In 2022, between June and December, I had the opportunity to undertake an internship abroad in Switzerland 🇨ðŸ‡, where I developed a Proof of Concept for a Safety Framework Demonstrator.
My journey began when I applied through my University's internship center, in collaboration with IAESTE Colombia and IAESTE Switzerland. After securing an interview with Solcept, I was thrilled to receive the news that they wanted to move forward with my application. We then started the paperwork with IAESTE to arrange my arrival in Switzerland.
In June, I flew from MedellÃn 🇨🇴 to Zürich 🇨🇠to begin this exciting adventure.
Upon arrival, I was introduced to the team, the facilities, the tech stack, and the project's expectations.
The goal was to create a demonstrator for a Safety Framework that the company was developing. The system needed to be reliable, redundant, and self-monitored, capable of detecting potential failures and bringing the entire system to a safe state to prevent risk and damage.
Imagine a saw machine on a production line in a factory. The associated hazards are significant: if an employee accidentally places their hand into the saw area, it could lead to serious injuries or worse. The system needed sensors and actuators to detect such risks and take actions to prevent disasters. For example, it could stop the saw and only reactivate it once the operator acknowledges the stoppage and understands the risks of restarting.
To simulate this, we crafted a demonstrator that mimicked a closed room with fictional machines. We installed two CO2 sensors to monitor CO2 levels and halt operations if the levels exceeded a certain threshold. Additionally, we placed two fans on the sides of the box to ventilate and remove the CO2.
The setup included two boards, two fans, two sensors, two screens, and two failure injectors. Redundancy was crucial here: if one microcontroller failed, it would not be aware of its own failure. Thus, a backup unit needed to detect any problems with the primary unit and stop the entire system if necessary. This approach ensures that even if part of the system experiences issues that affect failure detection, the operation will be halted to prevent potential disasters. This principle of redundancy is known as fault tolerance.
According to Dexon: 
To dive deep into the problem definition, we need to understand some concepts in the context of ISO 13849:
Severity: This classifies the potential impact of a failure or hazardous event on health, safety, or the environment. It is typically categorized into several levels, each representing the degree of harm or damage that could occur:
- S1: Slight (normally reversible injury).
- S2: Serious (normally irreversible injury or death).
Frequency/Exposure: Refers to how often a person or system is exposed to a potential hazard:
- F1: Seldom to less often and/or exposure time is short.
- F2: Frequent to continuous and/or exposure time is long.
Possibility of Avoidance: Refers to the ability to prevent a hazardous event from occurring or to mitigate its effects if it does happen:
- P1: Possible under specific conditions.
- P2: Scarcely possible.
With these concepts in mind, we focused on a C-D Performance Level: 
We defined a Circular Buffer. A circular buffer, also known as a ring buffer or circular queue, is a data structure that uses a fixed-size buffer as if it were connected end-to-end. It is particularly useful for handling data in scenarios where the buffer size is predetermined and the data flows in a cyclic manner. In real-time applications, where timing is critical and the system cannot afford delays or interruptions, circular buffers provide a way to handle data in a predictable manner with minimal overhead. It's an effective approach for managing events in the system we built.
We later set up the I2C CO2 sensors, specifically the Sensirion SEK-SCD41 sensor.
For communication between the microcontrollers, we used a message structure that enforces strict validation to ensure data integrity, as data loss or changes can result in unexpected behavior.
LCD displays were used to show information related to the system's measurements, state, and failure causes.
I2C buses were built to enable communication between the microcontrollers, CO2 sensors, and LCD displays.
Initially, we used small fans to evacuate the CO2, but they were not as effective as expected, so we switched to larger ones. We also performed some craftsmanship to connect them with the system.
For microcontrollers, we used two NXP S32K142 and communicated via UART.
We programmed failure injection buttons to simulate various failure conditions and test the system's reactions.
We used an SPDT switch to simulate a door being open or closed, to determine if the system is safe and able to be restarted. An SPDT switch consists of three terminals and connects the source terminal to one of two output terminals. This allows for an "ON/ON" configuration, meaning the switch's input terminal is always completing one of the two possible circuits controlled by the switch. This adds redundancy and reliability.
Final Demonstrator:
Picture of me during my final days in Switzerland. Gornergratt, Zermatt 🇨🇠
© All rights reserved to Solcept AG