A lot of vehicle control systems in recent years comprise ECUs controlling computerized vehicle control devices (i.e. Electronic Control Unit) and in-vehicle LANs (Local Area Network) that enable communications between ECUs. CAN (Controller Area Network) is one of such in-vehicle LANs and is widely used.
Along with increase in demands for reducing environmental burden or for security, vehicle control systems are in the process of highly functionalized, distributed, and complicated. Similarly, failsafe (FS) controls that change the vehicle control system into safe states in cases of sensor failures or actuator failures are also in the process of distributed and complicated. For example, an ECU that controls actuators operating the car measures the behaviors of the actuators using sensors, and determines whether failures have occurred according to the measured result. The ECU determining the failure or an ECU receiving the determination result performs failsafe controls according to the failure determination.
In vehicle control systems, system configurations and actuators or sensors connected to ECUs are different according to car types, destinations of product, or functions selected by the user when buying the car. ECUs determine types of failsafe controls to be performed based on failure information of actuators or sensors, or frequency of failures within a predetermined timespan.
Accordingly, for each time when actuators, sensors, or diagnosis devices are changed according to car types, destinations of product, or functions selected by the user when buying the car, it is necessary to newly develop failsafe software performing failsafe controls. Therefore, there is a demand to effectively develop failsafe software.
The technique described in Patent Literature 1 listed below, by designing diagnosis programs with object-oriented techniques, intends to configure the diagnosis programs so that it is only necessary to modify corresponding objects even if components such as actuators or sensors are changed.
The technique described in Non Patent Literature 1 listed below modularizes software by unit of function depending on microcomputer or by unit of control process for sensors or actuators. Thus it is expected that it is only necessary to modify corresponding modules without modifying other modules to address hardware changes, even if hardware (HW) such as microcomputers is changed.