Method for ensuring or maintaining the function of a complex complete safety-critical system
First Claim
1. A method for safeguarding or maintaining an operation of a complex safety-critical overall vehicle regulatory and/or control system in the event of the occurrence of an error, malfunction or other event which influence the availability of subfunctions,in which the overall vehicle system is divided into system components on the basis of the findings of an error source analysis, in which modes of operation are also defined for the individual system components, and also, in the event of the occurrence of errors or events in the overall system, the error sources are analyzed and those methods of operation which are affected by the errors or events which have occurred are ascertained, andwherein, on the basis of the error source analysis and according to the stipulations of a selection system, those modes of operation of the individual system components which are not affected by the errors or events, are taken and those which, in view of the errors or events which have occurred, ensure an optimum or prescribed response from the overall system or at least the maintenance of the operation of the overall system are selected,wherein the definition of the errors or events of system components involves at least classification into:
- (i) only intermittently occurring errors or events which cause intermittent disconnection or restriction of the overall vehicle system and/or of a subfunction, and (ii) errors or events which cause ultimate disconnection or restriction of the overall vehicle system and/or of a subfunction,wherein a first error analysis step involves final errors being taken into account in the system component selection, and a further error analysis step involves intermittently occurring errors being additionally taken into account.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, the use thereof and a computer program product for maintaining the operation of a safety-critical overall vehicle regulatory and/or control system in the event of the occurrence of errors, in which the overall system is divided into system components on the basis of the findings of an error source analysis, in which modes of operation are also defined for the individual system components, and also, in the event of the occurrence of errors in the overall system, the error sources including the signals are analyzed and those methods of operation which are affected by the errors or signals which have occurred are ascertained, wherein on the basis of the error source analysis, those modes of operation of the individual system components which are not affected by the errors are taken and those which ensure an optimum or prescribed response from the overall system are selected.
-
Citations
12 Claims
-
1. A method for safeguarding or maintaining an operation of a complex safety-critical overall vehicle regulatory and/or control system in the event of the occurrence of an error, malfunction or other event which influence the availability of subfunctions,
in which the overall vehicle system is divided into system components on the basis of the findings of an error source analysis, in which modes of operation are also defined for the individual system components, and also, in the event of the occurrence of errors or events in the overall system, the error sources are analyzed and those methods of operation which are affected by the errors or events which have occurred are ascertained, and wherein, on the basis of the error source analysis and according to the stipulations of a selection system, those modes of operation of the individual system components which are not affected by the errors or events, are taken and those which, in view of the errors or events which have occurred, ensure an optimum or prescribed response from the overall system or at least the maintenance of the operation of the overall system are selected, wherein the definition of the errors or events of system components involves at least classification into: - (i) only intermittently occurring errors or events which cause intermittent disconnection or restriction of the overall vehicle system and/or of a subfunction, and (ii) errors or events which cause ultimate disconnection or restriction of the overall vehicle system and/or of a subfunction,
wherein a first error analysis step involves final errors being taken into account in the system component selection, and a further error analysis step involves intermittently occurring errors being additionally taken into account. - View Dependent Claims (2, 3, 4, 5, 6)
- (i) only intermittently occurring errors or events which cause intermittent disconnection or restriction of the overall vehicle system and/or of a subfunction, and (ii) errors or events which cause ultimate disconnection or restriction of the overall vehicle system and/or of a subfunction,
-
7. A method for safeguarding or maintaining an operation of a complex safety-critical overall vehicle regulatory and/or control system in the event of the occurrence of an error, malfunction or other event which influence the availability of subfunctions,
in which the overall vehicle system is divided into system components on the basis of the findings of an error source analysis, in which modes of operation are also defined for the individual system components, and also, in the event of the occurrence of errors or events in the overall system, the error sources are analyzed and those methods of operation which are affected by the errors or events which have occurred are ascertained, and wherein, on the basis of the error source analysis and according to the stipulations of a selection system, those modes of operation of the individual system components which are not affected by the errors or events, are taken and those which, in view of the errors or events which have occurred, ensure an optimum or prescribed response from the overall system or at least the maintenance of the operation of the overall system are selected, wherein the definition of the errors or events of system components involves at least classification into: - (i) only intermittently occurring errors or events which cause intermittent disconnection or restriction of the overall vehicle system and/or of a subfunction, and (ii) errors or events which cause ultimate disconnection or restriction of the overall vehicle system and/or of a subfunction,
wherein operating states of external controllers are treated as events, so that said events can also be taken into account in the error analysis. - View Dependent Claims (8, 9, 10, 11, 12)
- (i) only intermittently occurring errors or events which cause intermittent disconnection or restriction of the overall vehicle system and/or of a subfunction, and (ii) errors or events which cause ultimate disconnection or restriction of the overall vehicle system and/or of a subfunction,
Specification