For this simplified case-study, only two hazards were considered:

  •         No braking after command (H1)
  • Wrong value braking (H2)

An omission of braking hazard (H1) occurs when braking is omitted from both the in-wheel motor and the electromechanical brake; a value braking hazard (H2) occurs when either of the two braking devices brakes with an incorrect value. This results in the following failure expressions:

Table 1 - HBS Hazards Annotations
Hazard  Causes 
 H1  Omission of EMB.out1 AND Omission of IWM.out1
 H2  Value deviation of EMB.out1 OR Value deviation of IWM.out1