The present invention relates to a method for program control of a computer program, having multitasking capability, on a computing element, especially a microprocessor, of a controller for controlling and/or regulating a system. The system may take up various possible system states.
The present invention also relates to a control program for program control of a computer program, having multitasking capability, on a computing element, especially a microprocessor, of a controller for controlling and/or regulating a system. The system may take up various possible system states. The control program is capable of being run on the computing element.
Finally, the present invention also relates to a controller for the control and/or regulation of a system which may take up various possible system states. The controller includes a computing element, especially a microprocessor, on which a computer program having multitasking capability may be run, and means for coordinating the execution of the computer program.
Conventionally, a computer program is used, for example, for controlling and/or regulating a driving dynamics system (a so-called electronic stability program, ESP) of a motor vehicle. The driving dynamics system may take up various possible system states. Possible system states are, for instance, normal operation (ESP_normal), a first limited operation (backup_ABS), in which a vehicle regulator (FZR) of the ESP is not functioning and only one antilock brake system (ABS) is functioning, a second limited operation (backup_EBD), in which only one system for the distribution of braking force (electronic brake distribution, EBD) is functioning, in order to prevent at least over-braking the wheels on the rear axle, and a faulty state (fail-safe), in which all essential safety functions of the ESP, in particular FZR, ABS and EBD have failed. In order to avoid driving situations that are critical to safety, the driver of the motor vehicle is notified, for instance acoustically or optically by the use of warning lights, of the various system states, but at least as regards the states in which only a limited or a faulty functioning still exists. The computer program is executable on a computing element, which is particularly designed as a processor, of a controller for controlling and/or regulating the driving dynamics system.
The conventional computer program for controlling and/or regulating the driving dynamics system is processed cyclically in a specified time pattern, i.e., only in a single time slice. The function references inside the computer program thus take place in a specified sequence, one after another. The sequence is specified so that the input variables of the functions are available before the execution of the latter. In the case of input variables which are computed from other functions, these other functions thus have to be carried out first, before that function can be carried out which needs the input variables computed in the other functions.
In addition, conventionally, one may execute computer programs for controlling and/or regulating a system on an operating system having multitasking capability, and instead of processing the computer program in a single time pattern, one may process it in various time patterns. This means, however, that the functions of the computer program no longer have to be processed in a strictly fixed sequence, but that now other precautions have to be taken so as to ensure that the input variables of the functions are available before the execution of the latter.
Various priorities are allocated to the functions of the computer program. A higher priority is assigned to functions relevant to safety than to other functions. Higher priority functions are carried out in shorter time patterns, i.e., in time patterns which are repeated more frequently, whereas less safety-relevant functions are processed at a lower priority in longer time patterns which are repeated less often. It must particularly be ensured that the input variables of the functions are always present at the right point in time, i.e., a function which is processed, for example, in a 5 ms time pattern and requires input variables from a 40 ms time pattern, is permitted to be executed only after the 40 ms time pattern has been processed, and the required input variables have been computed.