Patent Application
20130055038
The present invention is related to a computing unit abnormality determining apparatus and a computing unit abnormality determining method of determining whether there is an abnormality in a computing unit.
An arithmetic unit is known which makes a calculating unit calculate a predetermined arithmetic problem at a predetermined monitoring cycle and acquires the calculation results of the calculating unit, and determines whether the arithmetic processing is normally performed by comparing the calculation result with an answer set in advance with respect to the arithmetic problem (see Patent Document 1, for example). Further, Patent Document 1 discloses a configuration in which a single microcomputer performs an arithmetic monitoring routine in addition to a main control routine and a run-pulse generating routine. According to the configuration, the microcomputer performs the arithmetic monitoring process to perform self-determination whether the arithmetic processing for the controlling processes of the main control process is normally performed, and suspends the execution of the main control process based on the determination result.
[Patent Document 1] Japanese Patent No. 4003420 (FIG. 7(b))
According to the configuration disclosed in Patent Document 1, it is necessary to perform the comparison operation when the calculation result is compared with an answer set in advance with respect to the arithmetic problem. However, if the comparison operation is not normally performed, an erroneous determination result may be output.
Therefore, an object of the present invention is to provide a computing unit abnormality determining apparatus and a computing unit abnormality determining method which can determine with high accuracy whether there is an abnormality in a computing unit by determining whether there is an abnormality in a comparison operation.
In order to achieve the object described above, according to an aspect of the present invention, a computing unit abnormality determining apparatus is provided which determines whether there is an abnormality in a computing unit. The computing unit abnormality determining apparatus includes:
a comparison operation abnormality determining part configured to perform a comparison operation using the computing unit to determine whether there is an abnormality in the comparison operation; and
an arithmetic/logical operation abnormality determining part configured to perform an arithmetic/logical operation of a predetermined operational expression using the computing unit, the predetermined operational expression including at least one of an arithmetic operation and a logical operation, and compare an operational result obtained by the arithmetic/logical operation with a corresponding stored value of a correct value to determine whether there is an abnormality in the arithmetic/logical operation.
According to an aspect of the present invention, a computing unit abnormality determining method of determining whether there is an abnormality in a computing unit is provided. The computing unit abnormality determining apparatus includes:
performing a comparison operation using the computing unit to determine whether there is an abnormality in the comparison operation; and
performing an arithmetic/logical operation of a predetermined operational expression using the computing unit, the predetermined operational expression including at least one of an arithmetic operation and a logical operation, and comparing an operational result obtained by the arithmetic/logical operation with a corresponding stored value of a correct value to determine whether there is an abnormality in the arithmetic/logical operation.
According to the present invention is to provide a computing unit abnormality determining apparatus and a computing unit abnormality determining method can be obtained which can determine with high accuracy whether there is an abnormality in a computing unit by determining whether there is an abnormality in a comparison operation.
021 CPU
In the following, the best mode for carrying out the present invention will be described in detail by referring to the accompanying drawings.
The electronic arithmetic unit 10 includes a microcomputer 20 and a power supply IC 30, as illustrated in
The microcomputer 20 includes a CPU (Central Processing Unit) 21. The CPU 21 includes an ALU (Arithmetic and Logic Unit) 22 which performs arithmetic and logical operations, a PSU (Program Status Unit) 24, a BSF (Barrel Shifter) 26 which performs a shifting operation, etc. Further, the microcomputer 20 includes a port 28 for outputting a watchdog cancel signal (WDC) to the power supply IC 30.
The power supply IC 30 is provided outside of the microcomputer 20, and is connected to the microcomputer 20. The power supply IC 30 includes a watchdog timer (WDT) 32, an abnormality detecting part 34 configured to detect an abnormality in the microcomputer 20, and a reset part (RST) 36 configured to output a reset signal which causes the microcomputer 20 to be reset when the abnormality in the microcomputer 20 is detected by the abnormality detecting part 34. The abnormality detecting part 34 may determine whether there is the abnormality in the microcomputer 20 based on the monitoring result by the WDT 32 which monitors the WDC sent from the microcomputer 20. For example, the abnormality detecting part 34 causes the microcomputer 20 to be reset via the reset part 36 if there is no reversed WDC within a certain time period, there is an abnormality in the reverse frequency (i.e., the pulse width) of the WDC, or the like. It is noted that the reset part 36 may forcefully terminate the microcomputer 20 by the disconnection from the power supply, or may turn the power on again after the disconnection from the power supply.
The monitoring process program illustrated in
The checking parts P and Q for the comparison operations are configured to check the comparison operations based on a comparison operator (==) at the assembler-expanded level. Specifically, the comparison operator (==) is assembler-expanded into two instructions of cmp and bne*, if it is assembler-expanded, and thus the checking is performed on an instruction basis. It is noted that a comparison operator (!=) is assembler-expanded into two instructions of “cmp” and “be*”, if it is assembler-expanded. “cmp” takes a differential between two values, and if the differential is 0 (i.e., match), a zero flag (ZF) is set (ZF=1). “bne” causes the program to branch to the outside of the “if statement” when ZF is equal to 0. “be” causes the program to branch to the outside of the “if statement” when ZF is equal to 1.
Specifically, in the checking part P, the comparison operation based on the comparison operator (==) between the same values is executed. In the illustrated example, in the checking part P, the process is performed such that a differential between “1” and “1” is taken, and if the differential is 0, the zero flag is set (ZF=1), and if ZF is equal to 0, the program is branched to the outside of the “if statement”. If there is no abnormality related to the comparison operation based on the comparison operator (==), when a differential between “1” and “1” is taken, the differential is 0, which causes the zero flag to be set. Then, since ZF is equal to 1, the program is not branched to the outside of the “if statement”.
With respect to the checking part P, branching to the outside of the “if statement” means that there is an abnormality in the comparison operation between the same values based on the comparison operator (==). Therefore, in this case, the WDC is stopped.
In the checking part Q, the comparison operation based on comparison operator (!=) between different values is executed. In the illustrated example, in the checking part Q, the process is performed such that a differential between “s_buf1” and “s_buf2” (both are ROM values) is taken, and if the differential is 0, the zero flag is set (ZF=1), and if ZF is equal to 1, the program is branched to the outside of the “if statement”. If there is no abnormality related to the comparison operation based on the comparison operator (!=), when a differential between “s_buf1” and “s_buf2” is taken, the differential is not 0, which causes the zero flag not to be set. Then, since ZF is equal to 0, the program is not branched to the outside of the “if statement”.
With respect to the checking part Q, branching to the outside of the “if statement” means that there is an abnormality in the comparison operation between the different values based on the comparison operator (!=). Therefore, in this case, the WDC is stopped.
For example, if the circuit portion related to “cmp” is abnormal and an abnormality occurs such that 0 is always output, in the checking part P, the zero flag is set and thus ZF is equal to 1. Thus, the program is not branched to the outside of the “if statement”. On the other hand, in the checking part Q, the zero flag is set and thus ZF is equal to 1. Thus, the program is branched to the outside of the “if statement”. In this way, by providing the checking part Q in addition to the checking part P, the comparison operation based on the comparison operator (==) can be checked accurately at the assembler-expanded level, thereby enabling determining whether there is an abnormality in the comparison operation with high reliability.
In the checking part R for the arithmetic/logical operation, comparison operation is performed to compare an operation result of a predetermined operational expression with the stored value of the corresponding correct value to determine whether there is an abnormality in the arithmetic/logical operation. In this example, the following operational expression is used as a preferred embodiment.
˜(((0x0D×(0x6A>>4))+(0xE7÷(0x6A&0x9E)))|0x0D)==0x92 (1)
It is noted that with respect to the relationship between
It is preferred that the predetermined operational expression includes all types of arithmetic operations and all types of logical operations. With this arrangement, it becomes possible to check whether there is an abnormality in various operations without omission. With respect to the operational expression (1), as illustrated in
With respect to the checking part R, if the operation result of the predetermined operational expression does not correspond to the stored value of the corresponding correct value, the zero flag is not set and thus ZF is equal to 0, which causes the program to branch to the outside of the “if statement”. Branching to the outside of the “if statement” means that there is an abnormality in the operation of the predetermined operational expression. Therefore, in this case, the WDC is stopped.
In this way, according to the monitoring process illustrated in
By the way, if there is no abnormality in the operation in the left side of the operational expression (1), the zero flag is set in the checking part R and thus ZF is equal to 1. Therefore, the program is not branched to the outside of the “if statement”. However, for example, if the circuit portion related to “cmp” is abnormal such that 0 is always output (i.e., different values are determined to be the same values due to an abnormality), the zero flag is set in the checking part R and thus the ZF is equal to 1, even if there is an abnormality in the operation in the left side of the operational expression (1). Therefore, in this case, in the checking part R, the program is not branched to the outside of the “if statement”, even if there is an abnormality in the operation in the left side of the operational expression (1). However, according to the monitoring process illustrated in
In step 600, in the arithmetic/logical operation abnormality determining part 44, the arithmetic/logical operations of the predetermined operational expression are performed. Specifically, the operations of the left side of the operational expression (1) described above are performed. It is noted that the predetermined operational expression is stored in advance in the ROM or the like together with the corresponding answer value. There may be plural predetermined operational expressions prepared. In this case, the predetermined operational expression may be read one by one to be used in a predetermined order.
In step 602, it is checked in the comparison operation abnormality determining part 42 whether the comparison operation is normally performed. This checking process may be executed according to the method described above (see the checking parts P and Q for the comparison operation in
In step 604, in the arithmetic/logical operation abnormality determining part 44, the operation result of the arithmetic/logical operations performed in step 600 is compared with the stored value (i.e., the ROM value) of the corresponding answer value (the right side of the operational expression (1) to check whether the arithmetic/logical operations are normally performed in step 600 (see the checking part R for the arithmetic/logical operation in
In step 606, the WDC is output (reversed). Thus, the microcomputer 20 is not reset.
According to the computing unit abnormality determining apparatus 40 of this embodiment, the following effect among others can be obtained.
According to the computing unit abnormality determining apparatus 40 of this embodiment, as described above, since whether there is an abnormality in the comparison operation is checked at the assembler-expanded level, it is possible to determine whether there is an abnormality in the comparison operation with high reliability. Therefore, the abnormality determination of the arithmetic/logical operation involving the comparison operation can be performed with high accuracy. Further, since it becomes possible for the single microcomputer 20 to determine whether there is an abnormality in itself with high accuracy, a reliable monitoring function can be implemented with a reduced cost by the single microcomputer 20 and the single power supply IC 30. In other words, according to the computing unit abnormality determining apparatus 40 of this embodiment, it becomes possible to reduce the cost while keeping the reliability in comparison with a system in which plural microcomputers monitor each other.
The present invention is disclosed with reference to the preferred embodiments. However, it should be understood that the present invention is not limited to the above-described embodiments, and variations and modifications may be made without departing from the scope of the present invention.
For example, in the embodiments described above, it is possible to additionally check other operations. For example, in the embodiments described above, whether there is an abnormality in the floating-point operation; however, it is possible to perform the checking by incorporating the floating-point operation in the operational expression (1).
Further, in the embodiments described above, as preferable embodiments, the ALU check condition (see
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/JP2010/058069 | 5/12/2010 | WO | 00 | 11/9/2012 |
