JP2004029992A - Electronic control unit - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To properly detect clock abnormality and process omission abnormality and then to secure the reliability of a CPU. <P>SOLUTION: An engine ECU 10 is equipped with a control CPU 11 and a monitor CPU 12. The monitor CPU 12 generates a trigger signal having a fixed period according to a clock inputted to itself and sends it to the control CPU 11. The control CPU 11 actuates a task A in fixed cycles on the basis of a clock inputted to itself to make a counter CA count and also actuates a task B on the basis of the trigger signal inputted from the monitor CPU 12 to make a counter CB count. The differences between the counters CA and CB are compared with each other at two successive timing points and clock abnormality is detected according to the comparison result. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to an electronic control device having two or more CPUs, and more particularly to an electronic control device for suitably detecting an abnormality in a clock signal supplied to each CPU or an abnormality in a process omission.
[0002]
[Prior art]
2. Description of the Related Art As an electronic control device that performs vehicle control and the like, there is an electronic control device that includes a plurality of CPUs and has a function of mutually monitoring abnormalities among the CPUs. As one of the methods, there is a method of monitoring the operation state of the CPU by monitoring a watchdog pulse (WD pulse) which is inverted at a predetermined cycle. This means that one CPU inputs a WD pulse from the other CPU, and when the WD pulse stops, determines that the other CPU is abnormal (runaway).
[0003]
[Problems to be solved by the invention]
An abnormality related to this type of electronic control unit includes an abnormality in a clock signal supplied from an oscillator or the like to each CPU. In this case, if the frequency of the clock signal changes due to an abnormality of the oscillator or the like, it is considered that the abnormality cannot be detected depending on the state of the clock abnormality.
[0004]
For example, if the frequency of the clock signal is higher than normal, the accuracy of time calculation in the CPU is reduced. For this reason, there arises a problem that various arithmetic processes that should be performed periodically are not performed at a predetermined cycle. In such a case, even if the CPU abnormality is detected by the WD pulse as described above, the clock abnormality cannot be determined because the WD pulse is issued periodically.
[0005]
Further, in a CPU that wakes up a plurality of tasks having different priorities, when the processing load on the CPU increases, a process may be missed in a low-priority task. In this case, the issuance of the normal WD pulse is a high-priority process, so that the WD pulse is normally issued even when the low-priority process is exited. Therefore, even if a processing omission occurs, the WD pulse is not affected, and the processing omission cannot be detected. In the worst case, there is a possibility that the processing is continued as it is.
[0006]
SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and an object of the present invention is to provide an electronic control apparatus capable of appropriately detecting a clock abnormality or a processing omission abnormality and thereby ensuring the reliability of a CPU. It is to provide.
[0007]
[Means for Solving the Problems]
According to the first aspect of the present invention, a first CPU and a second CPU are provided, and an individual clock signal is input to each of the CPUs, and each CPU performs periodic arithmetic processing based on the clock signals. The second CPU notifies the first CPU of time information of a fixed period based on a clock signal input thereto. In particular, the first CPU counts the main counter at a constant cycle based on a clock signal input thereto, and counts a sub-counter based on time information at a constant cycle input from the second CPU. Then, the difference between the main and sub counters is compared at two timings before and after, and an abnormality in the clock signal is detected from the comparison result.
[0008]
If the clock signal on the side of the second CPU becomes abnormal and its frequency becomes lower than normal, the time interval of the time information notified from the second CPU to the first CPU increases, and as a result, the count operation of the sub-counter becomes slow. In this case, the difference between the main and sub counters is different from the normal case, and by comparing the preceding and following differences, it can be determined that the clock signal is abnormal. That is, it is possible to detect an abnormality in which the cycle of the clock signal changes. As a result, the clock abnormality can be properly detected, and the reliability of the CPU can be ensured.
[0009]
In the invention described in claim 2, the first CPU wakes up the task A at a constant cycle, counts the main counter in the task A, and wakes up the task B using time information from the second CPU as a trigger. The sub-counter is counted in the task B. In this case, when the task A and the task B are woken up as appropriate, the counting operation of the main and sub counters can be performed.
[0010]
As described above, the first CPU operates the sub-counter in response to the notification of the time information from the second CPU. In such a case, the notification of the time information may be realized in the following manner.
In the invention described in claim 3, the second CPU outputs a trigger signal at a constant cycle in a periodic process based on a clock signal, and the first CPU counts the sub-counter every time the trigger signal is input. .
In the invention described in claim 4, the second CPU performs data transmission at a constant cycle in a periodic communication process based on a clock signal, and the first CPU sets a sub-counter every time data is received from the second CPU. Count.
According to the fifth aspect of the present invention, there is provided a monitoring circuit which inputs a watchdog pulse which is inverted at a predetermined cycle from the second CPU and outputs a reset signal to the second CPU if the watchdog pulse is not inverted for a predetermined time or more. Further, the first CPU inputs the watchdog pulse from the second CPU, and counts the sub-counter each time the input is performed.
[0011]
In any of the above cases, the first CPU counts the sub-counter at a fixed cycle, and the clock abnormality can be properly detected based on the difference between the sub-counter and the main counter.
[0012]
In the invention described in claim 6, the first CPU compares the difference between the main and sub counters at the two timings before and after to determine a difference change amount, and when the difference change amount is the same each time, the first CPU determines that the clock is abnormal. It is determined that there is. As a result, a clock abnormality can be accurately detected.
[0013]
In the invention described in claim 7, the first CPU compares a difference between the main and sub counters at two timings before and after to determine a difference change amount, and the difference change amount corresponds to the count of one counter. Then, it is determined that one of the counters is stopped. Thereby, the abnormality of the stop of the counter can be accurately detected. When the main counter is counted in the task A and the sub-counter is counted in the task B, it is possible to accurately detect that any task has stopped.
[0014]
As described in claim 8, when the periods of the main and sub counters are the same, if both counters are normal, the difference always coincides. Therefore, the difference between the main and sub counters can be easily compared.
[0015]
According to the ninth aspect of the present invention, the first CPU wakes up a predetermined task using time information notified from the second CPU as a trigger, and leaves a history of processing completion in a specified processing unit in the task. Then, the next time the task wakes up, a process omission abnormality is detected from the history. In this case, if the task is performed to the end, a history of processing completion remains for all processes, but if the task is only performed halfway, a history of processing completion does not remain for unexecuted portions. Therefore, a processing omission can be detected for the task. Further, by checking the history, it is possible to identify the position where the processing omission has occurred.
[0016]
According to the ninth aspect of the present invention, as set forth in the tenth aspect, the first CPU wakes up a plurality of tasks having different priorities, and among the tasks having the lower priority, records the processing end history in a prescribed processing unit. Good to leave. When there are a plurality of tasks having different priorities, a task with a low priority may be interrupted by a high-priority task during its execution. Occurrence of the omission and the location of the omission can be specified.
[0017]
Further, as described in claim 11, the first CPU may count the sub-counter at the end of a predetermined task woken up based on time information from the second CPU. Accordingly, when a processing omission occurs, the sub-counter is not counted, and it is possible to determine the occurrence of an abnormality from the difference between the main and sub-counters.
[0018]
On the other hand, in the twelfth aspect of the invention, as in the ninth aspect, if the task is performed to the end, a history of processing completion remains for all the processing. Does not have a history of processing completion. Therefore, a processing omission can be detected for the task. Further, by checking the history, it is possible to identify the position where the processing omission has occurred.
[0019]
Further, as set forth in claim 13, the first CPU wakes up a plurality of tasks having different priorities and leaves a history of processing completion in a specified processing unit in a task having a lower priority, thereby achieving a high level of processing. Even if a task of a priority is interrupted and a processing loss (interruption of processing) occurs, it is possible to specify the occurrence of the processing loss and the location of the occurrence.
[0020]
The invention according to claim 14 is applied as an electronic control unit for a vehicle in which the first CPU executes electronic throttle control and the second CPU executes fail-safe processing relating to electronic throttle control. Then, when the first CPU detects that the clock is abnormal or the processing is abnormal, the first CPU notifies the second CPU of the detection, and the second CPU performs a fail-safe process based on the abnormality information from the first CPU. In this case, even if a clock error or a process omission error occurs, appropriate fail-safe processing can be performed.
[0021]
BEST MODE FOR CARRYING OUT THE INVENTION
An embodiment of the present invention will be described below with reference to the drawings. In the present embodiment, the electronic control device of the present invention is embodied as an engine ECU mounted on a vehicle. FIG. 1 is a block diagram illustrating a configuration of an engine ECU according to the present embodiment.
[0022]
In FIG. 1, an engine ECU 10 includes a control CPU 11 for performing engine injection control, ignition control, and electronic throttle control, and a monitoring CPU 12 for performing fail-safe processing related to electronic throttle control and monitoring the control CPU 11. . These CPUs 11 and 12 are communicably connected to each other. A clock CK1 (clock signal) is input from the oscillator 13 to the control CPU 11, and a clock CK2 (clock signal) is input from the oscillator 14 to the monitoring CPU 12. In the present embodiment, the control CPU 11 corresponds to a “first CPU”, and the monitoring CPU 12 corresponds to a “second CPU”.
[0023]
The control CPU 11 wakes up the task A at a constant cycle based on the clock CK1 from the oscillator 13 and counts up the counter CA in the task A every time. Task A is a high priority task, and is woken up every 2 ms in this embodiment. The control CPU 11 receives a trigger signal from the monitoring CPU 12. The control CPU 11 wakes up the task B based on the trigger signal, and counts up the counter CB in the task B every time.
[0024]
On the other hand, the monitoring CPU 12 wakes up a periodic process every 2 ms based on the clock CK2 from the oscillator 14, and generates and outputs a trigger signal of a constant cycle in the periodic process. This trigger signal is taken into the control CPU 11. In the present embodiment, the counter CA corresponds to the “main counter”, the counter CB corresponds to the “sub counter”, and the trigger signal corresponds to “time information of a fixed cycle”.
[0025]
Further, the monitoring CPU 12 outputs a WD pulse to the WD circuit 15 as a “monitoring circuit”, and the WD circuit 15 sends a reset signal to the monitoring CPU 12 when the WD pulse from the monitoring CPU 12 has not been inverted for a predetermined time or more. Is output.
[0026]
Here, the operation of the counters CA and CB will be described with reference to FIG. When both the counters CA and CB operate normally, as shown in FIG. 2A, each counter counts up every 2 ms. In this case, assuming that the difference between the counters CA and CB is ΔCn (= CA−CB), the difference is ΔC1 at the timing t1, and the difference is ΔC2 at the timing t2. In FIG. 2A, ΔC1 = ΔC2 to indicate a normal operation.
[0027]
On the other hand, FIGS. 2B to 2D show cases where the counter CB operates abnormally. (B) to (d) will be described in detail. In (b), the period of the counter CB is longer than in the normal state. It is considered that this is because the clock CK2 on the monitoring CPU 12 side becomes abnormal (clock abnormality), and as a result, the wake-up cycle of the periodic processing (the cycle of the trigger signal) changes, and further, the cycle of the counter CB changes. In this case, the differences ΔC1 and ΔC2 at the timings t1 and t2 satisfy ΔC1 <ΔC2.
[0028]
Further, (c) shows an abnormality in which the counter CB stops, and (d) shows an abnormality in which the periodic processing in the monitoring CPU 12 is missed (process missing abnormality). It should be noted that the process omission occurs irregularly, and the counter CB may not be counted up in a fixed cycle due to the process omission. Also in these cases (c) and (d), the differences ΔC1 and ΔC2 at the timings t1 and t2 satisfy ΔC1 <ΔC2.
[0029]
In the present embodiment, an abnormality detection method that can detect any of the abnormalities shown in FIGS. 2B to 2D and can further specify the form of each abnormality is proposed. In the case of FIG. 2B, the difference ΔCn between the counter values differs every time because the count-up periods of the counters CA and CB differ, but the change of the same ΔCn is uniform, and the change ΔCn is constant at regular time intervals. When the two ΔCn are compared, the amount of change is constant. That is, assuming that the change amount of the difference before and after is DCn (hereinafter, the difference change amount DCn), the difference change amount DCn has the same value every time (DCn = DCn−1). Therefore, the clock abnormality can be specified by the difference change amount DCn. Of course, when the cycle of the counter CB is reduced or when the cycle of the counter CA is increased (or decreased), the clock abnormality can be similarly specified.
[0030]
In the case of FIG. 2C, one counter CA normally counts up and the other counter CB is stopped. Therefore, the difference change amount DCn between each counter CA and CB is counted up by the counter CA. Equivalent to a minute. In this case, the difference change amount DCn is equal to the value (DTn / T) obtained by dividing the time interval DTn between t1 and t2 by the time T (2 ms) for one cycle of the counter (DCn = DTn / T). Thereby, the abnormality of the task B stop can be specified.
[0031]
Further, in the case of FIG. 2D, ΔC1 ≠ ΔC2 (that is, DCn ≠ 0) as in (b) and (c) above, but the change of the difference ΔCn is irregular. Therefore, if ΔC1 ≠ ΔC2, and if it does not correspond to (b) or (c) in FIG. 2, it can be specified that the processing is missing.
[0032]
Next, the arithmetic processing woken up by each of the CPUs 11 and 12 will be described in detail with reference to the flowcharts of FIGS. First, FIG. 3 is a flowchart showing a procedure of the task A. The task A is woken up by the control CPU 11 every 2 ms.
[0033]
In FIG. 3, first, at step 101, abnormality detection processing is performed based on the counters CA and CB. However, the details (the processing of FIG. 4) will be described later. In step 102, normal processing is performed for task A, and in step 103, the counter CA is incremented by one. This task A causes the counter CA to count up every 2 ms.
[0034]
In the abnormality detection process of FIG. 4, a series of abnormality detections is performed every 8 ms, and the process proceeds to the subsequent step 202 on condition that step 201 is YES (that is, once every four times of waking up task A). Is detected at the rate of
[0035]
In step 202, a difference change amount DCn indicating how much the difference ΔCn between the counters CA and CB has changed is calculated. Specifically, the difference between the present value ΔCn and the previous value ΔCn−1 of the difference between the counters CA and CB is calculated, and the difference change amount DCn is calculated (DCn = ΔCn−ΔCn−1).
[0036]
Thereafter, in step 203, it is determined whether or not the difference change amount DCn is zero. As described with reference to FIG. 2A, when both the counters CA and CB are normal, DCn = 0 (ΔCn = ΔCn−1). If DCn = 0, the process proceeds to step 204, where the various abnormality counters ErrCk, ErrF, and ErrSt are all cleared to zero. After that, the present process is temporarily ended.
[0037]
If DCn ≠ 0, the routine proceeds to step 205, where the present value DCn of the difference change amount and the previous value DCn−1 are compared. If DCn = DCn−1, it is estimated that the clock is abnormal, and in step 206, the clock abnormality counter ErrCk is incremented by one. This corresponds to the case of FIG. 2B.
[0038]
If DCn ≠ DCn−1, the time interval DTn (the time width from the previous abnormality detection to the current abnormality detection) is calculated in step 207, and in subsequent step 208, it is determined whether or not DCn = DTn / T. Determine. Then, in the case of YES, it is estimated that the stop of the task B is abnormal, and in a step 209, the task B stop counter ErrSt is incremented by one. In the case of NO, it is presumed that there is a processing omission abnormality, and at step 210, the processing omission abnormality counter ErrF is incremented by one. That the step 208 is YES corresponds to the case of FIG. 2C, and that the step 208 is NO corresponds to the case of FIG. 2D.
[0039]
Thereafter, in steps 211 to 213, it is determined whether or not each of the abnormality counters ErrCk, ErrSt, and ErrF is smaller than a predetermined determination value Lmt. If any of them is less than the determination value Lmt, the present process is terminated. If the abnormality is equal to or greater than the determination value Lmt, the corresponding abnormality flag (one of XErrCk, XErrSt, and XErrF) is turned on (steps 214 to 216). The determination values Lmt do not need to be the same, and can be individually set for each of the abnormality counters ErrCk, ErrSt, and ErrF. Further, the configuration may be such that the abnormality flag is turned ON only when the same abnormality is continuously detected a predetermined number of times.
[0040]
FIG. 5 is a flowchart showing the procedure of task B. This task B is woken up by the control CPU 11 each time a trigger signal is input from the monitoring CPU 12. Actually, the trigger signal is a pulse signal having a cycle of 2 ms, and the task B is executed at the same cycle as the task A. Incidentally, the trigger signal is generated by the periodic processing shown in FIG. That is, the monitoring CPU 12 generates and outputs a trigger signal during normal processing (steps 401 and 403) in the periodic processing (step 402).
[0041]
In the task B, n processes (process 1 to process n) are sequentially performed, and each time each process is performed, the process completion flag Xfin indicating the completion of the process is turned on. That is, at this time, processing 1 to processing n are defined processing units, and the history of the processing end is left as the processing completion flag Xfin. Then, when the task B wakes up next time, the place where the process is missed is specified based on the process completion flag Xfin.
[0042]
In FIG. 5, first, in step 301, i indicating the processing number is cleared to 0, and in subsequent step 302, it is determined whether or not the processing completion flag xfin (i) of the processing i is ON. If the flag is ON, it is determined that the process i has been completed in the previous task B. In this case, it is determined in step 303 whether i = n. Until i = n is satisfied, it is repeatedly determined at step 304 whether or not the flag xfin (i) is ON while incrementing i by one.
[0043]
When the flag xfin (i) = OFF, it can be determined that a process omission has occurred in the corresponding process i. Therefore, the process proceeds to step 305, and the process i at that time is stored in the memory as the process omission occurrence position.
[0044]
Thereafter, in step 306, all the processing completion flags xfin are cleared. In steps 307 to 312, the processes 1 to n are sequentially performed, and immediately after the execution of each process, the corresponding process completion flag Xfin is turned ON. Finally, in step 313, the counter CB is incremented by one.
[0045]
When the abnormality is detected in the abnormality detection processing of FIG. 4 (when the abnormality flag is turned ON), the abnormality is notified from the control CPU 11 to the monitoring CPU 12, and the monitoring CPU 12 cuts off the energization of the electronic throttle control. , Predetermined fail-safe processing is performed. In this case, even if a clock abnormality or a processing omission abnormality occurs, appropriate fail-safe processing can be performed, and the reliability of the engine ECU 10 is ensured.
[0046]
According to the embodiment described in detail above, the following effects can be obtained.
When a clock abnormality occurs, the difference ΔCn between the counters CA and CB is different from the normal state. Therefore, it can be determined that the clock is abnormal by comparing the two preceding and following differences ΔCn. That is, it is possible to detect an abnormality in which the clock cycle changes. As a result, the clock abnormality can be properly detected, and the reliability of the CPU can be ensured.
[0047]
Since it is determined that the clock is abnormal when the difference change amount DCn between the counters CA and CB is the same each time, the clock abnormality can be accurately detected.
In addition, when the difference change amount DCn between the counters CA and CB is equivalent to the count of one of the counters, it is determined that one of the counters is stopped, so that abnormality in stopping the counters can be accurately detected. This also means that the stoppage of any task can be accurately detected.
[0048]
In the task B, a history of processing completion (processing completion flag xfin) is left in a prescribed processing unit, and a processing omission abnormality is detected from the history at the next task wake-up, so that the position where the processing omission has occurred is reliably specified. Can be.
[0049]
The present invention can be embodied in the following modes other than the above.
In the above embodiment, the control CPU 11 receives a trigger signal from the monitoring CPU 12 and wakes up the task B with the trigger signal. However, the configuration may be changed. For example,
(1) The control CPU 11 wakes up the task B every time data is periodically received from the monitoring CPU 12. However, in this case, it is a precondition that periodic communication is performed between the two CPUs.
(2) The control CPU 11 inputs a WD pulse from the monitoring CPU 12, and wakes up the task B each time the WD pulse is input. In this case, in the configuration of FIG. 1 described above, a configuration may be adopted in which the WD pulse from the monitoring CPU 12 to the WD circuit 15 is branched and the WD pulse is also input to the control CPU 11.
[0050]
In any of these cases, the control CPU 11 counts the counter CB at a fixed period, and the clock abnormality can be properly detected based on the difference between the counters CA and CB.
[0051]
In the above-described embodiment, the case where the periods of the counters CA and CB (that is, the wake-up periods of the task A and the task B) are the same is illustrated, but the periods may be different. Even if the counters CA and CB have different periods, if each counter is normal, the difference ΔCn maintains a certain regularity. Therefore, the difference ΔCn is also compared at two timings before and after, and a clock abnormality can be detected from the comparison result.
[0052]
The present invention can be applied to other ECUs besides the engine ECU, and can be embodied in applications other than the vehicle electronic control device. The point is that an electronic control device having two or more CPUs, each of which is configured to receive an individual clock signal and perform periodic arithmetic processing by each CPU based on the clock signal. The invention is applicable.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a configuration of an engine ECU according to an embodiment of the present invention.
FIGS. 2A to 2D are time charts showing a counter operation.
FIG. 3 is a flowchart showing a procedure of a task A by a control CPU.
FIG. 4 is a flowchart showing an abnormality detection process by a control CPU.
FIG. 5 is a flowchart showing a procedure of a task B by a control CPU.
FIG. 6 is a flowchart illustrating periodic processing by a monitoring CPU.
[Explanation of symbols]
10 ECU, 11 control CPU, 12 monitoring CPU, 13, 14 oscillator, 15 monitoring circuit.

Claims (14)

A first CPU and a second CPU, each of which receives an individual clock signal, performs periodic arithmetic processing on each of the CPUs based on the clock signal, and outputs a clock signal to the second CPU; An electronic control unit for notifying the first CPU of time information of a fixed cycle based on a signal,
The first CPU counts the main counter at a fixed cycle based on a clock signal input thereto, and counts a sub-counter based on time information at a fixed cycle input from the second CPU. An electronic control device, wherein a difference between counters is compared at two timings before and after, and an abnormality in the clock signal is detected from the comparison result. The first CPU wakes up the task A at a fixed cycle, counts the main counter in the task A, wakes up the task B triggered by time information from the second CPU, and sets the sub-counter in the task B. 2. The electronic control device according to claim 1, wherein counting is performed. 3. The electronic control device according to claim 1, wherein the second CPU outputs a trigger signal at a constant cycle in a periodic process based on a clock signal, and the first CPU counts a sub-counter every time the trigger signal is input. 4. . 3. The electronic device according to claim 1, wherein the second CPU performs data transmission at a constant cycle in a periodic communication process based on a clock signal, and the first CPU counts a sub-counter each time data is received from the second CPU. 4. Control device. A monitor circuit for inputting a watchdog pulse which is inverted at a predetermined cycle from the second CPU, and outputting a reset signal to the second CPU if the watchdog pulse is not inverted for a predetermined time or more; 3. The electronic control device according to claim 1, wherein a dog pulse is input from the second CPU, and the sub-counter is counted each time the input is performed. 6. The first CPU determines a clock abnormality when the difference between the main and sub counters at two timings before and after is compared to determine a difference change amount, and when the difference change amount is the same each time. An electronic control unit according to any one of the above. The first CPU compares the difference between the main and sub counters at the two timings before and after to determine a difference change amount, and when the difference change amount is equivalent to the count of one counter, one of the counters is stopped. The electronic control device according to any one of claims 1 to 6, wherein the electronic control device determines that the operation is performed. 8. The electronic control device according to claim 1, wherein the periods of the main and sub counters are the same. The first CPU wakes up a predetermined task by using time information notified from the second CPU as a trigger, leaves a history of processing completion in a specified processing unit within the task, and skips processing from the history when the next task wakes up. The electronic control device according to claim 1, wherein the electronic control device detects an abnormality. 10. The electronic control unit according to claim 9, wherein the first CPU wakes up a plurality of tasks having different priorities and leaves a history of processing completion in a specified processing unit among tasks having a lower priority. 11. The electronic control device according to claim 9, wherein the first CPU counts the sub-counter at the end of a predetermined task woken up by time information from the second CPU. A first CPU and a second CPU, each of which receives an individual clock signal, performs periodic arithmetic processing on each of the CPUs based on the clock signal, and outputs a clock signal to the second CPU; An electronic control unit for notifying the first CPU of time information of a fixed cycle based on a signal,
The first CPU wakes up a predetermined task by using time information notified from the second CPU as a trigger, leaves a history of processing completion in a specified processing unit in the task, and skips processing from the history when the next task wakes up. An electronic control device for detecting an abnormality. 13. The electronic control device according to claim 12, wherein the first CPU wakes up a plurality of tasks having different priorities and leaves a history of processing completion in a predetermined processing unit among tasks having a lower priority. The first CPU performs an electronic throttle control, the second CPU is applied as an electronic control unit for a vehicle that performs a fail-safe process related to the electronic throttle control, and the first CPU detects that a clock abnormality or a processing omission abnormality has occurred. The electronic control device according to any one of claims 1 to 13, wherein the second CPU notifies the second CPU when the first CPU performs the fail-safe process based on the abnormality information from the first CPU.

Images