Hi,

While going through a controller manual i encountered this in the failure detection of analog inputs portion of the manual:

The fundamental principle of error detection with analog or digital inputs is
redundancy, i.e. two voltages with opposite characteristic curves with a defined
reference to each other are used for an input function and mutual plausibility is
checked.

In the event of a short circuit between the two mutually referenced signals,
the resulting voltage must either be outside the expected mutual reference
or it must be defined as a safe state (neutral).

Beyond this principle of redundancy the ranges of the signal can be monitored by the
control unit software. That is possible if the voltages in error-free operation do not
exceed the overall range of the input channel voltage so that failures such as cable
breaks or short circuits to a sensor supply would result in an impermissible voltage,
which can then be discovered.


I am familiar with CRC used in communication protocols but i could not understand what this meant. Can someone explain this , especially the part "two voltages with opposite characterstic curves with a defined reference". How this would translate to a real scenario, for ex. say if i am reading a potentiometer value on an analog pin.

 

A simple pot will not have two output voltages by itself. The first thing you could do is add two more resistors in series with the pot, so for example instead of outputting 0 to 5 volts it rages between 0.5 and 4.5 volts. Then zero and 5 are error conditions you can detect.

If this pot signal is remote to the A2D you could say make an analog inverter to give two signals, but that may cause more problems that it solves.

 

A simple pot will not have two output voltages by itself. The first thing you could do is add two more resistors in series with the pot, so for example instead of outputting 0 to 5 volts it rages between 0.5 and 4.5 volts. Then zero and 5 are error conditions you can detect.

If this pot signal is remote to the A2D you could say make an analog inverter to give two signals, but that may cause more problems that it solves.

But how is that redundant? I think from a safety point of view this might refer to using two different input channels to read the analog input. But the opposite characteristic part confuses me.

 

How this would translate to a real scenario,

So the two redundant signals can be summed to a constant and compared with the reference for error detection: if there is an error with one of the inputs, the sum will deviate large from the reference.

If you were to measure. The shaft angle of a pot (or its resistance), you would use a two gang pot and wire the four terminals so that the wiper readings are out of phase. Sum up the two wiper voltage and it should be constant.

Or you have an input error.

 

But how is that redundant? I think from a safety point of view this might refer to using two different input channels to read the analog input. But the opposite characteristic part confuses me.

True that, it is not redundant, though it allows you to detect out of range signals on a single input.

How best to explore redundancy from a single pot is an open question to me. Additionally, I would prefer some context where a bold statement about the need for two related by inversion signals is necessary.

For the pot example, you could either arrange an amplifier, or mechanically connect two pots to give you inverse ranges. I just don't see any universal requirement for such, which is why I question the context these proclamations were made.

 

You can also subtract the signals from two redundant identical signal channels with an op amp differential amp circuit, and if the output differs significantly from zero, then there is an error in the signals.

To continue operation through a failure, you can have three identical channels, and ignore the one that is significantly different from the other two.