German Patent Application No. 195 00 957 refers to a method for controlling technical procedures or processes on the basis of a multitasking-capable real-time operating system. To implement control, a computer program is executed on a computation device, in particular on a microcomputer of a control device for a motor vehicle. The computer program is subdivided into several so-called tasks, each having different priorities assigned to them. This document proceeds from an existing art in which, in the context of execution of the computer program, higher-priority tasks can interrupt lower-priority tasks at any time (so-called preemptive scheduling or preemptive multitasking). In German Patent Application No. 195 00 957, the higher-priority tasks can interrupt the lower-priority tasks only at certain program points defined by a user upon creation of the computer program. The reader is referred expressly to that document regarding the configuration and manner of operation of a multitasking-capable real-time operating system.
It is understood that several computation devices may be disposed (provided) in a computation device network in which the computation devices are interconnected via at least one communication system. A computation device network is used, for example, in a motor vehicle. The use of a computation device network is also used, however, in rail vehicles or aircraft. The communication systems used may be bus systems over which information can be exchanged among the computation devices in accordance with a specific protocol, for example CAN (Controller Area Network), TTCAN (Time-Triggered CAN), or FlexRay.
When the computation devices are used in motor vehicles, the computation devices are embodied as control devices. The individual control devices have different purposes, and control components or functions in the vehicle in open- and/or closed-loop fashion. In the control devices, a computer program is executed in different fixed time interval patterns in order to perform their intended functions. Important or safety-critical computer programs (e.g. to control the fuel injection system of an internal combustion engine) may be executed in fast time interval patterns, whereas less-critical computer programs (e.g. for implementing lambda regulation of an exhaust emissions control system) can run in slower time interval patterns. The fast time interval patterns are also referred to as preemptive time interval patterns. They can interrupt other time interval patterns. The slower time interval patterns are also referred to as cooperative time interval patterns. The preemptive time interval patterns are imposed, i.e. started by hardware timers, whereas the cooperative time interval patterns are started not by timers but by software.
A computer program or specific portions thereof can be in a number of states. When the ignition is shut off, the control device is in a deactivated state in which no supply voltage is applied to the control device. Switching on the ignition causes supply voltage to be applied at least partially to the control device, and it transitions into an active state. Switching on the ignition should also initialize the computer program that is executable on the control device, so that it is ready for execution. In the simplest case, the entire computer program is initialized when the ignition is switched on, and is ready for execution.
As the function inventory of computer programs increases, however, it may happen that not the entire computer program, but only portions thereof are initialized. A partial initialization may be necessary, for example, for time reasons, since the time elapsing between actuation of the ignition and starting of the internal combustion engine must not be so long so that the time between actuation of the ignition and starting of the internal combustion engine is insufficient for initialization of the entire computer program. The initialization can, however, also be deliberately restricted to those portions of the computer program that are needed first. The portions of the computer program not initialized at first can then be partially initialized subsequently, either as required, or as soon as the time necessary therefor is available, or after a definable period of time has elapsed.
In partial initialization, either a further portion of the computer program or the entire remaining portion of the computer program is subsequently initialized. The entire computer program can therefore also be initialized in the context of several partial initializations performed in succession.
It is believed that a requirement for control devices in a control device network is maintenance of communication with the other control devices of the network via the communication system, since otherwise the execution of the computer programs, and therefore the open- and/or closed-loop control tasks of the control devices, are critically disrupted. The common protocols (e.g. CAN, TTCAN, FlexRay) each require a specific time-related behavior. The conversion process in the control device software uses a real-time operating system with fixed time interval patterns in order to represent that behavior. The time-related behavior is constructed on the fixed time interval patterns. Continuous communication requires that the fixed time interval patterns be maintained. As a consequence of the need for fixed time interval patterns in order to maintain communication, those time interval patterns must remain uninterruptedly active for the entire operating period of the control device in a partially initialized state, during subsequent partial initialization, and even after the completion of partial initialization.
Theoretically, a partial initialization would be achievable, for example, by transferring the various functions of the computer program that are subsequently to be initialized, in controlled fashion, from the uninitialized state into the initialized state, with the requirement that the transition must occur in each individual case in such a way that continuous communication is not impaired. Given the size of larger computer programs, with the several hundred functions, several thousand program modules, and several hundred thousand lines of program source code that are present e.g. in motor vehicle control devices, this kind of controlled transfer of each individual function into the initialized state is not achievable with acceptable outlay and within an acceptable period of time.