JP2023106156A - Electronic control apparatus and communication system - Google Patents

Abstract

To properly execute control processing after recovery of communication when a failure occurs on a two-wire communication line connected to an electronic control apparatus.SOLUTION: An electronic control apparatus having terminal resistors equipped at both ends to perform two-wire communication, connected to another electronic control apparatus over a network, having a communication interface which establishes a communication over the network, and configured to execute control processing while communicating with the another electronic control apparatus, includes recovery information including control information associated with failure location information identifying a location of a failure which may occur on the network and device information identifying the another electronic control apparatus. When receiving a notification on the failure location information identifying a location of a failure detected on the network, the electronic control apparatus refers to the recovery information, acquires the control information associated with failure location information and the device information from the recovery information, and establishes a communication with the another electronic control apparatus on the basis of the control information in control processing after recovery of the network.SELECTED DRAWING: Figure 1

Description

The present invention relates to electronic control units and communication systems.

One of communication protocols used in communication between electronic control devices is CAN (Controller Area Network). As an example of technology related to communication using CAN, in a communication device having a plurality of communication stations via a two-wire communication line, when an abnormality is detected in the two-wire communication line, the two-wire communication Techniques have been proposed for restoring communication by controlling the resistance that can be connected to the line.

JP 2019-83471 A

In such conventional technology, it is possible to physically restore communication when a failure occurs in the two-wire communication line. Here, after the network is restored in this way, it may be desirable to perform control processing using data different from normal processing according to the system state after restoration. However, in the conventional technology described above, there is no mention of how control processing should be performed after restoration, and there is a possibility that appropriate control processing cannot be realized.

Accordingly, it is an object of one aspect of the present invention to enable appropriate control processing to be performed after communication is restored when a failure occurs in a two-wire communication line to which an electronic control unit is connected. do.

In one aspect of the present invention, a communication interface that is connected to another electronic control device via a network that performs two-wire communication with termination resistors at both ends, and that realizes communication via a processor, a memory, and the network. wherein the memory stores failure location information for identifying failure locations that may occur in the network and identifies the other electronic control device. recovery information including control information associated with device information, and referring to the recovery information when the processor receives notification of failure location information identifying a failure location detected in the network; The control information associated with the failure location information and the device information is acquired from the restoration information, and communication with the other electronic control device is performed based on the control information in control processing after restoration of the network. conduct.

According to one aspect of the present invention, when a failure occurs in a two-wire communication line to which an electronic control unit is connected, appropriate control processing can be performed after communication is restored.

It is an explanatory view showing an example of a control system concerning one embodiment of the present invention. FIG. 2 is a block diagram showing the functional configuration and data configuration of an ECU (other than main) in one embodiment of the present invention; 3 is a block diagram showing the functional configuration and data configuration of an ECU (main) in one embodiment of the present invention; FIG. FIG. 4 is an explanatory diagram showing an example of a restoration information matrix in one embodiment of the present invention; 4 is a flow chart showing an example of disconnection point identification and restoration processing by an ECU (main) in one embodiment of the present invention. 6 is a flow chart showing an example of selection of control information at the time of recovery from disconnection and an example of control processing based on the control information in one embodiment of the present invention. FIG. 4 is an explanatory diagram showing a specific example of a failure location and a terminating resistor when restoration processing is executed in one embodiment of the present invention; FIG. 4 is an explanatory diagram showing a specific example of a failure location and a terminating resistor when restoration processing is executed in one embodiment of the present invention; FIG. 4 is an explanatory diagram showing an example of sub-tables of a recovery information matrix in one embodiment of the present invention, where (A) shows a control group table and (B) shows a control information table;

Hereinafter, embodiments of the present invention will be described with reference to the drawings. It should be noted that the present invention is not limited by the embodiments described in this specification, and different embodiments and modifications thereof can be appropriately combined.

[Overall configuration of control system]
FIG. 1 shows an example of a control system 10 according to this embodiment. The control system 10 is mounted on a vehicle such as an automobile, and controls various devices related to running of the vehicle. The control system 10 includes, for example, a powertrain control system such as engine control, a vehicle control system such as electric power steering and brake control, a body control system such as airbags and surrounding monitoring, and a navigation system, depending on the type of in-vehicle device to be controlled. and GPS (Global Positioning System). The control system 10 includes an ECU (Electronic Control Unit) 20 (1ECU 20A, 2ECU 20B, 3ECU 20C, 4ECU 20D, 5ECU 20E) that controls the in-vehicle device. In the following description, the ECU 20 will be referred to when describing a description common to all of the 1st ECU 20A to the 5th ECU 20E or when describing any one or more of them, and when describing individually. Each of the first ECU 20A to the fifth ECU 20E will be referred to. The same applies to other constituent elements. The control system 10 comprises a network 30 connected to each of these ECUs 20 and transmitting and receiving signals using the CAN protocol. The network 30 comprises CAN_H 31 and CAN_L 32 buses that constitute a two-wire communication.

The ECU 20 includes a CPU (Central Processing Unit) 21 (21A to 21E) that constitutes a microcomputer, and a communication interface 22 (22A to 22E). The ECU 20 also includes switches 41 (41A to 41E) connected to CAN_H31 and CAN_L32, and resistors 42 (42A to 42E) that can serve as terminating resistors for two-wire communication by CAN_H31 and CAN_L32.

The CPU 21 loads and executes a program stored in a memory (not shown in FIG. 1), thereby performing control processing of an in-vehicle device to be controlled by the ECU 20 . Also, communication control processing for communicating with other ECUs 20 via CAN_H31 and CAN_L32 is performed.

The communication interface 22 is composed of, for example, a CAN (Controller Area Network) transceiver or the like, and provides a function of generating and adjusting a voltage to be transmitted to the bus, securing an operating current, and the like, and connecting to the network 30 . The communication interface 22 transmits signals (differential signals) of different voltages according to the values of data transmitted from the CPU 21 to the CAN_H 31 and CAN_L 32 . Further, when receiving signals from CAN_H31 and CAN_L32, the communication interface 22 identifies the data value indicated by the received signal based on the voltage difference between the signals in CAN_H31 and CAN_L32.

The switch 41 is made of a semiconductor element such as a transistor, and is turned on/off under the control of the CPU 21 .
Resistor 42 is connected to CAN_H 31 and CAN_L 32 when switch 41 is turned on, and acts as a terminating resistor (eg, 120Ω resistance) in network 30 . In the system example shown in FIG. 1, the switch 41A provided in the 1ECU20A and the switch 41E provided in the 5ECU20E are turned on. Therefore, the resistance 42A provided in the 1ECU 20A and the resistance 42E provided in the 5ECU 20E serve as terminating resistances for two-wire communication in CAN_H31 and CAN_L32, respectively.

In the control system 10 shown in FIG. 1, among the 1ECU 20A to the 5ECU 20E, the 5ECU 20E has a communication management function (main function) in the network 30. In other words, the CPU 21E provided in the 5ECU 20E functions as the main CPU in the network 30. Hereinafter, the functional configuration and data configuration of each of the 1ECU20A to 4ECU20D and the 5ECU20E having a communication management function will be described. The 5ECU 20E is a specific example of a first electronic control device, and the 1ECU 20A to 4ECU 20D are specific examples of a second electronic control device.

[ECU functional configuration and data configuration]
FIG. 2 is a block diagram showing the functional configuration and data configuration of each of the 1ECU 20A to 4ECU 20D. Each of the first ECU 20A to the fourth ECU 20D includes a signal transmission unit 51 and a control processing unit 52 as a control unit 50 whose function is realized by executing a program in the CPU 21 constituting a microcomputer. Each microcomputer of the 1ECU 20A to 4ECU 20D has a memory 60 in which a recovery information matrix 61 is stored. The memory 60 also stores data used for normal control processing in the first ECU 20A to the fourth ECU 20D, but illustration and description thereof are omitted in this embodiment.

The signal transmission unit 51 transmits a heartbeat signal indicating that its own device is operating normally to the 5ECU 20E having a communication management function at predetermined time intervals.
The control processing unit 52 performs normal control processing for the in-vehicle device. In addition, when the control processing unit 52 is notified of a failure location code indicating a failure location in the network 30 from the failure location notification unit 55 of the 5ECU 20E having a communication management function, the recovery information matrix 61 stored in the memory 60 By referring to it, the control information associated with the device information for identifying each of the ECUs 20 with which communication is performed in the relevant failure location code and the control process is acquired. Then, the control processing unit 52 performs control processing after restoration of the network 30 based on the control information.

FIG. 3 is a block diagram showing the functional configuration and data configuration of the 5ECU 20E having a communication management function. The 5ECU 20E includes a control processing unit 52 of the control unit 50 and a recovery information matrix 61 of the memory 60, like the 1ECU 20A to the 4th ECU 20D. Further, the 5ECU20E further includes a failure detection unit 53, a termination control unit 54, and a failure location notification unit 55 instead of the signal transmission unit 51 in the 1ECU20A to the 4th ECU20D.

The fault detection unit 53 identifies the location of the fault in the network 30 . Specifically, when the failure detection unit 53 detects that the heartbeat signals from the first ECU 20A to the fourth ECU 20D are interrupted, it performs broadband transmission to the first ECU 20A to the fourth ECU 20D. Then, the failure detection unit 53 identifies the location of the failure based on the presence or absence of response signals from the first ECU 20A to the fourth ECU 20D to the broadband transmission.

The termination control unit 54 turns on the switch 41 provided in any one of the 1ECU 20A to the 4th ECU 20D and connects the resistor 42 to the network 30 according to the specified failure location of the network 30 . Thereby, the position of the terminating resistor in the two-wire communication of the network 30 can be changed, and the network 30 can be physically restored.

The failure location notification unit 55 notifies the control processing units 52 of the 1ECU 20A to the 5ECU 20E of a failure location code that identifies the detected failure location of the network 30. FIG. This fault location code can be set, for example, between binary codes “00000000” to “11111111” in association with each possible failure location in the network 30 .
Since the control processing unit 52 of the control unit 50 and the restoration information matrix 61 of the memory 60 are the same as those of the first ECU 20A to the fourth ECU 20D, description thereof will be omitted.
The 5ECU 20E may be configured to include only components related to the communication management function without including the control processing unit 52 and the recovery information matrix 61.

[Structure of recovery information matrix]
Here, FIG. 4 shows an example of the restoration information matrix 61 provided in each of the ECUs 20. As shown in FIG. The recovery information matrix 61 includes control information associated with failure location codes (failure location information) that identify possible failure locations in the network 30, and device information that identifies the ECU 20 that communicates with in control processing. is a table showing For example, FIG. 4 shows a specific example of the restoration information matrix 61 held by the fourth ECU 20D. In the recovery information matrix 61, the control information associated with the fault location code "1 (00000001 in binary code)" and the 3ECU20C, which is the other party to communicate with, is the "abnormal set value". This is when the control processing unit 52 of the 4ECU20D having the recovery information matrix 61 receives a notification of the failure location code "1" from the failure location notification unit 55 of the 5ECU20E, that is, in the network 30, the 1ECU20A and When a failure occurs between the 2ECU20B, it indicates that the control is performed using a predetermined "abnormal set value" in communication with the 3ECU20C. On the other hand, in the communication with the 5ECU 20E, it indicates that the control is continued using the "previous value" transmitted and received before the failure occurred. It should be noted that it is assumed that the "previous value" is held in each memory 60 of the ECU 20 . Among the data examples shown in the restoration information matrix 61, the "transmission value" indicates that the value of data that can be transmitted and received after restoration is used as it is (that is, normal processing is performed). Also, such "abnormal setting value", "previous value", "transmission/reception value" and the like are merely examples of control information.

[Recovery processing by each ECU when failure occurs]
Next, processing executed in the ECU 20 will be described in detail.
First, processing executed by the failure detection unit 53, the termination control unit 54, and the failure location notification unit 55 of the 5ECU 20E having a communication management function will be described with reference to the flowchart shown in FIG.

At step 101 (indicated as S101 in the figure, the same applies hereinafter), the failure detection unit 53 determines whether or not a heartbeat signal has been received from the ECUs 20A to 20D within a predetermined period. If received, the process of step 101 is continued (Yes), and if not received, the process proceeds to step 102 (No).
At step 102 , the termination control unit 54 turns on the switch 41E provided in its own device (the 5ECU 20E) and connects the resistor 42E to the network 30 .
At step 103, the failure detection unit 53 performs broadband transmission to request a response signal from the first ECU 20A to the fourth ECU 20D.

At step 104, the failure detection unit 53 determines whether or not a response signal has been received from the fourth ECU 20D. If not received, proceed to step 105 (No), and if received, proceed to step 107 (Yes).
At step 105, the failure detection unit 53 identifies that the failure location of the network 30 is between the 4ECU 20D and the 5ECU 20E. At this time, the failure detection unit 53 sets the failure location code to "4 (00000100)".
In step 106, the failure detection unit 53 determines whether or not it has received a response signal from the 3ECU20C. If not received, proceed to step 107 (No), and if received, proceed to step 108 (Yes).
At step 107, the failure detection unit 53 identifies that the failure location of the network 30 is between the 3ECU20C and the 4ECU20D. At this time, the failure detection unit 53 sets the failure location code to "3 (00000011)".

At step 108, the failure detection unit 53 determines whether or not a response signal has been received from the second ECU 20B. If not received, proceed to step 109 (No), and if received, proceed to step 110 (Yes).
At step 109, the failure detection unit 53 identifies that the failure location of the network 30 is between the second 2ECU20B and the second 3ECU20C. At this time, the failure detection unit 53 sets the failure location code to "2 (00000010)".
At step 110, the failure detection unit 53 determines whether or not a response signal has been received from the first ECU 20A. If not received, proceed to step 111 (No), and if received, proceed to step 112 (Yes).
At step 111, the failure detection unit 53 identifies that the failure location of the network 30 is between the 1ECU 20A and the 2ECU 20B. At this time, the failure detection unit 53 sets the failure location code to "1 (00000001)".

At step 112, the failure detection unit 53 determines that the cause of the interruption of the heartbeat signal is not a disconnection failure or the like, since response signals have been received from all of the first ECU 20A to the fourth ECU 20D. Specifically, the failure detection unit 53 determines that the heartbeat signal has been temporarily interrupted due to a software reset in the ECU 20 having a terminating resistor, an unstable operation of the terminating resistor, or the like. At this time, the failure detection unit 53 sets the failure location code to "0 (00000000)".

In step 113, the termination control unit 54 connects the resistor 42 of any one of the 1ECU 20A to the 5ECU 20E to the network 30 according to the failure location specified by the failure detection unit 53, and changes the location of the termination resistance. To give a specific example in the case of the control system 10 shown in FIG. 1, when the failure point of the network 30 is between the 2ECU20B and the 3ECU20C, the termination control unit 54 connects the resistor 42C to the 3ECU20C to the network 30 to send an instruction to connect. Accordingly, in the second 3ECU20C, the switch 41C is switched on and the resistor 42C is connected to the network 30. As a result, the resistor 42C of the 3ECU20C becomes the terminating resistor of the network 30, and communication can be restored at least between the 3ECU20C and the 5ECU20E.
In step 114, the termination control unit 54 turns off the switch 41E provided in its own device (the 5ECU 20E), and disconnects the resistor 42E from the network 30.

In step 115, the fault location notification unit 55 determines the ECU 20 that can communicate at the present time as a result of the physical restoration of the network 30 by the processing of step 112. Notify the failure location code. Specifically, the failure location notification unit 55 transmits the failure location code via the network 30 to the control processing unit 52 of the ECU 20 with which communication is possible among the first ECU 20A to the fourth ECU 20D. Also, the failure location code is passed to the control processing unit 52 in the 5ECU 20E, which is the own device.

Next, the processing executed by the control processing units 52 of the 1ECU 20A to the 5ECU 20E will be described with reference to the flowchart shown in FIG.
At step 211, the control processing unit 52 determines whether or not the failure location code has been notified from the failure location notification unit 55 of the 5ECU 20E. If there is a notification, the process proceeds to step 212 (Yes), and if there is no notification, the process of step 211 is continued (No).
At step 212, the control processing unit 52 determines that the received fault location code is "1 (00000001)", "2 (00000010)", "3 (00000011)", "4 (00000100)", "0 (00000000)". It is determined whether it is any of Then, in steps 213 to 217, the control processing unit 52 performs processing corresponding to each fault location code.

At step 213, the control processing unit 52 refers to the recovery information matrix 61 and acquires the control information associated with each of the failure location code "1" and each of the ECUs 20 with which communication is performed in the control process.
At step 214, the control processing unit 52 refers to the recovery information matrix 61 and acquires the control information associated with each of the failure location code "2" and each of the ECUs 20 with which it communicates in the control process.
At step 215, the control processing unit 52 refers to the restoration information matrix 61 and acquires the control information associated with each of the failure location code "3" and each of the ECUs 20 with which it communicates in the control process.
At step 216, the control processing unit 52 refers to the recovery information matrix 61 and acquires control information associated with each of the failure location code "4" and each of the ECUs 20 with which it communicates in the control process.
At step 217, the control processing unit 52 refers to the restoration information matrix 61 and acquires the control information associated with each of the failure location code "0" and each of the ECUs 20 with which it communicates in the control process.

At step 218, the control processing unit 52 determines data to be used for control with each of the ECUs 20 that are communication partners in the control processing based on the control information acquired at any one of steps 213 to 217, and uses the data. Control processing is performed using

Next, a specific example of such restoration processing will be described with reference to FIGS. 7 and 8. FIG. FIG. 7 shows a state in which a disconnection failure has occurred between the 1ECU 20A and the 2ECU 20B. In this case, the failure detection unit 53 of the 5ECU20E having a communication management function performs broadband transmission to the 1ECU20A, the 2ECU20B, the 3ECU20C, and the 4ECU20D. As a result, since the response signal from the 1ECU 20A cannot be received, the failure detection unit 53 of the 5ECU 20E specifies that a disconnection failure has occurred between the 1ECU 20A and the 2ECU 20B. Then, the termination control unit 54 of the 5ECU 20E transmits an instruction to connect the resistor 42B to the network 30 to the 2ECU 20B. In response, the second ECU 20B turns on the switch 41B and connects the resistor 42B to the network 30 . As a result, the resistor 42B of the 2ECU 20B becomes a terminating resistor of the network 30, and communication can be restored at least between the 2ECU 20B to the 5ECU 20E surrounded by the dashed lines in FIG.

Then, the failure location notification unit 55 of the 5ECU 20E notifies the control processing unit 52 of each of the 2ECU 20B to the 5ECU 20E of the failure location code "1 (00000001)" that identifies the failure location. On the other hand, the control processing unit 52 of each of the 2ECU20B to the 5ECU20E that has received the notification of the failure location code "1" refers to the restoration information matrix 61, and controls associated with the failure location code "1". Information is acquired and control is performed based on the control information. For example, when the 4ECU20D holds the example of the recovery information matrix 61 shown in FIG. "Abnormal setting value". On the other hand, the data transmitted/received to/from the 5ECU 20E is set as the "previous value" which is the value used in the process immediately before the failure occurs.

Here, further, FIG. 8 shows a state in which a disconnection failure has occurred between the 2ECU20B and the 3ECU20C. In this case, as a result of broadband transmission by the 5ECU20E having a communication management function, the response signal from the 2ECU20B cannot be received, so the failure detection unit 53 of the 5ECU20E detects that there is a disconnection failure between the 2ECU20B and the 3ECU20C. identify it as occurring. Then, the termination control unit 54 of the 5ECU20E transmits an instruction to connect the resistor 42C to the network 30 to the 3ECU20C. Accordingly, in the second 3ECU20C, the switch 41C is switched on and the resistor 42C is connected to the network 30. As a result, the resistor 42C of the 3ECU20C becomes the terminating resistor of the network 30, and at least communication can be restored between the 3ECU20C to the 5ECU20E surrounded by the dashed lines in FIG.

Then, the failure location notification unit 55 of the ECU 20E notifies the control processing unit 52 of each of the 3ECU20C to the 5ECU20E, "2 (00000010)", which is a failure location code that identifies the failure location. On the other hand, the control processing unit 52 of each of the 3ECU20C to the 5ECU20E that has received the notification of the failure location code "2" refers to the restoration information matrix 61 and controls associated with the failure location code "2" Information is acquired and communication is performed based on the control information. For example, if the 4ECU20D holds the example of the recovery information matrix 61 shown in FIG. ”, the data to be transmitted and received with the 5ECU 20E is set to a predetermined “abnormal setting value”. In this way, the value of data used for communication in control processing after restoration may also change due to a change in the failure location.

[Effects of this embodiment, etc.]
With the configuration as described above, the present embodiment has the following effects when a failure such as disconnection occurs in the CAN network for two-wire communication. That is, according to the present embodiment, a restoration information matrix is provided in advance, in which the control information after the communication is restored is stored in association with each of the failure points and the partner ECUs with which communication is performed in the control process. By referring to the control information in the recovery information matrix, control processing can be performed while transmitting/receiving data corresponding to the failure point to/from each of the communication partner ECUs after the communication is restored. Therefore, it is possible not only to physically restore communication, but also to perform control processing after restoration more appropriately. Also, even if a plurality of such failures occur in stages, the location of the failure can be identified each time, and control processing can be performed using data corresponding to the location of the most recent failure.

[Modification of this embodiment]
Here, a modified example of this embodiment will be described. In this modification, each of the ECUs 20 described above has a control group table 61A and a control information table 61B, which are sub-tables, in addition to the restoration information matrix 61 in the memory 60 .

FIG. 9A is the control group table 61A, which includes information on CAN_IDs and control groups. CAN_ID is a control identifier assigned according to control processing executed in each of the ECUs 20, and data transmitted and received in the control processing includes the control identifier. On the other hand, the control group indicates a predetermined classification according to the contents of control processing (functions and types, for example, the level of safety required for the contents of control, etc.).
FIG. 9B is the control information table 61B, which includes information on control groups and control information. The control group corresponds to the control group stored in the aforementioned control group table 61A. The control information indicates control information associated with each control group.

These control group table 61A and control information table 61B may be separately provided corresponding to each of the partner ECUs 20 with which communication is performed in the failure location and the control process. A common control group table 61A and control information table 61B may be provided.

In the modification, the control processing unit 52 of the ECU 20, when referring to the recovery information matrix 61 in the processing of steps 213 to 217 described above, communicates with the ECU 20 with which it communicates in the control processing, and Identifies the given CAN_ID. Then, the control processing unit 52 refers to the control group table 61A and identifies the control group associated with the CAN_ID. Further, the control processing unit 52 refers to the control information table 61B and acquires control information associated with the specified control group. For example, in the case of the specific example of the data shown in FIG. 9, referring to the control group table 61A, if the CAN_ID of the control process is "0x222", the control group is "B". Therefore, the control processing unit 52 refers to the control information table 61B, acquires the "abnormal setting value" as control information, and performs control processing based on the control information.

According to this modified example, in the control process after restoration of the CAN network, it is possible to acquire control information according to more specific control contents in addition to the failure location and communication partner ECU. Therefore, after restoration of the CAN network, it is possible to perform control processing using more appropriate data according to the content of control.

[others]
In this embodiment, an example of application in a vehicle control system has been described, but the CAN network is also used in many fields such as industrial equipment and medical equipment, and the system to which the present invention is applied is , but not limited to vehicle control systems. The ECU in this embodiment is merely an example of an electronic control device that performs various controls.
In addition, the embodiments of the present invention described above are only a part of possible embodiments within the technical scope of the present invention, and are disclosed as examples of the present invention. does not limit In addition, the functional configuration and physical configuration in each embodiment are not limited to the aspects described above. Furthermore, it is also possible to add, delete, replace, etc. other configurations with respect to a part of the configuration.

DESCRIPTION OF SYMBOLS 10... Control system 20... ECU 21... CPU 22... Communication interface 30... Network 41... Switch 42... Resistance 51... Signal transmission part 52... Control process part 53... Failure detection part 54... Termination control unit, 55... Failure point notification unit, 61... Restoration information matrix

Claims (4)

It is connected to another electronic control device via a network that performs two-wire communication with termination resistors at both ends, and has a processor, a memory, and a communication interface that realizes communication via the network, and the other electronic control device. An electronic control device that performs control processing while communicating with a device,
The memory comprises recovery information including control information associated with failure location information identifying failure locations that may occur in the network and device information identifying the other electronic control devices,
the processor
When receiving notification of the failure location information identifying the failure location detected in the network, the recovery information is referred to, and the control information associated with the failure location information and the device information is transferred to the recovery information. and communicates with the other electronic control unit based on the control information in the control process after the network is restored,
electronic controller. The data communicated in the control process includes a control identifier assigned according to the control process,
The recovery information further includes information in which the control identifier is classified according to the control content of the control process and control information associated with the classification,
The processor, when acquiring the control information from the restoration information, identifies the control identifier corresponding to the control process after restoration of the network, and retrieves the control information associated with the classification to which the control identifier belongs. 2. The electronic control unit of claim 1, wherein: The control information is communicated with the other electronic control unit using a previous value or a predetermined abnormal set value that was communicated with the other electronic control unit before a failure occurred in the control process. 3. The electronic control unit according to claim 1, wherein the information indicates A plurality of electronic control devices are connected via a network that performs two-wire communication with termination resistors at both ends, and each of the plurality of electronic control devices has a processor and a memory, and a communication interface that realizes communication via the network. A communication system that performs control processing while communicating with each other,
When a failure occurs in the network, a first electronic control unit among the plurality of electronic control units detects the location of the failure and changes the position of the terminating resistor to restore communication of the network, notifying the second electronic control unit of failure location information identifying the failure location;
When the second electronic control unit receives the notification of the failure location information, the second electronic control unit identifies failure location information for identifying a possible failure location in the network and other electronic control devices stored in the memory. By referring to recovery information including control information associated with the device information, the failure location information and the control information associated with the device information are acquired from the recovery information, and based on the control information, the other communicates with the electronic controller of
Communications system.