Safety needs become the driving force for the development of automotive body electronic systems
[Copy link]
The relationship between each system and security will become increasingly important. The question now is: Are there any systems that are insecure? Automotive safety has improved in recent years, both from government mandates and consumer preferences for safer vehicles. As modern cars integrate more and more automotive electronic systems, it is clear that the "safety" of systems not related to safety is becoming more and more important. The aerospace industry has used fly-by-wire systems for many years, but has not been subject to the same cost pressures as the automotive industry. Several aviation systems often use redundant systems, sometimes up to four redundant systems for specific systems, The challenges facing the automotive industry are unique: it must meet similar robustness requirements without increasing the cost of the vehicle. This requires Tier-Ones and their supporting manufacturers to come up with innovative and new solutions to solve the challenges of stringent safety requirements at a competitive price. SIL Level In 1998, the International Electrotechnical Commission (IEC) published the 61508 standard, which contains requirements for minimizing failures in electronic systems. The standard defines several system integrity levels or SILs. Applications and systems are classified according to the probability of a dangerous failure occurring per hour, as listed below: One FIT (failure in time) is equivalent to 10-9 dangerous failures per hour, so the entire system must operate within the safety budget, and the total accumulated FIT number of the devices must meet the requirements of the SIL level characteristic description. Determining the required safety level (SIL rating) for an application is by no means an easy task. Clearly, critical systems in aircraft need to meet requirements of at least SIL3 and in some cases SIL4. The requirements are not as high for automobiles, but there are examples where a high safety level is clearly required, such as steer-by-wire or brake-by-wire. There are several tools that can analyze the required SIL level for a system, but it is not the purpose of this article to assign SIL requirements to various systems. The above examples are sufficient to illustrate some of the safety-critical systems that need to be considered in a modern automobile. Obviously, steering and braking systems are extremely important, but how important are the car's lighting system or windshield wipers? What FIT rate does the system that controls the wipers need to have to be acceptable on a rainy day? Each system becomes increasingly relevant to safety, and the question now is: Are there any systems that are unsafe? Currently, most automotive electronic systems are connected to the Control Area Network (CAN) bus or Local Interconnect Network (LIN) sub-bus (Figure 2). This raises further questions: How can an error code from a critical application propagate to another system? For example, how can an error code from a GPS navigation system be propagated to a door control module or another critical application? Therefore, does every system in the car have to meet the minimum requirements of SIL2?  | | The high-speed CAN bus is used to connect fast-actuating systems such as engine and powertrain control systems and active suspension. | There is no doubt that as more and more functions are integrated into the body computer (below), the focus on SIL ratings for these applications will become more and more intense. An example is when an OEM integrates the steering wheel (electronic controller) into the gateway or bus control unit (BCU). Obviously, if the steering wheel locks due to a system failure, it could cause a disaster, so some BCU systems need to have a SIL3 rating.  | |
| Another challenge facing application developers in the current environment is the issue of software development diversity. It has long been the case that software is not written by one team, but by several teams from different companies. The CAN driver may come from one supplier, the new algorithm may come from another specialized company, and the standard application-specific algorithm may be written by both the OEM and the first-tier supplier. Mixing together software from these different sources, it is no wonder that OEMs are paying closer attention to software design issues. It is increasingly being proven that software defects are causing major problems. For example, in 2000, some industry sources estimated that 40% of system failures were due to software defects. As software complexity increases and the catalog of software suppliers grows, it is a logical prediction that software defects will become an increasingly important issue in the future. Advances in Microcontrollers Take Freescale's S12XE MCU products as an example, which provide many of the functions required by the new generation of automotive body computers. In addition to providing a means to reduce costs, these devices provide many benefits for future BCUs. The S12XE family has features that mitigate the propagation of faults to other devices in the system. Due to greatly improved clock and voltage monitoring capabilities, the microcontroller can quickly and effectively respond to such faults in the system. This feature allows the MCU to detect oscillator problems and run using the internal clock, eliminating the need for a second clock, while allowing the microprocessor to continue monitoring the oscillator and recover from this "safe" state to a "normal state." No more worries New microprocessors can prevent systematic errors in software, alleviating some of the fear that engineers have about multiple software packages from different vendors and helping engineers ensure that they can only see, read, and write memory dedicated to the task at hand. Perhaps the most significant advance in the S12XE is Xgate, a coprocessor that runs a completely different instruction set to the S12X core. Xgate runs independent CPU instructions and has configuration flexibility so that it can be configured to perform a variety of different functions, such as attaching an internal watchdog and compensating for the existing Computer Operating Properly (COP) module. Xgate can be configured to run the same algorithm (or different versions of it) as the CPU, thereby ensuring that the algorithm is executed correctly and that the device is redundancy checked without the need for additional components. Xgate can even be configured to run non-critical software, allowing the CPU to focus only on critical tasks, thereby improving response time to errors in other parts of the system. Detailed information about the S12XE family will not be available until the products are released in the middle of this year. Conclusion To meet the needs of increasingly complex electronic systems, new standards are being developed. The new IEC61508 standard takes a long time to provide more stringent basic requirements for these requirements. As automotive OEMs strive to improve quality, increase safety and reduce costs at the same time, systems in traditional key applications - such as brakes and steering - are subject to increasingly detailed scrutiny from these standards. Safety is increasingly becoming a focus of discussion in automotive body electronics . Products such as the new S12XE family will clearly provide cutting-edge solutions in such a competitive market.
| 
提升卡
变色卡
千斤顶
京公网安备 11010802033920号
