1. Field of the Invention
The present invention relates to a method for diagnosing functional faults of a functional architecture. The said architecture may be composed of a set of functions associated with electronic components (Ani; Cni; UCEn; B) that produce and consume data, at least one of the said data (xi) being able to assume a predetermined particular value (xip) following the development of a functional fault of at least one of the components (Ani; Cni; UCEn; B) of the said set.
2. Discussion of the Background
There are known assemblies of electronic systems of this type, designed in particular as equipment for motor vehicles. Such a vehicle is commonly provided with a plurality of systems, each ensuring the execution of a service such as control of the engine that powers the vehicle, the management of the passenger-compartment air conditioning, the management of the interactions of the vehicle with the ground (brakes, suspension, etc.) and the management of telephone communications.
The hardware components of the assembly of such systems, for a vehicle, for example, have been illustrated schematically in FIG. 1 of the attached drawing. These components comprise substantially electronic control units or “calculators” UCEm, each calculator being connected if necessary to sensors Cni and to actuators Amj, all calculators being connected to at least one and the same bus B, on which they can send or receive information streams, which may be multiplexed, for example, originating from or destined for other calculators connected to bus B.
This multiplexing is achieved in particular, as is well known for the CAN bus, for example, by introducing the information streams in question into messages having the form of digital signal frames.
As an illustrative example, “engine control” system S2 comprises calculator UCE2, a plurality of sensors C2i sensitive to variables such as the speed of the engine, which may be an internal combustion engine, for example, the pressure at the intake manifold of this engine, the outside air pressure, the temperature of the engine-cooling water, the air temperature and the battery charge level, as well as a plurality of actuators A2j. Calculator UCE2 is duly programmed to execute a plurality of engine-control functions such as: regulation of idling speed, regulation of the richness of the air/fuel mixture, adjustment of the ignition advance of this mixture and recirculation of the exhaust gases. To accomplish this, calculator UCE2 exploits the information streams arriving from the aforesaid sensors C2i and creates control signals for actuators A2j, which are composed of an additional air control valve and a spark-plug ignition coil for the “idling-speed regulation” function, a fuel injector for the “richness regulator” function, the same ignition coil for the “ignition advance” function and a valve for the “recirculation of exhaust gases” function.
The other “services” cited in the foregoing, such as “passenger-compartment air conditioning” and “interaction with the ground” are executed by architecture systems analogous to that presented in the foregoing for engine control.
All these systems communicating on one and the same bus B comprise a multiplexed network. It is therefore conceivable that a plurality of functions associated with different systems can exploit information streams originating from the same sensors, for example, which avoids costly redundancies in the structure of the assembly of systems. The use of a multiplexed network also permits a very large reduction in the length of the electric lines interconnecting the different elements of the assembly. Such a multiplexed assembly also permits the mapping of non-traditional and possibly complex functions, sometimes involving a plurality of systems and for this reason known as “cross-functional”. As an illustrative and non-limitative example, the detection of an “airbag deployed” information stream, meaning that the vehicle has suffered a collision, can then be processed in such a way that an emergency call is sent out by a mobile telephone device on board the vehicle.
Another step in the design of electronic systems is the analysis of functional safety, comprising identifying feared incidents such as a burst tire, a functional fault of a sensor essential to a critical function, a functional fault of an actuator, such as a brake actuator, in order to improve the safety and to specify reduced modes of operation if necessary.
It is noted that a safe functional system is a system that on the one hand diagnoses certain feared incidents in order to implement reduced modes of operation, and on the other hand is tolerant to undiagnosed feared incidents on the basis of the analysis of functional safety.
From French Patent Application No. 01-15819, filed by the Applicant and incorporated here by reference, there is known the notion of particular value and the use thereof in a method for diagnosing functional faults of an assembly of electronic systems.
However, this said method is applicable only to a given embodiment of a functional architecture, and it cannot be reused for another embodiment.