Error detection/correction and fault detection/recovery – Pulse or data error handling – Digital logic testing
Patent
1997-08-21
2000-01-04
Tu, Trinh L.
Error detection/correction and fault detection/recovery
Pulse or data error handling
Digital logic testing
714815, 714819, G01R 3128
Patent
active
060121564
DESCRIPTION:
BRIEF SUMMARY
BACKGROUND OF THE INVENTION
The present invention relates to a process for monitoring the correct function of a program-controlled electronic circuit, such as a microprocessor, microcomputer, microcontroller, or the like, wherein in the working cycle data processing results are checked for partial or complete correlation with data which are produced independently of the circuit to be monitored and independently of the program run in a monitoring circuit, and wherein if deviations indicative of a malfunction occur, an error signal or disabling signal is generated. Circuit arrangements for implementing the process are also comprised in the present invention.
The correct operation of microcomputers and other program-controlled electronic circuits must be monitored especially when the circuits are used for safety-critical control systems. An example of a safety-critical application is the controlling intervention in the brake system of an automotive vehicle, as required, among others, for anti-lock control, traction slip control, driving stability control, etc. When a malfunction of the electronic unit is detected, the electronic control in prior art brake systems is disconnected in order to maintain at least the braking function, even though without anti-lock control. It is also known in the art to deactivate the control only in part, to disconnect it with delay or to switch it over in any other way to a less dangerous condition when defined faults occur.
It is important for such monitoring measures that the malfunction is identified quickly and with a high degree of reliability. To this effect, the input data produced by wheel sensors are processed in the control circuit disclosed in German patent No. 32 34 637 in two parallel, independent, identically designed and identically programmed microcontrollers. The output signals of the two microcontrollers are then checked for correlation. When deviations occur, indicative of a malfunction, the electronic control will be disabled so that the braking function is ensured. Thus, the prior art control circuit is based on a redundant signal processing in two complete, program-controlled circuits. The sole purpose of the redundance is to identify errors with a high degree of reliability in order to disable the control in this case. The disabling mechanisms on their part are also virtually redundant. Thus, considerable effort and equipment is involved for safety reasons.
In another prior art circuit arrangement, as disclosed in German patent application No. 41 37 124, the sensor signals or input signals are processed in two parallel microcontrollers. Only one of the microcontrollers, however, carries out the complete, sophisticated signal processing operation. The second circuit is mainly used for monitoring. Therefore, the input signals, after conditioning and the production of derivatives, are further processed by simplified control algorithms and a simplified control philosophy. Compared to the above mentioned state of the art circuit, the effort and equipment is reduced by the simplified processing in the monitoring microcontroller.
It would principally be possible nowadays to incorporate a plurality of complete circuit systems, for example, two microcomputers, on one single chip, to supply them with identical input data and to compare the data processing results of the different circuit systems for monitoring the correct functioning. However, in such an electronic circuit design, it cannot be ruled out with a sufficiently high degree of reliability that a correct monitoring signal (watchdog signal) will be generated due to a fault in the circuit even if the data processing results of both circuit systems are not in correlation, or a circuit system is defective.
A "one-processor solution", i.e. the limitation to one single programmed circuit with a monitoring circuit of conventional type, does not at all permit a sufficiently reliable identification of malfunctions.
Further, German patent application No. 40 04 782 discloses an ABS system with two microcontrollers w
REFERENCES:
patent: 4535456 (1985-08-01), Bauer et al.
patent: 4817418 (1989-04-01), Asami
patent: 4835671 (1989-05-01), Sato et al.
patent: 5265468 (1993-11-01), Holst et al.
patent: 5550762 (1996-08-01), Doll
patent: 5740183 (1998-04-01), Lowe
Search Report of the German Patent Office Relating to Parent German Patent Applicaiton No. 44 46 314.6.
No translation speicherprogrammierbar steuerungen in der Automatisierungstechnik by Dipl.-Phys. Dr. Peter Wratil dated 1989.
No translation Aufbau von uP-Uberwachungs-schaltkreisen by Len Sherman from Elektronik Industrie 8--1994.
No translation Intelligent, wortorientierte Watchdog-Schaltung Sicherheit durch "sich gegenseitig uberwachende" Schaltwege--by Professor Dr.-Ing. W. Kuntz, Dip.-Ing. (FH) D. Ruppert in Electronik 11/May 25, 1990.
English translation of the International Preliminary Examination Report of Application No. PCT/EP95/04901 filed Dec. 12, 1995.
Fey Wolfgang
Zydek Michael
ITT Manufacturing Enterprises Inc.
Tu Trinh L.
LandOfFree
Process and circuit arrangement for monitoring the function of a does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Process and circuit arrangement for monitoring the function of a, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Process and circuit arrangement for monitoring the function of a will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1081216