COMPANY CONFIDENTIAL

Dr. FRANCK GALTIE

DIRECTEUR AUTOMOTIVE FUNCTIONAL SAFETY

FUNCTIONAL SAFETY

COURSE #2

INTERNAL/PROPRIETARY 1

General Agenda

• Course #1 :

Functional Safety awareness

• Course #2 :

Brainstorming on power inverter architecture, potential failures and safety mechanisms (ie. safety concept)

• Course #3:

Continue on Safety Concept

• Course #4:

How to prove our concept and assess it

INTERNAL/PROPRIETARY 2

Course #1 agenda

• Introduction

• Safety Goals for electric vehicle ?

• Functional Concept

• Technical Safety Concept

• Conclusion

INTERNAL/PROPRIETARY 3

Introduction

01.

INTERNAL/PROPRIETARY 4

Efficient Electric Vehicle Power Control by NXP

Leveraging leadership portfolio in power control

Creating xEV power control system reference platforms

New xEV ASIL-D

Power Inverter Control

Reference Platform

Battery Management

with State-of-the-Art

Cell Charge Control

INTERNAL/PROPRIETARY 5

What’s an Inverter?

o Converts DC voltage to AC voltage or AC voltage to DC voltage.

o The main traction inverter:

o converts high DC voltage (from battery) to high current 3-phase AC

voltage to drive and control a traction motor

o Must be output power & power density (kW/L) efficient as battery

voltages move >350V

o Support more powerful (>80kW) traction motors which may also

require more than 3 phases.

o Must support requirements for ASIL C/ ASIL D functional safety

DC Link

CapacitorHV Battery

(300V – 800V)HV InverterBMS

controller

300V – 800V

DC

Lin

k

Cap

ac

itor

Re

so

lve

r

Cu

rren

t

Se

ns

e

HV

DC

Ba

ttery

U

V

W

INTERNAL/PROPRIETARY 6

Item definition assumption

PIM E. MotorHV DC

Battery

SEooC

Sensor

VCU(Vehicle control Unit)

Vehicle Wheel

Gas Pedal

Brake PedalDriver

inputs

ADAS system /

Cruise control

The PIM is our (System Element Out of

Context). It is responsible for converting

the Energy from the HV Battery to an

Electric Motor, based on the request

from VCU.

VCU is sends Torque Request based on

driver information and ADAS System.

Sensors

The HV battery (400V) is

protected by a BMS System

from Overvoltage,

Undervoltage, Overcurrent… The electric Motor

is generally PMSM

around 100kW.

In BEV, the Motor

usually has no clutch

and is attached directly

to the vehicle wheel by a

simple gearbox system.

INTERNAL/PROPRIETARY 7

What’s an Inverter?

DC Link

CapacitorHV Inverter

DC

Lin

k

Cap

ac

itor

Re

so

lve

r

Cu

rren

t

Se

ns

e

U

V

W

INTERNAL/PROPRIETARY 8

Safety Goals for Electric vehicle ?

02.

INTERNAL/PROPRIETARY 9

Possible traction Hazards –HARA example

Unintended self

acceleration

Unintended reverse

speed wheel

Unintended loss of

torqueUnintended over

torque while driving

Unintended braking

INTERNAL/PROPRIETARY 10

Safety goal (can be different for other assumption)

Safety goal ASIL

SG1: Avoid unintended acceleration while in stop D

SG2: Avoid unintended acceleration , torque lock or over acceleration torque

while drivingB

SG3: Avoid reverse torque D

SG4: Avoid sudden loss of acceleration torque B

SG5: Avoid self-braking torque while driving at high speed D

SG6: Avoid self-braking torque while driving at low speed B

Traction

Braking /

Regeneration

CONFIDENTIAL AND PROPRIETARY11

Functional concept

03.

CONFIDENTIAL AND PROPRIETARY12

Functional requirements

• What do we need to make the system achieve his main function?

CONFIDENTIAL AND PROPRIETARY18

Technical safety concept

04.

CONFIDENTIAL AND PROPRIETARY19

Technical safety concept

Pow

er

sta

ge

Gate

driver

MCU

Power

supply

CAN

Motor

Position

sensor

NXP and the NXP logo are trademarks of NXP B.V. All other product or service names are the property of their respective owners. © 2018 NXP B.V.