Hello, this is Hermes Solution. Today, we will discuss functional safety in automotive electronic systems. ISO 26262 is an international standard for ensuring the functional safety of electrical and electronic systems in vehicles. One of the critical components of this standard is the development of the Functional Safety Concept (FSC). The FSC defines and allocates specific safety requirements to achieve the safety goals derived from the Hazard Analysis and Risk Assessment (HARA).
What is the Functional Safety Concept (FSC)?
The Functional Safety Concept (FSC) specifies and allocates the necessary functional safety requirements at the vehicle architecture level to achieve safety goals. This includes methods to prevent, detect, and control system errors according to the ISO 26262 standard. The FSC is determined by the following criteria:
What strategies will be used to prevent vehicle defects as much as possible?
How will defects be detected and responded to if they occur?
What warnings and messages will be provided to the driver to recognize and safely deal with defects?
FSC Development Process
Deriving Functional Safety Requirements: Specific functional safety requirements (FSR) are derived from the safety goals resulting from HARA according to the ISO 26262 standard. For example, actions like transitioning the system to a safe state or displaying warnings to the driver in case of an error.
Designing the Functional Safety Architecture: The derived requirements are allocated and implemented in various vehicle components and systems according to the ISO 26262 standard. Technical and operational mechanisms are designed to meet the defined safety requirements and effectively detect and respond to errors.
Verification and Review: The appropriateness of the FSC is verified through safety analyses such as FMEA (Failure Modes and Effects Analysis) and FTA (Fault Tree Analysis) according to the ISO 26262 standard. The completeness and effectiveness of the FSC are confirmed through independent reviews.
Key Components of the FSC
The FSC comprises various components that interact to ensure system safety. The main components include:
Safety Mechanisms: Technical mechanisms to prevent or mitigate functional failures of the system, such as redundancy design and error detection and recovery algorithms.
Diagnostic Functions: Functions that continuously monitor the system’s status and detect faults early to respond promptly. This includes sensors and monitoring software.
Safe States: States designed to transition the system to a safe condition in case of a fault, such as safely stopping the vehicle in case of brake system failure.
Driver Warnings: Alerts to inform the driver of abnormal conditions so they can take immediate action, such as dashboard warning lights and alarm sounds.
Functional Safety Architecture: The architectural design to meet the overall system safety requirements, defining interactions between hardware and software components.
E-Gas 3-Level Monitoring Concept
The E-Gas 3-Level Monitoring Concept implements three levels of monitoring to ensure the safety and reliability of the electronic throttle system in vehicles. This concept detects and appropriately responds to various fault conditions, ensuring the system always operates safely. The importance of each monitoring level is explained below:
Level 1: Sensor Signal Monitoring
Dual Sensor Usage: Two independent sensors detect the accelerator pedal position. The signals from both sensors are compared for consistency.
Signal Comparison: Real-time comparison of outputs from both sensors to detect inconsistencies.
Warning System: The system generates a warning and alerts the driver if the signal difference exceeds the allowable range.
Level 2: System Diagnostics and Validation
System Diagnostics: Monitoring the overall system status and inspecting the operation of components such as the ECU and throttle valve actuator.
Self-Tests: Periodic self-tests to confirm normal operation.
Signal Validity Check: The ECU validates the received accelerator pedal signals, detecting physically impossible values.
Level 3: Safe State Management and Response
Transition to Safe State: The system transitions to a safe state immediately upon fault detection, such as fixing the throttle valve in a safe position or limiting engine output.
Warning Provision: Alerts the driver through dashboard warning lights and alarm sounds to inform them of abnormal conditions.
Fail-Safe Mode: Implements fail-safe mode to maintain minimal safety functions even during faults.
Importance of E-Gas 3-Level Monitoring
The E-Gas 3-Level Monitoring Concept plays a critical role in ensuring the safe and reliable operation of the electronic throttle system in vehicles, providing the following advantages:
Safety Assurance: Maximizes system safety by early detection and response to various fault conditions.
Increased Reliability: Enhances system reliability through continuous monitoring and prevents unexpected failures.
Compliance with Regulations: Meets legal requirements by complying with international safety standards such as ISO 26262.
Increased User Trust: Enhances system transparency and increases user trust by providing real-time alerts to the driver.
The E-Gas 3-Level Monitoring Concept ensures the functional safety of vehicles, allowing drivers to operate their vehicles with confidence. It guarantees the electronic throttle system always performs at its best.
Importance of the FSC
The FSC is an essential procedure to ensure the functional safety of vehicle systems. It builds safety mechanisms from the early design stages of the system, ensuring safe operation even in unexpected situations.
Example of FSC
1.Safety Goals:
Prevention of excessive acceleration
2.Derivation of Functional Safety Requirements:
Derivation of functional safety requirements: (Defining specific requirements to achieve the safety goals)
3.Functional Safety Concept Design:
Design of Safety Mechanisms: (Design solutions to meet the functional safety requirements)
Diagnostic Functions: (System status monitoring and fault detection capabilities)
Safety State Management: (Measures to transition the system to a safe state in case of a fault)
Driver Warning: (Providing warnings to the driver in case of faults or abnormal situations)
For more information on functional safety, refer to the full text of the ISO 26262 standard or consult with experts like Hermes Solution. We will continue to bring you more valuable information.
