The present application generally relates to a processor architecture, and particularly to facilitate uninterrupted data availability during failure in a redundant micro-controller unit (MCU) based system.
Increasing vehicle safety requirements are driving system redundancy to achieve higher safety levels. Redundancy is typically achieved by proliferation of control system, to the extent of having redundant microcontrollers. However, using a system with redundant microcontrollers introduces multiple complexities in operation of the vehicle, including intra-vehicle communication using network bus such as a controller area network (CAN) bus such as a public CAN bus.
Typically, 2 MCUs are connected on the public CAN bus with multiple architectures for communicating the data that each of the MCU communicates. In one or more examples, both MCUs are connected to 2 different CAN buses and the same information is sent across both buses all the time. In this case, there will be no issue if one of the MCU fails as CAN information is redundantly available on the other CAN bus. But in this case, bus bandwidth is not utilized optimally because of the redundancy in CAN messages. Accordingly, in another approach, between the two MCUs, one MCU is used as a back-up for the other MCU. The back-up MCU sends CAN messages in the event of failure of the other MCU. Accordingly, a suitable methodology is required to identify an MCU failure and/or an MCU-CAN interface failure, and immediately activate the back-up MCU to take control of the CAN bus. The technical problems posed here include, robust detection of a CAN failure, smooth and quick switchover of CAN, smooth return of CAN bus control to the original MCU. Additionally, it is to be ensured that both the MCUs are not communicating together.