In order to comply with requirements for safety-related electronic systems in motor vehicles (e.g. ISO 26262), for safety-related control units in motor vehicles it is necessary that microprocessors and their interface modules and also externally connected functional modules such as e.g. bus drivers, memories, A/D converters etc. either have a safe structural design, i.e. exist redundantly, (=spatial), or are repeatedly checked at runtime (=temporal). The problem here in particular is the protection of memory chips such as e.g. DRAMs. Spatial redundancy is in this case a key cost driver, because full redundancy doubles the chip area, which is uneconomic especially for large datasets. Temporal checking can require extensive time resources for modern vehicle systems, with the FTTI, the time that can be tolerated between the occurrence and detection of a fault, being too long for safety-related data processing systems. A compromise is often used for DRAMs. Instead of holding memory elements redundantly available, ECC/EDC units (error correcting code and error detecting code units) are used to save in standard memory elements in addition to the user data also check data (ECC/CRC), which is automatically generated at the time of saving, and automatically compared at the time of reading. This check data is generated for a defined memory area, which means that there is no need to hold available the entire memory area several times over, and check data only needs to be added to safety-critical areas. This check data encompasses about 25 to 100% of the memory to be protected, depending on the size of the user datum to be written, or encompasses about 12.5 to 20% if the corresponding address data is taken into account in addition to the user data. DE 195 29 434 B4, for instance, describes such a system.
The address information inside this protected memory area is given less weight in favor of a higher error correction performance for the user data. This is achieved by weighting the respective address bits differently in the check-data calculation, with the higher address bits typically being included with less weight. The error detection and correction capability of the check codes with regard to the user data is thus inversely proportional to the size of the protected memory areas. The error detection and/or error correction capability thus decreases as the memory areas to be protected increase. This weighting is implemented by hardware (hard-wired) and sets the basis for the mathematical calculation of the check codes. For modern applications in motor vehicles, the defined memory area may be designed too small, for example, if using known systems only 8 Mbytes would be usable in protected form even though 256 Mbytes are needed. Thus saving program data and/or user data either does not achieve a required safety level or the protected memory area for this is very limited.
The background description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent it is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure.