Safety engineering is a growing field in which engineers use redundancy techniques in order to mitigate adverse consequences if an error occurs. For example, space vehicles and aircrafts include redundant systems so that if an engine control component fails during flight, for example, another engine control component can be activated to allow the aircraft to land safely.
In a similar regard, timed input/output (I/O) signals in safety conscious systems can be generated and then subsequently checked to ensure they were actually delivered correctly. This can be useful in any number of applications. For example, in an automotive system, if an output drive signal (e.g., sparkplug signal from an engine controller) is provided to an automobile's engine, a feedback signal (which is derived from the output drive signal that was actually delivered to the engine) can be compared with the original output drive signal to determine whether the output drive signal was, in fact, delivered correctly. Thus, if there is a “bad” connection between the engine controller and the engine itself (or if some other error event occurs), a comparison of the original drive signal and the feedback signal can detect this error, thereby allowing a control system to notify the driver, for example, by illuminating a “check engine” light on the driver's dashboard. In this way, a driver can be informed that an engine problem (e.g., a sparkplug misfire) has occurred, and can then get the vehicle serviced to remedy any corresponding problems.
In safety-critical power systems with power switches (e.g., metal-oxide-semiconductor field-effect transistors (MOSFETs) or insulated gate bipolar transistors (IGBTs)) there is the need to analyze functional blocks in the power system before starting the operation of the system to avoid damages in case of the malfunction of some functional blocks. Furthermore, diagnosis capability is needed during runtime to detect aging effects or analyze sudden failures.
A standard output of a normal control device is not capable of driving directly the control input (gate) of a power switch. Therefore, a gate driver component with its own power supply is needed to amplify the control signals and to adapt them to the needs of the power switches. To avoid losses and to ensure a correct switching behavior, the gate driver components are normally located near to the power switch.
In some cases, the gate driver component introduces a galvanic isolation barrier between the control device and the power switch since they do not refer to the same potential. This results in the risk of corruption of the (“low-power”) control signals between the control device(s) and the gate driver components and even undesired switching of the power switches. An option for monitoring the data consistency could be to build a parallel loop back of the control signals received by the gate driver component to the control device. Normally, however, the costs of the additional input pins at the control device are too high. Other known solutions are not flexible enough, i.e., they can cover only a subset or an aspect of the data volume to be monitored.
Therefore, there, e.g., exists a need for a system for monitoring data consistency, in particular for safety-critical power systems, which is reliable, flexible and cost-effective.