CN103745112B

CN103745112B - Method for ensuring maximum residue failure rate of signal chain

Info

Publication number: CN103745112B
Application number: CN201410019802.7A
Authority: CN
Inventors: 于长淼; 施京毅; 苏剑
Original assignee: Continental Automotive Systems Shanghai Co Ltd
Current assignee: Omoway Automotive Systems Shanghai Co ltd
Priority date: 2014-01-16
Filing date: 2014-01-16
Publication date: 2015-06-10
Anticipated expiration: 2034-01-16
Also published as: CN103745112A

Abstract

The invention provides a method for ensuring maximum residue failure rate of a signal chain in car safety completeness grade evaluation. The flow path of signals in signal chain evaluation can be used to ensure the maximum residue failure rate according to the following steps: acquiring corresponding PPM values for elements which can not acquire failure modes and corresponding failure rate, wherein the PPM values refer to bad element amount in the designated amount during a designated period; utilizing the acquired PPM values to acquire metering failure rate, acquire the minimum judgment identification rate in all failure modes related to the safety according to the above elements so as to further acquire maximum judgment non-identification rate of the elements; acquiring maximum residue failure rate of the elements related to the safety based on the metering failure rate of the elements and the minimum judgment non-identification rate; acquiring residue failure rate related to the security from the rest elements with failure modes and failure rate; acquiring maximum value of all residue failure rate of the signal chain according to the maximum residue failure rate of the elements.

Description

Method for determining the maximum residual failure rate for a signal chain

技术领域technical field

本发明涉及用于确定汽车安全完整性等级评估中信号链的最大残余失效率的方法，具体地，涉及基于零部件的PPM数据来确定信号链的最大残余失效率的方法。The present invention relates to a method for determining the maximum residual failure rate of a signal chain in automobile safety integrity level assessment, in particular, a method for determining the maximum residual failure rate of a signal chain based on PPM data of components.

背景技术Background technique

随着机动车辆的普及，车辆的安全性成为技术人员以及机动车辆的保有者（即用户）共同关心的问题。近年来，在不断提升车辆中各种零部件的质量的同时，也出现了很多提高车辆整体安全性的控制机制，例如电子制动系统，诸如防抱死制动系统ABS（Anti-lock Braking System）、电子稳定性控制ESC（Electronic Stability System）系统等。With the popularity of motor vehicles, the safety of vehicles has become a common concern of technicians and owners of motor vehicles (ie users). In recent years, while continuously improving the quality of various components in the vehicle, there have also been many control mechanisms to improve the overall safety of the vehicle, such as electronic braking systems, such as the Anti-lock Braking System ABS (Anti-lock Braking System) ), electronic stability control ESC (Electronic Stability System) system, etc.

ABS系统可安装在任何带液压刹车的汽车上。其利用阀体内的一个橡胶气囊，在踩下刹车时，给予刹车油压力，充斥到ABS的阀体中，然后气囊利用中间的空气隔层将压力返回，使车轮避过锁死点。具体而言，ABS系统通过安装在车轮上的传感器发出车轮将被抱死的信号，控制器指令调节器降低该车轮制动缸的油压，减小制动力矩，经一定时间后，再恢复原有的油压，不断的这样循环（每秒可达5～10次），从而使车轮始终处于转动状态而又有最大的制动力矩。The ABS system can be installed on any car with hydraulic brakes. It uses a rubber airbag in the valve body to give brake fluid pressure to the ABS valve body when the brake is stepped on, and then the airbag uses the air compartment in the middle to return the pressure to avoid the locking point of the wheel. Specifically, the ABS system sends a signal that the wheel will be locked through the sensor installed on the wheel, and the controller instructs the regulator to reduce the oil pressure of the brake cylinder of the wheel, reduce the braking torque, and then recover after a certain period of time. The original oil pressure is continuously cycled in this way (up to 5-10 times per second), so that the wheels are always in a rotating state and have the maximum braking torque.

与此形成对比的是，没有安装ABS的车辆在行驶中，如果用力踩下制动踏板，则车轮转速会急速降低。当制动力超过车轮与地面的摩擦力时，车轮就会被抱死，完全抱死的车轮会使轮胎与地面的摩擦力下降。如果车辆的前轮被抱死，驾驶员将无法控制车辆的行驶方向，如果后轮被抱死，就极容易出现侧滑现象。In contrast to this, if a vehicle without ABS is running, if the brake pedal is pressed hard, the wheel speed will drop rapidly. When the braking force exceeds the friction between the wheel and the ground, the wheel will be locked, and a completely locked wheel will reduce the friction between the tire and the ground. If the front wheels of the vehicle are locked, the driver will not be able to control the driving direction of the vehicle, and if the rear wheels are locked, it is very easy to slip.

可见ABS系统有效地提高了驾驶过程中的安全性，那么ABS系统自身的故障检测就显得尤为重要了。故障包括电路故障和机械故障等，例如ABS系统中传感器（包括传感器线圈电阻、转子齿圈和传感器输出信号等）、制动压力调节器、电控单元等零部件的故障。因此，检测ABS系统中各零部件的安全性是保障行车安全的重要因素之一。It can be seen that the ABS system effectively improves the safety during driving, so the fault detection of the ABS system itself is particularly important. Faults include circuit faults and mechanical faults, such as faults in sensors in the ABS system (including sensor coil resistance, rotor ring gear and sensor output signals, etc.), brake pressure regulators, electronic control units and other components. Therefore, detecting the safety of each component in the ABS system is one of the important factors to ensure driving safety.

除了ABS系统之外，车辆中包含了多个厂商生产的大大小小的各种零部件。而各个零部件的安全、正常运行显然对车辆的整体安全性起着至关重要的作用。现有的评估车辆安全完整性方法是，通过对某一信号链中各个元件的失效模式、失效率及安全机制的综合评估，获悉该信号链的残余失效率等量化指标，并将得到的指标与既定的安全完整性等级（例如根据道路车辆功能安全标准ISO26262的规定）进行比对，从而确定整条信号链的汽车安全完整性等级。这样的信号链汽车安全完整性等级评估已经成为道路车辆功能安全中最基本、最重要的工作之一。In addition to the ABS system, the vehicle contains a variety of large and small components produced by multiple manufacturers. The safe and normal operation of each component obviously plays a vital role in the overall safety of the vehicle. The existing method of evaluating vehicle safety integrity is to learn the quantitative indicators such as the residual failure rate of the signal chain through comprehensive evaluation of the failure mode, failure rate and safety mechanism of each component in a certain signal chain, and to obtain the indicators Comparison with established safety integrity levels (e.g. according to the road vehicle functional safety standard ISO26262) to determine the automotive safety integrity level of the entire signal chain. Such signal chain automotive safety integrity level assessment has become one of the most basic and important tasks in road vehicle functional safety.

具体地，在这样的信号链汽车安全完整性等级评估过程中，需要了解信号链上各个元件的失效模式、失效率及安全机制的详细信息。然而，现实中这些元件通常来自不同的（甚至国外）供应商，鉴于其中一些信息往往因为涉及产品的核心而作为商业秘密被制造商保留，导致直接对信号链的汽车安全完整性等级进行有效评估带来障碍。Specifically, in the process of evaluating the safety integrity level of such a signal chain vehicle, it is necessary to know the detailed information of the failure modes, failure rates and safety mechanisms of each component on the signal chain. However, in reality these components usually come from different (even foreign) suppliers, and given that some of the information is often kept by the manufacturer as a trade secret because it concerns the core of the product, it leads to a valid assessment of the automotive safety integrity level of the signal chain directly bring obstacles.

针对上述现状，需要一种能够在无法获知信号链的某些元件的失效模式、失效率及安全机制的情况下，仍然能够对该条信号链进行安全完整性等级评估的方法。In view of the above situation, there is a need for a method that can still evaluate the safety integrity level of the signal chain without knowing the failure mode, failure rate and safety mechanism of some components of the signal chain.

发明内容Contents of the invention

为了解决或者至少缓解现有技术中的上述问题，本发明提供了一种通过利用信号链中有关元件的PPM数据，来确定信号链的最大残余失效率的方法，进而实现信号链的汽车安全完整性等级评估。In order to solve or at least alleviate the above-mentioned problems in the prior art, the present invention provides a method for determining the maximum residual failure rate of the signal chain by using the PPM data of relevant components in the signal chain, thereby realizing the automotive safety integrity of the signal chain sex ratings.

根据本发明的一个实施例，提供了一种用于确定汽车安全完整性等级评估中信号链的最大残余失效率的方法，其中，所述信号链指评估中信号流经的路径，通过以下步骤确定其最大残余失效率：According to one embodiment of the present invention, there is provided a method for determining the maximum residual failure rate of a signal chain in an automobile safety integrity level assessment, wherein the signal chain refers to a path through which signals flow in the assessment, through the following steps Determine its maximum residual failure rate:

对于无法获知其失效模式和相应的失效率的元件，获得其对应的PPM值，其中，PPM值为该元件在指定时段内指定数量中的坏件量；For the component whose failure mode and corresponding failure rate cannot be known, obtain its corresponding PPM value, where the PPM value is the number of bad parts in the specified quantity of the component within the specified period;

利用所获得的元件的PPM值，获得该元件的计次失效率；Using the obtained PPM value of the component to obtain the count failure rate of the component;

针对每个上述元件，获得其与安全相关的所有失效模式中的最小诊断识别率，进而获得该元件的最大诊断未识别率；For each of the above components, obtain the minimum diagnostic recognition rate among all safety-related failure modes, and then obtain the maximum diagnostic non-recognition rate of the component;

基于该元件的计次失效率与其最大诊断未识别率，获得该元件与安全相关的所述最大残余失效率；Obtaining the maximum residual failure rate of the component related to safety based on the counted failure rate of the component and its maximum diagnostic non-recognition rate;

对已知失效模式及失效率的其余元件，获得其与安全相关的残余失效率；For the remaining components with known failure modes and failure rates, obtain their safety-related residual failure rates;

结合上述元件的最大残余失效率及其余元件的残余失效率，获得整个信号链的残余失效率的最大值。Combining the maximum residual failure rate of the above components with the residual failure rate of the remaining components, the maximum value of the residual failure rate of the entire signal chain is obtained.

可选地，所述信号链包括传感器和接收传感器信号的电子控制单元，其中，所述传感器的失效模式和相应的失效率未知。其中，所述电子控制单元是电子制动系统。Optionally, the signal chain comprises a sensor and an electronic control unit receiving a signal from the sensor, wherein the failure modes and corresponding failure rates of the sensor are unknown. Wherein, the electronic control unit is an electronic braking system.

优选地，所述传感器为轮速传感器、方向盘转角传感器和/或真空度传感器，所述电子制动系统为电子稳定性控制系统。Preferably, the sensor is a wheel speed sensor, a steering wheel angle sensor and/or a vacuum sensor, and the electronic braking system is an electronic stability control system.

优选地，所述传感器为轮速传感器，所述电子制动系统为防抱死制动系统。Preferably, the sensor is a wheel speed sensor, and the electronic braking system is an anti-lock braking system.

可选地，将每个失效模式和相应的失效率未知的元件的计次失效率和最大诊断未识别率的乘积作为该元件与安全相关的最大残余失效率，并且最大诊断未识别率是整数1与所获得的与该元件相关的前述最小诊断识别率的差值。Optionally, the product of the counted failure rate and the maximum diagnostic non-identification rate for each failure mode and corresponding failure rate unknown component is taken as the safety-related maximum residual failure rate of the component, and the maximum diagnostic non-identification rate is an integer 1 the difference from the previous minimum diagnostic identification rate obtained in relation to the component.

可选地，其余元件与安全相关的残余失效率通过下述方式计算获得：对所述其余元件中的每个元件，获得其每种失效模式下的失效率和诊断识别率，将整数1与识别率的差值作为该元件的诊断未识别率，将每种失效模式下的失效率与诊断未识别率的乘积作为该失效模式的残余失效率；对每个元件的每种失效模式下的残余失效率进行求和，得到该元件与安全相关的残余失效率。Optionally, the safety-related residual failure rates of the rest of the components are calculated in the following manner: for each of the remaining components, the failure rate and diagnostic recognition rate in each failure mode are obtained, and the integer 1 and The difference of the recognition rate is taken as the non-diagnosed rate of the component, and the product of the failure rate in each failure mode and the non-diagnosed rate is taken as the residual failure rate of the failure mode; for each component in each failure mode The residual failure rates are summed to obtain the safety-related residual failure rate for the component.

优选地，所述PPM值为该元件每年每百万件中的坏件量，所述计次失效率为 $\frac{PPM}{10^{6} \times 365 \times 24} \times 10^{9} .$ Preferably, the PPM value is the number of defective parts per million pieces per year for the component, and the failure rate per count is $\frac{PPM}{10^{6} \times 365 \times twenty four} \times 10^{9} .$

由上述可见，通过使用元件的PPM值，本发明可以对无法获知其失效模式和相应的失效率的元件计算其残余失效率，从而降低了评估的难度，提高了信号链残余失效率评估的效率。It can be seen from the above that by using the PPM value of the component, the present invention can calculate the residual failure rate of the component whose failure mode and corresponding failure rate cannot be known, thereby reducing the difficulty of evaluation and improving the efficiency of signal chain residual failure rate evaluation .

附图说明Description of drawings

通过下面结合附图进行的详细描述，将会对本发明有进一步的理解，从而本发明的上述以及其他优点、所公开的示例性实施例的其它特性和优点对本领域技术人员将变得明显。然而，需要注意的是，无论是附图还是下文中的具体实例，均只是为了说明本发明的思路而做出的示例性描述，不应当被作为对本发明的任何方面的限制。本发明的保护范围由所附权利要求的内容及其等效方案来限定。在附图中，The above and other advantages of the present invention, and other features and advantages of the disclosed exemplary embodiments will become apparent to those skilled in the art from a further understanding of the present invention from the following detailed description taken in conjunction with the accompanying drawings. However, it should be noted that both the drawings and the specific examples below are only exemplary descriptions made to illustrate the idea of the present invention, and should not be regarded as limiting any aspect of the present invention. The protection scope of the present invention is defined by the contents of the appended claims and their equivalents. In the attached picture,

图1示意性示出可实施本发明的方案的信号链的一部分；Figure 1 schematically shows a part of a signal chain in which the solution of the present invention can be implemented;

图2示意性示出根据本发明一示例性实施例的方法。Fig. 2 schematically illustrates a method according to an exemplary embodiment of the present invention.

具体实施方式Detailed ways

如上文所述，在信号链汽车安全完整性等级评估中，对信号链上各元件的残余失效率的评估是信号链的汽车安全完整性等级评估的一个重要组成部分。下面将结合图1所示的一示意性简化信号链讨论其中各元件以及整条信号链的汽车安全完整性等级评估。As mentioned above, in the signal chain automotive safety integrity level assessment, the evaluation of the residual failure rate of each component on the signal chain is an important part of the signal chain automotive safety integrity level assessment. Automotive Safety Integrity Level assessment of individual components and the entire signal chain will be discussed below in conjunction with a schematic simplified signal chain shown in Figure 1.

如图1所示的信号链中包括传感器A、电子控制单元B和信号链输出信号S。这里，传感器A例如可以是轮速传感器、方向盘转角传感器、真空度传感器等或其任意组合，电子控制单元B例如可以是上文所述的ABS系统。为了简化起见，图1仅仅示意性示出了车辆中信号链的一部分。显而易见的是，根据本发明的评估方法可应用于车辆中任何的元件及有关的信号链，而不是局限于图1所示的情形。The signal chain shown in Figure 1 includes sensor A, electronic control unit B and signal chain output signal S. Here, the sensor A may be, for example, a wheel speed sensor, a steering wheel angle sensor, a vacuum sensor, etc. or any combination thereof, and the electronic control unit B may be, for example, the above-mentioned ABS system. For the sake of simplicity, FIG. 1 only schematically shows a part of the signal chain in a vehicle. It is obvious that the evaluation method according to the present invention can be applied to any components and related signal chains in the vehicle, and is not limited to the situation shown in FIG. 1 .

另外，可以理解，本文中所提到的信号链指信号流经的路径。具体地，该路径上可包括任意合适的元素，例如图1所示的传感器、线束、处理器等。其中，流经信号链的信号既涉及被传感器检测到的真实物理量，也涉及经过传输和处理之后输出的体现了所测得的物理量的大小、强弱等指征的信息。In addition, it can be understood that the signal chain mentioned herein refers to the path through which signals flow. Specifically, the path may include any suitable elements, such as sensors, wire harnesses, processors, and the like shown in FIG. 1 . Among them, the signal flowing through the signal chain involves not only the real physical quantity detected by the sensor, but also the information that reflects the size, strength and other indicators of the measured physical quantity output after transmission and processing.

将图1中传感器A的失效模式计为Fi，其相应的失效率为Ri，与之对应的诊断识别率为Di（其中i=1至n）。其中，Ri指在相应的失效模式Fi中，传感器A失效的概率。其中，诊断识别率Di是安全机制的量化值，是传感器A在相应的失效模式Fi中的某一工作区间内能够进行正确的诊断识别的概率。具体地，例如如果传感器A是轮速传感器，则其可能的工作区间是若干速度范围，如果传感器A是方向盘转交传感器，则其可能的工作区间是一些角度范围，那么相应的诊断识别率Di则是在相应的一特定速度范围内或角度范围内的诊断识别率。这里，本领域技术人员能够明了，诊断识别率可以在日常的使用、测试、研究等过程中，通过积累经验数据或实验测试数据而获得。The failure mode of sensor A in Figure 1 is counted as Fi, its corresponding failure rate is Ri, and the corresponding diagnostic recognition rate is Di (where i=1 to n). Among them, Ri refers to the failure probability of sensor A in the corresponding failure mode Fi. Among them, the diagnostic recognition rate Di is the quantified value of the safety mechanism, which is the probability that the sensor A can perform correct diagnostic recognition in a certain working range of the corresponding failure mode Fi. Specifically, for example, if sensor A is a wheel speed sensor, its possible working range is several speed ranges, and if sensor A is a steering wheel handover sensor, its possible working range is some angle ranges, then the corresponding diagnostic recognition rate Di is is the diagnostic recognition rate within a corresponding specific speed range or angle range. Here, those skilled in the art can understand that the diagnostic recognition rate can be obtained by accumulating empirical data or experimental test data during daily use, testing, research, and the like.

类似地，将图1中电子控制单元B的失效模式计为Fj，其相应的失效率为Rj,与之对应的诊断识别率为Dj（其中j=1至m）。Similarly, the failure mode of electronic control unit B in Figure 1 is counted as Fj, its corresponding failure rate is Rj, and the corresponding diagnostic recognition rate is Dj (where j=1 to m).

假设上述元件A、B的所有失效模式均与安全相关，则图1中所示信号链的总残余失效率RF应为：Assuming that all failure modes of the above components A, B are safety-related, the total residual failure rate RF of the signal chain shown in Figure 1 should be:

${Σ Σ}_{i i = = 11}^{n no} {R R}_{i i} \times \times ((11 - - {D D.}_{i i})) + + {Σ Σ}_{j j = = 11}^{m m} {R R}_{j j} \times \times ((11 - - {D D.}_{j j})) = = RF RF$

其中，整数1与诊断识别率D的差值意味该元件不能进行诊断识别的概率，即，诊断未识别率。Wherein, the difference between the integer 1 and the diagnostic recognition rate D means the probability that the component cannot be diagnosed and recognized, that is, the diagnostic non-recognized rate.

然而，需要注意的是，上述信号链的残余冗余失效率的计算方法的前提条件是，需要知道信号链上各个元件的失效模式和失效率，因为只有知道了这两者才可能获得该失效模式下元件的残余失效率的统计数据（否则即便是知道在一些具体情况下对应的诊断识别率的统计数据，也无法知道所获得的诊断识别率统计数据与哪个失效率对应，导致仍然无法计算元件的残余失效率）。However, it should be noted that the prerequisite for the calculation method of the residual redundancy failure rate of the above signal chain is that the failure mode and failure rate of each component on the signal chain need to be known, because only by knowing these two can the failure rate be obtained. Statistical data of the residual failure rate of components in the mode (otherwise, even if the statistical data of the corresponding diagnostic recognition rate in some specific cases is known, it is impossible to know which failure rate the obtained diagnostic recognition rate statistical data corresponds to, resulting in still being unable to calculate component residual failure rate).

可见，要想使用上式来计算信号链的残余失效率，则必须知道每个元件的失效模式和失效率，从而在此基础上得到对应的残余失效率。然而，如前所述，元件的失效模式和失效率往往作为商业秘密而被制造商保留，因此，需要找到替代的方式计算信号链的残余失效率。It can be seen that in order to use the above formula to calculate the residual failure rate of the signal chain, the failure mode and failure rate of each component must be known, so as to obtain the corresponding residual failure rate on this basis. However, as mentioned earlier, the failure modes and failure rates of components are often kept as trade secrets by manufacturers, therefore, an alternative way of calculating the residual failure rate of the signal chain needs to be found.

如上文所述，本发明是通过利用PPM值从而对无法获知其失效模式和相应的失效率的元件，计算其残余失效率的，进而计算整条信号链的总残余失效率。这是因为，在信号链上各元件的可获得的信息中，PPM（PartsPer Million）值则是相对公开的产品信息。其中，PPM值为元件在指定时段内指定数量中的坏件量。下文中，以每年每百万件中的坏件数量作为PPM值的一个实例。当然，在具体实践中，PPM值的选取并不限于此。对于本领域技术人员而言，也可以将PPM值设为每六个月、每三个月、每三年等任意合适的时间段内每百万件、每十万件等任意数量的元件中，坏件的数量。可见，PPM值的具体选取，是可以视具体情况而定的。As mentioned above, the present invention calculates the residual failure rate of components whose failure mode and corresponding failure rate cannot be known by using the PPM value, and then calculates the total residual failure rate of the entire signal chain. This is because, among the available information of each component on the signal chain, the PPM (Parts Per Million) value is relatively public product information. Among them, the value of PPM is the amount of bad parts in the specified quantity of components within the specified period. In the following, the number of bad parts per million pieces per year is used as an example of PPM value. Of course, in practice, the selection of the PPM value is not limited to this. For those skilled in the art, the PPM value can also be set to every six months, every three months, every three years, etc. in any suitable period of time, such as every million pieces, every hundred thousand pieces, etc. in any number of components , the number of bad pieces. It can be seen that the specific selection of the PPM value can depend on the specific situation.

下面结合图1所示信号链以及图2所示的方法描述利用PPM值计算元件乃至整条信号链的残余失效率的过程。其中，假设图1所示的信号链中，传感器A的失效模式和相应的失效率未知。电子控制单元B的失效模式和相应的失效率已知。The following describes the process of using the PPM value to calculate the residual failure rate of components and even the entire signal chain in conjunction with the signal chain shown in FIG. 1 and the method shown in FIG. 2 . Among them, it is assumed that in the signal chain shown in Figure 1, the failure mode and corresponding failure rate of sensor A are unknown. The failure modes and corresponding failure rates of ECU B are known.

如图2所示，在步骤201中，对于无法获知其失效模式和相应的失效率的传感器A，获得其对应的PPM值。这里，作为举例，将PPM值选为传感器A每年每百万件中的坏件量。As shown in FIG. 2 , in step 201 , for a sensor A whose failure mode and corresponding failure rate cannot be known, its corresponding PPM value is obtained. Here, as an example, the PPM value is selected as the number of defective parts per million pieces per year for sensor A.

在步骤202中，利用所获得的传感器A的PPM值，获得该元件的计次失效率FIT（Failure In Time）值。其中，FIT表示在特定时段内，例如109小时的时段内，传感器A的失效率。当PPM为传感器A每年每百万件中的坏件量、取时间段为10⁹小时的情况下，FIT值可表达为：In step 202, the FIT (Failure In Time) value of the element is obtained by using the obtained PPM value of the sensor A. Wherein, FIT represents the failure rate of the sensor A within a certain period of time, for example, within a period of 109 hours. When PPM is the number of bad parts per million pieces of sensor A per year, and the time period is 10 ⁹ hours, the FIT value can be expressed as:

$\frac{PPM PPM}{1010^{66} \times \times 365365 \times \times 24 twenty four} \times \times 1010^{99}$

其中，PPM与（10⁶×365×24）的商表示每件传感器A每小时的坏件概率，即，传感器A的失效率。Wherein, the quotient of PPM and (10 ⁶ ×365×24) represents the failure probability of each sensor A per hour, that is, the failure rate of the sensor A.

在步骤203中，针对每个这样的元件，例如传感器A，提取其与安全相关的所有失效模式中全部工作区间下的诊断识别率的统计数据的最小值，作为传感器A的最小诊断识别率。依据该最小诊断识别率，获得其最大诊断未识别率（例如，100%和最小诊断识别率的差）。In step 203, for each such component, such as sensor A, the minimum value of the statistical data of diagnostic recognition rates in all working ranges in all safety-related failure modes is extracted as the minimum diagnostic recognition rate of sensor A. According to the minimum diagnostic recognition rate, its maximum diagnostic non-recognition rate (for example, the difference between 100% and the minimum diagnostic recognition rate) is obtained.

在步骤204中，基于元件的计次失效率FIT值和最大诊断未识别率，In step 204, based on the failure count FIT value of the component and the maximum diagnosis unrecognized rate,

获得该元件（传感器A）与安全相关的最大残余失效率。例如，将FIT值与最大诊断未识别率相乘，求得传感器A的残余失效率的最大值。Obtain the maximum safety-related residual failure rate for this component (sensor A). For example, multiply the FIT value by the maximum diagnostic non-recognition rate to obtain the maximum value of the residual failure rate of sensor A.

在步骤205中，对已知失效模式及失效率的其余元件（例如图1中的电子控制单元B），获得其与安全相关的残余失效率。In step 205 , for the remaining components (such as the electronic control unit B in FIG. 1 ) whose failure modes and failure rates are known, obtain their safety-related residual failure rates.

在步骤206中，结合上述元件（传感器A）的最大残余失效率及其余元件（电子控制单元B）的残余失效率，将这两部分失效率求和，获得整个信号链的残余失效率的最大值。信号链总残余失效率的最大值（RFworstcase）具体如下式所示：In step 206, combined with the maximum residual failure rate of the above-mentioned component (sensor A) and the residual failure rate of other components (electronic control unit B), the two part failure rates are summed to obtain the maximum residual failure rate of the entire signal chain value. The maximum value of the total residual failure rate of the signal chain (RFworstcase) is specifically shown in the following formula:

$\frac{PPM PPM}{1010^{66} \times \times 365365 \times \times 24 twenty four} \times \times 1010^{99} \times \times ((11 - - {MIN MIN}_{i i = = 11}^{n no} (({D D.}_{i i})))) + + {Σ Σ}_{j j = = 11}^{m m} {R R}_{j j} \cdot &Center Dot; ((11 - - {D D.}_{j j})) = = {RF RF}_{worstcase worst case}$

例如，在具体的应用中，整车厂可按照上述方式估计轮速传感器的最大残余失效率，ABS供应商提供其产品相关的残余失效率，那么对两部分求和，即可得到信号链总残余失效率的最大值。类似地，ESC供应商也可提供其产品相关的残余失效率，对于其余类型的传感器，诸如轮速传感器、方向盘转角传感器、真空传感器等，则可按照上述方法求得其最大残余失效率，然后对这两部分求和从而得到信号链相应的总残余失效率的最大值。For example, in a specific application, the vehicle manufacturer can estimate the maximum residual failure rate of the wheel speed sensor according to the above method, and the ABS supplier provides the residual failure rate related to its product, then the sum of the two parts can be obtained The maximum residual failure rate. Similarly, ESC suppliers can also provide the residual failure rate related to their products. For other types of sensors, such as wheel speed sensors, steering wheel angle sensors, vacuum sensors, etc., the maximum residual failure rate can be obtained according to the above method, and then These two parts are summed to obtain the maximum value of the corresponding total residual failure rate of the signal chain.

如上文所述，在获得了信号链的总残余失效率的最大值之后，即可将其与预定的安全完整性等级（例如根据道路车辆功能安全标准ISO26262的规定）进行比对，从而评估出信号链的安全完整性等级。例如，在上文所示的示例中，若残余失效率在100FIT以内，则这一指标可满足安全完整性等级B的要求。As mentioned above, once the maximum value of the total residual failure rate of the signal chain is obtained, it can be compared with a predetermined safety integrity level (eg according to the road vehicle functional safety standard ISO26262) to evaluate the The safety integrity level of the signal chain. For example, in the example shown above, if the residual failure rate is within 100FIT, then this indicator can meet the requirements of safety integrity level B.

需要注意的是，上文中PPM的值以及FIT值的时间段的取值都是可以根据具体的需要以及应用环境等诸多有关因素来设定的。例如，FIT可以选为10^-7小时。It should be noted that the value of the PPM and the time period of the FIT value mentioned above can be set according to specific needs, application environment and many other related factors. For example, FIT can be selected as 10 ^-7 hours.

根据上文结合图1、图2所描述的示例性实施例，本发明通过利用PPM值实现了对于不知晓其失效模式和失效率的元件的残余失效率的估计。这一方法有助于简化评估过程，降低评估难度。通过利用PPM信息来替代计算中所需要的信号链中各个相关元件的失效模式和失效率信息，完成该信号链残余失效率的近似估算。考虑到残余失效率是信号链安全完整性等级评估的一个重要指标，本发明所提出的方案明显地缓解了现有评估方法中的瓶颈。According to the exemplary embodiment described above in conjunction with FIG. 1 and FIG. 2 , the present invention realizes the estimation of the residual failure rate of an element whose failure mode and failure rate are unknown by using the PPM value. This approach helps to simplify the assessment process and reduce the difficulty of assessment. By using the PPM information to replace the failure mode and failure rate information of each relevant component in the signal chain required in the calculation, the approximate estimation of the residual failure rate of the signal chain is completed. Considering that the residual failure rate is an important index for evaluating the safety integrity level of the signal chain, the scheme proposed by the present invention obviously alleviates the bottleneck in the existing evaluation method.

上文的描述本质上是示例性的而非限制性的。对于本领域技术人员来说，对所公开的示例的任何为了适应具体的环境、要求等因素而进行的变型和修改都是可行的。而且，上文按一定顺序公开了方法的具体操作步骤。但是，这不意味着行文顺序代表了步骤的执行顺序。因此，本领域技术人员可以理解，可在仍能实施本发明的前提下对方法的具体操作步骤进行改变，例如，将上述方法的步骤进行合并或进一步的拆分、调换顺序等等。无论如何，本发明的保护范围由所附权利要求的内容及其等效内容来确定。The foregoing description is exemplary rather than restrictive in nature. For those skilled in the art, any variations and modifications to the disclosed examples to adapt to specific circumstances, requirements and other factors are feasible. Moreover, the specific operation steps of the method are disclosed above in a certain order. However, this does not mean that the order in which the text is presented represents the order in which the steps are performed. Therefore, those skilled in the art can understand that the specific operation steps of the method can be changed on the premise that the present invention can still be implemented, for example, the steps of the above method are combined or further split, and the order is changed. In any case, the protection scope of the present invention is determined by the contents of the appended claims and their equivalents.

Claims

1. A method for determining the maximum residual failure rate of signal chain in the evaluation of automobile safety integrity level, wherein, said signal chain refers to the path through which signal flows in the evaluation, and determines its maximum residual failure rate by the following steps:

For the component whose failure mode and corresponding failure rate cannot be known, obtain its corresponding PPM value, where the PPM value is the number of bad parts in the specified quantity of the component within the specified period;

Using the obtained PPM value of the component to obtain the count failure rate of the component;

For each of the above components, obtain the minimum diagnostic recognition rate among all safety-related failure modes, and then obtain the maximum diagnostic non-recognition rate of the component;

Obtaining the maximum residual failure rate of the component related to safety based on the counted failure rate of the component and its maximum diagnostic non-recognition rate;

For the remaining components with known failure modes and failure rates, obtain their safety-related residual failure rates;

Combining the maximum residual failure rate of the above components with the residual failure rate of the remaining components, the maximum value of the residual failure rate of the entire signal chain is obtained.

2. The method for determining the maximum residual failure rate of a signal chain in an automobile safety integrity level assessment according to claim 1, said signal chain comprising a sensor and an electronic control unit receiving a sensor signal, wherein said sensor's The failure modes and corresponding failure rates are unknown.

3. The method for determining the maximum residual failure rate of the signal chain in the automotive safety integrity level assessment according to claim 1, wherein the counted failure rate of each failure mode and the corresponding failure rate unknown element and The product of the maximum diagnostic non-recognition rate is taken as the maximum safety-related residual failure rate of the component, and the maximum diagnostic non-recognition rate is the difference of the integer 1 and the previously obtained minimum diagnostic recognition rate associated with the component.

4. The method for determining the maximum residual failure rate of the signal chain in the vehicle safety integrity level assessment according to claim 2, wherein the electronic control unit is an electronic braking system.

5. The method for determining the maximum residual failure rate of the signal chain in the vehicle safety integrity level assessment according to claim 4, wherein the sensor is a wheel speed sensor, a steering wheel angle sensor and/or a vacuum sensor, so The electronic braking system described above is an electronic stability control system.

6. The method for determining the maximum residual failure rate of the signal chain in the vehicle safety integrity level assessment according to claim 4, wherein the sensor is a wheel speed sensor, and the electronic braking system is an anti-lock braking system moving system.

7. The method for determining the maximum residual failure rate of the signal chain in the vehicle safety integrity level assessment according to claim 1, the remaining safety-related residual failure rates of the remaining components are calculated in the following manner:

For each of the remaining components, the failure rate and diagnostic recognition rate in each failure mode are obtained, and the difference between the integer 1 and the recognition rate is used as the diagnostic non-recognition rate of the component, and the failure rate in each failure mode is The product of the failure rate of the failure mode and the failure rate of diagnosis is taken as the residual failure rate of the failure mode;

The residual failure rates for each failure mode of each component are summed to obtain the safety-related residual failure rate for that component.

8. The method for determining the maximum residual failure rate of the signal chain in the automotive safety integrity level assessment according to claim 1, wherein the PPM value is the number of defective parts per million pieces per year of the component, so The stated failure rate