Scribd
Upload
109 views34 pages

BMS Functions and ISO 26262 Standard

Uploaded by

rajaram.vignesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
109 views34 pages

BMS Functions and ISO 26262 Standard

Uploaded by

rajaram.vignesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

ISO 26262 Functional

Safety Compliant BMS


HKPC TechDive: Smart City – EV Technology
27 May 2020

Yiu Chi Wai


Consultant, Smart Electronics
Hong Kong Productivity Council 1
TechDive
27-5-2020
Battery Management System (BMS)
Main Features
• Cell Voltage Monitor 檢測單體電芯電壓
• Pre-charge Control 預充電控制
• SOC Calculation SOC演算
• SOH Estimation SOH估算
• SOP calculation 電池功率計算
• Charge Control 充電控制
• Discharge Control 放電控制
• Cell Balancing 電池單體均衡
• Thermal Management 熱管理
• Self Diagnostic 系統自我診斷

2
TechDive
27-5-2020
What is Functional Safety?
Absence of unreasonable risk due to hazards caused by malfunctioning
behavior of E/E safety-related systems.

Scope of ISO 26262 for Automotive


1st Edition 2011 2nd Edition 2018
Electrical / electronic (E/E) systems Unchanged
Does not address electric shock, fire, Unchanged
radiation, toxicity, reactivity,
corrosion, explosion, etc.
Mass produced vehicle mass up to Include motorcycles & commercial
3,500 kg vehicles
Exclude special purpose vehicles Exclude non-road going vehicles
3
China Counterpart: GB/T 34590-2017《道路车辆 功能安全》 TechDive
27-5-2020
Why ISO 26262?
Potential Legal Consequences
• ISO 26262 describes the SOTA in relation to functional safety during
the lifecycle of safety-related systems comprised of E/E and
software elements in vehicles that provide safety related functions.
• It is difficult to show evidence of compliance to SOTA without
complying to ISO 26262, e.g. Toyota unintended acceleration 2013.

OEM Requirement
• All major European car makers;
• China Jeely, BAIC, SAIC, Great Wall, Nio, etc.

Self Improvement
• Minimise systematic failures;
• Improve reliability & robustness;
• Boost customer confidence.
4
TechDive
27-5-2020
Functional Safety In Various Industries

Medical
IEC 62304
Machinery
ISO 25119 Industrial
IEC 62061 Process
ISO 13849 Generic Safety IEC 61511/3
Standard

IEC 61508

Railway
Automotive
EN 50126/8/9
ISO 26262
Aerospace
5
DO-178 8/C
DO - 254 TechDive
27-5-2020
Automotive Safety Integrity Level (ASIL)
ASIL One of four levels to specify the item's or element's necessary
requirements of ISO 26262 and safety measures to apply for
(Automotive Safety
avoiding an unreasonable residual risk, with D representing the
Integrity Level) most stringent and A the least stringent level.
Limits for observable incident rate Targets for minimum service period of candidate

ASIL Observable incident rate Minimum service period without


ASIL
observable incident
D < 10 -9 /h
-8 D 1.2 x 109 /h
C < 10 /h
-8 C 1.2 x 108 /h
B < 10 /h
-7 B 1.2 x 108 /h
A < 10 /h
A 1.2 x 107 /h

6
TechDive
27-5-2020
Functional Safety Lifecycle - Core

7
TechDive
27-5-2020
Concept Level
Objectives
1) To define and describe the item, its
dependencies on, and interaction with, the
environment and other items;

2) To support an adequate understanding of the


item so that the activities in subsequent phases
can be performed.

The objective of the hazard analysis and risk


assessment (HARA) is to identify and to categorize the
hazards that malfunctions in the item can trigger & to
formulate the safety goals related to the Prevention or
mitigation of the hazardous events, in order to avoid
8
unreasonable risk.
TechDive
27-5-2020
Concept Level
HARA – Hazard Analysis & Risk Assessment
What can happen?

How often?

Can the driver control it?

9
TechDive
27-5-2020
Concept Level
HARA - Initial ASIL determination

10
TechDive
27-5-2020
Concept Level
Safety Goals of BMS (as a result of HARA)

11
TechDive
27-5-2020
Concept Level

Functional Safety Concept


• Fault detection & mitigation;
• Transition to a safe state;
Objectives: • Fault tolerance mechanisms;
• Driver warning; 12

• Arbitration logic from multiple requests.


TechDive
27-5-2020
Concept Level
FSC Example:
Decomposition SG into FSR Safety Architecture

13
TechDive
27-5-2020
System Level
 Safety lifecycle steps for item system engineering
  Technical Safety Requirements (TSR)
 Technical Safety Concept including the System Design
 Steps for Integration and Testing
 Safety Validation and Functional Safety Assessment
Technical Safety Concept (TSC)

14
TechDive
27-5-2020
System Level
Safety Analyses
 Failure Mode and Effects Analysis (FMEA)
 Failure Mode, Effects, and Criticality Analysis (FMECA)

15
TechDive
27-5-2020
Hardware Level
Types of Faults: Hardware Metrics: Failure rate: “λ”
• Safe fault • SPFM - Single-Point Fault Metric
• Multiple-point fault
• LFM - Latent Fault Metric Failure In Time (FIT): 1 FIT = 10-9
• Latent fault
• PMHF - Probabilistic Metric for Hardware Failure failures /h
• Residual fault

16
TechDive
27-5-2020
Hardware Level
Safety lifecycle steps for item system engineering

Technical Safety Requirements (TSR)

Technical Safety Concept including the System Design

Steps for Integration and Testing

Safety Validation and Functional Safety Assessment

17
TechDive
27-5-2020
Hardware Level

Hardware Architecture

18
TechDive
27-5-2020
Hardware Level
Example of Failure Mode Effect Diagnostic Analysis (FMEDA)

19
TechDive
27-5-2020
Hardware Level
Example of Failure Mode Effect Diagnostic Analysis (FMEDA)

Multicore, Lock-step,
ISO 26262 Certified MCU

20
TechDive
27-5-2020
Software Level
SW Related Analyses
Dependent Failure Analysis to demonstrate
– Freedom from interference
Memory (Corrupted content, RW right assignment)
Timing (Loops, RTC, Control flow defect, etc)
Communication (Loss, delay, repetition, masquerade)
– Independence between software components

Divided into
– BSW (Basic Software);
– RTE (Run Time Environment);
– OS (Operating System);
– MCAL (MCU Abstraction Layer);
– ASW (Application Software);

Methods
– Deductive analysis (FTA etc.)
– Inductive analysis (FMEA etc.)

Other standards
– ASPICE, AUTOSAR, MISRA C, MISRA modeling guideline
21
TechDive
27-5-2020
Software Level

22
TechDive
27-5-2020
Software Level
Software Test – Verification & Validation

23
TechDive
27-5-2020
Software Level
Software Unit Test
Methods For SW Unit Test Structural Coverage Metrics at SW Unit Level
ASIL ASIL
Methods Methods
A B C D A B C D
Walk-through ++ + n.a. n.a. Statement coverage ++ ++ + +
Inspection + ++ ++ ++ Branch coverage + ++ ++ ++
Semi-formal verification + + ++ ++ MC/DC + + + ++
Formal verification n.a. n.a. + +
Control flow analysis + + ++ ++
Data flow analysis + + ++ ++
Static code analysis + ++ ++ ++
Semantic code analysis + + + +

24
TechDive
27-5-2020
Software Level
Software Integration Test
Methods For SW Integration Test Deriving Test Cases at SW Integration Level
ASIL ASIL
Methods Methods
A B C D A B C D
Requirements-based test ++ ++ ++ ++ Analysis of requirements ++ ++ ++ ++
Interface test ++ ++ ++ ++ Generation and analysis of
+ ++ ++ ++
Fault injection test + + ++ ++ equivalence classes
Resource usage test + + + ++ Analysis of boundary values + ++ ++ ++
Back-to-back comparison test + + ++ ++ Error guessing + + + +

25
TechDive
27-5-2020
Software Level
Software Tool Qualification
Qualification of software tools classified TCL3
ASIL
Methods
A B C D
Increased confidence from use ++ ++ + +
Evaluation of the tool development process ++ ++ + +
Validation of the software tool + + ++ ++
Development in accordance with a safety standard + + ++ ++
Qualification of software tools classified TCL2
ASIL
Methods
A B C D
Increased confidence from use ++ ++ ++ +
Evaluation of the tool development process ++ ++ ++ +
Validation of the software tool + + + ++ 26

Development in accordance with a safety standard + + + ++ TechDive


27-5-2020
Challenges in Pursuit Of ISO 26262

27
TechDive
27-5-2020
Market Opportunities of
ISO 26262 ASIL C Compliant BMS by APAS

28
TechDive
27-5-2020
Hybrid Energy Storage
System For Electric Vehicles
(Ref.: ITP/025/12AP)
HKPC TechDive: Smart City – EV Technology
27 May 2020
Yiu Chi Wai
Consultant, Smart Electronics
Hong Kong Productivity Council 29
TechDive
27-5-2020
Urban Dynamometer Driving Schedule (UDDS)
Battery Usage
Benefits of ultracapcitor & Li-ion hybrid:
• Elongate battery life;
• Increase instantaneous power – better acceleration

30
TechDive
27-5-2020
APAS HESS System Architecture
Li-ion DC
BMS 350V
AC
M

Buck / Boost
UC DC
96~192V DC

VSC
HESS Control CAN BUS 2

CAN BUS 1
31
TechDive
27-5-2020
HESS Control Strategies

High SOC for startup & Maximum converter


acceleration input current

Maximum UC
Low SOC for terminal voltage
regenerative braking
UC voltage between
Umax and Umin
Ideal strategy should
be adaptive to any
drive cycles UC SOC between
25% and 100%
Key Objectives for
UC Development Must conditions

32
TechDive
27-5-2020
Market Opportunities of APAS HESS System

33
TechDive
27-5-2020
Hong Kong Productivity Council
香港生產力促進局
HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
香港九龍達之路78號生產力大樓
+852 2788 5678 www.hkpc.org

Automotive Platforms and Application Systems (APAS) R&D Centre


汽車科技研發中心

4/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong


香港九龍達之路78號生產力大樓
+852 2788 5333 www.apas.hk

34

TechDive
27-5-2020

You might also like