Such a purely level-oriented concept is complicated both in the case of software structures, the provision of which is distributed among different software suppliers, and in the case of distributed hardware structures, for example in the case of parallel or redundant structures, in which parts of the reliability-relevant functions are carried out in each case. In addition, the EGAS monitoring concept makes provision for independent hardware for monitoring the processor functions of the computer performing the functions. If different functions are carried out by different control devices, an independent hardware mechanism must be provided for monitoring each of these control devices, which results in considerably higher costs being incurred.
In the case of software structures, it has not yet been possible to satisfactorily resolve the synchronization and enabling or implementation of know-how problems, for example interface definitions for defining the monitoring structure. Distributed hardware structures are not yet being used widely, but will become increasingly important in the course of the so-called AUTOSAR initiative (Automotive Open System Architecture).
The grouping of functions, for example, ignition or injection, is at present undertaken in so-called units. In this way, it is for example possible to group together, in an organized manner, into one group called the DRRQ (driver request), the entire functionality concerned with the capture and the diagnosis of the driver's request via the accelerator pedal. This group also comprises the diagnosis of the gas pedal components. Because the function of capturing the driver's request is a reliability-relevant function, there has thus far been one module in a monitoring functional group concerned with the protection of the functions in the DRRQ unit. If the DRRQ functions are now supplied by another manufacturer as a product (black box) or if these functions are carried out in another control device (e.g. carbody controller), the technical and organizational synchronization of monitoring becomes difficult, if not completely impossible, because there are requirements with respect to time, for example real-time criteria, that may be damaged by an exchange of data between the control devices.