1. Field of the Invention
The invention relates to a method for operating a microcontroller and an execution unit, which can be coupled to one another, and to an appropriately designed microcontroller and an execution unit for carrying out the method.
2. Prior Art
In safety-related sensor circuits for motor vehicles equipped with a microcontroller, erroneous execution of the program in the microcontroller can result in erroneous processing of sensor data and hence in the transmission of erroneous processed sensor data. For example, these transmitted erroneous sensor data can be processed further in a braking system, such as an ESP or ABS controller, and hence can result in unwanted braking actions, which must be avoided with a high level of certainty.
WO 2005/001690 A2 discloses monitoring the running of the program in a microcomputer. In this case, in addition to the running of the program in the microcomputer, a copy of the program with the input data or test data provided for the program is processed and the output data from the copy are compared with those from the program, and an error message is produced if there is no match. In this connection, the document discloses that after the running of the program and after the running of program parts a respective flag is set or changed and that an error message is produced if not all of the flags are set or changed. This monitoring can be regarded as program flow monitoring. In addition, the document discloses monitoring the running of the program in at least two interconnected microcomputers of an electronic appliance, particularly a sensor circuit for motor vehicles. One microcomputer produces a challenge, which is sent to the other microcomputer here it uses prescribed input data to prompt a program to run and a response dependent on the output data is returned to the first microcomputer. One microcomputer compares the request and the response with one another. This monitoring can be regarded as challenge/response monitoring.