The off-highway industry has made safety a central focus, coming up with new systems while also ensuring that all the safety-related components work reliably. Diagnostics are critical from the initial design phases of these systems through the entirety of their operating lifetime.
Safety includes both new technologies such as radar and cameras as well as braking and steering systems. The increasing speed and declining prices of microcontrollers let engineers do more tasks using electronic controls.
“One of the biggest changes is that electronics have gotten to the point that they can handle the diagnostics and provide better control,” said Brian Cox, Technical Marketing Manager for MTS Sensors Mobile Hydraulics.
Safety systems range from simple radar or camera modules that provide alerts to active safety systems that take action to prevent rollovers or skids. In applications such as rollover detection, controllers must gather input from many sources such as accelerator pedal position, yaw angle, wheel speeds, brake pressures, accelerometer signals, and steering wheel sensor input that show the driver’s intended direction. When there is a potential problem, judgments must be instantaneous.
“The ECUs must constantly make decisions about whether or not to take some intervention such as apply brakes at one of the four wheels or pre-alert or inflate an airbag, etc.,” said Kevin Kott, President of dSPACE. “Because of the complexity of software and bus communication between sensors, actuators, and ECUs, extensive testing is required.”
It’s necessary to check designs to ensure that they’re working properly during both the design phase and over a system's operating lifetime, making diagnostics an underlying element in nearly all aspects of safety systems.
Concepts such as safety can be difficult to quantify, making it difficult for design teams to set their requirements and meet them. Equally important, customers find it difficult to determine how much of an improvement a safety system will actually provide.
Standards bodies are stepping in to provide some basis for safety systems. Foremost among them is the functional safety specification for electronic systems, IEC 61508.
The standard sets safety integrity levels, setting different SIL ratings for different applications. One yardstick is the probability of failures per hour. For example, SIL 2 is less than one failure over a million hours.
Regulators and OEMs alike are setting requirements for various systems. The design teams that comply with those demands are also using the specification to quantify their reliability levels. For example, component makers can design parts to meet safety demands. “SIL 2 is all we usually need for sensors, and there are a lot of ways you can achieve that,” MTS's Cox said.
Redundancy is one method; using enhanced diagnostics is another. “We have a separate diagnostic section in many sensors. Essentially it monitors the operation of different elements in the sensor, looking for elements that don’t agree,” Cox said.
This focus on the components that make up a system is only a portion of an overall design strategy. Engineers note that safety can’t be designed to focus solely on the day products roll off the production line. Designs must account for the impact of aging as a product is used.
“To follow the philosophy of state-of-the-art standards like IEC 61508, it is necessary to introduce safety management throughout the whole life cycle,” said Christiana Seethaler, Teamlead Off-Highway Electronics at TTControl. “Safety management starts with hazard and risk analysis, continues with requirements specification, design, implementation, commissioning, and continues until the system or vehicle is finally decommissioned.”
As in many fields, once standards are in place, legal bodies use them to achieve goals such as cleaner air or safer work sites. Regulations written around the IEC standards are expected to transform this market. “The standards will drive a lot of designs over the next several years,” Cox said.