Functional Safety Challenges to the Automotive Supply Chain
Functional Safety Challenges to the Automotive Supply Chain
由Lisa Clark,功能安全经理,Allegro Microsystems,LL亚博棋牌游戏C
和斯科特米尔恩,产品线导演 - 线性和角度传感器IC,Allegro Microsystems,LLC亚博棋牌游戏
The electronic content in automobiles has increased steadily over the past few decades and shows no signs of slowing as many high-tech firms and OEMs race towards the development of fully autonomous vehicles. While the range of autonomy varies, from no control to full control, the vast majority of currently available vehicles contain systems with some degree of autonomy, such as electronic stability control (ESC) or lane centering. These electronic systems, which are intended to assist the driver, make an increasing number of decisions for the driver and often entirely remove the driver from the decision making process. These systems have generally increased driver and passenger safety, but can cause harm if they malfunction or have a design weakness.
结果,他们对整个人构成了新的发展挑战automotive供应链。2011年,国际标准组织(ISO)公布了一个名为ISO 26262的功能安全标准,概述了与安全相关汽车系统开发的行业最佳实践。虽然采用标准是自愿的,但全球大多数OEM都需要遵守供应商。延迟通过本标准的供应商可能会在未来的商机中经历侵蚀。
ISO 26262标准包含开发过程的要求以及道路车辆中安全相关电子系统的设计。这些要求基于系统本身的危害和风险评估。标准的范围仅限于出现的电气或电子系统。因此,兼容的系统必须能够识别它们的故障并减轻它们的效果,使得乘客安全保存。出于这个原因,安全架构现在依赖诊断和冗余来检测故障系统组件并将系统转换为安全状态。通常,该要求通过将更多内容纳入现有解决方案以及运行诊断和传达其状态的能力来达到IC组件供应商。
Take for example a system using a sensor IC as a simple switch. The system must be able to diagnose if the sensor output is in the correct state, because it is a safety-related function. Depending on the requirements and risk of the system, this can be accomplished in many ways. For example, complex diagnostic circuits and communication protocols could be added to the sensor IC itself. Alternatively, a redundant sensor could be added at the system level—with no enhanced functionality or ability to communicate diagnostics in each single IC. A comparison of the redundant sensor outputs acts as a type of diagnostic protocol since, under safe operating conditions, the outputs of the two sensors should always match within a predefined error window. Both of these vastly different approaches meet system requirements, but have very different implications on both cost and availability of the right hardware (sensor component) to do the job. Component suppliers to the automotive market are now trying to understand and keep pace with the evolving requirements and trade-offs of these safety-related systems, and offer solutions that are easy for their customers to integrate.
自ISO 26262标准引入以来,被认为是“安全”的概念也在演变。在早期架构中,许多人认为系统的丢失(例如动力转向系统)被认为是安全但滋扰的发生。将系统不可用,即“安全”对系统架构有直接影响。该架构需要识别被认为是不安全和减轻它们的任何故障,但导致动力转向系统损失的那些出现的故障都不需要减轻。这导致只需要识别某些故障,而不是其他的故障,从而限制了安全所需的附加功能,包括IC组件中的片上诊断。
什么是安全的感知since shifted as the industry realizes that the sudden loss of power steering can lead to an accident for smaller adults, inexperienced drivers, or the elderly. Automakers are now demanding when safety-related systems fail that they continue to operate to some degree. This “fail operational” or “fault tolerant” requirement has a direct impact on the architecture necessary to support it. The systems must include various levels of redundancy depending on whether the post-failure performance can be degraded from the nominal performance. “Fault tolerant” systems represent the next-generation of safety-related systems, and this topic will be addressed in the 2nd edition of the ISO 26262 standard.
失败操作系统最直接的结果是在架构中使用冗余系统函数,如果主系统中发生故障,则允许转换到备份系统。作为响应,IC组件供应商开始在单个包装中提供双倍和三重模具,以支持冗余的需求而不占据更多物理空间。提供多芯片解决方案是某些IC供应商如何开发新技术,以满足安全相关系统的特定需求的一个示例。
虽然系统提供商和组件供应商之间存在自定义开发,但许多系统集成商使用已从特定系统上下文中开发的商业现成(COTS)组件。组件供应商的这些不断发展的系统要求越了解,通过定义具有正确特征的灵活产品线,它们能够支持它们的效果越好,易于集成,并将值添加到整个系统。找到添加到产品的合适灵活性可能会具有挑战性。太多的灵活性意味着可能存在未使用的功能,但具有成本;没有足够的灵活性意味着所需的功能必须通过其他组件来包含成本。通常,功能安全已经删除了组件和系统之间的定义边界;所有系统组件必须一起工作,以满足整体系统要求。了解系统组件之间所需功能的最佳功能可以被视为一个艺术,供应商正在尽最大努力理解和适应。在减少占地面积中,功能增加的趋势是领先的一些IC供应商,将两个完全不同的功能集成到一个组件中,从而为客户提供更全面的解决方案。
期待,ISO 26262标准的第2版的范围将扩展到包括卡车,公共汽车和摩托车,以及这些市场的供应商也将被吸引到功能安全领域。随着行业的实现自动车辆的实现,安全相关系统的供应商必须开发至少驾驶作为人类的系统。这些系统将依赖于解释周围环境的无数传感元素。这些系统的开发不仅必须关注出故障的电子产品 - 这些系统还必须设计足够的敏锐度,以安全地在所有驾驶情况下响应。在ISO组织中建立了一个新委员会,以解决这一主题(预期函数的安全或SOTIF的安全),并将对系统及其组件所需的准确性产生影响。
Allegro MicroSystems, as the market leader in Hall-effect sensor ICs, has responded to these evolving challenges by becoming involved with the ISO 26262 technical committee, and by staying close to changes which will be introduced in the second edition. Allegro understands that safety has increased the criticality of clear communication and is working closely with customers to understand and adapt to their changing needs. Allegro’s partnerships with strategic customers facilitate information sharing regarding the future safety needs of various automotive systems. It is through this collaboration that the right types of components are developed to keep up with the changing requirements of safety-related systems.
Angle sensor ICs are one of several Allegro MicroSystems product portfolios that are designed for safety-critical applications. In addition to the advanced diagnostics designed into these devices, there are several additional features that make these parts stand out in the marketplace.
Allegro角度传感器IC使用称为圆形垂直霍尔(CVH)的技术,该技术提供了响应检测到的磁信号的相位的单通道输出,并且对该磁信号的幅度的变化免疫。
这提供了几个优点:
- 磁铁和IC之间的距离的变化(由于机械变化的结果)对角度精度影响最小。第二代ICSAllegro’s A1335还包括一个芯片上的磁场扩展乐趣ction, further reducing the impact of any change in magnetic field strength.
- Large magnetic fields (up to 1500 G) can be used, minimizing the impact of small stray magnetic fields that may be present due to nearby motors, solenoids, or high current traces.
- CVH技术可以实现低延迟(只要10μs)和高刷新率(尽快为2μs),这是高速电机位置检测的理想选择。
The CVH ring is integrated with on-chip EEPROM and back-end digital signal processing that calculates and outputs the angle in a digital word, thereby minimizing system requirements on the ECU (i.e. doesn’t require high accuracy ADC resources) and increasing noise immunity by processing all sensitive analog signals on-chip rather than being transmitted on the PCB or wire harness.
第二代ICS,如A1335,也支持多种数字输出协议,以满足各种系统设计人员的需求。对于需要亚博尊贵会员非常高数据速率的电机控制等应用,这些设备支持高达10 MHz时钟速率的高速串行外围接口(SPI)协议。对于较低的速度应用,这些设备还支亚博尊贵会员持单线PWM并发送接口,以帮助最小化线束成本和重量。
Allegro提供角度传感器IC.专为轴端和侧轴磁性配置而设计。支撑侧轴磁性配置的能力可以大大简化系统的机械设计,因为轴的端部并不总是易于访问。由于切向与径向磁场的幅亚博尊贵会员度大的大不匹配,侧轴应用对大多数角度传感器具有挑战。
Allegro的A1335包括片上谐波线性化和分段线性化,以校准由于这种不匹配而导致的错误,取决于线性化方案中使用的谐波或段的数量,可实现高精度(小于1°)。
除了提供像逻辑内置自检(L-BIST)等先进的诊断外,Allegro的角度传感器IC通常在单一和双模配置中提供。双模配置中提供的冗余有助于设计人员满足严格的功能安全要求,而不会牺牲系统可用性,这是由于使用不同技术的传感器的潜在不匹配的角度测量而导致的系统可用性。这些器件包装在低型材(1毫米厚的)表面安装TSSOP封装中,以便于组装和增加的可靠性。
要求的要求汽车安全相关系统将继续发展和扩展。这些系统的供应商必须积极意识到新趋势,并且必须拥有公司基础设施,使他们能够相应地流畅调整其产品线。积极投资新技术或产品创新,以更好地服务于汽车安全市场,将成为各级供应商的市场份额广泛影响的战略活动。戴上安全带,供应商 - 它将是狂野的骑行。
Originally published in Electronic Engineering & Product World in China, October 2016. Reprinted with permission.