功能安全实施案例(Volvo).pdf

发布时间：2022-06-14 发布人：admin 分类：说明书资料大小：2.05M 资料格式：pdf 举报版权申诉

6104cc70-2c7c-44d3-b523-fabe104f132b.pdf-第1页.png

第1页 / 共80页

6104cc70-2c7c-44d3-b523-fabe104f132b.pdf-第2页.png

第2页 / 共80页

6104cc70-2c7c-44d3-b523-fabe104f132b.pdf-第3页.png

第3页 / 共80页

6104cc70-2c7c-44d3-b523-fabe104f132b.pdf-第4页.png

第4页 / 共80页

6104cc70-2c7c-44d3-b523-fabe104f132b.pdf-第5页.png

第5页 / 共80页

6104cc70-2c7c-44d3-b523-fabe104f132b.pdf-第6页.png

第6页 / 共80页

6104cc70-2c7c-44d3-b523-fabe104f132b.pdf-第7页.png

第7页 / 共80页

6104cc70-2c7c-44d3-b523-fabe104f132b.pdf-第8页.png

第8页 / 共80页

Introduction

Context

Aim

Problem description

Method

Scope

Organization of the thesis

The ISO 26262 standard

Work flow

Item definition

Hazard analysis and risk assessment

Functional safety concept

Technical safety concept and requirements

Hardware development

Hardware evaluation

Hardware architecture metrics

Random hardware failure metric

Volvo Engine Brake

Exhaust Brake

Volvo Compression Brake

A concept for compliance with ISO 26262

Item definition

Hazard analysis

Functional safety concept

Technical safety concept

Subsystem interface

Microcontroller

Subsystem inputs

Subsystem outputs

Power supply and reference voltages

Concept statement

Prototype design and verification

Microcontroller

Prototype hardware

Prototype software

Prototype verification

High-side MOSFET safety mechanisms

Discussion

The next revision of the standard

The prototype

Diagnostic coverage

Ethical aspects

Conclusions

Acronyms

Bibliography

Appendix FMEDA

Appendix Fault injection circuit

Safety mechanisms for random ECU hardware failures in compliance with ISO 26262 Master of Science Thesis in Embedded Electronic System Design DAVID JOHANSSON PHILIP KARLSSON Department of Computer Science and Engineering Chalmers University of Technology Gothenburg, Sweden June 2015

The Author grants to Chalmers University of Technology and University of Gothenburg the non-exclusive right to publish the Work electronically and in a non-commercial pur- pose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other mate- rial that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Safety mechanisms for random ECU hardware failures in compliance with ISO 26262 DAVID JOHANSSON, PHILIP KARLSSON, c DAVID JOHANSSON, June 2015. c PHILIP KARLSSON, June 2015. Examiner: PER LARSSON-EDEFORS Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering SE-412 96 G¨oteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering G¨oteborg, Sweden June 2015

Abstract The increasing complexity of today’s automotive electronic systems makes it chal- lenging for manufacturers to ensure a high safety level in their vehicles. As a response, the ISO 26262 functional safety standard will be introduced for heavy-duty vehicles in 2018. Therefore, the hardware and software solutions developed by Volvo Group Trucks Technology will need to be adapted to comply with this standard. In addition to an analysis of ISO 26262, this thesis provides a case study of how the Volvo Engine Brake (VEB) can be adapted to comply with the standard. The analysis is focused on the electronic hardware of the engine control unit, and examines various safety mechanisms to improve the current system. The hazard of unwanted activation of the engine brake function is estimated to have ASIL C - the second most critical safety level. To comply with the requirements of ASIL C, the peripheral circuits of the engine brake should include both low and high-side MOSFET switches. Although a hardware-based diagnosis solution for actuator failures is presented, the study shows that a software-based safety mechanism is suﬃcient, which reduces the amount of extra hardware required. Additionally, if the inputs to the engine brake application are consid- ered to be safety critical in a full evaluation, redundant sensors are required to meet the targets for ASIL C. A number of the solutions proposed in the concept for compliance with the standard are implemented and veriﬁed through a prototype.

Acknowledgements We would like to express our sincere gratitude to Agne Holmqvist and Julianus Larson who have been our supervisors at Volvo Group Trucks Technology. They have assisted us throughout the thesis work and provided us with valuable feedback. Also, we would like to thank Erik Svang˚ard and his group for giving us the opportunity to perform our thesis work at their department. Finally, we would also like to thank Lena Peterson, our supervisor at Chalmers, who has helped us with questions of academic nature. David Johansson, Philip Karlsson, G¨oteborg, 3 June 2015. ii

iii

Contents 1 Introduction 1.1 Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Aim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Problem description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4 Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.5 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.6 Organization of the thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 2 2 4 4 5 2 The ISO 26262 standard 6 6 2.1 Work ﬂow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 Item deﬁnition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3 Hazard analysis and risk assessment . . . . . . . . . . . . . . . . . . . . . 2.4 Functional safety concept . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.5 Technical safety concept and requirements . . . . . . . . . . . . . . . . . . 12 2.6 Hardware development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.6.1 Hardware evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.6.2 Hardware architecture metrics . . . . . . . . . . . . . . . . . . . . 18 2.6.3 Random hardware failure metric . . . . . . . . . . . . . . . . . . . 19 3 Volvo Engine Brake 21 3.1 Exhaust Brake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.2 Volvo Compression Brake . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4 A concept for compliance with ISO 26262 25 4.1 Item deﬁnition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.2 Hazard analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 4.3 Functional safety concept . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.4 Technical safety concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.4.1 Subsystem interface . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.4.2 Microcontroller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 iv

分享到：

赞收藏

资料库

功能安全实施案例(Volvo).pdf

相关推荐

开发技术

热门标签

最新资料