Apparatus and method for the protection and for the non-destructive testing of safety-relevant registers

US 8,914,682 B2
Filed: 09/04/2012
Issued: 12/16/2014
Est. Priority Date: 09/01/2011
Status: Active Grant

First Claim

Patent Images

1. A method for a test of safety registers of an electronic control system which comprises a number of modules and is configured to trigger a safety function under given conditions, comprising:

associating a test controller with each of the number of modules, respectively;

in safety registers to be tested, storing test data in encapsulated assignments in order to invert the original values in a redundant or duplicated safety register and thereby trigger predefined safety functions; and

detecting an occurrence of an error in one of the safety registers in each operating phase of the control system via the associated test controllers that are provided in each module which comprises such safety registers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention enables a safety management of safety measures as well as the non-destructive testing of safety-relevant registers which are required for the configuration of a system, wherein the test method according to the invention can be carried out during each operating phase of a system to be tested.

13 Citations

View as Search Results

20 Claims

1. A method for a test of safety registers of an electronic control system which comprises a number of modules and is configured to trigger a safety function under given conditions, comprising:
- associating a test controller with each of the number of modules, respectively;
  
  in safety registers to be tested, storing test data in encapsulated assignments in order to invert the original values in a redundant or duplicated safety register and thereby trigger predefined safety functions; and
  
  detecting an occurrence of an error in one of the safety registers in each operating phase of the control system via the associated test controllers that are provided in each module which comprises such safety registers.
- View Dependent Claims (2, 3, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising changing a data content of a safety register at least once to simulate conditions for a triggering of a safety function of the control system in order to check whether the safety function of the control system is triggered according to the given conditions.
  - 3. The method according to claim 1, further comprising:
    - storing an original value of a safety register in one or several redundant or duplicated safety registers prior to beginning of the test; and
      
      changing a data content of a redundant or duplicated safety register at least once to simulate conditions for the triggering of a safety function of the control system in order to check whether the safety function of the control system is triggered according to the given conditions.
  - 5. The method according to claim 3, further comprising:
    - performing a test by means of a read function from two redundant or duplicated safety registers; and
      
      sending back a corrected majority read value to the test controller of the respective module in order to restore the original data content of the tested safety register with correction protection.
  - 6. The method according to claim 1, wherein a read value of the safety register to be tested is assigned to an original signal that represents the data content of the respective safety register before the test.
  - 7. The method according to claim 1, further comprising, in safety registers to be tested, generating a read function for triplication with two redundant or duplicated safety registers to return a corrected majority read value to the test controller.
  - 8. The method according to claim 1, further comprising detecting an error in one of the tested safety registers by means of an alarm function when there are any differences between the data contents of the tested safety register and its redundant or duplicated register and/or when these do not correspond to a current test state.
  - 9. The method according to claim 1, further comprising providing write functions that, based on the test procedure, assign data values with or without inversion to the safety register to be tested and to a redundant or duplicated register associated therewith so that at certain points in time all bits of the safety register to be tested and of its associated redundant or duplicated register are either identical or different.

4. A method for a test of safety registers of an electronic control system which comprises a number of modules and is configured to trigger a safety function under given conditions, comprising:
- associating a test controller with each of the number of modules, respectively;
  
  storing an original value of a safety register in a redundant or duplicated safety registers prior to beginning of the test;
  
  changing a data content of the redundant or duplicated safety register at least once to simulate conditions for the triggering of a safety function of the control system in order to check whether the safety function of the control system is triggered according to the given conditions;
  
  detecting an occurrence of an error in one of the safety registers in each operating phase of the control system via the associated test controllers that are provided in each module which comprises the one of the safety registers; and
  
  writing back a data content that is written back from the redundant or duplicated register to the tested safety register after the test in order to restore original data content of the tested safety register.

10. An apparatus comprising:
- a memory configured to store executable instructions; and
  
  a number of modules comprising safety registers and at least one test controller, coupled to the memory, configured to facilitate execution of the executable instructions to perform operations to at least;
  
  compare a generated or incoming indication for triggering of a safety function, via a test control logic, with an expected indication for a triggering of a safety function;
  
  generate global test alarm and alarm signals that are forwarded to a safety management unit; and
  
  detect an occurrence of an error in one of the safety registers in each operating phase of the control system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The apparatus according to claim 10, wherein at least one module comprises a multiple redundancy of at least one of the safety registers to be tested by a corresponding number of redundant or duplicated registers therein with or without negation.
  - 12. The apparatus according to claim 11, wherein in the at least one module is configured to employ a redundant safety register of the number of redundant or duplicated registers, and wherein the at least one of the safety registers to be tested and the redundant safety register are of a same type.
  - 13. The apparatus according to claim 10, wherein the test controller in each module is configured to generate and supply test data that is input simultaneously into the safety registers to be tested.
  - 14. The apparatus according claim 10, wherein the at least one test controller is further configured to facilitate execution of the executable instructions to perform operations to at least:
    - in safety registers to be tested, store test data in encapsulated assignments in order to invert original values in a redundant or duplicated safety register and trigger predefined safety functions.
  - 15. The apparatus according to claim 10, wherein the safety registers are configured as configuration or universal registers of relevant system components, critical internal registers, finite state machines and/or counters.
  - 16. The apparatus according to claim 10, wherein the alarm signals are generated asynchronously.
  - 17. The apparatus according to claim 11, wherein the at least one of the safety registers is tested by inverting the at least one of the safety registers and the number of redundant or duplicated registers.
  - 18. The apparatus according to claim 10, wherein the at least one test controller is further configured to facilitate execution of the executable instructions to perform operations to at least:
    - assign redundant or duplicate registers to the safety registers in response to a mask at a bit position of test data.
  - 19. The apparatus according to claim 10, wherein the at least one test controller is further configured to facilitate execution of the executable instructions to perform operations to at least:
    - restrict a test assignment to an original register by a masking.
  - 20. The apparatus according to claim 10, wherein the alarm signals that are forwarded to a safety management unit include a mask position of a test data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Inventors
Busch, Holger
Primary Examiner(s)
PATEL, KAMINI B

Application Number

US13/602,357
Publication Number

US 20130061094A1
Time in Patent Office

833 Days
Field of Search

714/41
US Class Current

714/41
CPC Class Codes

G06F 11/2215 to test error correction or...

Apparatus and method for the protection and for the non-destructive testing of safety-relevant registers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for the protection and for the non-destructive testing of safety-relevant registers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links