CN111755763A - BMS function safety control system and control method - Google Patents
BMS function safety control system and control method Download PDFInfo
- Publication number
- CN111755763A CN111755763A CN202010669250.XA CN202010669250A CN111755763A CN 111755763 A CN111755763 A CN 111755763A CN 202010669250 A CN202010669250 A CN 202010669250A CN 111755763 A CN111755763 A CN 111755763A
- Authority
- CN
- China
- Prior art keywords
- module
- instruction
- battery
- power supply
- main processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000004891 communication Methods 0.000 claims description 42
- 238000012545 processing Methods 0.000 claims description 22
- 238000012937 correction Methods 0.000 claims description 10
- 230000005540 biological transmission Effects 0.000 description 12
- 238000011084 recovery Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000007599 discharging Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 210000001503 joint Anatomy 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01M—PROCESSES OR MEANS, e.g. BATTERIES, FOR THE DIRECT CONVERSION OF CHEMICAL ENERGY INTO ELECTRICAL ENERGY
- H01M10/00—Secondary cells; Manufacture thereof
- H01M10/42—Methods or arrangements for servicing or maintenance of secondary cells or secondary half-cells
- H01M10/425—Structural combination with electronic components, e.g. electronic circuits integrated to the outside of the casing
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J7/00—Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01M—PROCESSES OR MEANS, e.g. BATTERIES, FOR THE DIRECT CONVERSION OF CHEMICAL ENERGY INTO ELECTRICAL ENERGY
- H01M10/00—Secondary cells; Manufacture thereof
- H01M10/42—Methods or arrangements for servicing or maintenance of secondary cells or secondary half-cells
- H01M10/425—Structural combination with electronic components, e.g. electronic circuits integrated to the outside of the casing
- H01M2010/4271—Battery management systems including electronic circuits, e.g. control of current or voltage to keep battery in healthy state, cell balancing
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E60/00—Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
- Y02E60/10—Energy storage using batteries
Landscapes
- Engineering & Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Manufacturing & Machinery (AREA)
- Chemical & Material Sciences (AREA)
- Chemical Kinetics & Catalysis (AREA)
- Electrochemistry (AREA)
- General Chemical & Material Sciences (AREA)
- Power Engineering (AREA)
- Charge And Discharge Circuits For Batteries Or The Like (AREA)
Abstract
The invention provides a BMS functional safety control system and a control method, wherein the BMS functional safety control system comprises a signal acquisition module for acquiring battery signals, a main processor connected with the signal acquisition module and used for judging whether the battery module has faults according to the battery signals, a power control module connected with the main processor, a hardware safety logic module connected with the power control module and the signal acquisition module, and a driving module connected with the main processor and the hardware safety logic module; when the battery module fails, the main processor generates a drive maintaining instruction to the drive module, and when the battery module fails, the main processor generates an operation entering safety instruction to the power supply control module, and then the power supply control module generates a first hardware safety instruction to the hardware safety logic module, so that the hardware safety logic module controls the drive module to stop driving and close a corresponding power supply. The invention strengthens and realizes the safety protection of the BMS system and reduces the risk of execution errors.
Description
Technical Field
The invention relates to the technical field of battery management, in particular to a BMS function safety control system and a control method.
Background
The BMS needs to have a safety function in application, and needs to ensure functional safety when a fault occurs, which is related to the chip characteristics, software and hardware architecture, and circuit topology used, and also needs to consider the level of functional safety achieved by design. In the existing BMS system design, for battery charge/discharge management, when the battery is over-temperature or over-charged or over-discharged, the BMS system needs to send a signal to disconnect the bus relay, but when the BMS system fails, this safety function may be disabled. Failure of the safety function may cause the actuator to perform an error, thereby causing a dangerous situation to occur.
When the existing BMS system manages the charging/discharging of the battery, when one of a sensor acquisition loop, a communication loop and a driving loop breaks down, the normal execution function of an executor may be failed, and each system fault comprises failure of a component, acquisition error, transmission error or instruction error.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a BMS function safety control system and a control method, which strengthen the safety protection of the BMS and reduce the risk of execution errors of an actuator caused by the failure of the safety function of the BMS.
To achieve the above object, the present invention provides a BMS function safety control system including:
the signal acquisition module is used for acquiring a battery signal in the battery module;
the main processor is connected with the signal acquisition module and used for judging whether the battery module has a fault according to the battery signal, if the battery module has no fault, generating a drive maintaining instruction, and if the battery module has a fault, generating a safe operation entering instruction;
the power supply control module is used for receiving the security operation entering instruction and generating a first hardware security instruction, and is connected to the main processor;
the hardware safety logic module is used for receiving the first hardware safety instruction and generating a first enabling instruction and a second enabling instruction, and the hardware safety logic module is connected to the power supply control module and the signal acquisition module;
the driving module is used for maintaining the driving of the battery module when receiving the driving maintaining instruction, stopping the driving of the battery module when receiving the first enabling instruction, and turning off the power supply of the driving module when receiving the second enabling instruction, wherein the driving module is connected with the main processor and the hardware safety logic module;
and the signal acquisition module turns off the power supply of the signal acquisition module when receiving the second enabling instruction.
According to the BMS functional safety control system, the transmission paths for entering the safety operation instructions are increased through the arrangement of the power control module and the hardware safety logic module, when the battery module fails, the main processor can transmit the entering safety operation instructions to the driving module through more transmission paths, so that when part of the transmission paths in the BMS functional safety control system fail, other transmission paths can correctly transmit the instructions, the driving module is ensured to stop driving the battery module, the safety protection of the BMS system is enhanced, and the risk of execution errors of an actuator caused by the failure of the safety function of the BMS system is reduced.
The BMS function safety control system of the invention is further improved in that:
the communication module is connected with the hardware safety logic module, the main processor and the upper computer;
if the main processor judges that the battery module is in failure, an error reporting instruction is generated and sent to the upper computer through the communication module, timing is started while the error reporting instruction is generated, and if feedback information of the upper computer is not received within a certain time, the safe operation entering instruction is generated;
the power supply control module also generates a second hardware safety instruction when receiving the entering safety operation instruction;
the hardware security logic module generates a third enabling instruction when receiving the second hardware security instruction;
and the communication module stops communication when receiving the third enabling instruction and closes the power supply of the communication module when receiving the second enabling instruction.
The BMS function safety control system of the invention is further improved in that:
the power supply module is used for receiving an external main power supply and supplying power to the information acquisition module, the main processor, the driving module and the communication module, and the power supply control module is in control connection with the power supply module;
a self-checking module used for judging whether signals of pins of the main processor are consistent with corresponding preset signals or not is arranged in the main processor, and if the signals of the pins of the main processor are continuously judged to be inconsistent for multiple times by the self-checking module, a safety protection entering instruction is generated;
the power supply control module generates a command for closing a total power supply when receiving the command for entering the safety protection;
and the power supply module closes the main power supply when receiving the instruction of closing the main power supply.
The BMS function safety control system of the invention is further improved in that:
the signal acquisition module acquires the battery signals in a multipath manner;
the main processor is internally provided with a plurality of data processing units which are connected in pairs, and the plurality of data processing units receive the plurality of paths of battery signals in a one-to-one correspondence mode, are used for judging whether each path of battery signal exceeds a first set threshold value and are used for judging whether a two-to-two difference value in the plurality of paths of battery signals exceeds a second set threshold value.
The BMS function safety control system of the invention is further improved in that:
the multiple paths of battery signals comprise multiple paths of current signals, multiple paths of voltage signals and multiple paths of temperature signals;
and a temperature correction unit is arranged in the main processor and used for comparing each path of current signal and each path of voltage signal with a preset current characteristic curve and a preset voltage characteristic curve respectively and correcting the corresponding current signal and the corresponding voltage signal.
The invention also provides a BMS function safety control method based on the BMS function safety control system, which comprises the following steps:
s1, acquiring a battery signal of the battery module by using the signal acquisition module and outputting the battery signal to the main processor;
s2, the main processor judges whether the battery module has a fault according to the battery signal:
if the main processor determines that no fault occurs, the main processor generates a drive maintaining instruction and returns to the step S1;
if judging that the fault occurs, the main processor generates a safe operation entering instruction;
s3, the power supply control module receives the safety operation entering instruction and generates a first hardware safety instruction;
s4, the hardware security logic module receives the first hardware security instruction and generates a first enabling instruction and a second enabling instruction;
s5, the driving module maintains the driving of the battery module when receiving the driving maintaining instruction, stops the driving of the battery module when receiving the first enabling instruction, and shuts down the power supply of the driving module when receiving the second enabling instruction; and the signal acquisition module turns off the power supply of the signal acquisition module when receiving the second enabling instruction.
By adopting the BMS function safety control method, when the battery module has a fault, the main processor can transmit the entering safety operation instruction to the driving module through more transmission paths, so that when part of the transmission paths in the BMS function safety control system have a fault and fail, other transmission paths can correctly transmit the instruction, the driving module is ensured to stop driving the battery module, the safety protection of the BMS system is enhanced, and the risk of execution error of the executor caused by the safety function failure of the BMS system is reduced.
The BMS function safety control method of the invention is further improved in that:
the BMS function safety control system also comprises a communication module which is connected with the hardware safety logic module, the main processor and an upper computer;
when the step S2 is performed, if it is determined that a fault occurs, the main processor first generates an error reporting instruction and sends the error reporting instruction to an upper computer through a communication module, starts timing while generating the error reporting instruction, and regenerates the safe operation entering instruction if feedback information of the upper computer is not received within a certain time;
when the step S3 is performed, the power control module further generates a second hardware security instruction when receiving the enter security operation instruction;
in step S4, the hardware security logic module generates a third enabling instruction when receiving the second hardware security instruction;
when the step S5 is performed, the communication module stops communication when receiving the third enabling instruction, and turns off the power of the communication module when receiving the second enabling instruction.
The BMS function safety control method of the invention is further improved in that:
the BMS function safety control system also comprises a power supply module, wherein the power supply module is used for receiving an external main power supply and supplying power to the information acquisition module, the main processor, the driving module and the communication module, and the power supply control module is connected with the power supply module in a control way; a self-checking module used for judging whether the signal of each pin of the main processor is consistent with a corresponding preset signal is arranged in the main processor;
after the step S4, the main processor performs self-checking by using the self-checking module, and if the self-checking module continuously determines that the main processor is inconsistent for multiple times, generates a security protection entering instruction;
the power control module generates a command for closing a total power supply when receiving the safety protection command;
and the power supply module closes the main power supply when receiving the instruction of closing the main power supply.
The BMS function safety control method of the invention is further improved in that:
the signal acquisition module acquires the battery signals in a multipath manner; a plurality of data processing units connected pairwise are arranged in the main processor, and the plurality of data processing units correspondingly receive the plurality of paths of battery signals one by one;
when step S2 is performed, the main processor determines whether a difference between two of the multiple battery signals exceeds a second set threshold by using the multiple data processing units, and if so, the battery module is faulty; if not, judging whether each path of battery signal exceeds a first set threshold, if so, determining that the battery module has a fault, and if not, determining that the battery module has no fault.
The BMS function safety control method of the invention is further improved in that:
the multiple paths of battery signals comprise multiple paths of current signals, multiple paths of voltage signals and multiple paths of temperature signals;
a temperature correction unit is arranged in the main processor and used for comparing each path of current signal and each path of voltage signal with a preset current characteristic curve and a preset voltage characteristic curve respectively and correcting the corresponding current signal and the corresponding voltage signal;
in step S2, the main processor first uses a temperature correction unit to correct multiple paths of the current signals and multiple paths of the voltage signals, and uses the temperature signals, the corrected multiple paths of the current signals, and the corrected multiple paths of the voltage signals as multiple paths of the battery signals, and uses the multiple data processing units to determine the multiple paths of the battery signals.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 shows a basic block diagram of the BMS functional safety control system of the present invention.
Fig. 2 shows a schematic diagram of a preferred embodiment of the BMS functional safety control system of the present invention.
Fig. 3 shows a circuit diagram of the hardware security logic module of the embodiment of fig. 2 of the present invention.
Fig. 4 shows a flow chart of the BMS function safety control method of the present invention.
Detailed Description
In order to enhance the safety protection of the BMS and reduce the risk of execution errors of the actuator due to the failure of the safety function of the BMS, the present invention provides a BMS function safety control system and a control method thereof, and the present invention is further described in detail with reference to the accompanying drawings and specific embodiments.
Referring to fig. 1, a BMS function safety control system includes:
a signal acquisition module for acquiring a battery signal in a battery module (not shown);
the main processor is connected with the signal acquisition module and used for judging whether the battery module has a fault according to the battery signal, if the battery module has no fault, generating a maintenance driving instruction 11, and if the battery module has a fault, generating a safe operation entering instruction;
the power supply control module is used for receiving the security operation entering instruction and generating a first hardware security instruction 21, is in communication connection with the main processor and communicates through protocols such as SPI \ UART \ I2C \ LIN \ CAN \ Daisy chain and the like;
the hardware safety logic module is used for receiving the first hardware safety instruction 21 and generating a first enabling instruction 31 and a second enabling instruction 32, and the hardware safety logic module is connected to the power supply control module and the signal acquisition module;
the driving module is used for maintaining the driving of the battery module when receiving the driving maintaining instruction 11, stopping the driving of the battery module when receiving the first enabling instruction 31, and turning off the power supply of the driving module when receiving the second enabling instruction 32, and the driving module is connected with the main processor and the hardware safety logic module;
and the signal acquisition module turns off the power supply of the signal acquisition module when receiving the second enabling instruction.
The BMS functional safety control system increases a transmission path from a power supply control module to a hardware safety logic module and then to a driving module on the basis of a traditional BMS system (namely, a main processor is connected with an on-off pin and an interruption pin of the driving module in two paths and respectively used for sending a maintenance driving command 11 and a first software safety command 12 to the driving module), namely, when a battery module has a fault (such as over-temperature, over-charge or over-discharge), the main processor sends an entering safety operation command to the power supply control module, then the power supply control module generates a first hardware safety command 21 to the hardware safety logic module, then the hardware safety logic module generates a first enabling command 31 to a bus relay pin of the driving module and generates a second enabling command 32 to a power supply enabling pin of the driving module and a power supply enabling pin of a signal acquisition module respectively, on the one hand, the battery module is controlled to stop charging and discharging by disconnecting the bus relay, on the other hand, the battery module is stopped being driven by cutting off the power supply of the driving module, so that the purpose of stopping charging and discharging is achieved, and meanwhile, the power supply of the signal acquisition module is cut off to stop signal acquisition, so that the BMS function safety control system is quicker in response speed and more energy-saving when in use. In addition, in this embodiment, the main processor is connected to an interrupt pin of the hardware security logic module, and is configured to send the second software instruction 13 to the hardware security logic module.
Adopt above-mentioned BMS functional safety control system, strengthen the safety protection who has realized the BMS system, through more transmission paths, reduced because of the risk that the partial safety function of BMS system became invalid and lead to carrying out the mistake.
Preferably:
referring to fig. 2 and 3, the BMS function safety control system further includes a communication module connected to the hardware safety logic module and to the main processor, and further communicatively connected to an upper computer;
if the main processor judges that the battery module is in failure, an error reporting instruction is generated and sent to the upper computer through the communication module, timing is started while the error reporting instruction is generated, and if feedback information of the upper computer is not received within a certain time, the safe operation entering instruction is generated;
the power control module also generates a second hardware security instruction 22 upon receiving the enter secure operation instruction;
the hardware security logic module generates a third enabling instruction 33 upon receiving the second hardware security instruction 22;
the communication module stops communication when receiving the third enabling command 33 and turns off the power supply of the communication module when receiving the second enabling command 32.
In the embodiment, the main processor and the communication module communicate by using protocols such as SPI \ UART \ I2C \ LIN \ CAN \ Daisy chain and the like, and simultaneously, the communication module communicates with external systems such as an upper computer or a vehicle main controller and the like, so that the BMS functional safety control system CAN communicate with the external systems such as the upper computer or the vehicle main controller and the like, and information butt joint and combined control between the BMS functional safety control system and the external systems are realized; in addition, a timer is arranged in the power supply control module, and when the entering safe operation instruction is received, the first hardware safety instruction 21 and the second hardware safety instruction are generated by the timer in sequence, so that the hardware safety logic module controls the driving module and the communication module in sequence.
Preferably:
the BMS function safety control system also comprises a power module, wherein the power module is used for receiving an external main power supply and supplying power to the information acquisition module, the main processor, the driving module and the communication module;
a self-checking module used for judging whether the signals of the pins of the main processor are consistent with corresponding preset signals or not is arranged in the main processor, and if the signals of the pins of the main processor are continuously judged to be inconsistent for multiple times by the self-checking module, a safety protection entering instruction is generated;
the power control module generates a command for closing the total power when receiving the command for entering the safety protection;
the power module turns off the main power supply when receiving the command of turning off the main power supply.
In this embodiment, the main processor further has a pin for receiving a recovery diagnostic signal of the hardware safety logic module, where the recovery diagnostic signal is an actually output enable instruction signal (including a first enable instruction 31, a second enable instruction 32, and a third enable instruction 33) collected on an output line of each enable instruction of the hardware safety logic module, and the self-checking module can determine whether the recovery diagnostic signal is consistent with a preset signal (i.e., each enable instruction signal that the hardware safety logic module should output when the battery module fails) by collecting the recovery diagnostic signal, so as to confirm whether a corresponding transmission path of the BMS functional safety control system and the module itself fail or fail; correspondingly, the self-checking module can also check signals of other pins in the main processor, and further confirm whether other corresponding transmission paths of the BMS functional safety control system and the module per se are failed or failed.
The BMS function safety control system can be monitored through the improvement, so that when the BMS function safety control system fails or fails, the power supply module can be correspondingly controlled through the power supply control module in time, and the system safety is protected; the specific control logic can be flexibly set according to the actual situation; for example, in this embodiment: after the self-checking module judges that the actual signal is inconsistent with the preset signal for the first time, continuing to judge, if the judgment is inconsistent for more than three times, determining that the BMS functional safety control system is invalid or failed, sending a command for closing the total power supply to the power supply control module to enable the power supply control module to control the total power supply of the power supply module to be closed, further simultaneously closing all modules powered by the power supply module, and enabling the BMS functional safety control system to enter a safety protection mode until the power supply control module is started from the outside; after the self-checking module judges that the actual signal is inconsistent with the preset signal for the first time, the judgment is continued, if the judgment is consistent for more than three times, the failure or fault of the BMS functional safety control system is determined to be removed, and at the moment, a restart instruction is sent to the power control module, so that the power control module controls the power module to restart the closed power supply, and the normal work of the BMS functional safety control system is recovered.
Preferably:
the signal acquisition module acquires the battery signals in a multipath manner;
the main processor is internally provided with a plurality of data processing units which are connected in pairs, and the plurality of data processing units correspondingly receive the plurality of paths of battery signals one by one and are used for judging whether each path of battery signal exceeds a first set threshold value and judging whether the difference value of each pair of the plurality of paths of battery signals exceeds a second set threshold value.
In the embodiment, a multi-path acquisition mode is adopted to prevent failure in judgment caused by inaccurate acquisition due to failure of a single acquisition path; in addition, the double-core cross comparison can be carried out on a plurality of battery signals through the plurality of data processing units; specifically, an analog-to-digital conversion module is arranged in the data processing unit, and the main processor can judge whether the battery module has a fault more accurately by converting the battery signal into a digital signal and then performing dual-core cross comparison on the digital signal.
Preferably:
the multi-channel battery signals comprise multi-channel current signals, multi-channel voltage signals and multi-channel temperature signals;
the main processor is internally provided with a temperature correction unit which is used for comparing each path of the current signal and each path of the voltage signal with a preset current characteristic curve and a preset voltage characteristic curve respectively and correcting the corresponding current signal and the corresponding voltage signal.
In this embodiment, a plurality of paths of current signals are acquired by a current sensor for multiplexing the positions of the battery, a plurality of paths of voltage signals are acquired by a voltage sensor for multiplexing the positions of the battery, and a plurality of paths of temperature signals are acquired by a temperature sensor for multiplexing the positions of the current sensor and the voltage sensor;
the temperature correction unit is used for correcting the current signal and the voltage signal, and the temperature signal, the corrected current signal and the corrected voltage signal are used as the battery signal for the main processor to judge whether the battery module has a fault, so that the accuracy of fault judgment is further improved.
In view of the above BMS function safety control system, the present invention also provides a BMS function safety control method, as shown in fig. 1 and 4, including the steps of:
s1, acquiring a battery signal of the battery module by using the signal acquisition module and outputting the battery signal to the main processor;
s2, the main processor judges whether the battery module has a fault according to the battery signal:
if it is determined that the failure has not occurred, the main processor generates a keep driving command and returns to step S1;
if the main processor is judged to be in failure, the main processor generates a safe operation entering instruction;
s3, the power supply control module receives the entering safety operation instruction and generates a first hardware safety instruction;
s4, the hardware security logic module receives the first hardware security instruction and generates a first enabling instruction and a second enabling instruction;
s5, the driving module maintains the driving of the battery module when receiving the driving maintaining instruction, stops the driving of the battery module when receiving the first enabling instruction, and turns off the power supply of the driving module when receiving the second enabling instruction; and the signal acquisition module turns off the power supply of the signal acquisition module when receiving the second enabling instruction.
In step S2, if it is determined that a failure occurs, the main processor generates an enter safe operation command to the power control module while generating the first software safety command 12 to the driver module and the third software safety command 13 to the hardware safety logic module.
When the battery module has a fault (such as over-temperature or over-charge or over-discharge), the main processor can accurately control the driving module and other related modules through the combination of a plurality of software and hardware instructions, thereby strengthening the safety protection of the BMS system and reducing the risk of execution errors caused by the failure of partial safety functions of the BMS system.
Preferably:
the BMS function safety control system also comprises a communication module which is connected with the hardware safety logic module, connected with the main processor and further in communication connection with an upper computer;
when the step S2 is performed, if it is determined that a fault occurs, the main processor first generates an error reporting instruction and sends the error reporting instruction to the upper computer through the communication module, starts timing while generating the error reporting instruction, and regenerates the entering safe operation instruction if feedback information of the upper computer is not received within a certain time;
when the step S3 is performed, the power control module further generates a second hardware security command when receiving the enter security operation command;
in the step S4, the hardware security logic module generates a third enabling instruction when receiving the second hardware security instruction;
in step S5, the communication module stops communication when receiving the third enabling command, and turns off the power of the communication module when receiving the second enabling command.
The BMS function safety control method can be communicated with external systems such as an upper computer or a whole vehicle main controller, and information butt joint and joint control of the BMS function safety control system and the external systems are achieved.
Preferably:
the BMS function safety control system also comprises a power module, wherein the power module is used for receiving an external main power supply and supplying power to the information acquisition module, the main processor, the driving module and the communication module; a self-checking module used for judging whether the signal of each pin of the main processor is consistent with a corresponding preset signal is arranged in the main processor;
after the step S4, the main processor performs self-checking by using the self-checking module, and if the self-checking module continuously determines that the main processor is inconsistent for multiple times, generates a security protection entering instruction;
the power control module generates a command for closing the total power when receiving the safety protection command;
the power module turns off the main power supply when receiving the command of turning off the main power supply.
According to the BMS function safety control method, the BMS function safety control system can be monitored, so that when the BMS function safety control system fails or fails, the power supply module can be correspondingly controlled through the power supply control module in time, and the system safety is protected; the specific control logic can be flexibly set according to the actual situation; for example in the present method: after the self-checking module judges that the actual signal is inconsistent with the preset signal for the first time, continuing to judge, if the judgment is inconsistent for more than three times, determining that the BMS functional safety control system is invalid or failed, sending a command for closing the total power supply to the power supply control module to enable the power supply control module to control the total power supply of the power supply module to be closed, further simultaneously closing all modules powered by the power supply module, and enabling the BMS functional safety control system to enter a safety protection mode until the power supply control module is started from the outside; after the self-checking module judges that the actual signal is inconsistent with the preset signal for the first time, the judgment is continued, if the judgment is consistent for more than three times, the failure or fault of the BMS functional safety control system is determined to be removed, and at the moment, a restart instruction is sent to the power control module, so that the power control module controls the power module to restart the closed power supply, and the normal work of the BMS functional safety control system is recovered.
Preferably:
the signal acquisition module acquires the battery signals in a multipath manner; the main processor is internally provided with a plurality of data processing units which are connected pairwise, and the plurality of data processing units correspondingly receive a plurality of paths of battery signals one by one;
when step S2 is performed, the main processor determines whether the difference between two of the multiple battery signals exceeds a second set threshold by using the multiple data processing units, and if so, the battery module is faulty; if not, whether each path of battery signal exceeds a first set threshold value is judged, if so, the battery module is in fault, and if not, the battery module is in no fault.
The BMS function safety control method adopts a multi-path acquisition mode, so that failure in judgment caused by inaccurate acquisition due to failure of a single acquisition path is avoided; in addition, dual-core cross comparison can be carried out on a plurality of battery signals through a plurality of data processing units; specifically, an analog-to-digital conversion module is arranged in the data processing unit, and the main processor can judge whether the battery module has a fault more accurately by converting the battery signal into a digital signal and then performing dual-core cross comparison on the digital signal.
Preferably:
the multi-channel battery signals comprise multi-channel current signals, multi-channel voltage signals and multi-channel temperature signals;
the main processor is internally provided with a temperature correction unit which is used for comparing each path of the current signal and each path of the voltage signal with a preset current characteristic curve and a preset voltage characteristic curve respectively and correcting the corresponding current signal and the corresponding voltage signal;
in step S2, the main processor first uses the temperature calibration unit to calibrate a plurality of paths of the current signals and a plurality of paths of the voltage signals, and uses the temperature signals, the calibrated plurality of paths of the current signals and the calibrated plurality of paths of the voltage signals as a plurality of paths of the battery signals, and uses the plurality of data processing units to determine the plurality of paths of the battery signals.
The temperature correction unit is used for correcting the current signal and the voltage signal, and the temperature signal, the corrected current signal and the corrected voltage signal are used as the battery signal for the main processor to judge whether the battery module has a fault, so that the accuracy of fault judgment is further improved.
Although the present invention has been described with reference to a preferred embodiment, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A BMS functional safety control system, comprising:
the signal acquisition module is used for acquiring a battery signal in the battery module;
the main processor is connected with the signal acquisition module and used for judging whether the battery module has a fault according to the battery signal, if the battery module has no fault, generating a drive maintaining instruction, and if the battery module has a fault, generating a safe operation entering instruction;
the power supply control module is used for receiving the security operation entering instruction and generating a first hardware security instruction, and is connected to the main processor;
the hardware safety logic module is used for receiving the first hardware safety instruction and generating a first enabling instruction and a second enabling instruction, and the hardware safety logic module is connected to the power supply control module and the signal acquisition module;
the driving module is used for maintaining the driving of the battery module when receiving the driving maintaining instruction, stopping the driving of the battery module when receiving the first enabling instruction, and turning off the power supply of the driving module when receiving the second enabling instruction, wherein the driving module is connected with the main processor and the hardware safety logic module;
and the signal acquisition module turns off the power supply of the signal acquisition module when receiving the second enabling instruction.
2. The BMS functional safety control system of claim 1, characterized in that:
the communication module is connected with the hardware safety logic module, the main processor and the upper computer;
if the main processor judges that the battery module is in failure, an error reporting instruction is generated and sent to the upper computer through the communication module, timing is started while the error reporting instruction is generated, and if feedback information of the upper computer is not received within a certain time, the safe operation entering instruction is generated;
the power supply control module also generates a second hardware safety instruction when receiving the entering safety operation instruction;
the hardware security logic module generates a third enabling instruction when receiving the second hardware security instruction;
and the communication module stops communication when receiving the third enabling instruction and closes the power supply of the communication module when receiving the second enabling instruction.
3. The BMS functional safety control system of claim 2, characterized in that:
the power supply module is used for receiving an external main power supply and supplying power to the information acquisition module, the main processor, the driving module and the communication module, and the power supply control module is in control connection with the power supply module;
a self-checking module used for judging whether signals of pins of the main processor are consistent with corresponding preset signals or not is arranged in the main processor, and if the signals of the pins of the main processor are continuously judged to be inconsistent for multiple times by the self-checking module, a safety protection entering instruction is generated;
the power supply control module generates a command for closing a total power supply when receiving the command for entering the safety protection;
and the power supply module closes the main power supply when receiving the instruction of closing the main power supply.
4. The BMS functional safety control system of claim 1, characterized in that:
the signal acquisition module acquires the battery signals in a multipath manner;
the main processor is internally provided with a plurality of data processing units which are connected in pairs, and the plurality of data processing units receive the plurality of paths of battery signals in a one-to-one correspondence mode, are used for judging whether each path of battery signal exceeds a first set threshold value and are used for judging whether a two-to-two difference value in the plurality of paths of battery signals exceeds a second set threshold value.
5. The BMS functional safety control system of claim 4, wherein:
the multiple paths of battery signals comprise multiple paths of current signals, multiple paths of voltage signals and multiple paths of temperature signals;
and a temperature correction unit is arranged in the main processor and used for comparing each path of current signal and each path of voltage signal with a preset current characteristic curve and a preset voltage characteristic curve respectively and correcting the corresponding current signal and the corresponding voltage signal.
6. A BMS functional safety control method adopting the BMS functional safety control system according to claim 1, comprising the steps of:
s1, acquiring a battery signal of the battery module by using the signal acquisition module and outputting the battery signal to the main processor;
s2, the main processor judges whether the battery module has a fault according to the battery signal:
if the main processor determines that no fault occurs, the main processor generates a drive maintaining instruction and returns to the step S1;
if judging that the fault occurs, the main processor generates a safe operation entering instruction;
s3, the power supply control module receives the safety operation entering instruction and generates a first hardware safety instruction;
s4, the hardware security logic module receives the first hardware security instruction and generates a first enabling instruction and a second enabling instruction;
s5, the driving module maintains the driving of the battery module when receiving the driving maintaining instruction, stops the driving of the battery module when receiving the first enabling instruction, and shuts down the power supply of the driving module when receiving the second enabling instruction; and the signal acquisition module turns off the power supply of the signal acquisition module when receiving the second enabling instruction.
7. The BMS function safety control method of claim 6, characterized in that:
the BMS function safety control system also comprises a communication module which is connected with the hardware safety logic module, the main processor and an upper computer;
when the step S2 is performed, if it is determined that a fault occurs, the main processor first generates an error reporting instruction and sends the error reporting instruction to an upper computer through a communication module, starts timing while generating the error reporting instruction, and regenerates the safe operation entering instruction if feedback information of the upper computer is not received within a certain time;
when the step S3 is performed, the power control module further generates a second hardware security instruction when receiving the enter security operation instruction;
in step S4, the hardware security logic module generates a third enabling instruction when receiving the second hardware security instruction;
when the step S5 is performed, the communication module stops communication when receiving the third enabling instruction, and turns off the power of the communication module when receiving the second enabling instruction.
8. The BMS function safety control method of claim 7, characterized in that:
the BMS function safety control system also comprises a power supply module, wherein the power supply module is used for receiving an external main power supply and supplying power to the information acquisition module, the main processor, the driving module and the communication module, and the power supply control module is connected with the power supply module in a control way; a self-checking module used for judging whether the signal of each pin of the main processor is consistent with a corresponding preset signal is arranged in the main processor;
after the step S4, the main processor performs self-checking by using the self-checking module, and if the self-checking module continuously determines that the main processor is inconsistent for multiple times, generates a security protection entering instruction;
the power control module generates a command for closing a total power supply when receiving the safety protection command;
and the power supply module closes the main power supply when receiving the instruction of closing the main power supply.
9. The BMS function safety control method of claim 6, characterized in that:
the signal acquisition module acquires the battery signals in a multipath manner; a plurality of data processing units connected pairwise are arranged in the main processor, and the plurality of data processing units correspondingly receive the plurality of paths of battery signals one by one;
when step S2 is performed, the main processor determines whether a difference between two of the multiple battery signals exceeds a second set threshold by using the multiple data processing units, and if so, the battery module is faulty; if not, judging whether each path of battery signal exceeds a first set threshold, if so, determining that the battery module has a fault, and if not, determining that the battery module has no fault.
10. The BMS function safety control method of claim 9, characterized in that:
the multiple paths of battery signals comprise multiple paths of current signals, multiple paths of voltage signals and multiple paths of temperature signals;
a temperature correction unit is arranged in the main processor and used for comparing each path of current signal and each path of voltage signal with a preset current characteristic curve and a preset voltage characteristic curve respectively and correcting the corresponding current signal and the corresponding voltage signal;
in step S2, the main processor first uses a temperature correction unit to correct multiple paths of the current signals and multiple paths of the voltage signals, and uses the temperature signals, the corrected multiple paths of the current signals, and the corrected multiple paths of the voltage signals as multiple paths of the battery signals, and uses the multiple data processing units to determine the multiple paths of the battery signals.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010669250.XA CN111755763B (en) | 2020-07-13 | 2020-07-13 | BMS function safety control system and control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010669250.XA CN111755763B (en) | 2020-07-13 | 2020-07-13 | BMS function safety control system and control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111755763A true CN111755763A (en) | 2020-10-09 |
| CN111755763B CN111755763B (en) | 2024-01-16 |
Family
ID=72711309
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010669250.XA Active CN111755763B (en) | 2020-07-13 | 2020-07-13 | BMS function safety control system and control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111755763B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114035668A (en) * | 2021-10-27 | 2022-02-11 | 厦门海辰新能源科技有限公司 | Security control method, battery management system, and computer-readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20160007837A (en) * | 2014-07-03 | 2016-01-21 | 경운대학교 산학협력단 | Battery Energy Storage System |
| CN109017372A (en) * | 2018-07-26 | 2018-12-18 | 浙江慧众智能装备科技有限公司 | A kind of fault detection system based on power battery management system |
| CN109524946A (en) * | 2018-11-28 | 2019-03-26 | 梁甫富 | A kind of BMS battery protection system |
-
2020
- 2020-07-13 CN CN202010669250.XA patent/CN111755763B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20160007837A (en) * | 2014-07-03 | 2016-01-21 | 경운대학교 산학협력단 | Battery Energy Storage System |
| CN109017372A (en) * | 2018-07-26 | 2018-12-18 | 浙江慧众智能装备科技有限公司 | A kind of fault detection system based on power battery management system |
| CN109524946A (en) * | 2018-11-28 | 2019-03-26 | 梁甫富 | A kind of BMS battery protection system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114035668A (en) * | 2021-10-27 | 2022-02-11 | 厦门海辰新能源科技有限公司 | Security control method, battery management system, and computer-readable storage medium |
| CN114035668B (en) * | 2021-10-27 | 2022-12-27 | 厦门海辰储能科技股份有限公司 | Security control method, battery management system, and computer-readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111755763B (en) | 2024-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10822023B2 (en) | Electric power steering apparatus having redundancy for enhancing safety | |
| CN109888864B (en) | Battery management system | |
| JP4486772B2 (en) | Method for adjusting data transmission speed in fieldbus system | |
| KR101641435B1 (en) | Battery management system and electric vehicles equipped with the same | |
| EP3767731B1 (en) | Battery pack and charging bank | |
| US8803456B2 (en) | Motor drive control device | |
| US8755917B2 (en) | Safety control device | |
| US20160336736A1 (en) | Method for detecting an abnormality in a relay | |
| KR102533939B1 (en) | vehicle control system | |
| CN104423374B (en) | Controller for automobile and the automobile with it, monitoring method | |
| JP6983991B2 (en) | Battery control device | |
| DK2132440T3 (en) | A drive device for driving several axles | |
| JP2016036222A (en) | System control device for distributed power source, system control method for distributed power source, and power conditioner | |
| US20200341037A1 (en) | Electrical assembly and method | |
| CN111755763A (en) | BMS function safety control system and control method | |
| US11820444B2 (en) | Control device for vehicle-mounted equipment | |
| WO2005036288A1 (en) | Control system using serial communication | |
| WO2018045848A1 (en) | Feedback control method and device for power supply of multi-rotor manned aircraft | |
| CN116243594A (en) | Aircraft control system, flight control method and storage medium | |
| US11409255B2 (en) | Output control apparatus | |
| CN113921921A (en) | Battery module protection method, BMS system, battery cluster and electric device | |
| CN111196156B (en) | Equalization circuit fault detection method and system of battery monitoring unit and vehicle | |
| KR20100005197U (en) | - Dual control device of H-bridge multi-level inverter | |
| US11777436B2 (en) | Method and system for a safety concept for an AC battery | |
| CN203734276U (en) | Safety instrument control system signal acquisition module power distribution device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |