WO2015055498A1 - Procédé pour faire fonctionner un dispositif de commande d'un véhicule automobile et dispositif de commande pour véhicule automobile - Google Patents

Procédé pour faire fonctionner un dispositif de commande d'un véhicule automobile et dispositif de commande pour véhicule automobile Download PDF

Info

Publication number
WO2015055498A1
WO2015055498A1 PCT/EP2014/071644 EP2014071644W WO2015055498A1 WO 2015055498 A1 WO2015055498 A1 WO 2015055498A1 EP 2014071644 W EP2014071644 W EP 2014071644W WO 2015055498 A1 WO2015055498 A1 WO 2015055498A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
program
safety
memory area
program part
Prior art date
Application number
PCT/EP2014/071644
Other languages
German (de)
English (en)
Inventor
Andre Göbel
Uwe Fröhler
Cornelia Göbel
Michael Hetzenecker
Original Assignee
Continental Automotive Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Continental Automotive Gmbh filed Critical Continental Automotive Gmbh
Publication of WO2015055498A1 publication Critical patent/WO2015055498A1/fr

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric

Definitions

  • the invention relates to a method for operating a control unit of a motor vehicle and a control device for a motor vehicle, in particular a control unit of a motor driving ⁇ tool which is used to control safety-related systems of the motor vehicle.
  • Control units of ordinary motor vehicles serve to control and / or regulate various processes in different areas.
  • control devices in devices for driving state recognition is known in which different variables, such as the steering angle ⁇ speed, but also optical signals or image signals are recorded and evaluated to detect a critical driving condition.
  • ISO 26262 An ISO standard provided for this purpose is ISO 26262, which is a process framework and process model together with required activities and work products as well as applicable methods Are defined.
  • the implementation of the standard is intended to ensure the functional safety of an electronic system in motor vehicles.
  • Control unit controlled functional components according to their safety standard, that is classified QM or ASIL A to D.
  • Safety classification during the course does not influence each other.
  • One approach here is to use explicit switching commands a higher-level process control or execute the individual program components as individual processes of the lowest Sys ⁇ system level.
  • multiple processor cores are used, each core of one assigned particular security class, leaving only Un ⁇ terprogramme a specific security classification on a particular core to run and does not turn out to the other cores, these approaches to be inefficient because they require additional computational effort or expensive pro ⁇ zessor fashionuren.
  • Object of the present invention is to provide a method for operating a control unit of a motor vehicle, by means of which program parts of different security classification ⁇ a safety-related function in an efficient manner can be carried out separately.
  • this object is achieved by a method for operating a control device of a motor vehicle, which has a memory for storing program parts of a safety-relevant function.
  • the memory is in at least five memory areas, which each correspond to a different security standard, for storing program parts of the security-relevant function according to their necessary
  • the method has the following steps: Firstly, program parts of the safety-relevant function which are suitable for inheritance are stored in an additional memory area of the memory which is different from the at least five memory areas. Furthermore, a first program part of a security-relevant function is executed, the first program part being present in a first memory area of the memory and a security corresponding to a security standard of the first memory area having. Now, if a safety-relevant function on the inheritance of suitable program part is called during execution of the first Pro ⁇ program part, which corresponding to the security level of the first storage area rights to the form suitable for transmission program part are inherited and suitable for inheritance part of the program is then executed.
  • program parts are in this case parts of the program containing code for user data, in particular ⁇ sondere code which passes the program part of user data, understand, that is program parts that work with inherited rights to user data in accordance with the safety standards they calling program part and not have their own data.
  • Such a method has the advantage that it specifies a method for operating a control device of a motor vehicle by means of which program parts of different safety classification of a safety-relevant function can be carried out in an efficient manner separately.
  • Inherited permissions that is to say access rights
  • Inherited permissions are known in data processing and are transferred from an overarching object to an object. This facilitates the management of permissions and ensures the uniform assignment of permissions to all objects within a container, that is, memory areas of the memory.
  • inheritance methods are used in computer science and digital technology, so that they can be implemented and implemented easily and without great effort.
  • Next method of the invention requires neither ⁇ slegilichen computational effort still consuming processor architectures especially by inheritance of the rights of the calling program part can be ensured that no rights of other security standards while running appropriate to Inheritors program parts are violated.
  • the program parts whose separate sequence is controlled, are linked by the fact that in the context of a program part, another of the program parts is called.
  • a program part is called as a subroutine, for example as a function or as a procedure, which is for example part of the calling program part or else an interruption.
  • a program part is called as a function
  • rights can be passed on from a calling program part to the called program part, so that it can be ensured in a simple manner and efficiently that rights corresponding to other security standards are not influenced by the sequence of the program part suitable for inheritance and vice versa
  • a calling program part can also call several program parts so that one or more program parts suitable for inheritance can exist.
  • Several calling program parts can be made that call one or more Pro ⁇ gram parts, which may be different.
  • a program part which is suitable for inheritance and which is called by a first program part can likewise call one or more further program parts suitable for inheritance.
  • the order of an inheritance of rights between called, Calling, first and suitable for inheritance program parts can be done depending on the situation and according to a hierarchy between the program parts for the situation of a call. For the situation of another call, the hierarchy can be different, so that the order of inheritance of the right can change accordingly depending on the situation of the call.
  • the corresponding to the security level of the first storage area rights in this case comprise rights for read / write access to the first storage area as well as permissions for a read access to various of the first storage area of the storage regions at least five memory areas ⁇ .
  • rights for read / write access to the first storage area as well as permissions for a read access to various of the first storage area of the storage regions at least five memory areas ⁇ .
  • the additional storage area which is different from the at least five storage areas, can be designed such that it complies with the highest security standard of the security standards of the at least five storage areas, thereby ensuring that it meets the highest security goals, ie the highest security standard it is possible to call from each of the at least five memory areas a program part which is suitable for inheritance and which is present in the additional memory area.
  • the security standards of the memory areas of the memory are designed according to the standard ISO 26262 and classified according to ASIL A to D or QM.
  • the safety standards of the individual memory areas can thus be selected according to the standard ISO 26262, which is an ISO standard for safety-relevant electrical / electro ⁇ African systems in motor vehicles.
  • the danger emanating from a program part can be classified with a safety requirement level of QM (quality managed) or ASIL (automotive safety integrity level) Abis D.
  • QM quality managed
  • ASIL automotive safety integrity level
  • the method may further comprise the following steps: The first memory area is blocked if a second program part, which is present in a second memory area of the at least five memory area, is called during the execution of the first program section and the second
  • the second memory area can be disabled again after completion of the execution of the second program part and the first memory area can be released again.
  • this back-blocking can be effected, for example, by a back-command of the second program part or by the end of the commands which represent the second part of the program. to be triggered.
  • the first program part and the related memory area can now be accessed again and executed further.
  • Another embodiment of the invention also provides a control device for a motor vehicle, which has a processor for executing program parts of a safety-relevant function, a memory which is subdivided into at least five memory areas according to different safety standards, for storing program parts of the safety-relevant function has its necessary safety standard and a memory protection ⁇ direction.
  • the memory has an additional memory area, which is different from the at least five memory areas, for storing program parts of the safety-relevant function which are suitable for inheritance, and has the memory protection device of an inheritance unit which is designed to meet a safety standard of a first memory area of at least to inherit corresponding rights to a part of the program suitable for inheritance if, during the processor, a first program part of the safety-relevant function which is present in the first memory area is executed, the program part suitable for inheritance is called.
  • Such a control device has the advantage that with this a control device of a motor vehicle is specified, in which program parts different safety classification of a safety-related function can be performed separately in an efficient manner.
  • Subprograms suitable for inheritance include program parts which contain code for user data, in particular code which transmits user data to the program part, ie program parts which work with inherited rights to user data according to the security standard of a program part calling them and have no own data.
  • Inherited permissions that is to say access rights, are known in data processing and are transferred from an overarching object to an object. This facilitates the management of permissions and ensures the uniform assignment of permissions to all objects within a container, that is, memory areas of the memory. Furthermore, such inheritance methods are used in computer science and digital technology, so that they can be implemented and implemented here in a simple manner and without great expense in the memory protection device.
  • control unit requires neither additional computational effort nor complex processor architectures, especially since the memory protection device is designed to ensure, by inheriting the rights of the calling program part, that no rights of other security standards are violated during the execution of program parts suitable for inheritance.
  • the program parts whose separate sequence is controlled are linked by the fact that in the context of a program part, another of the program parts is called.
  • another program section is called as a subroutine. For example, as a function or as a procedure, which is part of the calling program part or an interruption, for example.
  • rights can be passed on from one calling program part to the called program part, so that it is possible in a simple manner and efficiently to ensure that rights corresponding to other security standards are not due to the course of the program part suitable for inheritance to be influenced.
  • the inheritance unit can be realized both by corresponding hardware components as well as by software.
  • a calling program part can also have several
  • a program part which is suitable for inheritance and which is called by a first program part can likewise call one or more further program parts suitable for inheritance.
  • the sequence of an inheritance of the rights between called, calling, first and suitable for inheritance program parts can be done depending on the situation and according to a hierarchy between the program parts for the situation of a call. For the situation of another call, the hierarchy can be different, so that the order of inheritance of the right can change accordingly depending on the situation of the call.
  • the corresponding safety standard of the first Spei ⁇ cher Maschinench Rights for LE SE / write access to the first memory area and rights for a read access to memory areas other than the first memory area of the at least five memory areas ⁇ include.
  • the inheritance unit according to the invention makes it possible to counteract this danger in a simple and efficient manner.
  • the additional storage area other than the at least five storage areas may correspond to a highest security standard of the security standards of the at least five storage areas, which can ensure that it meets the highest security goals, ie the highest security standard, and from each of the at least five Memory areas a suitable for inheritance, present in the additional memory area program part can be called.
  • the security standards of the at least five memory areas of the memory can again be designed according to the standard ISO 26262 and classified according to ASIL A to D or QM.
  • the safety standards of the individual memory areas can thus be selected according to the standard ISO 26262, which is an ISO standard for safety-related electrical ⁇ cal / electronic systems in motor vehicles.
  • the danger emanating from a program part can be combined with a
  • the memory protection device an access unit for controlling access to the at least five storage regions, such that the access ⁇ unit locks the first memory area and releasing a second memory area of the at least five storage areas, if during execution of the first program part, a second part of the program which is present in the second memory area is called.
  • the control unit is designed by the access unit to block access to the first memory area and thus in particular to write data into the first memory area through the second memory area Program part is not possible while the second part of the program is being executed.
  • the efficiency in operating safety-related functions on the control unit can be further increased.
  • exceptions are handler to action such exception, that is a call to a second part of the program while a first process is executed program part, known in the computer science and the Digi ⁇ taltechnik and common, so this function here simply and easily can be implemented or implemented.
  • the access unit can be further configured to block the second memory area after completion of execution of the second program part and to release the first memory area again.
  • This reverse blocking can be triggered, for example, by a reverse blocking command of the second program part or by the end of the commands representing the second program part.
  • the first program part and the related memory area can now be accessed again and executed further.
  • a motor vehicle is specified, which has a control unit described above.
  • Such a motor vehicle has the advantage that it has a control unit in which program parts of different safety classification of a safety-relevant function can be carried out separately in an efficient manner.
  • Inherited permissions that is to say access rights
  • Inherited permissions are known in data processing and are transferred from an overarching object to an object. This facilitates the management of permissions and ensures the uniform assignment of permissions to all objects within a container, that is, memory areas of the memory.
  • inheritance methods in computer science and digital technology are in use, so that they can be implemented and implemented easily and without great effort in the memory protection device of the control unit of the motor vehicle.
  • control unit requires neither additional computational nor complex processor architectures, especially since the memory protection device of the control unit of the motor vehicle is designed to ensure by inheritance of the rights of the calling program part that no rights of other security standards are violated during the execution of suitable for inheritance program parts.
  • the program parts whose separate sequence is controlled, are linked by the fact that in the context of a program part, another of the program parts is called.
  • another program part is called as a subprogram, for example as a function or as a procedure, which For example, part of the calling program part or an interruption.
  • Safety-relevant functions in the area of the motor vehicle which can be carried out by such a control unit of the motor vehicle, are in particular program parts for implementing functions in the area of the drive train or functions of the drive train or functions of other vehicle-specific applications, such as steering system, vehicle or occupant safety systems, function of Internal combustion engine, an electric motor, an elec ⁇ cal, electromechanical, or mechanical braking device of the motor vehicle or an electric steering drive.
  • Other functions related to the optical or acoustically ⁇ tables displaying operating states which states are the aforementioned functions.
  • the present invention provides a method for operating a control device of a motor vehicle, by means of which program parts different safety classification of a safety-related function can be performed in an efficient manner separated and which neither additional computational effort in the execution of safety-relevant functions nor consuming Requires processor architectures to perform the safety-related functions.
  • a program part is called as a function of another program part, rights of a calling program part can be forwarded to the called program part, so that the control unit can guarantee in a simple manner and efficiently, no rights of others
  • FIG. 1 shows a schematic block diagram of the controlling unit of a motor vehicle in accordance with execution ⁇ form of the invention
  • FIG. 2 shows a flow chart of a method for operating a control unit of a motor vehicle according to embodiments of the invention.
  • the control unit 1 has a memory 2 for storing program parts 3, 4, 5, 6, 7 of safety-relevant functions, the memory 2 being divided into five memory areas 8, 9, 10, 11, 12, which respectively correspond to a difference union under ⁇ safety standard, is for storing program parts 3,4,5,6,7 safety-related function is divided.
  • all the program parts of the memory area 8, that is, the program part 3, to a first security level ⁇ ordered while the program parts 4 of the memory area 9 are assigned to another security level, and in turn the program part 5 of the memory area 10 another, to the program parts 3, 4 different security level assigned.
  • a processor 13 for executing the program parts 3, 4, 5, 6, 7 of a safety-relevant function can also be recognized.
  • the security level of each program part 3,4,5,6,7 it is necessary in this case that the parts of the program influences 3,4,5,6,7 different security classification ⁇ during the course not mutually be ⁇ .
  • the control unit 1 further has a memory protection device 14 for this purpose.
  • the memory protection device 14 is part of the processor 13.
  • the memory protection device 14 can also be designed to be separate from the processor 13, for example by hardware components that are directly connected to the processor 13.
  • the memory 2 of the controller 1 of Figure 1 from the processor 13 formed separately.
  • the memory 2 may also be integrated into the processor 13.
  • the memory 2 in this case has an additional memory area 15 which is different from the five memory areas 8, 9, 10, 11, 12 and in which program sections suitable for inheritance are present.
  • the memory protection device shown an inheritance unit 17 which is adapted to a safety standard of a first storage area 8 of the we ⁇ nigstes five memory areas 8, 9, 10, 11, 12 corresponding rights to inherit a medium appropriate for inheritance program portion 16, if during the processor 13 executes a first program part 3 of the safety-relevant function which is present in the first memory area 8, the program part 16 suitable for inheritance is called.
  • the inheritance unit 17 can be realized both by corresponding hardware components as well as by software.
  • program parts which contain code for user data are understood as program parts suitable for inheritance, ie program parts which work with inherited rights to user data in accordance with the security standard of a program part calling them and have no own data.
  • a further program part 16 is called within the scope of a program part 3.
  • a further program part 16 is called as a subroutine, for example as a function or as a procedure, which for example is part of the calling program part 3 or else an interrupt and works on user data.
  • rights from the calling program part 3 are forwarded to the called program part 16, so that the control unit 1 can easily and efficiently ensure that rights corresponding to other security standards are fulfilled by the sequence of the program part suitable for inheritance and vice versa is not affected.
  • a calling program part can also call several program parts, so that one or more program parts suitable for inheritance can exist.
  • Several calling program parts can be made that call one or more Pro ⁇ gram parts, which may be different.
  • a program part that is called by a first program part can also call one or more further program parts.
  • the sequence of an inheritance of the access rights between on ⁇ called, calling, first and suitable for inheritance program parts can be made depending on the situation and according to a hierarchy between the program parts for the situation of a call. For the situation of another call, the hierarchy may be different, so that the order of inheritance of the access right can accordingly change depending on the situation of the call.
  • control unit 1 requires, compared to other known control devices for operating safety-related functions, neither additional computational effort in the execution of safety-relevant functions nor complex processor architectures for executing the safety-relevant
  • the additional memory area 15 also corresponds to the highest security standards of the security standards of the five memory areas 8, 9, 10, 11, 12.
  • the security standards of the five memory areas 8, 9, 10, 11, 12 of the memory 2 of FIG. 1 are designed according to the ISO 26262 standard and classified according to ASIL A to D or QM.
  • the safety standards of the individual storage areas are designed according to the ISO 26262 standard and classified according to ASIL A to D or QM.
  • the memory protection device 14 additionally has an access unit 18 for controlling access to the at least five memory areas 8, 9, 10, 11, 12 such that the access unit 18 blocks the first memory area 8 and releases the second memory area 9, if, during the execution of the first program part 3, a second program part 4 is called, which is present in a second memory area 9.
  • the access unit 18 according to Figure 1 is formed as the exception handler ⁇ 19th In this case, by the call of the second program part 4, while the first program part 3 is executed, triggered by the memory protection device 14 an exception.
  • the exception handler 19 detects this exception and locks the first memory area 8. Furthermore, the exception handler 19, preferably with or after the lock, releases the second memory area 9 for access and in particular for execution by the processor 14.
  • the access unit 18 of Figure 1 is further configured to lock the second memory area 9 after completion of the execution of the second program part 4 and release the first memory area 8 again.
  • a blocking command is generated at the end of the execution of the second program part 4, which is also regarded by the exception handler 19 as a call and utilized.
  • FIG. 2 shows a flow chart of a method 20 for operating a control device of a motor vehicle according to an embodiment of the invention.
  • control unit in this case has a memory for storing program parts of a safety-related function, wherein the memory in at least five areas of memory which is in each case a different security standard entspre ⁇ chen divided for storing program parts of the safety-relevant function according to their required safety standard.
  • the method 20 has the following steps: Thus, in a first step 21, program parts of the safety-relevant function that are suitable for inheritance are initially stored in an additional one of the at least five memory areas stored in different memory area of the memory. In a following step 22, a first program part of the safety-relevant function is executed, which is present in a first memory area of the memory and a
  • Security standard of the first memory area has corresponding rights.
  • step 23 it is detected whether a program part suitable for inheritance is called during the execution of the first program part of the safety-relevant function. If a program part suitable for inheritance is called, then in a step 24 the rights corresponding to the security standard of the first memory area are inherited by the program part suitable for inheritance, and in a step 25 the program part suitable for inheritance is executed.
  • program parts which contain code for user data are understood as program parts suitable for inheritance, ie program parts which work with inherited rights to user data in accordance with the security standard of a program part calling them and have no own data.
  • step 23 If it is detected in step 23 that a program part suitable for inheritance is called, the method continues with steps 24 and 25.
  • Turn the safety standard of the first memory area ent ⁇ speaking rights include rights for doing a read / write access to the first storage area and
  • the additional storage area again has a highest security standard of the security standards of the at least five storage areas.
  • it is detected in a step 26 whether there is a second program part of the safety-relevant function which is present in a second memory area of the at least five memory areas is called.
  • step 23 If it is detected in step 23 that no second program part of the safety-relevant function which is present in a second memory area of the at least five memory areas is called, 22 and 23 are executed repeatedly.
  • the first memory area is blocked in a step 27 with calls of the second program part and in a step 28 the second memory part
  • the second memory area is blocked and the first memory area is released again as soon as the execution of the first memory area has ended.
  • access to the second memory area is furthermore blocked continuously while the first program section is being executed and access to the first memory area is continuously blocked while the second program section is being executed.

Abstract

L'invention concerne un procédé permettant de faire fonctionner un dispositif de commande d'un véhicule automobile qui comporte une mémoire servant à stocker des parties de programme d'une fonction concernant la sécurité. Cette mémoire est divisée en au moins cinq zones mémoire correspondant chacune à une norme de sécurité différente afin de stocker les parties de programme de la fonction concernant la sécurité en fonction de leur norme de sécurité nécessaire. Le procédé (20) comprend les étapes consistant à : ‑ mémoriser (21) les parties de programme aptes à hériter de la fonction concernant la sécurité dans une zone mémoire supplémentaire, différente desdites au moins cinq zones mémoires, de la mémoire ; exécuter (22) une première partie de programme d'une fonction concernant la sécurité, ladite première partie de programme étant contenue dans une première zone de la mémoire et comportant des droits qui correspondent à une norme de sécurité de la première zone mémoire ; appeler (23) une partie de programme apte à hériter de la fonction concernant la sécurité pendant l'exécution de la première partie de programme ; transmettre (24) les droits correspondants à la norme de sécurité de la première zone mémoire à la partie de programme apte à hériter ; ‑ exécuter (25) la partie de programme apte à hériter.
PCT/EP2014/071644 2013-10-15 2014-10-09 Procédé pour faire fonctionner un dispositif de commande d'un véhicule automobile et dispositif de commande pour véhicule automobile WO2015055498A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
DE102013220900.2 2013-10-15
DE102013220900 2013-10-15
DE102013226872.6 2013-12-20
DE201310226872 DE102013226872A1 (de) 2013-10-15 2013-12-20 Verfahren zum Betreiben eines Steuergerätes eines Kraftfahrzeuges und Steuergerät für ein Kraftfahrzeug

Publications (1)

Publication Number Publication Date
WO2015055498A1 true WO2015055498A1 (fr) 2015-04-23

Family

ID=52738098

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/071644 WO2015055498A1 (fr) 2013-10-15 2014-10-09 Procédé pour faire fonctionner un dispositif de commande d'un véhicule automobile et dispositif de commande pour véhicule automobile

Country Status (2)

Country Link
DE (1) DE102013226872A1 (fr)
WO (1) WO2015055498A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102021208681A1 (de) 2021-08-10 2023-02-16 Volkswagen Aktiengesellschaft Steuergerät für ein Kraftfahrzeug und Verfahren zum Aktualisieren eines Steuergeräts

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1168184A1 (fr) * 2000-06-28 2002-01-02 STMicroelectronics S.A. Microprocesseur sécurisé comprenant un systeme d'attribution de droits a des librairies
DE102009019792A1 (de) 2009-05-02 2010-11-04 Leopold Kostal Gmbh & Co. Kg Steuersystem zum sicheren Betreiben von mindestens einer Funktionskomponente

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1168184A1 (fr) * 2000-06-28 2002-01-02 STMicroelectronics S.A. Microprocesseur sécurisé comprenant un systeme d'attribution de droits a des librairies
DE102009019792A1 (de) 2009-05-02 2010-11-04 Leopold Kostal Gmbh & Co. Kg Steuersystem zum sicheren Betreiben von mindestens einer Funktionskomponente

Also Published As

Publication number Publication date
DE102013226872A1 (de) 2015-04-16

Similar Documents

Publication Publication Date Title
EP2907072B1 (fr) Procédé de commande d'un déroulement séparé de blocs de programme enchaînés et appareil de commande
EP2422244B1 (fr) Commande de sécurité et procédé de commande d'une installation automatisée
DE102007045398A1 (de) Integriertes Mikroprozessorsystem für sicherheitskritische Regelungen
DE102018126270A1 (de) Dezentralisierte fahrzeugsteuerung der minimalen risikobedingung
EP2698678B1 (fr) Technique de configuration pour un appareil de commande avec des applications communiquant entre elles
EP3948468A1 (fr) Dispositif de commande pour un véhicule, procédé de test d'un élément de programme d'une fonction de véhicule et véhicule automobile comprenant un dispositif de commande
EP1999521B1 (fr) Appareil de terrain
WO2007025816A2 (fr) Systeme de memoire et son mode de fonctionnement
EP2422248B1 (fr) Système et procédé de répartition de données de projets d'un controlleur de sécurité d'une installation automatisée aux composants de commande
DE60312041T2 (de) Tcet-expander
WO2015055498A1 (fr) Procédé pour faire fonctionner un dispositif de commande d'un véhicule automobile et dispositif de commande pour véhicule automobile
DE112019007853T5 (de) Steuereinrichtung
DE102012221277A1 (de) Fahrzeugsteuervorrichtung
DE102013016114B3 (de) Bussystem und Verfahren für geschützte Speicherzugriffe
EP2667268A1 (fr) Procédé destiné au fonctionnement d'un appareil d'automatisation
DE102022204597A1 (de) Steuerung und fehlerdiagnose von antriebsstrangkomponenten
WO2008128710A1 (fr) Dispositif de commande pour véhicules
DE102016224206A1 (de) Fahrzeugsteuervorrichtung
EP2524333A1 (fr) Procédé pour permettre d'obtenir un compteur fiable sur un appareil terminal
DE102019208729A1 (de) Verfahren zum Sicherstellen und Aufrechterhalten der Funktion eines sicherheitskritischen Gesamtsystems
DE102006054705A1 (de) Verfahren zum Betreiben einer Recheneinheit
WO2007065585A1 (fr) Procede et dispositif de diagnostic oriente fonction d'un systeme comportant des composants mis en reseau
EP2775363B1 (fr) Procédé d'intégration d'applications dans une commande d'un chariot élévateur
DE112017003049T5 (de) Softwareverriegelung
DE102022212057A1 (de) Verfahren zur Analyse von funktionalen Pfaden für ein eingebettetes System, Vorrichtung zur Datenverarbeitung, Computerprogramm und computerlesbarer Datenträger

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14787118

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14787118

Country of ref document: EP

Kind code of ref document: A1