High performance and EV power train system using C2000 MCU for functional safety

The power train in Electric Vehicle (EV) requires the highest level of Automotive Functional Safety Integrity Level (namely ASIL D) system due to the life-critical risk associated with the failure. The development of these systems typically involves the usage of hardware components and software that meets the highest functional safety levels. This can result in a significantly higher cost of development and component compared to a lower functional safety integrity solution. Besides cost, the key challenge of these systems is the rising high performance (RPM and efficiency) requirement for EV motors due to the underlying range and efficiency targets. These goals are difficult to achieve using generic safety-certified MCUs. This paper proposes a system solution using components with different safety integrity levels and software support for system-level safety requirement decomposition. The solution consists of innovative techniques namely optimal decomposition of safety requirements, an intelligent safety-checker for high-performance motor drive, and enabling Freedom From Interference (FFI) due to the mix-criticality of hardware and software components in the system. The proposed solution is implemented on Texas Instruments' C2000 MCU (F2838x) for motor control and TMS570 MCU for safety augmentation meeting the highest automotive functional safety level i.e. ASIL D assessed by TÜV SÜD. The ASIL decomposition-based safety concept eliminates the need for entire solution redevelopment as well as ability to scaleup motor control performance with a software upgrade to the C2000 MCU (F2838x) without significant changes to the safety architecture.