Emic Effects on controlling automobile safety

535 views
376 views

Published on

This is basically a case study which is done on vehicles braking system which is effected due to emic effect which caused many accidents.

This presentation thus points out the emic effects and how it can be controlled in safety products

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
535
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Emic Effects on controlling automobile safety

  1. 1. Controlling Automobile Safety Risks caused by EMI A case study to introduce “EMC for Functional Safety” Harshit Srivastava Rahul Sinha
  2. 2. EMC For Functional Safety Is Rapidly Becoming Very Important Indeed, As Electronic Control Spreads Throughout All Applications • So it is the focus of several new and modified IEC safety standards, • IEC TS 61000-1-2 (basic standard, EMC for functional safety ) • Draft IEC 61000-6-7 (generic standard, EMC for functional safety) • IEC 66061-1-2 draft ed4 (medical EMC)
  3. 3. Why can no-one prove SUA by testing? Example: NHTSA has had up to 3,000 SUA complaints in one year Assuming 30 million vehicles on the road, that’s a rate of 1 in 10,000 per vehicle per year... Assuming an average drive of 1 hr/day, 6 days/week, gives us one SUA per 3,120,000 hours of driving To detect one SUA in just one model would require testing 36 vehicles, 24/7, for 10 years !!!! or driving a single vehicle about 200 million miles
  4. 4. Background • • • • • • • Sudden Unintended Acceleration (SUA) Has Been A Problem For All Automakers Since The Early 1980s... Starting With The First Vehicles With Automatic Gearboxes That Were Also Fitted With Electronic Cruise Control... A Malfunctioning Cruise Control Can Take Over Throttle Control From The Driver, Possibly Creating “WOT” (Wide Open Throttle) But Automakers And NHTSA Have Always Blamed SUA On Driver "Pedal Error“... • Or Sticky Pedals.
  5. 5. Background continued... • • • • Electronic Malfunctions.... A Major Part Of The Development Time Of A New Product Can Be Insuring That It Doesn’t Do What It Shouldn’t! Since SUA Only Afflicts Vehicles With Auto Boxes And Cruise Control (Or Electronic Throttle Control) • And Incidence Has Increased 400% On A Given Model • When Its Manual Throttle Was Replaced By “E-throttle”... • The Cause Of Most SUA’s Is Electronic Malfunctions, And That EMI Can Be A Factor
  6. 6. What in the electronics could cause SUA? • Misoperation or faults in electronics, specifically... • Sensors (gas pedal position, throttle valve position)... • Microprocessors and their memories (in the ECC)...Software (in the ECC)...Data communications (CAN bus, LIN bus, etc.)... e.g. even though e-throttle systems don’t use data buses for their throttle control signals, CAN bus connects to the ECC and errors in it can cause software protocol failures that can ‘ripple through’, affecting everything in the ECC... Actuators and their drivers (the throttle valve motor and its drive circuits)
  7. 7. What can cause electronics to suffer errors or malfunctions? known as EMI (ElectroMagnetic • Unwanted electrical noise Interference) Mistakes (“bugs”) in the software program Intermittent electrical connections • Incorrect interaction between system components • Incorrect assembly, bad components, faults, ionizing radiation, etc.
  8. 8. Balance of probabilities continued... • The likely cause(s) has (have) to be decided on the balance of probabilities... which requires a comprehensive risk assessment that takes everything into account..., • but of course there are other possibilities, including: • - incorrect assembly, • - “bad batches” of components, • - faults (including intermittents), • - software glitches, • - tin whiskers, • - ionizing radiation, • - and chance combinations of any/all of the above
  9. 9. Safety Standards and Independent Assessments • Aviation and rail vehicles must comply with tough, peerreviewed, public functional safety standards, derived from IEC 61508, e.g.... And no vehicle is supplied to an end-user until “signed off” by an isa (independent safety assessor) • Although cars expose many more people to risks of injury and death each year... Automakers do not meet public functional safety standards, or have vehicles independently assessed.
  10. 10. Software “Bugs” • A software program is a series of written instructions (lines of “code”) for a digital computer (E.G. A microprocessor) to follow... The lines of code tell the computer how to read the input signals from sensors (e.G. Pedal position sensor, throttle valve position sensor)... And how to respond by sending control signals to actuators (e.g. The throttle valve motor)... • The software program must be designed to ensure the safe behaviour of the complete vehicle as a system a typical modern car has 20+ million lines, of lower quality code than the space shuttle, so we should expect at least two thousand latent bugs in every car !!! • Many auto recalls are now for software reprogramming
  11. 11. Case Study On Toyota • According to the NHTSA, the initial problem resulted when the accelerator pedal was depressed to, or almost to the floor, during sudden acceleration. • It can become trapped in the fully open position by an out of position floor mat. • The problem was later identified as a possible mechanical sticking of the accelerator pedal • As of February 2011, approximately 14 million cars worldwide have been involved in these recalls.
  12. 12. Electronic throttle control “e-throttle” • Cables carry signals between modules Engine control computer, “ECC” Throttle valve motor and position sensors Gas pedal sensors
  13. 13. Example of an e-throttle gas pedal Plug for the single unshielded wire bundle that carries both sensor signals to the ECC Plain plastic body (unshielded against EMI) The dual sensor assembly is inside here
  14. 14. The sensor PCB in the gas pedal The single unshielded wire bundle that carries both sensor signals to the ECC plugs in here Hall-effect sensors in one package
  15. 15. Recommendations By NHTSA • Brake override systems Standardized operation of keyless ignition system Data recorders in all passenger vehicles • Research on reliability & security of electronic control systems • Research on placement & design of accelerator & brake pedals and driver usage of these pedals
  16. 16. Solution They Tried To Provide • Toyota’s remedies: Accelerator pedal reconfigured by the dealers to shorten it • Development of replacement pedals for the vehicles (available for some models in April 2010) • Offering owners who chose to have their pedals reconfigured would be offered the replacement pedal when it became available • Providing all-weather floor mats Installation of a brake override system on certain models – enabling the car to stop if both the brake and the accelerator were pushed simultaneously
  17. 17. Electromagnetic Interference (EMI) • The physical laws that govern all electrical/electronic power, signals, radiowave propagation, infra-red and light... Are maxwell’s equations the same laws that govern emi ! • So all applications of electricity and electronic power and signals, create and suffer from emi... • Emi is inherent, inevitable, unavoidable in all electronics including software, which runs on hardware... • No exceptions are possible in this universe, ever
  18. 18. One of GM’s EMC test chambers, in 2008
  19. 19. EMI continued... • EMC tests aren’t done with foreseeable faults simulated (e.G. Failed EMI filter, failed surge protector) to verify the safety back-up or failsafe measures ... and tests do not simulate real-world conditions , e.G. Anechoic test chambers only test with radio waves coming from a few fixed directions... • But in real life they will come from any/all directions, some of which will most probably have a worse effect... And no practical amount of testing can ever be sufficient • Anyway – given the huge number of possible test combinations required....
  20. 20. SILs „Safety Integrated Level‟ (from IEC 61508) and EMC Testing • If we assume that an affordable EMC immunity test plan covers up to 90% of real-life exposure to EMI over the anticipated lifetime...It surely can’t be more than this! • Then the emc testing barely reaches the minimum level to achieve sil (90 to 99%)... So we need to do 10 times more testing to reduce the risks from emi for sil.... • And 10,000 times more testing work for sil level 4... • Clearly unaffordable, impractical
  21. 21. What should be done? • This ‘reliability-proving’ problem faced the software industry, who solved it during the 1990s (resulting in IEC 61508-3) • We need to use the same basic methods.... • The use of proven emc design techniques... • Plus a range of verification/validation methods... E.G. Checklists, reviews, assessments, audits, validated computer modeling, etc... • Plus emc immunity testing designed case-by-case to improve confidence for certain issues… (The EMC aspects are all described in the iet’s 2008 guide)
  22. 22. Thank You “Electromagnetic interference leaves no trace, it goes away just as it came.”

×