汽车供应链的功能安全挑战
汽车供应链的功能安全挑战
由Lisa Clark,功能安全经理,Allegro Microsystems,LL亚博棋牌游戏C
and Scott Milne, Product Line Director – Linear and Angle Sensor ICs, Allegro MicroSystems, LLC
汽车中的电子内容在过去几十年中稳步增长,并没有表现出尽可能减缓的迹象,因为许多高科技公司和OEM对全身自治车辆的发展。虽然自主权范围因而不断变化,但绝大多数目前可用的车辆都包含具有一定程度的自主权的系统,例如电子稳定控制(ESC)或车道定心。这些旨在帮助驾驶员的电子系统越来越多地为驾驶员做出决策,并且通常从决策过程中完全删除驾驶员。这些系统通常增加了驾驶员和乘客安全性,但如果它们发生故障或具有设计虚弱,可能会造成伤害。
As a result, they pose new development challenges to the entire汽车supply chain. In 2011, the International Standards Organization (ISO) published a functional safety standard called ISO 26262, outlining industry best practices for safety-related automotive system development. While the adoption of the standard is voluntary, most OEMs worldwide are requiring compliance from their suppliers. Suppliers that delay the adoption of this standard for themselves are likely to experience erosion in their future business opportunities.
The ISO 26262 standard contains requirements for both the development process and for the design of safety-related electronic systems in road vehicles. These requirements are based on a hazard and risk assessment of the system itself. The scope of the standard is limited to malfunctioning electrical or electronic systems. As a result, compliant systems must be able to identify their malfunctions and mitigate their effects such that passenger safety is preserved. For this reason, safety architectures now rely heavily on diagnostics and redundancy to detect malfunctioning system components and to transition the system to a safe state. In general, this requirement reaches IC component suppliers by requiring more content integrated into existing solutions and the capability of running diagnostics and communicating their status.
使用传感器IC作为简单开关来实现系统。如果传感器输出处于正确状态,系统必须能够诊断,因为它是安全相关功能。根据系统的要求和风险,这可以通过多种方式完成。例如,可以将复杂的诊断电路和通信协议添加到传感器IC本身。或者,可以在系统级别添加冗余传感器 - 没有增强的功能或能力在每个单个IC中传送诊断。冗余传感器输出的比较充当诊断协议的类型,因为在安全的操作条件下,两个传感器的输出应该始终匹配预定义的错误窗口。这两种巨大不同的方法都符合系统要求,但对右硬件(传感器组件)的成本和可用性具有非常不同的影响。汽车市场的组件供应商现在正在努力了解和跟上这些安全相关系统的不断变化的要求和权衡,并提供易于客户整合的解决方案。
Since the introduction of the ISO 26262 standard, the concept of what is considered “safe” has also evolved. In earlier architectures the loss of a system, for example a power steering system, was considered by many as a safe but nuisance occurrence. Categorizing system unavailability as “safe” had direct implications on the system architecture. The architecture would be required to identify any malfunctions that were considered unsafe and mitigate them, but those malfunctions that led to the loss of the power steering system did not require mitigation. This resulted in the need for only certain malfunctions to be identified and not others, thereby limiting the additional functionality required for safety, including on-chip diagnostics in IC components.
由于行业意识到动力转向的突然损失可能导致较小的成年人,缺乏经验的司机或老年人的事故,因此被视为安全的感觉。当安全相关的系统失败时,汽车制造商现在要求他们继续运行到某种程度上。这种“失败运行”或“容错”要求对支持它所需的架构有直接影响。根据故障后性能是否可以从名义性能下降,系统必须包括各种级别的冗余。“容错”系统代表下一代安全相关系统,本主题将在ISO 26262标准的第二版中解决。
失败操作系统最直接的结果是在架构中使用冗余系统函数,如果主系统中发生故障,则允许转换到备份系统。作为响应,IC组件供应商开始在单个包装中提供双倍和三重模具,以支持冗余的需求而不占据更多物理空间。提供多芯片解决方案是某些IC供应商如何开发新技术,以满足安全相关系统的特定需求的一个示例。
虽然系统提供商和组件供应商之间存在自定义开发,但许多系统集成商使用已从特定系统上下文中开发的商业现成(COTS)组件。组件供应商的这些不断发展的系统要求越了解,通过定义具有正确特征的灵活产品线,它们能够支持它们的效果越好,易于集成,并将值添加到整个系统。找到添加到产品的合适灵活性可能会具有挑战性。太多的灵活性意味着可能存在未使用的功能,但具有成本;没有足够的灵活性意味着所需的功能必须通过其他组件来包含成本。通常,功能安全已经删除了组件和系统之间的定义边界;所有系统组件必须一起工作,以满足整体系统要求。了解系统组件之间所需功能的最佳功能可以被视为一个艺术,供应商正在尽最大努力理解和适应。在减少占地面积中,功能增加的趋势是领先的一些IC供应商,将两个完全不同的功能集成到一个组件中,从而为客户提供更全面的解决方案。
展望未来,t的第二版的范围he ISO 26262 standard will be extended to include trucks, buses, and motorcycles, and the suppliers to those markets will also be drawn into the domain of functional safety. As the industry approaches the realization of autonomous vehicles, the suppliers of safety-related systems must develop systems that are at least as capable of driving as a human. These systems will rely on myriad sensing elements that interpret the surroundings. Development of these systems must not only focus on malfunctioning electronics—these systems must also be designed with enough acuity to respond safely in all driving situations. A new committee has been established within the ISO organization to address this topic (Safety of the Intended Function, or SOTIF) specifically and will have implications on the accuracy required from systems and their components.
亚博棋牌游戏Allegro MicroSystems作为霍尔效应传感器IC的市场领导者,通过与ISO 26262技术委员会参与其中,并通过遵守第二版将引入的更改。Allegro了解,安全提高了清晰沟通的关键性,并与客户密切合作,了解并适应他们不断变化的需求。Allegro与战略客户的合作伙伴关系有助于有关各种汽车系统的未来安全需求的信息共享。通过此合作,开发了正确类型的组件,以跟上与安全相关系统的不断变化的要求。
角度传感器IC是若干Allegro Microsystems产品组合之一亚博棋牌游戏,专为安全关键应用而设计。亚博尊贵会员除了设计成这些设备的高级诊断外,还有几个额外的功能使这些部件在市场上脱颖而出。
Allegro angle sensor ICs use a technology called Circular Vertical Hall (CVH), which provides a single channel output that responds to the phase of the detected magnetic signal, and is immune to variations in the magnitude of that magnetic signal.
这提供了几个优点:
- Variations in the distance between the magnet and the IC (as a result of mechanical variation) have minimal impact on angle accuracy. Second generation ICs like theAllegro的A1335还包括片上磁场缩放功能,进一步降低了磁场强度变化的影响。
- 可以使用大磁场(最多1500g),最小化由于附近电动机,螺线管或高电流迹线而可能存在的小杂散磁场的影响。
- CVH技术可以实现低延迟(只要10μs)和高刷新率(尽快为2μs),这是高速电机位置检测的理想选择。
The CVH ring is integrated with on-chip EEPROM and back-end digital signal processing that calculates and outputs the angle in a digital word, thereby minimizing system requirements on the ECU (i.e. doesn’t require high accuracy ADC resources) and increasing noise immunity by processing all sensitive analog signals on-chip rather than being transmitted on the PCB or wire harness.
Second generation ICs like the A1335 also support multiple digital output protocols to meet the needs of various system designers. For applications like motor control that require very high data rates, these devices support a high-speed Serial Peripheral Interface (SPI) protocol with up to 10 MHz clock rates. For lower speed applications, these devices also support single wire PWM and SENT interfaces to help minimize wire harness cost and weight.
Allegro提供角度传感器IC.专为轴端和侧轴磁性配置而设计。支撑侧轴磁性配置的能力可以大大简化系统的机械设计,因为轴的端部并不总是易于访问。由于切向与径向磁场的幅亚博尊贵会员度大的大不匹配,侧轴应用对大多数角度传感器具有挑战。
Allegro的A1335包括片上谐波线性化和分段线性化,以校准由于这种不匹配而导致的错误,取决于线性化方案中使用的谐波或段的数量,可实现高精度(小于1°)。
In addition to providing advanced diagnostics like Logic Built-In Self-Test (L-BIST), Allegro’s angle sensor ICs are typically offered in both single and dual die configurations. The redundancy provided in the dual die configurations helps designers meet stringent functional safety requirements without sacrificing system availability due to potentially mismatched angle measurements from sensors using different technologies. These devices are packaged in low-profile (1 mm thick) surface-mount TSSOP packages for ease of assembly and increased reliability.
The requirements for汽车safety-related systems将继续发展和扩展。这些系统的供应商必须积极意识到新趋势,并且必须拥有公司基础设施,使他们能够相应地流畅调整其产品线。积极投资新技术或产品创新,以更好地服务于汽车安全市场,将成为各级供应商的市场份额广泛影响的战略活动。戴上安全带,供应商 - 它将是狂野的骑行。
最初在中国的电子工程和产品世界发表,2016年10月。转载许可。