Buno Filter

Drive your way

Power inverter safety system concept for ISO 26262

5 min read

A single of the indeniable facts about the automotive sector is that the overall digital program content in motor vehicles is escalating.

As motor vehicles grow to be far more complex and contain capabilities that sense, assume and act for the driver, the variety of digital content improvements. In specific, there will be enormous advancement in hybrid electric auto and electric auto content, as properly as for automated drive functions.

Even so, a important difficulty that requirements to be resolved is that the current business enterprise model for electric motor vehicles is not lucrative extended expression for OEMs. The ordinary estimated value for base electric motor vehicles is however a major concern.

OEMs will be looking to close this gap by bringing far more style and design again in-house, or by bypassing Tier one suppliers to talk immediately to IC suppliers. The disrupter in this article will be to combine embedded digital architectures by combining ECUs and clustering functions in a new way.

This is why NXP is doing work carefully with partners throughout the sector to speed up how these constraints are satisfied. A single way is by producing reference layouts that blend our program know-how with our basic safety abilities. This means that reference layouts contain important basic safety program aspects from the outset.

To develop basic safety ideas for program reference layouts, NXP has to be capable to outline the basic safety targets, notion and functions for the intended item to be capable to determine the ideal program implementation into our program style and design.

We do this by adhering to the ISO 26262 advancement process. This gives tips for each individual action alongside the advancement process for basic safety program items with a V cycle project administration resource.

The V cycle teams each individual action as a Section and specific operate items are envisioned at each individual amount. IC suppliers like NXP can foresee and develop program ECUs just like a Tier one provider does. By undertaking this, we can velocity advancement time and supply normal deliverables that are of reward all through the advancement chain.

The purpose is not necessarily to supply a remedy with the identical amount of maturity that a Tier one could supply, relatively to speed up the advancement of the operate items for the Tier one.

Let us think about as an case in point, how to develop a basic safety notion for a electricity inverter module as a SEooC for an EV application. As an IC provider, we would operate via areas three, 4, 5, six and 7 of the V cycle and supply the operate items associated to each individual aspect. We get started by defining the item within the goal program – i.e. what are the prospective dangers and basic safety targets that we want to apply to our reference style and design?

Figure one: HV Inverter for EVs

As determine one displays, the electricity inverter is the main traction program of an electric auto. It controls the electricity conversion amongst the electric electricity supply and the mechanical shaft of the electric motor, based mostly on the torque request from the Car Regulate Device (VCU).

The VCU interprets the driver requirements into acceleration or deceleration of the electric motor. The inverter interprets the torque request into phase currents heading into the traction motor.

In a battery electric auto, this connection is normally made with a uncomplicated gearbox without having a clutch. This is our 1st assumption. It is essential to be specific in this article, given that the basic safety case would be distinct if the auto has a clutch.
In our case, if a hazard should come about, it is unachievable for the driver or the electrical program to end the traction of the auto by simply opening the connection amongst the electric motor and the wheels of the motor vehicle.

We also need to have to determine feasible sources of EE malfunction – no matter if owing to driving or non-driving situations. These dangers are then ranked by chance amount according to the ASIL stages laid out in ISO 26262. As shown in determine two, in this case a basic safety purpose could be to stay clear of unintended acceleration if the auto is stopped.

Figure two: Illustrations of dangers and basic safety targets for an EV HV inverter

These basic safety targets guide to a useful basic safety architecture with useful needs (FR) and useful basic safety needs (FSR) with associated ASIL stages and FTTI such as:

FR1 The Inverter shall review the request from VCU, then command the adhering to functions appropriately: traction, brake and battery regeneration. ASIL D FTTI
200 ms
FSR1 The inverter shall verify the torque request from the VCU and inform in case of unexpected benefit. ASIL D FTTI
200 ms


Figure three: Practical basic safety architecture

Now that we have the useful basic safety architecture, determine three, we need to have to display that the program architecture will be capable to fulfil the basic safety needs and style and design constraints.

To do this, we derived a specialized basic safety notion from the useful basic safety notion. This brings together the components and software sub-component functions that will be employed to achieve the intended item and program performance.

A basic safety investigation is then operate to verify that all feasible program failures have been determined and that the appropriate basic safety mechanisms are in place. This may well end result in new basic safety needs getting allocated to the basic safety architecture.

By undertaking this, the specialized definition can supply the vital evidence that the appropriate reactions have been determined and that a secure state can be accomplished in considerably less time than FTTI: as a result that there is no violation of the basic safety targets of the item.

In our case in point, secure state is intricate since of the large amount of money of electricity flowing into the electric motor. A secure state in this article means stopping the propulsion of the auto, by opening or shorting the three phases of the motor based on the velocity of the motor.

As we development via the V cycle, the operate items are developed to ensure the basic safety considerations a client may well have are fulfilled. A components style and design is protected by the process in the identical way the basic safety notion cuts down the advancement and prototyping phase for consumers by three to 6 months.

In the NXP reference style and design, the entire basic safety architecture is built out using NXP ICs and diagnostics and response to secure state are tested. The reference style and design assists to velocity advancement and gives a amount of specialized basic safety architecture, alongside with evidence of the basic safety integrity amount as aspect of the overall bundle.

Obtain out far more about the electricity inverter reference style and design in this article.

Copyright © All rights reserved. | Newsphere by AF themes.