| ??? 02/27/08 23:16 Read: times Msg Score: +1 +1 Good Answer/Helpful |
#151576 - ABS & Safety Responding to: ???'s previous message |
Brian,
If the sensor manufacturer suggests a 470ohm pullup, there is probably a very good reason for it. Without reveiwing the specs of the sensor, we have little evidence for finding the reason. Since the ABS is a safety critical unit as a failure could present a life threatening situation, you need to consider the safety aspects of your device. Whilst ensuring the specs of the micro is the first step to reliability, you simply can't trust the micro alone. All number of unanticipated conditions could occur to upset the micro and cause a failure - and probably transient at that. You need to look at the possible failure of all your components and find ways you can detect a failure. You sensor ciruit is critical to the operation, so you need to look real close at how you would detect the sensor failing in a number of ways: 1. stop high 2. stuck low 3. cable break 4. rf interference The ABS units I've looked at use reluctors as the sensor - physically very simple. They don't get stuck high or low, you can check the circuit by passing a small current through the loop and measuring it. You can even pulse a current through them and test for shorted turns. so, with some simple circuitry and tests, you can determine with a great deal of confidence that the sensor is good or bad. The old maxim of 'garbage in,garbage out' definitely applies here. You must go to great length to verify your inputs, if any doubt you fail safe and log the fault. The Bosch box I looked at used two 8051s for the job. One would expect these two micros needed to agree so that an output could be activated. In most safety critical apps, the general rule is that any one failure can be detected. Whilst multiple failures could cause a dangerous situation, the general concept is to add redundancy so that the statistical likelyhood of such a multiple failure is extremely low ( the actual number escapes me at the moment). In the case of an ABS, you would design the system so that two or more valves or pumps need to activate in order to disable the brakes. Coupled with that the ability to check the operation of each control means you can take action before a number of failures can occur. So please think carefully and perform a FMEA before you unleash the design into the real world and maybe have a look at commercial abs controllers for design tips - a quick trip to the wreckers and a few dollars should fetch you a control box from a popular vehicle from 10 years ago. The latest model boxes are probably all thick film hybrid, so you won't be able to extract much from them. |
