Sujet : Re: Diagnostics
De : antispam (at) *nospam* fricas.org (Waldek Hebisch)
Groupes : comp.arch.embeddedDate : 19. Oct 2024, 03:50:34
Autres entêtes
Organisation : To protect and to server
Message-ID : <vev398$1r4v5$2@paganini.bofh.team>
References : 1 2 3 4
User-Agent : tin/2.6.2-20221225 ("Pittyvaich") (Linux/6.1.0-9-amd64 (x86_64))
Don Y <
blockedofcourse@foo.invalid> wrote:
On 10/18/2024 2:42 PM, George Neuner wrote:
To ensure 100%
functionality at all times effectively requires use of redundant
hardware - which generally is too expensive for a non safety critical
device.
Apparently, there is noise about incorporating such hardware into
*automotive* designs (!). I would have thought the time between
POSTs would have rendered that largely ineffective. OTOH, if
you imagine a failure can occur ANY time, then "just after
putting the car in gear" is as good (bad!) a time as any!
TI for several years has nice processors with two cores, which
are almost in sync, but one is something like one cycle behind
the other. And there is circuitry to compare that both cores
produce the same result. This does not cover failures of the
whole chip, but dramaticaly lowers chance of undetected erros due
to some transient condition.
For critical functions a car could have 3 processors with
voting circuitry. With separate chips this would be more expensive
than single processor, but increase of cost probably would be
negligible compared to cost of the whole car. And when integrated
on a single chip cost difference would be tiny.
IIUC car controller may "reboot" during a ride. Intead of
rebooting it could handle work to a backup controller.
-- Waldek Hebisch