WO2017125182A1 - Procédé de mise à jour du logiciel d'un appareil de commande, de préférence pour un véhicule à moteur - Google Patents

Procédé de mise à jour du logiciel d'un appareil de commande, de préférence pour un véhicule à moteur Download PDF

Info

Publication number
WO2017125182A1
WO2017125182A1 PCT/EP2016/077996 EP2016077996W WO2017125182A1 WO 2017125182 A1 WO2017125182 A1 WO 2017125182A1 EP 2016077996 W EP2016077996 W EP 2016077996W WO 2017125182 A1 WO2017125182 A1 WO 2017125182A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
flash
updated
stored
flash application
Prior art date
Application number
PCT/EP2016/077996
Other languages
German (de)
English (en)
Inventor
Alexander Vensmer
Markus Petri
Gunnar Piel
Tom Schilli
Thomas Wendel
Michael Hauser
Uwe Heller
Original Assignee
Robert Bosch Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch Gmbh filed Critical Robert Bosch Gmbh
Publication of WO2017125182A1 publication Critical patent/WO2017125182A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/656Updates while running

Definitions

  • the present invention relates to a method for updating software of a control device, preferably for a motor vehicle, according to the preamble of the independent claim.
  • a generic method is known for example from WO 2005/004160 A2.
  • a software update of a control unit by means of a flash programming of a multi-segment flash memory of the control unit via a serial interface, a request to be made to the flash programming is defined, a sequence of the flash programming by states and transitions of the Software-defined state machines specified and availability, security and
  • ECUs Automated electronic control units in automobiles often have the ability to update the software of the ECU or parts of this software.
  • microcontrollers
  • flash memory electrically erasable memory
  • flashloader or flashbootloader FBL
  • FBL flashbootloader
  • Diagnostic communication uses a specific diagnostic protocol. For reprogramming the software finds a change in the so-called Programming mode instead. This mode change involves that
  • Diagnostic communication is used, for example, to perform a clear memory and to transfer new software and flash.
  • ECU functions are not available because the corresponding software is not running. During the flash process, even if only parts of the software are updated, no additional application functions can be executed because the flashbootloader is unable to do so. Due to the distribution of software functions to different ECUs and the requirement to be able to update software parts not only in the workshop, but also over radio links over distances, there is a desire
  • the inventive method according to the features of the independent claim has the advantage that, for example, during an update of an air conditioning function at least one important vehicle function such as the function of central locking or terminal control can be maintained.
  • memory does not have to be stored redundantly.
  • the electrically writable memory is divided into blocks.
  • a block is the smallest, erasable unit.
  • the problem is that the blocks of a partition can not be accessed (execute code, read data), while within this partition an Erase or. Delete operation or a write operation is performed. This has the consequence that a sensible division of software or. application
  • the basic software consists of an application software and a Flashbootloader.
  • the Flashbootloader is used to update all parts of the software.
  • the application software also includes a Flash application. This flash application is capable of processing the requirements with respect to the communication, for example with a master, preferably via the diagnostic communication, and for example a
  • the Flash application stops the application to be updated, replaces it (delete, write) and then restarts it, if necessary after an initialization. During this process, other application functions can continue to run.
  • FIG. 1 shows the schematic structure of the control device with flash
  • FIG. 2 shows a sequence diagram of the flash application
  • FIG. 3 Flash phases with flash application as well
  • FIG. 4 shows an exemplary partitioning of the electrically erasable
  • a control unit 10 comprises at least one microcontroller 12. In the
  • Microcontroller 12 is at least one electrically erasable memory 14
  • applications 20 are stored. These are programs that perform certain functions that are particularly associated with a motor vehicle. It is therefore a multiplicity of applications 20.1, 20. n, 20.x such as a program for a central locking, a
  • Terminal control a door control, a heating control, a
  • the corresponding applications 20 run in the control unit 10.
  • the control unit 10 is, for example, via a bus system
  • components 19 are, for example, vehicle components which are controlled as a function of the applications 20, such as, for example, the
  • Flashbootloader 16 is used for deleting and / or rewriting software specific programs or applications 20 as follows. As already stated in the prior art, it has been customary in a
  • a flash application 22 is provided. This is also like the other applications 20 in electrically erasable
  • This flash application 22 is now able to target certain applications 20. n, 20.x or to control and / or their software or
  • FIG. 2 shows by way of example the course of the updating of a
  • a master 23 for the flash process sends a corresponding programming command to the flash application 22 in a step 101.
  • the flash application 22 stops the application 20.x to be updated.
  • will / will be the one
  • Application (s) 20. n located on the same partition 40 of the electrically erasable memory 14 as the application 20.x to be updated. However, application 20.1 is not stopped because it is an important application that should continue to run.
  • Application 20.1 is also not located on the same partition 40 as the application 20. x.
  • the stop command (step 103) corresponds to the continuous arrow 34 in FIG. 3.
  • the flash application 22 reports a corresponding response to the master 23 in step
  • the master 23 sends a delete command to the flash application 22 in a step 109.
  • corresponding blocks in the electrically erasable memory 14, which are associated with the application 20.x to be updated are deleted.
  • the deletion takes place by means of the flash application 22.
  • the flash application 22 sends a corresponding response to the master 23, step 1. 13.
  • the master 23 then transmits updated data or software to the flash application 22 , Step 1 14.
  • the Flash application 22 describes or causes the
  • step 1 18. Erase and override according to the steps 1 1 1, 1 16 corresponds to the dot-dashed arrow 36 in Figure 3. Then, the master 23 sends a command to the flash application 22, in a default Mode, step 120. the default mode causes the
  • Flash application 22 an initialization command to the updated application 20.x, step 122 to send. After initialization, the updated application 20.x gives a corresponding feedback to the flash application 22, step 124. The flash application 22 then sends a corresponding start command to the stopped applications 20.x, 20.n, step 128. This
  • Start command corresponds to the dashed arrow 38 in Figure 3.
  • the launched applications 20.x, 20. n give a corresponding Feedback to the flash application 22, step 128.
  • the flash application 22 passes this positive feedback to the master 23.
  • the master 23 can be, for example, a diagnostic tester that is used in the workshop. Alternatively, however, it could also be other control devices that record wirelessly with the control unit 10, for example.
  • FIG. 3 shows schematically the different hardware or. Software layers. A corresponding
  • Hardware 32 includes, for example, the microcontroller 12 with electrically erasable memory 14. It runs a basic software 26, via which the contact between the flash application 22 and the applications to be influenced 20. n, 20.x takes place. In addition, a real-time environment 24 is provided on which the applications 20 can be operated in quasi real-time.
  • FIG. 4 shows, by way of example, the structure and assignment of the electrically erasable memory 14.
  • four partitions 40, 41, 42, 43 are provided, a plurality of blocks 45 are located in one partition.
  • a block 45 is the smallest erasable unit of electrically erasable memory 14. Blocks 45 of a partition 40-43 can not be accessed (execute code, read data) if during this partition 40-43 an erase or write operation is performed , This has the consequence that a meaningful division of the applications 20 on the available partitions 40-43
  • the flash application 22 is now located on the first partition 41 together with a so-called basic application 20.1, which is also to be executed when updating an application 20.x to be updated updated
  • application 20.x is located on a different partition, for example the zeroth partition 40.
  • the basic software 26 could also be stored in the first partition 41.
  • two flash bootloaders 16, 16.1, 16.2, preferably on different partitions could also be located on the partitions 40, 41.
  • all applications 20 in the electrically erasable memory 14 would have to be closed, as well as the
  • Basic application 20.1 or all programs stored on partitions 40-43 are closed. The same also applies to the basic software 26 or the operating system 28.
  • the provision of only a single flash boot loader 16 would be equally possible.
  • the flash application 22 is capable of accepting the requirements relating to diagnostic communication or communication with the master 23 and / or the applications 20. As described, it is capable of starting a delete operation and / or writing data. It is also able to stop applications 20 to be replaced
  • Add operating states such as a so-called default mode and / or a flash mode.
  • the scheduling is influenced and the respective application 20 is started or stopped.
  • all applications 20 from the flash partition 40 to be updated are not executed during the flash process.
  • each application 20 must satisfy at least one simple interface, via which it is driven by the flash application 22.
  • These commands are initialization or activation 36 and / or starting 38 and / or stopping 34 (compare steps 103 - stop, step 122 - initialization, step 126 - start).
  • the method with the associated device preferably finds application in the updating of software of a control device, in particular for motor vehicles, wherein it must be ensured that certain applications 20 continue to be executed during the updating of the software or further applications.
  • This update could either be via a
  • Diagnostic tester example in the workshop or wirelessly be initiated by a remote control function remotely as the master 23.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

L'invention concerne un procédé de mise à jour du logiciel d'un appareil de commande (10), notamment pour des véhicules à moteur, selon lequel l'appareil de commande (10) comporte au moins un microcontrôleur (12) pourvu d'au moins une mémoire électriquement effaçable (14), le microcontrôleur (12) pouvant exécuter différentes applications (20; 20,1, 20.n, 20.x) qui sont enregistrées dans la mémoire électriquement effaçable (14), au moins une application flash (22) étant enregistrée dans la mémoire effaçable électriquement (14), ladite application flash (22) effectuant la mise à jour et/ou la commande d'au moins une application (20.x) destinée à être mise à jour, pendant qu'au moins une autre application (20.1) est en cours d'exécution.
PCT/EP2016/077996 2016-01-20 2016-11-17 Procédé de mise à jour du logiciel d'un appareil de commande, de préférence pour un véhicule à moteur WO2017125182A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102016200711.4 2016-01-20
DE102016200711.4A DE102016200711A1 (de) 2016-01-20 2016-01-20 Verfahren zum Aktualisieren von Software eines Steuergerätes, vorzugsweise für ein Kraftfahrzeug

Publications (1)

Publication Number Publication Date
WO2017125182A1 true WO2017125182A1 (fr) 2017-07-27

Family

ID=57354358

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2016/077996 WO2017125182A1 (fr) 2016-01-20 2016-11-17 Procédé de mise à jour du logiciel d'un appareil de commande, de préférence pour un véhicule à moteur

Country Status (2)

Country Link
DE (1) DE102016200711A1 (fr)
WO (1) WO2017125182A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020099023A3 (fr) * 2018-11-12 2020-08-13 Bayerische Motoren Werke Aktiengesellschaft Appareil de commande pour un composant de véhicule, kit comprenant un appareil de commande et un dispositif d'essai, véhicule, procédé pour la mise à jour d'un appareil de commande et support de stockage lisible par ordinateur

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111133412A (zh) 2017-07-25 2020-05-08 奥罗拉实验室有限公司 基于工具链构建车辆ecu软件的软件增量更新和异常检测
AU2020242588B2 (en) * 2019-03-18 2023-07-06 Inventio Ag Security device for building-related passenger conveyor system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090125897A1 (en) * 2007-11-14 2009-05-14 Continental Teves, Inc. Systems and Methods for Updating Device Software
US20140025870A1 (en) * 2011-02-09 2014-01-23 Continental Automotive Gmbh Computer reprogramming method, data storage medium and motor vehicle computer

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1639603A2 (fr) 2003-06-24 2006-03-29 Robert Bosch Gmbh Procede permettant la mise a jour d'un logiciel d'appareil de commande electronique par une programmation flash via une interface serielle et un automate d'etat correspondant

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090125897A1 (en) * 2007-11-14 2009-05-14 Continental Teves, Inc. Systems and Methods for Updating Device Software
US20140025870A1 (en) * 2011-02-09 2014-01-23 Continental Automotive Gmbh Computer reprogramming method, data storage medium and motor vehicle computer

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020099023A3 (fr) * 2018-11-12 2020-08-13 Bayerische Motoren Werke Aktiengesellschaft Appareil de commande pour un composant de véhicule, kit comprenant un appareil de commande et un dispositif d'essai, véhicule, procédé pour la mise à jour d'un appareil de commande et support de stockage lisible par ordinateur

Also Published As

Publication number Publication date
DE102016200711A1 (de) 2017-07-20

Similar Documents

Publication Publication Date Title
DE102005013285B4 (de) Verfahren zum Konfigurieren eines Steuergeräts und Steuergerät
DE19964013B4 (de) Verfahren und Vorrichtung zur Steuerung von Betriebsabläufen in einem Fahrzeug
DE10027006B4 (de) System zur Steuerung / Regelung der Betriebsabläufe bei einem Kraftfahrzeug und ein Verfahren zum Starten eines solchen Systems
WO2005064546A1 (fr) Enregistrement de donnees dans une automobile
DE102020110271B3 (de) Steuergerät für ein Fahrzeug und Verfahren zum Testen eines Programmelements einer Fahrzeugfunktion sowie Kraftfahrzeug mit einem Steuergerät
EP3128383B1 (fr) Appareil de terrain
WO2017125181A1 (fr) Procédé de mise à jour du logiciel d'un appareil de commande, de préférence pour un véhicule à moteur
WO2017125182A1 (fr) Procédé de mise à jour du logiciel d'un appareil de commande, de préférence pour un véhicule à moteur
EP0997347B1 (fr) Procédé et système pour changer le mode d'opération d'un appareil de commande d'un véhicule
DE19931184A1 (de) Verfahren und Vorrichtung zur Veränderung des Speicherinhalts von Steuergeräten
WO2017050557A1 (fr) Systeme et procédé de distribution et/ou de mise à jour de logiciels dans des dispositifs de commande en réseau d'un véhicule
WO2017178211A1 (fr) Procédé de mise en oeuvre d'un dispositif de commande d'un véhicule, dispositif de commande, système de mise en oeuvre, véhicule à moteur
DE102005009639A1 (de) Verfahren und Vorrichtung zum Sichern individueller Einstellungsdaten
DE10234063B4 (de) Verfahren zum variantenspezifischen Programmieren eines Programm- und Datenspeichers eines Steuergeräts, insbesondere eines Steuergeräts eines Kraftfahrzeugs, sowie Vorrichtung zur Durchführung des Verfahrens
EP0664387B1 (fr) Procédé pour changer la mode de travail d'un appareil de commande dans les voitures automobiles
EP2052300B1 (fr) Procede de programmation d'un module de commande d'un vehicule automobile
DE102011055087A1 (de) Verfahren zur Durchführung einer Neuprogrammierung eines Steuergeräts in einem Kraftfahrzeug
EP2367084A1 (fr) Procédé de configuration d'un dispositif de commande d'une installation d'automatisation industrielle et composants pour une installation d'automatisation industrielle
EP1187011A2 (fr) Méthode pour la programmation d'une unité de commande
DE10039766B4 (de) Verfahren zum Steuern von Betriebsparametern eines Fahrzeugs
DE102007059355A1 (de) Verfahren zum Betreiben eines Steuergerätes und Steuergerät
DE10007610A1 (de) Verfahren zur Programmierung eines Steuergerätes
WO2020099023A2 (fr) Appareil de commande pour un composant de véhicule, kit comprenant un appareil de commande et un dispositif d'essai, véhicule, procédé pour la mise à jour d'un appareil de commande et support de stockage lisible par ordinateur
DE102004052438A1 (de) Service-Programmiergerät
EP1967920A1 (fr) Procédé de mise à jour logicielle dans un système d'automatisation à base de FPGAs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16798467

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16798467

Country of ref document: EP

Kind code of ref document: A1