WO2009103728A1 - Procédé et dispositif de stockage de données d’information - Google Patents

Procédé et dispositif de stockage de données d’information Download PDF

Info

Publication number
WO2009103728A1
WO2009103728A1 PCT/EP2009/051902 EP2009051902W WO2009103728A1 WO 2009103728 A1 WO2009103728 A1 WO 2009103728A1 EP 2009051902 W EP2009051902 W EP 2009051902W WO 2009103728 A1 WO2009103728 A1 WO 2009103728A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
information data
data
writing
memory area
Prior art date
Application number
PCT/EP2009/051902
Other languages
German (de)
English (en)
Inventor
Wanli Sheng
Uwe Werner
Frank Boehland
Jens Liebehenschel
Original Assignee
Robert Bosch Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch Gmbh filed Critical Robert Bosch Gmbh
Publication of WO2009103728A1 publication Critical patent/WO2009103728A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1441Resetting or repowering

Definitions

  • the invention relates to a method for storing information data according to the preamble of claim 1, an apparatus for carrying out this method, a computer program and a computer program product.
  • the present invention provides a method for storing information data, furthermore a device which uses this method and finally a corresponding computer program and a computer program product according to the independent patent claims.
  • Advantageous embodiments emerge from the respective subclaims and the following description.
  • the present invention is based on the finding that information data can be stored as part of an operating program. As a result, required information data can be reliably stored and evaluated. Using the method in conjunction with a bootloader obviates the need for the bootloader to write non-volatile data to a data store as mentioned above.
  • the present invention provides a method for storing information data in a memory having at least two memory areas, which is characterized in that the information data and a first portion of an operating program in one of the at least two memory areas of the memory and the information data and a second portion of the operating program another of the at least two memory areas of the memory are written.
  • already existing information data can be checked in one of the at least two memory areas before the further of the at least two memory areas is described. As a result, it can be ensured that no loss of the information data occurs even in the event of a failed write attempt.
  • an arrangement of the information data in the at least two memory areas may be predetermined. This makes it possible to control the writing of the information data and the operating program into the memory.
  • the operating program may have information about the arrangement of the information data in the at least two memory areas. This makes it easier for the operating program to access the information data.
  • the operating program may have gaps into which the information data may be written.
  • appropriate sections can be predefined in the operating program to which the information data can be integrated.
  • the method can have the following steps:
  • This procedure is suitable for the case that the information data in the second memory area are intact.
  • the method may include the following steps:
  • This procedure is suitable, for example, in the event that the information data in the second memory area are not intact.
  • a third memory area may have previous information data. This allows the memory to have both new and previous informational data.
  • At least the information data written in one of the at least two memory areas can be compared with further information data.
  • conclusions can be drawn on failed attempts to write.
  • the method can be executed by a start program of a control unit and the operating program can be operating software of the control unit and the information data can be non-volatile data. This avoids that the writing of non-volatile data in the bootloader of a controller leads to difficulties with the architecture of the controller or problems with the system behavior.
  • the memory may be a flash memory and the memory areas may be sectors of the flash memory.
  • a device according to the invention performs all the steps of the method according to the invention.
  • the computer program with program code means according to the invention is designed to perform all the steps of the method according to the invention when this computer program is carried out on a computer or a corresponding computing unit, in particular a device according to the invention.
  • the computer program product according to the invention with program code means which are stored on a computer-readable data carrier is provided for carrying out the method according to the invention when this computer program is carried out on a computer or a corresponding arithmetic unit, in particular a device according to the invention.
  • Figure 1 shows a schematic representation of an embodiment of the device according to the invention
  • Figure 2 shows a schematic representation of a memory according to an embodiment of the invention
  • FIG. 3 shows a schematic representation of memory areas according to an embodiment of the invention.
  • FIG. 4 shows a schematic representation of an embodiment of the method according to the invention.
  • Fig. 1 shows a device with a writing device 102 and a memory 104 according to an embodiment of the present invention.
  • the writing device is configured to write information data 106 into the memory 104.
  • the writing device 102 is configured to write an operating program to the memory 104.
  • the memory 104 is configured to store the information data 106 and the operating program.
  • the storage 104 has at least two storage areas.
  • the information data 106 is stored in each of the at least two memory areas of the memory 104.
  • the operating program can be divided into several sections, which can be distributed to the at least two memory areas of the memory.
  • the memory 104 may be a flash memory.
  • the flash memory is divided into a plurality of areas or sectors.
  • a sector generally has a size of a few hundred bytes to a few kilobytes in an automotive memory.
  • Each sector has a plurality of memory cells. Each memory cell in a sector can be described once. Before the next writing, the entire sector must be deleted.
  • the device may be part of an automotive control device, for example.
  • the operating program may be a driving software which is written into the memory 104, for example, by a boot program in the form of a bootloaf.
  • the writing device 102 may be a processor configured to execute the bootloader.
  • the boot loader may have the task of deciding after a system start whether the driving software should be started or replaced and if necessary, replace the driving software.
  • the bootloader can either be executed directly after the system start or can be called up by the driving software. It may also be possible to replace the bootloader with a new software version. Since the boot loader is generally not to be replaced, it should be designed simply so that it contains as possible no errors.
  • the driving software can fulfill a functionality required by the control unit.
  • the information data 106 may be nonvolatile data. Such data may include, for example, information about the identification of a workshop and of a workshop tester, eg a diagnostic device, a date and type of update, a software version or software versions and a version of data statuses as well as a number of all, unsuccessful or successful software updates.
  • FIG. 2 shows a schematic representation of a flash memory 104.
  • the memory 104 has eight sectors. Of the sectors, the first four and the seventh sector are provided with reference numerals 206a, 206b, 206c, 206d, 206g.
  • the sectors 206a, 206b, 206c, 206d, 206g are indicated by vertical lines.
  • the boot loader may be arranged.
  • the driving software can be stored in another five sectors 206c, 206d ... 206g.
  • the driving software can be subdivided into individual sections driving SW 1,..., Driving SW 5.
  • the driving SW 1 section in the third sector 206 c and the driving SW 5 section may be stored in the seventh sector 206 g of the memory 104.
  • FIG. 3 shows the sectors 206c, 206d of the memory 104 shown in FIG. 2.
  • the information data 106 is stored.
  • the first section of the driving software driving SW 1 314 is stored in the sector 206 c.
  • the second section of the driving software driving SW 2 316 is stored in the sector 206d.
  • the information data 106 are respectively arranged at the beginning of a sector 206c, 206d and the sections 312, 314 of the driving software fill the sectors 206c, 206d on.
  • the data 106 may also be at the end of the sectors 206c and / or 206d.
  • other sectors may be inserted before and / or in between.
  • the bootloader does not use the full sector size to store the driving software 314, 316. In the unused areas, the data 106 are stored. These places of information storage should be known to the driving software, if they should access it. Furthermore, the compilation, the linking and the integration should ensure that the driving software works with these "gaps".
  • gaps may be present in the driving software known to the boot loader.
  • the gaps can be fixed size.
  • Corresponding data are entered in the gaps as part of the software update.
  • the boot loader places certain data 106 at previously known locations along with the driving software 314, 316 into at least two sectors 206c, 206d of the flash 104, as illustrated in FIG. 3 for the two sectors 206c, 206d.
  • the embodiment is shown, in which there are no gaps in the driving software.
  • the data 106 can be stored at one or more locations in the driving software.
  • the data 106 may also be located at other locations, such as at the end of the sectors 206c, 206d.
  • the method according to the invention is a secure method in which data 106 are stored in two sectors 206c, 206d together with the driving software 314, 316.
  • the order of the writing operations is important, in which in particular the information data 106 are written into the memory 104.
  • An important scenario to consider is several consecutive power outages. These must not result in information being lost, such as the number of unsuccessful update attempts that may be included in data 106.
  • a first method step 452 may comprise the instruction "delete sector 1", which may be the sector 206c shown in Fig. 3.
  • a second method step 454 may comprise the instruction "write data in sector 1".
  • a third method step 456 may include the instruction "write driving software in sector 1.”
  • a fourth method step 458 may include the instruction "delete sector 2". It can be about act the sector 206d shown in Fig. 3.
  • a fifth method step 460 may include the instruction "write data in sector 2.”
  • a sixth method step 462 may include the instruction "write driving software in sector 2".
  • This sequence of method steps 452, 454, 456, 458, 460, 462 should only be used if the data 106 in sector 2 are intact. This can be checked for example by a checksum. If the data 106 in sector 2 are not intact, the sequence of method steps 452, 454, 456, 458, 460, 462 should be changed.
  • the new data 106 are already present on the storage medium 104 after the second step. They can be determined by a control unit software or by a readout of the memory 104, for example by a feedback analysis.
  • sequences of the method steps are possible.
  • sequences of the method steps are defined which leave the new and the previous data 106 simultaneously on the flash memory 104.
  • the approach according to the invention includes, in addition to the layout on the flash memory, also a comparison of the data with existing persistent data by the driving software. After successfully flashing the driving software, it can draw conclusions by comparing the data written by the bootloader during the update and the persistent data in the data flash. For example, data transmitted by the bootloader, such as the number of unsuccessful update attempts, can be processed and transferred to the area in the data flash containing the persistent data.
  • the inventive method has a number of other advantages.
  • the bootloader and the software architecture can be simpler since the bootloader does not have to store any persistent data in the data flash. Timing issues that can arise from using Flash technology for data storage do not exist in the boot loader. In particular, there is no waiting for the state change.
  • the protocols of the ECUs with the testers can remain unchanged. The code can be transmitted as a data stream from "front to back" from the tester to the ECU.
  • the described embodiments are chosen only by way of example and can be combined with each other. In particular, the method steps described can also be carried out in sequences other than those described, provided that secure storage of the information data remains ensured.
  • any memory can be used which are suitable for the application for which the inventive method is used.

Abstract

L'invention concerne un procédé de stockage de données d'information (106) dans un dispositif de stockage (104) doté d'au moins deux zones de stockage. Selon ledit procédé, les données d'information (106) et un premier segment d'un programme de commande sont écrits dans une desdites deux zones de stockage ou plus de du dispositif de stockage (104) et les données d'informations (106) et un second segment d'un programme de commande sont écrits dans une autre desdites deux zones de stockage ou plus du dispositif de stockage (104).
PCT/EP2009/051902 2008-02-22 2009-02-18 Procédé et dispositif de stockage de données d’information WO2009103728A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102008010556.2 2008-02-22
DE200810010556 DE102008010556A1 (de) 2008-02-22 2008-02-22 Verfahren und Vorrichtung zum Speichern von Informationsdaten

Publications (1)

Publication Number Publication Date
WO2009103728A1 true WO2009103728A1 (fr) 2009-08-27

Family

ID=40512592

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2009/051902 WO2009103728A1 (fr) 2008-02-22 2009-02-18 Procédé et dispositif de stockage de données d’information

Country Status (2)

Country Link
DE (1) DE102008010556A1 (fr)
WO (1) WO2009103728A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101763279B (zh) * 2010-01-15 2012-12-12 上海维宏电子科技股份有限公司 一种BootLoader架构设计方法

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102013220523B4 (de) 2013-10-11 2023-05-25 Continental Automotive Technologies GmbH Verfahren zum Aktualisieren einer Betriebsfunktion eines Sensors und ein Sensormodul

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000007106A1 (fr) * 1998-07-31 2000-02-10 Intel Corporation Techniques et dispositif permettant d'actualiser une memoire remanente -
US6442067B1 (en) * 2000-05-23 2002-08-27 Compaq Information Technologies Group, L.P. Recovery ROM for array controllers
EP1265135A2 (fr) * 2000-01-06 2002-12-11 Nec Corporation Réécriture des zones d'amorçage
US20030163664A1 (en) * 2002-02-28 2003-08-28 Yasushi Kanda Method and apparatus for updating a distributed program
EP1372068A2 (fr) * 2002-06-11 2003-12-17 Seiko Epson Corporation Système, méthode et programme pour réinscrire une mémoire flash
WO2005002060A2 (fr) * 2003-06-16 2005-01-06 Intel Corporation Methode pour un stockage variable de micrologiciel permettant une compression facile, une extraction a securite integree et un balayage de compression de duree de redemarrage
EP1605352A2 (fr) * 2004-06-07 2005-12-14 Hewlett-Packard Development Company, L.P. Localiser des variables d'environnement dans un mémoire non volatile
EP1693740A2 (fr) * 2005-02-16 2006-08-23 Seiko Epson Corporation Appareil de traitement de données et procédé de contrôle d'un appareil de traitement de données

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000007106A1 (fr) * 1998-07-31 2000-02-10 Intel Corporation Techniques et dispositif permettant d'actualiser une memoire remanente -
EP1265135A2 (fr) * 2000-01-06 2002-12-11 Nec Corporation Réécriture des zones d'amorçage
US6442067B1 (en) * 2000-05-23 2002-08-27 Compaq Information Technologies Group, L.P. Recovery ROM for array controllers
US20030163664A1 (en) * 2002-02-28 2003-08-28 Yasushi Kanda Method and apparatus for updating a distributed program
EP1372068A2 (fr) * 2002-06-11 2003-12-17 Seiko Epson Corporation Système, méthode et programme pour réinscrire une mémoire flash
WO2005002060A2 (fr) * 2003-06-16 2005-01-06 Intel Corporation Methode pour un stockage variable de micrologiciel permettant une compression facile, une extraction a securite integree et un balayage de compression de duree de redemarrage
EP1605352A2 (fr) * 2004-06-07 2005-12-14 Hewlett-Packard Development Company, L.P. Localiser des variables d'environnement dans un mémoire non volatile
EP1693740A2 (fr) * 2005-02-16 2006-08-23 Seiko Epson Corporation Appareil de traitement de données et procédé de contrôle d'un appareil de traitement de données

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KIRK CR ET AL: "Fully Reprogrammable Fault-Tolerant FLASH Memory System", IP.COM JOURNAL, IP.COM INC., WEST HENRIETTA, NY, US, 1 August 1995 (1995-08-01), XP013104080, ISSN: 1533-0001 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101763279B (zh) * 2010-01-15 2012-12-12 上海维宏电子科技股份有限公司 一种BootLoader架构设计方法

Also Published As

Publication number Publication date
DE102008010556A1 (de) 2009-09-03

Similar Documents

Publication Publication Date Title
EP2318920B1 (fr) Appareil de commande destiné à un véhicule et procédé d'actualisation de données pour un appareil de commande destiné à un véhicule
DE19839680B4 (de) Verfahren und Vorrichtung zur Veränderung des Speicherinhalts von Steuergeräten
DE102009024605A1 (de) Vorrichtung und Verfahren zum Umgehen eines ersten Programmcodeabschnitts mit einem Ersatzprogrammcodeabschnitt
EP2943748B1 (fr) Procédé et dispositif pour la gestion des données cartographiques d'une carte numérisée d'un système de navigation
EP3378006B1 (fr) Procédé pour charger unne image mémoire sécurisée d'un microcontrôleur et arrangement avec un microcontrôleur
EP2539899B1 (fr) Procédé pour contrôler le bon fonctionnement d'un élément de mémoire
WO2009103728A1 (fr) Procédé et dispositif de stockage de données d’information
EP1665031A2 (fr) Procede d'installation d'une composante programme
DE3820728A1 (de) Verfahren zum pruefen eines festwertspeichers und anordnung zur durchfuehrung des verfahrens
DE102009002898A1 (de) Verfahren zur Aktualisierung eines Steuergeräts eines Fahrzeugs
DE10260103A1 (de) Verfahren und Vorrichtung zur Änderung von Software in einem Steuergerät sowie entsprechendes Steuergerät
WO2020099023A2 (fr) Appareil de commande pour un composant de véhicule, kit comprenant un appareil de commande et un dispositif d'essai, véhicule, procédé pour la mise à jour d'un appareil de commande et support de stockage lisible par ordinateur
DE102004006308B4 (de) Verfahren zum Verändern von Programmcode eines tragbaren Datenträgers mittels Patchdaten
DE19701323C2 (de) Verfahren und Vorrichtung zur Aktualisierung der Betriebssoftware
DE102021002079B3 (de) Verfahren zum effizienten Ablegen von Daten
EP1967920A1 (fr) Procédé de mise à jour logicielle dans un système d'automatisation à base de FPGAs
DE10235380B4 (de) Verfahren zur dynamischen Speicherverwaltung
DE102009047974A1 (de) Verfahren zur Programmierung eines Steuergeräts
DE112021002282T5 (de) Elektronische steuervorrichtung und aktualisierungsverfahren für steuerungssoftware
WO2020025372A1 (fr) Procédé, dispositif de commande, programme informatique et progiciel informatique destiné à actualiser un logiciel pour un dispositif de commande
DE102008002494A1 (de) Verfahren zum Aktualisieren eines Speichersegments, Datenverarbeitungsschaltung und Speichersegment
WO2023006531A1 (fr) Procédé de vérification de signatures numériques, unité de calcul de véhicule et véhicule
DE102017118348A1 (de) Aktualisierung eines in einer Recheneinrichtung eines Kraftfahrzeugs hinterlegten Anwendungsprogramms mit mehreren Programmdateien
DE102020216481A1 (de) Verfahren zum Betreiben eines Steuergeräts und Steuergerät
WO2002003193A2 (fr) Systeme electronique pour developper un logiciel et procede pour acceder a des donnees internes du logiciel

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09713323

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 09713323

Country of ref document: EP

Kind code of ref document: A1