Currently, displays are used increasingly as display units in many applications, in control and monitoring systems for example. In addition to these cases, displays are more commonly used to display safety-relevant information in the field of train-control or airplanes, for instance. Generally units of this kind are based on a microcontroller or a personal computer equipped with software running on an operating system.
Therein, a display failure is considered to be a safety-relevant failure if the display only seems to work well or seems to show the correct information, but actually does not represent the correct information provided to the display unit, for example does not show the train's current speed. The display only shows a seemingly correct value, the failure, however, cannot be detected as such by an observer.
Common methods and apparatuses for the application of methods for a safe visualization of safety-relevant information are based on the assumption that the display failure results in an obviously false image and thus is apparent to the observer. For example, the displayed data may be scrambled, may change color, a figure may be incomplete or shown in a distorted shape, such that the observer can clearly see that something is wrong.
DE 3411015 A1 discloses a method for the safe visualization of safety-relevant information, wherein an input parameter is transformed into a sequence of image data representing the input parameter and the sequence of image data is transmitted to a display. Further, a checksum is calculated for the sequence of image data and compared to a reference checksum and a safety-focused reaction is provided, if the checksum is not identical to the reference checksum.
However, considering a simple speedometer with 24 bits of pixel depth, showing for example a train's current speed, minimum speed, maximum speed and target speed, which has four sources of input, if each of these sources has 10 bits of resolution, the speedometer would have a total of 240 possible states. Further, if each checksum would have four bytes, the checksum data alone would amount to a total of 4 Tera bytes of checksum data, which would be much more than any current embedded system provides. An exemplary speedometer visualization can be found in modern train GUIs (graphical user interfaces) as described in the ERA ERTMS standard for “ETCS Driver Machine Interface” of the European Train Control System (ETCS), or in similar complexity across industries in modern applications.
Even if an embedded system could feature such a huge amount of memory, the precalculation of checksums would be impractical. Considering that 10 checksums could be calculated on a personal computer per second, it would take at about 3487 years to calculate 240 reference checksums, which would be unacceptable.