|
|
|
|
|
|
by jeffrallen
1360 days ago
|
|
|
Alternatively, you could design the system to fail in a way that was less dangerous. For example, an ECU that controls blinkers does it with a 555 timer, based on a "start blinking" CAN bus command. It resyncs on each new "start blinking " command. It times out after 50 blinks, if no "stop blinking" command comes. This makes each ECU autonomous and responsible for doing "the safe thing", once it has been commanded to. Finding all the new subtle horrible timing problems in this design is left as an exercise for the reader. :) |
|
|