The present invention relates to a method for operating a controller processing at least one input data into at least one output data with an algorithm.
The following discussion of related art is provided to assist the reader in understanding the advantages of the invention, and is not to be construed as an admission that this related art is prior art to this invention.
Controllers are widely known in the art, for example in terrestrial vehicles and/or aircrafts, but also in medical technology. Such controllers are normally associated with specific functions and process input data, such as sensor signals and/or processed sensor data, into output data with an algorithm, wherein the output data are used for other control purposes, and are transmitted, for example, via a bus to an actuator, directly causing an intervention in a vehicle, for example a braking intervention or like, and/or can be further processed by intermediate controllers in order to determine the need for an intervention, i.e. a control command to an actuator.
Controllers are often used for safety-critical information, for example in motor vehicles as controllers of safety systems and autonomous or semiautonomous driver assistance systems. Safety-critical functions are functions that endanger to a (considerable) extent the overall safety of the device in which the controller is provided, for example a motor vehicle. Therefore, standards exist to meet safety and plausibility requirements of the output data of the controllers. For example, the ISO 26262 standard (“road vehicles—functional safety”) was created for motor vehicles, representing an ISO standard for safety-related electrical and/or electronic systems in motor vehicles. The functional safety of a system with controllers of the inventive type should be guaranteed by implementing the standard.
It is known in the prior art to use test purposes for safety-critical functions in controllers to detect errors in the determination of the output data prior to their possibly defective re-utilization. These measures are usually intended to recognize random errors, such as “single-bit errors” (SBE) or “single event upsets” (SEU), and to thus prevent safety-critical situations in the event of an error. For example, electronic failures should be prevented in an automatic emergency braking system from triggering unnecessary emergency braking.
Specifically, it is known to implement the employed hardware and/or the employed software twice at critical points (e.g. lockstep) so as to be able to recognize electronic errors by redundant computation. For example, it has been proposed to provide at least one additional processor which likewise determines the at least one output data, in particular with a slight delay, optionally by using a different algorithm, and invisible to the user. When the output data do not match, an error is assumed. Test measures may also include cyclic self-tests of the involved hardware components, and the like.
All of these measures known in the prior art are very resource-intensive at the software level and/or the hardware level, which raises the cost of the controller and lowers the performance of the controller, in particular because more heat is dissipated and a the energy demand is higher due to the additional operating hardware components and additional computation steps. These disadvantages become very pronounced in image-processing controllers. For example, when specific patterns, for example a person, are to be found in images from a camera, a very complex computation process arises, which is frequently divided into a plurality of so-called hypotheses, for example, what is the probability that a person of a certain size is in a specific image area and the like. Because such controllers must be compact, a very large computing power must be implemented in a very small space, ideally with purely passive cooling. Such image-processing controllers are used for example in motor vehicles for evaluating data from a camera recording the area in front of the vehicle.
It would therefore be desirable and advantageous to obviate prior art shortcomings and to provide an improved operating mode for controllers, which can increase the energy efficiency and performance of the controller while maintaining the necessary safety requirements and/or which reduces the costs of the controller.