Do not take any of this as a particular endorsement of a safety system.
Airplanes need 3x redundancy on safety critical components, because they carry a lot of people and are not fail safe when they are in the air. Cars can generally stop safely.
As far as changing architectures - think about safety critical loops and real time computing. Some processes should never be pre-empted.
"Brake-by-wire is used in all common hybrid and electric vehicles produced since 1998 including all Toyota, Ford, and General Motors Electric and hybrid models."
"Three main types of redundancy usually exist in a brake-by-wire system:
Redundant sensors in safety critical components such as the brake pedal.
Redundant copies of some signals that are of particular safety importance such as displacement and force measurements of the brake pedal copied by multiple processors in the pedal interface unit.
Redundant hardware to perform important processing tasks such as multiple processors for the ECU"
"The highest potential risk for brake system failure has proven to be the Brake Control System software. Recurring failures have occurred in over 200 cases documented in NTSB documents. Because each manufacturer guards the confidentiality of their system design and software, there is no independent validation of the systems.
As of 2016 the NTSB has not directly investigated passenger car and light truck brake-by-wire vehicle accidents, and the manufacturers have taken the position that their vehicles are completely safe, and that all reported accidents are the result of "driver error"."
Generally speaking those are not purely brake by wire. The master cylinder is still mechanically connected to the pedal. However, in normal conditions the brake actuation will be performed over wire.
This is a question of semantics, but I don't understand your usage of "purely".
How can it not be "purely" brake by wire, if, when depressing the brake pedal, the friction brakes are not always triggered?
If electronics decide not to apply hydraulic force when everything is going fine, that there must be a potential failure mode where they ignore the pedal inappropriately.
In a brake-by-wire car, if you stomp on the brake pedal with all you've got you end up engaging a cylinder that can directly exert force on the front brakes, even if the electronics are fully dead. (Maybe there are some systems where the brake pedal is truly just a "dimmer switch", but I've not been able to find them).
You probably know this, but in case others are curious: In most fossil-powered cars, you can test the powered braking during start-up by pumping the brake and keeping pressure on it. When you turn on the ignition, the brake will depress further if the system works.
Yeah, brakes that don't function when power is lost would just be too brittle. That'd be unacceptable in any market regulated by one or more working brains.
It's a matter of semantics, but I object to saying a braking system isn't purely brake by wire when electronics alone can cause it to totally fail.
There's a difference between a fail-safe that usually works, and a mechanical connection that's always there.
Electronics can fail in many interesting ways other than simply turning off. And they do! Ever looked at nhtsa.gov?
"Brakes Failed problem of the 2017 Honda Accord Hybrid
Failure Date: 10/31/2018
There have been three instances of total brake failure. Initial instance occured on vehicle startup, a number of errors were given including "aadaptive cruise conrtol problem","collission mitigation system problem","road departure mitigation system problem" and "brake system problem". When I put the car in drive it immediately began moving forward. Car was towed to dealer where Honda blamed the issue on the undercaoting causing components to overheat. This was October 2018 in philadelphia. Replaced brake system and removed undercoat on affected areas. Second instance occured in February 2019 it had stopped raining but road was still wet and had puddles. Driving downtown, at a yellow light brakes completely failed, I ran the light and was able to stop with emergency brake. Car was giving the same set of errors. This time restarting the car made errors go away. Brought to the dealer, they said they did a software update but could not replicate the problem so did nothing else. Third instance was February 2nd, while driving about 30-40 mph, again either after rain had stopped or still had a slight drizzle. This time I saw the errors while driving before I needed to break and recognized the issue. Managed to use emergency brake to pull over. Again restarting the car cleared the issue, I have not brought back to the dealer yet."
We also have an older Civic (2005 FK) plagued with electrical issues regarding steering and VSA. The mechanic said it occured during peak current draw, but I'm a bit skeptical since all the lights went on once in the summer while travelling at highway speeds.
Airplanes need 3x redundancy on safety critical components, because they carry a lot of people and are not fail safe when they are in the air. Cars can generally stop safely.
As far as changing architectures - think about safety critical loops and real time computing. Some processes should never be pre-empted.