Fail-safe modes are designed to
bring the motor control system,
in the case of a failure, to a
predefined safe state, such as
opening all phases to avoid
current circulation or shorting
specific sides of the inverter
to stop potential uncontrollable
accelerating or braking
motor torque."
continuously monitor sensor inputs by cross-
checking measurements with expected behavior to
detect and counteract any anomalies.
Secondly, designers should consider energy
discharge in crash situations. In such situations,
ensuring that no stored energy remains in the system
is paramount. Mechanisms that safely discharge
energy from the inverter and other high-voltage
components must be implemented to prevent
additional hazards.
Designers must also account for human errors
during maintenance. Such considerations include
ensuring that the system is safe to handle even when
maintenance personnel might inadvertently create
fault conditions or dangerous work situations. For
example, built-in safety interlocks allow the discharge
of the high-voltage bus to avoid inadvertent short
circuits caused by technician work. Clear diagnostic
messages and guided troubleshooting procedures
embedded within the system's software help
technicians identify and resolve issues without
introducing new faults.
C h a p t e r 3 | Fu n c t i o n a l S a f e t y i n A u t o m o t i v e M o t o r C o n t r o l
Jérôme Dietsch
Senior Principal Functional Safety Architect,
Electrification Systems, NXP Semiconductors
19
11 Experts Discuss Advanced Motor Control for Modern Electric Vehicles
