The serious challenge facing today's automotive electronics engineers is to build low-cost, fail-silent automotive systems that work even in the event of a fault. Brake, steering, and other vehicle stability control functions are mission-critical features that place extreme demands on safety. Even if electronic chassis control technology is increasingly favored by the general public, it cannot easily meet these challenges.
This article refers to the address: http://
Electronic chassis management technology is extremely attractive for major automotive system functions, but for a variety of reasons, the technology is still difficult to achieve, and there are many challenges in terms of safety and reliability. To address the current security challenges, the International Electrotechnical Commission (IEC) has defined standards for the functional safety of electrical/electronic/programmable electronic safety-related systems. Currently, IEC 61508 is considered the most advanced standard in the development of safety-critical systems. Although the standard has not yet been fully enforced in the form of law, it is hoped that automotive system designers will be able to meet this practical technical standard. Automotive system designers must consider the requirements of the entire signal chain, from input sensors to digital processing and transmissions, when building application functional safety.
IEC 61508 defines “hazard†and “risk analysis†as part of the system design and defines the “functional safety†of the Electronic Control Unit as “part of the overall safety†– depending on whether the system or equipment can Its input responds correctly." As shown in Figure 1. Each security function of the system is evaluated based on “requirements†(what is required for the function) and “integrity†(the possibility to successfully perform the function). In addition, the standard further divides the probability of dangerous failures of safety functions in high-intensity or continuous operation modes into four different Safety Integrity Levels (SILs). Each level covers a range of acceptable failure rates, known as Mean Time Between Failure (MTTF), and SIL4 is the most stringent of these. The SIL rating applies to many industries, including the automotive industry, and the definition of each SIL rating applies to the respective industry sector. SIL2 and SIL3 in the Safety Integrity Level are the most common safety levels in non-road applications.
Figure 1 The functional safety of the overall system relies on the device response input for normal operation.
Depending on the safety function and importance, the automotive system can comply with the SIL2 or SIL3 regulations of the IEC 61508 standard. The reliability of the self-test system requires that the “safety failure factor†(SFF) obtained by multi-level statistics reaches 99%. The specific calculation method of the reliability parameter is the ratio of the detected dangerous fault (including non-hazardous fault) to all faults. Diagnostic Coverage (DC) is the ratio of detected dangerous faults to all dangerous faults. In addition, DC should reach 99% for safety-critical automotive systems.
The ability to pass SIL3 certification for automotive systems typically depends on the performance of the electronic control unit (ECU) that initiates and controls the mechanical system. Independent safety assessment agencies such as TUV Rheinland are responsible for ECU evaluation and SIL3 certification for automotive systems. TUV is an international service group that issues safety and quality certificates for products, systems and services.
Mission-critical integrated mechanical systems, such as brakes, are not completely replaced by electronics. However, any advanced mechanical or electronic safety required for SIL3 certification is achieved through the use of redundant systems that facilitate widespread implementation of redundancy.
SIL3 certification for electronic subsystems
Replacing hydraulic or mechanical systems with electronic systems will inevitably benefit OEMs, automakers and consumers. Electronic systems eliminate the belt drive burden of internal combustion engines, helping to reduce cost, weight and fuel consumption.
Automakers can replace the hydraulic brake booster with a mechanical solution and eventually eliminate the hydraulic drive system completely, enabling a fully electronically controlled line control system, as shown in Figure 2. However, this revolutionary transformation requires the implementation of redundant or backup systems (similar to avionics systems) to avoid the risk of complete loss of braking capability at a dangerous time. The excessive steps during the period include the "hybrid brake" mode, that is, the hydraulic backup system can be installed only on one of the vehicle instead of the two axles.
Figure 2 Replacing the hydraulic booster with an electrical solution helps to significantly reduce fuel consumption, cost and noise
A microprocessor (MCU) is a key component in an ECU. It is impossible to achieve SIL3 certification requirements using a traditional automotive MCU. A new chip architecture is required to ensure processing results, data integrity of bus traffic, and data security and reliability in memory while meeting stringent response time requirements.
According to the IEC 61508 standard, the causes of dangerous faults include the following factors:
(1) The software or hardware system specification is incorrect;
(2) The lack of safety requirements specifications;
(3) Random hardware failures;
(4) System cause failure;
(5) Human error;
(6) Environmental impact (EMI, temperature, machinery, etc.).
From a complete system perspective, hazard assessment and safety integrity requirements include the following factors:
Ensures stable power supply and clock signal integrity in the event of voltage drops, glitches, etc.; redundancy or authenticity checks for processing and communication, including signals to and from sensors and actuators; provides fault checking functionality; Provides fault management strategies, including security status and fault protection in fault-tolerant architectures, emergency operating modes, and controllable system shutdowns; enhanced software development processes include the use of formal specifications, programming language subsets, and code verification tools .
Strong support for silicon chips
Developers can take advantage of commercially available microprocessors to provide the technology needed to achieve SIL3 certification standards for ECU brake control functions. One such microprocessor is the TMS570 jointly developed by TI and Robert Bosch GmbH.
In silicon chip design, chip layout itself is a big challenge and should include proprietary intellectual property (IP) to reduce and detect random hardware and system failure causes. In addition, the processing results can be compared with a dual-core processor architecture running in lock-step mode, thereby avoiding a significant amount of time spent developing independent verification microprocessor software. To protect the memory subsystem from failures caused by external events, error correction code (ECC) and parity protection mechanisms should be implemented on main and local memory and bus traffic. To simplify development, developers should also use devices in the MCU that have implemented the FlexRayTM network protocol. This deterministic communication standard developed by leading automotive manufacturers and suppliers provides fully defined redundant communications for advanced automotive systems.
For example, TI's TMS570 MCU is a symmetric dual-core MCU based on two identical next-generation ARM? R4 CortexTM cores. Each Cortex-R4 core delivers up to 300 MIPS, and the TMS570 integrates 2 MB of on-chip flash, FlexRayTM network, BIST, CAN and a variety of peripherals. The dual core is tightly coupled to the patent-pending architecture for maximum reliability.
Advantages of the Cortex-R4
The Cortex-R4's 64-bit AMBA 3 AXI memory interface offers several key performance benefits that enhance reliability, including issuing multiple pending addresses and supporting out-of-order data returns.
Another most significant advantage of the AMBA 3 AXI memory interface is that even if the memory or peripherals are slow, it does not block the bus, which in turn affects access speed. This feature allows the kernel to perform more access without having to wait for slower access completion. In addition, the 64-bit wide bus increases the available bandwidth so that cache line fills can be completed with just four accesses, unlike the ARM946E-S.
Compared to the 946E-S, the Cortex-R4 also significantly improves the interrupt latency, and the worst-case interrupt latency and average interrupt latency are improved. For example, the 946E-S must wait for an instruction or interrupt process to complete, but not to abandon it. In the worst case, it means that even with zero wait state memory, the interrupt latency can be as long as 118 cycles. Although the above situation is unlikely to occur frequently, real-time systems must make the worst plans.
On the other hand, if an interrupt request is received during execution, the Cortex-R4 processor will relinquish the multi-load instruction of normal memory. Designed to withstand the longest interrupt latency of up to 20 cycles, the TMS570 MCU has little or no access to AMBA AXI memory and peripheral access time.
In addition, the Cortex-R4 processor provides a non-maskable interrupt option to avoid software disable fast interrupt request (FIQ), which is especially important for safety-critical applications.
For automakers and OEMs, as vehicles become more complex and integrated, more and more functions are becoming more important. Innovative designs incorporating the Cortex R4 core, such as the TMS570 device, enable fault detection and response times required by the IEC 61508 standard.
Incorporating microprocessor-based system reliability into the SIL3 certification category marks a major step forward for automotive OEMs and automakers in the full implementation of vehicle-driven drive functions.
The TMS570 MCU is a SIL3 certified 32-bit microprocessor family that meets braking requirements. The technology development strategy of the TMS570 MCU covers electronic stability control, chassis control and steering systems.
CNC Turning Parts is widely applicable to home appliances, lightings, model cars, sports equipment, medical apparatus and instruments, etc.
1. Grade: AL6063 ,SUS201,SUS304,SUS316,A2-70,A2-80,A4-80,4.8 6.8 8.8 10.9 12.9
2. Size: customization
3. Standard: DIN 315
4. Certification: ISO9001, SGS, CTI, ROHS
|
Product Name
|
Best stainless steel wing nut anchor bolt for construction fastener
|
|
Material
|
AL6063
|
|
Color
|
nickel white
|
|
Standard
|
DIN GB ISO JIS BA ANSI
|
|
Grade
|
SUS201, SUS304, SUS316, A2-70, A2-80, A4-80, 4.8 6.8 8.8 10.9 12.9
|
|
Brade
|
Rock
|
|
Thread
|
coarse, fine
|
|
Used
|
building industry machinery |
Turning Parts
Turning Parts,Machined Parts,Precision Parts,Precision Machined Parts
Shenzhen Jedver Smart Lighting Co., Ltd. , https://www.jederwell.com