[go: up one dir, main page]

WO2008132554A1 - Mixed signal device for use in a distributed system - Google Patents

Mixed signal device for use in a distributed system Download PDF

Info

Publication number
WO2008132554A1
WO2008132554A1 PCT/IB2007/051545 IB2007051545W WO2008132554A1 WO 2008132554 A1 WO2008132554 A1 WO 2008132554A1 IB 2007051545 W IB2007051545 W IB 2007051545W WO 2008132554 A1 WO2008132554 A1 WO 2008132554A1
Authority
WO
WIPO (PCT)
Prior art keywords
operational status
mixed signal
status information
signal device
devices
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2007/051545
Other languages
French (fr)
Inventor
Leonhard Link
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NXP USA Inc
Original Assignee
Freescale Semiconductor Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Freescale Semiconductor Inc filed Critical Freescale Semiconductor Inc
Priority to PCT/IB2007/051545 priority Critical patent/WO2008132554A1/en
Publication of WO2008132554A1 publication Critical patent/WO2008132554A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/403Bus networks with centralised control, e.g. polling
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W50/02Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
    • B60W50/0205Diagnosing or detecting failures; Failure detection models
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/03Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for supply of electrical power to vehicle subsystems or for
    • B60R16/0315Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for supply of electrical power to vehicle subsystems or for using multiplexing techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Definitions

  • This invention relates to a mixed signal device for use in a distributed system, a distributed system, and a method of securing operational status information of a distributed system.
  • Embedded systems are combinations of computer hardware and software, together with additional inputs (e.g. sensors, switches and the like) and outputs (such as actuators, or driving circuits, and the like) that are designed together as a system to carry out a particular function, or set of functions.
  • additional inputs e.g. sensors, switches and the like
  • outputs such as actuators, or driving circuits, and the like
  • Industrial machines, automobiles, consumer electronics, PDAs, mobile phones, household appliances and medical equipment are all examples of such embedded systems.
  • Embedded systems may be considered a form of distributed system, where a number of independent devices interoperate with each other to carry out the intended system functions.
  • Distributed systems are typically used to control the functioning of some process, such as a manufacturing process in a factory, or the functioning of a machine, such as a car, or other vehicle.
  • a classic example of a distributed system is an electronic control system for a car, incorporating such things as the control system for the airbags, the electronic engine management system and the like.
  • An example of a distributed system in this context is shown in Fig. 1 of the drawings.
  • distributed systems control or sense different parameters of the process or machine being controlled, and activate means dependent upon the sensed parameters.
  • the airbag control system maybe continually sensing the acceleration rate of the vehicle, ready to fire the airbag detonators upon sensing a rapid deceleration.
  • embedded/distributed systems typically require real world signals to be encoded into digital representations, for processing digitally within the embedded system, as well as digital signals to be outputted into the analog world, using actuators or other output devices. Therefore, typically, embedded/distributed systems have both digital and analog circuit portions, and are thus termed 'mixed signal'. Examples of the analog portions are various sensors, current sources, voltage sources, voltage regulators analog to digital converters, and the like, meanwhile examples of the digital portions include processors and control logic, often in the form of fixed function state machines.
  • Distributed systems typically comprise a number of remote mixed signal devices (devices containing both digital and analog modules) that are controlled by a central Master Microcontroller Unit (MCU) that is in charge of the system operation as a whole. Also, typically, such distributed systems are connected by low bandwidth communications links, for example, Serial Perpheral Interface (SPI) communication links.
  • SPI Serial Perpheral Interface
  • the main or master device retrieves and validates the operational status of all the linked remote mixed signal devices. This involves sending diagnosis control signals to the remote mixed signal devices, to control the diagnosis of the linked device, and receiving operational status information back from the linked devices once the particular diagnosis task is finished on that device.
  • diagnosis control signals, and the returned operational status information i.e. diagnosis result signals
  • sending of control signals to the linked device under test must often be carried out in a tightly time coupled fashioned (i.e. the control signals must be sent in a particular and timely order, to ensure the distributed system as a whole is operating as the designers intended).
  • the present invention provides a mixed signal device as set out in claim 1 , a distributed system as set out in claim 22, and method of securing operational data as set out in claim 23.
  • FIG. 1 is a schematic diagram showing an exemplary use of a mixed signal distributed system in a vehicle.
  • FIG. 2 is a block schematic diagram of a prior art mixed signal device, in communication with an MCU;
  • FIG. 3 is a block schematic diagram of a mixed signal device in accordance with one embodiment of the invention, given by way of example only, again in communication with an MCU;
  • FIG. 4 is a schematic representation of exemplary data types used to produce a signature according to an embodiment of the invention
  • FIG. 5 is a schematic block diagram showing cross checking of signatures by devices according to an embodiment of the invention.
  • diagnosis function of a distributed system having at least two independent and interoperating devices, such as one or more remote mixed signal devices under the control of a master microcontroller unit (MCU).
  • MCU master microcontroller unit
  • the diagnosis function of a distributed system is its ability to determine an operational status, including response characteristic, of the distributed system as a whole. It will be appreciated that the diagnosis function is carried out on the same general hardware (i.e. master and remote devices, and the communication links there between) upon which the functions of the system are carried out upon.
  • the diagnosis functions impinge on the speed (or even outright ability) of the system to carry out its intended function(s).
  • FIG. 1 shows an example mixed signal distributed system in a vehicle, where a master microcontroller unit (MCU) 20 is connected to a number of remote devices 10.
  • the system may include input devices, such as sensors 10a, and output devices, such as actuating circuits 10b. Equally, a single remote device might be a mixture of inputs and outputs.
  • Examples of typical sensors found in a vehicle would include accelerometers (for detecting the amount of acceleration or deceleration the vehicle is experiencing at a particular moment in time, and which would be indicative of a potential impending collision), temperature sensors (to indicate overheating, and the like), or mechanical sensors (for detecting the physical orientation of vehicle parts, and the like).
  • Examples of the sorts of actuator circuits found in vehicles would include the lamp driver circuits for the dashboard indicator lamps 12, seat belt pre-tensioners, or airbag explosive squib circuits.
  • other sensors and actuators may also be involved. An example of a distinct operation carried out by the distributed system of FIG.
  • the booth latch sensor 10a sensing that the boot is still open, and lighting up a lamp 12 in the dashboard to signify this to the vehicle driver.
  • Another example would be an accelerometer sensor coupled to the MCU 20, for sensing the rapid deceleration of the vehicle in order to deploy the seat belt pre-tensioners in the case of a crash.
  • the present invention will now be explained in the context of a simple two device distributed system 1 , as shown in FIG.1 surrounded by a dashed line.
  • the mixed signal device will be considered as generic and only those parts of the mixed signal device that are relevant to the invention will be described herein.
  • FIG. 2 shows the simple two device distributed system 1 according to the prior art
  • FIG. 3 shows the same simple two device distributed system 1 , but this time according to the invention.
  • a remote mixed signal device 10 according to the prior art is coupled to a master MCU 20 using a low bandwidth communication link 25, such as a Serial Peripheral Interface (SPI) communications link.
  • the remote device 10 comprises a communications link interface 30, a number of analog modules 40...43, and an internal bi-directional communications bus 50, for coupling the analog modules to the communications interface 30.
  • SPI Serial Peripheral Interface
  • the MCU 20 sends diagnosis control data signals to the remote device 10, to carry out the diagnosis function.
  • the diagnosis function may include querying the status of the mixed signal device 10 (for example operating voltage levels of certain components, bias values, and the like) and determining the mixed signal device's response to a particular set of input parameters.
  • the diagnosis control signals are sent over the low bandwidth communication link 25, to a communications link interface 30 on the remote device 10.
  • the diagnosis control data is forwarded to the relevant selected analog module 40..43 using a bi-directional bus 50.
  • the bi-directional bus 50 carries the control signals incoming from the MCU 20 over the communication link 25 to the selected analog module under diagnosis control. While the relevant diagnosis function is carried out, the bus 50 carries the full raw diagnosis response data signals, ie. operational status information, back from the selected analog module to the MCU 20, via the SPI communications link interface 30, for analysis by the MCU 20.
  • the diagnosis function of a particular remote mixed signal device 10 is carried out by a basic fixed function state machine (not shown) within the remote mixed signal device 10, acting upon the full diagnosis control data incoming from the master MCU 20.
  • the diagnosis function typically involves tightly time coupled tasks (for example timely trigger requests and their responses), in order to accurately test whether a particular analog module 40..43 will respond correctly, in time, and in the right order.
  • the communication links 25 are often saturated with these trigger requests, or at least the available bandwidth over the communication links 25 is much reduced. This is most often the case in the start up/initialisation process for the distributed system 1.
  • FIG. 3 shows a mixed signal device 100 according to an embodiment of the present invention, in the same simple two device distributed system 1.
  • the mixed signal device 100 incorporates an operational status information compression unit 70 between the analog modules 40...43 and the communications link interface 30, for compressing the operational status information prior to sending over the communications link 25.
  • an operational status information compression unit 70 between the analog modules 40...43 and the communications link interface 30, for compressing the operational status information prior to sending over the communications link 25.
  • the operational status information compression unit 70 comprises a CRC (cyclic redundancy check) signature calculation unit that compacts the operational status information into a unique digital signature, or digest, that is much shorter than the original raw operational status information.
  • CRC cyclic redundancy check
  • a unique signature ensures the reliability of the compressed information, because the signature accurately encapsulates all the operational status information, and thus changes (due to both changes in the operational status information or errors introduced during transmission) are detectable.
  • the remote mixed signal device 100 may also contain a multiplexer 60, to multiplex the operational status information of a particular one of the analog modules 40..43 into the operational status information compression unit 70.
  • the multiplexer 60 selects a particular analog module as the input, under control of the operational status information compression unit 70.
  • the MCU 20 checks that a particular analog module, or other sub-portion, of the distributed system is operating correctly by checking that any unique signatures received from the particular analog module 40..43 match expected signatures for that analog module.
  • the expected signatures may be determined during system design, else are calculated on the fly by the MCU 20, or other processing means within the distributed system 1 , during operation. Any mismatch between the actual and expected signatures indicate a deviation from the expected behaviour of the particular portion (e.g. analog module 40..43) of the system 1.
  • the MCU 20 can either halt the system 1 , query the erroneous portion of the distributed system further, or simply indicate an error to a user (for example, by lighting up a warning lamp when an actuator has gone wrong, and therefore requires servicing).
  • remote devices 100 only send signatures indicative of the operational status of their portion of the distributed systems upon receiving a request for the signature from the MCU 20. This reduces the diagnosis bandwidth requirements to their lowest. However, in the case where higher bandwidth links are used between the remote devices 100 and the MCU 20, the signatures may be sent periodically instead.
  • the remote mixed signal device 100 might further comprise a bypass unit 80, also located between the analog modules 40..43 and communications interface 30, for bypassing the operational status information compression unit 70.
  • the bypass unit 80 may be incorporated in the case where lossy compression, such as CRC signature compaction, of the operational status information is used.
  • the bypass unit 80 may be used when an operational status information mismatch occurs, and the system 1 , and in particular the MCU 20 requires the full uncompressed operational status data for further analysis.
  • the remote mixed signal device 100 also includes a comparison circuit 90, for comparing a signature received from another device in the system, or the Master MCU 20, to a pre-calculated expected signature.
  • a signature calculation unit 30 and comparison unit 90 are included in each remote mixed signal device 100 within the distributed system 1 , the remote mixed signal devices 100 can cross check each other's operation. In this way, the surveillance of the distributed system's operation can be distributed over the whole system, rather than be centralised in the master control device, e.g. MCU 20.
  • the comparison circuit may include a memory to store pre-calculated expected signatures, or may include processing means to pre-calculate expected signature on the fly. A mix of the two types (pre-storage and pre-calculation) might also be employed.
  • the master control device e.g. MCU 20, may also contain an operation status information compression unit, in the form of a signature calculation unit (not shown), such as the unit 70 of the remote mixed signal device 100 to enable the
  • FIG. 5 shows an example of the signature creation process within the operational status information compression unit 70.
  • the signature is created from the raw operational status information values. These values may be static, i.e. not changing over time, or dynamic, i.e. changing over time. Although it is possible to pre-calculate both static and dynamic values in the distributed system 1 design phase, doing so for dynamic values is more difficult to achieve. Thus dynamic values might be partitioned off for precalculation on the fly during operation, whereas static values are pre-calculated and stored in a memory. Static values include data on such things as: Analog to Digital Converter
  • ADC Analog to Digital Converter values
  • Diagnosis results e.g. coil or failsafe relay diagnosis
  • keep alive data system time; coarse wheel speed values, status flags of any kind, and the like.
  • a seed is provided.
  • the seed is a unique starting point for creating the CRC signature.
  • the seed may remain constant over time and device, or change, depending on the requirements of the system.
  • a cycle counter value may also be used to allow differentiation between different signatures.
  • a seed and cycle counter value are added to the front of a string including the operational status information, which in the example shown in FIG. 4 include the time, status bits and a digital voltage representation.
  • serialized data stream as used in the CRC calculation.
  • serialized data stream of status information is subdivided into the parallel data portions used by the CRC and fed from left to right.
  • Any CRC implementation can be used, as well as any other functions that generate a unique number, such as MD5 or SHA-1 hash functions.
  • the final signature size is open ended, i.e. may be of any bit length, depending on the amount of data to be sent. Different signatures are differentiated from one another by a recognisable portion, such as the seed value, or cycle counter value.
  • the request can implicitly define a particular signature.
  • the above described additional modules i.e. operational status compression unit 70, bypass unit 80 and comparison circuit 90, are all formed from a processor and associated memory containing instructions to carry out the particular functions required. In this way, the scope of the functions of each unit may be changed during operation of the system by updating the instructions, or code, in the associated memory. Equally, however, each unit may be formed from its own processor and associated memory, or the units may share processor and/or memory. Furthermore, the associated memory may be used to store any pre-calculated expected signatures and the like.
  • Updating of the system code may occur at any time, although, typically, the code would be updated on system initialisation.
  • This update code is referred to as configuration data.
  • the system code may be also secured by CRC signature, or similar, to prevent errors.
  • FIG. 5 shows schematically the case where a remote mixed signal device 100 and MCU according to an embodiment of the invention cross check one another's operational status information.
  • signatures generated in the MCU 20 are sent over the SPI communication link 25 to the remote mixed signal device 100, having a comparison circuit 90 as described above, and are checked for integrity in the remote mixed signal device 100.
  • the remote mixed signal device 100 sends signature to the MCU 20, again over the SPI communication link 25, for checking at the MCU 20 end.
  • Typical examples of the type of value checks carried out at the remote mixed signal device 100 end would be: configuration data mismatch check (i.e. the incoming update data is checked for integrity); correct code order execution in the MPU 20; code runaway checks (i.e. checking for key subroutine execution, or interrupt routines); course check of ADC values, such as voltage regulator values; course checks on timing of watchdog transfers.
  • Typical examples of the type of value checks carried out at the MCU 20 (or other remote mixed signal device 100) end would be: actuator status; bias voltage values; or the checking of status flags of any kind. In this way, the remote mixed signal device 100 can ascertain that the MCU
  • the MCU 20 can ascertain that the remote mixed signal device 100 is operating correctly. Any mismatch between the sent signatures and the expected signatures will indicate an error in the system.
  • diagnosis function can be overridden by the master controller, e.g. MCU 20, by forwarding respective commands to the relevant remote mixed signal device 100 over the SPI communication link 25.
  • the mixed signal device according to the present invention is manufactured on a single die.
  • mixed signal devices may be manufactured in a single package, incorporating different semiconductor dies. This commonly occurs when the actuator analog device is a high powered device, such as those found in airbag squib detonator circuits.
  • the first die may be optimised for the requirements and characteristics of the high powered analog module portion and the second die may be optimised for the requirements and characteristics of the digital portions.
  • the first die may be manufactured using simpler and cheaper technology, such as a vertical discrete MOSFET technology like HDTMOS technology and the second die may be manufactured using a SMARTMOS technology developed by Freescale Semiconductor Inc.
  • a vertical discrete MOSFET technology like HDTMOS technology
  • the second die may be manufactured using a SMARTMOS technology developed by Freescale Semiconductor Inc.
  • the advantages of the more complex technology may be used to provide high integration and additional functionality for the digital portions and the cheaper technology may be used for high powered analog module portion, which due to the energy dissipation requirements, is required to be a larger device.
  • the mixed signal device of the present invention may be realised in separate packages, but co-located on a single circuit board having an shared communications link to the MCU 20, for example an SPI link.
  • the disclosed distributed system 1 is operable to allow a master controller device, for example a MCU 20, and at least one mixed signal device to cross check each other's operational status information and provide indicia of validity of the operational status of the system as a whole to the master controller, which can then act upon this information in an appropriate manner.
  • a master controller device for example a MCU 20
  • at least one mixed signal device to cross check each other's operational status information and provide indicia of validity of the operational status of the system as a whole to the master controller, which can then act upon this information in an appropriate manner.
  • the above described embodiments of the invention provide a fast and reliable local status validation approach for linked devices, capable of securing a large amount of data and inputs.
  • the present invention is operable to reduce transmission bandwidth requirements, thus enabling the low bandwidth communication links typically used in distributed systems to be sufficient to provide timely diagnosis information
  • the present invention may be equally used with high bandwidth links to enable more diagnosis tasks to be carried out per unit time. Thus diagnosis can be carried out to a finer granularity with higher bandwidth communication links between the devices within the distributed system.
  • suitable high bandwidth communications links include FlexRay, Ethernet, Ultra Wideband (UWB), and the like.
  • Wireless links may also be used as exemplified by the UWB example above.
  • diagnosis trigger requests and the associated return data can generate a heavy load on a distributed system's resources.
  • the present invention provides an operational status information compression unit local to each remote mixed signal device 100, under the control of the master MCU 20. In this way, specific status for a particular remote device is fed into the local operational status information compression unit 70 in an ordered way. The final result (the compressed operational status information, i.e. signature) is then transmitted to the system master MCU 20.
  • the operational status information compression is done by a signature calculation using a CRC calculation with a constant or changing seed. A new seed might also be provided for each transfer.
  • the master MCU 20 itself either knows the expected signature (by having pre-calculated expected signatures available in memory) or calculates them 'on the fly' from the expected status in a single shot operation (by using a single shot calculation for the signature, the calculation does not need to be scheduled for a certain point in time or be distributed over a longer period).
  • the invention may for example be used in mixed signal systems where an MCU is used to control a companion chip as a linked device, i.e. Airbag, Braking systems and others. These safety relevant systems require a tight operation coupling with minimum status synchronisation and surveillance overhead. However it can be used likewise for synchronising any other devices, for example, multiple MCU's or multicore systems.
  • Determination of the operational status information may also be called distributed operation surveillance (of the system as a whole), which is used to ensure correct operational coupling of the linked devices.
  • distributed operation surveillance of the system as a whole
  • the invention has been described with reference to specific examples of embodiments of the invention. It will, however, be evident that various modifications and changes may be made therein without departing from the broader spirit and scope of the invention as set forth in the appended claims. For instance, whilst the above has been described in terms of a remote mixed signal device, having both analog and digital portions, it would be apparent to the skilled person that any distributed system may benefit from the teachings of the present invention, such as an all digital system of multiple processors located at different ends of low bandwidth communication links.
  • low bandwidth links are to be construed as meaning communication links that are insufficient in size to carry all the uncompressed data.
  • the connections may be an type of connection suitable to transfer signals from or to the respective nodes, units or devices, for example via intermediate devices. Accordingly, unless implied or stated otherwise the connections may for example be direct connections or indirect connections.
  • any reference signs placed between parentheses shall not be construed as limiting the claim. The word 'comprising' does not exclude the presence of other elements or steps then those listed in a claim.

Landscapes

  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Human Computer Interaction (AREA)
  • Transportation (AREA)
  • Mechanical Engineering (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

A mixed signal device (100) for use in a distributed system (1 ) of independent and interoperating devices, comprising at least one analog module (40), wherein the mixed signal device (100) is operable to provide operational status information about the at least one analog module (40); characterised in that the mixed signal device (100) further comprises an operational status compression unit (70) for compressing the operational status information prior to sending to another device (20) in the distributed system (1 ) of independent and interoperating devices.

Description

MIXED SIGNAL DEVICE FOR USE IN A DISTRIBUTED SYSTEM
Field of the invention
This invention relates to a mixed signal device for use in a distributed system, a distributed system, and a method of securing operational status information of a distributed system.
Background of the invention
Embedded systems are combinations of computer hardware and software, together with additional inputs (e.g. sensors, switches and the like) and outputs (such as actuators, or driving circuits, and the like) that are designed together as a system to carry out a particular function, or set of functions. Industrial machines, automobiles, consumer electronics, PDAs, mobile phones, household appliances and medical equipment are all examples of such embedded systems.
Embedded systems may be considered a form of distributed system, where a number of independent devices interoperate with each other to carry out the intended system functions.
Distributed systems are typically used to control the functioning of some process, such as a manufacturing process in a factory, or the functioning of a machine, such as a car, or other vehicle. A classic example of a distributed system is an electronic control system for a car, incorporating such things as the control system for the airbags, the electronic engine management system and the like. An example of a distributed system in this context is shown in Fig. 1 of the drawings.
When using a distributed system comprising two or more independent, interoperating devices, where the function of the system as a whole is distributed across the independent devices, it is desirable to be able to validate the operational status of the system as a whole, in order to determine that the entire system is operating correctly. This is particularly so in the case of safety critical systems, such as the above mentioned airbag control systems found in vehicles. The validation of the operational status of a system is also known as diagnosis of the system. Although diagnosis may be carried out continuously throughout the operating life of a distributed system, due to the bandwidth requirements, it is often only carried out on initialisation, or start up, of the distributed system.
Typically, distributed systems control or sense different parameters of the process or machine being controlled, and activate means dependent upon the sensed parameters. For example, in a vehicle, the airbag control system maybe continually sensing the acceleration rate of the vehicle, ready to fire the airbag detonators upon sensing a rapid deceleration. Thus, embedded/distributed systems typically require real world signals to be encoded into digital representations, for processing digitally within the embedded system, as well as digital signals to be outputted into the analog world, using actuators or other output devices. Therefore, typically, embedded/distributed systems have both digital and analog circuit portions, and are thus termed 'mixed signal'. Examples of the analog portions are various sensors, current sources, voltage sources, voltage regulators analog to digital converters, and the like, meanwhile examples of the digital portions include processors and control logic, often in the form of fixed function state machines.
Distributed systems typically comprise a number of remote mixed signal devices (devices containing both digital and analog modules) that are controlled by a central Master Microcontroller Unit (MCU) that is in charge of the system operation as a whole. Also, typically, such distributed systems are connected by low bandwidth communications links, for example, Serial Perpheral Interface (SPI) communication links.
In the known methods of validating distributed systems, the main or master device retrieves and validates the operational status of all the linked remote mixed signal devices. This involves sending diagnosis control signals to the remote mixed signal devices, to control the diagnosis of the linked device, and receiving operational status information back from the linked devices once the particular diagnosis task is finished on that device. Such diagnosis control signals, and the returned operational status information (i.e. diagnosis result signals) consume bandwidth on the communication links between the interoperating devices. Furthermore, the sending of control signals to the linked device under test must often be carried out in a tightly time coupled fashioned (i.e. the control signals must be sent in a particular and timely order, to ensure the distributed system as a whole is operating as the designers intended). The tight time requirements place even more strain on the communication links between the interoperating devices, often resulting in the slowing down of the distributed system as a whole. This is because of the high load on the master device (e.g. MCU) caused by requesting and evaluating the diagnosis data, as well as the large amount of traffic being sent over the communication links and the high utilisation of the linked interoperating device. Thus diagnosis of a distributed system generally causes a higher unavailability of the system components.
Thus it would be desirable to reduce diagnosis resource usage in distributed systems.
Summary of the invention The present invention provides a mixed signal device as set out in claim 1 , a distributed system as set out in claim 22, and method of securing operational data as set out in claim 23.
Brief description of the drawings
A mixed signal device, distributed system and method, in accordance with the present invention will now be described, by way of example only, with reference to the accompanying drawings, in which:
FIG. 1 is a schematic diagram showing an exemplary use of a mixed signal distributed system in a vehicle.
FIG. 2 is a block schematic diagram of a prior art mixed signal device, in communication with an MCU;
FIG. 3 is a block schematic diagram of a mixed signal device in accordance with one embodiment of the invention, given by way of example only, again in communication with an MCU;
FIG. 4 is a schematic representation of exemplary data types used to produce a signature according to an embodiment of the invention; and FIG. 5 is a schematic block diagram showing cross checking of signatures by devices according to an embodiment of the invention.
Items that remain the same or remain functionally similar retain the same reference numerals throughout the drawings.
Detailed description of the preferred embodiments
The following description is primarily focussed on the diagnosis function of a distributed system having at least two independent and interoperating devices, such as one or more remote mixed signal devices under the control of a master microcontroller unit (MCU). As previously mentioned, the diagnosis function of a distributed system is its ability to determine an operational status, including response characteristic, of the distributed system as a whole. It will be appreciated that the diagnosis function is carried out on the same general hardware (i.e. master and remote devices, and the communication links there between) upon which the functions of the system are carried out upon. Thus, the diagnosis functions impinge on the speed (or even outright ability) of the system to carry out its intended function(s).
FIG. 1 shows an example mixed signal distributed system in a vehicle, where a master microcontroller unit (MCU) 20 is connected to a number of remote devices 10. The system may include input devices, such as sensors 10a, and output devices, such as actuating circuits 10b. Equally, a single remote device might be a mixture of inputs and outputs.
Examples of typical sensors found in a vehicle would include accelerometers (for detecting the amount of acceleration or deceleration the vehicle is experiencing at a particular moment in time, and which would be indicative of a potential impending collision), temperature sensors (to indicate overheating, and the like), or mechanical sensors (for detecting the physical orientation of vehicle parts, and the like). Meanwhile, examples of the sorts of actuator circuits found in vehicles would include the lamp driver circuits for the dashboard indicator lamps 12, seat belt pre-tensioners, or airbag explosive squib circuits. However, it will be apparent to the skilled person that other sensors and actuators may also be involved. An example of a distinct operation carried out by the distributed system of FIG. 1 would be the booth latch sensor 10a sensing that the boot is still open, and lighting up a lamp 12 in the dashboard to signify this to the vehicle driver. Another example would be an accelerometer sensor coupled to the MCU 20, for sensing the rapid deceleration of the vehicle in order to deploy the seat belt pre-tensioners in the case of a crash.
The present invention will now be explained in the context of a simple two device distributed system 1 , as shown in FIG.1 surrounded by a dashed line. For ease of explanation, the mixed signal device will be considered as generic and only those parts of the mixed signal device that are relevant to the invention will be described herein.
FIG. 2 shows the simple two device distributed system 1 according to the prior art, while FIG. 3 shows the same simple two device distributed system 1 , but this time according to the invention. In FIG. 2 a remote mixed signal device 10 according to the prior art is coupled to a master MCU 20 using a low bandwidth communication link 25, such as a Serial Peripheral Interface (SPI) communications link. The remote device 10 comprises a communications link interface 30, a number of analog modules 40...43, and an internal bi-directional communications bus 50, for coupling the analog modules to the communications interface 30.
In the context of the operational status diagnosis function only, the MCU 20 sends diagnosis control data signals to the remote device 10, to carry out the diagnosis function. The diagnosis function may include querying the status of the mixed signal device 10 (for example operating voltage levels of certain components, bias values, and the like) and determining the mixed signal device's response to a particular set of input parameters. The diagnosis control signals are sent over the low bandwidth communication link 25, to a communications link interface 30 on the remote device 10.
The diagnosis control data is forwarded to the relevant selected analog module 40..43 using a bi-directional bus 50. The bi-directional bus 50 carries the control signals incoming from the MCU 20 over the communication link 25 to the selected analog module under diagnosis control. While the relevant diagnosis function is carried out, the bus 50 carries the full raw diagnosis response data signals, ie. operational status information, back from the selected analog module to the MCU 20, via the SPI communications link interface 30, for analysis by the MCU 20. Typically, the diagnosis function of a particular remote mixed signal device 10 is carried out by a basic fixed function state machine (not shown) within the remote mixed signal device 10, acting upon the full diagnosis control data incoming from the master MCU 20.
Also, the diagnosis function typically involves tightly time coupled tasks (for example timely trigger requests and their responses), in order to accurately test whether a particular analog module 40..43 will respond correctly, in time, and in the right order. Thus, in the prior art device, the communication links 25 are often saturated with these trigger requests, or at least the available bandwidth over the communication links 25 is much reduced. This is most often the case in the start up/initialisation process for the distributed system 1.
When this saturation or bandwidth reduction occurs, the communications links 25 are no longer fully available for carrying out the actual system functions (i.e. intended application functions) and thus distributed systems 1 having mixed signal devices 10 according to the prior art suffer slow down during this start-up phase, and even later if the diagnosis function is ongoing. Alternatively, for example in the case where the system is primarily returning sensor data to the MCU 20, the amount of sensor data that can be carried, and when, is affected by the lack of available remaining bandwidth, after the diagnosis response are taken into account. FIG. 3 shows a mixed signal device 100 according to an embodiment of the present invention, in the same simple two device distributed system 1.
In overview, the mixed signal device 100 according to the present invention incorporates an operational status information compression unit 70 between the analog modules 40...43 and the communications link interface 30, for compressing the operational status information prior to sending over the communications link 25. In this way, the bandwidth requirements of the diagnosis function is reduced, since the amount of data sent between remote devices 100 and the MCU 20 is reduced.
In an embodiment, the operational status information compression unit 70 comprises a CRC (cyclic redundancy check) signature calculation unit that compacts the operational status information into a unique digital signature, or digest, that is much shorter than the original raw operational status information.
Furthermore, using a unique signature ensures the reliability of the compressed information, because the signature accurately encapsulates all the operational status information, and thus changes (due to both changes in the operational status information or errors introduced during transmission) are detectable.
To enable the operational status information of more than one analog module 40..43 to be compacted into a unique signature, the remote mixed signal device 100 may also contain a multiplexer 60, to multiplex the operational status information of a particular one of the analog modules 40..43 into the operational status information compression unit 70. The multiplexer 60 selects a particular analog module as the input, under control of the operational status information compression unit 70.
The MCU 20 checks that a particular analog module, or other sub-portion, of the distributed system is operating correctly by checking that any unique signatures received from the particular analog module 40..43 match expected signatures for that analog module.
The expected signatures may be determined during system design, else are calculated on the fly by the MCU 20, or other processing means within the distributed system 1 , during operation. Any mismatch between the actual and expected signatures indicate a deviation from the expected behaviour of the particular portion (e.g. analog module 40..43) of the system 1. In the case that a signature mismatch occurs, and thus an error in the operation of the system 1 has been detected, depending on the design of the system 1 or where the error occurred, the MCU 20 can either halt the system 1 , query the erroneous portion of the distributed system further, or simply indicate an error to a user (for example, by lighting up a warning lamp when an actuator has gone wrong, and therefore requires servicing). In an embodiment, remote devices 100 only send signatures indicative of the operational status of their portion of the distributed systems upon receiving a request for the signature from the MCU 20. This reduces the diagnosis bandwidth requirements to their lowest. However, in the case where higher bandwidth links are used between the remote devices 100 and the MCU 20, the signatures may be sent periodically instead.
Depending upon system design parameters, e.g. the type of compression used, the remote mixed signal device 100 might further comprise a bypass unit 80, also located between the analog modules 40..43 and communications interface 30, for bypassing the operational status information compression unit 70. The bypass unit 80 may be incorporated in the case where lossy compression, such as CRC signature compaction, of the operational status information is used. Thus, the bypass unit 80 may be used when an operational status information mismatch occurs, and the system 1 , and in particular the MCU 20 requires the full uncompressed operational status data for further analysis.
In an embodiment, the remote mixed signal device 100 also includes a comparison circuit 90, for comparing a signature received from another device in the system, or the Master MCU 20, to a pre-calculated expected signature. Where a signature calculation unit 30 and comparison unit 90 are included in each remote mixed signal device 100 within the distributed system 1 , the remote mixed signal devices 100 can cross check each other's operation. In this way, the surveillance of the distributed system's operation can be distributed over the whole system, rather than be centralised in the master control device, e.g. MCU 20. Again, the comparison circuit may include a memory to store pre-calculated expected signatures, or may include processing means to pre-calculate expected signature on the fly. A mix of the two types (pre-storage and pre-calculation) might also be employed.
The master control device, e.g. MCU 20, may also contain an operation status information compression unit, in the form of a signature calculation unit (not shown), such as the unit 70 of the remote mixed signal device 100 to enable the
MCU 20 to be cross checked by any connected remote mixed signal devices 100.
More detail on this is to be found below, with reference to FIG. 5. FIG. 5 shows an example of the signature creation process within the operational status information compression unit 70.
The signature is created from the raw operational status information values. These values may be static, i.e. not changing over time, or dynamic, i.e. changing over time. Although it is possible to pre-calculate both static and dynamic values in the distributed system 1 design phase, doing so for dynamic values is more difficult to achieve. Thus dynamic values might be partitioned off for precalculation on the fly during operation, whereas static values are pre-calculated and stored in a memory. Static values include data on such things as: Analog to Digital Converter
(ADC) values (voltage regulator); status flags (i.e. sensor overcurrent, Warning Lamp outputs, output monitoring, etc); master microcontroller configuration (e.g. CAN, SPI, Timer); MCU subroutine information (e.g. order of execution); watchdog timing values. Dynamic values include data on such things as: Analog to Digital Converter values (coil voltage); Diagnosis results (e.g. coil or failsafe relay diagnosis); keep alive data; system time; coarse wheel speed values, status flags of any kind, and the like.
For the embodiment of a CRC calculated signature, a seed is provided. The seed is a unique starting point for creating the CRC signature. The seed may remain constant over time and device, or change, depending on the requirements of the system. A cycle counter value may also be used to allow differentiation between different signatures.
In FIG. 4, a seed and cycle counter value are added to the front of a string including the operational status information, which in the example shown in FIG. 4 include the time, status bits and a digital voltage representation.
This provides the serialized data stream as used in the CRC calculation. In case parallel data is used as input for the CRC calculation, the serialized data stream of status information is subdivided into the parallel data portions used by the CRC and fed from left to right. Any CRC implementation can be used, as well as any other functions that generate a unique number, such as MD5 or SHA-1 hash functions.
The final signature size is open ended, i.e. may be of any bit length, depending on the amount of data to be sent. Different signatures are differentiated from one another by a recognisable portion, such as the seed value, or cycle counter value.
Alternatively, in the case where one device (e.g. MCU 20 or mixed signal device 100) in the system requests the signature from another device, the request can implicitly define a particular signature. In an embodiment, the above described additional modules, i.e. operational status compression unit 70, bypass unit 80 and comparison circuit 90, are all formed from a processor and associated memory containing instructions to carry out the particular functions required. In this way, the scope of the functions of each unit may be changed during operation of the system by updating the instructions, or code, in the associated memory. Equally, however, each unit may be formed from its own processor and associated memory, or the units may share processor and/or memory. Furthermore, the associated memory may be used to store any pre-calculated expected signatures and the like.
Updating of the system code, including the diagnosis code, may occur at any time, although, typically, the code would be updated on system initialisation. This update code is referred to as configuration data. The system code may be also secured by CRC signature, or similar, to prevent errors.
FIG. 5 shows schematically the case where a remote mixed signal device 100 and MCU according to an embodiment of the invention cross check one another's operational status information.
In FIG. 5, signatures generated in the MCU 20 are sent over the SPI communication link 25 to the remote mixed signal device 100, having a comparison circuit 90 as described above, and are checked for integrity in the remote mixed signal device 100. Conversely , the remote mixed signal device 100 sends signature to the MCU 20, again over the SPI communication link 25, for checking at the MCU 20 end. Typical examples of the type of value checks carried out at the remote mixed signal device 100 end would be: configuration data mismatch check (i.e. the incoming update data is checked for integrity); correct code order execution in the MPU 20; code runaway checks (i.e. checking for key subroutine execution, or interrupt routines); course check of ADC values, such as voltage regulator values; course checks on timing of watchdog transfers.
Typical examples of the type of value checks carried out at the MCU 20 (or other remote mixed signal device 100) end would be: actuator status; bias voltage values; or the checking of status flags of any kind. In this way, the remote mixed signal device 100 can ascertain that the MCU
20 is functioning correctly, and the MCU 20 can ascertain that the remote mixed signal device 100 is operating correctly. Any mismatch between the sent signatures and the expected signatures will indicate an error in the system.
Where required, the diagnosis function can be overridden by the master controller, e.g. MCU 20, by forwarding respective commands to the relevant remote mixed signal device 100 over the SPI communication link 25.
In an embodiment, the mixed signal device according to the present invention is manufactured on a single die. However, due to the fact that some analog or digital portions of the mixed signal device might require more specialised, or expensive, manufacturing processes compared to the remaining portions, mixed signal devices may be manufactured in a single package, incorporating different semiconductor dies. This commonly occurs when the actuator analog device is a high powered device, such as those found in airbag squib detonator circuits. Thus, the first die may be optimised for the requirements and characteristics of the high powered analog module portion and the second die may be optimised for the requirements and characteristics of the digital portions.
For example, the first die may be manufactured using simpler and cheaper technology, such as a vertical discrete MOSFET technology like HDTMOS technology and the second die may be manufactured using a SMARTMOS technology developed by Freescale Semiconductor Inc. Thus, the advantages of the more complex technology may be used to provide high integration and additional functionality for the digital portions and the cheaper technology may be used for high powered analog module portion, which due to the energy dissipation requirements, is required to be a larger device. Alternatively, the mixed signal device of the present invention may be realised in separate packages, but co-located on a single circuit board having an shared communications link to the MCU 20, for example an SPI link.
From the above description, it can be seen that the disclosed distributed system 1 is operable to allow a master controller device, for example a MCU 20, and at least one mixed signal device to cross check each other's operational status information and provide indicia of validity of the operational status of the system as a whole to the master controller, which can then act upon this information in an appropriate manner.
The above described embodiments of the invention provide a fast and reliable local status validation approach for linked devices, capable of securing a large amount of data and inputs.
Whilst the present invention is operable to reduce transmission bandwidth requirements, thus enabling the low bandwidth communication links typically used in distributed systems to be sufficient to provide timely diagnosis information, the present invention may be equally used with high bandwidth links to enable more diagnosis tasks to be carried out per unit time. Thus diagnosis can be carried out to a finer granularity with higher bandwidth communication links between the devices within the distributed system. Examples of suitable high bandwidth communications links include FlexRay, Ethernet, Ultra Wideband (UWB), and the like. Wireless links may also be used as exemplified by the UWB example above.
In summary, diagnosis trigger requests and the associated return data can generate a heavy load on a distributed system's resources. Thus the present invention provides an operational status information compression unit local to each remote mixed signal device 100, under the control of the master MCU 20. In this way, specific status for a particular remote device is fed into the local operational status information compression unit 70 in an ordered way. The final result (the compressed operational status information, i.e. signature) is then transmitted to the system master MCU 20.
In an embodiment, the operational status information compression is done by a signature calculation using a CRC calculation with a constant or changing seed. A new seed might also be provided for each transfer. The master MCU 20 itself either knows the expected signature (by having pre-calculated expected signatures available in memory) or calculates them 'on the fly' from the expected status in a single shot operation (by using a single shot calculation for the signature, the calculation does not need to be scheduled for a certain point in time or be distributed over a longer period).
The invention may for example be used in mixed signal systems where an MCU is used to control a companion chip as a linked device, i.e. Airbag, Braking systems and others. These safety relevant systems require a tight operation coupling with minimum status synchronisation and surveillance overhead. However it can be used likewise for synchronising any other devices, for example, multiple MCU's or multicore systems.
Determination of the operational status information may also be called distributed operation surveillance (of the system as a whole), which is used to ensure correct operational coupling of the linked devices. In the foregoing specification, the invention has been described with reference to specific examples of embodiments of the invention. It will, however, be evident that various modifications and changes may be made therein without departing from the broader spirit and scope of the invention as set forth in the appended claims. For instance, whilst the above has been described in terms of a remote mixed signal device, having both analog and digital portions, it would be apparent to the skilled person that any distributed system may benefit from the teachings of the present invention, such as an all digital system of multiple processors located at different ends of low bandwidth communication links. In the foregoing, low bandwidth links are to be construed as meaning communication links that are insufficient in size to carry all the uncompressed data. Also, for instance, the connections may be an type of connection suitable to transfer signals from or to the respective nodes, units or devices, for example via intermediate devices. Accordingly, unless implied or stated otherwise the connections may for example be direct connections or indirect connections. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word 'comprising' does not exclude the presence of other elements or steps then those listed in a claim. Furthermore, the words 'a' and 'an' shall not be construed as limited to 'only one', but instead are used to mean 'at least one', and do not exclude a plurality. The mere fact that certain measures are recited in mutually different claims does not indicate that a combination of these measures cannot be used to advantage.

Claims

Claims
1. A mixed signal device (100) for use in a distributed system (1 ) of independent and interoperating devices, comprising: at least one analog module (40), wherein the mixed signal device (100) is operable to provide operational status information about the at least one analog module (40); characterised in that the mixed signal device (100) further comprises: an operational status compression unit (70) for compressing the operational status information prior to sending to another device (20) in the distributed system (1 ) of independent and interoperating devices.
2. The mixed signal device (100) of claim 1 , wherein the mixed signal device (100) further comprises a communication interface (30) coupled to the operational status compression unit (70) for coupling to other devices (20) in the distributed system (1 ) via a communications link (25).
3. The mixed signal device (100) of claim 1 or 2, wherein the mixed signal device (100) comprises more than one analog module (40), and the mixed signal device (100) is operable to provide operational status information on each of the analog modules (40).
4. The mixed signal device (100) of claim 3, wherein the mixed signal device (100) further comprises a multiplexer (60) to multiplex operational status information about each analog module (40) to the operational status compression unit (70).
5. The mixed signal device (100) of any preceding claim, wherein the mixed signal device (100) further comprises a bypass unit (80) operable to provide uncompressed operational status information to another device (20) within the distributed system (1 ) on request of said other device (20), over a communications link (25).
6. The mixed signal device (100) of any preceding claim, wherein the mixed signal device (100) further comprises a comparison circuit (90) operable to compare an operational status information received from another device within the distributed system (1 ) against an expected pre-calculated operational status information.
7. The mixed signal device (100) of claim 6, wherein the comparison circuit (90) further comprises a memory for storing expected pre-calculated operational status information.
8. The mixed signal device (100) of claim 6, wherein the comparison circuit (90) further comprises processing means for pre-calculating expected operational status information prior to comparison with an operational status information received from another device within the distributed system (1 ).
9. The mixed signal device (100) of any preceding claim, wherein the communications links (25) between devices are low bandwidth links.
10. The mixed signal device (100) of claim 9, wherein the communications links (25) are Serial Peripheral Interface (SPI) links.
11. The mixed signal device of claim 9 or 10, wherein operational status information is sent to another one of the devices (20) in the distributed system (1 ) only upon request by said other one of the devices (20).
12. The mixed signal device (100) of any of claims 1 to 8, wherein the communications links (25) between devices are high bandwidth links.
13. The mixed signal device (100) of claim 12, wherein operational status information is sent to another one of the devices (20) in the distributed system (1 ) continuously.
14. The mixed signal device (100) of claims 12 or 13, wherein the communications links (25) are according to a Flexray standard.
15. The mixed signal device (100) of any of claims 1 to 14, wherein the operational status compression unit (70) comprises a processor and a memory containing instructions for execution by the processor to carry out the operation of an operational status compression unit (70).
16. The mixed signal device (100) of claim 15, wherein the memory is a programmable memory, and wherein the instructions are updateable in operation.
17. The mixed signal device (100) of claim 15, wherein the memory is a programmable memory, and wherein the instructions include pre-calculated expected compressed operational status information.
18. The mixed signal device (100) of any preceding claim, wherein the operational status compression unit (70) is a signature calculating unit (70) operable to produce a compacted signature indicative of the operational status information.
19. The mixed signal device (100) of claim 18, wherein the signature calculating unit (70) is a Cyclic Redundancy Check signature calculating unit.
20. The mixed signal device(100) of claim 18 or 19, further comprising a seed generator for generating a seed for use in generating the compacted signature.
21. The mixed signal device (100) of any preceding claim, wherein the at least one analog module (40) comprises one of: a power module; an actuator module; and an air bag squib detonator.
22. A distributed system (1 ) comprising an MCU (20) and at least one mixed signal device (100) according to any of claims 1 to 21 , wherein the mixed signal device (100) is under the control of the MCU (20).
23. A method of securing operational status information of a distributed system (1 ) having at least two independent and interoperating devices (20) linked together by a communications link (25), at least one of the interoperating devices being a mixed signal device (100) having an analog module (40), the method comprising: providing operational status information about the analog module (40); compressing the operational status information within an operational status compression unit (70) of the mixed signal device (100); and sending the compressed operational status information to another one of the interoperating devices.
24. The method of claim 23, further comprising comparing the compressed operational status information with a pre-calculated expected compressed operational status information in the another one of the interoperating devices (20).
25. The method of claim 24, wherein the pre-calculated expected compressed operational status information is stored in a memory within the another one of the interoperating devices (20).
26. The method of claim 24, wherein the pre-calculated expected compressed operational status information is pre-calculated in a processor within the another one of the interoperating devices prior to the comparison.
27. The method of any of claims 23 to 26, further comprising : the another one of the interoperating devices requesting uncompressed operational status information from the interoperating device that sent the compressed operational status information when the comparison shows the pre- calculated expected compressed operational status information is different to the received compressed operational status information.
28. The method of claim 27, further comprising bypassing the operational status compression unit (70) to provide the requested uncompressed operational status information.
29. The method of any of claims 23 to 28, wherein the interoperating device (100) having an analog module (40) has more than one analog module (40), and the method further comprises multiplexing the operational status information of a selected one of the analog modules (40, 41 ) to the operational status compression unit (70).
30. The method of any of claims 23 to 29, further comprising: receiving compressed operational status information from another one of the interoperating devices in the distributed system (1 ); and comparing the received compressed operational status information in a comparison circuit (90), to cross check operation of the another one of the interoperating devices and provide indicia on the valid operating state of the system (1 ) as a whole.
31. The method of any of claims 23 to 30, wherein the communications link (25) is low bandwidth, and the compressed operational status information is only sent to another one of the interoperating devices upon request of the said another one of the interoperating devices.
32. The method of any of claims 23 to 30, wherein the communications link (25) is high bandwidth, and the compressed operational status information is sent to another one of the interoperating devices continuously.
33. The method of any of claims 23 to 32, wherein the compressing step includes generating a signature unique to the determined operational status information.
34. A computer program product loadable in a memory of a programmable device, which computer program product includes program code portions for executing steps of a method as claimed in any one of claims 23-33 when run by said programmable device.
35. An apparatus including a device as claimed in any one of claims 1 -21 or a system as claimed in claim 22.
PCT/IB2007/051545 2007-04-26 2007-04-26 Mixed signal device for use in a distributed system Ceased WO2008132554A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2007/051545 WO2008132554A1 (en) 2007-04-26 2007-04-26 Mixed signal device for use in a distributed system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2007/051545 WO2008132554A1 (en) 2007-04-26 2007-04-26 Mixed signal device for use in a distributed system

Publications (1)

Publication Number Publication Date
WO2008132554A1 true WO2008132554A1 (en) 2008-11-06

Family

ID=39099645

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/051545 Ceased WO2008132554A1 (en) 2007-04-26 2007-04-26 Mixed signal device for use in a distributed system

Country Status (1)

Country Link
WO (1) WO2008132554A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19541816A1 (en) * 1994-11-09 1996-05-15 Fuji Heavy Ind Ltd Diagnostic system for a motor vehicle
WO2003016856A2 (en) * 2001-08-17 2003-02-27 Daimlerchrysler Ag Communication method and communication module
DE10235525A1 (en) * 2001-09-10 2003-04-10 Daimler Chrysler Ag Monitoring of the state of a motor vehicle using machine learning and data mining technology to generate component models that are then used to monitor components, predict failure, etc., such analysis being useful for repair, etc.

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19541816A1 (en) * 1994-11-09 1996-05-15 Fuji Heavy Ind Ltd Diagnostic system for a motor vehicle
WO2003016856A2 (en) * 2001-08-17 2003-02-27 Daimlerchrysler Ag Communication method and communication module
DE10235525A1 (en) * 2001-09-10 2003-04-10 Daimler Chrysler Ag Monitoring of the state of a motor vehicle using machine learning and data mining technology to generate component models that are then used to monitor components, predict failure, etc., such analysis being useful for repair, etc.

Similar Documents

Publication Publication Date Title
US8421587B2 (en) Diagnosis for mixed signal device for use in a distributed system
US10486630B2 (en) Integrated circuit in a control unit, and a control unit for activating a passenger protection arrangement
CN103959718B (en) Transmission message generating device and vehicle on-board transmission system
CN104779967B (en) Transceiver integrated circuit equipment and its operating method
CN112817617A (en) Software upgrading method, device and system
CA3069995C (en) Configurable management system for a vehicle and method of use
JP7176488B2 (en) Data storage device and data storage program
EP3872635A1 (en) In-vehicle equipment controller and vehicle control system
KR101722517B1 (en) Method for the operation of a microcontroller and an execution unit and a microcontroller and an execution unit
KR20160037939A (en) Method and electronic circuit assembly for the redundant signal processing of a safety-relevant application, motor vehicle brake system, motor vehicle having said motor vehicle brake system, and use of such an electronic circuit assembly
EP2789127B1 (en) Self-learning automotive data logger identifying automotive messages transmitted over a can bus connecting automotive electronic control units
US12526150B2 (en) Data storage device, data storage method, and non-transitory computer readable storage medium
WO2008132554A1 (en) Mixed signal device for use in a distributed system
KR101937407B1 (en) Apparatus and method for monitoring Microcontroller Unit
JP7471756B2 (en) Vehicle Systems
US20090187605A1 (en) Vehicle Control Apparatus
CN114126929B (en) Controller and method for activating a passenger protection device of a vehicle
US12034565B2 (en) Vehicle control system and circuit device
WO2020053034A1 (en) A vehicle safety system and a method of controlling a vehicle safety system
US20220402516A1 (en) Control device for a vehicle and reset method for such a control device
JP6979630B2 (en) Monitoring equipment, monitoring methods and programs
KR20150007732A (en) Watchdog system and watchdog control method
CN104176002A (en) Method and system for detecting whether modules of vehicle are replaced or not
EP4231595A1 (en) Relay device, communication network system, and communication control method
US20050165529A1 (en) Short-circuit detecting circuit device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07735664

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07735664

Country of ref document: EP

Kind code of ref document: A1