Application of electronic control units in all technical fields, such as in industrial applications as, for instance, in the machine tool field or in automation, as well as in the vehicle field, and the networking of these control units, particularly in safety-relevant applications such as braking functions in the motor vehicle, e.g., ABS or ESP, steering functions or even transmission shifting functions as well as engine control functions, raise the problem of the safe operation of such a distributed system.
In this context, especially in the motor vehicle field, mixed mechanical/electronic (“mechtronic”) systems are used these days. Today's mechatronic systems monitor the function of the system automatically, in that, for instance, redundancy is built in. In this context, the usual systems include, for each control unit or subsystem, two processors that compute the functions and then compare the results. If there is a difference in the results, a fault is deemed to have appeared, and measures relevant to safety are able to be initiated. In this context, the second processor is often designed to be more low-powered. In such a case, this second processor rechecks only selected sub-ranges, and compares them to the actual functional computer, as is described, for example, in published German patent document DE 195 00 188.
Transmitted to a distributed system means that each control unit of the subsystem is itself constructed so that it is able to automatically detect a fault, and then initiates fault-handling measures, that is, each subsystem is itself constructed redundantly for ascertaining the results. To produce the redundancy in the self-monitoring control units, these have to be constructed in a very costly manner, and components have to be integrated which would not be strictly necessary for the actual functioning of the control unit.
It is an object of the present invention to reduce this monitoring expenditure for each individual subsystem.