基于EGAS监控概念的高压共轨柴油机控制器功能安全实现

覃艳1,2，卫文晋1,2，纪小娟1,2，丛聪1,2

1.内燃机可靠性国家重点实验室，山东 潍坊  261061；2.潍柴动力股份有限公司，山东 潍坊  261061

摘要：为将汽车电子、电气系统失效的危害控制在可接受范围内，实现高压共轨柴油发动机控制器功能安全，按照ISO 26262的开发流程，围绕发动机控制器进行相关项分析；通过危害分析和风险评估确定安全目标预防非预期加速，其安全完整性等级为B级；通过功能安全概念分析确定功能安全需求为转矩监控；在技术安全概念阶段，采用EGAS 3级监控概念将转矩监控需求进一步细化并实现安全完整性等级的分解；设计基于TC29x芯片的控制器功能安全实现方案。采用MATLAB/Simulink搭建策略模型，进行故障注入测试。结果表明，该监控策略能有效地识别输入轴转速过高的故障，并立即做出响应，有效降低了人身伤害的风险。

关键词：ISO 26262；高压共轨柴油发动机；转矩监控；TC29x

Functional safety implementation of high-pressure common rail diesel engine control unit based on EGAS monitoring concept

QIN Yan1,2, WEI Wenjin1,2, JI Xiaojuan1,2, CONG Cong1,2

1.State Key Laboratory of Internal Combustion Engine Reliability, Weifang 261061,China；2.Weichai Power Co., Ltd., Weifang 261061,China

Abstract：In order to control the hazard of failure of automobile electronic and electrical systems within an acceptable range, the realization of functional safety of high-pressure common rail diesel engine controller is studied. According to the development process of ISO 26262, relevant items are analyzed around the engine controller; through hazard analysis and risk assessment, the safety objective is determined to prevent unexpected acceleration, and its safety integrity level (ASIL) is B. Through functional safety concept analysis, it is determined that the functional safety requirement is torque monitoring. In the technical safety concept stage, the torque monitoring requirements are further refined and the ASIL level is decomposed by using the EGAS three-level monitoring concept. A safe implementation scheme of controller function based on TC29x chip is designed. MATLAB/Simulink is used to build the strategy model for fault injection test. The results show that the monitoring strategy can effectively identify the fault of high input shaft speed and respond immediately, effectively reducing the risk of personal injury.

Keywords:ISO 26262; high-pressure common rail diesel engine; torque monitoring; TC29x