This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
SIL2 and SIL3 ECU - Safety Controller for Off-Highway
Technical Paper
2007-01-1489
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
Electronically controlled safety-critical functions are becoming more and more prevalent in the off-highway industry (construction, agricultural or forestry machinery etc). Failures of such safety-critical functions may cause serious injury or death to people. Therefore, product safety and liability are becoming increasingly important for all OEMs in this industry. Currently, IEC 61508 [1] is considered the state-of-the-art standard for the development of safety-critical systems. Safety integrity levels (SIL) 2 and 3 are the most common levels required by off-highway applications.
This paper shows a scalable architecture with a single ECU type that allows fulfilling both SIL2 and SIL3 requirements: A 1oo1D architecture (single ECU) will be used for systems with SIL2 requirements, a 1oo2D architecture for SIL3 requirements. In the 1oo2D variant two redundant ECUs exchange data over a time-triggered protocol. Due to this scalability the controller is suited for the majority of safety-critical applications in the off-highway industry.
Recommended Content
Technical Paper | Overcoming Operational Blindness in Software Architecture |
Technical Paper | Model-based Testing of Embedded Automotive Software Using Mtest |
Technical Paper | Network Architecture for CAN |
Authors
Citation
Seethaler, C. and Silberbauer, L., "SIL2 and SIL3 ECU - Safety Controller for Off-Highway," SAE Technical Paper 2007-01-1489, 2007, https://doi.org/10.4271/2007-01-1489.Also In
SAE 2007 Transactions Journal of Passenger Cars: Electronic and Electrical Systems
Number: V116-7; Published: 2008-08-15
Number: V116-7; Published: 2008-08-15
References
- Functional Safety of E/E/PES Systems International Electrotechnical Commission IEC 1998
- White Papers - System Integration 2003 www.oemoff-highway.com
- Earth-moving machinery -- Machine- control system (MCS) using electronic components -- Performance criteria and tests 2001
- Council directive on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products Council of the European Communities 25 July 1985
- Grundsatz für die Prüfung und Zertifizierung von „Bussystemen für die Übertragung sicherheitsrelevanter Nachrichten” Fachausschuss “Elektrotechnik” Prüf- und Zertifizierungsstelle im BG-PRÜFZERT, Gustav-Heinemann-Ufer 130
- TTA-Group Time-Triggered Protocol TTP/C - High-Level Specification Document - Protocol Version 1.1 November 2003 www.ttagroup.org/technology/specification.htm
- Reliability data handbook - Universal model for reliability prediction of electronics components PCBs and equipment International Electrotechnical Commission 2004