E-gas Monitoring Concept - General part 2

The concept of Hazard and Risk

System definition

ISO26262 requires the definition of the system scope. - Item definition

you can find out in Standardized EGAS monitoring concept for Gasoline and Diesel Engine control units. If you want to learn more, search for Standardized EGAS monitoring concept for Gasoline and Diesel Engine control units on the Web.

Caution: This topic contains my opinion and omits a part of the original document. If you want to learn more, you'd better search for E-gas monitoring concept PDF file.
you can see the document here.

Functional characteristics - Engine

• Providing driving torque
• Providing braking torque by means of drag torque of the combustion engine

Application environment

• passenger cars

Structure

• The internal combustion engine shall be the single source of driving torque of the vehicle.
• The combustion engine shall be coupled directly to the drive wheels by a closed powertrain. 
• The combustion engine shall be controlled by the engine ECU

EGAS-contents consists of the following components.

• Accelerator pedal
• Engine control unit
• Throttle valve

Additional interfaces, which affect the providing of the driving torque shall be considered. 

✎ I will make a topic about this: Transmission - It requests torque increase or decrease request to the Engine control unit. 

Hazard and Risk Assessment

according to Standardized EGAS monitoring concept for Gasoline and Diesel Engine control units, we can see 4 safety goals as below. 

• SZ-01 Prevention of unintended acceleration ➜  ASIL B
• SZ-02 Prevention of missing acceleration ➜  QM
• SZ-03 Prevention of unintended deceleration ➜  QM
• SZ-04 Prevention of missing deceleration ➜  QM

Because of safety goal SZ-01, this monitoring concept shall be required that detects "unintended acceleration" and transfers the vehicle into a controllable and safe state within an appropriate fault tolerance time(FTT).

this document is about SZ-01 to attain ASIL B.

Functional safety concept

To achieve The safety goal SZ-01, this system must dectect unintended acceleration by monitoring function, and assign driving torque to vehicle into a controllable and safe state within an appropriate fault tolerance time.


Please look at this diagram below.




Safety block diagram

•  Sensors (S1 and S2)

          A plausibility check can be applied to the sensor signals after capturing the signals.

• Actuatiors (A)

          A plausibility check can be applied to the actuator signals after capturing the signals.

• Engine control unit (L)

          The engine control unit detects sensor faults.
          The engine control unit detects actuator faults.
          A safety concept is implemented in the engine control unit, which validates and
          detects a not permissible exceeding driving torque. The system fault reaction shall
          result in a safe state.
          The safety concept is based on the idea of a centralized functional monitoring architecture.








◎ Central functional monitoring


The functional monitoring level shall calculate and monitor functions independently of the functional level. In case of an error detection, a controllable safe state has to be adjusted.


An independent development ensures that systematic errors do not have the same effect on the functional level and on the functional monitoring level.


Additional measure shall be implemeneted into the control unit to verify the intergrity of he applied ECU HW.


It shall be ensured that errors which are located in the functional level and in the ECU HW cannot have an undetected influence to the functional monitoring level.

In brief

1. ECU must monitor signals of sensors and of actuators.

2. ECU has to have Functional monitoring function that be able to monitor ECU's function.

3. In ECU, the Functional level and the Functional monitoring level must be separated.

We need to know what the Functional level and the functional monitoring level are. it is concluded by 3-level monitoring concept. Next time, I will post about the technical safety concept and requirement and 3-level monitoring concept.







Thank you for attention.

Whiteberry