Electronic control unit

Abstract

This prevents the unintended deletion of diagnostic information in the event of a power outage and appropriately reduces the scope of impact in the event of a failure to write the clear ID to non-volatile memory. [Solution] The electronic control device 1 includes a volatile memory 4 capable of storing multiple records related to diagnostic information, a non-volatile memory 5 on which records stored in the volatile memory are written, and a control unit 2 that, upon receiving a clear request, clears the records stored in the volatile memory and writes the records to the non-volatile memory. The control unit uses a clear ID for each record and a unified ID for centrally managing the clear IDs to manage the clear status of records and the status of writing records to the non-volatile memory.

Description

【Technical Field】 , 【0005】 【0001】 The present invention relates to an electronic control device. 【Background Art】 【0002】 For example, in an electronic control device (hereinafter referred to as an ECU (Electronic Control Unit)) mounted on a vehicle, a configuration is disclosed in which diagnostic processing is periodically performed at a predetermined cycle and records regarding diagnostic information obtained by the diagnostic processing are stored. 【Prior Art Documents】 【Patent Documents】 【0003】 【Patent Document 1】 Japanese Unexamined Patent Application Publication No. 2022-175365 <​​​​​​​​​​​​However, if a power outage occurs during the clear process, it is not possible to distinguish between uncleared records and records where anomalies were detected after the clear process. As a result, there is a problem in that records where anomalies were detected after the clear process are deleted. In addition, if the write of the clear process start / end flag to non-volatile memory fails at the end of the clear process, there is a problem in that the clear process for all records is performed semi-permanently. 【0006】 The present invention has been made in view of the above circumstances, and its purpose is to provide an electronic control device that can prevent the unintended deletion of diagnostic information when a power outage occurs, and can appropriately reduce the scope of impact when writing the clear process start / end flag to the non-volatile memory fails at the end of the clear process. [Means for solving the problem] 【0007】 The electronic control device (1) described in claim 1 comprises a volatile memory (4) capable of storing a plurality of records relating to diagnostic information, a non-volatile memory (5) on which the records stored in the volatile memory are written, and a control unit (2) that, upon receiving a clear request, clears the records stored in the volatile memory and writes the records to the non-volatile memory. The control unit uses a clear ID for each record and a unified ID for centrally managing the clear IDs to manage the clear state of the records in the volatile memory and the state of writing the records to the non-volatile memory. 【0008】 According to the above configuration, a record-level clear ID and a centralized ID for centrally managing the clear IDs are used to manage the clear state of records in volatile memory and the write state of records to non-volatile memory. By comparing the clear ID and the centralized ID when a power outage occurs, it is possible to distinguish between uncleared records and records where an anomaly was detected after the clear process, thus preventing the deletion of records where an anomaly was detected after the clear process. By using a record-level clear ID, the scope of impact of the semi-persistent processing of record clearing can be limited to one record. This prevents the unintended deletion of diagnostic information when a power outage occurs and appropriately reduces the scope of impact in the event of a failure to write the clear ID to non-volatile memory. [Brief explanation of the drawing] 【0009】 [Figure 1] Functional block diagram showing the overall configuration of the first embodiment [Figure 2] Diagram showing the Clear ID and the unified ID of the records to be cleared. [Figure 3] Flowchart showing the process of clearing diagnostic information [Figure 4] Diagram showing the state of the memory area [Figure 5] Diagram showing the state of the memory area [Figure 6] Diagram showing the state of the memory area [Figure 7] Diagram showing the state of the memory area [Figure 8] Flowchart showing the re-clearing process in the event of a power outage. [Figure 9] Diagram showing the state of the memory area [Figure 10] Diagram showing the state of the memory area [Figure 11] Diagram showing the order in which records are written. [Figure 12] Flowchart showing the diagnostic information clearing process in the second embodiment [Figure 13] Diagram showing the order in which records are written. [Modes for carrying out the invention] 【0010】 Several embodiments will be described below with reference to the drawings. In subsequent embodiments, the same content as in earlier embodiments will be omitted from the description. 【0011】 (First Embodiment) The first embodiment will be described with reference to Figures 1 to 11. The vehicle is equipped with multiple ECUs that control various functions. The multiple ECUs are interconnected via an in-vehicle network such as CAN (Controller Area Network), and perform various controls such as engine control, automatic transmission control, and autonomous driving control, either individually or in cooperation with other ECUs. The ECUs may be configured to control a single function, or they may be configured to control multiple functions in an integrated manner. 【0012】 As shown in Figure 1, the ECU1 is composed of a CPU (Central Processing Unit) 2 (corresponding to the control unit), ROM 3, RAM 4 (corresponding to volatile memory), flash memory 5 (corresponding to non-volatile memory), input / output circuit 6, and communication interface circuit 7, all interconnected via a communication bus 8. Although only one ECU1 is shown in Figure 1, numerous ECUs (not shown) are connected to the in-vehicle network 9. 【0013】 CPU2 reads the control program stored in ROM3 and controls the operation of ECU1 by performing data transfer, calculation, processing, control, and management according to the read control program. RAM4 is a storage medium that has the characteristic of losing data when the power supply is cut off, and temporarily stores data used in the control of CPU2. RAM4 stores multiple records related to diagnostic information. Flash memory5 is a storage medium that has the characteristic of being able to retain data even when the power supply is cut off, and stores data used in the control of CPU2. Flash memory5 stores multiple records related to diagnostic information. 【0014】 The CPU 2 writes the records stored in the RAM 4 to the flash memory 5 in record units. The diagnostic information stored as records in the RAM 4 may be only the diagnostic information for which an abnormality has been determined, or may be both the diagnostic information for which a normal determination has been made and the diagnostic information for which an abnormality has been determined. Further, the diagnostic information includes, for example, comparison information indicating the comparison result between the detected value and a predetermined threshold value, log information indicating the operating state, and the like. 【0015】 The input / output circuit 6 includes, for example, an A / D converter, a D / A converter, a D / D converter, etc., and has an input / output function for analog signals and digital signals with respect to sensors, switches, actuators, etc. The communication interface circuit 7 includes, for example, a CAN transceiver, etc., and controls data communication with the in-vehicle network 9. 【0016】 A connector 12 to which a communication cable 11 connected to the diagnostic tool 10 is detachably connected is connected to the in-vehicle network 9. By connecting the diagnostic tool 10 and the connector 12 via the communication cable 11, the diagnostic tool 10 is communicably connected to the ECU 1 via the in-vehicle network 9. 【0017】 The diagnostic tool 10 is configured such that a CPU 13, a ROM 14, a RAM 15, a flash memory 16, a display 17 having a touch panel function, and a communication interface circuit 18 are interconnected via a communication bus 19. 【0018】 The CPU 13 reads the control program stored in the ROM 14 and controls the operation of the diagnostic tool 10 by performing data transfer, calculation, processing, control, management, etc., according to the read control program. The RAM 15 is a storage medium that has the characteristic of losing data when the power supply is cut off, and temporarily stores data for the CPU 13's control. The flash memory 16 is a storage medium that has the characteristic of being able to retain data even when the power supply is cut off, and stores data for the CPU 13's control. The display 17 accepts operation input from the operator operating the diagnostic tool 10 via a touch panel and displays various information. The communication interface circuit 18 includes, for example, a CAN transceiver, and controls data communication with the in-vehicle network 9. 【0019】 In the diagnostic tool 10, when the CPU 13 receives an operation input from the operator via the touch panel requesting to clear diagnostic information while the diagnostic tool 10 is connected to the ECU 1 via the in-vehicle network 9 for data communication, it causes the clear request to be sent from the communication interface circuit 18. In the ECU 1, when the CPU 2 receives the clear request sent from the diagnostic tool 10 via the in-vehicle network 9 through the communication interface circuit 7, it clears the record stored in RAM 4, sends a response to the diagnostic tool 10, and writes that record to the flash memory 5. The above is an example of when a clear request sent from the diagnostic tool 10 is received by the communication interface circuit 7 via the in-vehicle network 9, but for example, if a clear request occurs from within the ECU 1, the record stored in RAM 4 is cleared and that record is written to the flash memory 5. 【0020】 As shown in Figure 2, CPU2 sets a record-specific clear ID and a unified clear target record ID (hereinafter referred to as the unified ID) for centrally managing the clear IDs in RAM4 and flash memory5, respectively. That is, the clear ID is an ID assigned to each of multiple records, while the unified ID is an ID assigned to multiple records in common. CPU2 uses the clear ID and the unified ID to manage the clear state of records in RAM4 and the write state of records to flash memory5. Although three records A to C are shown as an example in Figure 2, the number of records is not limited to "3". 【0021】 Next, the operation of the above-described configuration will be explained with reference to Figures 3 to 11. In ECU1, CPU2 performs diagnostic information clearing and re-clearing in the event of a power outage. Each process will be explained in detail below. 【0022】 (1) Clearing diagnostic information (see Figure 3) When CPU2 determines, for example, that a clear request sent from the diagnostic tool 10 has been received by the communication interface circuit 7 via the in-vehicle network 9, it starts the diagnostic information clearing process. When CPU2 starts the diagnostic information clearing process, it updates the centralized ID of RAM4 (S1). Specifically, CPU2 updates the centralized ID of RAM4 from "0" to "1". 【0023】 When CPU2 updates the centralized ID in RAM4, it writes the centralized ID to flash memory 5 (S2). Specifically, CPU2 updates the centralized ID in flash memory 5 from "0" to "1". 【0024】 CPU2 initiates the RAM clearing and clear ID update for the target record (S3), and completes the RAM clearing and clear ID update for the target record (S4). Specifically, CPU2 updates the clear ID of the RAM cleared target record from "0" to "1". 【0025】 CPU2 sends a response to the diagnostic tool 10 (S5) and performs diagnostic information determination processing for each record (S6). CPU2 performs the writing process for each record to the flash memory 5 (S7) and determines whether or not the writing of each record to the flash memory 5 is complete (S8). 【0026】 If CPU2 determines that it has not finished writing the record to flash memory 5 (S8: NO), it returns to step S6 and repeats steps S6 onward. If CPU2 determines that it has finished writing the record to flash memory 5 (S8: YES), it terminates the diagnostic information clearing process. 【0027】 The transitions in the state of the storage areas in RAM4 and flash memory5 during the diagnostic information clearing process will be explained with reference to Figures 4 to 7. 【0028】 At the start of the diagnostic information clearing process, the state of the memory area is "Memory Area State 1" as shown in Figure 4, where both the unified ID of RAM4 and the unified ID of flash memory5 are "0". In step S1, the state of the memory area is "Memory Area State 2" as shown in Figure 4, and CPU2 updates the unified ID of RAM4 from "0" to "1". 【0029】 In steps S2 and S3, the state of the memory area is "Memory Area State 3" as shown in Figure 5, and CPU2 updates the unified ID of flash memory 5 from "0" to "1". In steps S4 and S5, the state of the memory area is "Memory Area State 4" as shown in Figure 5, and after CPU2 completes the clearing process of records A to C, it updates records A to C in RAM 4 from "Diagnostic Information Available" to "Diagnostic Information Cleared", and updates the clear ID of records A to C in RAM 4 from "0" to "1". 【0030】 In step S6 of the first loop, i.e., during the diagnostic information determination process for record A, the state of the memory area is "Memory Area State 5" as shown in Figure 6, and CPU2 continues "Memory Area State 4" if there is no update to the diagnostic information. In step S7 of the first loop, i.e., during the writing process of record A to flash memory 5, the state of the memory area is "Memory Area State 6" as shown in Figure 6, and CPU2 updates record A in flash memory 5 from "Diagnostic Information Available" to "Diagnostic Information Cleared," and updates the clear ID of record A in flash memory 5 from "0" to "1." 【0031】 In step S6 of the second loop, i.e., the state of the memory area during the diagnostic information determination process for record B, is "Memory Area State 7" as shown in Figure 7. In this case, since an anomaly was detected after writing record B to flash memory 5, CPU 2 updates record B in RAM 4 from "Diagnostic Information Available" to "Anomaly Detected After Clearing". In step S7 of the second loop, i.e., the state of the memory area during the writing process of record B to flash memory 5, is "Memory Area State 8" as shown in Figure 7. CPU 2 updates record B in flash memory 5 from "Diagnostic Information Available" to "Anomaly Detected After Clearing", and updates the clear ID of record B in flash memory 5 from "0" to "1". 【0032】 (2) Re-clearing process in the event of a power outage (see Figure 8) If CPU2 detects a power outage while performing the diagnostic information clearing process, it starts the re-clearing process for power outages. When CPU2 starts the re-clearing process for power outages, it writes the data from flash memory 5 to RAM 4 (S11). CPU2 compares the clear ID with the unified ID and determines whether there are any records where the clear ID and the unified ID do not match (S12). 【0033】 If CPU2 determines that there are no records where the clear ID and the unified ID do not match (S12: NO), it writes each record to flash memory 5 (S14) and terminates the re-clear process in case of power failure. On the other hand, if CPU2 determines that there are records where the clear ID and the unified ID do not match (S12: YES), it clears the RAM of the target record and updates the clear ID (S13), returns to step S12, and repeats steps S12 and beyond. 【0034】 The transition of the memory area in RAM4 and flash memory 5 during the re-clearing process when a power outage occurs will be explained with reference to Figures 9 and 10. The state of the memory area at the start of the re-clearing process when a power outage occurs is "Memory Area State 9" as shown in Figure 9, and CPU2 initializes RAM4. The state of the memory area in step S11 is "Memory Area State 10" as shown in Figure 9, and CPU2 writes the data from flash memory 5 to RAM4, matching the state of records A to C in RAM4 with the state of records A to C in flash memory 5. In this case, in "Memory Area State 10", the unified ID of RAM4 is "1", and the clear ID of record B in RAM4 is "1", so the clear ID of record B and the unified ID match. However, the clear ID of record C in RAM4 is "0", so the clear ID of record C and the unified ID do not match. 【0035】 In steps S12 and S13, the state of the memory area is "Memory Area State 11" as shown in Figure 10. In this case, as described above, in "Memory Area State 10", the CPU2 can distinguish between record B and record C because the clear ID and unified ID of record B in RAM4 match, but the clear ID and unified ID of record C do not match. The CPU2 performs a clear process on record C as the target record to prevent unintended deletion of diagnostic information in the event of a power outage. Once the CPU2 has completed the clear process for record C, it updates record C in RAM4 from "Diagnostic Information Available" to "Diagnostic Information Cleared" and updates the clear ID of record C in RAM4 from "0" to "1". 【0036】 In step S14, the state of the memory area is "Memory Area State 12" as shown in Figure 10. The CPU 2 updates record C of flash memory 5 from "Diagnostic Information Available" to "Diagnostic Information Cleared," and updates the clear ID of record C of flash memory 5 from "0" to "1." 【0037】 In the configuration described above, records are written to the flash memory 5 in the order of their record IDs. As shown in Figure 11, for example, consider a case where five records A to E are targeted, and the record IDs are assigned in the order of record A, record B, record C, record D, and record E. In this case, even if an anomaly is detected in record E after writing record A and then record B, record C will be written next, followed by record D, and finally record E will be written. 【0038】 As described above, the first embodiment provides the following advantages and benefits. In the ECU1, a record-specific clear ID and a unified ID for centrally managing the clear IDs are used to manage the clear state of records and the write state of records to the flash memory 5. By comparing the clear ID and the unified ID when a power outage occurs, it is possible to distinguish between uncleared records and records where an anomaly was detected after the clearing process, thus avoiding the deletion of records where an anomaly was detected after the clearing process. By using a record-specific clear ID, the scope of impact of the semi-persistent processing problem of record clearing can be limited to one record. This prevents the unintended deletion of diagnostic information when a power outage occurs, and appropriately reduces the scope of impact when writing the clear ID to the flash memory 5 fails. 【0039】 (Second Embodiment) The second embodiment will be described with reference to Figures 12 to 13. The first embodiment is configured to write records to the flash memory 5 in the order of the record IDs, but the second embodiment is configured to write the record in which the anomaly was detected to the flash memory 5 as a priority if an anomaly is detected during the writing of a record to the flash memory 5. 【0040】 In this case, when CPU2 performs a diagnostic information determination process for each record during the diagnostic information clearing process (S6), it determines whether or not an abnormality has been detected (S21). If CPU2 determines that no abnormality has been detected (S21: NO), it proceeds with the steps from S7 onwards described above. If CPU2 determines that an abnormality has been detected (S21: YES), it writes the record in which the abnormality was detected to the flash memory 5 as a priority (S22), and then proceeds with the steps from S7 onwards described above. 【0041】 As shown in Figure 13, for example, consider a case where five records A to E are targeted, and record IDs are assigned in the order of record A, record B, record C, record D, and record E. In this case, if an anomaly is detected in record E after writing record A and then record B, unlike the first embodiment described above, the anomaly detected record E is written first, followed by record C, and finally record D. 【0042】 As described above, the second embodiment provides the following advantages and benefits. In the ECU1, if an abnormality is detected while writing a record to the flash memory 5, the abnormal record is prioritized for writing to the flash memory 5. By shortening the time from abnormality detection to record writing, it is possible to prevent the erasure of the abnormality detection in the event of a power outage. 【0043】 (Other embodiments) This disclosure is described in accordance with the embodiments, but it is understood that this disclosure is not limited to such embodiments or structures. This disclosure also includes various modifications and variations within the equivalence. In addition, various combinations and forms, as well as other combinations and forms that include only one, more, or fewer of those elements, fall within the scope and concept of this disclosure. 【0044】 The control unit and its method described herein may be implemented by a dedicated computer provided by configuring a processor and memory programmed to perform one or more functions embodied by a computer program. Alternatively, the control unit and its method described herein may be implemented by a dedicated computer provided by configuring a processor by one or more dedicated hardware logic circuits. Alternatively, the control unit and its method described herein may be implemented by one or more dedicated computers configured by a combination of a processor and memory programmed to perform one or more functions and a processor configured by one or more hardware logic circuits. Furthermore, the computer program may be stored as instructions executed by the computer on a computer-readable non-transitional tangible recording medium. [Explanation of Symbols] 【0045】 In the diagram, 1 is the ECU (Electronic Control Unit), 2 is the CPU, 4 is RAM (Volatile Memory), and 5 is flash memory (Non-volatile Memory).

Claims

[Claim 1] A volatile memory (4) capable of storing multiple records related to diagnostic information, A non-volatile memory (5) on which the record stored in the volatile memory is written, The system includes a control unit (2) that, upon receiving a clear request, clears the record stored in the volatile memory and writes the record to the non-volatile memory, The control unit is an electronic control device that manages the clear state of a record and the write state of a record to a non-volatile memory, using a clear ID for each record and a unified ID for centrally managing the clear IDs. [Claim 2] The control unit writes the records to the non-volatile memory in the order of the record IDs, as described in claim 1. [Claim 3] The electronic control device according to claim 1, wherein if the control unit detects an abnormality while writing the record to the non-volatile memory, it prioritizes writing the record in which the abnormality was detected to the non-volatile memory.

Images