WO2023166758A1 - Electronic control system - Google Patents

Electronic control system Download PDF

Info

Publication number
WO2023166758A1
WO2023166758A1 PCT/JP2022/031653 JP2022031653W WO2023166758A1 WO 2023166758 A1 WO2023166758 A1 WO 2023166758A1 JP 2022031653 W JP2022031653 W JP 2022031653W WO 2023166758 A1 WO2023166758 A1 WO 2023166758A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic control
control system
storage unit
data
unit
Prior art date
Application number
PCT/JP2022/031653
Other languages
French (fr)
Japanese (ja)
Inventor
康浩 池田
健一 新保
裕 植松
忠信 鳥羽
英之 坂本
Original Assignee
日立Astemo株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日立Astemo株式会社 filed Critical 日立Astemo株式会社
Publication of WO2023166758A1 publication Critical patent/WO2023166758A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0823Errors, e.g. transmission errors

Definitions

  • the present invention relates to an electronic control system that controls the memory storage method of vehicle/diagnostic data.
  • ECUs Electrical Control Units
  • central ECU centralized electronic control unit
  • vehicle/diagnostic data tends to increase with the advent of automated driving.
  • ECUs other than the central ECU suppress the increase in internal memory. Demand is growing.
  • Japanese Patent Laid-Open No. 2002-200003 describes that the problem is to "reliably store the vehicle state at the time of occurrence of an abnormality even if the vehicle state detection process is executed several times from the time of occurrence of an abnormality to the execution of the storage process.” ing.
  • the vehicle abnormal state storage device 10 stores the vehicle state detected by the vehicle state detection processing unit 21 in each detection cycle by the first vehicle state storage processing unit 23, and the index number assignment processing unit 22 is stored in the first storage unit 13 together with an index number assigned in correspondence with each vehicle state, and when the abnormality determination processing unit 24 determines that an abnormality has occurred in the vehicle state, the index number extraction processing unit 25 An index number corresponding to the vehicle state is extracted, and the index number extracted by the index number extraction processing unit 25 is stored by the second vehicle state storage processing unit 26 for each predetermined storage cycle set to a longer cycle than the detection cycle. The corresponding vehicle state is stored in the second storage unit 14".
  • an electronic control system has a first electronic control unit and a plurality of second electronic control units, and the first electronic control unit outputs from the plurality of second electronic control units receive the signals received from the plurality of second electronic control units, process the signals received from the plurality of second electronic control units to generate processing data, overwrite save the generated processing data in a storage unit, and store at least one second electronic control unit If a communication error occurs between Save without overwriting as data.
  • the vehicle data of each ECU at the time of/immediately before the communication error can be saved in the storage of the central ECU, so that the state of the entire vehicle at the time of the communication error can be grasped and factor analysis can be performed.
  • FIG. 1 is a block diagram showing the configuration of an electronic control system according to Embodiment 1 of the present invention
  • FIG. FIG. 4 is a flowchart showing processing performed by the electronic control system according to the first embodiment of the present invention
  • the block diagram which shows the structure of the electronic control system which concerns on Example 2 of this invention.
  • the flowchart which shows the process which the electronic control system which concerns on Example 2 of this invention performs.
  • the block diagram which shows the structure of the electronic control system which concerns on Example 3 of this invention.
  • 1 is a diagram showing an example of a connection configuration between electronic control units according to Embodiment 1 of the present invention
  • FIG. FIG. 5 is a diagram showing another example of the connection configuration between the electronic control units according to the first embodiment of the present invention;
  • FIG. 1 is a block diagram showing the overall configuration of an electronic control system 1 according to the first embodiment.
  • An electronic control system 1 mounted on a vehicle has a first electronic control unit (central ECU 100) and a plurality of second electronic control units (ECU 210 and ECU 220).
  • the central ECU 100 has a transmission/reception section 110, an error detection section 120, a signal processing section 130, a first storage section (cache 140), a data transfer instruction section 150, and a second storage section (storage 160).
  • the ECUs 210 and 220 are various devices mounted on the vehicle (for example, a camera, a radar sensing device such as LiDAR), acquire information about the control state and safety state of the vehicle, and provide vehicle/diagnostic data. Generate. In this embodiment, two ECUs are used, but the number of ECUs is not limited as long as it is plural.
  • the transmission/reception unit 110 transmits and receives data to and from the ECU 210 and the ECU 220 .
  • the error detection unit 120 detects an error that has occurred in data transmission/reception between the transmission/reception unit 110 and the ECUs 210 and 220 .
  • the error is assumed to be a communication error in which communication between the transmitting/receiving unit 110 and the ECUs 210 and 220 is interrupted.
  • the signal processing unit 130 processes signals processed by the ECUs 210 and 220 and received by the transmitting/receiving unit 110 to generate processing data.
  • the cache 140 and storage 160 store the processed data generated by the signal processing unit 130 .
  • the storage capacity of cache 140 is smaller than the storage capacity of storage 160 .
  • the storage 160 is built in the central ECU 100 in this embodiment, it may be mounted in another area within the vehicle in which the central ECU 100 is mounted.
  • the data transfer instruction unit 150 transmits a transfer instruction signal instructing the signal processing unit 130 to transfer the processed data stored in the cache 140 to the storage 160 .
  • the data transfer instructing section 150 transmits a data transfer signal to the signal processing section 130 when it receives an error detection signal from the error detecting section 120, which will be described later in detail.
  • FIG. 2 is a flowchart showing the processing performed by the electronic control system according to this embodiment.
  • the error detection unit 120 monitors whether an error has occurred in the communication between the transmission/reception unit 110 and the ECUs 210 and 220 (step S201).
  • the error detection unit 120 does not detect an error ("No" in step S201)
  • the vehicle/diagnostic data processed by the ECUs 210 and 220 is transferred to the signal processing unit 130, and processed by the signal processing unit 130 to obtain the processed data. generated (step S202).
  • the generated processing data is first sent to the cache 140 configured by, for example, a volatile memory, and overwritten (step S203).
  • the data stored in the cache 140 is transferred to and stored in the storage 160 configured by, for example, a non-volatile memory at an arbitrary timing, and saved without being overwritten (step S204). After that, the above flow is repeated until an error occurs. Since the data stored in the cache 140 is overwritten and stored, the data stored up to that point is erased. Therefore, by storing the data in the storage 160 having a storage capacity larger than that of the cache 140 every predetermined time, it becomes possible to store the processed data for each predetermined time.
  • the error detection unit 120 When the error detection unit 120 detects a communication error (“Yes” in step S201), the error detection unit 120 issues an error detection signal indicating that an error has been detected, and transmits the error detection signal to the data transfer instruction unit 150 (step S205). .
  • the data transfer instruction unit 150 Upon receiving the error detection signal, the data transfer instruction unit 150 issues a transfer instruction signal instructing the data stored in the cache 140 to be transferred to the storage 160 and transmits the transfer instruction signal to the signal processing unit 130 .
  • the signal processing unit 130 which has received the transfer instruction signal, detects all the ECUs 210 stored in the cache 140 from the time when the data transfer instruction unit 150 receives the error detection signal to the time before the predetermined time. , 220 is transferred to and stored in the storage 160 as error occurrence data (step S207).
  • signal processing unit 130 receives an The processed data generated by processing the received signal is transferred from the cache 140 to the storage 160 .
  • step S208 it is determined whether or not the communication error has been resolved. If the communication error is resolved ("Yes” in step S208), the process returns to step S201. If the communication error is not resolved (“No” in step S208), the process proceeds to step S209, and safety control such as stopping the vehicle or degenerating (lowering the automatic driving level, etc.) is performed.
  • the error is explained as being a communication error, but it is not limited to this, and may be a signal abnormality or an ECU failure. Also, although there are many error detection methods, for example, determination by a CRC check or a packet loss counter is conceivable.
  • any data stored in the cache memory up to the time of the error can be saved in the storage, and when factor analysis is performed, the vehicle Since the overall state can be grasped, factor analysis can be facilitated.
  • factor analysis is difficult using only the vehicle/diagnostic data of the ECU in which the communication error occurred. For example, if the ECU in which the communication error occurred is in charge of managing each area/zone (front, rear, left, right), after grasping the situation of each area/zone, it is possible to grasp the basis and situation of vehicle control. This is because it is necessary to The same is true when the ECU performs each function (automatic driving control, driving support control, power train, vehicle body control, etc.).
  • the following problems can be solved by comparing it with this embodiment. That is, for ECU 210 with communication with transmission/reception unit 110 cut off, the vehicle/diagnostic data generated by ECU 210 cannot be updated after time T, but communication with transmission/reception unit 110 is cut off.
  • the vehicle/diagnostic data generated by the ECU 220 that is not in use continues to be transmitted to the central ECU 100 after the time T as well. Data continues to be overwritten in the cache 140, which is a volatile memory. In other words, the data that has been saved up to that point is erased.
  • the vehicle/diagnostic data generated by the ECU 220 at time T will not be saved. It is not possible to analyze what kind of event occurred to cause an error.
  • the vehicle/diagnostic data generated by the ECUs 210 and 220 at time T are reliably stored in the storage 160 . Therefore, when the communication error of the ECU 210 is resolved, it becomes possible to grasp the state of the entire vehicle at the time T, and it becomes possible to use it for analysis of the cause of the communication error occurring in the ECU 210 and problems accompanying it. .
  • communication between the ECUs 210 and 220 and the transmitting/receiving unit 110 is performed via individual paths (eg, Ethernet, CAN, or SerDes), but the connection method is limited to this. can't Specifically, as shown in FIG. 6, the communication bus 700 shared by the ECUs 210 and 220 may be connected to the transmitting/receiving section 110 . Alternatively, the connection may be made via a switching device 800 as shown in FIG. In either case, it is possible to simplify the communication path configuration, and for example, by collectively connecting ECUs belonging to the same functional system to the transmitting/receiving unit 110 via a common bus or switching device, Data can be easily managed.
  • individual paths eg, Ethernet, CAN, or SerDes
  • FIG. 3 is a block diagram showing an example of the configuration of the electronic control system 1 according to this embodiment.
  • the configuration of the central ECU 100 in this embodiment is the same as that in the first embodiment, and the description thereof will be omitted.
  • This embodiment differs from the first embodiment in that data is stored in the cache not only on the central ECU 100 side but also on the ECUs 210 and 220 side.
  • the ECU 210 has a transmission/reception section 111, an error detection section 121, an information processing section 131, a third storage section (cache 141), and an information acquisition section 300.
  • the ECU 220 also has the same configuration.
  • the transmitting/receiving unit 111 communicates with the transmitting/receiving unit 110 on the central ECU 100 side.
  • the error detection unit 121 issues an error detection signal and transmits it to the information processing unit 131 when detecting a communication error occurring between the transmission/reception units 110 and 111 .
  • the information acquisition unit 300 is a sensing element such as a camera or radar, and acquires information regarding vehicle control and safety.
  • the information processing section 131 processes the information acquired by the information acquisition section 300 and generates a processed signal.
  • the error detection unit 121 when the error detection unit 121 detects a communication error, it transmits an error detection signal to the information processing unit 131, and the information processing unit 131 receives the error detection signal.
  • Information about the processed signal generated within a predetermined time before and after the detection of the communication error is stored in the cache 141 until the communication error is resolved.
  • the error detection unit 121 monitors whether an error has occurred in the communication between the transmission/reception units 110 and 111 (step S401). If the error detection unit 121 has not detected an error ("No" in step S401), the information processing unit 131 processes the information acquired by the information acquisition unit 300 to generate a processed signal (step S402). The information processing unit 131 then transmits the processed signal to the transmission/reception unit 111 (step S403). After that, the above flow is repeated until an error occurs.
  • the error detection unit 121 When the error detection unit 121 detects a communication error (“Yes” in step S401), the error detection unit 121 issues an error detection signal indicating that a communication error has been detected, and transmits it to the information processing unit 131 (step S404). ).
  • the information processing unit 131 that has received the error detection signal stores information about the processing signal generated within a predetermined time before and after the error detection unit 121 detects the error in the cache 141 until the communication error is resolved (step S405). ).
  • the error detection unit 121 monitors whether or not the communication error has been resolved (step S406). If the communication error has been resolved (“Yes” in step S406), the information processing unit 131 transmits the data stored in the cache 141 to the transmission/reception unit 111. FIG. If the communication error is not resolved (“No” in step S406), the process proceeds to step S408, and safety control such as stopping the vehicle or degenerating (lowering the automatic driving level, etc.) is performed.
  • the data that could not be transmitted to the central ECU 100 and that was generated by the ECU in which the communication error occurred after the communication error occurred can be restored to the communication. can be sent later. Therefore, by analyzing the continuity of data generated before and after the communication error occurs, detailed factor analysis becomes possible, and maintenance can be facilitated and feedback to the design can be realized. Note that there may be a time lag in cache data transmitted from the ECU 210 to the central ECU when communication is restored. is.
  • the data log can be retrieved from the ECU and retrieved from the cache. It becomes possible to grasp the state of each vehicle.
  • FIG. 5 is a block diagram showing the configuration of an electronic control system 1 according to Example 3 of the present invention.
  • This embodiment differs from the first embodiment in that it has an external communication unit 500 capable of communicating with the outside (control center or user) 600 of the vehicle 400 on which the central ECU 100 is mounted.
  • the external communication unit 500 is configured to be able to communicate with the signal processing unit 130, for example, to transfer vehicle/diagnostic data to a center or a user having a mobile terminal at any timing, or Data obtained by integrating and processing the data can be transmitted.
  • An electronic control system has a first electronic control unit and a plurality of second electronic control units, and the first electronic control unit receives signals output from the plurality of second electronic control units. and processes signals received from a plurality of second electronic control units to generate processing data, overwrites and saves the generated processing data in a storage unit, and a communication error occurs between at least one of the second electronic control units If an error occurs, save the processed data generated from the signals received from all the second electronic control units, which was saved in the storage unit when the occurrence of the communication error was detected, as data at the time of error occurrence without overwriting. .
  • the vehicle data of each ECU at the time of communication error can be saved in the storage of the central ECU, so it is possible to grasp the state of the entire vehicle at the time of communication error and perform factor analysis.
  • the data at the time of error includes processing data generated from signals received from all the second electronic control units from the time when the occurrence of the communication error is detected to the time before the predetermined time. This makes it possible to analyze data continuity and the like immediately before a communication error occurs, making it possible to facilitate analysis of error factors.
  • the storage unit has a first storage unit that overwrites the processed data and a second storage unit that stores the processed data without overwriting, and the first electronic control unit detects the occurrence of a communication error. In response, the error occurrence data is transferred from the first storage unit to the second storage unit.
  • a volatile cache memory having a smaller storage capacity than the second storage unit, which is a non-volatile storage memory, as the first storage unit, and it is possible to reduce the size of the device. .
  • the external communication unit transmits information including the processed data stored in the storage unit to the outside of the vehicle. to send. This will enable real-time center and driver notifications during vehicle operation, making it possible to provide highly reliable services such as safety control, alerting, logging, and trend analysis.
  • Each of the plurality of second electronic control units acquires information on the vehicle in which the electronic control system is mounted, processes the information to generate a processing signal, and when a communication error occurs, the communication error Information about the processed signal generated within a predetermined time before and after the occurrence of is stored in the third storage unit. This makes it possible to acquire data even after a communication error occurs by referring to the data log in the storage unit as needed.
  • Each of the plurality of second electronic control units stores information in the third storage unit until the communication error is resolved, and when the communication error is resolved, stores the information stored in the third storage unit in the third storage unit. - to the electronic control unit;
  • a plurality of second electronic control units are connected to the first electronic control unit via a common communication path or selectively connected via a switching circuit. This makes it possible to simplify the communication path between the second electronic control unit and the first electronic control unit.
  • 1 electronic control system 100 central ECU (first electronic control unit), 140 cache (first storage unit), 141 cache (third storage unit), 160 storage (second storage unit), 210, 220 ECU (second electronic control unit), 400 vehicle, 500 external communication unit, 600 external, 700 communication bus, 800 switching device

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Small-Scale Networks (AREA)

Abstract

The objective of the present invention is to provide an electronic control system that ascertains the states of the whole vehicle at the time of occurrence of a communication error after a communication recovery even in a case of the communication error having occurred in a Zone architecture. An electronic control system 1 according to the present invention comprises a first electronic control device 100 and a plurality of second electronic control devices 210, 220. The first electronic control device 100 receives signals outputted from the plurality of second electronic control devices 210, 220; generates processed data by processing the signals received from the plurality of second electronic control devices 210, 220; stores the generated processed data in a first storage unit 140 by overwriting; and, in a case of a communication error occurring between the first electronic control device 100 and at least one of the second electronic control devices 210, 220, stores, without overwriting, as the data at the time of occurrence of the error, the processed data that had been stored in the first storage unit 140 at the time of detecting the occurrence of the communication error and that was generated from the signals outputted from all of the second electronic control devices 210, 220.

Description

電子制御システムelectronic control system
 本発明は、車両/診断データのメモリ格納方式を制御する電子制御システムに関する。 The present invention relates to an electronic control system that controls the memory storage method of vehicle/diagnostic data.
 自動車の高性能化に伴い、各機能を発揮するための電子制御装置(ECU:Electrical Control Unit)の数も増加傾向にある。ECUの数が多いとECU間のネットワーク構成が複雑になり、信号遅延等の問題が生じ得る。このような問題に対して、近年では、ECUを機能系統ごとにまとめて、それらを中央集中電子制御装置(セントラルECU)によってまとめて制御するZoneアーキテクチャ構成の導入が検討されている。また、自動運転化に伴い、車両/診断データは増加傾向にある。加えて、小型化・低コストの要求からセントラルECU以外のECU(以降、他ECUと記載)は内部メモリの増加を抑制するため、他ECUによって処理された各種データのセントラルECUによる管理・保存の需要が高まっている。 With the increasing performance of automobiles, the number of electronic control units (ECUs: Electrical Control Units) to demonstrate each function is also increasing. If the number of ECUs is large, the network configuration between the ECUs becomes complicated, which may cause problems such as signal delay. In order to address such a problem, in recent years, the introduction of a zone architecture configuration, in which ECUs are grouped for each functional system and collectively controlled by a centralized electronic control unit (central ECU), is under consideration. In addition, vehicle/diagnostic data tends to increase with the advent of automated driving. In addition, due to the demand for miniaturization and low cost, ECUs other than the central ECU (hereinafter referred to as other ECUs) suppress the increase in internal memory. Demand is growing.
 上記のZoneアーキテクチャ構成を採用した場合、他ECUからセントラルECUに集められる車両/診断データは他ECUを経由しない、つまり他ECU内に保存されないため、例えば同一の機能系統上の少なくとも1つの他ECUとセントラルECUとの間で通信エラーが起こってしまうと、セントラルECUが管理・保存しているデータの更新タイミングが他ECU間で異なってしまうおそれがある。つまり、通信エラーが起こった当該他ECUの車両/診断データは更新されないが、それ以外の他ECUの車両/診断データは更新される。すると、通信エラーが生じた時点における他ECUの車両/診断データは上書きされ、通信エラー発生時の車両全体の情報が得られない。これでは、セントラルECUで保存したデータを活用した要因分析が困難になってしまう。その中で、異常発生時のデータを確保する方法として、例えば特許文献1がある。 When the Zone architecture configuration described above is adopted, vehicle/diagnostic data collected from other ECUs to the central ECU does not pass through other ECUs, that is, is not stored in other ECUs. If a communication error occurs between the central ECU and the central ECU, the update timing of the data managed and stored by the central ECU may differ between the other ECUs. In other words, the vehicle/diagnostic data of the other ECU in which the communication error occurred is not updated, but the vehicle/diagnostic data of the other ECUs are updated. Then, the vehicle/diagnostic data of the other ECU at the time when the communication error occurred is overwritten, and the information of the entire vehicle at the time of the communication error cannot be obtained. This makes factor analysis using the data stored in the central ECU difficult. Among them, there is, for example, Patent Document 1 as a method of securing data when an abnormality occurs.
 特許文献1では、課題として、「異常発生時から記憶処理の実行までに車両状態の検出処理が何度か実行されたとしても、異常発生時における車両状態を確実に記憶する」ことが記載されている。そして、その解決手段として、「車両用異常状態記憶装置10は、第1車両状態記憶処理部23によって、車両状態検出処理部21が各検出周期で検出する車両状態を、インデックス番号付与処理部22が各車両状態に対応付けて付与したインデックス番号とともに第1記憶部13に記憶し、異常判定処理部24が車両状態に異常が発生したと判定した場合に、インデックス番号抽出処理部25によって、その車両状態に対応するインデックス番号を抽出し、第2車両状態記憶処理部26によって、検出周期よりも長い周期で設定された所定の記憶周期ごとに、インデックス番号抽出処理部25が抽出したインデックス番号に対応する車両状態を第2記憶部14に記憶する」ことが記載されている。 Japanese Patent Laid-Open No. 2002-200003 describes that the problem is to "reliably store the vehicle state at the time of occurrence of an abnormality even if the vehicle state detection process is executed several times from the time of occurrence of an abnormality to the execution of the storage process." ing. As a means for solving this problem, the vehicle abnormal state storage device 10 stores the vehicle state detected by the vehicle state detection processing unit 21 in each detection cycle by the first vehicle state storage processing unit 23, and the index number assignment processing unit 22 is stored in the first storage unit 13 together with an index number assigned in correspondence with each vehicle state, and when the abnormality determination processing unit 24 determines that an abnormality has occurred in the vehicle state, the index number extraction processing unit 25 An index number corresponding to the vehicle state is extracted, and the index number extracted by the index number extraction processing unit 25 is stored by the second vehicle state storage processing unit 26 for each predetermined storage cycle set to a longer cycle than the detection cycle. The corresponding vehicle state is stored in the second storage unit 14".
特開2013-142617号公報JP 2013-142617 A
 しかしながら、特許文献1に記載の発明では、車両/診断データに対して常時インデックス付与処理を行うため、演算処理負荷が高くなってしまう。また、セントラルECUに複数ECUが接続された場合に、異常が発生した当該ECUの車両データしか第2記憶部に格納されず、異常が発生したECU以外の車両データとの更新ミスマッチが起こり、セントラルECU内に保存された車両データを使った要因分析時に各ECUの車両データがそろっておらず、分析が困難になることが課題であった。 However, in the invention described in Patent Document 1, indexing processing is always performed on vehicle/diagnostic data, which increases the computational processing load. In addition, when multiple ECUs are connected to the central ECU, only the vehicle data of the ECU in which an abnormality has occurred is stored in the second storage unit, causing an update mismatch with vehicle data other than the ECU in which the abnormality has occurred. When performing factor analysis using vehicle data stored in the ECU, the vehicle data for each ECU was not complete, making the analysis difficult.
 上記課題を解決するために、本発明に係る電子制御システムは、第一電子制御装置及び複数の第二電子制御装置を有し、第一電子制御装置は、複数の第二電子制御装置から出力された信号を受信し、該複数の第二電子制御装置から受信した信号を処理して処理データを生成し、該生成した処理データを記憶部に上書き保存し、少なくとも一つの第二電子制御装置との間に通信エラーが発生した場合に、該通信エラーの発生を検知した時点に記憶部に保存されていた、全ての第二電子制御装置から受信した信号から生成した処理データをエラー発生時データとして上書きせずに保存する。 In order to solve the above problems, an electronic control system according to the present invention has a first electronic control unit and a plurality of second electronic control units, and the first electronic control unit outputs from the plurality of second electronic control units receive the signals received from the plurality of second electronic control units, process the signals received from the plurality of second electronic control units to generate processing data, overwrite save the generated processing data in a storage unit, and store at least one second electronic control unit If a communication error occurs between Save without overwriting as data.
 本発明によれば、通信エラー時/直前の各ECUの車両データがセントラルECUのストレージに保存することができるため、通信エラー発生時の車両全体の状態を把握し、要因分析ができる。
 本発明に関連する更なる特徴は、本明細書の記述、添付図面から明らかになるものである。また、上記した以外の課題、構成及び効果は、以下の実施例の説明により明らかにされる。 According to the present invention, the vehicle data of each ECU at the time of/immediately before the communication error can be saved in the storage of the central ECU, so that the state of the entire vehicle at the time of the communication error can be grasped and factor analysis can be performed.
Further features related to the present invention will become apparent from the description of the specification and the accompanying drawings. Further, problems, configurations and effects other than those described above will be clarified by the following description of the embodiments.
本発明の実施例1に係る電子制御システムの構成を示すブロック図。1 is a block diagram showing the configuration of an electronic control system according to Embodiment 1 of the present invention; FIG. 本発明の実施例1に係る電子制御システムが行う処理を示すフロー図。FIG. 4 is a flowchart showing processing performed by the electronic control system according to the first embodiment of the present invention; 本発明の実施例2に係る電子制御システムの構成を示すブロック図。The block diagram which shows the structure of the electronic control system which concerns on Example 2 of this invention. 本発明の実施例2に係る電子制御システムが行う処理を示すフロー図。The flowchart which shows the process which the electronic control system which concerns on Example 2 of this invention performs. 本発明の実施例3に係る電子制御システムの構成を示すブロック図。The block diagram which shows the structure of the electronic control system which concerns on Example 3 of this invention. 本発明の実施例1に係る電子制御装置間の接続構成の一例を示す図。1 is a diagram showing an example of a connection configuration between electronic control units according to Embodiment 1 of the present invention; FIG. 本発明の実施例1に係る電子制御装置間の接続構成の他の例を示す図。FIG. 5 is a diagram showing another example of the connection configuration between the electronic control units according to the first embodiment of the present invention;
 以下、図面を参照して本電子制御システムとテスト方式に係る実施の形態を説明する。ただし、以下に示す実施形態はあくまでも例示に過ぎず、実施形態で明示しない種々の変形例や技術の適用を排除する意図はない。すなわち、本実施形態を、その趣旨を逸脱しない範囲で種々変形して実施することができる。又、各図は、図中に示す構成要素のみを備えるという趣旨ではなく、他の機能等を含むことができる。 An embodiment of this electronic control system and test method will be described below with reference to the drawings. However, the embodiments shown below are merely examples, and are not intended to exclude the application of various modifications and techniques not explicitly described in the embodiments. In other words, the present embodiment can be modified in various ways without departing from the spirit of the embodiment. Also, each drawing does not mean that it has only the components shown in the drawing, but can include other functions.
[実施例1]
 図1は、実施例1に係る電子制御システム1の全体構成を示すブロック図である。車両に搭載される電子制御システム1は、第一電子制御装置(セントラルECU100)と、複数の第二電子制御装置(ECU210及びECU220)と、を有する。セントラルECU100は、送受信部110、エラー検知部120、信号処理部130、第一の記憶部(キャッシュ140)、データ転送指示部150、及び第二の記憶部(ストレージ160)を有する。ECU210、220は、車両に搭載される各種の機器(例えば、カメラ、LiDAR等のレーダーセンシング装置)であり、車両の制御状態や安全性に係る状態に関する情報を取得して、車両/診断データを生成する。なお、本実施例においてはECUが2台の場合を説明するが、ECUの台数は複数であればその数に限りはない。 [Example 1]
FIG. 1 is a block diagram showing the overall configuration of an electronic control system 1 according to the first embodiment. An electronic control system 1 mounted on a vehicle has a first electronic control unit (central ECU 100) and a plurality of second electronic control units (ECU 210 and ECU 220). The central ECU 100 has a transmission/reception section 110, an error detection section 120, a signal processing section 130, a first storage section (cache 140), a data transfer instruction section 150, and a second storage section (storage 160). The ECUs 210 and 220 are various devices mounted on the vehicle (for example, a camera, a radar sensing device such as LiDAR), acquire information about the control state and safety state of the vehicle, and provide vehicle/diagnostic data. Generate. In this embodiment, two ECUs are used, but the number of ECUs is not limited as long as it is plural.
 送受信部110は、ECU210及びECU220との間でデータの送受信を行う。エラー検知部120は、送受信部110とECU210及びECU220との間のデータの送受信に関して生じたエラーを検知する。なお、本実施例においてエラーは送受信部110とECU210及びECU220との間の通信が遮断された通信エラーであるものとする。信号処理部130は、送受信部110が受信した、ECU210及びECU220が処理した信号を処理して処理データを生成する。 The transmission/reception unit 110 transmits and receives data to and from the ECU 210 and the ECU 220 . The error detection unit 120 detects an error that has occurred in data transmission/reception between the transmission/reception unit 110 and the ECUs 210 and 220 . In this embodiment, the error is assumed to be a communication error in which communication between the transmitting/receiving unit 110 and the ECUs 210 and 220 is interrupted. The signal processing unit 130 processes signals processed by the ECUs 210 and 220 and received by the transmitting/receiving unit 110 to generate processing data.
 キャッシュ140及びストレージ160は、信号処理部130が生成した処理データを格納する。本実施例において、キャッシュ140の記憶容量はストレージ160の記憶容量よりも小さい。他の実施例においても同様である。また、本実施例においてストレージ160はセントラルECU100に内蔵されているが、セントラルECU100が搭載される車両内の別の領域に搭載されていてもよい。データ転送指示部150は、信号処理部130に対し、キャッシュ140に格納された処理データをストレージ160に転送するように指示する転送指示信号を送信する。そして、本実施例においては、詳しくは後述するがデータ転送指示部150はエラー検知部120からエラー検知信号を受信した際にデータ転送信号を信号処理部130に送信する。 The cache 140 and storage 160 store the processed data generated by the signal processing unit 130 . In this embodiment, the storage capacity of cache 140 is smaller than the storage capacity of storage 160 . The same applies to other embodiments. Further, although the storage 160 is built in the central ECU 100 in this embodiment, it may be mounted in another area within the vehicle in which the central ECU 100 is mounted. The data transfer instruction unit 150 transmits a transfer instruction signal instructing the signal processing unit 130 to transfer the processed data stored in the cache 140 to the storage 160 . In this embodiment, the data transfer instructing section 150 transmits a data transfer signal to the signal processing section 130 when it receives an error detection signal from the error detecting section 120, which will be described later in detail.
 本実施例のように複数のECU210、220をセントラルECU100と通信可能に接続することによって、複数のECU210、220が有する不揮発性メモリにすべての車両/診断データを保存せず、セントラルECU100内で保存・管理を行うことが可能になる。なお、ECU210、220は、揮発性メモリを有し、セントラルECU100に送信する前に全データを該メモリに格納してもよい。 By connecting the plurality of ECUs 210 and 220 to the central ECU 100 so as to be able to communicate with each other as in the present embodiment, all vehicle/diagnostic data is not saved in the non-volatile memories of the plurality of ECUs 210 and 220, but is saved in the central ECU 100.・Management becomes possible. It should be noted that the ECUs 210 and 220 may have volatile memory and store all data in the memory before sending to the central ECU 100 .
 図2は、本実施例にかかる電子制御システムが行う処理を示すフロー図である。送受信部110がECU210、220との間で通信を行っている間、エラー検知部120は、送受信部110とECU210、220との間の通信にエラーが生じているか否か監視する(ステップS201)。エラー検知部120がエラーを検知しない場合(ステップS201で“No”)、ECU210、220が処理した車両/診断データは、信号処理部130に転送され、信号処理部130により処理されて処理データが生成される(ステップS202)。生成された処理データはまず例えば揮発性メモリにより構成されるキャッシュ140に送信され、上書き保存される(ステップS203)。さらに、任意のタイミングでキャッシュ140に格納されたデータを例えば不揮発性メモリから構成されるストレージ160に転送して格納し、上書きせずに保存する(ステップS204)。以降はエラーが生じるまで上記フローを繰り返す。キャッシュ140に保存されるデータは上書き保存されるためそれまでの保存されていたデータは消去されてしまう。したがって、所定の時間毎に、キャッシュ140よりも大きい記憶容量を有するストレージ160に保存することによって、所定の時間毎の処理データを保存することが可能になる。 FIG. 2 is a flowchart showing the processing performed by the electronic control system according to this embodiment. While the transmission/reception unit 110 is communicating with the ECUs 210 and 220, the error detection unit 120 monitors whether an error has occurred in the communication between the transmission/reception unit 110 and the ECUs 210 and 220 (step S201). . When the error detection unit 120 does not detect an error ("No" in step S201), the vehicle/diagnostic data processed by the ECUs 210 and 220 is transferred to the signal processing unit 130, and processed by the signal processing unit 130 to obtain the processed data. generated (step S202). The generated processing data is first sent to the cache 140 configured by, for example, a volatile memory, and overwritten (step S203). Furthermore, the data stored in the cache 140 is transferred to and stored in the storage 160 configured by, for example, a non-volatile memory at an arbitrary timing, and saved without being overwritten (step S204). After that, the above flow is repeated until an error occurs. Since the data stored in the cache 140 is overwritten and stored, the data stored up to that point is erased. Therefore, by storing the data in the storage 160 having a storage capacity larger than that of the cache 140 every predetermined time, it becomes possible to store the processed data for each predetermined time.
 エラー検知部120が通信エラーを検知した場合(ステップS201で“Yes”)、エラー検知部120はエラー検知したことを示すエラー検知信号を発行し、データ転送指示部150に送信する(ステップS205)。以下では例えばECU210と送受信部110との間に通信エラーが生じたものとして説明する。エラー検知信号を受信したデータ転送指示部150は、キャッシュ140に格納されたデータをストレージ160に転送するように指示する転送指示信号を発行し、信号処理部130に送信する。 When the error detection unit 120 detects a communication error (“Yes” in step S201), the error detection unit 120 issues an error detection signal indicating that an error has been detected, and transmits the error detection signal to the data transfer instruction unit 150 (step S205). . In the following description, it is assumed that a communication error has occurred between the ECU 210 and the transmitting/receiving section 110, for example. Upon receiving the error detection signal, the data transfer instruction unit 150 issues a transfer instruction signal instructing the data stored in the cache 140 to be transferred to the storage 160 and transmits the transfer instruction signal to the signal processing unit 130 .
 そして、転送指示信号を受信した信号処理部130は、データ転送指示部150がエラー検知信号を受信した時点から所定の時間だけ遡った時点までの間にキャッシュ140に保存されていた、全てのECU210、220が生成した車両/診断データに対応する処理データを、エラー発生時データとしてストレージ160に転送・格納する(ステップS207)。 Then, the signal processing unit 130, which has received the transfer instruction signal, detects all the ECUs 210 stored in the cache 140 from the time when the data transfer instruction unit 150 receives the error detection signal to the time before the predetermined time. , 220 is transferred to and stored in the storage 160 as error occurrence data (step S207).
 具体的には、例えば時刻Tにおいてデータ転送指示部150がエラー検知信号を受信した場合、信号処理部130は、時刻TからΔtだけ遡った時刻T―Δtまでの間にECU210、220の各々から受信した信号を処理して生成した処理データについて、キャッシュ140からストレージ160に転送する。 Specifically, for example, when data transfer instruction unit 150 receives an error detection signal at time T, signal processing unit 130 receives an The processed data generated by processing the received signal is transferred from the cache 140 to the storage 160 .
 その後、通信エラーが解消したか否かを判断する(ステップS208)。通信エラーが解消した場合(ステップS208で“Yes”)、ステップS201に戻る。通信エラーが解消しない場合(ステップS208で“No”)、ステップS209に移行し、停車や縮退(自動運転レベルの引き下げ等)等の安全制御を行う。 After that, it is determined whether or not the communication error has been resolved (step S208). If the communication error is resolved ("Yes" in step S208), the process returns to step S201. If the communication error is not resolved ("No" in step S208), the process proceeds to step S209, and safety control such as stopping the vehicle or degenerating (lowering the automatic driving level, etc.) is performed.
 なお、本実施例においてエラーは通信エラーであるとして説明したが、これに限らず、信号異常やECUの故障であってもよい。また、エラー検知方法は多数あるが、例えば、CRCチェックやパケットロスカウンタによる判定などが考えられる。 In this embodiment, the error is explained as being a communication error, but it is not limited to this, and may be a signal abnormality or an ECU failure. Also, although there are many error detection methods, for example, determination by a CRC check or a packet loss counter is conceivable.
 本実施例では、上記の構成により、電子制御システムにおいて通信エラーが発生した場合に、エラー時までにキャッシュメモリに格納された任意のデータをストレージに保存することができ、要因分析する際に車両全体の状態が把握できるため、要因分析が容易化できる。これは、車載システムの電子化が進み、複雑化する中で、通信エラーが発生した当該ECUの車両/診断データだけでは、要因分析が困難であるためである。例えば、通信エラーが生じたECUが各エリア/ゾーン(前方、後方、左側、右側)の管理を担っている場合に、各エリア/ゾーンの状況を把握した上で、車両制御の根拠や状況把握をする必要があるためである。また、ECUが各機能(自動運制御、運転支援制御、パワートレイン、車体制御など)を担う場合も同様である。 In this embodiment, with the above configuration, when a communication error occurs in the electronic control system, any data stored in the cache memory up to the time of the error can be saved in the storage, and when factor analysis is performed, the vehicle Since the overall state can be grasped, factor analysis can be facilitated. This is because, as vehicle systems become increasingly computerized and complicated, factor analysis is difficult using only the vehicle/diagnostic data of the ECU in which the communication error occurred. For example, if the ECU in which the communication error occurred is in charge of managing each area/zone (front, rear, left, right), after grasping the situation of each area/zone, it is possible to grasp the basis and situation of vehicle control. This is because it is necessary to The same is true when the ECU performs each function (automatic driving control, driving support control, power train, vehicle body control, etc.).
 上記について、本実施例に照らし合わせると、次のような問題を解決できる。すなわち、送受信部110との間の通信が遮断されているECU210については、ECU210が生成する車両/診断データについて時刻T以降は更新することができないが、送受信部110との間の通信が遮断されていないECU220が生成する車両/診断データについては、時刻T以降もセントラルECU100に送信され続ける。そして、揮発性メモリであるキャッシュ140にはデータが上書き保存され続ける。すなわち、それまで保存していたデータは消去される。したがって、通信エラーがある程度の時間継続した場合、ECU210と送受信部110との間の通信エラーが解消したとしても、時刻TにおいてECU220が生成した車両/診断データは保存されておらず、時刻Tにどのような事象が発生してエラーが生じたのか等を分析することができない。 Regarding the above, the following problems can be solved by comparing it with this embodiment. That is, for ECU 210 with communication with transmission/reception unit 110 cut off, the vehicle/diagnostic data generated by ECU 210 cannot be updated after time T, but communication with transmission/reception unit 110 is cut off. The vehicle/diagnostic data generated by the ECU 220 that is not in use continues to be transmitted to the central ECU 100 after the time T as well. Data continues to be overwritten in the cache 140, which is a volatile memory. In other words, the data that has been saved up to that point is erased. Therefore, if the communication error continues for a certain amount of time, even if the communication error between the ECU 210 and the transmitting/receiving unit 110 is resolved, the vehicle/diagnostic data generated by the ECU 220 at time T will not be saved. It is not possible to analyze what kind of event occurred to cause an error.
 しかし、本実施例によれば、時刻TにおいてECU210、220が生成した車両/診断データはストレージ160に確実に格納される。したがって、ECU210の通信エラーが解消した場合に、時刻Tにおける車両全体の状態を把握することが可能になり、ECU210に生じた通信エラーの原因やそれに付随する問題の分析に役立てることが可能になる。 However, according to this embodiment, the vehicle/diagnostic data generated by the ECUs 210 and 220 at time T are reliably stored in the storage 160 . Therefore, when the communication error of the ECU 210 is resolved, it becomes possible to grasp the state of the entire vehicle at the time T, and it becomes possible to use it for analysis of the cause of the communication error occurring in the ECU 210 and problems accompanying it. .
 なお、本実施例においては、ECU210、220と送受信部110との間の通信は、それぞれ個別の経路(例えばEthernetやCAN、またはSerDes)を介して行われていたが、接続方法はこれに限られない。具体的には、図6に示すようにECU210、220が共有する通信バス700によって送受信部110に接続されていてもよい。また、図7に示すように、スイッチング装置800を介して接続するようにしてもよい。いずれの場合でも、通信経路構成を簡略化することが可能になり、また、例えば同一の機能系統に属するECUをまとめて共通のバスまたはスイッチング装置を介して送受信部110に接続することによって、よりデータの管理を容易に行うことが可能になる。 In this embodiment, communication between the ECUs 210 and 220 and the transmitting/receiving unit 110 is performed via individual paths (eg, Ethernet, CAN, or SerDes), but the connection method is limited to this. can't Specifically, as shown in FIG. 6, the communication bus 700 shared by the ECUs 210 and 220 may be connected to the transmitting/receiving section 110 . Alternatively, the connection may be made via a switching device 800 as shown in FIG. In either case, it is possible to simplify the communication path configuration, and for example, by collectively connecting ECUs belonging to the same functional system to the transmitting/receiving unit 110 via a common bus or switching device, Data can be easily managed.
[実施例2]
 次に、実施例2に係る電子制御システムについて、図3及び図4を用いて説明する。図3は、本実施例にかかる電子制御システム1の構成の一例を示すブロック図である。本実施例におけるセントラルECU100の構成は実施例1と同様であり、説明を省略する。本実施例においては、セントラルECU100側のみではなく、ECU210、220側でもキャッシュにデータを格納する点が実施例1と異なる。 [Example 2]
Next, an electronic control system according to Example 2 will be described with reference to FIGS. 3 and 4. FIG. FIG. 3 is a block diagram showing an example of the configuration of the electronic control system 1 according to this embodiment. The configuration of the central ECU 100 in this embodiment is the same as that in the first embodiment, and the description thereof will be omitted. This embodiment differs from the first embodiment in that data is stored in the cache not only on the central ECU 100 side but also on the ECUs 210 and 220 side.
 本実施例においてECU210は、送受信部111、エラー検知部121、情報処理部131、第三記憶部(キャッシュ141)、及び情報取得部300を有する。ECU220についても同様の構成である。 In this embodiment, the ECU 210 has a transmission/reception section 111, an error detection section 121, an information processing section 131, a third storage section (cache 141), and an information acquisition section 300. The ECU 220 also has the same configuration.
 送受信部111は、セントラルECU100側の送受信部110との間で通信を行う。エラー検知部121は、送受信部110、111間で生じた通信エラーを検知した場合にエラー検知信号を発行し、情報処理部131に送信する。情報取得部300は、カメラやレーダ等のセンシング素子であり、車両制御や安全性に関する情報を取得する。情報処理部131は、情報取得部300が取得した情報を処理し、処理信号を生成する。 The transmitting/receiving unit 111 communicates with the transmitting/receiving unit 110 on the central ECU 100 side. The error detection unit 121 issues an error detection signal and transmits it to the information processing unit 131 when detecting a communication error occurring between the transmission/ reception units 110 and 111 . The information acquisition unit 300 is a sensing element such as a camera or radar, and acquires information regarding vehicle control and safety. The information processing section 131 processes the information acquired by the information acquisition section 300 and generates a processed signal.
 本実施例においては、エラー検知部121が通信エラーを検知した場合に、情報処理部131に対してエラー検知信号を送信し、情報処理部131は、エラー検知信号の受信に従って、エラー検知部121が通信エラーを検知した時点の前後所定時間内に生成された処理信号に関する情報を、通信エラーが解消するまでキャッシュ141に格納・保存する。 In the present embodiment, when the error detection unit 121 detects a communication error, it transmits an error detection signal to the information processing unit 131, and the information processing unit 131 receives the error detection signal. Information about the processed signal generated within a predetermined time before and after the detection of the communication error is stored in the cache 141 until the communication error is resolved.
 上記処理について図4のフローチャートを用いて説明する。送受信部111がセントラルECU100の送受信部110との間で通信を行っている間、エラー検知部121は、送受信部110、111間の通信にエラーが生じているか否か監視する(ステップS401)。エラー検知部121がエラーを検知していない場合(ステップS401で“No”)、情報処理部131は、情報取得部300が取得した情報を処理して処理信号を生成する(ステップS402)。そして情報処理部131は、処理した信号を送受信部111に送信する(ステップS403)。以降はエラーが生じるまで上記フローを繰り返す。 The above processing will be explained using the flowchart in FIG. While the transmission/reception unit 111 is communicating with the transmission/reception unit 110 of the central ECU 100, the error detection unit 121 monitors whether an error has occurred in the communication between the transmission/reception units 110 and 111 (step S401). If the error detection unit 121 has not detected an error ("No" in step S401), the information processing unit 131 processes the information acquired by the information acquisition unit 300 to generate a processed signal (step S402). The information processing unit 131 then transmits the processed signal to the transmission/reception unit 111 (step S403). After that, the above flow is repeated until an error occurs.
 エラー検知部121が通信エラーを検知した場合(ステップS401で“Yes”)、エラー検知部121は通信エラーを検知したことを示すエラー検知信号を発行し、情報処理部131に送信する(ステップS404)。エラー検知信号を受信した情報処理部131は、エラー検知部121がエラーを検知した時点の前後所定時間内に生成した処理信号に関する情報を、通信エラーが解消するまでキャッシュ141に格納する(ステップS405)。 When the error detection unit 121 detects a communication error (“Yes” in step S401), the error detection unit 121 issues an error detection signal indicating that a communication error has been detected, and transmits it to the information processing unit 131 (step S404). ). The information processing unit 131 that has received the error detection signal stores information about the processing signal generated within a predetermined time before and after the error detection unit 121 detects the error in the cache 141 until the communication error is resolved (step S405). ).
 その後、エラー検知部121は通信エラーが解消したか否かを監視する(ステップS406)。通信エラーが解消した場合(ステップS406で“Yes”)、情報処理部131は、キャッシュ141に格納していたデータを送受信部111に送信する。通信エラーが解消しない場合(ステップS406で“No”)、ステップS408に移行し、停車や縮退(自動運転レベルの引き下げ等)等の安全制御を行う。 After that, the error detection unit 121 monitors whether or not the communication error has been resolved (step S406). If the communication error has been resolved (“Yes” in step S406), the information processing unit 131 transmits the data stored in the cache 141 to the transmission/reception unit 111. FIG. If the communication error is not resolved ("No" in step S406), the process proceeds to step S408, and safety control such as stopping the vehicle or degenerating (lowering the automatic driving level, etc.) is performed.
 本実施例では、上記のような処理を行うことにより、実施例1の効果に加えて、セントラルECU100に送信できなかった、通信エラーが生じたECUが通信エラー発生後に生成したデータを、通信復帰後に送信可能になる。そのため、通信エラーが生じた時点前後に生成されたデータの連続性等を分析することにより詳細に要因分析が可能となり、メンテナンス容易化や設計へのフィードバックを実現することができる。なお、通信復帰時にECU210からセントラルECUに送信されるキャッシュデータについてはタイムラグが生じている場合があるが、例えばタイムスタンプ等を用いて信号処理部130が同期処理を行うことにより調整することが可能である。 In this embodiment, by performing the above-described processing, in addition to the effects of the first embodiment, the data that could not be transmitted to the central ECU 100 and that was generated by the ECU in which the communication error occurred after the communication error occurred can be restored to the communication. can be sent later. Therefore, by analyzing the continuity of data generated before and after the communication error occurs, detailed factor analysis becomes possible, and maintenance can be facilitated and feedback to the design can be realized. Note that there may be a time lag in cache data transmitted from the ECU 210 to the central ECU when communication is restored. is.
 なお、通信エラーが解消しなかったり、エラーを生じたECUが故障してしまったりしても、本実施例によれば、該ECUを取出しキャッシュからデータログを取得することで、通信エラー発生時の車両の状態を把握することが可能になる。 Even if the communication error is not resolved or the ECU that caused the error breaks down, according to this embodiment, the data log can be retrieved from the ECU and retrieved from the cache. It becomes possible to grasp the state of each vehicle.
[実施例3]
 図5は、本発明の実施例3にかかる電子制御システム1の構成を示すブロック図である。本実施例が実施例1と異なる点は、セントラルECU100が搭載された車両400の外部(管理センタやユーザ)600と通信可能な外部通信部500を有する点である。また、本実施例においては、外部通信部500は信号処理部130と通信可能に構成されており、例えばセンタや携帯端末を有するユーザなどへ任意のタイミングで車両/診断データを転送する、もしくは、前記データを統合、加工したデータを送信することができる。 [Example 3]
FIG. 5 is a block diagram showing the configuration of an electronic control system 1 according to Example 3 of the present invention. This embodiment differs from the first embodiment in that it has an external communication unit 500 capable of communicating with the outside (control center or user) 600 of the vehicle 400 on which the central ECU 100 is mounted. Further, in this embodiment, the external communication unit 500 is configured to be able to communicate with the signal processing unit 130, for example, to transfer vehicle/diagnostic data to a center or a user having a mobile terminal at any timing, or Data obtained by integrating and processing the data can be transmitted.
 上記の構成により、実施例1及び実施例2の効果に加えて、自動車の運用中におけるリアルタイムなセンタやドライバ通知が可能となり、安全制御や注意喚起、ログ取り、傾向分析などの高信頼なサービス提供が可能になる。 With the above configuration, in addition to the effects of Embodiments 1 and 2, real-time center and driver notifications during vehicle operation are possible, providing highly reliable services such as safety control, alerting, logging, and trend analysis. can be provided.
 以上で説明した本発明の実施例によれば、以下の作用効果を奏する。
(1)本発明に係る電子制御システムは、第一電子制御装置及び複数の第二電子制御装置を有し、第一電子制御装置は、複数の第二電子制御装置から出力された信号を受信し、複数の第二電子制御装置から受信した信号を処理して処理データを生成し、生成した処理データを記憶部に上書き保存し、少なくとも一つの第二電子制御装置との間に通信エラーが発生した場合に、通信エラーの発生を検知した時点に記憶部に保存されていた、全ての第二電子制御装置から受信した信号から生成した処理データをエラー発生時データとして上書きせずに保存する。 According to the embodiments of the present invention described above, the following effects are obtained.
(1) An electronic control system according to the present invention has a first electronic control unit and a plurality of second electronic control units, and the first electronic control unit receives signals output from the plurality of second electronic control units. and processes signals received from a plurality of second electronic control units to generate processing data, overwrites and saves the generated processing data in a storage unit, and a communication error occurs between at least one of the second electronic control units If an error occurs, save the processed data generated from the signals received from all the second electronic control units, which was saved in the storage unit when the occurrence of the communication error was detected, as data at the time of error occurrence without overwriting. .
 上記構成により、通信エラー時の各ECUの車両データがセントラルECUのストレージに保存することができるため、通信エラー時の車両全体の状態を把握し、要因分析ができる。 With the above configuration, the vehicle data of each ECU at the time of communication error can be saved in the storage of the central ECU, so it is possible to grasp the state of the entire vehicle at the time of communication error and perform factor analysis.
(2)エラー発生時データは、通信エラーの発生を検知した時点から所定の時間だけ遡った時点までの間に全ての第二電子制御装置から受信した信号から生成した処理データを含む。これにより、通信エラーが生じる直前からデータの連続性等を分析することが可能になり、エラー要因の分析を容易化させることが可能になる。 (2) The data at the time of error includes processing data generated from signals received from all the second electronic control units from the time when the occurrence of the communication error is detected to the time before the predetermined time. This makes it possible to analyze data continuity and the like immediately before a communication error occurs, making it possible to facilitate analysis of error factors.
(3)記憶部は、処理データを上書き保存する第一記憶部と、処理データを上書きせずに保存する第二記憶部を有し、第一電子制御装置は、通信エラーの発生を検知したことに応じて、エラー発生時データを第一記憶部から第二記憶部に転送する。これにより、第一記憶部として、不揮発性のストレージメモリである第二記憶部よりも記憶容量の小さい揮発性のキャッシュメモリを採用することが可能になり、装置を小型化することが可能になる。 (3) The storage unit has a first storage unit that overwrites the processed data and a second storage unit that stores the processed data without overwriting, and the first electronic control unit detects the occurrence of a communication error. In response, the error occurrence data is transferred from the first storage unit to the second storage unit. As a result, it becomes possible to adopt a volatile cache memory having a smaller storage capacity than the second storage unit, which is a non-volatile storage memory, as the first storage unit, and it is possible to reduce the size of the device. .
(4)電子制御システムが搭載される車両の外部との間で通信可能な外部通信部をさらに有し、外部通信部は、記憶部に保存された処理データを含む情報を車両の外部に対して送信する。これにより、自動車の運用中におけるリアルタイムなセンタやドライバ通知が可能となり、安全制御や注意喚起、ログ取り、傾向分析などの高信頼なサービス提供が可能になる。 (4) Further having an external communication unit capable of communicating with the outside of the vehicle in which the electronic control system is mounted, the external communication unit transmits information including the processed data stored in the storage unit to the outside of the vehicle. to send. This will enable real-time center and driver notifications during vehicle operation, making it possible to provide highly reliable services such as safety control, alerting, logging, and trend analysis.
(5)複数の第二電子制御装置の各々は、電子制御システムが搭載される車両の情報を取得し、情報を処理して処理信号を生成し、通信エラーが発生した場合に、該通信エラーが発生した時点の前後所定時間内に生成した処理信号に関する情報を第三記憶部に保存する。これにより、必要に応じて記憶部内のデータログを参照することで通信エラー発生後のデータについても取得することが可能になる。 (5) Each of the plurality of second electronic control units acquires information on the vehicle in which the electronic control system is mounted, processes the information to generate a processing signal, and when a communication error occurs, the communication error Information about the processed signal generated within a predetermined time before and after the occurrence of is stored in the third storage unit. This makes it possible to acquire data even after a communication error occurs by referring to the data log in the storage unit as needed.
 (6)複数の第二電子制御装置の各々は、情報を通信エラーが解消するまで第三記憶部に保存し、通信エラーが解消した場合に、第三記憶部に保存していた情報を第一電子制御装置に送信する。これにより、通信エラー時にセントラルECUに送信できなかった通信エラー発生直後のデータを、通信復帰後に送信可能になり、より詳細に要因分析が可能となり、メンテナンス容易化や設計へのフィードバックを実現することができる。 (6) Each of the plurality of second electronic control units stores information in the third storage unit until the communication error is resolved, and when the communication error is resolved, stores the information stored in the third storage unit in the third storage unit. - to the electronic control unit; As a result, data immediately after a communication error that could not be sent to the central ECU at the time of the communication error can be sent after the communication is restored, enabling more detailed factor analysis, facilitating maintenance, and providing feedback to design. can be done.
(7)複数の第二電子制御装置は、第一電子制御装置に、共通の通信経路を介して接続されているか、またはスイッチング回路を介して選択的に接続されている。これにより、第二電子制御装置と第一電子制御装置との間の通信経路を簡略化することが可能になる。 (7) A plurality of second electronic control units are connected to the first electronic control unit via a common communication path or selectively connected via a switching circuit. This makes it possible to simplify the communication path between the second electronic control unit and the first electronic control unit.
 本発明は、技術的範囲は上記実施の形態に記載の範囲には限定されるものではなく、本発明の主要な特徴から逸脱することなく、様々な変形例が含まれる。そのため、前述の実施例は単なる例示に過ぎず、限定的に解釈してはならない。また、各実施例の構成の一部について、他の構成の追加・削除・置換をすることが可能であって、すべて本発明の範囲内のものである。 The technical scope of the present invention is not limited to the range described in the above embodiments, and includes various modifications without departing from the main features of the present invention. Therefore, the above-described embodiments are merely illustrative and should not be construed as limiting. Moreover, it is possible to add, delete, or replace a part of the configuration of each embodiment with other configurations, all of which are within the scope of the present invention.
1 電子制御システム、100 セントラルECU(第一電子制御装置)、140 キャッシュ(第一記憶部)、141 キャッシュ(第三記憶部)、160 ストレージ(第二記憶部)、210、220 ECU(第二電子制御装置)、400 車両、500 外部通信部、600 外部、700 通信バス、800 スイッチング装置 1 electronic control system, 100 central ECU (first electronic control unit), 140 cache (first storage unit), 141 cache (third storage unit), 160 storage (second storage unit), 210, 220 ECU (second electronic control unit), 400 vehicle, 500 external communication unit, 600 external, 700 communication bus, 800 switching device

Claims (7)

  1.  第一電子制御装置及び複数の第二電子制御装置を有する電子制御システムであって、
     前記第一電子制御装置は、
     前記複数の第二電子制御装置から出力された信号を受信し、
     前記複数の第二電子制御装置から受信した信号を処理して処理データを生成し、
     該生成した処理データを記憶部に上書き保存し、
     少なくとも一つの前記第二電子制御装置との間に通信エラーが発生した場合に、該通信エラーの発生を検知した時点に前記記憶部に保存されていた、全ての前記第二電子制御装置から受信した信号から生成した前記処理データをエラー発生時データとして上書きせずに保存する、
    ことを特徴とする電子制御システム。     An electronic control system having a first electronic control unit and a plurality of second electronic control units,
    The first electronic control unit,
    receiving signals output from the plurality of second electronic control units;
    processing signals received from the plurality of second electronic controllers to generate processed data;
    overwriting the generated processing data in a storage unit;
    When a communication error occurs with at least one of the second electronic control units, received from all of the second electronic control units stored in the storage unit at the time when the occurrence of the communication error is detected. saving the processed data generated from the generated signal as data at the time of error occurrence without overwriting;
    An electronic control system characterized by:
  2.  請求項1に記載の電子制御システムであって、
     前記エラー発生時データは、前記通信エラーの発生を検知した時点から所定の時間だけ遡った時点までの間に全ての前記第二電子制御装置から受信した信号から生成した前記処理データを含む、
    ことを特徴とする電子制御システム。     The electronic control system of claim 1,
    The data at the time of error occurrence includes the processed data generated from the signals received from all the second electronic control units from the time when the occurrence of the communication error is detected to the time before a predetermined time.
    An electronic control system characterized by:
  3.  請求項1に記載の電子制御システムであって、
     前記記憶部は、前記処理データを上書き保存する第一記憶部と、前記処理データを上書きせずに保存する第二記憶部を有し、
     前記第一電子制御装置は、前記通信エラーの発生を検知したことに応じて、前記エラー発生時データを前記第一記憶部から前記第二記憶部に転送する、
    ことを特徴とする電子制御システム。     The electronic control system of claim 1,
    The storage unit has a first storage unit that overwrites the processed data and a second storage unit that stores the processed data without overwriting,
    The first electronic control unit transfers the data at the time of error occurrence from the first storage unit to the second storage unit in response to detecting the occurrence of the communication error.
    An electronic control system characterized by:
  4.  請求項1に記載の電子制御システムであって、
     前記電子制御システムが搭載される車両の外部との間で通信可能な外部通信部をさらに有し、
     前記外部通信部は、前記記憶部に保存された前記処理データを含む情報を前記車両の外部に対して送信する、
    ことを特徴とする電子制御システム。     The electronic control system of claim 1,
    further comprising an external communication unit capable of communicating with the outside of the vehicle in which the electronic control system is mounted;
    wherein the external communication unit transmits information including the processed data stored in the storage unit to the outside of the vehicle;
    An electronic control system characterized by:
  5.  請求項1に記載の前記電子制御システムであって、
     前記複数の第二電子制御装置の各々は、
     前記電子制御システムが搭載される車両の情報を取得し、
     該情報を処理して処理信号を生成し、
     前記通信エラーが発生した場合に、該通信エラーが発生した時点の前後所定時間内に生成した前記処理信号に関する情報を第三記憶部に保存する、
    ことを特徴とする電子制御システム。     The electronic control system of claim 1, wherein
    Each of the plurality of second electronic control units,
    Acquiring information on a vehicle in which the electronic control system is installed,
    processing the information to generate a processed signal;
    when the communication error occurs, storing information about the processed signal generated within a predetermined time before and after the communication error occurs in a third storage unit;
    An electronic control system characterized by:
  6.  請求項5に記載の電子制御システムであって、
     前記複数の第二電子制御装置の各々は、前記情報を前記通信エラーが解消するまで前記第三記憶部に保存し、該通信エラーが解消した場合に、前記第三記憶部に保存していた前記情報を前記第一電子制御装置に送信する、
    ことを特徴とする電子制御システム。     An electronic control system according to claim 5,
    Each of the plurality of second electronic control units stores the information in the third storage unit until the communication error is resolved, and stores the information in the third storage unit when the communication error is resolved. transmitting the information to the first electronic controller;
    An electronic control system characterized by:
  7.  請求項1に記載の電子制御システムであって、
     前記複数の第二電子制御装置は、前記第一電子制御装置に、共通の通信経路を介して接続されているか、またはスイッチング回路を介して選択的に接続されている、
    ことを特徴とする電子制御システム。     The electronic control system of claim 1,
    The plurality of second electronic control units are connected to the first electronic control unit via a common communication path or selectively connected via a switching circuit,
    An electronic control system characterized by:
PCT/JP2022/031653 2022-03-01 2022-08-23 Electronic control system WO2023166758A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2022031175A JP2023127404A (en) 2022-03-01 2022-03-01 electronic control system
JP2022-031175 2022-03-01

Publications (1)

Publication Number Publication Date
WO2023166758A1 true WO2023166758A1 (en) 2023-09-07

Family

ID=87883461

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/031653 WO2023166758A1 (en) 2022-03-01 2022-08-23 Electronic control system

Country Status (2)

Country Link
JP (1) JP2023127404A (en)
WO (1) WO2023166758A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015113002A (en) * 2013-12-11 2015-06-22 株式会社オートネットワーク技術研究所 On-vehicle communication system
JP2018079720A (en) * 2016-11-14 2018-05-24 三菱電機株式会社 On-vehicle control device, gateway device, and on-vehicle network system
JP2019125867A (en) * 2018-01-12 2019-07-25 パナソニックIpマネジメント株式会社 Monitoring device, monitoring system and monitoring method
JP2021061538A (en) * 2019-10-08 2021-04-15 三菱電機株式会社 Communication data recording device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015113002A (en) * 2013-12-11 2015-06-22 株式会社オートネットワーク技術研究所 On-vehicle communication system
JP2018079720A (en) * 2016-11-14 2018-05-24 三菱電機株式会社 On-vehicle control device, gateway device, and on-vehicle network system
JP2019125867A (en) * 2018-01-12 2019-07-25 パナソニックIpマネジメント株式会社 Monitoring device, monitoring system and monitoring method
JP2021061538A (en) * 2019-10-08 2021-04-15 三菱電機株式会社 Communication data recording device

Also Published As

Publication number Publication date
JP2023127404A (en) 2023-09-13

Similar Documents

Publication Publication Date Title
CN105745871B (en) Vehicle having an ethernet bus system and method for operating such a bus system
US10942497B2 (en) Method and arrangement for providing redundancy in a vehicle electrical control system
US7024508B2 (en) Bus station with integrated bus monitor function
KR101575547B1 (en) The error variance detection method of can communication system and the can communication system
US20100052428A1 (en) Multi-cell battery system, and management number numbering method
US6643465B1 (en) Method for checking a ring optical network line for data transmission between a plurality of network subscribers in a motor vehicle
CN110967641B (en) Storage battery monitoring system and method
US8219279B2 (en) Method for on-board data backup for configurable programmable parameters
JP2017507432A (en) Measuring system having a plurality of sensors
US7441140B2 (en) Signal processing system
CN111629344B (en) Data transmission method, device, equipment and computer readable storage medium
CN112583683A (en) Master-slave CAN FD bus application layer communication method and system and electronic equipment
KR20100020253A (en) Monitoring apparatus for message transmission in network for a vehicle
US20090210171A1 (en) Monitoring device and monitoring method for a sensor, and sensor
US20080052560A1 (en) Field bus communication diagnosing device and field bus communication diagnosing method
CN113645048B (en) Network card switching method and device and field programmable gate array FPGA
WO2023166758A1 (en) Electronic control system
US9325567B2 (en) Communication system, method for operating such a communication system, and communication module
CN110071846B (en) Electronic control unit, monitoring method, and non-transitory computer readable medium
CN114115178B (en) Vehicle radar diagnosis method and system based on domain controller
JP2006020117A (en) Train-mounted information control system
CN110177032B (en) Message routing quality monitoring method and gateway controller
CN114967634A (en) Processor diagnostic device, processor diagnostic method, and electronic apparatus
CN108337143B (en) Communication structure, communication system, and communication method
JP6979630B2 (en) Monitoring equipment, monitoring methods and programs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22929902

Country of ref document: EP

Kind code of ref document: A1