CN115421952A - Method, system, electronic device and storage medium for preventing automobile software system from crashing - Google Patents

Method, system, electronic device and storage medium for preventing automobile software system from crashing Download PDF

Info

Publication number
CN115421952A
CN115421952A CN202211037910.8A CN202211037910A CN115421952A CN 115421952 A CN115421952 A CN 115421952A CN 202211037910 A CN202211037910 A CN 202211037910A CN 115421952 A CN115421952 A CN 115421952A
Authority
CN
China
Prior art keywords
software
bootloader
minimum
main
minimum system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211037910.8A
Other languages
Chinese (zh)
Inventor
高泽军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Changan Automobile Co Ltd
Original Assignee
Chongqing Changan Automobile Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Changan Automobile Co Ltd filed Critical Chongqing Changan Automobile Co Ltd
Priority to CN202211037910.8A priority Critical patent/CN115421952A/en
Publication of CN115421952A publication Critical patent/CN115421952A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0736Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function
    • G06F11/0739Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function in a data processing system embedded in automotive or aircraft systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0793Remedial or corrective actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1438Restarting or rejuvenating

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a method, a system, electronic equipment and a storage medium for preventing a vehicle software system from crashing, wherein the method comprises the following steps: dividing a special partition in a storage medium of a main board of an automobile host controller, and storing a minimum system in the special partition, wherein the minimum system has an upgrading function; acquiring the state of a main system, including normal operation and breakdown, if the state of the main system is the breakdown, restarting the system to enter a bootloader, wherein the bootloader is provided with a setting mechanism; and determining the state of the minimum system to comprise starting or non-starting according to the setting mechanism, and if the minimum system is started, updating the main system and the related software by the minimum system, so that in the presence of the minimum system, engineers can update the main system and the related software with stable versions, the system can be backed without the host computer being halted or the whole machine is not required to be disassembled, and the effect of preventing halt is achieved.

Description

Method, system, electronic device and storage medium for preventing automobile software system from crashing
Technical Field
The application relates to the technical field of automobile software, in particular to a method, a system, electronic equipment and a storage medium for preventing an automobile software system from being crashed.
Background
Software defined automotive is the transformation and development trend of new-age automobiles, and automobile definition software does not determine hardware by software, but defines hardware by knowing user requirements, defines software by requirements, and defines a set of mechanisms of hardware by software, wherein the hardware adversely affects the software.
Software is very important in an automobile, functions of software integrated in the automobile are more and more, the software is more and more complex, updating iteration of the software is more and more frequent, the software determines the intelligent degree of the automobile and the safety condition of the automobile, and therefore the stability of the software in the automobile is particularly important.
When a software system of an automobile host is debugged, particularly when software is used or upgraded, the software system is easy to cause pollution or upgrade failure during use or upgrade, so that the system crashes and crashes, namely, a series of problems or bugs affect the stability and the safety of the automobile host.
Disclosure of Invention
In view of the above-mentioned shortcomings of the prior art, the present invention provides a solution to the above-mentioned technical problems.
The method, the system, the electronic equipment and the storage medium for preventing the crash of the automobile software system provided by the invention can be used for avoiding the crash and the crash of the system caused by the pollution or the upgrade failure brought by the use or the upgrade of an automobile host, so that the main system and the related software with stable versions can be updated through the setting of a stable minimum system, and the system can be returned without the crash of the host or the disassembly of the whole machine.
In a first aspect, the present application provides a method for preventing a crash of an automotive software system, comprising:
dividing a special partition in a storage medium of a main board of an automobile host controller, and storing a minimum system in the special partition, wherein the minimum system has an upgrading function;
acquiring the state of a main system, including normal operation and breakdown, if the state of the main system is the breakdown, restarting the system to enter a bootloader, wherein the bootloader is provided with a setting mechanism;
and determining the state of the minimum system to comprise starting or non-starting according to the setting mechanism, and if the minimum system is started, updating the main system and the related software by the minimum system.
In an embodiment of the present invention, the acquiring the state of the host system includes normal operation and crash, including:
setting a watchdog program in the main system, wherein a code corresponding to the watchdog program is in watchdog.c;
the method comprises the steps that a main system sets a watchdog kernel process, and the watchdog kernel process periodically updates a first variable;
and a checking mechanism is arranged in the watchdog kernel process, wherein the checking period of the checking mechanism is the same as the updating period of the first variable, the updating state of the first variable is determined according to the checking mechanism, and if the number of times that the first variable is not updated reaches a set value, the state of the main system is broken down.
In an embodiment of the present invention, the determining the state of the minimum system according to the setting mechanism includes starting or not starting, including:
the bootloader receives and identifies control signals of a hardware mechanism and a software mechanism;
and determining the state of the bootloader total control signal by receiving the states of the control signals of the hardware mechanism and the software mechanism, and if any one of the control signals of the hardware mechanism and the software mechanism is a response or both the control signals of the hardware mechanism and the software mechanism are responses, determining the total control signal as a response by the bootloader, and starting a minimum system.
In an embodiment of the present invention, the bootloader receiving and recognizing the control signal of the hardware mechanism and the software mechanism includes:
the bootloader monitors the level state of the hardware pin to comprise a low level and a high level;
the bootloader sets a pin level state corresponding to a minimum system to be started;
and if the monitored hardware pin level state is consistent with the pin level state corresponding to the system with the minimum starting value, outputting a control signal of the hardware as a response.
In an embodiment of the present invention, the receiving and recognizing the control signal of the hardware mechanism and the software mechanism by the bootloader includes:
dividing a mark storage partition and other partitions in a storage medium of the main board of the automobile host controller, and respectively storing mark bits through the mark storage partition and the other partitions;
the flag bit states corresponding to the bootloader monitoring flag storage partition and the rest partitions comprise response and non-response;
if any one of the flag bit states of the bootloader monitoring flag storage partition and the rest partitions is a response or both are corresponding, the bootloader determines that the total control signal is a response, and starts a minimum system
In an embodiment of the present invention, the minimum system updates the main system and the related software, including:
popping up a minimum system operation panel, and displaying an updating module on the operation panel;
clicking a display updating module on an operation panel, wherein the clicking mode comprises mouse clicking and key clicking, and selecting a main system version and a software version required by updating;
and after the updating is finished, the minimum system controls the main controller of the automobile to restart, the minimum system automatically exits, and the main system starts.
In an embodiment of the present invention, the selecting a version of a main system and a version of software required for updating includes:
selecting a main system version and a software version upgrade, wherein the main system version does not include a minimum system upgrade, and the main system upgrade and the software version upgrade include contents of a main system partition and an application software partition.
In a second aspect, the present application provides a system for preventing a complete crash of an automotive software system, comprising:
the system comprises a minimum system storage module, a storage module and a control module, wherein the minimum system storage module is used for dividing a special partition in a storage medium of a main board of an automobile host controller and storing a minimum system in the special partition, and the minimum system has an upgrading function;
the system comprises a main system judgment module, a bootloader module and a bootloader module, wherein the main system judgment module is used for acquiring the state of a main system, including normal operation and breakdown, and restarting the system to enter the bootloader if the state of the main system is the breakdown, wherein the bootloader module is provided with a setting mechanism;
and the minimum system starting module is used for determining the state of the minimum system to comprise starting or non-starting according to the setting mechanism, and if the minimum system is started, the minimum system updates the main system and the related software.
In a third aspect, the present application provides an electronic device comprising one or more processors;
a storage device for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement the method for preventing a crash of an automotive software system.
In a fourth aspect, the present application provides a computer-readable storage medium having stored thereon a computer program, which, when executed by a processor of a computer, causes the computer to perform the method of preventing a crash of an automotive software system.
The invention has the beneficial effects that: the method comprises the steps of firstly dividing a special partition in a storage medium of a main board of an automobile host controller, and storing a minimum system in the special partition, wherein the minimum system has an upgrading function; then, acquiring the state of the main system, including normal operation and breakdown, if the state of the main system is breakdown, restarting the system to enter a bootloader, wherein the bootloader is provided with a setting mechanism; and then determining the state of the minimum system to comprise starting or non-starting according to the setting mechanism, and if the minimum system is started, updating the main system and the related software by the minimum system, so that in the presence of the minimum system, an engineer can update the main system and the related software with a stable version, the system can be backed without halting or disassembling the whole machine, and the effect of preventing the halting is realized.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be derived from these drawings without inventive effort for a person skilled in the art. In the drawings:
FIG. 1 is a schematic view of an automotive host system shown in an exemplary embodiment of the present application;
FIG. 2 is a flow diagram illustrating a method for preventing an automobile software system crash in accordance with an exemplary embodiment of the present application;
FIG. 3 is a flow chart illustrating a specific response of a method for preventing a crash of an automotive software system in accordance with an exemplary embodiment of the present application;
FIG. 4 is a schematic diagram of a system for preventing a crash of an automotive software system in accordance with an exemplary embodiment;
FIG. 5 is a schematic block diagram of a computer system suitable for use in implementing an electronic device according to embodiments of the present application.
Detailed Description
Other advantages and effects of the present invention will become apparent to those skilled in the art from the disclosure herein, wherein the embodiments of the present invention are described in detail with reference to the accompanying drawings and preferred embodiments. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It should be understood that the preferred embodiments are presented for purposes of illustration only and are not intended to limit the scope of the present disclosure.
It should be noted that the drawings provided in the following embodiments are only for schematically illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings and not drawn according to the number, shape and size of the components in actual implementation, and the form, quantity and proportion of each component in actual implementation may be changed freely, and the component layout may be more complicated.
In the following description, numerous details are set forth to provide a more thorough explanation of embodiments of the present invention, however, it will be apparent to one skilled in the art that embodiments of the present invention may be practiced without these specific details, and in other embodiments, well-known structures and devices are shown in block diagram form, rather than in detail, in order to avoid obscuring embodiments of the present invention.
Firstly, it should be noted that the software defined automobile is a software technology which determines the future automobile and takes artificial intelligence as a core, and is different from the requirements of the current automobile horsepower size, leather sofa seat, mechanical performance and the like, and the requirement of the future automobile on intellectualization is higher, namely, the automatic driving automobile is an integrated body integrating artificial intelligence, big data and cloud computing technology, and can reduce traffic accidents to a certain extent, improve traffic efficiency and reduce travel cost.
Fig. 1 is a schematic diagram of an automobile main system according to an exemplary embodiment of the present application, where as the intellectualization of an automobile is gradually improved, functions of software integrated in the automobile are more and more increased, the software is more and more complex, and update iterations of the software are more and more frequent, and the automobile main system in the schematic diagram includes a storage server, a database, a management server, a mobile server, a networking server, and the like, where the storage server is used to store data in a software operation process, the database is used to store part of data or original architecture data that needs to be used, the management server is used to manage software operation, and the networking server is used to upload data in real time, and meanwhile, the mobile server is used to share data in a current state, and the automobile main system further includes some servers that are not listed yet, so as to implement the intellectualization of the automobile, and expand functions of the automobile, including but not limited to a print server.
According to the practical needs, the automobile main system needs to be updated in the application, especially, when an engineer debugs the automobile host in a workshop, the stability of the automobile main system and the resistance to external attacks during updating need to be tested, in order to guarantee the quick recovery capability of the automobile host and improve the debugging efficiency, the automobile host needs to be quickly recovered by adopting corresponding operation when the automobile host is debugged. When software is updated, the system can crash and crash due to external attacks or external file pollution possibly existing in the updated system installation package and system update failure.
The above section introduces the content of the system architecture applying the embodiment of the technical solution of the present application, and next introduces the method for preventing the crash of the automobile software system completely.
Fig. 2 is a schematic flowchart of a process for preventing a complete crash of an automobile software system according to an embodiment of the present application.
Specifically, as shown in fig. 2, the present embodiment provides a vehicle control method including the steps of:
s210, dividing a special partition in a storage medium of a main board of a host controller of the automobile, and storing a minimum system in the special partition, wherein the minimum system has an upgrading function;
s220, acquiring the state of the main system, including normal operation and breakdown, and if the state of the main system is breakdown, restarting the system to enter a bootloader, wherein the bootloader is provided with a setting mechanism; specifically, the specific determination mechanism determines whether the host system has crashed, if the host system only delays the response, the bootloader does not need to be entered, and if the host system determines that the host system has crashed, the bootloader needs to be started, so that the response processing can be performed under the action of the setting mechanism.
And S230, determining whether the state of the minimum system comprises starting or non-starting according to the setting mechanism, and if the minimum system is started, updating the main system and the related software by the minimum system. Specifically, the minimum system has a upgrading function, wherein the setting mechanism is used for controlling the starting of the minimum system, if the main system determines that the system is crashed and dead, the minimum system is required to be started, and the upgrading function of the minimum system is utilized to upgrade the main system and related software with stable versions, so that the system is prevented from being crashed again.
Therefore, through the record of this embodiment, when car host system collapse crashed, utilize control bootloader to start the minimum system in the car host controller this moment, utilize the minimum system replacement car host system that has crashed the crash to utilize the minimum system to work, because the function of minimum system includes the function of upgrading, in order to guarantee the stability of minimum system, minimum system itself can not upgrade, the minimum system can upgrade the major system, upgrade car major system and relevant software to stable version, realize realizing that the rescue of car host collapse crash or people realize that the system rolls back under the condition that need not dismantle the complete machine.
In an exemplary embodiment, upon obtaining a state of a host system, wherein the state of the host system includes normal operation and crash, comprising: setting a watchdog program in the main system, wherein a code corresponding to the watchdog program is in watchdog.c; the watchdog program is a basis for detecting whether a main system crashes, wherein the main system sets a watchdog kernel process, and the watchdog kernel process periodically updates a first variable; and a checking mechanism is arranged in the watchdog kernel process, wherein the checking period of the checking mechanism is the same as the updating period of the first variable, the updating state of the first variable is determined according to the checking mechanism, and if the number of times that the first variable is not updated reaches a set value, the state of the main system is broken. In this embodiment, by specifically disclosing the operation flow corresponding to the watchdog program, whether the main system crashes or crashes is monitored, and meanwhile, a misoperation caused by response delay of the main system can be avoided, that is, the number of times of non-updating of the variable one and the number of times of checking the checking mechanism are used for judgment, and in the process, the number of times of non-updating of the variable one and the number of times of checking the checking mechanism are continuous numbers.
Specifically, in an example, in the process of determining that the state of the minimum system includes startup or non-startup according to the setting mechanism, that is, the startup control of the minimum system, the method includes: the bootloader receives and identifies control signals of a hardware mechanism and a software mechanism; and determining the state of the total control signal of the bootloader by receiving the states of the control signals of the hardware mechanism and the software mechanism, and if any one of the control signals of the hardware mechanism and the software mechanism is a response or both the control signals of the hardware mechanism and the software mechanism are responses, determining the total control signal as a response by the bootloader, and starting a minimum system. The bootloader can receive and identify the control signal, so that the total control signal can be output by using logic judgment, that is, in this example, if one of the control signals in the hardware mechanism and the software mechanism is required to be responded, the total control signal is judged to be responded, and if the control signals of the hardware mechanism and the software mechanism are both responded, the total control signal is judged to be responded.
Specifically, in an example, the principle of the occurrence of the control signal to the hardware mechanism, that is, the bootloader receives and identifies the control signal to the hardware mechanism and the software mechanism, includes: the bootloader monitoring hardware pin level states comprise a low level and a high level; the bootloader sets a pin level state corresponding to a minimum system to be started; and if the monitored hardware pin level state is consistent with the pin level state corresponding to the system with the minimum starting value, outputting a control signal of the hardware as a response. In this example, it is necessary to first set a high level or a low level as a response state, and then when the bootloader receives a response control signal, the control signal of the hardware is output as a response.
Specifically, in an example, the principle of the control signal generation for the software mechanism, that is, the bootloader receives and identifies the control signal of the hardware mechanism and the software mechanism, includes: dividing a mark storage partition and other partitions in a storage medium of the main board of the automobile host controller, and respectively storing mark bits through the mark storage partition and the other partitions; the flag bit states corresponding to the bootloader monitoring flag storage partition and the rest partitions comprise response and non-response; and if any one of the flag bit states of the bootloader monitoring flag storage partition and the rest partitions is a response or both the flag bit states are corresponding, the bootloader determines that the total control signal is a response, and starts a minimum system. In this example, by setting two signal generation states, that is, storing the flag bit in the flag storage partition and the rest of the partitions, the flag bit partition and the rest of the partitions are separated, so that if a signal of one partition cannot be called, a signal of the other partition can ensure the sending of a control signal of the software mechanism, and the judgment accuracy of the software mechanism is ensured.
Specifically, in one example, the minimal system updates the host system and associated software, including: popping up a minimum system operation panel, and displaying an updating module on the operation panel; clicking a display updating module on an operation panel, wherein the clicking mode comprises mouse clicking and key clicking, and selecting a main system version and a software version required by updating; and after the updating is finished, the minimum system controls the main controller of the automobile to restart, the minimum system automatically exits, and the main system starts. In this example, after the minimum system updates the main system and the related software, the minimum system needs to be exited and the main system needs to be restarted, so in this application, the automobile main controller needs to be restarted to ensure the exit of the minimum system, that is, the next restart of the minimum system is started under the action of the bootloader.
Specifically, in one example, the selecting a version of the main system and a version of software required for updating includes: selecting a main system version and a software version upgrade, wherein the main system version does not include a minimum system upgrade, and the main system upgrade and the software version upgrade include contents of a main system partition and an application software partition. In this example, the minimum system only includes an operating system with a few application functions, such as an upgrade function, and only can upgrade the contents of other partitions, so the read-write permission of the minimum system is only read, and the main operating system does not allow the contents of the partition where the minimum system is located to be modified under any circumstances, and is only started by the bootloader.
The bootloader is a mature version, is rarely updated, is relatively pure, and is not easy to be attacked from the outside, and under the general condition, the bootloader partition and the minimum system partition can not be accessed by the main system, so that the safety and the stability of the bootloader are ensured, and the reliability of the function is also ensured.
Specifically, the method comprises the following steps: as shown in fig. 3, because an accident is inevitable, when part of the accidents occur, the system program runs away or enters into a dead loop, the system needs to have a certain self-recovery function, which needs a watchdog, and the specific workflow is as follows: the method comprises the steps that a main system of an automobile is in a normal working state, the main system may be blocked when in the normal working state, however, the blocking cannot easily cause the halt of the main system, and how to distinguish the blocking from the halt is realized. When the main system of the automobile is judged to be crashed, the watchdog program starts the bootloader to send a signal by using a hardware mechanism and a software mechanism, if any or all of the hardware mechanism and the software mechanism send a response signal, the minimum system is started under the action of the bootloader, the specific work content of the minimum system still needs to be controlled by engineering personnel, and the engineering personnel controls whether to update the main system and related software by using the minimum system, wherein the minimum system only can update the contents of other partitions such as a main system partition and an application software partition instead of updating the minimum system.
When the response of the total signal is controlled by the control signals of the hardware mechanism and the software mechanism, the adopted method is that the control signals in the hardware mechanism and the software mechanism are needed, if only one control signal is in response, the total control signal is judged to be in response, and if the control signals of the hardware mechanism and the software mechanism are both in response, the total control signal is judged to be in response. In the judgment of the hardware mechanism, a state that high level or low level is required to be set as response is adopted, and then when the bootloader receives the control signal of the response, the control signal of the hardware is output as the response. In the judgment of the software mechanism, two signal generation states are set, namely, a zone bit is stored in a zone storage partition and other partitions, so that the zone bit partition is separated from the other partitions, and therefore, if a signal of one partition cannot be called, a signal of the other partition can ensure the sending of a control signal of the software mechanism, the judgment accuracy of the software mechanism is ensured, and if any one of the zone bit partition and the other partitions is called or is called at the same time, the judgment state of the software mechanism can be said to be a response, so that the software mechanism is provided with two groups of states, and the judgment accuracy and the judgment stability of the software mechanism can be further ensured.
In summary, the present application provides a method for preventing a software system of an automobile from crashing, wherein a main system is in a normal working process, if the main system is updated, an aggressive program is very easy to be introduced in the updating process, and attacks the main system, so that the main system may crash and crash, so a watchdog program is used to observe whether a variable is continuously updated, if a viewing mechanism checks that the update of the variable one is not updated within a set time, it can be directly determined that the main system is crashed and crashed, because of the main system, the watchdog program can start a bootloader, and the bootloader can control whether the bootloader starts a minimum system through a corresponding hardware mechanism and a corresponding software mechanism, if the minimum system is started, the minimum system can be used to update the main system again, after the main system is updated to a stable version, the automobile loader can be controlled to inflate, it is ensured that the minimum system can be exited, the main system can be restarted, and rollback of the system can be realized, that an engineer can update the stable version of the main system and upgrade of the main system, and the crash and complete machine can be protected without disassembling of the main system.
In an exemplary embodiment, as shown in fig. 4, the present embodiment provides a system for preventing a software system of an automobile from collapsing, the system comprising
A minimum system storage module 410, configured to partition a special partition in a storage medium of a motherboard of an automotive host controller, and store a minimum system in the special partition, where the minimum system has an upgrade function;
a main system judgment module 420, configured to acquire a state of a main system, where the state includes normal operation and crash, and if the state of the main system is crash, restart the system to enter a bootloader, where the bootloader is provided with a setting mechanism;
a minimum system starting module 430, configured to determine, according to the setting mechanism, that the state of the minimum system includes start or no start, and if the minimum system is started, the minimum system updates a main system and related software
Engineers can update the main system and related software with stable version, so as to protect the system rollback without the dead halt of the main machine or the disassembly of the whole machine, and realize the effect of preventing the dead halt
The embodiment provides a system for preventing a vehicle software system from crashing, which is characterized in that firstly, when a vehicle main system crashes when suffering from external attack, a watchdog program is used for observing whether a variable is continuously updated or not, if an inspection mechanism checks whether the update of a variable one is within a set time or not, the main system can be directly judged to be crashed, because of the main system, the watchdog program can start a bootloader at the moment, the bootloader can control the bootloader to start a minimum system or not through a corresponding hardware mechanism and a corresponding software mechanism, if the minimum system is started, the main system can be updated and upgraded again through the minimum system, and after the main system is updated to a stable version, an automobile main controller can be controlled to inflate, so that the minimum system can be quitted, the main system is started, the main system is restarted, and the rollback of the system is realized, namely, engineering personnel can update the main system and related software of the stable version, and the effect of preventing the system from crashing or the complete machine from being disassembled is realized.
An embodiment of the present application further provides an electronic device, including: one or more processors; the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the electronic device is enabled to implement the method for preventing the automobile software system from crashing provided in the above embodiments.
FIG. 5 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application. It should be noted that the computer system 500 of the electronic device shown in fig. 5 is only an example, and should not bring any limitation to the function and the scope of the application of the embodiments.
As shown in fig. 5, the computer system 500 includes a Central Processing Unit (CPU) 501, which can perform various appropriate actions and processes, such as executing the methods described in the above embodiments, according to a program stored in a Read-Only Memory (ROM) 502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data necessary for system operation are also stored. The CPU 1201, the ROM 502, and the RAM 503 are connected to each other through a bus 504. An Input/Output (I/O) interface 505 is also connected to bus 504.
The following components are connected to the I/O interface 505: an input portion 506 including a keyboard, a mouse, and the like; an output section 507 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN (Local area network) card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. A drive 510 is also connected to the I/O interface 505 as needed. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as needed, so that a computer program read out therefrom is mounted in the storage section 1208 as needed.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 509, and/or installed from the removable medium 511. The computer program executes various functions defined in the system of the present application when executed by a Central Processing Unit (CPU) 501.
It should be noted that the computer readable media shown in the embodiments of the present application may be computer readable signal media or computer readable storage media or any combination of the two. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer-readable signal medium may include a propagated data signal with a computer program embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. The computer program embodied on the computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software or hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
Another aspect of the present application further provides a computer-readable storage medium, on which a computer program is stored, wherein the computer program, when executed by a processor of a computer, causes the computer to execute the method for updating road condition as described above. The computer-readable storage medium may be included in the electronic device described in the above embodiment, or may exist separately without being incorporated in the electronic device.
Another aspect of the application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instruction from the computer-readable storage medium, and executes the computer instruction, so that the computer device executes the road condition refreshing method provided in the above embodiments.
The foregoing embodiments are merely illustrative of the principles of the present invention and its efficacy, and are not to be construed as limiting the invention. Those skilled in the art can modify or change the above-described embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention are covered by the claims of the present invention.

Claims (10)

1. A method for preventing a crash of an automotive software system, the method comprising:
dividing a special partition in a storage medium of a main board of an automobile host controller, and storing a minimum system in the special partition, wherein the minimum system has an upgrading function;
acquiring the state of a main system, including normal operation and breakdown, if the state of the main system is the breakdown, restarting the system to enter a bootloader, wherein the bootloader is provided with a setting mechanism;
and determining the state of the minimum system to comprise starting or non-starting according to the setting mechanism, and if the minimum system is started, updating the main system and the related software by the minimum system.
2. The method for preventing crash of automotive software system according to claim 1, wherein said obtaining the state of the main system comprises normal operation and crash, comprising:
setting a watchdog program in the main system, wherein a code corresponding to the watchdog program is in watchdog.c;
the method comprises the steps that a main system sets a watchdog kernel process, and the watchdog kernel process periodically updates a first variable;
and a checking mechanism is arranged in the watchdog kernel process, wherein the checking period of the checking mechanism is the same as the updating period of the first variable, the updating state of the first variable is determined according to the checking mechanism, and if the number of times that the first variable is not updated reaches a set value, the state of the main system is broken down.
3. The method for preventing crash of automotive software system according to claim 1, wherein said determining the state of said minimum system according to said setting mechanism comprises startup or no startup, comprising:
the bootloader receives and identifies control signals of a hardware mechanism and a software mechanism;
and determining the state of the total control signal of the bootloader by receiving the states of the control signals of the hardware mechanism and the software mechanism, and if any one of the control signals of the hardware mechanism and the software mechanism is a response or both the control signals of the hardware mechanism and the software mechanism are responses, determining the total control signal as a response by the bootloader and starting a minimum system.
4. The method for preventing crash of software system in automobile according to claim 3, wherein said bootloader receives and recognizes control signals of hardware mechanism and software mechanism, comprising:
the bootloader monitors the level state of the hardware pin to comprise a low level and a high level;
the bootloader sets a pin level state corresponding to a minimum system to be started;
and if the monitored hardware pin level state is consistent with the pin level state corresponding to the system with the minimum startup setting, outputting a control signal of the hardware as a response.
5. The method for preventing crash of software system in automobile according to claim 3, wherein said bootloader receives and identifies control signals of hardware mechanism and software mechanism, comprising:
dividing a mark storage partition and other partitions in a storage medium of the main board of the automobile host controller, and respectively storing mark bits through the mark storage partition and the other partitions;
the flag bit states corresponding to the bootloader monitoring flag storage partition and the rest partitions comprise response and non-response;
and if the states of the flag bit of the bootloader monitoring flag storage partition and the flag bit of the rest partitions are either response or both response, the bootloader determines that the total control signal is response, and starts the minimum system.
6. The method for preventing crash of software in a vehicle as set forth in claim 1, wherein said minimal system updates a host system and associated software, comprising:
popping up a minimum system operation panel, and displaying an updating module on the operation panel;
clicking a display updating module on an operation panel, wherein the clicking mode comprises mouse clicking and key clicking, and selecting a main system version and a software version required by updating;
and after the updating is finished, the minimum system controls the main controller of the automobile to restart, the minimum system automatically quits, and the main system starts.
7. The method for preventing crash of software system in automobile according to claim 6, wherein said selecting a version of main system and a version of software required for update comprises:
a main system version and a software version upgrade are selected, wherein the main system version does not include a minimum system upgrade, and the main system upgrade and the software version upgrade include contents of a main system partition and an application software partition.
8. A system for preventing a crash of an automotive software system, comprising:
the system comprises a minimum system storage module, a storage module and a minimum system updating module, wherein the minimum system storage module is used for dividing a special partition in a storage medium of a main board of an automobile host controller and storing a minimum system in the special partition, and the minimum system has an upgrading function;
the system comprises a main system judgment module, a system management module and a system management module, wherein the main system judgment module is used for acquiring the state of a main system, including normal operation and breakdown, and restarting the system to enter a bootloader if the state of the main system is breakdown, wherein the bootloader is provided with a setting mechanism;
and the minimum system starting module is used for determining whether the state of the minimum system comprises starting or non-starting according to the setting mechanism, and if the minimum system is started, the minimum system updates the main system and the related software.
9. An electronic device, characterized in that the electronic device comprises:
one or more processors;
storage means for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement the method of preventing a crash of an automotive software system as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor of a computer, causes the computer to execute the method for preventing a crash of an automotive software system of any one of claims 1 to 7.
CN202211037910.8A 2022-08-26 2022-08-26 Method, system, electronic device and storage medium for preventing automobile software system from crashing Pending CN115421952A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211037910.8A CN115421952A (en) 2022-08-26 2022-08-26 Method, system, electronic device and storage medium for preventing automobile software system from crashing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211037910.8A CN115421952A (en) 2022-08-26 2022-08-26 Method, system, electronic device and storage medium for preventing automobile software system from crashing

Publications (1)

Publication Number Publication Date
CN115421952A true CN115421952A (en) 2022-12-02

Family

ID=84200807

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211037910.8A Pending CN115421952A (en) 2022-08-26 2022-08-26 Method, system, electronic device and storage medium for preventing automobile software system from crashing

Country Status (1)

Country Link
CN (1) CN115421952A (en)

Similar Documents

Publication Publication Date Title
EP1668509B1 (en) Method and apparatus for monitoring and resetting a co-processor
US11392461B2 (en) Method and apparatus for processing information
US7702896B1 (en) Interactive firmware recovery
CN112199162B (en) Disk snapshot method, device and medium based on virtualized disk double-active disaster tolerance
US7962736B1 (en) Interactive pre-OS firmware update with repeated disabling of interrupts
US7546585B2 (en) Method, system and computer program product for testing computer programs
CN114064132A (en) System downtime recovery method, device, equipment and system
CN104573529A (en) BIOS firmware dividing and updating method and system
CN115658321A (en) Method and device for acquiring fault information of automobile instrument, electronic equipment and storage medium
US8898653B2 (en) Non-disruptive code update of a single processor in a multi-processor computing system
CN114138644A (en) BMC (baseboard management controller) debugging method, monitoring method, system, device, equipment and medium
CN114884796A (en) Fault processing method and device, electronic equipment and storage medium
CN113805925A (en) Online upgrading method, device, equipment and medium for distributed cluster management software
CN109753415B (en) Processor verification system and processor verification method based on same
CN115421952A (en) Method, system, electronic device and storage medium for preventing automobile software system from crashing
CN115903722A (en) Self-recovery method, system, equipment and medium for automobile automatic driving controller system after upgrading power failure
CN115033261A (en) Program updating method, device, equipment and storage medium
CN113127162B (en) Automatic task execution method and device, electronic equipment and computer storage medium
US11567751B2 (en) Providing system updates in automotive contexts
CN114189441B (en) Method for upgrading nodes in blockchain and related products
CN117827547B (en) Method and system for recovering touch abnormality of vehicle-mounted display screen, electronic equipment and medium
JP2000339199A (en) Tm save analyzing method
CN116691367A (en) Vehicle power torque control method and device, electronic equipment and storage medium
CN113111320A (en) Transportation safety protection method of server and server
CN114670869A (en) System, system starting method and device and automatic driving vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination