Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F9/00—Arrangements for program control, e.g. control units
  • G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
  • G06F9/46—Multiprogramming arrangements
  • G06F9/54—Interprogram communication
  • G06F9/546—Message passing systems or structures, e.g. queues
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L12/00—Data switching networks
  • H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
  • H04L12/40—Bus networks
  • H04L12/40006—Architecture of a communication node
  • H04L12/40026—Details regarding a bus guardian
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L12/00—Data switching networks
  • H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
  • H04L12/40—Bus networks
  • H04L12/407—Bus networks with decentralised control
  • H04L12/413—Bus networks with decentralised control with random access, e.g. carrier-sense multiple-access with collision detection (CSMA-CD)
  • H04L12/4135—Bus networks with decentralised control with random access, e.g. carrier-sense multiple-access with collision detection (CSMA-CD) using bit-wise arbitration
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L43/00—Arrangements for monitoring or testing data switching networks
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
  • H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04J—MULTIPLEX COMMUNICATION
  • H04J3/00—Time-division multiplex systems
  • H04J3/02—Details
  • H04J3/06—Synchronising arrangements
  • H04J3/0635—Clock or time synchronisation in a network
  • H04J3/0685—Clock or time synchronisation in a node; Intranode synchronisation
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L12/00—Data switching networks
  • H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
  • H04L12/40—Bus networks
  • H04L2012/40208—Bus networks characterized by the use of a particular bus standard
  • H04L2012/40241—Flexray

Definitions

• the present invention relates to a monitoring unit locally associated with a bus controller of a subscriber of a communication system for monitoring and controlling access to a data bus.
• the bus controller accesses the data bus via a bus driver, and the monitoring unit monitors and controls the access authorization of the bus driver.
• the invention also relates to a subscriber of a communication system comprising a data bus.
• the subscriber has a bus controller and a bus driver, the bus controller being connected to the data bus via the bus driver.
• the subscriber has a monitoring unit assigned to the bus controller for monitoring and controlling the access authorization of the bus driver to the data bus.
• CAN Controller Area Network
• TTCAN Time Triggered CAN
• TTP / C Time Triggered Protocol Class C
• FlexRay is a fast, deterministic and fault-tolerant bus system, especially for use in motor vehicles.
• the FlexRay protocol operates on the principle of Time Division Multiple Access (TDMA), whereby the subscribers or the messages to be transmitted are assigned fixed time slots in which they have exclusive access to the communication connection. The time slots are repeated in a fixed cycle, so that the time at which a message is transmitted over the bus, can be accurately predicted and the bus access is deterministic.
• TDMA Time Division Multiple Access
• FlexRay divides the communication cycle into a static and a dynamic part or into a static and a dynamic segment.
• the fixed time slots are located in the static part at the beginning of the bus cycle.
• the time slots are specified dynamically.
• the exclusive bus access is only possible for a short time, for the duration of at least one so-called mini slot. Only if a bus access occurs within a minislot, the time slot is extended to the time required for the access. Thus, bandwidth is only consumed when it is actually needed.
• FlexRay communicates via one or two physically separate lines with a maximum data rate of 10 Mb / s. Of course, FlexRay can also work with operated at lower data rates.
• the two channels correspond to the physical layer, in particular the so-called OSI (Open System Architecture) layer model. These are mainly used for the redundant and thus fault-tolerant transmission of messages, but can also transmit different messages, which could then double the data rate. It is also conceivable that the signal transmitted via the connecting lines results as a difference signal.
• the physical layer is designed such that it enables electrical or optical transmission of the signal or signals via the line (s) or a transmission by other means, for example by radio.
• the global time is a system-wide time base to which the local times of the nodes (nodes or controllers) of the communication system are synchronized.
• Global time plays an important role in timing in communication and in the application (time-controlled operating systems such as (OSEKtime), but also in diagnostic functions and error detection or error handling, which means that each communication controller (host or participant) has one
• a communication system has its own clock (for example, a quartz oscillator), which is synchronized with all the other clocks in the system (so-called local time base) via the mechanism of global time synchronization messages in the static part of the synchronization Cycle, where using a special algorithm according to the FlexRay specification, the local time of a subscriber is corrected so that all local clocks run synchronously to a global clock.
• BG bus guardian
• the local bus guardian is supplied via the clock of the bus controller and its lap information is used for the monitoring function.
• the current FlexRay protocol specification v2.1 describes a concept that is limited in terms of the time monitoring of the communication protocol or the communication controller.
• a macrotick (MT) of the local FlexRay communication controller clocks its local bus guardian.
• the time slot with transmit activity is also indicated by the communication controller by an ARM signal.
• the timing (the temporal activities) of the monitored FlexRay communication controller is only by a
• Offset correction is available, for example, with TTCAN, TTP / C, and FlexRay, whereby in FlexRay the offset correction phase takes place during the so-called Network Idle Time (NIT) of the local communication controller at the end of a communication cycle.
• NIT Network Idle Time
• the correction of the offset at the end of a communication round or a double round shortens or lengthens the local round within specified specified limits.
• the next round of communication begins sooner or later due to the correction of a few so-called microticks ( ⁇ T).
• ⁇ T microticks
• the local bus guardian must allow this offset correction.
• the timer monitor must accept this.
• the transmission timeslots of the different subscribers may overlap. The likelihood of overlap increases as the number of laps increases.
• the Bus Guardian concept according to the FlexRay protocol specification v2.1 is based on the assumption that the described error cases due to permanent disturbances occur only with low probability or these disturbances or errors Additional measures can be detected in the participant host or by additional functionalities.
• the release of the actuator is carried out exclusively on successful question-answer communication, ie the question asked by the monitoring component to the control unit is answered correctly by the controller on the one hand within a given time window and on the other hand and asked a question asked by the control unit of the Surveillance component correctly answered within a given time window. If the control unit and the monitoring component are asked questions that have the same correct answer, the release of the actuator is done only if the response of the controller with the response of the monitoring component (1 1 A computer concept).
• the principle of release is based on an electrical circuit, the so-called release circuit (in the known from DE 198 26 131 Al embodiment in the form of a UN D link), which is implemented between the control unit (the process computer) and the monitoring unit.
• the selection of questions from the list can be random or purely cyclic.
• An important part of the question-answer communication are the timers for preferably periodically starting the question-answer communication and setting the time window allowed for the answers.
• the time window describes the period between the earliest possible and the latest possible arrival of the answer.
• the present invention has the object to extend known Bus Guardian concepts for communication systems to the effect that even permanent disturbances in the participants or in the bus controllers of the participants are detected and corrected or corrected if necessary can.
• the monitoring unit has means for realizing a question-answer communication with the bus controller, and only releases the access of the bus controller to the data bus, if the question-answer communication results in the proper functioning of the bus controller.
• the monitoring concept known per se from the monitoring of control units is transmitted to the bus controller and the monitoring unit of the participants of a communication system for carrying out a question and answer communication.
• the monitoring concept is therefore transferred to the FlexRay communication controller and the FlexRay bus guardian.
• the proposed monitoring concept is not limited to use in FlexRay communication systems, but can be used in any communication systems that have a monitoring unit (eg, a bus guardian) to monitor the function of a bus controller.
• the monitoring unit must use the question and answer concept to detect possible errors in the bus controller, in particular due to permanent disturbances in the bus controller, which lead to the problems described above.
• the question-answer communication between the bus controller and the monitoring unit preferably takes into account the following possible errors:
• the monitoring unit takes over the task of a monitoring computer and provides, preferably periodically, questions to its associated bus controller, to then monitor the receipt of the correct answer within a specified time window. In the event that the time window is not respected or an incorrect answer to the question arrives, the monitoring unit takes over the shutdown of the bus controller or prevents the active transmission of messages by the bus controller.
• the response of the monitoring unit to failed question-answer communication may be either temporary (for one or more communication cycles), or permanent in nature (until the subscriber or the entire communication system shuts down).
• the present invention eliminates the conceptual weaknesses of the hitherto known monitoring concept, in particular the known Bus Guardian concept in the FlexRay protocol specification v2.1. In this case, a cost-optimized implementation is possible because only necessary logic / functionality extends the monitoring unit, namely the monitoring functionality of the question-answer communication.
• the integration of the concept in so-called monitoring computers has particular advantages. This saves costs when introducing new ones
• the present invention has particular advantages for implementation in a FlexRay communication system, wherein the bus guardians and the communication controllers of the users of a FlexRay communication system are designed to perform the question-answer communication.
• the monitoring unit needs to be supplemented with a list of questions and corresponding answers.
• the monitoring unit is supplemented by a mechanism which allows for preferably periodic questions, setting according to the timers for the time window, monitoring this time window and checking the response.
• the monitoring unit has a pin for releasing the bus controller and for operating an optionally present in the participant release circuit.
• the proposed concept deliberately tests the logic of the bus controller responsible for calculating the clock synchronization values (for synchronization of the subscriber's local time base to the global time base of the communication system).
• a simple read-back mechanism can be performed on the relevant clock registers for clock synchronization.
• This is an advanced Interface between the monitoring unit and the bus controller provided.
• the FlexRay protocol currently proposes the exchange of information via an SPI (Serial Peripheral Interface) interface.
• SPI Serial Peripheral Interface
• the SPI interface is a simple synchronous serial data bus. This interface would also be sufficient for the question-and-answer communication according to the present invention.
• the previous functionality of the monitoring unit for example the functionality of the bus guardian according to FlexRay protocol specification v2.1, can be completely retained.
• the invention proposes that the monitoring unit is extended by a logic that specifically checks the input set of the bus controller for the clock synchronization.
• the aim is to keep the quality of the clock synchronization high and to detect and, if necessary, prevent faults due to permanent faults. If this is not successful, the user or the bus controller or the bus driver should be set to a fail-silent mode in order to avoid the transmission of the bus controller or to block any available enable circuit for the bus controller ,
• the monitoring unit is supplied via an interface to the bus controller with information regarding the synchronization messages (sync frames, data frame for synchronization of the local time base), which form the basis for the clock synchronization in the bus controller.
• the monitoring unit is thus provided with information which of the sync frames were received by the local bus controller, decoded and used for the calculation of correction values (for the local time base). For this purpose, in the bus controller, a list with information regarding the synchronization messages (sync frames, data frame for synchronization of the local time base), which
• Synchronization messages are created, as proposed for example in the FlexRay protocol specification v2.1. This list can now be subjected to the following checks as part of the question-answer communication:
• a majority vote can be taken on the number of available sync frames. If a critical number of sync frames is undershot, there is a risk that the following calculations the correction values were based on an inaccurate local time base and therefore lead to incorrect results.
• the limit of the minimum permissible number of sync frames is preferably adapted to the settings of the bus controller.
• a corresponding check of the number of available sync frames can also be carried out in the bus controller. Through the redundant execution of the verification of the number of existing sync frames by the monitoring unit, a consistency check can be performed. If there are different results, the monitoring unit should avoid sending messages by the local bus controller or any existing ones
• a fault rate correction for the global time base of the communication system calculated by a bus controller which then results in the local time base of the subscriber or bus controller, can have various causes.
• the erroneous calculation may result from an incorrect input set or due to an error in a calculation logic of the bus controller. To verify the proper functioning of the calculation logic, several possibilities are suggested:
• the calculation of the rate correction is performed in the same way as in the bus controller, ie in the monitoring unit, there is an identical implementation of the mechanism of the bus controller for Calculation of rate correction.
• the values of the input set are present in the monitoring unit in the manner described above.
• the calculation results are also available in the bus controller and can be compared with the results of the monitoring unit. This is additional communication via an interface between the
• Monitoring unit and the bus controller necessary. If different results are obtained, the monitoring unit must avoid the transmission of messages by the local bus controller or block any existing enable circuit.
• the monitoring unit can also ask specific questions to the calculation logic of the bus controller, which is responsible for the calculation of the rate correction values.
• the calculation logic must return a response to the monitoring unit. The required response must be made within a specified time window. The monitoring unit compares this
• the correct function of the calculation logic for the rate correction of the bus controller is preferably checked periodically. Permanent disturbances and the resulting errors can thus be determined.
• the monitoring unit must avoid the transmission of messages by the local bus controller or disable an enable circuit accordingly.
• the reason for incorrect application of a correctly calculated value for the global time base rate correction by the bus controller may be due to several causes.
• MT macrotick
• a memory element for example a memory register
• the following mechanisms are proposed: a) The monitoring unit receives a value for the rate correction communicated from the bus controller via the interface and compares the value with the corresponding memory value in a control register of the bus controller. If there are different results, the monitoring unit must avoid the transmission of messages by the local bus controller
• the monitoring unit can ask specific questions to the logic of the bus controller, which is responsible for the macrotick generation.
• the logic must return a response to the monitoring unit. The required
• the monitoring unit compares the result with a corresponding locally stored answer to this question.
• the correct function of the macrotick generation logic is preferably periodically checked. Permanent disturbances and the resulting errors can be detected. In this case, the monitoring unit must avoid the transmission of messages by the local bus controller or block any existing enable circuit.
• the monitoring unit receives the number of microticks ( ⁇ T) per round or the number of microticks ( ⁇ T) per macrotick (MT) from the bus controller.
• the information is exchanged via the interface between the bus controller and the monitoring unit.
• the information is exchanged and adjusted from round to round. For comparison by the monitoring unit are
• the bus controller may erroneous in the computation logic of the bus controller due to erroneous input sets or incorrect offset correction for the global time base of the communication system to which the local time base of the subscriber is synchronized. For the detection of a faulty input set, several suggestions have already been made above. The following mechanisms are proposed for detecting an error in the offset correction calculation logic:
• the offset correction from the bus controller is traced. For example, in the monitoring unit, a 1: 1
• the values of the input set are present in the monitoring unit as described above.
• the calculation results of the offset correction are also present in the bus controller and can be compared with the results of the monitoring unit. This requires additional communication via the interface between the monitoring unit and the bus controller. If different results are obtained, the monitoring unit must avoid the transmission of messages by the local bus controller or block any existing enable circuit.
• the monitoring unit asks specific questions to the logic of the bus controller, which is responsible for calculating the offset correction values.
• the calculation logic must return a response to the monitoring unit. The required response must be made within specified time windows.
• Monitoring unit compares the result with their locally stored answers. In particular, it is checked whether the response of the bus controller is the correct answer to the question asked. Thus, the correct function of the calculation logic is preferably checked periodically. Permanent disturbances and the resulting errors are detected. In this case, the
• Monitoring unit sending messages through the local bus Avoid controller or block any existing enable circuit.
• the cause of the bus controller not correctly applying a correctly calculated global time base offset correction may be in the logic of the offset application or in a memory element, such as a memory register, for the correction value. In any case, this will cause an incorrect correction value to be used for the offset correction.
• the monitoring unit receives the offset correction value from the bus controller via the interface and compares the correction value with the memory value in a control register of the bus controller. If different results are obtained, the monitoring unit must avoid the transmission of messages by the local bus controller or block any existing enable circuit.
• the monitoring unit asks specific questions to the logic of the bus controller, which is responsible for the offset application, for FlexRay, for example, during network idle time (NIT).
• the logic must return a response to the monitoring unit.
• the required answer must be made within specified time windows.
• the monitoring unit compares the result with its locally stored answers, in particular it checks whether it is the correct answer to the question asked.
• the correct function of the offset application is preferably checked periodically. Permanent disturbances and the resulting errors are detected. In this case, the monitoring unit must avoid the transmission of messages by the local bus controller or any existing ones
• the monitoring unit compares a microtick counter ( ⁇ T counter) of the bus controller before the offset correction with the microtick counter after the offset correction. These microtick counters are exchanged via the interface between the bus controller and the monitoring unit. The difference of the microtick counter before and after the offset correction must be within predefined ranges. If these ranges are exceeded and no values are supplied, the monitoring unit must avoid the transmission of messages by the local bus controller or block any enable circuits that may be present.
• ⁇ T counter microtick counter
• FIG. 1 shows a communication system according to the invention according to a preferred embodiment
• FIG. 2 shows a subscriber of a communication system known from the prior art
• FIG. 3 shows a subscriber according to the invention of the FlexRay
• FIG. 1 a simplified topology of a FlexRay communication system is indicated in its entirety by the reference numeral 1.
• the communication system comprises a physical layer, which in the present case is designed as a data bus 2 with two electrically conductive lines.
• the physical layer can also be realized by optical waveguides or by radio links. Likewise, it is conceivable not to provide two separate transmission channels, but only one channel.
• the host Connected to the data bus 2 are a plurality of subscribers 3, which are also referred to as controllers or hosts. Strictly speaking, however, the host also comprises a microcontroller, which is denoted by reference numeral 4 in FIG. Thus, the subscriber 3 and the microcontroller 4 together form the actual host 5.
• the subscribers 3 of the communication system each comprise a communication controller 6, which receives data 7 to be transmitted via the data bus 2 from the microcontroller 4 and according to the protocol specification used in the communication system 1, in the illustrated example according to the FlexRay protocol specification v2.1, into the correct data format for transmission over the data bus 2 brings.
• the information 7 in the correct data format is transmitted to the bus driver 8 of the subscriber 3, which places it in a form required for transmission over the data bus, also in accordance with the protocol specification used.
• 3 bus guards 9 (Bus Guardian) are provided in the participants, which monitor and control the access authorization of the bus driver 8.
• the bus drivers 8 can only apply information or data packets to the data bus 2 if they receive a corresponding enable signal 10 from the associated bus guardian 9.
• the FlexRay communication system 1 from FIG. 1 has a particularly simple topology.
• the topology of the data bus 2 may also be annular or star-shaped.
• amplifier elements for example an active star, in the data bus structure 2 for transmission of the data packets over relatively long distances.
• FIG. 2 shows a FlexRay subscriber 3 known from the prior art with a known Bus Guardian concept.
• the concept described in the FlexRay Protocol Specification v2.1 is limited with regard to the time monitoring of the communication protocol or the communication controller 6.
• a macrotick (MT) 13 of the local communication controller 6 clocks its local bus guardian 9.
• the time slot with transmission activity is additionally indicated by an ARM signal 14 of the communication controller 6.
• the time sequences (the so-called timing) of the monitored FlexRay communication controller 6 is roughly monitored only by an RC oscillator 15 or monitored by an additional quartz oscillator (not shown) with a higher resolution.
• the bus guardian 9 thus derives its time base from the corrected macrotick signal 13, which it receives from the communication controller 6.
• the ARM signal 14 is used to synchronize the beginning of a communication cycle or the transmission slots of the communication cycle.
• the RC oscillator 15 allows a rough monitoring of the macrotick signal 13, so that deviations are recognized as such only above 20 to 30% of the signal.
• the time base of the bus guardian 9 is not independent of the time base of the communication controller 6, but depending on the macrotick (MT) signal 13.
• MT macrotick
• the communication controller 6 receives data to be distinguished from the host computer (microcontroller) 4.
• the controller 6 brings the data into the data format prescribed according to the FlexRay protocol specification.
• the data is introduced into a payload segment (so-called payload segment) of a data frame (FlexRay frame).
• the formatted data to be transmitted via the data bus 2 are designated by the reference numeral 16 in FIG.
• the data 16 is transmitted to the bus driver 8, which brings it into a format suitable for data transmission.
• the bus driver 8 then applies the data 16 to be transmitted to the data bus 2 at the time of transmission.
• the activity of the bus driver 8 is monitored and / or controlled so far by the bus guardian 9 that the bus driver 8 can only apply the data 16 to the data bus 2 if the bus guardian 9 has the access authorization of the bus Driver 8 and an enable signal 17 to the bus driver 8 applies.
• the known monitoring concept has particular weaknesses in cases where there are permanent disturbances due to errors or inaccuracies in the communication controller 6 to a creeping shift of the transmission timeslots of the subscriber 3 in the other transmission time slots according to the communication schedule remaining participants 3 of the communication cycle. For example, there is a problem that the
• the local communication controller 6 can be transmitted to the bus guardian 9.
• the clock correction of the FlexRay communication controller 6 is faulty according to the protocol specification v2.1 or the setting of setting registers for the clock correction of the communication controller 6 is faulty and undiscovered, the local communication controller 6 drifts and thus also the local Bus guardian 9 compared to the rest of the communication network 1.
• the transmission slots of the communication cycle for the subscriber 3, the communication controller 6 has errors or inaccuracies in the local time base, so over time in the transmission time slots of the other
• Another problem is the so-called offset correction phase during the so-called Network Idle Time (NIT) of the local communication controller 6 at the end of a communication cycle.
• the offset correction phase is used inter alia to synchronize the local time base of the subscriber 3 on the global time base of Communication System 1. In order to make such a correction, it may be corrected within specified limits. The subsequent communication round starts by a few microticks ( ⁇ T) sooner or later. The local bus guardian 9 must allow this correction. The timer monitoring must accept this. However, there is no bus guardian knowledge regarding the effects of offset correction on the next round of communication. Also in this case, the transmission time slots may overlap. The likelihood of such overlap increases as the number of laps increases.
• FIG. 3 An inventive participant 3 is shown in detail in Figure 3.
• the bus guardian 9 has been circuitically and functionally extended in comparison to a known FlexRay bus guardian (see FIG. 2) in such a way that even permanent disturbances of the FlexRay communication controller 6 when accessing the data bus 2 are secure and reliably detected and appropriate remedial and countermeasures can be taken.
• the proposed solution according to the invention is particularly simple and inexpensive to implement, but at the same time extremely effective.
• an interface 18 is arranged, which is designed for example as an SPI (Serial Peripheral Interface) interface.
• the bus guardian 9 can selectively transmit questions to the communication controller 6 via this interface 18, and the communication controller 6 can transmit the answers calculated to the questions back to the bus guardian 9.
• a question and answer communication between the bus guardian 9 and the communication controller 6 can be realized via the interface 18.
• a list 19 with various questions and a list 20 with the corresponding correct answers to the questions from the list 19 are stored are.
• the lists 19 and 20 can also be combined into a common list.
• the lists 19 and 20 can also be stored on a memory outside the bus guardian 9, in which case questions and / or answers are transmitted to the bus guardian 9 as needed.
• the bus guardian 9 means 21 must be provided to initiate a question-answer communication at certain times, preferably periodically.
• the macrotick (MT) signal 13 of the communication controller 6 and / or a clock signal of the RC oscillator can be used. Even if the MT signal 13 is drifting because, for example, the clock synchronization in the communication controller 6 is erroneous, and thus there is an error of the controller 6, this error can be detected with the present invention solely by the question-answer communication.
• the communication controller 6 will provide a false result or result, but outside the allowable response window.
• the effectiveness of the procedure depends crucially on the nature of the questions asked. These must be matched to the component and / or function of the communication controller 6 to be monitored. All components / functions to be monitored must be covered by the questions. A defect of the component / function must actually lead to a faulty response.
• a suitable question is selected.
• the questions can be taken from the list 19 either randomly or in a predetermined order, for example in the order in which they are stored in the list 19.
• Certain question and answer combinations are suitable for detecting certain errors of the communication controller 6. Through the specific selection of specific questions, certain functions and / or properties of the communication controller 6 can therefore be checked for proper functioning.
• the lists 19 and 20 include such questions and answers which enable a recognition of the following errors: a) Error of the input set (the synchronization messages actually used, sync frames) for the clock synchronization, b) incorrect calculation of the rate correction, c) incorrect application of correctly calculated rate correction values, d) incorrect calculation of the offset Correction, and e) incorrect application of correctly calculated offset correction values.
• the means 21 in other means 22 for checking the response start a timer for a time window within which the response must be received from a properly functioning communication controller 6. Compliance with this time window is monitored by the means 22. If a response from the communication controller 6 is received within the time window, this response is checked in the means 22 for correctness. For this purpose, the means 22 compare the received answer with the correct answer from the list 20. Only when the correct answer is received within the defined time window, the bus guardian 9 releases the access to the data bus 2 by the enable signal 17.
• the questions asked by the bus guardian 9 to the communication controller 6 may include one or more of the following questions:
• additional information must in some cases be transmitted from the communication controller 6 to the bus guardian 9 via the interface 18.
• additional information to be transmitted include, for example:

Applications Claiming Priority (2)

Publications (1)

Family

ID=37899267

Family Applications (1)

Country Status (5)

Families Citing this family (19)

Family Cites Families (5)

• 2005
  • 2005-12-22 DE DE102005061392A patent/DE102005061392A1/de not_active Ceased
• 2006
  • 2006-12-12 EP EP06830568A patent/EP1966695A1/de not_active Withdrawn
  • 2006-12-12 WO PCT/EP2006/069620 patent/WO2007074058A1/de active Application Filing
  • 2006-12-12 CN CN2006800485491A patent/CN101346698B/zh not_active Expired - Fee Related
  • 2006-12-12 US US12/086,472 patent/US20100229046A1/en not_active Abandoned

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events