If any vehicle ought to be safe, it is a firefighting truck. A rising number of vehicle functions include collision avoidance technologies or crash sensor systems which help firemen to do their most fundamental job better: saving lives. However, new functions may introduce new risks owing to increasingly complex electronic interactions.
To protect those who risk their lives every day, Rosenbauer planned its new fire truck with an eye on functional safety. The globally renowned manufacturer wants to prevent the possibility that embedded electronics and software might unexpectedly fail during a potentially life-critical operation or daily patrols.
“The Rosenbauer RT is the first electrically powered fire truck and provides state-of-the-art technology for firefighters all over the world,” says Michael Friedmann, Head of Group Strategy, Innovation and Marketing at Rosenbauer. “To think about the term ‘safety’ comprehensively, we worked with an expert in functional safety: our long-term partner TTControl provided the vehicle electronics and supported our project team along the entire safety process. Together we were able to implement the content required for the successful certification of the entire vehicle according to ISO 26262.”
First hybrid power fire truck worldwide
With its hybrid powertrain, the Rosenbauer RT (abbreviation for ‘Revolutionary Technology’) aims to be the most progressive and revolutionary truck on the firefighting market. Each axle of the truck is powered by an electric motor, with a diesel engine in combination with a generator as a backup energy provider. The high-voltage energy storage system allows electric driving as well as electric operation at the rescue site, thus reducing emissions such as noise and exhaust gases.
During critical drive situations, everything must run like clockwork. For electromobility, this means that no clutch may disconnect from the drive train in any situation. Only a safety monitor can maintain the safe operation of the vehicle. TTControl supplies the high-performance electronic control unit model TTC 580 to act as vehicle control unit (VCU) and as safety monitor companion for the torque command. This enables the Rosenbauer RT to operate safely by guarding the whole torque chain, from throttle command down to the wheels.
Functional safety guaranteed at all times
“We are proud to be part of this innovative project,” says Markus Plankensteiner, Vice President of Sales and Marketing at TTControl. “With electronic architectures becoming more and more complex, functional safety must be considered system-wide. With electronic control units by TTControl, Rosenbauer provides a high degree of operational quality to its global customers. Furthermore, our ISO 26262 certified controllers raise the safety standard of the overall electronic architecture.”
The production of the VCU is based on MATLAB Simulink by using the IO library (IOLib-TTC 580). Besides the powertrain, the VCU controls the vehicle’s overall energy management. With MATLAB Simulink, simulations of CAN-signals, for instance, were 100% in line with the hardware functionalities and possible even when drive train and vehicle were not available during the development phase. Pure functional code and functional safety have been integrated on the same ECU, which is denoted by “freedom from interference” in the ISO 26262. With this kind of demanding development, TTC 580 guarantees that the functional safety code (ASIL C) guards the torque chain at all times without interference from the functional code.
A second TTC 580 controls the vehicle lighting and air conditioning, as well as the windshield wiper motors. A third unit ensures the functionality of the so-called energy tower by controlling the electric motor, the combustion engine or the fire pump.
Rosenbauer decided in favor of TTControl’s TTC 580 controller based on a thorough safety analysis which resulted in the requirement for Automotive Safety Integrity Level C (ASIL C) according to the ISO 26262 standard.
The Rosenbauer RT prototype was officially presented to the public on June 14, 2020, during the virtual Interschutz trade fair. The truck is currently undergoing intensive testing and will soon begin real-world customer testing with fire departments in Berlin, Amsterdam and Dubai.
The high-end safety control unit: the HY-TTC 580
The HY-TTC 580 is part of a complete, robust, safety-certified controller family containing five different members. The extensive I/O set with various configuration options makes the powerful control units suitable for a wide range of high-end applications. All members of this family are certified according to ISO 26262:2018 and fulfill all requirements for safe road usage. In total, three units of the TTC 580 are applied to Rosenbauer’s RT prototypes and pre-series vehicles.