GB2348782A - A fault location system and method - Google Patents

A fault location system and method Download PDF

Info

Publication number
GB2348782A
GB2348782A GB9907667A GB9907667A GB2348782A GB 2348782 A GB2348782 A GB 2348782A GB 9907667 A GB9907667 A GB 9907667A GB 9907667 A GB9907667 A GB 9907667A GB 2348782 A GB2348782 A GB 2348782A
Authority
GB
United Kingdom
Prior art keywords
node
signals
nodes
bus
received
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9907667A
Other versions
GB2348782B (en
GB9907667D0 (en
Inventor
Peter John Miller
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Motorola Solutions UK Ltd
Original Assignee
Motorola Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola Ltd filed Critical Motorola Ltd
Priority to GB9907667A priority Critical patent/GB2348782B/en
Publication of GB9907667D0 publication Critical patent/GB9907667D0/en
Publication of GB2348782A publication Critical patent/GB2348782A/en
Application granted granted Critical
Publication of GB2348782B publication Critical patent/GB2348782B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/42Loop networks
    • H04L12/437Ring fault isolation or reconfiguration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

A fault location method is provided for a distributed microcontroller network having a number of distributed microcontroller nodes 1-4. A bi-directional bus 50 is coupled to each of the nodes via a ring arrangement. Each node is arranged to transmit signals on the bus in clockwise and anticlockwise directions, and to receive signals from the bus from clockwise and anticlockwise directions. In this way, by monitoring the received signals and comparing these with each other and/or with the transmitted signals, each node is able to locate faults occurring in the system. Applications may be in electronic braking systems of vehicles.

Description

A FAULT LOCATION SYSTEM AND METHOD Field of the Invention This invention relates to fault location methods in distributed microcontroller systems, and particularly but not exclusively to fault location methods for such systems when used in safety critical applications.
Background of the Invention Distributed microcontroller systems are used widely in many fields, and increasingly so in automotive electronics applications. One example of this is electronic braking systems, which dispense with mechanical or hydraulic linkages and instead employ a communications bus which exchanges data between a driver operated actuator (brake pedal) and brake actuators attached to vehicle wheels. These actuators each have a microcontroller arranged to send and receive messages on the bus, for controlling the braking function of the vehicle.
It is important in a safety critical application such as the so-called'brake-by-wire'system mentioned above, that the system is tolerant to faults, and any faulty microcontrollers or compromised portions of the communications bus are identified and dealt with accordingly so that at least partial functionality of the system may be preserved.
A number of fault tolerant methods are known. For example, duplicate busses may be employed which can continue to convey signals in the event of a partial bus failure.
Similarly duplicate (redundant) microcontrollers may be provided which monitor and cross-check with the (primary) microcontrollers in order to detect faults and take over if necessary.
These methods provide some degree of fault detection and fault tolerance, but with a significant overhead in terms of cost (for duplicate and redundant hardware) and complexity.
This invention seeks to provide a fault detection system and method which mitigates the above mentioned disadvantages.
Summary of the Invention According to a first aspect of the present invention there is provided a fault location system for a distributed microcontroller network, comprising: a plurality of distributed microcontroller nodes; and, a bi-directional bus coupled to each of the plurality of nodes via a ring arrangement; wherein each node is arranged to transmit signals to the bus in a first and a second direction, and to receive signals from the bus in the first and second directions, wherein by monitoring the received signals each of the plurality of nodes is able to locate faults occurring in the system.
According to a second aspect of the present invention there is provided a fault location method for a node of a distributed microcontroller network having a plurality of distributed microcontroller nodes and a bi-directional bus coupled to each of the plurality of nodes via a ring arrangement, the method comprising the steps of : transmitting signals to the bus in a first and a second direction; and, receiving signals from the bus in the first and second directions, wherein by monitoring the received signals the node is able to locate faults occurring in the system.
Preferably the location of faults are detected by comparison of the transmitted signals with the received signals. The locations of faults are preferably detected by comparison of signals transmitted and received in the first direction with signals transmitted and received in the second direction.
Preferably the faults include failure in the functionality in the microcontroller nodes. The faults further preferably include discontinuities in the integrity of the bi-directional bus.
In this way a fault location system and method are provided which are relatively simple and inexpensive, and which are able to locate faults in the network.
Brief Description of the Drawing An exemplary embodiment of the invention will now be described with reference to the single figure drawing which shows a preferred embodiment of a fault detection system in accordance with the invention.
Detailed Description of a Preferred Embodiment Referring to the single figure drawing, there is shown a fault detection system incorporated in a distributed microcontroller network 5, which may be a vehicle system such as a brake control system. The network 5 has a number of nodes (four nodes are shown, reference numbers 10-40) which are connected together via a bi-directional bus 50. The bus 50 is arranged as a ring or loop. In the example of a brake control system, the nodes are located at brake actuators (near the wheels) of the vehicle, with one node located at a foot pedal.
Each node of the network 5 is only connected to 2 other nodes. For example, the node 40 is connected to the node 10 (clockwise around the bus 50), and to the node 30 (anticlockwise around the bus), but not directly to node 20. This connection arrangement is much more practical than an arrangement where all nodes are interconnected (a star arrangement or similar).
In operation, taking the functions at node 10 as a starting point, node 10 is arranged to transmit signals to the bus in a first direction (clockwise) and in a second direction (anticlockwise). Each node is arranged to re-transmit any received signals around the bus 50, (without changing direction of the signals) unless it transmitted the signal in the first place. Therefore the node 10 transmits a signal in a clockwise direction, which is retransmitted by the nodes 20,30 and 40 in that order, until it is received back by node 10, whereupon it is not re-transmitted. Similarly the node 10 transmits a signal in an anticlockwise direction, which is re-transmitted by the nodes 40,30 and 20 in that order, until it is received back by node 10, whereupon it is not re-transmitted.
By comparing whether or not the signals transmitted by the node 10 in the two directions are received again by the node 10, it is possible to detect whether any discontinuities exist in either direction on the bus. Furthermore by monitoring signals transmitted from the other nodes it is possible to detect the location of a fault, arising from either node or bus failure, in a manner to be fully described below.
Similarly, by comparing the content of all the signals received at the node 10, it is possible to detect whether any of the other nodes are operating in a faulty manner. This is done by comparing the content of the signal which node 10 transmits with the content of the signal it receives, in both directions, and by comparing the content of the signals transmitted by the other nodes in both directions. This is also more fully described below.
The following table shows a number of fault conditions, and the nature of the signals received in both directions which indicate these fault conditions.
Condition Direction Replies From 10,20,30,40 All nodes OK Clockwise (10-20-30-40) G G G G Anticlockwise 40-30-20-10 G G G G Node 20 faulty Clockwise FFGG Anticlockwise F F F F Node 30 faulty Clockwise FFFG Anticlockwise G G F F Node 40 faulty Clockwise FFFF Anticlockwise G G G F Node 20 lying Clockwise LLGG Anticlockwise L L L L Node 30 lying Clockwise LLLG Anticlockwise L G L L Node 40 lying Clockwise LLLL Anticlockwise L G G L In the above table, a faulty node is defined as a node which is not responding, or which may be responding but has an associated bus error (such as a broken wire). A lying node is defined as a node which is responding, and has no associated bus errors, but which is providing incorrect data indicating an internal (non-fatal) error in the node.
For the received signals, the letter G indicates a good signal, i. e. a signal which is received and which is correct (it matches what was transmitted). The letter F indicates a signal which is not received at all, and the letter L indicates a signal which is received but which does not match what was transmitted.
From the above table, it can be seen that if all replies are'G', then all the nodes are operating correctly and there are no errors. If at least one of the replies is an'F', then by assessing the combination of'F'and'G'replies it is possible to determine which of the nodes is faulty.
For example, if the replies received by the node 10 in a clockwise direction (from node 40) are all'F', and the replies received by the node 10 in an anticlockwise direction (from node 20) are'G G G F', this indicates that nodes 20 and 30 are operating normally, since signals have been received (anticlockwise) from them. However, as no signals have been received in either direction from node 40, this indicates that node 40 is faulty.
A similar approach is used to establish whether any of the nodes are'lying'. If any of the replies are'L'then at least one of the nodes must be lying. However, it is not sufficient to assume that each'L'indicates a lying node, as signal errors propagate around the bus 50. Instead, the node 10 is arranged to compare the signals received in the two directions.
There will be a set of matching signals in addition to the two'L's relating to node 10.
For example, from the above table it is shown that if the replies are'L L L G'and'L G L L'in clockwise and anticlockwise directions respectively are received, the node with matching signals in the two directions is node 30 (both'L'). This shows that node 30 is lying.
Using the results as above, the node 10 (and each of the other nodes in the system) is able to keep track of the state of the other nodes, and to communicate correctly to the functioning nodes of the system.
If combinations of results other than those provided in the above table are received, this may indicate multiple faults, multiple lying nodes or broken portions of the bus 50, depending on the combination. It should be possible to detect the location of a broken portion of the bus 50 in the same way as a node failure is detected. For example, if'G G G G'is received in the clockwise direction and'F F F F'is received in the anticlockwise direction, then this indicates a bus failure between nodes 20 and 10 (anticlockwise direction).
It may not be possible to detect the location of multiple faults or multiple lying nodes in this way, but it is possible to detect that multiple faults or lying nodes are present.
In general the above system and method have many potential applications. For example, each node may be arranged to perform a calculation based on inputs from the other nodes.
In such an arrangement inputs are sent from each node to each of the other nodes, and each node performs the calculation based on the received inputs. Using the embodiment disclosed above, the nodes are able to determine which inputs can be trusted and which should not be used in the calculation.
It will be appreciated that alternative embodiments to the one described above are possible. For example the number of nodes may be three or more than four.
Furthermore the protocol used may differ from that described above.

Claims (8)

  1. Claims 1. A fault location system for a distributed microcontroller network, comprising: a plurality of distributed microcontroller nodes; and, a bi-directional bus coupled to each of the plurality of nodes via a ring arrangement ; wherein each node is arranged to transmit signals to the bus in a first and a second direction, and to receive signals from the bus in the first and second directions, wherein by monitoring the received signals each of the plurality of nodes is able to locate faults occurring in the system.
  2. 2. A fault location method for a node of a distributed microcontroller network having a plurality of distributed microcontroller nodes and a bi-directional bus coupled to each of the plurality of nodes via a ring arrangement, the method comprising the steps of : transmitting signals to the bus in a first and a second direction; and, receiving signals from the bus in the first and second directions, wherein by monitoring the received signals the node is able to locate faults occurring in the system.
  3. 3. The system of claim 1 or method of claim 2 wherein the location of faults are detected by comparison of the transmitted signals with the received signals.
  4. 4. The system or method of any preceding claim wherein the locations of faults are detected by comparison of signals transmitted and received in the first direction with signals transmitted and received in the second direction.
  5. 5. The system or method of any preceding claim wherein the faults include failure in the functionality in the microcontroller nodes.
  6. 6. The system or method of any preceding claim wherein the faults include discontinuities in the integrity of the bi-directional bus.
  7. 7. A system substantially as hereinbefore described and with reference to the single figure drawing.
  8. 8. A method substantially as hereinbefore described and with reference to the single figure drawing.
GB9907667A 1999-04-06 1999-04-06 A fault location system and method Expired - Fee Related GB2348782B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB9907667A GB2348782B (en) 1999-04-06 1999-04-06 A fault location system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9907667A GB2348782B (en) 1999-04-06 1999-04-06 A fault location system and method

Publications (3)

Publication Number Publication Date
GB9907667D0 GB9907667D0 (en) 1999-05-26
GB2348782A true GB2348782A (en) 2000-10-11
GB2348782B GB2348782B (en) 2004-03-17

Family

ID=10850917

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9907667A Expired - Fee Related GB2348782B (en) 1999-04-06 1999-04-06 A fault location system and method

Country Status (1)

Country Link
GB (1) GB2348782B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2377024A (en) * 2001-06-29 2002-12-31 Motorola Inc Fault tolerant measurment data outputting system
WO2006108527A1 (en) * 2005-04-11 2006-10-19 Beckhoff Automation Gmbh User master unit communication system and method for operation thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2133952A (en) * 1982-12-22 1984-08-01 Int Standard Electric Corp Multiple-ring communication system
US4538264A (en) * 1983-02-14 1985-08-27 Prime Computer, Inc. Self-repairing ring communications network
US4542496A (en) * 1982-08-30 1985-09-17 Fujitsu Limited Loop transmission system and method of controlling the loop-back condition thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4542496A (en) * 1982-08-30 1985-09-17 Fujitsu Limited Loop transmission system and method of controlling the loop-back condition thereof
GB2133952A (en) * 1982-12-22 1984-08-01 Int Standard Electric Corp Multiple-ring communication system
US4538264A (en) * 1983-02-14 1985-08-27 Prime Computer, Inc. Self-repairing ring communications network

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2377024A (en) * 2001-06-29 2002-12-31 Motorola Inc Fault tolerant measurment data outputting system
EP1271854A2 (en) * 2001-06-29 2003-01-02 Motorola, Inc. Fault tolerant voting system and method
EP1271854A3 (en) * 2001-06-29 2004-05-19 Motorola, Inc. Fault tolerant voting system and method
WO2006108527A1 (en) * 2005-04-11 2006-10-19 Beckhoff Automation Gmbh User master unit communication system and method for operation thereof
US8055826B2 (en) 2005-04-11 2011-11-08 Beckhoff Automation Gmbh Communication system and method for operation thereof

Also Published As

Publication number Publication date
GB2348782B (en) 2004-03-17
GB9907667D0 (en) 1999-05-26

Similar Documents

Publication Publication Date Title
US7474015B2 (en) Method and supply line structure for transmitting data between electrical automotive components
US6540309B1 (en) Fault tolerant electronic braking system
US6918064B2 (en) Method and device for monitoring control units
US8600583B2 (en) Distributed flight control system
CN100382474C (en) Method and system of safety-oriented data transfer
JP4195272B2 (en) Method for recognizing error in data transmission inside CAN-controller, CAN-controller, program, recording medium, and control device
US6704628B1 (en) Method for detecting errors of microprocessors in control devices of an automobile
US20140376561A1 (en) Method for Operating a Communication Network, and Network Arrangement
AU2004200226A1 (en) Fault tolerant computer controlled system
JP2010254298A (en) Electrically-controlled brake system
KR102533939B1 (en) vehicle control system
CN113015666A (en) Control architecture for a vehicle
US6934874B2 (en) Method and apparatus for ensuring integrity of transmitted data in a distributed control system
US20030184158A1 (en) Method for operating a distributed safety-relevant system
GB2348782A (en) A fault location system and method
CN110239575B (en) Logic control equipment and system based on two-by-two-out-of-two
US6725419B1 (en) Automation system and method for operating an automation system
JP4125233B2 (en) Method for communicating notification information between bus participants
GB2345153A (en) Fault-tolerant microcontroller arrangement, eg for a vehicle braking system
EP1271854A2 (en) Fault tolerant voting system and method
EP1276637B1 (en) Fault-tolerant system
GB2357594A (en) Fault tolerant suspension system and fault tolerant steering system
JPH04305748A (en) Highly reliable bus
JP2771385B2 (en) Data transmission equipment
CN118318418A (en) Auxiliary control unit for a vehicle having a main control unit and a data transmission path

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20050406