Technique of monitoring abnormality in plurality of CPUs or controllers
First Claim
Patent Images
1. A control system that carries out arithmetic and logic operations to control an object, said control system comprising:
- a plurality of controllers that are connected with one another and include a first controller and a second controller to control operation of said object, said first controller comprising a first reset execution unit that carries out a first reset event, which resets a circuit configuration of a predetermined range including said second controller in response to input of a reset signal, said second controller comprising a second reset execution unit that does not output the reset signal to said first controller in response to the reset of said second controller by the first reset event, and outputs the reset signal to said first controller in response to detection of abnormality arising in said first controller.
1 Assignment
0 Petitions
Accused Products
Abstract
The technique of the present invention prevents endless circulation of reset operations of CPUs in a control system including a plurality of CPUs that mutually monitor the opposite CPUs. The plurality of CPUs, which are connected with one another and include a first CPU (272) and a second CPU (262), are utilize to control operations of prime movers. The first CPU (272) has a first reset execution unit that carries out a first reset event, which resets a circuit configuration of a predetermined range including the second CPU (262) in response to input of a reset signal. The second CPU (262) has a second reset execution unit that does not output the reset signal to the first CPU (272) in response to the reset of the second CPU (262) by the first reset event but outputs the reset signal to the first CPU (272) in response to detection of abnormality arising in the first CPU (272).
59 Citations
26 Claims
-
1. A control system that carries out arithmetic and logic operations to control an object, said control system comprising:
-
a plurality of controllers that are connected with one another and include a first controller and a second controller to control operation of said object, said first controller comprising a first reset execution unit that carries out a first reset event, which resets a circuit configuration of a predetermined range including said second controller in response to input of a reset signal, said second controller comprising a second reset execution unit that does not output the reset signal to said first controller in response to the reset of said second controller by the first reset event, and outputs the reset signal to said first controller in response to detection of abnormality arising in said first controller. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
said control system comprising a monitoring circuit that monitors abnormality in said first controller and transmits a reset signal to said first controller in response to detection of abnormality arising in said first controller, said control system carrying out a reset test at a time of starting said moving object, the reset test checking whether or not a reset operation of said first controller by means of said second controller and a reset operation of said first controller by said monitoring circuit are performed normally. -
6. A control system in accordance with claim 1, said control system further comprising a reset record registration unit that is connected to one of said plurality of controllers and stores results of said reset test registered therein.
-
7. A control system in accordance with claim 6, wherein said reset record registration unit detects and stores generation of at least part of a plurality of reset signals transmitted to said plurality of controllers in the course of the reset test.
-
8. A control system in accordance with claim 7, said control system being mounted on a moving object with a prime mover,
wherein said reset record registration unit detects and stores generation of at least part of the plurality of reset signals during a drive of said moving object after the reset test.
-
-
9. A method of controlling an object with a plurality of controllers that are connected with one another and include a first controller and a second controller, said method comprising the steps of:
-
(a) carrying out a first reset event, which resets a circuit configuration of a predetermined range including said second controller in response to input of a reset signal into said first controller; and
(b) outputting the reset signal to said first controller when said second controller detects abnormality arising in said first controller, wherein said second controller does not output the reset signal to said first controller in response to the reset of said second controller in said step (a).
-
-
10. A moving object with a prime mover, said moving object comprising a control system, which has a plurality of controllers that are connected with one another and include a first controller and a second controller to control operation of said moving object,
said first controller comprising a first reset execution unit that carries out a first reset event, which resets a circuit configuration of a predetermined range including said second controller in response to input of a reset signal, said second controller comprising a second reset execution unit that does not output the reset signal to said first controller in response to the reset of said second controller by the first reset event, and outputs the reset signal to said first controller in response to detection of abnormality arising in said first controller.
-
11. A method of detecting a processing error arising in any of at least two controllers included in a control system, each of said at least two controllers comprising an arithmetic logic operation unit that follows a specific program and carrying out predetermined processing according to the specific program, said method comprising the steps of:
-
separating a first process from a second process, the first process causing a controller of interest, which executes the predetermined processing, to verify the validity of the predetermined processing based on a result of the predetermined processing, the second process causing another controller, which is different from said controller of interest, to verify the validity of the predetermined processing carried out by said controller of interest;
carrying out the first process in which said controller of interest verifies the validity of the predetermined processing; and
carrying out the second process in which said another controller receives the result of the predetermined processing carried out by said controller of interest and verifies the validity of the predetermined processing. - View Dependent Claims (12, 13, 14, 15, 16, 17)
in the second process, said another controller causes said arithmetic logic operation unit included in said another controller to perform an operation and thereby verify the validity of the operation executed in said controller of interest. -
13. A method in accordance with claim 11, wherein the first process specifies a range of a result obtained by the first process and thereby verifies the validity of the predetermined processing.
-
14. A method in accordance with claim 11, wherein the second process causes said another controller to check results of arithmetic logic operations including a predetermined fundamental operation with regard to a predetermined value and thereby verifies the validity of the predetermined processing.
-
15. A method in accordance with claim 11, wherein each of said at least two controllers is mounted on a moving object with a prime mover, and the first process is at least part of a control process that controls an apparatus including said engine of said moving object.
-
16. A method in accordance with claim 15, wherein said at least two controllers are any of an engine controller that controls said engine, a motor controller that controls a motor, which outputs power required for said moving object in cooperation with said engine, a battery controller that regulates a battery, which supplies electric power to said motor, and a brake controller that regulates a braking force of said moving object.
-
17. A method in accordance with claim 11, wherein each of said at least two controllers transmits and receives a result of the second process via serial communication.
-
-
18. A control system comprising at least two controllers, each of said at least two controllers comprising an arithmetic logic operation unit that follows a specific program and carrying out predetermined processing according to the specific program,
each of said at least two controllers comprising: -
a first verification unit that stores and carries out a first process, the first process causing a controller of interest, which executes the predetermined processing, to verify the validity of the predetermined processing based on a result of the predetermined processing; and
a second verification unit that stores a second process and receives a result of the second process from another controller, which is different from said controller of interest, the second process causing said another controller to verify the validity of the predetermined processing carried out by said controller of interest. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
said first verification unit and said second verification unit verify the validity of the predetermined processing carried out by said each controller. -
20. A control system in accordance with claim 18, wherein said second verification unit verifies the validity of an operation of an arithmetic logic operation unit included in said controller of interest, and
said second verification unit comprises: -
an operation result input unit that receives a result of the operation performed by said controller of interest; and
a verification unit that causes an arithmetic logic operation unit included in said another controller to perform the operation and thereby verify the validity of the input result of the operation.
-
-
21. A control system in accordance with claim 18, wherein said first verification unit specifies a range of a result obtained by the first process and thereby verifies the validity of the predetermined processing.
-
22. A control system in accordance with claim 18, wherein said second verification unit receives results of arithmetic logic operations including a predetermined fundamental operation with regard to a predetermined value and verifies the validity of the predetermined processing based on the input results.
-
23. A control system in accordance with claim 18, wherein each of said at least two controllers is mounted on a moving object with a prime mover, and said first verification unit carries out the verification for at least part of a control process that controls an apparatus including said engine of said moving object.
-
24. A control system in accordance with claim 23, wherein said at least two controllers are any of an engine controller that controls said engine, a motor controller that controls a motor, which outputs power required for said moving object in cooperation with said engine, a battery controller that regulates a battery, which supplies electric power to said motor, and a brake controller that regulates a braking force of said moving object.
-
25. A control system in accordance with claim 18, wherein each of said at least two controllers comprises a communication unit that transmits and receives data by serial communication, and
said each controller receives a result of the second process verified by said second verification unit and transmitted via said communication unit. -
26. A control system in accordance with claim 18, wherein each of said at least two controllers is a one-chip microcomputer including a CPU.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeToyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
-
Original AssigneeToyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
-
InventorsNada, Mitsuhiro, Matsumoto, Shinichi
-
Primary Examiner(s)PATEL, RAMESH B
-
Application NumberUS09/809,277Publication NumberTime in Patent Office984 DaysField of Search700/19, 700/20-23, 700/2-5, 700/39, 700/40, 700/78-79, 714/11, 714/12, 714/23, 290/40.C, 701/22, 701/29, 701/34, 701/70, 701/89, 180/65.2, 180/243US Class Current700/19CPC Class CodesB60G 2600/084 Supervisory systemsB60G 2600/086 Redundant systemsB60K 1/02 comprising more than one el...B60K 6/365 with the gears having orbit...B60K 6/445 Differential gearing distri...B60K 6/547 the transmission being a st...B60L 2240/421 SpeedB60W 10/06 including control of combus...B60W 10/08 including control of electr...B60W 20/00 Control systems specially a...B60W 20/11 using model predictive cont...B60W 2050/0004 In digital systems, e.g. di...B60W 2050/0006 Digital architecture hierarchyB60W 2510/081 SpeedB60W 2510/244 Charge stateB60W 50/02 Ensuring safety in case of ...B60W 50/04 Monitoring the functioning ...G05B 19/0428 Safety, monitoring G05B19/0...G05B 2219/24015 MonitoringG05B 2219/24024 Safety, surveillanceView All
