New energy vehicle safety killer: Analysis of high voltage power failure on expressways
The sudden loss of power on the expressway of new energy vehicles is a very serious safety accident. For the driver and occupant, it can lead to fatal injury. Although similar accidents have occurred in fuel vehicles, the nature and complexity of new energy vehicles relying on electric power to drive will significantly increase the number of vehicle control modules and increase the difficulty of control and monitoring.
With the functional characteristics of the new modules, the calculation accuracy of the VCU driving range, the pros and cons of the strategic control level, the estimation of the remaining power of the power source battery, the insulation problem, and the reliability of the high-voltage relay of the power output under high current, high voltage and complex working conditions When such problems arise, multiple security factors coexist, and the complexity is obvious. Problems in any one link, such as hardware failure, exceeding the limits that can be controlled by the policy, or inadequate monitoring of the policy, are very dangerous. Therefore, new energy vehicles face more severe safety challenges than fuel vehicles. At the beginning of the design, more careful design and testing, and innovation of new technologies are required.
In this paper, from the perspective of the output power of the battery system, it focuses on the analysis and elaboration from the perspective of the reliability of the battery part of the hardware. This is just the tip of the iceberg of high voltage power outages.
Functional safety, there are always "fish that slip through the net"
No product can be free from defects and bugs. Although the functional safety of automotive products is first-class, and has been tested and verified, there are still occasional "callbacks" incidents and customer complaints. I have also seen user descriptions of vehicle loss of power failures in Tesla user forums:
Although customers may be biased and inaccurate when describing Tesla car failures, "fortunately, there are not too many on the highway late at night..." Fortunately, the risks behind it are real. It is impossible to check how Tesla solved it, but the danger it brings to users always reminds designers that there should be no "oversights". It is the long-term reputation of the product.
High-voltage brownout analysis "fault tree"
There are generally three states for a high voltage circuit breaker, the first being an emergency or uncontrollable power failure described below. The second is a controllable emergency shutdown behavior, which generally requires immediate opening of the relay and rapid reduction of the discharge current limit to zero. The third is that the VCU requires the BMS to power off (there is also a direct control form of the VCU), disconnect the relay according to normal steps, and reduce the discharge current to zero at a certain rate. The second and third states are controllable, and the third is safer than the second. The first state is out of control or unmonitored control, and is the most dangerous. We choose one of "relay failure" to analyze.
The high-voltage relay is the "gateway" for power output, and it is also a device that "disconnects" high-voltage in functional safety.
The setting of the position of the high-voltage relay, from a safety point of view, is generally placed at the shortest distance from the output power of the battery pack. The main purpose is to ensure the shortest high-voltage circuit in the non-controllable part, and at the same time to ensure that the power is cut off quickly and completely. Therefore, the safety of the relay itself is very important and the only one.
Here we focus on analyzing the most direct contact failure: there are two forms, one is adhesion; the other is oxidation caused by arcing on the surface of the contact, and the resistance is seriously increased, resulting in non-connection failure.
Example: Circuit state when contacts are damaged: Momentary, Intermittent, Permanent Interruption Illustration:
Although the contact damage is gradually worsening, the probability of cliff-like phenomenon is extremely low, but it does happen occasionally. At present, in terms of active protection, it is still relatively advanced and effective, but in terms of passive protection, there is still no more effective method. First, let's take a look at some methods of active protection, mainly effective measures taken in contact arc extinguishing:
1. In the closed contact chamber, it is filled with hydrogen, nitrogen or a mixture of the two, which has very good cooling ability and anti-oxidation characteristics for the arc. At the same time, through the structural design, the arc leakage is prevented and the explosion-proof structure ensures the functional safety of the relay. At present, this method is generally adopted for high-voltage relays of vehicle grade.
2. The addition of the magnetic structure of LSIS, combined with the function of hydrogen charging to extinguish the arc, also has a very good effect. As shown below.
Therefore, the safety of high-voltage relays is not only as simple as parameter value matching, but also general selection: matching suitable current, voltage, and power steps. I personally feel that it is more important to choose a more reasonable relay manufacturer brand for different vehicle product needs. By identifying the pros and cons of the manufacturer's products, analyzing and exploring the technology, testing level, and innovation level they have accumulated over the years, and looking at the reliability of their products, it is a more secure approach. Safe relay products do require long-term experience accumulation by manufacturers.
Redundant design is an indispensable guarantee for functional safety
In the redundant design of functional safety modules in traditional vehicles, it was first implemented from a software perspective, for example, the application of steering and braking control modules is like this. However, with the continuous improvement of functional safety requirements in recent years, the practice of adding backup control modules (redundant modules) from a hardware perspective has become more and more popular. Because the redundancy of the hardware is more thorough and effective, the risk value is greatly reduced.
In the battery system, two relays, the main positive and the main negative, are set in the high-voltage main bus circuit, which is actually a case of functional safety redundancy design. The failure of any one of the main positive and main negative relays will not hinder the safe disconnection of the main circuit. However, with the two relays, redundancy is missing in guaranteeing abnormal power downs. It is also uncontrollable.
For another example, the two independent motors of the Tesla MODEL 3 four-wheel drive can continue to drive the vehicle if either one stops working, without leaving you stuck on the road. So, despite Tesla's faults and accidents, there is still a lot to be learned in terms of innovation and new technologies.
For redundant design, in terms of power supply, especially power supply, there are certain difficulties from the perspective of hardware, especially from the perspective of cost, it is difficult to realize. However, this cannot be an obstacle or a reason. Like the hardware in the drive section, functional safety also needs to go hand in hand.
Which parts of the battery system need more redundant design for highway power failure
Note: The redundant functions in the table are mainly redundant in terms of strategies. In terms of hardware, it is not fully implemented on current vehicles. I'm just an assumption from the point of view of design goals. The functional safety of the battery system still has a long way to go, especially in the face of the major safety risks of high-voltage power outages on expressways, which requires technological innovation.
summary
In this paper, the high-voltage power failure of the expressway is analyzed as a window of functional safety. The reasons are very complex and many, which are not detailed in this article, and more parts of the design are still being explored, such as battery system redundancy, which requires innovative ideas. Therefore, we can only throw questions to arouse everyone's resonance and thinking.
Vacuum Cleaner Dc Dry-Wet Motor
Vacuum Cleaner Dc Dry-Wet Motor,Motor Vacuum Cleaner Robot,Dc Wet Vacuum Cleaner Motor,Dc Dry Vacuum Cleaner Motor
Zhoushan Chenguang Electric Appliance Co., Ltd. , https://www.vacuum-cleaner-motors.com