISO 26262 compliance.

For example, torque control had to be isolated from non-critical functions like climate control to prevent unintended acceleration due to software faults.

Key Challenges:

Embitel’s Solution:

Our Functional Safety team managed the complete safety lifecycle for development of safety-critical VCU applications. Our approach combined safety-driven software architecture, model-based development (MBD), safety analysis (FMEA, DFA etc.), and real-time fault handling.

1. Segregating Safety-Critical and General VCU Functions

We followed the approach of isolating the safety-critical modules from non-safety functions. This ensured that torque control, braking, and failure handling operated independently of other vehicle functions. Redundant safety checks were also implemented for enhanced reliability.

2. Developing Safety-critical Software Units

Embitel designed and validated VCU modules to meet ISO 26262 compliance requirements.

• Driver Request Processing – Captures accelerator pedal input and ensures validated torque requests.
• Torque Control & Safety Validation – Monitors torque requests and applies safe limits to prevent excessive acceleration.
• Brake Control & Pressure Monitoring – Reads brake sensor inputs, activates the pressure pump, and ensures consistent braking performance.
• Gear Position & Direction Management – Prevents unsafe gear shifts and ensures controlled transitions between drive modes.
• Failure Mode Handling (Limp & Degradation Mode) – Enables safe fallback modes in case of faults, allowing controlled vehicle operation.
• Diagnostics & System Monitoring – Continuously monitors ECU communication and detects potential failures.
3. Safety Analysis (FMEA, DFA etc.)

To ensure ISO 26262 compliance, Embitel conducted safety assessments, identifying potential failure points and implementing mitigation strategies:

• Failure Mode and Effects Analysis (FMEA) – Assessed potential failure points in the VCU software and their impact on vehicle operation.
• Dependent Failure Analysis (DFA) – Evaluated failure propagation risks between interconnected safety-critical systems (e.g., VCU, ABS, MCU).
• Development Interface Agreement (DIA) – Ensured clear safety responsibility between Embitel and the customer’s teams.
• Identified safety gaps, including missing RAM error correction (ECC) and stack overflow/underflow testing, which were flagged for future improvements.

The VCU had to work seamlessly with ABS ECU and battery management system. We ensured error-free data exchange and implemented redundancy checks to prevent miscommunication risks.

We leveraged MATLAB, Simulink, and Stateflow for rapid development and automated safety validation. Our approach followed ISO 26262 guidelines, ensuring that all safety-critical functions met ASIL-B compliance.

Embitel’s Impact

Embitel’s FuSa expertise ensured ISO 26262 compliance and enhanced VCU software reliability for multiple functions like torque control, braking, failure handling, and diagnostics.

Key Outcomes:

• 6 safety-critical software modules developed, ensuring fail-safe torque, braking, and diagnostics.
• 2 major safety gaps identified (missing RAM ECC, stack overflow testing) and resolved.
• Reduction in validation effort by approx. 50% using Model-Based Development (MBD).

Tools and Techniques:

MATLAB/SIMULINK: Used for model-based design