WO2022244588A1 - 車両用電子制御装置、更新プログラム及びデータ構造 - Google Patents
車両用電子制御装置、更新プログラム及びデータ構造 Download PDFInfo
- Publication number
- WO2022244588A1 WO2022244588A1 PCT/JP2022/018438 JP2022018438W WO2022244588A1 WO 2022244588 A1 WO2022244588 A1 WO 2022244588A1 JP 2022018438 W JP2022018438 W JP 2022018438W WO 2022244588 A1 WO2022244588 A1 WO 2022244588A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- update
- execution
- unit
- installation
- activation
- Prior art date
Links
- 238000012545 processing Methods 0.000 claims abstract description 122
- 238000000034 method Methods 0.000 claims abstract description 121
- 238000009434 installation Methods 0.000 claims abstract description 65
- 230000004913 activation Effects 0.000 claims abstract description 58
- 238000001994 activation Methods 0.000 claims description 86
- 230000008569 process Effects 0.000 claims description 75
- 238000011900 installation process Methods 0.000 claims description 37
- 230000005540 biological transmission Effects 0.000 claims description 33
- 238000007726 management method Methods 0.000 description 61
- 238000004891 communication Methods 0.000 description 32
- 230000006870 function Effects 0.000 description 24
- 238000010586 diagram Methods 0.000 description 8
- 238000012546 transfer Methods 0.000 description 8
- 238000001514 detection method Methods 0.000 description 6
- 238000003745 diagnosis Methods 0.000 description 5
- 238000013500 data storage Methods 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000000275 quality assurance Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R16/00—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
- B60R16/02—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
Definitions
- the present disclosure relates to a vehicle electronic controller, an update program, and a data structure.
- nodes there are a wide variety of nodes that can be updated, and the software update methods may differ.
- ADAS Advanced Driving Assistant System
- data is transferred by high-speed file communication and the drive system node software for vehicle driving is updated.
- the update method is different, such as data transfer by diagnostic communication. Therefore, in one piece of campaign information, the software of multiple update target nodes may be updated using different update methods. In such a case, if a plurality of update methods are executed simultaneously without properly managing the update order, there is a risk that the software will be updated in an unintended combination.
- An object of the present disclosure is to update software appropriately when updating the software of multiple update target nodes using different update methods.
- the first execution instruction unit instructs the download processing execution unit, which executes download processing for downloading update data from the outside, to execute download processing.
- the second execution instructing unit instructs an update target node, which performs an installation process for installing update data and generating updated software and an activation process for validating the updated software, to perform the installation process and the activation process.
- Instruct execution The execution requesting unit transmits an execution request to the first execution instructing unit or the second execution instructing unit for each update method, and requests execution of any one of download processing, installation processing, and activation processing for each update method. .
- FIG. 1 is a diagram showing the overall configuration of one embodiment
- FIG. 2 is a diagram showing the electrical configuration of the CGW
- FIG. 3 is a diagram showing the electrical configuration of the ECU
- FIG. 4 is a functional block diagram of the CGW
- FIG. 5 is a diagram showing transmission targets of the execution request among the specification data.
- FIG. 6 is a diagram showing the transmission order of execution requests in the specification data;
- FIG. 7 is a diagram (part 1) showing the flow of processing;
- FIG. 8 is a diagram (part 2) showing the flow of processing;
- FIG. 9 is a flowchart (part 1)
- FIG. 10 is a flowchart (part 2)
- FIG. 11 is a flowchart (Part 3)
- FIG. 12 is a flowchart (part 4)
- FIG. 13 is a flowchart (part 5)
- FIG. 14 is a flowchart (Part 6)
- FIG. 15 is a flowchart (part 7).
- a vehicle electronic control system is a system capable of updating software such as vehicle control and diagnosis installed in an electronic control unit (hereinafter referred to as an ECU (Electronic Control Unit)) by OTA (Over The Air).
- Software includes programs and data for realizing functions such as vehicle control and diagnosis, and can also be expressed as an application.
- a case of updating software for vehicle control, diagnosis, etc. will be described, but the present invention can also be applied to, for example, updating a map application and map data used by the map application.
- the vehicle electronic control system 1 has a center device 3 on the communication network 2 side, and a vehicle side system 4 and a display terminal 5 on the vehicle side.
- the communication network 2 includes, for example, a mobile communication network such as a 4G line, the Internet, WiFi (Wireless Fidelity) (registered trademark), and the like.
- a display terminal 5 as an HMI (Human Machine Interface) is a terminal having a function of receiving operation input from a user and a function of displaying various screens.
- This is an in-vehicle display 7 arranged indoors.
- the mobile terminal 6 can perform data communication with the center device 3 via the communication network 2 as long as it is within the communication range of the mobile communication network.
- the in-vehicle display 7 is connected to the vehicle-side system 4 and may be configured to also serve as a navigation function.
- the on-vehicle display 7 may be an on-vehicle display ECU having an ECU function, or may have a function of controlling display on a center display, a meter display, or the like.
- the user can input operations while checking various screens related to software update on the portable terminal 6, and can perform procedures related to software update.
- the user can input operations while confirming various screens related to software update on the in-vehicle display 7, and can perform procedures related to software update. That is, the user can use the portable terminal 6 and the vehicle-mounted display 7 separately outside the vehicle and inside the vehicle, and perform procedures related to software update.
- the center device 3 functions as an OTA center that controls software update functions on the communication network 2 side in the vehicle electronic control system 1 and provides OTA services.
- the center device 3 has a file server 8, a web server 9, and a management server 10, and the servers 8 to 10 are configured to be able to communicate data with each other.
- the center device 3 includes a plurality of servers with different functions.
- the file server 8 is a server that manages software files distributed from the center device 3 to the vehicle-side system 4 .
- the file server 8 stores update data provided by a supplier or the like who is a provider of software distributed from the center device 3 to the vehicle-side system 4, specification data provided by an OEM (Original Equipment Manufacturer), vehicle-side system 4 to manage the vehicle status and the like.
- the file server 8 is capable of data communication with the vehicle-side system 4 via the communication network 2, transmits campaign information to the vehicle-side system 4, and transmits specification data to the vehicle-side system 4. Further, when the file server 8 receives a package data download request from the vehicle-side system 4 , the file server 8 transmits package data in which update data is packaged to the vehicle-side system 4 .
- Package data includes compressed zip files.
- the file server 8 transmits package data in which the specification data and the update data are packaged to the vehicle side system 4, so that the specification data and the update data can be sent to the vehicle side system 4 at the same time. good.
- the web server 9 is a server that manages web information.
- the web server 9 transmits web data managed by itself in response to a request from the web browser of the mobile terminal 6 or the like.
- the management server 10 is a server that manages the personal information of users registered with a software update service, the update history of software for each vehicle, and the like.
- the vehicle-side system 4 has a vehicle master device 11 .
- the vehicle master device 11 controls the software update function of the vehicle in the vehicle electronic control system 1 and functions as an OTA master.
- the vehicle master device 11 has a DCM (Data Communication Module) 12 and a CGW (Central Gate Way) 13 .
- the DCM 12 performs data communication with the center device 3 via the communication network 2 and corresponds to a download processing execution unit.
- the CGW 13 functions as a gateway ECU and corresponds to a vehicle electronic control unit.
- the DCM 12 and the CGW 13 are connected via the first bus 14 so as to be capable of data communication.
- FIG. 1 illustrates a configuration in which the DCM 12 and the vehicle-mounted display 7 are connected to the same first bus 14, the DCM 12 and the vehicle-mounted display 7 may be connected to separate buses. Also, the configuration may be such that the CGW 13 has part or all of the functions of the DCM 12 , or the DCM 12 may have part or all of the functions of the CGW 13 .
- the DCM 12 and the CGW 13 may share functions in any way.
- the vehicle master device 11 may be composed of two ECUs, the DCM 12 and the CGW 13 , or may be composed of one integrated ECU having the functions of the DCM 12 and the CGW 13 .
- the CGW 13 is connected with a second bus 15, a third bus 16, a fourth bus 17, and a fifth bus 18 as internal buses.
- Various ECUs 19 are connected via a bus 18 and a power management ECU 20 is connected via a bus 18 .
- the ECU 19 corresponds to a node.
- the second bus 15 is, for example, a multimedia bus, and is connected to an ECU 19 that controls the multimedia system.
- the third bus 16 is, for example, an ADAS system bus for driving assistance or automatic driving, and is connected to an ECU 19 that controls the ADAS system.
- the fourth bus 17 is, for example, a driving system bus for running the vehicle, and is connected to an ECU 19 that controls the driving system.
- the buses 15 to 17 may be buses of a system other than a multimedia system bus, an ADAS system bus, and a drive system bus. Also, the number of buses and the number of ECUs 19 are not limited to the illustrated configuration.
- the buses do not need to be divided for each system, and may be divided according to the location of the ECU 19 to be controlled, such as the front and rear of the vehicle, or may be divided according to the set location of the system and the ECU 19. It's okay to be
- the power management ECU 20 is an ECU that manages power supplied to the DCM 12, the CGW 13, various ECUs 19, and the like.
- a sixth bus 21 is connected to the CGW 13 as a vehicle-exterior bus.
- a DLC (Data Link Coupler) connector 22 to which a tool 23 functioning as a service tool is detachably connected is connected to the sixth bus 21 .
- the buses 14 to 18 inside the vehicle and the bus 21 outside the vehicle are configured by, for example, a CAN (Controller Area Network, registered trademark) bus, and the CGW 13 is based on CAN data communication standards and diagnostic communication standards (UDS (Unified Diagnosis Services)).
- UDS Unified Diagnosis Services
- the CGW 13 sends a package data download request to the center device 3 via the DCM 12 on condition that the conditions for downloading the package data are met.
- the conditions under which the package data can be downloaded are that approval for download has been obtained, that the CGW 13 is capable of data communication with the center device 3 via the DCM 12, and that the free space of the storage of the DCM 12 is equal to or greater than a predetermined capacity. , that the remaining capacity of the vehicle-mounted battery is equal to or greater than a predetermined capacity.
- the CGW 13 instructs the software update target ECU 19 to install the acquired update data on the condition that the conditions for instructing installation to write the update data are satisfied.
- the conditions under which installation can be instructed are that approval for installation has been obtained, that the vehicle is in a state where installation is possible, that the update target ECU 19 is in a state where installation is possible, and that the update data is normal data. and that the remaining capacity of the vehicle-mounted battery is equal to or greater than a predetermined capacity.
- the CGW 13 instructs the update target ECU 19 to activate on the condition that the conditions for enabling the activation of the software after installation are satisfied.
- the conditions under which activation can be instructed are that approval for activation has been obtained, that the vehicle state is in a state in which activation is possible, that the ECU 19 to be updated is in a state in which activation is possible, and that the remaining capacity of the on-vehicle battery is a predetermined capacity. or more.
- the CGW 13 includes a microcomputer (hereinafter referred to as a microcomputer) 24, a storage 25, a data transfer circuit 26, a power supply circuit 27, and a power detection circuit 28 as electrical functional blocks. have.
- the microcomputer 24 executes various control programs stored in the non-transitional substantive storage medium, performs various processes, and controls the operation of the CGW 13 .
- the configuration in which one microcomputer 24 is mounted on the CGW 13 is illustrated, but the number, specifications, and combination of microcomputers mounted on the CGW 13 are determined according to the processing capacity required of the CGW 13. be done. That is, if the CGW 13 is required to have relatively high processing power, a microcomputer with relatively high specifications is employed, or a plurality of microcomputers are employed to realize distributed processing or parallel processing.
- the storage 25 is eMMC (embedded Multi Media Card), NorFlash, for example.
- the data transfer circuit 26 controls data communication with the buses 14 to 18 and 21 conforming to CAN data communication standards, Ethernet communication standards, diagnostic communication standards, and the like.
- a power supply circuit 27 inputs a battery power supply, an accessory power supply, and an ignition power supply.
- the power supply detection circuit 28 detects the voltage value of the battery power supply, the voltage value of the accessory power supply, and the voltage value of the ignition power supply input by the power supply circuit 27, compares these detected voltage values with a predetermined voltage threshold, and The result is output to the microcomputer 24.
- the microcomputer 24 determines whether the battery power supply, accessory power supply, and ignition power supply externally supplied to the CGW 13 are normal or abnormal based on the comparison result input from the power supply detection circuit 28 .
- the ECU 19 has a microcomputer 29, a data transfer circuit 30, a power supply circuit 31, and a power detection circuit 32 as electrical functional blocks.
- the microcomputer 29 has a CPU 29a, a ROM 29b, a RAM 29c, and a flash memory 29d.
- the flash memory 29 d includes a secure area from which information cannot be read from outside the ECU 19 .
- the microcomputer 29 executes various control programs stored in a non-transitional substantive storage medium, performs various processes, and controls the operation of the ECU 19 .
- the data transfer circuit 30 controls data communication conforming to the CAN data communication standard, Ethernet communication standard, etc. between the buses 15-17.
- a power supply circuit 31 inputs a battery power supply, an accessory power supply, and an ignition power supply.
- the power supply detection circuit 32 detects the voltage value of the battery power supply, the voltage value of the accessory power supply, and the voltage value of the ignition power supply input by the power supply circuit 31, compares these detected voltage values with a predetermined voltage threshold, and The result is output to the microcomputer 29.
- the microcomputer 29 determines whether the battery power supply, accessory power supply, and ignition power supply externally supplied to the ECU 19 are normal or abnormal based on the comparison result input from the power supply detection circuit 32 .
- the ECUs 19 have different loads such as sensors and actuators to which they are connected, and basically have the same configuration.
- the multimedia ECU 19, the ADAS ECU 19, and the drive system ECU 19 may use different software update methods.
- the CGW 13 employs the following configuration. The fact that the update methods are different means that the systems of the ECUs 19 are different even if the data transfer communication methods are the same, in addition to the fact that the data transfer communication methods are different as described above.
- the updating method is the method and order for updating the software of the ECU 19. More specifically, the method and the order are, for example, a communication method for data transfer such as storage and streaming, and a processing procedure necessary for updating. indicates the type of Note that the number of ECUs 19 to be updated by one updating method is not limited to one, and a plurality of ECUs 19 may be updated collectively.
- the CGW 13 includes, in the control unit 33, an overall management unit 34, a downloader 35, a first update master 36, a second update master 37, a third update master 38, and specification data storage. part 39;
- the downloader 35 corresponds to a first execution instructing section.
- the first update master 36, the second update master 37, and the third update master 38 correspond to the second execution instructing section.
- the overall management unit 34 includes a specification data acquisition unit 34a, an execution request unit 34b, a state determination unit 34c, an acceptance result reception unit 34d, an acceptance result transmission unit 34e, a processing completion notification reception unit 34f, and a processing completion and a notification transmission unit 34g.
- Each part 34-38, 34a-34g corresponds to the function executed by the update program. That is, the control unit 33 performs the functions of the units 34 to 38 and 34a to 34g by executing the update program.
- the first update master 36 is connected to the multimedia ECU 19, but the relationship between the update master and the ECU 19 may be other than this correspondence relationship. If the first update master 36 and the ADAS system ECU 19 are connected, the first update master 36 may manage the update process of the ADAS system ECU 19 . Also, the first update master 36 may manage the update process of the drive system ECU 19 .
- the downloader 35 instructs the DCM 12 to execute the download process upon receipt of the download execution request from the overall management unit 34 .
- the first update master 36 manages update processing of the multimedia ECU 19, instructs the multimedia ECU 19 to execute installation processing upon receipt of an installation execution request from the overall management unit 34, and activates the installation processing. Instructs execution of activation processing upon receipt of an execution request.
- the second update master 37 manages the update process of the ADAS system ECU 19, instructs the ADAS system ECU 19 to execute the installation process upon receipt of the installation execution request from the general management unit 34, and activates the activation execution request. It instructs execution of activation processing with the reception of .
- the third update master 38 manages the update process of the drive system ECU 19, instructs the drive system ECU 19 to execute the installation process upon receipt of the installation execution request from the general management section 34, and activates the drive system ECU 19. It instructs execution of activation processing with the reception of .
- the update masters 36 to 38 manage the update processing of the ECU 19 to be managed, instruct the execution of the installation processing upon receipt of the installation execution request from the overall management unit 34, and receive the activation execution request. Execution of activation processing is instructed as a trigger.
- the general manager 34, the downloader 35, and the update masters 36-38 are functionally independent modules. By adopting such a configuration, it is possible to simplify the software configuration and appropriately ensure the quality assurance of the system. Furthermore, it becomes possible to develop software independently of each other, improving development efficiency.
- the specification data acquisition unit 34 a acquires specification data from the package data, and stores the acquired specification data in the specification data storage unit 39 .
- the specification data includes various types of information regarding software update, including information regarding transmission targets of execution requests shown in FIG. 5 and information regarding the order of transmission of execution requests shown in FIG.
- the information about the transmission target of the execution request includes items of the update master, the node ID of the update master, and the process to which the execution request is to be transmitted.
- the transmission targets of the installation execution request are the first update master 36, the second update master 37 and the third update master 38
- the transmission targets of the activation execution request are the first update master 36 and the second update master. 37 , exemplifying that it is the third update master 38 .
- the information regarding the transmission order of execution requests includes the priority of installation processing and activation processing for the update masters 36-38.
- the installation execution request is sent in the order of the first update master 36, the second update master 37 and the third update master 38
- the activation execution request is sent to the first update master 36, the second update master 37 and the third update master.
- Simultaneous transmission to master 38 is illustrated. That is, the specification data has a data structure that includes information that can specify the transmission target and the transmission order of execution requests when requesting execution of download processing, installation processing, and activation processing for each update method. Note that the data structure may be of any other format as long as it designates the type of execution request indicating download, installation, or activation, and the transmission target and transmission order of the execution request.
- the execution requesting unit 34b instructs the DCM 12 to execute the download process from the downloader 35 and causes the DCM 12 to execute the download process.
- the execution request unit 34b transmits an installation execution request to the update masters 36 to 38, thereby instructing the update target ECU 19 to execute the installation process from the update masters 36 to 38, and causes the update target ECU 19 to execute the installation process.
- the execution request unit 34b transmits an activation execution request to the update masters 36 to 38, thereby instructing the update target ECU 19 to execute the activation process from the update masters 36 to 38, and causing the update target ECU 19 to execute the activation process.
- the state determination unit 34c determines whether the download process can be executed, the installation process can be executed, and the activation process can be executed.
- the state determination unit 34c determines whether or not the download process can be executed by determining the conditions under which the package data can be downloaded.
- the state determination unit 34c determines whether or not it is possible to execute the installation process by determining the above-described conditions under which installation can be instructed.
- the state determination unit 34c determines whether or not the activation process can be executed by determining the conditions under which activation can be instructed.
- the consent result receiving unit 34d receives the consent results from the user for download processing, installation processing, and activation processing.
- the consent result transmitting unit 34 e transmits the received consent result to the center device 3 .
- the processing completion notification receiving unit 34f receives a download processing completion notification indicating completion of the download processing from the downloader 35.
- the process completion notice sending part 34g sends the received download process completion notice to the center device 3 .
- the processing completion notification transmitting unit 34g transmits the received installation processing completion notification and activation processing completion notification to the center device 3. .
- FIG. 7 As shown in FIGS. 5 and 6, it is assumed that the transmission target and the transmission order of the execution request are set by the specification data.
- the overall management unit 34 determines that the campaign information has been received from the center device 3 via the DCM 12 (t1) or the event notification has been received from any of the update masters 36 to 38 (S1 : YES, t2), and waits for reception of specification data from the center device 3 (S2).
- the overall management unit 34 determines that the specification data has been received from the center device 3 via the DCM 12 (S2: YES, t3)
- the overall management unit 34 stores the received specification data in the specification data storage unit 39, The original data is referenced to determine the transmission target and the transmission order of the execution request (S3).
- the overall management unit 34 transmits the installation execution request to the first update master 36, the second update master 37, and the third update master 38 in this order, and the activation execution request to the first update master 36, the third update master 38, and the activation execution request. It decides to transmit to the second update master 37 and the third update master 38 at the same time.
- the overall management unit 34 transmits a download approval screen display request to the HMI (S4, t4), and waits for reception of the approval result from the HMI (S5).
- the HMI receives the download approval screen display request from the overall management unit 34, it displays the download approval screen. t5).
- the overall management unit 34 determines that it has received an approval result indicating approval from the HMI (S5: YES), it transmits the approval result indicating approval to the center device 3 via the DCM 12 (S6, t6).
- the overall management unit 34 determines whether or not the download process can be executed (S7). (S8, t7, corresponding to the execution request procedure), and waits for reception of ACK for the download execution request from the downloader 35 (S9).
- the download execution request is received from the general manager 34 , the downloader 35 returns ACK to the general manager 34 .
- the downloader 35 instructs the DCM 12 to execute the download process (S10).
- the general manager 34 waits for reception of a download process completion notification from the downloader 35 (S11), Monitor (S12).
- the downloader 35 Upon receiving the download execution request from the overall management unit 34, the downloader 35 transmits a package data download request to the center device 3 via the DCM 12 (t8). Upon receiving the package data download request from the CGW 13, the center device 3 distributes the package data to the DCM 12 (t9). The DCM 12 starts the process of downloading the package data from the center device 3 , and upon completion of the download process, transmits a download process completion notice to the downloader 35 . When the download process completion notification is received from the DCM 12, the downloader 35 transmits the download process completion notification to the overall management unit 34 (t10).
- the download processing completion notification is sent via the DCM 12. is sent to the center device 3 (S13, t11).
- the overall management unit 34 determines that a certain period of time has elapsed since the execution of the download processing was instructed before receiving the download processing completion notification from the downloader 35 (S12: YES), the number of retries is set in advance. It is determined whether or not the upper limit number of times set has been reached (S14). When the overall management unit 34 determines that the number of retries has not reached the upper limit (S14: NO), it resends the download execution request to the downloader 35 (S15), increments the number of retries (S16), and steps S11 and S12. back to When the overall management unit 34 determines that the number of retries has reached the upper limit (S14: YES), it transmits an error notification indicating an error in the download process to the center device 3 via the DCM 12 (S17).
- the overall management unit 34 transmits an installation consent screen display request to the HMI (S18, t12), and waits for reception of the consent result from the HMI (S19).
- the HMI receives the installation consent screen display request from the general management unit 34
- the HMI displays the installation consent screen
- the HMI transmits a consent result indicating consent permission to the general management unit 34 ( t13).
- the overall management unit 34 determines that it has received an approval result indicating approval from the HMI (S19: YES), it transmits the approval result indicating approval to the center device 3 via the DCM 12 (S20, t14).
- the general management unit 34 determines whether or not the installation process can be executed (S21).
- the update master 36 receives the installation execution request from the general manager 34 , the update master 36 returns ACK to the general manager 34 .
- the update master 36 determines that ACK has been received from the update master 36 (S23: YES)
- the update master 36 instructs the update target ECU 19 to execute the installation process (S24).
- the overall management unit 34 waits for reception of the installation process completion notification from the update master 36 (S25), and after instructing the execution of the installation process. is monitored (S26).
- the update master 36 instructs the update target ECU 19 to execute the installation process
- the update target ECU 19 starts the installation process
- the update master 36 sends an installation process completion notice to the update master 36 .
- the update master 36 receives the installation process completion notification from the update target ECU 19
- the update master 36 transmits the installation process completion notification to the general management unit 34 (t16).
- the update master 36 upon receiving installation processing completion notifications from all the update target ECUs 19, transmits the installation processing completion notification to the general management unit 34. .
- the overall management unit 34 determines that it has received an installation processing completion notification from the update master 36 before a certain period of time elapses after instructing the update master 36 to execute the installation processing (S25: YES), the installation processing is completed.
- a notification is sent to the center device 3 via the DCM 12 (S27, t17).
- the overall management unit 34 determines that a certain period of time has passed since it instructed the update master 36 to execute the installation process before receiving the installation process completion notification from the update master 36 (S26: YES), it will retry. It is determined whether or not the number of times has reached the preset upper limit number of times (S28). When the overall management unit 34 determines that the number of retries has not reached the upper limit (S28: NO), it resends the installation execution request to the update master 36 (S29), increments the number of retries (S30), and steps S25, Return to S26. When the overall management unit 34 determines that the number of retries has reached the upper limit (S28: YES), it transmits an error notification indicating an error in the installation process to the center device 3 via the DCM 12 (S31).
- the overall management unit 34 determines whether or not the installation execution request has already been transmitted to all of the update masters 36 to 38 to which the installation execution request is transmitted in the current campaign information (S32). When the overall management unit 34 determines that there are update masters 36 to 38 to which the installation execution request has not been sent yet (S32: NO ), the update master 37 having the second highest priority among the update masters 36 to 38 to be updated of the software is targeted, the process returns to step S22, and steps S22 and subsequent steps are repeated.
- the overall management unit 34 executes the installation.
- the execution of the installation process for the update target ECU 19 for the multimedia system and the installation process for the update target ECU 19 for the ADAS system Execution, execution of the installation process for the ECU 19 to be updated of the driving system is sequentially instructed (t15 to t23).
- the overall management unit 34 determines that the installation execution request has already been transmitted to all of the update masters 36 to 38 to which transmission is to be performed, and that there is no update master 36 to 38 to which the installation execution request has not been transmitted ( S32: YES), when the installation process by the update masters 36 to 38 is completed, a request for displaying an activation consent screen is sent to the HMI (S33, t24), and the reception of the consent result from the HMI is waited for (S34).
- the HMI receives an activation approval screen display request from the overall management unit 34, it displays an activation approval screen, and when the user performs an approval approval operation, the HMI transmits a consent result indicating approval approval to the overall management unit 34 ( t25).
- the overall management unit 34 determines that it has received an approval result indicating approval from the HMI (S34: YES), it transmits the approval result indicating approval to the center device 3 via the DCM 12 (S35, t26).
- the overall management unit 34 determines that the activation process can be executed (S36: YES)
- it simultaneously transmits an activation execution request to the update masters 36 to 38 (S37, t27, corresponding to an execution request procedure), It waits to receive an ACK for the activation execution request from the update masters 36 to 38 (S38).
- the update masters 36 to 38 receive the activation execution request from the general manager 34 , they return ACK to the general manager 34 .
- the overall management unit 34 determines that ACK has been received from the update masters 36 to 38 (S38: YES), the update masters 36 to 38 simultaneously instruct the update target ECU 19 to execute activation processing (S39).
- the overall management unit 34 waits for reception of the activation process completion notification from the update masters 36 to 38 (S40), and executes the activation process. is monitored at the same time (S41).
- the update target ECU 19 managed by the update masters 36 to 38 starts the activation process when instructed to execute the activation process by the update masters 36 to 38, and when the activation process is completed, the update master 36 notifies the completion of the activation process. Send to ⁇ 38.
- the update masters 36 to 38 receive the activation process completion notification from the update target ECU 19, they transmit the activation process completion notification to the overall management unit 34 (t28).
- each of the update masters 36 to 38 activates the activation process upon receiving the activation process completion notification from all the update target ECUs 19 managed by each of the update masters 36 to 38.
- a completion notification is sent to the overall management unit 34 .
- the overall management unit 34 determines that it has received an activation processing completion notification from the update masters 36 to 38 before a certain period of time has passed since the execution of the activation processing was instructed (S40: YES), it sends the activation processing completion notification. It is transmitted to the center device 3 via the DCM 12 (S42, t29).
- the number of retries will be It is determined whether or not a preset upper limit number of times has been reached (S43). If the overall management unit 34 determines that the number of retries has not reached the upper limit (S43: NO), it resends the activation execution request to the update masters 36 to 38 (S44), increments the number of retries (S45), and step Return to S40, S41. When the overall management unit 34 determines that the number of retries has reached the upper limit (S43: YES), it transmits an error notification indicating an activation error to the center device 3 via the DCM 12 (S46).
- a processing request having a high priority such as a regulation may occur before the installation processing is completed in the update target ECU 19 managed by the update master.
- the general manager 34 performs the processing shown in FIG.
- the overall management unit 34 When the overall management unit 34 transmits an execution request to any update master (S51), it determines whether or not a processing completion notification for the execution request of the processing being executed has been received (S52). It is determined whether or not a processing request has occurred (S53). If the overall management unit 34 determines that a high-priority processing request has occurred before receiving the processing completion notification for the execution request for the ongoing processing (S53: YES), the overall management unit 34 issues an interruption request for the ongoing processing to the update master. , suspends the process being executed (S54), and transmits a request for execution of a subsequent process with a high priority to the update master (S55).
- the overall management unit 34 When the overall management unit 34 transmits the execution request for the subsequent process with high priority to the update master, it determines whether or not it has received a process completion notification for the execution request for the subsequent process with high priority (S56). When the overall management unit 34 determines that it has received the processing completion notification for the subsequent processing execution request with the higher priority (S56: YES), it transmits a restart request for the interrupted processing to the update master, and restarts the interrupted processing. (S57) and returns to steps S52 and S53. It should be noted that the same applies to the case where a processing request with a high priority such as a regulation occurs after the activation execution request is transmitted to any of the update masters and before the activation processing is completed in the update target ECU 19 managed by the update master. is.
- the update masters 36 to 38 are provided for each update method.
- the software configuration is simplified and the quality assurance of the system is appropriately ensured. be able to.
- the transmission target and the transmission order of the execution request are set according to the specification data, the content of the software update can be easily switched according to the specification data, and the CGW 13 applied to various systems is individually prepared. It is no longer necessary to do so, and it is possible to reduce the number of parts.
- the received consent result is transmitted to the center device 3, so that the download processing, installation processing, and activation processing from the user
- the consent result can be managed by the center device 3 .
- the CGW 13 When the CGW 13 receives a download processing completion notice, an installation processing completion notice, or an activation processing completion notice, the received processing completion notice is sent to the center device 3. It can be managed by the center device 3 .
- the process being executed is interrupted, the execution request of the subsequent process is transmitted, and the restart of the interrupted process is requested after the subsequent process is completed. Therefore, it is possible to appropriately deal with a processing request having a high priority such as a regulation.
- the configuration for managing the update processing of the ECU 19 of the three types has been exemplified.
- the following or four or more types of ECU 19 updating processes may be managed. That is, by providing one update master, the update processing of the ECU 19 of one type may be managed.
- the activation execution request is simultaneously transmitted to the first update master 36, the second update master 37, and the third update master 38 has been exemplified, It may be configured to transmit to the master 38 at individual timings.
- the specification data is referred to determine the transmission target and the transmission order of the execution request, but only the first transmission target of the execution request is exemplified. It is also possible to determine the next transmission target of the execution request each time the processing completion notification is received.
- the update target ECU 19 has the function of the downloader 35 so that the update target ECU 19 directly downloads the package data from the center device 3.
- a configuration in which update data is acquired by downloading may be used.
- Download consent, installation consent, and activation consent are not required for each process.
- installation approval and activation approval may be performed by one approval.
- the controls and patterns thereof described in this disclosure may be implemented by a dedicated computer provided by configuring a processor and memory programmed to perform one or more functions embodied by the computer program.
- the controller and its patterns described in this disclosure may be implemented by a dedicated computer provided by configuring the processor with one or more dedicated hardware logic circuits.
- the control unit and its pattern described in this disclosure can be implemented by a combination of a processor and memory programmed to perform one or more functions and a processor configured by one or more hardware logic circuits. It may also be implemented by one or more dedicated computers configured.
- the computer program may also be stored as computer-executable instructions on a computer-readable non-transitional tangible storage medium.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mechanical Engineering (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
車両用電子制御システムは、電子制御装置(以下、ECU(Electronic Control Unit)と称する)に搭載されている車両制御や診断等のソフトウェアをOTA(Over The Air)により更新可能なシステムである。ソフトウェアは、車両制御や診断等の機能を実現するためのプログラムやデータを含み、アプリケーションと表現することもできる。本実施形態では、車両制御や診断等のソフトウェアを更新する場合について説明するが、例えば地図アプリや当該地図アプリで使用される地図データ等を更新する場合にも適用することができる。
CGW13において、ダウンロード処理、インストール処理及びアクティベート処理の実行を更新手法単位で要求することで、ダウンロード処理、インストール処理及びアクティベート処理を更新手法単位で実行させるようにした。複数の更新対象ECU19のソフトウェアを異なる更新手法で更新する場合に、複数の更新手法を同時に実行してしまう事態や複数の更新手法を不適切な順序で実行してしまう事態を回避することができる。これにより、意図しない組み合わせでソフトウェアが更新されてしまう事態を回避することができ、ソフトウェアを適切に更新することができ、安全安心なソフトウェア更新を担保することができる。
Claims (11)
- 外部から更新データをダウンロードするダウンロード処理を実行するダウンロード処理実行部に対し、前記ダウンロード処理の実行を指示する第1実行指示部(35)と、
更新データをインストールして更新後のソフトウェアを生成するインストール処理及び更新後のソフトウェアを有効とするアクティベート処理を実行する更新対象ノードに対し、前記インストール処理の実行及び前記アクティベート処理の実行を指示する第2実行指示部(36~38)と、
前記第1実行指示部又は前記第2実行指示部に対し、実行要求を更新手法単位で送信し、前記ダウンロード処理、前記インストール処理及び前記アクティベート処理のうち何れかの実行を更新手法単位で要求する実行要求部(34b)と、を備える車両用電子制御装置。 - 外部から諸元データを取得する諸元データ取得部(34a)を備え、
前記実行要求部は、前記諸元データに基づいて前記実行要求の送信対象及び送信順序を決定する請求項1に記載した車両用電子制御装置。 - 前記実行要求部は、前記ダウンロード処理、前記インストール処理及び前記アクティベート処理を対象とし、前記ダウンロード処理の実行を要求する前に、前記実行要求の送信対象及び送信順序を決定する請求項2に記載した車両用電子制御装置。
- 前記実行要求部は、前記ダウンロード処理、前記インストール処理及び前記アクティベート処理を対象とし、何れかの処理を完了する都度、前記実行要求の次の送信対象を決定する請求項2に記載した車両用電子制御装置。
- 状態を判定する状態判定部(34c)を備え、
前記実行要求部は、前記ダウンロード処理、前記インストール処理及び前記アクティベート処理を実行可能な状態であることが前記状態判定部により判定されていることを条件とし、その実行可能な状態である処理の実行を要求する請求項1から4の何れか一項に記載した車両用電子制御装置。 - 前記ダウンロード処理、前記インストール処理、前記アクティベート処理のうち何れかに係るユーザからの承諾結果を受信する承諾結果受信部(34d)と、
何れかの承諾結果が前記承諾結果受信部により受信されると、その受信された承諾結果を外部に送信する承諾結果送信部(34e)と、を備える請求項1から5の何れか一項に記載した車両用電子制御装置。 - 前記第1実行指示部は、前記ダウンロード処理の完了を特定すると、ダウンロード処理完了通知を送信し、
前記第2実行指示部は、前記インストール処理の完了を特定すると、インストール処理完了通知を送信し、前記アクティベート処理の完了を特定すると、アクティベート処理完了通知を送信し、
前記ダウンロード処理完了通知、前記インストール処理完了通知、前記アクティベート処理完了通知のうち何れかを受信する処理完了通知受信部(34f)と、
何れかの処理完了通知が前記処理完了通知受信部により受信されると、その受信された処理完了通知を外部に送信する処理完了通知送信部(34e)と、を備える請求項1から6の何れか一項に記載した車両用電子制御装置。 - 前記実行要求部は、前記第1実行指示部又は前記第2実行指示部に対し、実行要求を更新手法単位で送信した後に、前記ダウンロード処理、前記インストール処理及び前記アクティベート処理のうち何れかが実行されておらず実行要求の再送条件が成立すると、実行要求を再送する請求項1から7の何れか一項に記載した車両用電子制御装置。
- 前記実行要求部は、実行中処理の優先度よりも後続処理の優先度が高い場合には、前記実行中処理を中断し、前記後続処理の実行要求を送信し、前記後続処理を完了後に当該中断した処理の再開を要求する請求項1から8の何れか一項に記載した車両用電子制御装置。
- 外部から更新データをダウンロードするダウンロード処理を実行するダウンロード処理実行部に対し、前記ダウンロード処理の実行を指示する第1実行指示部(35)と、
更新データをインストールして更新後のソフトウェアを生成するインストール処理及び更新後のソフトウェアを有効とするアクティベート処理を実行する更新対象ノードに対し、前記インストール処理の実行及び前記アクティベート処理の実行を指示する第2実行指示部(36~38)と、を備える車両用電子制御装置(13)の制御部(33)に、
前記第1実行指示部又は前記第2実行指示部に対し、実行要求を更新手法単位で送信し、前記ダウンロード処理、前記インストール処理及び前記アクティベート処理のうち何れかの実行を更新手法単位で要求する実行要求手順を実行させる更新プログラム。 - 外部から車両用電子制御装置に配信され、前記車両用電子制御装置が更新対象ノードのソフトウェアを更新する際に必要な情報を含む諸元データのデータ構造であって、
外部から更新データをダウンロードするダウンロード処理、更新データを更新対象ノードにインストールして更新後のソフトウェアを生成するインストール処理、更新後のソフトウェアを有効とするアクティベート処理のうち何れかの実行を更新手法単位で要求する際の実行要求の送信対象及び送信順序を特定可能な情報を含むデータ構造。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE112022002715.0T DE112022002715T5 (de) | 2021-05-21 | 2022-04-21 | Elektronisches steuerungssystem für ein fahrzeug, aktualisierungsprogramm und datenstruktur |
JP2023522578A JPWO2022244588A5 (ja) | 2022-04-21 | 車両用電子制御装置及び更新プログラム | |
CN202280035996.2A CN117321569A (zh) | 2021-05-21 | 2022-04-21 | 车辆用电子控制装置、更新程序以及数据结构 |
US18/497,255 US20240061672A1 (en) | 2021-05-21 | 2023-10-30 | Vehicle electronic control device, update program, and data structure |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2021-086157 | 2021-05-21 | ||
JP2021086157 | 2021-05-21 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/497,255 Continuation US20240061672A1 (en) | 2021-05-21 | 2023-10-30 | Vehicle electronic control device, update program, and data structure |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022244588A1 true WO2022244588A1 (ja) | 2022-11-24 |
Family
ID=84141329
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2022/018438 WO2022244588A1 (ja) | 2021-05-21 | 2022-04-21 | 車両用電子制御装置、更新プログラム及びデータ構造 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20240061672A1 (ja) |
CN (1) | CN117321569A (ja) |
DE (1) | DE112022002715T5 (ja) |
WO (1) | WO2022244588A1 (ja) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7546595B1 (en) * | 2004-10-14 | 2009-06-09 | Microsoft Corporation | System and method of installing software updates in a computer networking environment |
JP2010245716A (ja) * | 2009-04-03 | 2010-10-28 | Clarion Co Ltd | 移動端末およびソフトウェアアップデート方法 |
JP2015041334A (ja) * | 2013-08-23 | 2015-03-02 | 矢崎エナジーシステム株式会社 | 車載ソフトウェア更新装置 |
WO2020170407A1 (ja) * | 2019-02-22 | 2020-08-27 | 本田技研工業株式会社 | ソフトウェア更新装置、車両及びソフトウェア更新方法 |
JP2021009658A (ja) * | 2018-08-10 | 2021-01-28 | 株式会社デンソー | 車両用電子制御システム、進捗表示の画面表示制御方法及び進捗表示の画面表示制御プログラム |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7003975B2 (ja) | 2018-08-10 | 2022-01-21 | 株式会社デンソー | 車両情報通信システム,センター装置及びセンター装置のメッセージ送信方法 |
KR20210066622A (ko) | 2019-11-28 | 2021-06-07 | 덕산네오룩스 주식회사 | 감광성 수지 조성물 및 표시장치 |
-
2022
- 2022-04-21 WO PCT/JP2022/018438 patent/WO2022244588A1/ja active Application Filing
- 2022-04-21 DE DE112022002715.0T patent/DE112022002715T5/de active Pending
- 2022-04-21 CN CN202280035996.2A patent/CN117321569A/zh active Pending
-
2023
- 2023-10-30 US US18/497,255 patent/US20240061672A1/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7546595B1 (en) * | 2004-10-14 | 2009-06-09 | Microsoft Corporation | System and method of installing software updates in a computer networking environment |
JP2010245716A (ja) * | 2009-04-03 | 2010-10-28 | Clarion Co Ltd | 移動端末およびソフトウェアアップデート方法 |
JP2015041334A (ja) * | 2013-08-23 | 2015-03-02 | 矢崎エナジーシステム株式会社 | 車載ソフトウェア更新装置 |
JP2021009658A (ja) * | 2018-08-10 | 2021-01-28 | 株式会社デンソー | 車両用電子制御システム、進捗表示の画面表示制御方法及び進捗表示の画面表示制御プログラム |
WO2020170407A1 (ja) * | 2019-02-22 | 2020-08-27 | 本田技研工業株式会社 | ソフトウェア更新装置、車両及びソフトウェア更新方法 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2022244588A1 (ja) | 2022-11-24 |
CN117321569A (zh) | 2023-12-29 |
DE112022002715T5 (de) | 2024-03-07 |
US20240061672A1 (en) | 2024-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111399884A (zh) | 一种车辆组件的升级方法、装置及电子设备 | |
US20240069906A1 (en) | Server, software update system, distribution method, and non-transitory storage medium | |
US20220066768A1 (en) | Software update device, update control method, and non-transitory storage medium | |
JP2019109745A (ja) | 自動車用電子制御装置 | |
WO2022244588A1 (ja) | 車両用電子制御装置、更新プログラム及びデータ構造 | |
US11960876B2 (en) | Center, update management method, and non-transitory storage medium | |
US11736577B2 (en) | Server, update management method, non-transitory storage medium, software update device, and system including server and software update device | |
US11995437B2 (en) | Center, distribution control method, and non-transitory storage medium | |
US20220391194A1 (en) | Ota master, system, method, non-transitory storage medium, and vehicle | |
US20220391192A1 (en) | Ota master, center, system, method, non-transitory storage medium, and vehicle | |
JP7484814B2 (ja) | 車両用電子制御装置及び更新プログラム | |
US20220391193A1 (en) | Ota master, system, method, non-transitory storage medium, and vehicle | |
JP2019200789A (ja) | 電子制御装置及びセッション確立プログラム | |
US11972248B2 (en) | Controlling software update of electronic control units mounted on a vehicle | |
US20220405080A1 (en) | Ota master, system, method, non-transitory storage medium, and vehicle | |
US11954480B2 (en) | Center, OTA master, system, method, non-transitory storage medium, and vehicle | |
US11947950B2 (en) | Center, OTA master, method, non-transitory storage medium, and vehicle | |
WO2022220024A1 (ja) | 車両用電子制御装置、書換えプログラム及びデータ構造 | |
JP2023045278A (ja) | 車載システム | |
CN116319745A (zh) | 应用资源下载方法、装置、车机、车辆及存储介质 | |
JP2024066186A (ja) | Sdnネットワークシステム、及びsdnコントローラ | |
CN113961214A (zh) | 软件更新装置、更新控制方法、非临时存储介质、服务器、ota主机及中心 | |
CN117156427A (zh) | 中心、控制方法以及非暂时性存储介质 | |
JP2023002161A (ja) | センタ、otaマスタ、方法、プログラム、及び車両 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22804502 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2023522578 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 202280035996.2 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 112022002715 Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 22804502 Country of ref document: EP Kind code of ref document: A1 |