The present invention relates generally to a method for representing or display of safety related information safely, especially by detecting safety-critical errors within the computation of information in order to generate image data preferably involving the method steps: entry of at least one recorded value of an input parameter into a processor, computerized processing of the input parameter transforming it into a sequence of image data that represent the input parameter, transmitting of the sequence of image data to a display and representing or display of the sequence of image data on that display.
Currently, TFT displays are used increasingly as display units in many applications, in control and monitoring systems for example. In addition to the said cases, TFT displays are more commonly used to display safety-critical information in the field of train-control or airplanes, for instance. Generally, units of this kind are based on a micro controller or PC equipped with software running on an operating system.
A failure is considered to be a safety-critical failure if the display only seems to work well or seems to show the correct (consistent) information but actually does not represent the true (factual) information provided to the display unit, for example not the train's actual speed. The display only shows a seemingly correct value, the failure, however, cannot be detected as such by the observer.
Existing methods and devices for application of the methods comprise a processor that generates a sequence of image data corresponding to the input parameter, image or vector-oriented for example, in order to show the sequence of image data on the display. The display can be of any design, a monitor or TFT for example, with the latter frequently being used today. As the present invention is independent from the display used, insofar any applicable technology can be considered. The processing unit is connected to the display (panel) via common digital interfaces, like LVDS.
The detection method and device according to a preferred embodiment of the present invention do not include the display, but considers it a perfect and therefore flawless system in this context. This is based on the assumption that a typically extremely low failure rate of the display, especially the display panel in particular relating to those errors which might contribute to safety related errors as defined above. Nevertheless, it is of decisive importance that the value of the input parameter recorded and processed by the system is correctly shown on the display.
Common methods and apparatuses for application of the methods are based on the assumption that a display failure results in an obviously false image and thus is apparent to the observer. The displayed data may be non-constant or interrupted for example, may change, for instance, their color, a figure may be cancelled or shown in a distorted shape. Further, it is to be noted that a failure or an error in the display itself will also lead to a visibly wrong representation of the data.
Present methods and devices to generate digital image data are generally very error-prone due to their inherent complexity. Errors may occur in each single step of the computation, by a defect micro-processor for instance. They may also occur within the graphics controller, the individual memory modules, the power supply or also the display application software whereas these may even result from errors in the graphic software library or other software libraries used by the particular application software. Therefore, a safety test or approval to certify the overall system is very complex and must always comprise all components, hardware, firmware and all software involved, including the operating system. Even more so any up-date or modification/alteration of the system components including the software requires a new certification of the complete system. For practical purposes, such a process is tedious and very expensive, even though strictly necessary with methods and devices according to the prior art.
Methods of a different nature to ensure safe visualization of image data are known from the patents DE 4 332 143 A and EP 0 856 792 A. DE 10 2004 039 498 A1 discloses pixels that can be verified by placing one ore more light-sensitive sensors on monitored areas of TFT display and then sending the output signal produced by said one or more sensors to the subordinate computer.