| The ISO 26262 is a functional safety standard for automotive electrical and electronic systems that evolved from the functional safety standard IEC 61508.Provides a complete set of guidelines for the functional safety design of automotive electronic systems.According to the requirements of ISO 26262,this study systematically analyzes the fuel cell vehicle power system,perform safety concept analysis,control system architecture design,and hardware circuit design for the fuel cell ECU(Electronic Control Unit).A fuel cell ECU system and hardware that meets the ASIL(Automotive safety Integrity Level)C are designed,and a functional safety test and verification scheme is proposed.This paper first analyzes and extracts the main ideas and key concepts of the functional safety standard ISO 26262,and summarizes the work results at different levels.After that,this paper selected the fuel cell engine system as the research object of functional safety.According to the requirements of functional safety item definition,the preliminary system architecture of the fuel cell ECU was designed.The HAZOP(Hazard and Operability Analysis)method was used to identify the abnormal performance of each function,and then the hazard analysis and risk assessment were carried out to obtain the safety goal and functional safety requirements of the fuel cell ECU.At the system development level,this paper allocates the functional safety requirements to the functional modules of the fuel cell ECU.The comprehensive use of abnormal detection,fault protection and hardware redundancy as a safety mechanism completes the detailed system architecture design for safety-related functions.And the FTA(Fault Tree Analysis)method is used to verify the system architecture design of the fuel cell ECU.At the hardware development level,this paper extracts the hardware-related technical safety requirements,and designs the hardware architecture including the safety mechanism,such as MCU(Micro Control Unit)with lockstep dual-core operation,power supply IC with output monitoring function and WDT(Watchdog Timer),and sensor interface with input range detection,injector output control with hardware redundant and status monitoring.After that,the safety mechanism is implemented at the hardware component level,and the detailed design of the electrical schematic diagram and working state is completed.Finally,based on the developed fuel cell ECU,the function test of each functional module and the fault injection test for the safety mechanism are proposed.The test results prove that the fuel cell ECU safety mechanism can effectively monitor various failure modes and migrate to a safe state.The FMEDA(Failure Modes Effects and Diagnostic Analysis)method is used to implement the safety analysis.The bottom-up quantitative analysis of the impact for safety goal is accomplished based on the random failures of the hardware parts.The result is calculate as single point fault metrics,latent fault metrics,and probability of random hardware failure violating safety goal.Proved that the hardware design meets the requirements of the ASIL C level and clarifies the effectiveness of the safety mechanisms used. |
PDF Full Text Request