Method for improving the functional security and increasing the availabiilty of an electronic control system, and electronic control system
US-2015033357-A1 · Jan 29, 2015 · US
Fault monitoring for a complex computing unit
US10963357B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10963357-B2 |
| Application number | US-201716333313-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 5, 2017 |
| Priority date | Sep 16, 2016 |
| Publication date | Mar 30, 2021 |
| Grant date | Mar 30, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various embodiments include a control device for a vehicle with an internal fault monitoring circuit comprising: a safe computing unit executing a monitoring function for monitoring the safe computing unit and the monitoring function; and an unsafe computing unit executing the monitoring function. Monitoring the monitoring function of the safe computing unit changing the operation of the monitoring function of the safe computing unit to induce faults in the monitoring function of the unsafe computing unit. The monitoring function of the unsafe computing unit detects the induced faults in the operation of the monitoring function of the safe computing unit and reports the induced faults to the monitoring of the monitoring function of the safe computing unit.
First claim
Opening claim text (preview).
What is claimed is: 1. A control device for a vehicle with an internal fault monitoring circuit, the control device comprising: a safe computing unit executing a first monitoring function for monitoring the safe computing unit and a second monitoring function for monitoring the first monitoring function; and an unsafe computing unit executing a third monitoring function; wherein the second monitoring function includes changing the operation of the first monitoring function of the safe computing unit to induce faults in the third monitoring function; and the third monitoring function detects the induced faults in the operation of the first monitoring function and reports the induced faults to the second monitoring function. 2. The control device as claimed in claim 1 , wherein a fault exists if: the operation of the second monitoring function does not induce faults in the third monitoring function in the defined manner, or the third monitoring function does not report the induced faults to the second monitoring function in the defined manner. 3. The control device as claimed in claim 1 , wherein the third monitoring function detects, in the event of a fault in the safe computing unit, said fault. 4. The control device as claimed in claim 1 , wherein the second monitoring function includes, in the event of a fault in the unsafe computing unit, detecting said fault. 5. The control device as claimed in claim 1 , wherein the fault monitoring circuit changes the safe computing unit to a safe state in the event of a reported fault in the safe computing unit. 6. The control device as claimed in claim 1 , wherein the fault monitoring circuit resets the safe computing unit in the event of a reported fault. 7. A vehicle comprising: a controller monitoring and controlling operation of the vehicle; an internal fault monitoring circuit; a safe computing unit executing a first monitoring function for monitoring the safe computing unit and a second monitoring function for monitoring the first monitoring function; and an unsafe computing unit executing a third monitoring function; wherein the second monitoring function includes changing the operation of the first monitoring function of the safe computing unit to induce faults in the third monitoring function; and the third monitoring function detects the induced faults in the operation of the first monitoring function and reports the induced faults to the second monitoring function. 8. A method for monitoring faults in a control device with two computing units, wherein a first computing unit comprises a safe computing unit and a second computing unit comprises an unsafe computing unit, the method comprising: specifically changing operation of a first monitoring function of the safe computing unit using a second monitoring function of the safe computing unit in order to induce a fault in a third monitoring function of the unsafe computing unit; operating the third monitoring function of the unsafe computing unit using the second monitoring function, including the specifically changed contents; monitoring the safe computing unit with the third monitoring function and detecting faults; reporting the detected induced faults to the second monitoring function from the third monitoring function; and establishing a safe state of the safe computing unit if a non-induced fault is detected by the third monitoring function or if the induced fault is not detected by the third monitoring function.
Assignees
Inventors
Classifications
- G06F11/0739Primary
in a data processing system embedded in automotive or aircraft systems · CPC title
by simulating additional hardware, e.g. fault simulation · CPC title
Error detection; Error correction; Monitoring (error detection, correction or monitoring in information storage based on relative movement between record carrier and transducer G11B20/18; monitoring, i.e. supervising the progress of recording or reproducing G11B27/36; in static stores G11C29/00) · CPC title
Error detection or correction of the data by redundancy in hardware · CPC title
by exceeding a time limit, i.e. time-out, e.g. watchdogs · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10963357B2 cover?
- Various embodiments include a control device for a vehicle with an internal fault monitoring circuit comprising: a safe computing unit executing a monitoring function for monitoring the safe computing unit and the monitoring function; and an unsafe computing unit executing the monitoring function. Monitoring the monitoring function of the safe computing unit changing the operation of the monito…
- Who is the assignee on this patent?
- Continental Automotive Gmbh, Vitesco Tech Gmbh
- What technology area does this patent fall under?
- Primary CPC classification G06F11/0739. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 30 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).