摘要:
A method for executing safety-relevant and non-safety-relevant software components on a hardware platform comprising a computer, memory and a monitoring component that operates independently of the computer. The safety-relevant software component erects a memory protection against access of a non-safety-relevant function to at least one area of the memory of the safety-relevant function before execution of the non-safety-relevant software component, so that the non-safety-relevant software component does not have access to the areas of the memory being used for safety-relevant components. After the return from the non-safety-relevant component, the memory protection is deactivated and the monitoring function monitors the safety-relevant function for its proper operation.
摘要:
A method for executing safety-relevant and non-safety-relevant software components on a hardware platform comprising a computer, memory and a monitoring component that operates independently of the computer. The safety-relevant software component erects a memory protection against access of a non-safety-relevant function to at least one area of the memory of the safety-relevant function before execution of the non-safety-relevant software component, so that the non-safety-relevant software component does not have access to the areas of the memory being used for safety-relevant components. After the return from the non-safety-relevant component, the memory protection is deactivated and the monitoring function monitors the safety-relevant function for its proper operation.
摘要:
The description relates to a process and a device for controlling internal combustion engines in motor vehicles with at least one microprocessor. Two data records may be written into a first store. An identification signal may be written into a preferred storage cell of each data record.
摘要:
A communication method for transmitting TT Ethernet messages is a distributed real-time system, including a plurality of node computers. Each node computer has an Ethernet controller, which by way of a data line is directly connected to a port of a TTE star coupler, said port being uniquely associated with the node computer. A plurality of TTE star couplers are connected among each other by way of one or more data lines to form a TTE network. A TTE message scheduler dynamically calculates the conflict-free schedules for a number of time-controlled messages and signs the schedule provided for each node with a secret part of a public-key signature before it transmits said schedule to the corresponding node computer. Each node computer integrates the signed periodic schedule, which is transmitted to the node computer in the form of a TTE message header of an ETE message, into each dynamically calculated TTE message. The TTE star couplers check whether each dynamically calculated TTE message contains an authentically signed schedule.
摘要:
The aim of the present invention is that of establishing a fault-tolerant global time in a fault-tolerant communication system of a distributed real-time system. For this purpose, a fault-tolerant message switching unit is provided, which is composed of four independent switching units. These four independent switching units jointly establish a fault-tolerant time. The terminal systems are connected to a fault-tolerant message switching unit via two independent fail-silent communication channels, so that the clock synchronization and network connections are preserved, even if a part of the fault-tolerant switching unit or of a communication channel fails.
摘要:
The invention relates to a method for transmitting messages via a time-controlled communication system (ZK) between a number of IP cores, with each IP core having an information-processing subsystem (IVS) and a network controller (NK), with each NK having at least two interfaces, an interface for the ZK and a second interface for the IVS, characterised in that a distinction is drawn between privileged and non-privileged messages of the ZK, and where the transmission parameters relating to the ZK of a port of the NK, such as the periodically recurring transmission time of a time-controlled message and the maximum transmission duration after each transmission time, can be set exclusively by a privileged message via the ZK or directly by a privileged entity (privileged IP core), and where each NK intends to send a message starts to transmit the message autonomously exactly at the time of the next transmission time, and ends the transmission process at the latest after the assigned maximum transmission duration has elapsed. The invention additionally relates to a system-on-chip (SoC) for carrying out a method such as this.
摘要:
The invention relates to a method for fault identification in a System-on-Chip (SoC) consisting of a number of IP cores, wherein each IP core is a fault containment unit, and where the IP cores communicate with one another by means of messages via a Network-on-Chip, and wherein an excellent IP core provides a TRM (Trusted Resource Monitor), wherein a faulty control message which is sent from one non-privileged IP core to another non-privileged IP core is identified and projected by an (independent) fault container unit, as a result of which this faulty control message cannot cause any failure of the message receiver.
摘要:
The invention relates to a method for fault identification in a System-on-Chip (SoC) consisting of a number of IP cores, wherein each IP core is a fault containment unit, and where the IP cores communicate with one another by means of messages via a Network-on-Chip, and wherein an excellent IP core provides a TRM (Trusted Resource Monitor), wherein a faulty control message which is sent from one non-privileged IP core to another non-privileged IP core is identified and projected by an (independent) fault container unit, as a result of which this faulty control message cannot cause any failure of the message receiver.
摘要:
A method for transmitting messages via a time-controlled communication system (ZK) between a number of IP cores is provided. Each IP core has an information-processing subsystem (IVS) and a network controller (NK). Each NK has at least two interfaces, one for the ZK and a one for the IVS, wherein a distinction is drawn between privileged and non-privileged messages of the ZK, and where the transmission parameters relating to the ZK of a port of the NK, such as the periodically recurring transmission time of a message and the maximum transmission duration after each transmission time, can be set by a privileged message via the ZK or directly by a privileged entity. Each NK intending to transmit a message starts to transmit the message autonomously exactly at the time of the next set transmission time and interrupts the transmission process no later than the assigned maximum transmission duration has elapsed.
摘要:
A special node is used in a distributed time-triggered cluster. The special node comprises protocol functionality to establish a time base to use in communicating with a plurality of end nodes and to source timing-related frames to the plurality of end nodes in accordance with the distributed time-triggered communication protocol. The protocol functionality establishes the time base without regard to any timing-related frame sourced from any of the plurality of end nodes. In one embodiment, the protocol functionality of the special node is implemented in a low complexity manner. In one embodiment, the cluster comprises a star topology and the special node performs at least one of semantic filtering and rate enforcement. In another embodiment, the cluster comprises a bus or peer-to-peer topology and each end node is coupled to the communication channel using a low-complexity special local bus guardian.