基于整车动力学的EMB线控制动系统功能安全概念设计

doi:10.3969/j.issn.1674-8484.2024.06.004

摘要/Abstract

摘要：

为了提高面向智能车辆的电子机械制动（EMB）系统的安全性与鲁棒性，开展了相应的功能安全概念设计。在ISO 26262标准的基础上，并结合产品开发现状，采用故障注入的仿真方法，获得了车身在EMB失效时的运行规律，为故障发生时危害的严重度和可控性评判提供了数据支撑，有效解决了EMB系统数据库不足的问题，并实现了严重度和可控性的量化分析。开展了危害分析与风险评估（HARA），得到了10个功能安全目标及其对应的汽车安全完整性等级（ASIL），制定了EMB系统的功能安全架构和需求。结果表明：本概念分析方法，可为其它全新智能驾驶电子系统的功能安全开发，提供参考。

关键词: 智能车辆, 电子机械制动（EMB）, 功能安全, 汽车安全完整性等级（ASIL）, 概念设计

Abstract:

A functional safety concept design was conducted for smart vehicles with electronic mechanical braking (EMB) system to improve its safety and robustness. A fault injection simulation method was employed based on the ISO 26262 and combined with the product development status, to obtain the vehicle dynamic characteristics during EMB faulting, which provided the data for the assessment on severity and controllability, and effectively solved the problem of insufficient database in EMB system. The quantified severity and controllability were defined. The hazard analysis and risk assessment (HARA) were carried out, and 10 safety goals and their corresponding automotive safety integrity levels (ASIL) were achieved. The functional safety architecture and requirements of EMB system were developed with the functional safety concept design of the system being completed. Therefore, the concept analysis method can provide references for the functional safety development of other new intelligent driving electronic systems.

Key words: smart vehicles, electronic mechanical brake (EMB), functional safety, automotive safety integrity level (ASIL), concept design

中图分类号:

U462.3+3

狄亚格, 周健, 陆杰, 秦嘉, 魏妤沁, 王淙进, 郝朝阳, 缪雪龙. 基于整车动力学的EMB线控制动系统功能安全概念设计[J]. 汽车安全与节能学报, 2024, 15(6): 830-838.

DI Yage, ZHOU Jian, LU Jie, QIN Jia, WEI Yuqin, WANG Congjin, HAO Zhaoyang, MIAO Xuelong. Functional safety concept design for EMB brake-by-wire system based on vehicle dynamic[J]. Journal of Automotive Safety and Energy, 2024, 15(6): 830-838.

图/表 17

参考文献 16

[1]	李克强, 戴一凡, 李升波, 等. 智能网联汽车(ICV)技术的发展现状及趋势[J]. 汽车安全与节能学报, 2017, 8(1): 1-14.
	LI Keqiang, DAI Yifan, LI Shengbo, et al. State-of-the-art and technical trends of intelligent and connected vehicles[J]. J Autom Safe Energ, 2017, 8(1): 1-14. (in Chinese)
[2]	尘帅, 王吉忠, 张西龙. 线控制动系统车辆制动与横摆稳定性协调控制[J]. 济南大学学报(自然科学版), 2020, 34(4): 371-6, 83.
	CHEN Shuai, WANG Jizhong, ZHANG Xilong. Coordinated control of braking and yaw stability for vehicle equipped with brake-by-wire system[J]. J Univ of Jinan (Nat Sci Ed), 2020, 34(4): 371-6, 83. (in Chinese)
[3]	李亮, 王翔宇, 程硕, 等. 汽车底盘线控与动力学域控制技术[J]. 汽车安全与节能学报, 2020, 11(2): 143-60.
	LI Liang, WANG Xiangyu, CHEN Shuo, et al. Technologies of control-by-wire and dynamic domain control for automotive chassis[J]. J Autom Safe Energ, 2020, 11(2): 143-60. (in Chinese)
[4]	International Organization for Standardization (ISO).ISO 26262: 2018 Road vehicles-functional safety [S]. International Organization for Standardization, 2018.
[5]	中国国家标准化管理委员会.道路车辆功能安全: GB/T34590.3—2022 [S]. 北京: 中国标准出版社, 2022.
	Standardization Administration of the People’s Republic of China.Road vehicles functional safety: GB/T34590.3—2022 [S]. Bejing: China Standards Press, 2022. (in Chinese)
[6]	杨涛. 面向自动驾驶的车辆线控制动系统功能安全研究[D]. 长春: 吉林大学, 2023.
	YANG Tao. Research on functional safety of vehicle brake by wire system for automatic driving[D]. Changchun: Jilin University, 2023. (in Chinese)
[7]	Khastgir S, Birrell S, Dhadyalla G, et al. Towards increased reliability by objectification of hazard analysis and risk Assessment (HARA) of automated automotive systems[J]. Saf Sci, 2017, 99: 166-77.
[8]	LEU Kuenlong, HUANG Hsiang, CHEN Yungyuan, et al. An intelligent brake-by-wire system design and analysis in accordance with ISO-26262 functional safety standard [C]// 2015 Int'l Conf Connect Vehi Expo (ICCVE), Shenzhen, China, 2015: 150-156.
[9]	王俊明, 周宏伟. 基于ISO26262的车道保持辅助的功能安全概念设计[J]. 重庆交通大学学报(自然科学版), 2019, 38(3): 135-142.
	WANG Junming, ZHOU Hongwei. Functional safety concept design of lane keeping assistance based on ISO26262[J]. J Chongqing Jiaotong Univ (Nat Sci Ed), 2019, 38(3): 135-142. (in Chinese)
[10]	荣芩, 吴晓东, 许敏. 基于ISO标准的道路车辆线控转向系统的功能安全概念设计[J]. 汽车安全与节能学报, 2018, 9(3): 250-257.
	RONG Qin, WU Xiaodong, XU Min. Functional safety concept design for steer-by-wire system of road vehicle based on the ISO[J]. J Autom Safe Energ, 2018, 9(3): 250-257. (in Chinese)
[11]	程洁, 郑凯, 秦嘉, 等. 面向智能车辆的EMB系统功能安全分析及应用设计[J]. 汽车安全与节能学报, 2023, 14(1): 69-79.
	CHENG Jie, ZHENG Kai, QIN Jia, et al. Functional safety analysis and application design of EMB system for intelligent vehicles[J]. J Autom Safe Energ, 2023, 14(1): 69-79. (in Chinese)
[12]	Juez G, Amparan E, Lattarulo R, et al. Safety assessment of automated vehicle functions by simulation-based fault injection [C]// 2017 IEEE Int'l Conf Vehi Elect Saf (ICVES), Vienna, Austria, 2017: 214-219.
[13]	Baybutt P. A critique of the hazard and operability (HAZOP) study[J]. J Loss Prev Process Ind, 2015, 33: 52-8.
[14]	SAE Int'l. Considerations for ISO 26262 ASIL hazard classification:SAE J2980: 2018 [S/OL]. [2023-12-25]. https://www.antpedia.com/standard/2014272200-1.html.
[15]	Verband der Automobilindustrie. Situation catalogue e-parameters according to ISO 26262-3 VDA 702: 2015 [S/OL]. [2023-11-18]. https://www.doc88.com/p-7028438060252.html.
[16]	王喜洋, 李鸿鹏, 奚文霞, 等. 一种基于功能安全的制动系统S和C评级装置及方法: 中国, CN115946709A[P]. 2023-04-11.
	WANG Xiyang, LI Hongpeng, XI Wenxia, et al. The invention relates to an S and C rating device and a method for a braking system based on functional safety: China. CN115946709A[P]. 2023-04-11. (in Chinese)

功能失效分类	功能失效模式	整车危害
系统无需求时有功能输出	运行中，驾驶员没有踩制动踏板但非预期制动	车辆非预期减速及车辆失去稳定性
系统无需求时有功能输出	静止时，驾驶员没有踩制动踏板但非预期制动	车辆无法移动
系统无需求时有功能输出	运行中，驾驶员踩制动踏板但无制动力	车辆减速度过小
系统无需求时有功能输出	静止时，驾驶员踩制动踏板但无制动力	溜车
功能输出少于系统需求	运行中，驾驶员踩制动踏板，有制动力但低于预期	车辆减速度过小
功能输出少于系统需求	静止时，驾驶员踩制动踏板，有制动力但低于预期	溜车
功能输出大于系统需求	运行中，驾驶员踩制动踏板，有制动力但高于预期	车辆加速度过大
功能输出大于系统需求	静止时，驾驶员踩制动踏板，有制动力但低于预期	符合预期，无危害

功能失效分类	功能失效模式	整车危害
系统无需求时有功能输出	运行中，驾驶员没有踩制动踏板但非预期制动	车辆非预期减速及车辆失去稳定性
系统无需求时有功能输出	静止时，驾驶员没有踩制动踏板但非预期制动	车辆无法移动
系统无需求时有功能输出	运行中，驾驶员踩制动踏板但无制动力	车辆减速度过小
系统无需求时有功能输出	静止时，驾驶员踩制动踏板但无制动力	溜车
功能输出少于系统需求	运行中，驾驶员踩制动踏板，有制动力但低于预期	车辆减速度过小
功能输出少于系统需求	静止时，驾驶员踩制动踏板，有制动力但低于预期	溜车
功能输出大于系统需求	运行中，驾驶员踩制动踏板，有制动力但高于预期	车辆加速度过大
功能输出大于系统需求	静止时，驾驶员踩制动踏板，有制动力但低于预期	符合预期，无危害

严重度 S	暴露率 E	可控性C
严重度 S	暴露率 E	C0	C1	C2	C3
S0	E1	QM	QM	QM	QM
	E2	QM	QM	QM	QM
	E3	QM	QM	QM	QM
	E4	QM	QM	QM	A
S1	E1	QM	QM	QM	QM
	E2	QM	QM	QM	QM
	E3	QM	QM	QM	A
	E4	QM	QM	A	B
S2	E1	QM	QM	QM	QM
	E2	QM	QM	QM	A
	E3	QM	QM	A	B
	E4	QM	A	B	C
S3	E1	QM	QM	QM	A
	E2	QM	QM	A	B
	E3	QM	A	B	C
	E4	A	B	C	D

严重度 S	暴露率 E	可控性C
严重度 S	暴露率 E	C0	C1	C2	C3
S0	E1	QM	QM	QM	QM
	E2	QM	QM	QM	QM
	E3	QM	QM	QM	QM
	E4	QM	QM	QM	A
S1	E1	QM	QM	QM	QM
	E2	QM	QM	QM	QM
	E3	QM	QM	QM	A
	E4	QM	QM	A	B
S2	E1	QM	QM	QM	QM
	E2	QM	QM	QM	A
	E3	QM	QM	A	B
	E4	QM	A	B	C
S3	E1	QM	QM	QM	A
	E2	QM	QM	A	B
	E3	QM	A	B	C
	E4	A	B	C	D

严重度 S	v / (km·h^-1)
严重度 S	车与车正碰	车与车侧碰	车与人碰
S0	0~10	0~2	0~4
S1	10~20	2~8	4~20
S2	20~40	8~16	20~30
S3	>40	>16	>30