JP2004348274A - Diagnostic device for communication failure - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enhance the reliability of a diagnosis by appropriately determining continuing errors for reliable detection of failure without being affected by a recovery function which tries to recover to a normal state when an error status in which sending and receiving is inhibited is started. <P>SOLUTION: The state of a CAN communication bus is monitored to see if either of the error states, error warning, error passive, or bus off, has been detected (S2). If any of the error states has been detected, a temporary failure determining flag is set to actuate a continued failure determining timer (S3). After a failure determining time has elapsed without an error-active state being detected twice in succession, a failure confirming flag showing the confirmation of failure is set (S4-S7) and a "limp-home" function is started. This avoids the influence of the recovery function of a CAN while preventing diagnostic errors due to short periods of communication errors caused by disturbance or the like, and enhancing the reliability of a diagnosis. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a communication failure diagnosing device in a communication device having a recovery function that attempts to return to a normal state when transiting to an error status in which transmission / reception is prohibited.
[0002]
[Prior art]
In recent years, in vehicles such as automobiles, a plurality of electronic control units are mounted, and various controls such as an engine, a transmission, a suspension, and an air conditioner are shared by each unit, and the plurality of units are connected by a multiplex communication bus. Thus, an in-vehicle network is configured to exchange control data, control commands, and the like, thereby improving the total controllability.
[0003]
In general, such an in-vehicle network is often configured using a CAN (Controller Area Network) having an excellent error management function. According to this CAN protocol, an error for counting errors during transmission and reception is often used. According to the value of the counter, basically, there are three error statuses (error status): a status in which communication is normal (error active status), a status in which communication is difficult (error passive status), and a status in which communication is disabled (bus off status). Is defined, and the error active state and the error passive state reversibly transition according to the increase and decrease of the error counter value, and when the state transits to the bus off state, transmission / reception on the communication bus is prohibited.
[0004]
Therefore, the failure of the communication system can be determined by monitoring the bus off state. However, in the case of a failure such as disconnection of the communication line, the error passive value is maintained without increasing the error counter value. Failure monitoring is not sufficient if only the status is monitored. For this reason, Japanese Patent Application Laid-Open No. 2001-78535 discloses a related control using CAN communication data when an error passive state is determined to be a failure when control data is mutually transferred between a plurality of CAN controllers mounted on an agricultural work machine. Is stopped, and when returning to the error active state, a technique for restarting the stopped related control is disclosed.
[0005]
[Patent Document 1]
JP 2001-78535 A
[Problems to be solved by the invention]
However, in order to improve the reliability of diagnosis, it is necessary to determine the time during which a communication error continues so that a short-time communication error due to disturbance or the like is not determined to be a vehicle failure. As described above, if it is determined that there is no communication abnormality at the time of returning to the error active state and the control is restarted, it is not possible to cope with the case where the abnormality continues.
[0007]
Further, the CAN communication protocol has a recovery function of clearing the error counter value to "0" once and returning to the error active state when a predetermined number of consecutive bits are counted a set number of times after the bus is turned off. Therefore, even if the bus is turned off once, the recovery function comes in a short cycle and attempts to communicate again.
[0008]
Therefore, as shown in the time chart of FIG. 5, a time (failure determination time) for determining the time during which the abnormality continues is set, and when the bus off state of the CAN communication bus is detected, the abnormality continuation time is measured. Even if the timer for judging the failure (continuous failure judgment timer) is started, the recovery function returns to the error active state in a cycle shorter than the set failure judgment time. When the active state is detected, the continuous failure determination timer is cleared. Therefore, the abnormality is actually continuously occurring, and a flag (failure confirmation flag) indicating failure confirmation cannot be set even after the set failure determination time. In other words, depending on the timing of the occurrence of the abnormality, the time until the failure is actually determined varies, and the reliability of the diagnosis is reduced.
[0009]
The present invention has been made in view of the above circumstances, without being affected by a recovery function that attempts to return to a normal state when transiting to an error status in which transmission and reception are prohibited, appropriately determining a continuing abnormality. It is an object of the present invention to provide a communication failure diagnosis device capable of reliably detecting a failure and improving the reliability of diagnosis.
[0010]
[Means for Solving the Problems]
In order to achieve the above object, in the first communication failure diagnosis device according to the present invention, an error status transits according to an error occurrence state during transmission / reception via a communication bus, and transits to an error status where transmission / reception is prohibited. When a communication failure diagnostic device that performs a failure diagnosis of a communication device having a recovery function that attempts to return to a normal state, when the error status has transitioned from a normal state to an abnormal state, it is determined that a temporary failure, Means for counting the duration of the temporary failure; and determining that the communication status has transitioned to the normal state before the duration of the temporary failure reaches the set time, and determining that the communication failure has not been detected continuously. And means for performing the operation.
[0011]
The second communication failure diagnosis device according to the present invention is configured such that when an error status changes according to an error occurrence situation during transmission / reception via a CAN communication bus and the error status changes to a bus off state in which transmission / reception is prohibited, A communication failure diagnostic device for performing failure diagnosis of a CAN communication device having a recovery function that attempts to return to an error active state. When the error status changes to a state other than the error active state, it is determined that a temporary failure has occurred. Means for measuring the duration of the temporary failure, and determining that the communication status has transitioned to the error active state before the duration of the temporary failure reaches the set time, when the set number of times cannot be detected continuously, a communication failure is determined. And means for performing the operation.
[0012]
When the second communication failure diagnosis device is applied to a network in a vehicle in which a plurality of CAN communication devices are connected via a CAN communication bus, when it is determined that a communication failure has occurred at any node on the network. It is desirable to instruct execution of limp home control.
[0013]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings. 1 to 4 relate to an embodiment of the present invention, FIG. 1 is an explanatory diagram showing a configuration example of an in-vehicle LAN, FIG. 2 is a block diagram showing a main part configuration in each unit connected to the in-vehicle LAN, FIG. 3 is a flowchart of the CAN communication diagnosis process, and FIG. 4 is a time chart of the CAN communication diagnosis.
[0014]
FIG. 1 shows a configuration example of an in-vehicle LAN in which a plurality of nodes such as a plurality of electronic control units and intelligent sensors and actuators mounted on the vehicle are connected to each other via a multiplex communication bus in a vehicle such as an automobile. This in-vehicle LAN employs a CAN communication bus, which is a two-wire serial communication bus, as a multiplex communication bus. A high-speed traveling communication network NH and a low-speed body communication network NL are connected via a body integration unit C1. Connected.
[0015]
The traveling system communication network NH includes a plurality of units that share a control function for an engine, a transmission, a brake, a suspension, and the like and a traveling state sensing function, that is, the engine unit C2, the AT unit C3, the traveling system units C4 and C6, and the traveling system. The sensor unit C5 and the like are connected via a CAN communication bus 1H. The body communication network NL is configured such that body units C7 to C11 that share control functions for body equipment such as an air conditioner, a power window, a power steering, various meters, a dashboard, and a keyless entry are connected via a CAN communication bus 1L. Connected and configured.
[0016]
The traveling communication network NH and the body communication network NL having different communication speeds are interconnected via a body integration unit C1 serving as a gateway, and data can be transmitted and received between all nodes. In FIG. 1, the vehicle units C12 and C13 are connected to the vehicle units C7 and C9 via dedicated communication buses 2 and 3, respectively.
[0017]
Each of the units Cn (n = 1, 2,...) Connected to the in-vehicle LAN is configured using a microcomputer, and each has a function as a controller for a control target and a function as a controller for CAN communication. have. As shown in FIG. 2, each unit includes a ROM 101, a RAM 102, a clock generator 103, a timer 104, an A / D converter 105, a D / A converter 106, and the like, for a CPU 100 that executes various arithmetic processes and controls. A CAN controller 107 and a CAN driver 108 are provided in addition to the configuration of a general microcomputer provided.
[0018]
The ROM 101 stores a control program, a failure diagnosis program, fixed data such as control constants and maps, and the RAM 102 temporarily stores data such as various input data and work data. Has a plurality of reception slots 102a and transmission slots 102b for CAN communication in addition to a normal processing area. When transmitting a message from its own unit at a predetermined timing, the transmission slot 102b writes and stores the message in advance, and the reception slot 102a stores a message returned from another unit.
[0019]
The CAN controller 107 is a part that controls communication according to a CAN communication protocol, and includes a control register for setting an interrupt mask and transmission / reception, a status register indicating various error conditions and a system state, and an error counter for managing an error state. (A transmission error counter TEC and a reception error counter REC). The CAN driver 108 is for transmitting and receiving messages via a CAN communication bus 1H (1L) composed of two lines of CAN_High and CAN_Low.
[0020]
As is well known, a CAN communication message includes a data frame for data transmission including an identifier for determining the priority of the message and identifying the destination and content of the message, a remote frame of a transmission request, and a communication error detection. There are four types of error frames at the time of reception, and overload frames that are output when the reception side is not ready for reception, and errors are checked for each frame.
[0021]
This error check is executed independently at the time of transmission and at the time of reception. Each time an error is detected, the counter value of an error counter (transmission error counter TEC, reception error counter REC) is incremented. The counter value is decremented. The value of the error counter is reflected in the status register, and the error status of CAN communication changes as described below.
[0022]
(1) Error Active State The values of the transmission error counter TEC and the reception error counter are both 0 to 127, indicating that communication can be performed normally.
[0023]
(2) Error passive state (error warning state)
The value of the transmission error counter TEC or the reception error counter REC is 128 to 255, indicating that the error frequency is high. Note that, depending on the CAN protocol, a state in which the value of the transmission error counter TEC or the reception error counter REC is 96 to 255 may be adopted as the error warning state instead of the error passive state.
[0024]
(3) Bus Off State This is a state where the value of the transmission error counter TEC has become 256 or more, and transmission / reception on the bus is prohibited.
[0025]
In this case, the error active state and the error passive state can transition with each other in accordance with the vertical fluctuation of the error counter value. However, a failure such as a short circuit between CAN_High and CAN_Low, which leads to a bus-off state, occurs. In this case, communication becomes impossible. However, in the CAN protocol, when a predetermined number of consecutive bits are detected on the CAN communication bus for a set number of times (for example, 11 recessive bits are 128 times), the error counter is once cleared to “0” and the state returns to the error active state. Has a recovery function.
[0026]
For this reason, the CPU 100 of each unit monitors the transition of the error status of the CAN communication, and when transitioning from a normal state (error active) to an abnormal state (error warning, error passive, bus off), it is determined that a temporary failure has occurred and a flag is determined. Is set, and the continuation time in which the temporary failure flag is set is counted. Then, before the duration of the temporary failure reaches the set failure determination time, when it is not possible to continuously detect that the transition to the error active state has been performed the set number of times, it is determined that the communication has failed, thereby avoiding erroneous diagnosis. Failures are reliably detected, and diagnostic reliability is improved.
[0027]
Hereinafter, the CAN communication diagnosis processing executed by the CPU 100 of each unit will be described with reference to the flowchart shown in FIG.
[0028]
In the CAN communication diagnosis process, when the CAN controller 107 starts CAN communication, first, in step S1, it is checked whether or not a diagnosis execution condition according to the vehicle state is satisfied. Start diagnosis. The diagnosis execution condition includes, for example, a condition in which the system has been initialized and is in an activated state, and the power supply voltage of each device is within an operation guarantee voltage range.
[0029]
Next, the process proceeds to step S2, in which the status of the CAN communication bus is monitored with reference to the status register (or error counter) of the CAN controller unit 107, and the monitoring result indicates any one of the abnormal statuses of error warning, error passive, and bus off. Check whether or not is detected. If any of the monitoring results of the bus state, the error warning state, the error passive state, and the bus off state is not detected, and the communication is normally performed (error active state), the state of the bus in step S2 is determined. The monitoring loop is repeated every set sampling time. This sampling time is set to a time short enough to return from the bus off state to the error active state by the CAN recovery function. For example, if the recovery time to the error active state by the recovery function is 4 ms, the sampling time is It is set to 1 ms.
[0030]
Also, when any of the error monitoring state, the error passive state, and the bus off state is detected as a result of monitoring the bus state in step S2, the process proceeds from step S2 to step S3, in which a temporary failure determination flag FLGR is set (FLGR ← FLGR). 1), the counting by the continuous failure determination timer TM is started. The temporary failure determination flag FLGR is set in response to an error detected by the CAN controller unit 107, and is determined to be a failure in which the error is not a temporary one but continues and a necessary measure must be taken as a vehicle. This shows the previous temporary determination state. Then, the duration of the state in which the temporary failure determination flag FLGR is set is counted by the continuous failure determination timer TM.
[0031]
Then, the process proceeds to step S4, and it is checked whether or not the error active state is detected continuously for the set number of times as a result of monitoring the bus state. The set number of times is set based on the relationship between the recovery time from the bus off state to the error active state by the CAN recovery function and the sampling time of the bus state monitoring cycle, and it is determined that the abnormality is not continued. The number of possible times, for example, if the recovery time to the error active state by the recovery function is 4 ms and the sampling time is 1 ms, the number is set to two times.
[0032]
When the error active state is detected twice consecutively, it is determined that the bus state has not completely returned to the normal state due to the recovery function of the CAN but has completely returned to the normal state. Then, the temporary failure determination flag FLGR and the continuous failure determination timer TM are both cleared (FLGR ← 0, TM ← 0), and the process returns to step S2 to continue monitoring the bus state.
[0033]
If the error active state has not been detected twice consecutively in step S4, the process proceeds from step S4 to step S6 to determine whether or not the value of the continuous failure determination timer TM has exceeded a preset failure determination time. Find out. If the failure determination time has not elapsed, the process returns from step S6 to step S4, and checks again whether the monitoring result of the bus state has detected the error active state twice consecutively. Then, the error active state is not detected twice consecutively in step S4. When the failure determination time has elapsed in step S6, it is determined that the failure state is not a temporary abnormality but a failure state in which the failure continues, and the process proceeds from step S6 to step S7.
[0034]
In step S7, a failure determination flag FLGE indicating failure determination is set (FLGE ← 1), and the limp home function is started. In the limp home function, for example, the required minimum traveling performance is ensured by setting the fuel injection amount and the ignition timing to predetermined fail-safe values.
[0035]
That is, as shown in the time chart of FIG. 4, the monitoring period of the bus state is shortened in consideration of the recovery function of the CAN, and when an abnormality that leads to the bus off state is detected, the temporary failure determination flag FLGR is set. Time the duration. After the provisional failure determination flag FLGR is set, it is not cleared unless a normal determination (error active detection) is performed continuously for a set number of times (except at the time of system reset), and the temporary failure determination flag FLGR is set. When the set failure determination time has elapsed, the failure is determined and the failure determination flag FLGE is set, and the setting of the failure determination flag FLGE instructs the execution of the limp home control.
[0036]
This makes it possible to reliably detect a failure within the set failure determination time, avoid the influence of the recovery function of the CAN, prevent erroneous diagnosis due to short-time communication errors due to disturbances, etc., and improve the reliability of diagnosis. Can be improved.
[0037]
【The invention's effect】
As described above, according to the present invention, without being affected by the recovery function that attempts to return to the normal state when transiting to the error status in which transmission and reception are prohibited, it is possible to appropriately determine the continued abnormality and reliably Failure can be detected, and the reliability of diagnosis can be improved.
[Brief description of the drawings]
FIG. 1 is an explanatory diagram showing a configuration example of an in-vehicle LAN; FIG. 2 is a block diagram showing a main part configuration in each unit connected to the in-vehicle LAN; FIG. 3 is a flowchart of a CAN communication diagnosis process; FIG. Diagnosis time chart [Fig. 5] Conventional CAN communication diagnosis time chart [Description of symbols]
1H, 1L CAN communication bus 107 CAN controller FLGE failure determination flag FLGR provisional failure determination flag REC reception error counter TEC transmission error counter TM continuous failure determination timer

Claims (3)

When an error status changes according to an error occurrence state during transmission / reception via the communication bus, and when the error status changes to an error status where transmission / reception is prohibited, a failure diagnosis of a communication device having a recovery function that attempts to return to a normal state is performed. A communication failure diagnostic device,
Means for determining, when the error status has transitioned from the normal state to the abnormal state, a provisional failure, and counting the duration of the provisional failure;
Means for determining that a communication failure has occurred when the transition of the error status to the normal state cannot be detected continuously for a set number of times before the duration of the temporary failure reaches a set time. Failure diagnosis device. A CAN having a recovery function that attempts to return to an error active state when the error status transitions according to an error occurrence situation during transmission / reception via a CAN communication bus and the error status transitions to a bus off state where transmission / reception is prohibited. A communication failure diagnostic device for performing failure diagnosis of a communication device,
Means for determining a temporary failure when the error status has transitioned to a state other than the error active state, and for measuring the duration of the temporary failure;
Means for determining that a communication failure has occurred when the set number of times that the error status has transitioned to the error active state cannot be detected continuously before the duration of the temporary failure reaches the set time. Diagnosis device for communication failure. For a network in a vehicle that connects a plurality of the CAN communication devices via the CAN communication bus,
3. The communication failure diagnosis apparatus according to claim 2, further comprising means for instructing execution of limp home control when it is determined that a communication failure has occurred in any of the nodes on the network.

Images