Overview of Safety Functions
Designation | Description |
|---|---|
V_String, V_DC_EXT | Plausibility check against V_String voltage |
V_DC_EXT | Check of polarity reversal |
Bat-Com Slave Count | Comparison of number of detected battery modules and number of parameterized modules (“greater than” semantics) |
Battery Current | Check of I_String1 |
Battery Module | Check of each connected battery module (Bat-Com) with regard to cell voltages, temperatures, temperature imbalance in module, and string/voltage imbalance |
Bat-Com Time Out | Check of Bat-Com communication timeout |
Precharge | Check of time and voltage difference between V_String and V_DC_EXT during precharging |
Contactor | Plausibility check of auxiliary contacts compared to main contactor switching condition |
E-Stop | Check of whether E-Stop is active |
Parameter valid check | Cyclical redundance check |
Firmware valid check | CRC check |
CPU diagnostic | Check of timers, ports, and watchdog, etc. |
VREF2 | CRC check |
V_REF_INT | Check of timers, ports, and watchdog, etc. |
Fault Hardware Logic | Internal status signal FLT of hardware safety circuit |
RAM | Test and check of microcontroller RAM |
Watchdog trigger | Internal watchdog check, check of timeout watchdog |
Cyclic ADC conversion | Check of values |
External Watchdog Trigger | Triggering of hardware safety logic - timeout of hardware safety block = 1000 ms |
Temperature and voltage dependent Current Monitoring (I_String1) | Comparison of I_String1 and actual charging and discharging limits |
Also see: