1. Field of the Invention
The present invention relates to a method and device for changing and/or for writing in or reprogramming data and/or programs in at least one memory of a computer system, especially in a memory of a control unit for control of operations in a motor vehicle.
2. Prior Art
A method for changing operation of a control unit of a motor vehicle is known from European Patent Document EP 0 664 387 B1. In order to change the resident program in the control unit program information is read out and stored. This program information is stored as a program reference information. The memory region used for this program and program information is then erased and subsequently reprogrammed. The stored program reference information is written in as new program information and subsequently the new program is loaded. A power supply fluctuation or a power supply failure cannot lead to a loss of information because of the generation of program reference information. Regions to be backed up must be written from outside the control unit by means of a second control unit or programming device. Similarly backup copies must be permanently stored, since they will be required in case of a power supply fluctuation or failure so that the programming process can be repeated.
In addition a method for complete reprogramming of an electronically erasable, non-volatile memory in a control unit, particularly for a motor vehicle, is disclosed in German Patent Application DE 43 32 499 A1. The programming process operates without the use of a no longer changeable ROM. The erasable non-volatile memory is divided into at least two separately erasable, non-volatile memory sections, in each of which a program module is written. Because of the division into two separate sections it is possible to completely repeat this programming process in the event of a voltage failure prior to completion of the programming process between the data terminal and the motor vehicle, since the program module is quasi-doubled in the programmable non-volatile memory, and is present also in each separate memory section. Thus if one of these memory sections is erased an intact separate program module is present in the other section. A complete reprogramming only is disclosed in this patent document, but two-part programming is not disclosed and a suggestion of additional program parts and/or routines without erasing the original programs or program routines is not present. Thus copies must be stored for security or reliability reasons, since an interruption, e.g. due to a supply voltage failure, requires a complete reprogramming. This reprogramming also does not run automatically, but must be predetermined and/or controlled from outside of the control unit.
Various methods are known to detect data errors, for example due to erroneous memory or programming steps. Moreover the data and/or programs must be prepared in an error code or error detection code in which redundant information for error detection is included as well as the actual data or program information. Such information includes for example parity bits which allow error detection by check sum formation, such as cross-sums and/or longitudinal sum formation (even parity check). Additional linear and/or cyclic testing methods with Hamming Code, BCH Code (Bose, Chandhuri, Hocquenghem) and Abramson Code are known. The cyclic redundancy check (CRC), in which block-wise test bytes are produced just according to the CRC test process from the data and/or programs, also from the information entities to be read in and/or copied and/or erased, should be included in these testing methods. In a few of these methods error correction occurs as well as error detection, which however relates only to the respective individual detected error. Since the respective test signals are generated according to certain predetermined rules, errors, which do not fit these predetermined rules, are not detected. Because of this error detection and subsequent correction are not completely guaranteed by these methods. On the other hand, the probability that an undetectable error occurs is very slight, but not all errors are detected and thus not all errors can be corrected. Moreover larger data and program sections may be lost, for example because of a voltage interruption occurs during a programming process, of course an error detection without error correction can be performed, since the correction may only take place for individual errors in this testing process.
It has been shown that the above-described method may not provide optimum results in all respects. Thus region of the memory worthy of protection or the entire memory contents must be completely rewritten from outside of the control unit in case of some error. No automatic reduplication of the uncompleted region of the memory due to the interference or interruption; also this requires that a complete programming be performed from outside of the control unit. Because of that copies of data and programs are deposited in the above-described process for security and reliability purposes. Occurring errors that are undetected by the methods for error testing then are not corrected, even if another error is detected in the concerned memory region. Correction of the entire memory region is not performed without a complete reprogramming.
It is an object of the present invention to provide a method for changing the memory contents of a control unit, which on the one hand performs reliably, i.e. is robust, in the presence of any type or interruption or interference at an arbitrary point in time and, on the other hand, with which a predetermined initial situation can be automatically reproduced.
This object is attained, in part, when a program core or basic program section is used which is stored in memory in such a manner that it is unchangeable, whereby an arbitrary start of the programming method according to choice and a performance of the method according to the invention is automatically guaranteed and performable.
Furthermore the possibility of incomplete error correction should be eliminated in the case of the undetectable errors present, even though the probability of those errors is very slight. This object is attained when the entire memory section or region in which errors are detected is automatically reconstructed so that the undetected errors are corrected at the same time.
Besides this advantage the method according to the invention as claimed in the claims appended hereinbelow has additional advantages.
A subsequent completion of the original data and/or program is always possible using at least one first routine and at least one second or additional routine. This is guaranteed by a definite division of the memory regions whereby it is possible to produce a reliable copy in a memory region or section other than the original region or section prior to erasing and/or copying and/or reading in data and/or the programs or program routines from it within the computer system.
The method according to the invention is designed so that additional program routines (added routines) and/or data which can be backed up or restorable memory regions are automatically restored or backed up in the case of error and/or rewritten and/or the originally started operation is restarted or reinitialized.
Besides the backed up copy of the data and/or program routines which can be backed up can be rewritten after the erasure of the original data or the backup copy and, in the case of the routines controlling the programming, can be erased when the programming process is successfully performed, wherein it need not be stored permanently in both cases. The backup region for the data and/or programs or routines can normally contain other data and/or programs or routines which cannot be backed up and is erased for the purpose of backing-up. Because of that a larger sized memory is not necessary or additional memory locations are freed.
The first and second routines can be processed separately and/or together optionally. In the case of programming a control device for a vehicle by the control device manufacturer this means that, when i.e. additional routines, e.g. customer-specific programs or routines, are used as second routines, also programs of the vehicle manufacturer, processing can be supported in a programming process which is matches the special individual customer requirements to the vehicle type, locations of use and conditions. Furthermore the additional routines can be brought in at any arbitrary time.
Thus the robust method of the invention provides an automatic reproduction of a predetermined starting state of a memory region or section without external intervention without increasing the memory requirement, which permits a very flexible adjustable programming.
The terms xe2x80x9cprogramxe2x80x9d, xe2x80x9cprogram routinexe2x80x9d and xe2x80x9croutinexe2x80x9d have the same meaning for the purposes of the present application.