The invention relates to a method, a device, a computer program and a computer program product for visualizing specified safety-critical information in a vehicle, as well as to a corresponding vehicle.
In order to grant functional safety or comply with corresponding safety guidelines, in current vehicles, safety-critical information has to be reliably displayed on a display unit of the respective vehicle.
It is an object of the invention to contribute to a reliable display of safety-critical information on a display unit of a vehicle.
This and other objects are achieved by a method, and corresponding device, for visualizing specified safety-critical information in a vehicle. Display data are determined which are representative of a first image to be visualized, which provides the specified safety-critical information in a specified first signalization form. The determination of the first display data takes place free of specified safety regulations. The first display data are sent to a display unit of the vehicle. Test data are read out which are representative of an image visualized on the display unit. The test data are checked. If the test data are representative of a faulty providing of the specified safety-critical information, second display data are sent to the display unit. The second display data are representative of a second image to be visualized, which provides the specified safety-critical information in a specified second signalization form. The second signalization form differs from the first signalization form. The second display data are determined while complying with the specified safety regulations.
The display unit includes, for example, a display in a dashboard of the vehicle and/or a head-up display of the vehicle, where the information important to a driver are projected into the driver's field of vision.
The specified safety-critical information includes, for example, information which is displayed in vehicles in the driver's field of vision, such as information concerning vehicle speed, rotational engine speed, an open vehicle door and/or a defective light. As an alternative or in addition, the specified safety-critical information includes, for example, information concerning a faulty function of a safety-relevant driver assistance system, such as an automatic lane assist function and/or a function for highly automated driving with lateral and/or longitudinal control.
The specified safety-critical information is specified particularly by a control unit which is designed for determining the respective safety-critical information, for example, by means of suitable sensors.
The specified safety regulations are, for example, a result of an applicable safety standard for safety-relevant electrical/electronic systems in vehicles, such as the ISO 26262:2011.
The specified safety regulations make, for example, high demands on hardware and/or software, which is designed for the determination and/or display of the specified safety-critical information. As a result, it may not be possible to provide the specified safety-critical information while taking into account the specified safety regulations in the first signalization form; for example, because hardware and/or software, which complies with the specified safety regulations, does not have sufficient processing capacity for implementing the first signalization form in real time, and/or because hardware and/or software cannot be certified because, for example, a manufacturer wants to disclose neither the functioning of the hardware and/or software for a third-party certification by a monitoring institution, nor themselves, for example, comply with the SO 26262:2011 Standard.
However, the specified safety-critical information may be provided while taking into account the specified safety regulations in the specified second signalization form, for example, because the second signalization form requires fewer processing expenditures than the first signalization form.
Thus, when visualizing the specified safety-critical information, the specified safety regulations can be complied with in that the specified safety-critical information is provided in the specified second signalization form, if the specified safety-critical information was provided in a faulty manner. By examining the test data, it can be determined whether the specified safety-critical information was provided in a faulty manner in the first signalization form. This contributes to ensuring that the specified safety-critical information is reliably visualized at least in the specified second signalization form on the display unit of the vehicle.
Furthermore, for determining the first image to be visualized, hardware and/or software can be used which does not comply with the specified safety regulations but may possibly be more cost-effective and/or more efficient than hardware and/or software which complies with the specified safety regulations.
According to an advantageous further development, the first display data are determined such that the first image to be visualized comprises validation information. The test data are checked in that the validation information is checked.
Validation information particularly is information which cannot be perceived in a visualized image by the vehicle driver, for example, because it is imaged in an invisible edge area and/or because it is only imaged in an imaginary image area. As an alternative or in addition, it can also be imaged in the form of an imperceptible pattern in a visible image area.
The first image to be visualized will dynamically change, as required, for example, because the second signalization form takes dynamic image effects, such as shadowing, into account. It may therefore not be possible to check a visualization of the specified safety-critical information directly by means of the test data. The visualization of the validation information may possibly not change as dynamically as the visualization of the specified safety-critical information. As a result, the validation information can easily be checked by means of the test data. If the validation information is faulty, it is highly probable that the specified safety-critical information was also provided in a faulty fashion. It can therefore very easily be checked by means of the validation information whether the specified safety-critical information was provided in fashion.
According to a further advantageous development, the test data are checked a comparison with specified comparison data.
The specified comparison data comprise particularly comparison data for the validation information. As a result of such an actual-/desired-value comparison by use of the comparison data, it can very easily be determined whether the specified safety-critical information was provided in a faulty fashion, particularly by comparing the comparison data with a portion of the display data that represents the visualization of the validation information.
According to a further advantageous development, the specified first visualization form comprises a 3D visualization form, and the specified second visualization for comprises a 2D visualization form.
Specifically, the 3D visualization form is frequently computationally intensive, for example, because of an image synthesis (rendering), during which a hidden surface determination of objects, a surface computation (shading) and a computation of the light distribution takes place within the image to be visualized. The specified safety-critical information can therefore be displayed in the computationally intensive 3D visualization form and, in the event of a fault, can be visualized at least in the 2D visualization form.
According to a further aspect, the invention is characterized by a computer program for visualizing specified safety-critical information, the computer program being designed for implementing the method for visualizing specified safety-critical information or an advantageous further development of the method on a data processing device.
According to a further aspect, the invention is characterized by a computer program product that comprises the implementable program code. When implemented by a data processing device, the program code implements the method for visualizing specified safety-critical information or an advantageous further development of the method. The computer program particularly comprises a medium which is readable by the data processing device and on which the program code is stored.
Other objects, advantages and novel features of the present invention will become apparent from the following detailed description of one or more preferred embodiments when considered in conjunction with the accompanying drawings.