EP3991029A1 - Procédé de dialogue avec un calculateur sur bus embarqué de véhicule - Google Patents
Procédé de dialogue avec un calculateur sur bus embarqué de véhiculeInfo
- Publication number
- EP3991029A1 EP3991029A1 EP20733358.4A EP20733358A EP3991029A1 EP 3991029 A1 EP3991029 A1 EP 3991029A1 EP 20733358 A EP20733358 A EP 20733358A EP 3991029 A1 EP3991029 A1 EP 3991029A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- computer
- command
- field
- response
- auxiliary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 230000004044 response Effects 0.000 claims abstract description 99
- 230000008569 process Effects 0.000 claims description 19
- 230000007704 transition Effects 0.000 description 64
- 230000000737 periodic effect Effects 0.000 description 21
- 230000006870 function Effects 0.000 description 18
- 238000012545 processing Methods 0.000 description 18
- 230000005540 biological transmission Effects 0.000 description 12
- 238000009434 installation Methods 0.000 description 12
- 238000002405 diagnostic procedure Methods 0.000 description 10
- 238000010200 validation analysis Methods 0.000 description 8
- 230000008901 benefit Effects 0.000 description 6
- 239000000243 solution Substances 0.000 description 6
- 238000012546 transfer Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 230000004913 activation Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 239000000446 fuel Substances 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 239000007800 oxidant agent Substances 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000001343 mnemonic effect Effects 0.000 description 1
- 230000000135 prohibitive effect Effects 0.000 description 1
- 238000004171 remote diagnosis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/40—Bus structure
- G06F13/4063—Device-to-bus coupling
- G06F13/4068—Electrical coupling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/40—Bus structure
- G06F13/4004—Coupling between buses
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
- G06F9/3885—Concurrent instruction execution, e.g. pipeline or look ahead using a plurality of independent parallel functional units
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/52—Program synchronisation; Mutual exclusion, e.g. by means of semaphores
Definitions
- TITLE Dialogue process with a computer on a vehicle's on-board bus.
- the invention relates to a method of dialogue with a computer on a vehicle's on-board bus.
- the invention relates in particular to a dialogue method from a first bus on board a vehicle, with a first computer connected to a second bus on board the vehicle.
- the method according to the invention is particularly useful for updating on-board computers, while at the same time allowing execution of real-time programs to operate the vehicle.
- Updates to on-board computers and the execution of real-time programs generally require the issuance of commands on one or more on-board buses.
- Time counters are generally implemented to monitor the length of time between issuing a command and receiving a response to that command, with the drawback of increasing the time as the quantity of commands increases.
- document EP1434129A2 discloses a rewrite control apparatus for an on-board program in which a switching command is based on a signal coming from a time counter.
- the disclosed apparatus controls two operational modes, a normal mode which could correspond to a diagnostic mode and an onboard program rewrite mode, usable for a computer update.
- the disclosed apparatus switches from normal mode to rewrite mode when it receives a program rewrite command from a server, and switches from rewrite mode to normal mode when it receives a command to switch to normal mode for the rewrite mode.
- Each switching has the disadvantage of leaving the current mode.
- the subject of the invention is a method of dialogue from a first on-board bus in a vehicle, with a first computer connected to a second on-board bus of the vehicle, the first bus being connected to the second bus by a second computer, in which a third computer connected to the first on-board bus, processes a main command intended for the first computer, comprising steps in which:
- the third computer generates a command to write a description of said main command in a first dedicated area of the second computer; - the third computer issues said write command to the second computer when the second computer is detected ready to respond to said write command;
- the second computer sends one or more auxiliary commands to the first computer to respond to the main command after receiving said write command
- the first computer sends a response to each auxiliary command received
- the second computer stores each response received in a second dedicated area
- the third computer issues a read command from said second dedicated zone, to the second computer when the second computer is detected ready to respond to said read command;
- the second computer emits a response to the read command received
- the third computer responds to the main command from at least one receipt of a response to the read command from the second zone of the second computer in which the response sent by the first computer is stored.
- a two-state signal, ready, not ready is periodically emitted by the second computer, for which the method comprises steps in which the second computer positions the signal:
- the method comprises a step in which the third computer waits for the signal positioned in the ready state after having received said signal positioned in the busy state.
- said write command comprises a first frame which includes a first command identifier field, a first identifier field of the first dedicated area, and at least one description field of the main command.
- the description of the main control includes a type field of the main control, an identification field of the second computer, and a field of identification of useful data for the second computer to develop the response sent.
- the method comprises a step in which the second computer sends an acknowledgment to the first computer after receiving said write command.
- the acknowledgment comprises a second frame which comprises an acknowledgment identifier field, and a second identifier field of the first dedicated zone.
- said read command sent by the third computer comprises a third frame which comprises a second command identification field, and a first identifier field of the second dedicated area.
- said response to the read command comprises a fourth frame which comprises a fourth field of identifier of response to the command, a second field of identifier of the second dedicated zone, to the less a field for recalling the description of the main command, and a content field for the response sent by the first computer.
- said main command is a command for reading a datum resident in the first computer, for which the auxiliary command comprises a fifth frame which comprises a read command identification field and an identification field of said resident datum, of so that the response sent by the first computer comprises a sixth frame which comprises an identification field for responding to the read command, an identification field for said resident datum, and a field containing the value of said resident datum.
- the read commands and the write commands are UDS Unified Diagnostic Services protocol compliant commands.
- the method can also include steps in which:
- the second computer checks whether the description of said main command is complete or not after receipt of said write command
- the second computer sends to the first computer one or more auxiliary commands to respond to the main command only if the description of said main command is complete;
- the second computer stores an alarm in the second dedicated zone if the description of said main control is not correct.
- Figure 1 shows schematically an on-board vehicle system on which the invention is implemented
- FIG. 2 schematically shows command frames with which the invention is implemented;
- FIG. 3 shows process steps according to the invention for processing a main read command;
- Figure 4 shows the steps of a first method according to the invention for processing a main installation command
- Figure 5 shows steps of a second part of the method according to the invention for processing a main installation command
- FIG. 6 shows the steps of a third and final part of the method according to the invention for processing a main installation command.
- FIG. 1 shows two computers 9, 10 connected to an onboard bus 1 in a vehicle, and three computers 12, 13, 14 connected to an onboard bus 2 in the vehicle.
- the computer 9 is for example an on-board computer dedicated to IVC (In Vehicle Communication) type telecommunications.
- the computer 10 is for example an on-board computer of the IVI (In Vehicle Infotainment) type, the computer processing capacities of which are comparable to those of a microcomputer.
- Other onboard computers, not shown, can be connected to onboard bus 1.
- the computers 12, 13, 14 connected to the on-board bus 2 are preferably on-board vehicle control and command computers of the ECU (Electronic Control Unit) type.
- a computer 11 connected to the on-board bus 1 and to the on-board bus 2, performs gateway functions between the two on-board buses.
- FIG. 3 shows dialogue process steps in which the computer 10 processes a main command which is a command for reading a datum resident in one of the computers 12, 13, 14, for example in the computer 12.
- This type of This command is useful, for example, for reading a digital component reference, or a version number of the digital component in the computer 12, for example with a view to deciding whether or not an update of the digital component is necessary.
- the digital component can concern so much an executable program, a database or any other digital structure such as for example a source program or a table of parameters.
- the computer 10 initially in a standby step 100, goes to a step 102 when a read request submitted by a higher order method, for example a method for updating the computer 12, validates a transition 101.
- the read request may contain a computer identifier from among the computers 12, 13, 14 connected to the on-board bus 2, in this case the identifier of the computer 12.
- the computer identifier may consist of an address of computer conforming to the communication protocol of bus 2, of CAN (Controller Area Network), Flex Ray or TTP type also known in aeronautics, automotive Ethernet or other fields.
- the computer identifier can also consist of an ASCII character string which names the computer in its functional universe, for example “BCM” (Body Control Module for cash register control module), “HEVC” (Hybrid Electric Vehicle Controller for Hybrid Electric Vehicle Controller), “VDC” (acronym for Vehicle Dynamic Control) or other.
- An ASCII character string has the advantage of being able to designate a computer independently of an on-board system architecture. Another advantage of an ASCII character string is that it is a mnemonic device that is more easily understood by humans.
- the read request may contain a data identifier 63 in the identified computer.
- step 102 the computer 10 constructs a description of the main command from the request which validated the transition 101, then generates a write command of the description of the main command in a first dedicated data area 61, resident in computer memory 1 1.
- FIG. 2 shows an example of a write command which includes a frame 21.
- the frame 21 comprises a field 31 identifying the command generated as a write command, a field 32 identifying the first dedicated zone 61, and at least one field 33, 34, 35 to contain the description 27 of the main command.
- the type of main command is for example identified by two letters in ASCII code.
- the first letter identifies a main command class, "E” for “execute”, “R” for read, or “W” for write.
- the second letter in combination with the first identifies an action within the main command class, “EA” for “Perform an Activation”, “ED” for “Perform a Download”, “El” for “Perform an Installation” , “EC” for "Execute a Delete", “ER” for “Execute a Reset”, “RD” for "Read Data", “RX” for “Read Extended Data”, “WD” to write data.
- Field 34 which makes up the description 27, gives an on-board computer identifier, in particular as indicated in the request.
- Field 35, which makes up description 27, contains parameters useful for executing the command.
- the parameters are identifiers of digital components to be installed, respectively to be activated.
- the description 27 of the main control comprises a field 33 giving the type of the main control “RD”, a field 34 for identifying the computer connected to the bus 2, for example the functional name of the computer 12, and a parameter field 35, containing as a parameter useful to the computer 11 to participate in the processing of the main command, a data identifier to be read.
- the use of a write command conforming to the UDS protocol for unified diagnostic services has the advantage of benefiting from the mechanism generally preinstalled in a majority of on-board computers in the automotive world, in particular for performing diagnostic functions. , without having to modify the lower communication layers to implement the dialogue method according to the invention.
- the field 31 then contains the SID (Service Identifier for service identifier in English) $ 2E which is the known hexadecimal code of a writing of data by identifier DID.
- a transition 103 from step 102 to step 104 is validated when the computer 11 is detected ready to respond to the write command supported by the frame 21.
- the computer 11 performs a gateway function for another instance of the dialogue method according to the invention, or a gateway function for a command generated by another method such as for example a diagnostic method, the computer remains on standby on step 102.
- the computer 10 does not unnecessarily encumber the bus 1 with attempted transmission of commands which would have no effect due to the occupation of the computer 11 by other functions.
- the momentary putting on hold of the dialogue method on step 102 allows the execution of the diagnostic command without having to interrupt the diagnostic process.
- the computer 11 which declares itself ready or not to process the commands issued within the framework of the dialogue method according to the invention.
- the computer 11 periodically transmits on the bus 1, a signal comprising two states, ready, occupied or not ready.
- the computer 11 sets the signal to the ready state by default. As soon as the computer 1 1 receives a command, whether it be from the dialogue method according to the invention or from any other method such as for example from the diagnostic method, the computer 1 1 positions the signal in the occupied state until it has finished processing the current order.
- step 104 the computer 11 having been detected ready to respond to the write command, the computer 10 issues the write command to the computer 11.
- the computer 10 can encapsulate the frame 21 in a CAN frame on the bus 1, or in another way, for example encapsulate the frame 21 in a frame over IP if the Ethernet protocol for vehicles is used. on bus 1.
- FIG. 2 gives an example of an auxiliary command which comprises a frame 25 comprising a field 48 for identifying the command of reading and a field 49 for identifying the data resident in the computer 12. More particularly, the use of a read command conforming to the UDS protocol for unified diagnostic services has the advantages mentioned above.
- the field 48 then contains the SID $ 22 which is the known hexadecimal code for reading data by DID identifier.
- Field 49 contains the DID identifier of data area 63 of computer 12 which was indicated in field 35 of frame 21.
- the 1 1 1 transition can make the process go directly from the initial step 1 10 to the 1 14 step.
- the 1 1 1 transition takes the process from the initial step 1 10 to a step intermediate 1 12.
- step 1 12 the computer 1 1 checks whether the main control description 27 is complete or not, with regard to pre-established safety rules which are not the subject of the present invention. In the case where step 1 12 is implemented, a transition 1 13 is validated if the main control description 27 is verified to be intact, or a transition 1 17 is validated if the main control description 27 is verified not to be intact. Step 1 14 is then activated after validation of transition 1 13.
- step 1 14 the computer 1 1 positions the periodic signal in the occupied state, in other words after validation of the transition 1 1 1 by receiving the command writing from the computer 10.
- the computer 11 responds to the write command by sending an acknowledgment of receipt or acknowledgment.
- the computer 1 1 sends a frame 22 of which a first field 37 contains the SID code of value $ 6E, and of which a second field 38 contains the value of field 32 of the frame 21 to allow the computer 10 to recognize the write command sent to which the received acknowledgment corresponds.
- the field 38 constitutes an identifier field of the first dedicated zone 61.
- computer 10 waits for the signal positioned in the ready state.
- the computer 12 initially in a standby step 120 of the dialogue method according to the invention, validates a transition 121 when it receives the auxiliary command materialized by the frame 25 sent by the computer 11 on the onboard bus 2.
- a validation of the transition 121 activates a step 122 in which the computer 12 sends a response to the auxiliary command received.
- the response sent to the computer 11 comprises a frame 26 which comprises a response identification field 50, here at the read command, a field 51 for identifying said resident datum, and a field 52 containing a value of the resident data item 63 identified by the field 51, as illustrated in FIG. 2.
- field 50 then contains the SID $ 62 which is the known hexadecimal code of a response to read data by DID identifier.
- Field 51 contains the DID identifier of data area 63 of computer 12 which was indicated in field 49 of frame 25. Computer 12 then returns to standby step 120.
- Receipt of the response by the computer 1 1 validates a transition 1 15 which switches the dialogue method from step 1 14 to a step 1 16 in which the computer 1 1 generates a response description 28 to the main control which here is a command to read the resident data 63 in the computer 12.
- the response description 28 comprises fields 43, 44, 45 which each respectively contain the values of the fields 33, 34, 35 of the command description 27 to identify that the response description is the one that corresponds to the main command description.
- the response description 28 also includes a field 47 which contains the value contained in the field 52 of the frame 26.
- the computer 1 1 stores the response description 28 in a second dedicated data area 62, resident in the memory of the computer 1 1 . In step 1 16, the computer 11 then positions the periodic signal in the ready state.
- a transition 107 is validated when the computer 10 detects that the computer 11 is ready to respond.
- the transition 107 is enabled by the reception of the periodic signal in the ready state.
- a validation of the transition 107 activates a step 108 in the computer 10.
- step 108 the computer 11 having been detected ready to respond to a read command, the computer 10 issues a read command of the second dedicated zone 62, to computer 1 1.
- the read command is for example materialized by a frame 23 as shown in FIG. 2.
- the frame 23 comprises a command identification field 39 as a read command, and an identifier field 40 of the second dedicated zone 62. of data.
- the field 39 contains the value $ 22 which identifies a read command
- the field 40 contains a value of DID which is the address of the dedicated zone 62 of data in memory. of calculator 1 1.
- a transition 1 19 is validated when the computer 1 1 receives the read command materialized by the frame 23.
- a validation of the transition 1 19 activates a step 124 in which the computer 11 sends a response to the computer 10.
- the response to the read command received comprises a frame 24 which includes a field 41 of the command response identifier. reading, and an identifier field 42 of the second dedicated zone 62, so as to be able to verify that the frame 24 constitutes the response to the read command materialized by the frame 23.
- the frame 24 subsequently contains the description 28 which comprises the fields 43, 44, 45 each containing a value equal respectively to that contained in each fields 33, 34, 35 to recall the description of the main command.
- Description 28 also includes field 47 which contains the response to the main command.
- the computer 1 1 then returns to the initial step 1 10 of standby with regard to the dialogue process according to the invention.
- a transition 109 is validated when the computer 10 receives the response to the read command, materialized by the frame 24.
- a validation of the transition 109 activates a step 126 in which the computer 10 responds to the main command from the content of the field 47 extracted from the response to the read command from the second dedicated zone of the computer 11 in which the memory is stored. response sent by the computer 12.
- the computer 10 then returns to the initial standby step 100 with regard to the dialogue method according to the invention.
- Update function processing is performed by main control processing in computer 10 at an upper layer level, comparable to diagnostic function processing.
- the computer 11 can process frames linked to diagnostic functions by transferring them directly from bus 1 to bus 2 and vice versa, as a gateway.
- the computer 11 can process frames linked to diagnostic functions by processing them by diagnostic functions resident in the computer 11.
- the computer 1 1 can process frames linked to update functions by update functions resident in the computer 1 1 as it would do for by diagnostic functions resident in the computer 1 1.
- the issuance of read and write commands linked to the processing of the main command from the computer 10 connected to the on-board bus 1 does not require a command received from a remote server to restart an update process as soon as the periodic signal is positioned in the ready state.
- the updating process can be done without requiring a remote connection of the vehicle insofar as the update data has been previously downloaded into the computer 10.
- the main command of the dialogue method when it is to read a data item in one of the computers 12, 13, 14 connected to the bus 2, could more simply be implemented by a simple command to read the data directly to the destination. of that of calculator 12, 13, 14 which hosts the given, for example the computer 12.
- this a priori simpler solution would pose a problem of managing the total duration which would separate the transmission of the simple read command and the reception of the response, a duration which would be the sum of the necessary durations.
- a first duration which separates the write command of the invention and the response to the write command is reduced to the sum of the times necessary for the transmission of the write command from the computer 10 to the computer 11, then to the transmission of the response, generally a simple acknowledgment, from the computer 1 1 to the computer 10.
- a second period which separates the read command of the invention and the response to the read command is reduced to the sum of the times necessary for the transmission of the read command from computer 10 to computer 1 1, then to the transmission of the response from computer 1 1 to computer 10.
- the method is robust with regard to an interruption which would occur during said third duration, for example in the event of the vehicle being switched off from electric ignition.
- the method according to the invention can resume in the step in which it had stopped before the interruption.
- step 1 12 in which the computer 1 1 checks whether the description 27 of the main control is intact or not
- a transition 1 17 is validated when the description 27 of the main control is verified as not integrated .
- a validation of the transition 1 17 activates a step 1 18 in which the computer 1 1 stores an alarm in the second dedicated zone 62 then positions the periodic signal in the ready state.
- the dialogue method according to the invention is applicable to other main commands than the main command for reading a piece of data in a first computer connected to the on-board bus 2, for processing of which the computer 11 sends a single computer to the first computer.
- auxiliary command consisting of a command to read the data, so as to respond to the main command.
- FIG. 4 shows dialogue process steps in which the computer 10 processes a main command which is a command for installing a digital component, for example in the computer 12.
- This type of command is useful, for example for installing one or more digital components.
- the digital component can relate to an executable program, a database or any other digital structure such as for example a source program or a table of configuration parameters.
- the installation request may contain a computer identifier among the computers 12, 13, 14 connected to the onboard bus 2, in this case the identifier of the computer 12.
- the request for installation can contain a file, for example in HTML format with tags identifying blocks of physical memory of the computer 12 in each of which to write a content of the HTML file included between two tags identifying the same block of physical memory 64.
- the memory blocks physical are of the rewritable permanent memory type, for example of the EEPROM type.
- step 202 the computer 10 constructs a description of the main command from the request which validated the transition 201, then generates a write command of the description of the main command in the first dedicated data area 61, resident in computer memory 1 1.
- FIG. 2 shows an example of a write command for which the field 31 of the frame 21 constantly identifies the command generated as a write command, the field 32 constantly identifies the first dedicated area 61.
- the field 33 comprises for example two letters “El” which indicate a main command of the “Execute Installation” type.
- the field 34 identifies, in particular by name the target computer connected to the bus 2 to which the main command applies, for example the computer 1.
- the field 35 contains a parameter whose value identifies a package containing at least one digital component to be installed in the target computer.
- field 31 then contains the SID $ 2E which is the known hexadecimal code for writing data by DID identifier, here corresponding to the dedicated zone 61.
- a transition 203 of passing from step 202 to a step 204 is validated when the computer 11 is detected ready to respond to the write command supported by the frame 21.
- the computer 11 performs a function gateway for another instance of the dialogue method according to the invention, or a gateway function for a command generated by another method such as for example a diagnostic method
- the computer remains on standby in step 202.
- the computer 10 does not unnecessarily encumber the bus 1 with attempts to send a command which would have no effect due to the occupation of the computer 11 by other functions.
- the momentary putting on hold of the dialogue method in step 202 allows the execution of the diagnostic command without having to interrupt the diagnostic method.
- the computer 1 1 sets the signal to the ready state by default. As soon as the computer 1 1 receives a command, whether it be from the dialogue method according to the invention or from any other method such as for example from the diagnostic method, the computer 1 1 positions the signal in the occupied state until it has finished processing the current order.
- step 204 the computer 11 having been detected ready to respond to the write command, the computer 10 issues the write command to the computer 11.
- the computer 10 can encapsulate the frame 21 in a CAN frame on the bus 1, or in another way, for example encapsulate the frame 21 in a frame over IP if the Ethernet protocol for vehicles is used. on bus 1.
- the acknowledgment of proper execution of the write command is materialized by frame 22 in which field 37 contains the value $ 6E and field 38 contains the DID of zone 61.
- a reception of the frame 22 in the computer 10 validates a transition 205 which causes the computer 10 to go from step 204 to a step 206 in which the computer 10 reads the state of the signal periodically transmitted by the computer 11, in waiting to read ready state.
- the periodic signal further comprises an indication of the progress status of the execution of the steps in the computer 11.
- step 21 2 the computer 1 1 positions the periodic signal in the busy state then sends to that of the computers 1 2, 1 3, 1 4 identified in the field 34, for example the calculator 1 2, a succession one or more first auxiliary commands to respond to the main command, from the description 27 of the main command, written in the dedicated data zone 61 of the computer 11.
- the periodic signal further includes an indication of the state of progress
- the computer 11 indicates the state of progress corresponding to step 212.
- each first auxiliary command consists in reading an attribute of the computer 12, the knowledge of which is useful for correctly installing the or digital components.
- a first auxiliary command the example given in FIG. 2 can be used which comprises the frame 25 comprising the read command identification field 48 and the identification field 49 of the data resident in the computer 12, corresponding to the read attribute.
- Reception of the succession of first auxiliary commands in the computer 1 validates a transition 221 which activates a step 222 in which the computer 1 2 sends a response to each first auxiliary command received.
- field 48 contains SID $ 22.
- Each response to a first auxiliary command on the model of frame 26 in figure 2 contains SID $ 62 in field 50, the identification of the attribute in field 51 and the value read of the attribute in field 52.
- a reception in the computer 1 1 of the last response to the succession of first auxiliary commands validates a transition 213 which switches the computer 1 1 from step 212 to a step 214 in which the computer 1 1 transmits to the computer 1 2, a succession of one or more second auxiliary commands to check that the computer 1 2 is not disturbed by a defect liable to harm the installation of the digital component.
- FIG. 2 gives an example of an auxiliary command which comprises a frame 29 comprising an auxiliary command designation field 53, a target identification field 54 in the computer 12, to which the auxiliary command relates, and incidentally which includes or does not include a control extension field 55.
- the target is in particular a fault code.
- Receipt of the succession of second auxiliary commands in the computer 1 validates a transition 223 which activates a step 224 in which the computer 1 2 sends a response to each second auxiliary command received.
- field 53 contains the SID $ 29 which designates a reading of DTC information (acronym for "Diagnostic Trouble Codes” for "Diagnostic Trouble Codes” in English).
- Field 54 contains a fault identification code of generally five alphanumeric characters.
- the first character is the letter P to designate a powertrain of the vehicle (for example comprising engine and gearbox), the letter C to designate a chassis of the vehicle, the letter B to designate a body vehicle, the letter U to designate a user network.
- the second character is the number 0 to designate a generic fault, the number 1 to denote a manufacturing defect.
- Each response to a second auxiliary command shown on the model of frame 30 in Figure 2, contains SID $ 59 in field 56, a reminder of the fault code in field 57, and the read value of a fault code status in a field 59, for example in default or out of default.
- the computer 11 When the periodic signal also includes an indication of the progress state, the computer 11 indicates the progress state corresponding to the faulty or non-faulty state contained in field 59.
- a reception in the computer 1 1 of the last response to the succession of second auxiliary commands validates a transition 215 which takes the computer 1 1 from step 214 to a step 216 in which the computer 1 1 transmits to the computer 1 2, a third auxiliary command to start an update session.
- the frame 29 illustrated in Figure 2 It is possible to use the frame 29 illustrated in Figure 2 to materialize the third auxiliary command.
- the target is in particular to complete the operation performed in the computer 12.
- Receipt of the third auxiliary command in the computer 1 validates a transition 225 which activates a step 226 in which the computer 1 2 sends a response to the third auxiliary command received.
- field 53 contains SID $ 10 which designates diagnostic session control. It is recalled that the availability of different services depends on the diagnostic session which is active. For example the session named “Extended Diagnostic Session ”is used to release additional diagnostic functions such as the adjustment of sensors. For example again, the session named “Safety System Diagnostic Session” is used to test all the diagnostic functions critical to safety such as for example to test the airbags. In the absence of a particular diagnostic session, a default session “Default Session” is generally active, in particular in step 120 and maintained until validation of the transition 225.
- Field 54 contains a session identification code which in it occurrence, is specifically dedicated to the installation of one or more digital components in the computer 12, named for example “FOTA”.
- the response to the third auxiliary command contains SID $ 50 in field 56, and a reminder of the session identification code in field 57.
- the computer 11 indicates the progress status corresponding to the opening of the update session.
- Receipt in the computer 1 1 of response to the third auxiliary command validates a transition 217 which causes the computer 1 1 to go from step 216 to a step 218 in which the computer 1 1 sends to the computer 1 2, a fourth auxiliary command to verify the absence of faults in the memory blocks of the computer 1 2, with a view to their use to write updates to digital components therein.
- the target is in particular a memory fault code.
- Receipt of the fourth auxiliary command in the computer 1 validates a transition 227 which activates a step 228 in which the computer 1 2 issues a response to the fourth auxiliary command received.
- field 53 contains SID $ 19 which designates a diagnostic fault read.
- the response to the fourth auxiliary command shown modeled on Frame 30 in Figure 2, contains SID $ 59 in field 56, and a reminder of the fault code in field 57.
- Field 59 contains a value that indicates whether the fault identified by the code contained in field 57, is present or absent.
- the periodic signal further includes a progress state indication, the computer 11 indicates the progress state corresponding to the state of presence or absence of the fault contained in field 59.
- Receipt in the computer 1 1 of response to the last fourth auxiliary command validates a transition 219 which causes the computer 1 1 to go from step 218 to a step 220 in which the computer 1 1 transmits to the computer 1 2, a succession of fifth auxiliary commands to check for an absence of faults in the memory block counters of the computer 1 2, with a view to their use for writing the updates of digital components in the memory blocks.
- the target is in particular a memory counter fault code.
- field 53 contains SID $ 19 which designates a diagnostic fault read.
- the response to every fifth auxiliary command, shown modeled on Frame 30 in Figure 2 contains SID $ 59 in field 56, and a reminder of the fault code in field 57.
- Field 59 contains a value that indicates whether the fault identified by the code contained in field 57 is present or absent.
- the periodic signal further comprises an indication of progress state
- the computer 11 indicates the state of progress corresponding to the state of presence or absence of the fault contained in field 59.
- FIG. 5 shows the steps which follow those of FIG. 4.
- a reception in the computer 1 1 of response to the last fifth auxiliary command validates a transition 251 which makes the computer 1 1 go from step 220 to a step 252 first loop in which the computer 1 1 sends to the computer 1 2, a sixth auxiliary command to read a start address of the first memory block in the memory of the computer 1 2.
- the target is in particular a data reference DID relating to a memory block address register in the computer 12.
- field 53 contains the SID $ 22 which designates a data reading identified by the DID reference of field 54.
- the response to the sixth auxiliary command, illustrated on the model of frame 30 in figure 2 contains SID $ 62 in field 56, and a reminder of the DID reference in field 57.
- Field 59 contains a value which indicates the start address of the first memory block intended to load the first digital component therein .
- Receipt in the computer 1 1 of response to the sixth auxiliary command validates a transition 253 which switches the computer 1 1 from step 252 to a step 254 of the first loop in which the computer 1 1 transmits to destination of the computer 1 2, a seventh auxiliary command to write a reference of the first digital component at the head of the first memory block in the memory of the computer 1 2.
- the target is in particular a data reference DID relating to a digital component naming register in the computer 12.
- field 53 contains the SID $ 2E which designates a data entry identified by the DID reference of field 54.
- the response to the seventh auxiliary command illustrated on the model of the frame 30 in FIG. 2, contains the SID $ 6E in field 56, and a reminder of the DID reference in field 57.
- Field 59 contains a value which indicates an acknowledgment of the write command.
- Receipt in the computer 1 1 of response to the seventh auxiliary command validates a transition 255 which switches the computer 1 1 from step 254 to a step 256 of the first loop in which the computer 1 1 transmits to the computer 1 2, an eighth auxiliary command to request a loading of a digital component into a first memory block of the computer 1 2.
- the target is in particular the address of the first memory block.
- field 53 contains SID $ 34 which designates a request to load from computer 1 1 to computer 12.
- a field 55 contains a size of the digital component to be loaded.
- the response to the eighth auxiliary command, illustrated on the model of frame 30 in Figure 2 contains SID $ 74 in field 56, and a reminder of the memory block address in field 57.
- Field 58 recalls the size digital component to load.
- Field 59 contains a value that indicates a maximum acceptable upload size.
- Receipt in the computer 1 1 of response to the eighth auxiliary command validates a transition 257 which switches the computer 1 1 from step 256 to a step 258 of the first loop in which the computer 1 1 transmits to the computer 1 2, a ninth auxiliary command to transfer the digital component content to the first memory block of the computer 1 2.
- the target is in particular the address of the first memory block.
- field 53 contains SID $ 36 which designates a command to transfer content from digital component in the current physical memory block.
- the transfer is carried out in packets of maximum size. If the content size exceeds the maximum size of a packet. The transfer is repeated until complete transmission of the content.
- the response to the ninth auxiliary command shown modeled on frame 30 in Figure 2, contains SID $ 76 in field 56, and a reminder of the memory block address in field 57.
- Receipt in the computer 1 1 of response to the ninth auxiliary command validates a transition 259 which causes the computer 1 1 to go from step 258 to a step 260 of the first loop in which the computer 1 1 transmits to the computer 1 2, a tenth auxiliary command to exit the transfer.
- Receipt of the tenth auxiliary command in the computer 1 validates a transition 269 which activates a step 270 in which the computer 1 2 sends a response to the tenth auxiliary command received.
- field 53 contains SID $ 37 which designates a command to exit transfer mode.
- the response to the ninth auxiliary command shown modeled on frame 30 in Figure 2, contains SID $ 77 in field 56, and a reminder of the memory block address in field 57.
- Receipt in the computer 1 1 of response to the tenth auxiliary command validates a transition 291 which switches the computer 1 1 from step 260 to a step 292 of the first loop in which the computer 1 1 checks whether there is a next digital component to be loaded into a next memory block.
- the presence of a following digital component validates a transition 293 which loops the method back to a re-execution of steps 252 to 292, each adapted to the next physical memory block in terms of identification, size and memory block address.
- An absence of a digital component requiring a next physical memory block validates a transition 295 which activates a step 296 in which the computer 11 sends to the computer 12, an eleventh auxiliary command to check for an absence of faults in the writing of the memory blocks of the computer 12. It is here again possible to use the frame 29 illustrated in FIG. 2 to materialize the eleventh auxiliary command.
- the target is in particular a memory fault code.
- Receipt of the eleventh auxiliary command in the computer 1 validates a transition 271 which activates a step 272 in which the computer 12 sends a response to the eleventh auxiliary command received.
- field 53 contains SID $ 19 which designates a diagnosed fault read.
- the response to the eleventh auxiliary command shown modeled on Frame 30 in Figure 2, contains SID $ 59 in field 56, and a reminder of the fault code in field 57.
- Field 59 contains a value that indicates whether the fault identified by the code contained in field 57, is present or absent.
- FIG. 6 shows the last steps of the method following those illustrated by FIG. 5.
- a reception in the computer 11 of response to the eleventh auxiliary command validates a transition 297 of the second loop which activates a step 298 in which the computer 1 1 sends to the computer 12, a twelfth auxiliary command to activate a first local program in which the computer 12 checks that the first digital component has been correctly written in the first memory block in the memory of computer 1 2.
- each twelfth auxiliary command is in particular a condenser program reference stored in memory in computer 12.
- Field 55 contains an address of the memory block to be checked.
- the computer 12 sends a response to the twelfth auxiliary command received which contains the calculated condensate.
- the response to the twelfth auxiliary command allows the computer 1 1 to compare the condensate calculated by the computer 1 2 with a condensate held by the computer 1 1 prior to the loading of content into the physical memory block.
- the computer 11 can thus verify that the content of the physical memory block after rewriting, conforms to the content to be loaded into the physical memory block.
- field 53 contains the SID $ 31 which designates a program activation identified by the reference the program reference of field 54.
- Field 59 contains a value which indicates the start address of the first memory block intended to load the first digital component.
- a reception in the computer 1 1 of response to the sixth auxiliary command validates a transition 299 which activates a step 300 in which the calculator 1 1 checks whether there is a next block of physical memory for a next digital component loading.
- a subsequent physical memory block existence validates a transition 301 which loops back to step 298 in which the first block is replaced by the next block and so on until the last physical memory block.
- each DTC fault processed by the computer 12 is stored with its own code in the dedicated memory of the computer 12, called an error memory, which can be read at any time.
- error memory which can be read at any time.
- additional information particularly related to the context of the appearance of the fault, is also stored and readable at any time.
- the response to the thirteenth auxiliary command, illustrated on the model of frame 30 in Figure 2 contains SID $ 59 in field 56, and a callback of the DID reference in field 57.
- Field 59 contains the contents of the memory. of errors.
- Receipt in the computer 11 of a response to the thirteenth auxiliary command validates a transition 305 which activates a step 306 in which the computer 11 issues a fourteenth auxiliary command to the computer 12.
- the fourteenth auxiliary command has the effect of making take it out computer 12 of the session opened in step 216 to return it to the default session.
- the computer 12 only takes into account the commands originating from the computer 1 1 within the framework of the dialogue method described above.
- the computer 12 can take into account both the commands from the computer 1 1 as part of the instance of the dialogue method described above with the lighting of FIGS. 5 and 6, that the commands from the computer 11 in the context of another instance of the dialogue method described above with the lighting of Figure 4, or that the commands received in the context of another method such as for example of a local diagnostic or remote diagnostic method.
- the response to the fourteenth auxiliary command, illustrated on the pattern of frame 30 in Figure 2, contains SID $ 50 in field 56, and a callback of the session identification code in field 57.
- the computer 11 indicates the progress state corresponding to the closure of the update session.
- the computer 1 2 comprises a single activatable bank of rewritable memory and two non-activatable banks of rewritable memory.
- the single activatable bank comprises memory blocks which contain the digital components executed and / or accessed in real time by the on-board computer 1 2 when the vehicle is in operation.
- a first non-activatable bank comprises the memory blocks mentioned above for loading the digital update component (s).
- a second non-activatable bank is used by the second local program, one execution of which consists in copying the contents of the activatable bank into the second non-activatable bank before copying the contents of the first non-activatable bank into the single activatable bank when the operation of the vehicle is stopped, so as to activate the only bank that can be activated with the digital components updated the next time the vehicle is restarted.
- the computer 1 2 comprises two twin activatable banks of rewritable memory.
- a first twin activatable bank comprises memory blocks which contain the digital components executed and / or accessed in real time by the on-board computer 12 when the vehicle is in operation.
- a second twin activatable bank includes the memory blocks discussed above for loading the digital update component (s).
- An execution of the second local program then simply consists of switching a real-time execution boot from the first twin activatable bank to the second twin activatable bank when the operation of the vehicle is stopped, so as to activate the second twin activatable bank with the digital components updated the next time the vehicle is restarted, for which the second bank can be activated twin will play the role of the first twin activatable bank and vice versa.
- auxiliary commands preceding the fifteenth auxiliary command can be carried out while the vehicle is in operation.
- the two embodiments described above have the advantage of requiring only a reduced time to switch the operation of the vehicle to the execution and / or access of the digital components in real time, in other words that 'a reduced period of shutdown of the operation of the vehicle to update the digital components.
- the target entered in field 54 is in particular a switch program reference stored in memory in computer 12. Receipt of the fifteenth auxiliary command in computer 12, validates a transition 279 which activates a step 280 in which the computer 1 2 activates the second local program, in other words the switch program before issuing a response to the fifteenth auxiliary command received which contains an acknowledgment of proper execution of the second local program.
- the computer 11 can thus verify that the computer 12 is ready for any future access and / or execution of up-to-date digital components.
- field 53 contains the SID $ 31 which designates a program activation identified by the reference the program reference of field 54.
- the response to the fifteenth auxiliary command illustrated on the model of frame 30 in figure 2, contains SID $ 62 in field 56.
- a reception in the computer 11 in response to the fifteenth auxiliary command validates a transition 309 which activates a step 310 in which the computer 11 puts the periodic signal in the ready state.
- the periodic signal can also include a degree of progress by phases grouping together several auxiliary controls. For example, the computer 11 positions the degree of progress in step 212 to indicate a phase of checking parameters, in step 252 to indicate an installation phase in progress, and in step 310 to indicate an end of the installation phase .
- Receipt in the computer 10 of the periodic signal in the ready state validates a transition 207 which reactivates the initial step 100 in the computer 10, awaiting a possible other main command.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Small-Scale Networks (AREA)
- Computer And Data Communications (AREA)
- Bus Control (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1906883A FR3097988B1 (fr) | 2019-06-25 | 2019-06-25 | Procédé de dialogue avec un calculateur sur bus embarqué de véhicule. |
PCT/EP2020/065039 WO2020259956A1 (fr) | 2019-06-25 | 2020-05-29 | Procédé de dialogue avec un calculateur sur bus embarqué de véhicule |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3991029A1 true EP3991029A1 (fr) | 2022-05-04 |
Family
ID=67999913
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20733358.4A Pending EP3991029A1 (fr) | 2019-06-25 | 2020-05-29 | Procédé de dialogue avec un calculateur sur bus embarqué de véhicule |
Country Status (7)
Country | Link |
---|---|
US (1) | US20220245085A1 (fr) |
EP (1) | EP3991029A1 (fr) |
JP (1) | JP2022538080A (fr) |
KR (1) | KR20220024905A (fr) |
CN (1) | CN114026537A (fr) |
FR (1) | FR3097988B1 (fr) |
WO (1) | WO2020259956A1 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220242231A1 (en) * | 2021-02-01 | 2022-08-04 | CANshift LLC | Automatic transmission control system utilizing paddle shifters |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW200417852A (en) | 2002-12-19 | 2004-09-16 | Komatsu Mfg Co Ltd | Rewrite control apparatus for onboard program |
WO2013144962A1 (fr) * | 2012-03-29 | 2013-10-03 | Arilou Information Security Technologies Ltd. | Système et procédé de sécurité destinés à protéger un système électronique de véhicule |
DE102012208205A1 (de) * | 2012-05-16 | 2013-11-21 | Bayerische Motoren Werke Aktiengesellschaft | Datenlogging bzw. Stimulation in Automotiven Ethernet Netzwerken unter Verwendung der Fahrzeug-Infrastruktur |
US10140109B2 (en) * | 2014-02-25 | 2018-11-27 | Ford Global Technologies, Llc | Silent in-vehicle software updates |
EP3800092B1 (fr) * | 2014-04-17 | 2023-09-13 | Panasonic Intellectual Property Corporation of America | Système de réseau monté dans un véhicule, unité de commande électronique de détection d'invalidité et procédé de détection d'invalidité |
JP6369332B2 (ja) * | 2015-01-05 | 2018-08-08 | 株式会社オートネットワーク技術研究所 | 車載中継装置 |
JP6281535B2 (ja) * | 2015-07-23 | 2018-02-21 | 株式会社デンソー | 中継装置、ecu、及び、車載システム |
US10157158B2 (en) * | 2017-01-27 | 2018-12-18 | Ford Global Technologies, Llc | Method and apparatus for distributed computing using controller area network protocols |
WO2019069308A1 (fr) * | 2017-10-03 | 2019-04-11 | Argus Cyber Security Ltd. | Système et procédé de validation d'une authenticité de communication dans des réseaux embarqués |
WO2019142180A1 (fr) * | 2018-01-16 | 2019-07-25 | C2A-Sec, Ltd. | Surveillance d'anomalie d'intrusion dans un environnement de véhicule |
-
2019
- 2019-06-25 FR FR1906883A patent/FR3097988B1/fr active Active
-
2020
- 2020-05-29 CN CN202080043378.3A patent/CN114026537A/zh active Pending
- 2020-05-29 JP JP2021576268A patent/JP2022538080A/ja active Pending
- 2020-05-29 US US17/620,470 patent/US20220245085A1/en active Pending
- 2020-05-29 EP EP20733358.4A patent/EP3991029A1/fr active Pending
- 2020-05-29 KR KR1020227002402A patent/KR20220024905A/ko unknown
- 2020-05-29 WO PCT/EP2020/065039 patent/WO2020259956A1/fr unknown
Also Published As
Publication number | Publication date |
---|---|
US20220245085A1 (en) | 2022-08-04 |
FR3097988A1 (fr) | 2021-01-01 |
CN114026537A (zh) | 2022-02-08 |
FR3097988B1 (fr) | 2021-06-04 |
KR20220024905A (ko) | 2022-03-03 |
WO2020259956A1 (fr) | 2020-12-30 |
JP2022538080A (ja) | 2022-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11650807B2 (en) | Self-healing learning system for one or more controllers | |
EP3991029A1 (fr) | Procédé de dialogue avec un calculateur sur bus embarqué de véhicule | |
WO2021023694A1 (fr) | Procédé d'écriture dans une zone de données sécurisée d'un calculateur sur bus embarqué de véhicule | |
EP4217852A1 (fr) | Procédé et dispositif de mise à jour d'un logiciel d'un calculateur embarqué d'un véhicule, comportant une mémoire d'exécution, une mémoire de sauvegarde et une mémoire de contrôle | |
FR3099264A1 (fr) | Procédé et dispositif de mise à jour d’un logiciel d’un calculateur embarqué d’un véhicule, comportant une mémoire d’exécution et une mémoire de sauvegarde | |
FR3099265A1 (fr) | Procédé et dispositif de mise à jour d’un logiciel d’un calculateur embarqué d’un véhicule, comportant une mémoire d’exécution, une mémoire de sauvegarde et une mémoire de contrôle | |
FR3114415A1 (fr) | Procédé et dispositif de mise à jour d’un logiciel d’un calculateur embarqué d’un véhicule, comportant une mémoire d’exécution et une mémoire de sauvegarde |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20211130 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NISSAN MOTOR CO., LTD. Owner name: RENAULT S.A.S |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NISSAN MOTOR CO., LTD. Owner name: AMPERE SAS |