What is Automotive Functional Safety
Dec 21, 2022 View: 288
Definition and Purpose of Automotive Functional Safety
With the rapid popularization of automobile intelligence and electrification technology, there are more and more controllers and various electronic components in the car, and all kinds of electronic components have the risk of systemic failure and random hardware failure, so the corresponding automotive functional safety becomes more and more important.
In the automotive electronics industry, the international standard ISO26262 for functional safety and the corresponding national standard GB/T34590 define functional safety as: avoiding unreasonable risks due to the failure of electronic and electrical systems. That is, random hardware failures and systemic failures do not lead to incorrect functioning of the safety system, which could result in death from human injury, or environmental pollution, or damage to equipment property, etc.
In order to better understand the concept of functional safety, we can first distinguish between the concepts of "intrinsic safety" and "functional safety".
In the above diagram, in order to achieve safe passage through the railway track, there are two methods, one is to build a tunnel under the railway track, which can completely achieve safety, that is, "intrinsic safety"; the other method is through the traffic alarm and liftable railing machine, to ensure the safe passage of vehicles and pedestrians, that is, "functional safety ".
From this, we can see that intrinsic safety requires large-scale changes, expensive, and can ensure absolute safety; while functional safety responds to the need for creative transformation (adding signals and automatic railings), the cost is lower, in theory, no matter what the occasion can achieve intrinsic safety. But in fact, in many cases, due to the system itself, especially when it comes to very complex electronic systems, the above-mentioned intrinsic safety is difficult to be realized, so functional safety can only be used.
The purpose of functional safety is to improve the safety level and achieve the safety goal by adding safety mechanisms as much as possible when the intrinsic safety cannot be achieved. The purpose of functional safety is not to completely eliminate risks, but to reduce them to an acceptable range, which is generally determined by the current level of technological development and social moral consensus.
From the perspective of product safety, safety can be divided into traditional safety and E/E functional safety. Such traditional safety issues are not considered within the scope of functional safety.
Functional safety only considers E/E system safety, such as the whole vehicle safety behavior caused by the failure of vehicle architecture, system, software, hardware, etc. It emphasizes how to avoid preventing, detecting, reducing or eliminating risks during the development of automotive products. Therefore the purpose of functional safety is to put the system into a safe and controllable mode after a system failure to avoid harm to people and property.
ISO 26262 is the first ever functional safety standard applicable to high-volume mass-produced products. Compared with the 2011 version, the scope of application of the 2018 version does not have a body weight limit (2011 version requires a body weight greater than 3500kg passenger cars), no passenger cars, motorcycles and trucks, applicable to all cars/electric vehicles in addition to mopeds and special vehicles. All the cars / electric vehicles.
Automotive Functional Safety Risk Level (ISO 26262 Standard Definition ASIL Level Decomposition)
The definition of functional safety level is to assess and quantify the risk brought about by failure to achieve the safety goal, generally referred to as ASIL (Automotive Safety Integration Level - Automotive Safety Integrity Level), ISO 26262 according to the characteristics of the automobile, the system hazard analysis and risk assessment in the product conceptual design phase, to identify the hazards of the system, if the system safety risk The greater the system safety risk, the higher the corresponding level of safety requirements, and the higher the level of ASIL.
ASIL assesses the risk level of hazard events according to Severity, Exposure and Controllability, and is divided into five levels: QM, A, B, C and D. ASIL D is the highest automotive safety integrity level and has the highest functional safety requirements.
According to the above division and the combination of the sum of the five ASIL levels obtained, the principles are.
(1) The combination of C0 with basic controllability and S0 without harm is not considered.
(2) The rest of the combinations are added up equal to 7 as ASIL A, equal to 8 as ASIL B, equal to 9 as ASIL C, equal to 10 as ASIL D.
(3) The rest of the scores safety rated as QM, as long as the standard quality management process (IATF16949) is followed, has nothing to do with functional safety.
ASIL Automotive Safety Integrity Rating Matrix
ASIL levels of functional safety for common automotive components
Automotive Functional Safety Analysis Methods
Functional safety analysis requires analysis of abnormal functional performance, identification of potential hazards and hazard events, quantification of risks (i.e., determination of ASIL levels), and derivation of functional safety goals (Safety Goals) and ASIL levels in the conceptual design phase, which are used as the top-level safety requirements for functional safety development. The initial top-level safety requirements for safety development, also known as HARA (Hazard Analysis and Risk Assessment).
Safety analysis methods:
In the HARA process, as well as from SG to FSG, safety analysis is required, and there are generally two methods: inductive analysis and deductive analysis, of which FMEA (Failuremodeand effects analysis) and FTA (Faulttreeanalysis) are the most representative inductive and deductive It is also the most commonly used safety analysis method for functional safety development.
(1)FEMA
Failuremodeand effects analysis (FEMA) is a bottom-up failure analysis method. The subsystems and components that make up the product are analyzed one by one to identify potential failure modes and analyze their possible consequences so that the necessary safety measures can be taken in advance. A method of obtaining universal patterns from multiple individual things.
(2)FTA
Fault tree analysis (Faulttreeanalysis) is a top-down failure analysis method. Starting from tracing the failure, the situation or event that led to the failure is identified, so that the root event or cause of the failure can be found. A method of obtaining new laws by logical deduction from known laws.
Functional safety measures:
- Technical measures (functional redundancy, detection circuits, software measures, etc.)
- Process and management measures (development process adheres to certain processes)
- Alerting the driver to the presence of risk (warning lights, vibrations, etc.)
After assessing the ASIL level of risk, certain safety measures need to be taken to reduce the risk to an acceptable level.
When this goal is achieved, the system can be said to have the corresponding ASIL functional safety level, which means that the functional safety level corresponds to the level of risk.
Expected functional safety
With the rapid development of autonomous driving, automotive functional safety can no longer fully meet the safety and security needs of autonomous vehicles, and new technical guidance is needed for the safety development and test evaluation of autonomous vehicles. In this background anticipatory functional safety comes out in time. Safety of Intended Functionality (SOTIF) is aimed at self-driving vehicles and addresses the hazards of autonomous driving due to performance limitations, inadequate functionality and reasonably foreseeable personnel misuse of the entire vehicle. The main industry standard is the expected functional safety ISO21448, released as a public technical specification in January 2019, with the official version expected to be released in 2022.
The main approaches to expected functional safety:
- Enhancing the reliability of individual electrical and electronic systems
- Enhancing the quality of individual EE systems
- Enhancement of simulation, virtualization, and simulated road tests of scenarios
- Enhance the application of non-linear algorithms such as artificial intelligence to reduce the false alarm rate
- Enhance the trustworthiness of human-computer interaction system and reduce the probability of human misuse