JP2002047998A - Controller for vehicle - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make comparison and judgement of data written per block of a nonvolatile memory to judge whether or not the nonvolatile memory cause a failure in a short time in a controller for a vehicle. SOLUTION: When an instruction to rewrite is given from an external device, new program and data transmitted from the external device are rewritten per block into the nonvolatile memory, and last data in program and data to be written per block is copied into a management block for storage. A comparison means for comparing last data in program and data written per block with last data per block copied into the management block is provided, and a judging means for judging whether last data in program and data written per block and compared with the comparison means is equal to last data per block copied into the management block or not is provided.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a control device for a vehicle, and more particularly to a control device for a vehicle, which is provided with a non-volatile memory which can rewrite a program and data used for controlling an engine and an automatic transmission of the vehicle for each block. The present invention relates to a vehicle control device.

[0002]

2. Description of the Related Art In recent years, a vehicle control device has been installed in a vehicle in order to electronically control an engine, a transmission, and the like. Some of the vehicular control devices include a nonvolatile memory capable of writing and erasing a program and data for each of a plurality of blocks (Japanese Patent No. 28887).
No. 20).

That is, in FIG. 4, reference numeral 202 denotes a vehicle control device (vehicle electronic controller), reference numeral 204 denotes an external device, such as a rewriting device (failure diagnosis tester, personal computer, dedicated device, etc.), and reference numeral 206 denotes a vehicle control device 202. A connector (connection device) for connecting the controller and the rewriting device 204; 208, a vehicle-mounted sensor; 210, an actuator such as a fuel injection valve; and 212, another control device (controller).

The vehicle control device 202 includes a first control communication port 202A for performing data communication with the rewriting device 204, and an optimal control amount for a target control based on a signal from an input processing circuit 202E described later. And outputs a control signal based on the calculation result.
202B and a rewritable nonvolatile memory (ROM) 202C for each block for storing a control program
A control-side RAM 202D for storing data for the control-side CPU 202B to perform an arithmetic operation;
Input processing circuit 202 which receives signals from
And an output control circuit 202F that drives the actuator 210 in response to a control signal from the control CPU 202B.
And a second control-side communication port 202G for performing communication with another control device 212.

The rewriting device 204 includes a rewriting communication port 204A for performing data communication with the vehicle control device 202, a rewriting CPU 204B for performing rewriting control, and a new program for the vehicle control device 202. Storage medium 20 storing data and data files
4C, the rewriting ROM 204D, and the rewriting RA
M204E.

The connector 206 is connected to the vehicle control device 202.
Is connected to the first control communication port 202A and the rewriting communication port 204A of the rewriting device 4.

As a result, in the vehicle control device 202, the signal from the vehicle-mounted sensor 208 is input to the input processing circuit 2.
02E, the signal is subjected to waveform processing, and the signal from the input processing circuit 202E is transmitted to the control side CPU 202.
B, and calculates an optimal control amount for the target control based on the signal, and the control side CP based on the calculation result.
The control signal from U202B drives the actuator 210 via the output control circuit 202F, and the program on the non-volatile memory 202C, which is rewritable for each block storing the control program, is erased in block units and , New programs and data transmitted from the rewriting device 204 can be repeatedly written.

Further, as shown in FIG.
02, the program of the original control (engine control for an engine control device, automatic transmission control for an automatic transmission control device) is stored in a continuous space of the non-volatile memory 202C which can be rewritten for each block. Be placed. On the other hand, at least the programs that are not erased and do not function to execute the program rewriting (the three programs of the communication program with the rewriting device 204, the rewriting program, and the program for diagnosing the failure of the nonvolatile memory 202C at the time of rewriting) are: Are arranged in a fixed program area. This fixed program area is used for devices (mask RO) other than the rewritable nonvolatile memory 202C.
M) may be applied, but one block of the rewritable nonvolatile memory 202C may be applied. When one block of the rewritable non-volatile memory 202C is applied, a program that is at least erased and does not function is protected on software so as not to be accidentally erased. Also, the control side RAM 202D
Temporarily stores new programs and data transmitted from the rewriting device 204 in addition to the purpose of temporarily storing data of the operation of the control side CPU 202B.

[0009] Further, the rewriting device 204 transmits a rewriting request to the vehicle control device 202, and when a rewriting permission is returned from the vehicle control device 202, a new program existing on the storage medium 204C is re- sent. And data to the vehicle control device 202. Then, the vehicle control device 202 firstly operates the nonvolatile memory 20
After the entire area of the block to be rewritten in 2C is collectively erased, a new program or data is written for each block. In this case, writing and erasing of programs and data in the nonvolatile memory 202C are performed in block units.

In performing the failure diagnosis of the non-volatile memory 202C, first, as shown in FIG. 6, a power-on reset (startup) is performed with the vehicle control device 202 connected to the rewriting device 204 (step). 30
2), memory value (data value) of the nonvolatile memory 202C
(Step 304), and it is determined whether the checksum verification has been completed and the failure diagnosis is NG (step 306). If this step 306 is YES, the nonvolatile memory 202C has , The failure code is output to the rewriting device 204 (step 308), and an abnormality process is performed (step 31).
0). In this case, the checksum verification in step 306 is a process of determining whether or not the program has been tampered with. When the vehicle control device 202 is activated, the sum of all rewrite areas may be obtained at one time. Since the checksum takes a long time and the rise time of the above-mentioned original control is delayed, it is also possible to obtain the sum little by little for each small area. In the abnormality processing in step 310, only the routine of outputting the failure code of the abnormality in the nonvolatile memory 202C to the rewriting device 204 is utilized (step 308), or the original control is performed only by rewriting the program. In some cases, the control is not performed (step 316), or the original control is performed depending on the outcome as usual (step 312).

If the determination in step 306 is NO, the non-volatile memory 202C is normal, so the vehicle control device 2
02 is performed (step 312), and it is determined whether or not there is a rewrite request from the rewrite device 204 (step 314).
Is YES, there is a rewrite request from the rewrite device 204, and the program is rewritten (step 316).

If the determination in step 314 is NO and there is no rewriting request from the rewriting device 204, and after the rewriting of the program in step 316, the process returns to step 304.

However, in the failure diagnosis of the first non-volatile memory 202C, there is an inconvenience that it is not possible to distinguish between a failure due to an incompletely written program and a failure due to a corrupted memory value.

In the failure diagnosis of the non-volatile memory 202C, secondly, as shown in FIGS. 7 and 8, a keyword is written at the end of each rewrite block, respectively. If the writing is stopped halfway, the original keyword is not set.

That is, as shown in FIG.
When the power-on reset (startup) is performed in a state where “02” is connected to the rewriting device 204 (step 402), it is determined whether a regular keyword is set at the end of each block (step 404). Step 4
If the answer is NO in No. 04, no regular keyword is set at the end of each block, and the non-volatile memory 202C outputs the failure code 1 to the rewriting device 204 as a program incomplete state. (Step 4
06) Then, the program is rewritten in the nonvolatile memory 202C by the program transmitted from the rewriting device 204 (step 408), and the process returns to step 404.

If step 404 is YES,
Since a regular keyword is set at the end of each block for each block, the memory values of the non-volatile memory 202C are integrated (step 410), and checksum verification is completed and failure diagnosis is NG. (Step 412), and if this step 412 is YES,
Since the non-volatile memory 202C is a fatal failure due to a corrupted memory value or the like, another failure code 2 different from the above failure code 1 is output to the rewriting device 204 (step 41).
4), an abnormal process is performed (step 416). In this case, the checksum verification in step 412 is a process of determining whether or not the program has been illegally changed. When the vehicle control device 202 is activated, the sum of all rewrite areas may be obtained at one time. Since the checksum takes a long time and the rise time of the above-mentioned original control is delayed, it is also possible to obtain the sum little by little for each small area. In the abnormality processing in step 416, only the routine of outputting the abnormality failure code 2 of the nonvolatile memory 202C to the rewriting device 204 is utilized (step 414), or the original control is performed only by rewriting the program. May not be performed (step 422), or the original control may be performed as usual (step 418).

If step 412 is NO, the non-volatile memory 202C is normal and the vehicle control device 2
02 is performed (step 418), and it is determined whether or not there is a rewrite request from the rewrite device 204 (step 420).
Is YES, there is a rewrite request from the rewrite device 204, and the program is rewritten in the nonvolatile memory 202C (step 422).

If the result of step 420 is NO and there is no rewrite request from the rewriting device 204, and after the rewriting of the program in step 422, the process returns to step 410.

In the failure diagnosis of the second nonvolatile memory 202C, the incomplete write state of the program and the garbled memory are distinguished from each other, and different failure codes 1 and 2 can be set. Controller rewriting or discarding). However, it is necessary to set the program to avoid keywords, and to rewrite each function of the program to modularize it to a size equal to or less than the block unit, or to avoid keywords with jump instructions so that the program does not come to the boundary of each block So that the non-volatile memory 2
It is necessary to increase the capacity of 02C, which leads to an increase in cost, an increase in man-hours for development and testing, and a decrease in program reliability.

Third, in the failure diagnosis of the nonvolatile memory 202C, as shown in FIGS. 9 and 10, one keyword is written at the end of the last rewrite block. If the writing is later stopped halfway, the original keyword is not set.

That is, as shown in FIG. 10, when a power-on reset (startup) is performed with the vehicle control device 202 connected to the rewriting device 204 (step 502), a regular keyword is set at the end of the last block. It is determined whether or not the processing has been performed (step 504).
If NO in 04, a regular keyword is not set at the end of the last block.
The failure code 1 is output to the rewriting device 204 (step 506), and the program transmitted from the rewriting device 204 is used to rewrite the program in the nonvolatile memory 202C (step 508), and the process returns to step 504.

If step 504 is YES,
A regular keyword is set at the end of the last block, the memory values of the non-volatile memory 202C are integrated (step 510), and whether the checksum verification is completed and the failure diagnosis is NG is determined. Judgment (Step 51)
2) If this step 512 is YES, the non-volatile memory 202C is a catastrophic failure due to a corrupted memory value or the like, so that another failure code 2 different from the above failure code 1 is output to the rewriting device 4 ( (Step 514), abnormality processing is performed (Step 516). In this case, step 51
The checksum verification in step 2 is a process of determining whether the program has been tampered with. When the control unit 202 for the vehicle is activated, the sum of all rewrite areas may be obtained at one time. , And the rise time of the above-mentioned original control is delayed, so that it is also possible to obtain the sum little by little for each small area. In addition, the abnormality processing in step 516 includes the non-volatile memory 2C
If only the routine of outputting the abnormal failure code to the rewriting device 4 is utilized (step 514),
There is a case where the original control is not performed only by executing the program rewriting (step 522), or a case where the original control is performed depending on the outcome as usual (step 518).

If the determination in step 512 is NO, the non-volatile memory 202C is normal.
02 is performed (step 518), and it is determined whether there is a rewrite request from the rewrite device 204 (step 520).
Is YES, there is a rewrite request from the rewrite device 204, and the program is rewritten in the nonvolatile memory 202C (step 522).

If the result of step 520 is NO and there is no rewriting request from the rewriting device 204, and after the rewriting of the program in step 522, the process returns to step 510.

In the failure diagnosis of the third nonvolatile memory 202C, the incomplete write state of the program and the garbled memory can be distinguished from each other, and different failure codes 1 and 2 can be set. Rewriting or discarding) can be controlled. However, since one keyword is written at the end of the last rewrite block, it is impossible to rewrite the program of only one block, and there has been an inconvenience that the rewrite time of the program in all blocks becomes long.

In other words, in the conventional on-board failure diagnosis (OBD) relating to the rewriting of the program of the nonvolatile memory which can be rewritten in units of blocks, most of the checksum verification has been performed.

However, in this case, an incomplete write state of the program (not a physical failure of the ROM) caused by stopping the write operation during rewriting of the program.
And the garbled memory value (RO
M as a physical failure) (see FIG. 6).

As a solution to this inconvenience, there is, for example, a description disclosed in Japanese Patent Application Laid-Open No. 9-128229. This makes it possible to distinguish between an incompletely written state of the program due to the stoppage of writing and a garbled memory value, a method in which a keyword is arranged for each rewritten block and block rewriting is possible (see FIG. 8), and a last rewritten block. A method in which only one keyword is placed at the end of the memory of FIG.
See).

[0029]

However, conventionally, in the failure diagnosis of the non-volatile memory, in the failure diagnosis of FIG. 6, it is impossible to distinguish between an incomplete state of program writing and a corrupted memory value. It takes time until an abnormality is detected, and there is an inconvenience that the time for the failure diagnosis becomes long.

In the fault diagnosis of FIG. 8, it is possible to discriminate between an incomplete state of program writing and a corrupted memory value and to output different fault codes, but the continuity of program arrangement is impaired. In addition, when each function of the program is modularized to a size smaller than the rewrite block unit so that the program does not come to the boundary of the block, the non-volatile memory (RO
M), the cost is increased due to an increase in the capacity, and when jump instructions are inserted to jump over a block boundary, the number of development / test steps is increased and the reliability of the program is reduced.

Further, in the fault diagnosis of FIG. 10, it is possible to distinguish between an incomplete state of program writing and a corrupted memory value and to output different fault codes, but it is not possible to rewrite a program in block units. However, there is an inconvenience that the rewriting time of the program becomes longer.

[0032]

SUMMARY OF THE INVENTION In order to eliminate the above-mentioned disadvantages, the present invention provides a vehicle control device having a nonvolatile memory capable of writing and erasing a program and data for each block. When rewriting is instructed from the external device, a new program or data transmitted from the external device is rewritten in the nonvolatile memory for each block, and the program or data written in each block is rewritten. The last data is copied to the management block and stored, and the last data in the program or data written for each block is compared with the last data for each block copied to the management block. Comparing means, and the last part of the program or data written for each block compared by the comparing means. Characterized in that a determining means for determining whether the last and tail data are equal for each block that is copied data and the management block.

[0033]

According to the present invention, the last data in a program or data written for each block is copied and stored in a management block, and the last data in the program or data written for each block is stored. Is compared with the last data of each block copied to the management block, and the last data in the program or data written for each of the compared blocks and each data copied to the management block are compared. By judging whether or not the last data of each block is equal to each other, the program is arranged in a continuous space of the non-volatile memory as usual, and the last program or data written in each block is written. Since the tail data is compared with the tail data of each block copied to the management block, the data written for each block is It is possible to compare the determination in a short time it is possible to determine whether the non-volatile memory is faulty, also it is possible to prevent the capacity of the nonvolatile memory is increased.

[0034]

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram showing an embodiment of the present invention; 1 to 3 show an embodiment of the present invention. In FIG. 3, reference numeral 2 denotes a vehicle control device (vehicle electronic controller), and reference numeral 4 denotes an external device such as a rewriting device (failure diagnosis tester, personal computer,
6 is a connector (connecting device) for connecting the vehicle control device 2 and the rewriting device 4, 8 is a vehicle-mounted sensor,
Reference numeral 10 denotes an actuator such as a fuel injection valve, and 12 denotes another control device (controller).

The vehicle control device 2 includes a first control communication port 2 A for performing data communication with the rewriting device 4,
A control-side CPU 2B that calculates an optimal control amount for target control based on a signal from an input processing circuit 2E to be described later and outputs a control signal based on the calculation result, and a block rewrite that stores a control program and data. A non-volatile memory (ROM) 2C and a control RAM 2D for storing data for the control CPU 2B to perform calculations
An input processing circuit 2E for inputting a signal from the on-vehicle sensor 8 and performing waveform processing, and an output control circuit 2 for receiving a control signal from the control CPU 2B and driving the actuator 10.
F and a second control-side communication port 2G for performing communication with another control device 12 are provided.

The rewriting device 4 has a rewriting communication port 4 for performing data communication with the vehicle control device 2.
A and a rewriting CPU 4B for executing rewriting control
A storage medium 4C in which a new program or data file for the vehicle control device 2 is stored;
M4D and a rewriting RAM 4E are provided.

The connector 6 connects the first control communication port 2A of the vehicle control device 2 with the rewriting communication port 4A of the rewriting device 4.

The control CPU 2 of the vehicle control device 2
In B, as shown in FIG. 1, when rewriting is instructed from the rewriting device 4, a new program or data transmitted from the rewriting device 4 is stored in the nonvolatile memory 2C for each block (for example, blocks 1 to 5). The rewriting process is executed, and at this time, the last data (E1 to E5) in the program or data written for each block transmitted from the rewriting device 4 is set to, for example, the block 1 in each block. When a power-on reset (startup) is performed, the last data in a program or data written for each block and each block copied to the management block P are copied. Means 2B- for comparing with the last data of
1, the last data in the program or data written for each block compared by the comparing means 2B-1 is equal to the last data for each block copied to the management block P. And a determination means 2B-2 for determining whether or not the determination is made. Note that the management block P can be set as a rewrite block for writing a checksum value or ID.

The vehicle control device 2 determines whether the last data in the program or data written for each block by the determination means 2B-2 and the last data for each block copied to the management block P are determined. It is determined whether or not they are equal, and the cause of the failure of the nonvolatile memory 2C is distinguished based on the result of the determination means 2B-2.

The vehicle control device 2 determines whether the last data in the program or data written for each block by the determination means 2B-2 and the last data for each block copied to the management block P are determined. If it is determined that they are not equal, the program and data are rewritten in the nonvolatile memory 2C.

In the vehicle control device 2, the last data in the program or data written for each block by the determination means 2B-2 is equal to the last data for each block copied to the management block P. Is determined, the checksum verification is performed, and the non-volatile memory 2 is determined in the checksum verification.
If C is determined to be faulty, it is output when the last data in the program or data written for each block is not equal to the last data for each block copied to the management block P. A failure code different from the failure code is output to the rewriting device 4.

Next, the operation of this embodiment will be described with reference to the flowchart of FIG.

In performing the failure diagnosis of the nonvolatile memory 2C, a power-on reset (startup) is performed with the vehicle control device 2 connected to the rewriting device 4 (step 1).
02), the last data (E1 to E
5) and whether or not the last data of each block copied to the management block P is the same (step 10).
4) If this step 104 is NO, the last data (E1 to E5) of each block and the management block P
Is not the same as the last data of each block, the nonvolatile memory 202C outputs the failure code 1 to the rewriting device 4 as an incomplete write state of the program (step 106), and The program transmitted from the device 4 is used to rewrite the program in the nonvolatile memory 2C (step 108), and the process returns to step 104.

If step 104 is YES,
The last data (E1 to E5) of each block is the same as the last data of each block copied to the management block P, and the memory values of the nonvolatile memory 2C are integrated (step 110). Then, it is determined whether the checksum verification has been completed and the failure diagnosis is NG (step 112). If this step 112 is YES, the non-volatile memory 202C has a fatal failure due to a corrupted memory value or the like. Therefore, another failure code 2 different from the above-described failure code 1 is output to the rewriting device 4 (step 114), and abnormal processing is performed (step 116). In this case, the checksum verification in step 112 is a process of determining whether or not the program has been illegally changed. When the control device 202 for the vehicle is activated, the sum of all rewrite areas may be obtained at one time. , Checksum takes time,
Since the rise time of the original control (engine control for an engine control device, automatic transmission control for an automatic transmission control device) is delayed, it is also possible to obtain the sum little by little for each small area. In the abnormality processing in step 116, the routine for outputting the failure code of the abnormality in the nonvolatile memory 2C only to the rewriting device 4 is utilized (step 114), or the original control is performed only by rewriting the program. There are cases where the control is not performed (step 122) and cases where the original control is performed depending on the outcome as usual (step 118).

If the determination in step 112 is NO, the non-volatile memory 2C is normal, and the above-described original control of the vehicle control device 2 is performed (step 118). It is determined whether or not this is the case (step 120). If this step is YES, there is a rewrite request from the rewriting device 4, and the program transmitted from the rewriting device 4 rewrites the program in the nonvolatile memory 2C. (Step 122).

Then, when the step 120 is NO and there is no rewrite request from the rewriting device 4 and after the rewriting of the program in the step 122,
Return to step 110.

The rewriting of the program in the non-volatile memory 2C can be executed only for the block whose last data is not the same or for all the blocks.

As a result, the last data in the program or data written for each block is stored in the management block P.
Then, after startup, the last data in each program or data written for each block is compared with the last data for each block copied to the management block P. By determining whether the last data in the program or data written for each compared block and the last data for each block copied to the management block P are equal, Can be determined by comparing the last data written in the non-volatile memory 2C with a short time.

The determination means 2B-2 determines whether the last data in the program or data written in each block is equal to the last data in each block copied to the management block P. Is determined, and the cause of the failure in the nonvolatile memory 2C is distinguished based on the result of the determination means 2B-2, whereby the cause of the failure occurring during rewriting of the program can be specified, and the subsequent countermeasures can be smoothly executed. It becomes possible.

Further, the deciding means 2B-2 decides that the last data in the program or data written for each block is not equal to the last data for each block copied to the management block P. In this case, by rewriting the program and data in the non-volatile memory 2C, a failure caused by incomplete writing of the program or data can be detected in a short time by the determination by the checksum verification. Yes, and
After that, the necessary rewriting can be performed for each block, so that the time required for troubleshooting can be shortened, contributing to a reduction in the number of engine system development man-hours. The total man-hours including the failure diagnosis and rewriting on the line can be reduced, thereby improving the reliability of the program and performing the failure diagnosis without increasing the capacity of the nonvolatile memory 2B. .

Further, the determining means 2B-2 determines that the last data in the program or data written for each block is equal to the last data for each block copied to the management block P. In this case, the determination by the checksum verification is performed, and when the non-volatile memory 2C is determined to be faulty in the determination by the checksum verification, the last data in the program or data written for each block is determined. By outputting another failure code 2 different from the failure code 1 output when the last data of each block copied to the management block P is not equal to the rewriting device 4, the program or program can be simply executed. In the case of a failure due to a data write error, there is a high possibility that it will be resolved by rewriting the data only. And, in the event of a failure of the nonvolatile memory 2C itself, because the replacement or the like is required, a determination is made double, high accuracy, it is possible to prevent erroneous diagnosis.

In other words, in this embodiment, the last data (memory value) of each rewrite block is written in the management block P, and the last data of each rewrite block written in the management area before the checksum verification is written. Is compared with the last memory value (data) of each block, and as a result of this comparison and reference, if all blocks are determined to be OK, checksum verification is performed.
In this case, the checksum verification is unnecessary, and in the case of NG in each block, the dedicated failure code 1 is output to the rewriting device 4 as NG at the time of rewriting. OK judgment in the block of
If the checksum verification is NG, the nonvolatile memory 2C
And outputs a dedicated failure code 2 to the rewriting device 4 as a catastrophic failure.

As a result, the program is arranged as usual in the continuous space of the nonvolatile memory 2C, and the last data of each block is copied and stored in the management block, and the copied last data and Since the program written for each block and the last data in the data are compared, it is possible to make a comparison judgment of the data written for each block, and to determine whether the nonvolatile memory 2C has failed in a short time. Can be determined.

Further, since the incomplete write state of the program and the garbled memory value can be distinguished and different failure codes 1 and 2 can be set, it is possible to control the response to the market (rewriting or discarding the controller). . Further, it is possible to obtain a continuous space of the nonvolatile memory 2C, and it is possible to increase the capacity of the nonvolatile memory 2C while maintaining the capacity of the program layout similar to that of the related art FIG. This makes it possible to cope with rewriting of a single block.

That is, the program is stored in the nonvolatile memory 2C.
8 and 10 can be rewritten in a block unit, and can be rewritten in block units with less man-hours for development and test, and can be rewritten in block units with high reliability. As compared with the case of (1), the program is faster and more compact, the degree of freedom of the program layout can be improved, the incomplete write state of the program can be distinguished from the garbled memory value, and the The integrity status can be re-written with peace of mind, and the detection speed of program incompleteness is fast for checksum verification. It can be advantageous for the line.

In the present invention, for each block of the non-volatile memory, the entire program is checked to identify a specific location where a failure is likely to occur, and this location is specified and checked. In addition, it is possible to easily determine the failure of the nonvolatile memory.

[0057]

As is apparent from the above detailed description, according to the present invention, when rewriting is instructed from an external device, a new program or data transmitted from the external device is stored in the nonvolatile memory for each block. Execute rewrite processing, copy and save the last data in the program and data written for each block to the management block,
A comparing means is provided for comparing the last data in the program or data written for each block with the last data for each block copied to the management block, and for each block compared by this comparing means. A determination means for determining whether or not the last data in the program or data written to the management block and the last data in each block copied to the management block is equal to each other. Since the program is placed in the space as usual, and the last data in the program or data written for each block is compared with the last data for each block copied to the management block, It is possible to compare and determine the data written for each block, determine whether or not the nonvolatile memory has failed in a short time, and It may prevent the capacity of the memory increases.

[Brief description of the drawings]

FIG. 1 is a diagram showing blocks of a nonvolatile memory.

FIG. 2 is a flowchart of a failure diagnosis.

FIG. 3 is a configuration diagram of a vehicle control device.

FIG. 4 is a configuration diagram of a conventional vehicle control device.

FIG. 5 is a diagram illustrating the concept of rewriting a program in the related art.

FIG. 6 is a flowchart of a conventional failure diagnosis.

FIG. 7 is a diagram showing a block of a nonvolatile memory in which each keyword is set in each block in the related art.

FIG. 8 is a flowchart of a failure diagnosis in FIG. 7;

FIG. 9 is a diagram illustrating a block of a nonvolatile memory in which one keyword is set in the last block in the related art.

FIG. 10 is a flowchart of the failure diagnosis in FIG. 9;

[Explanation of symbols]

 Reference Signs List 2 vehicle control device 4 rewriting device 6 connector 2B control-side CPU 2B-1 comparing means 2B-2 determining means 2C nonvolatile memory

Claims (5)

[Claims] In a vehicle control device provided with a nonvolatile memory capable of writing and erasing a program and data for each block, when a rewrite is instructed from an external device, a new data transmitted from the external device is transmitted. A program or data is rewritten to the non-volatile memory for each block, and the last data in the program or data written for each block is copied and stored in a management block. Comparing means for comparing the last data of the written program or data with the last data of each block copied to the management block, and writing each of the blocks compared by the comparing means; Of the last program and the last data of each block copied to the management block. A control device for a vehicle, further comprising a determination means for determining whether the values are equal to each other. 2. The control device for a vehicle according to claim 1, wherein the last data in the program or data written for each block by the determination means and the last data for each block copied to the management block are stored in the control unit. 2. The vehicle control device according to claim 1, wherein it is determined whether or not are equal, and the cause of the failure in the nonvolatile memory is distinguished based on the result of the determination unit. 3. The control device for a vehicle according to claim 1, wherein the last data in the program or the data written for each block by the determination means and the last data for each block copied to the management block. 2. The method according to claim 1, further comprising rewriting a program or data in the nonvolatile memory when it is determined that the values are not equal to each other.
The control device for a vehicle according to claim 1. 4. The vehicle control apparatus according to claim 1, wherein the last data in the program or data written for each of the blocks by the determination means and the last data for each of the blocks copied to the management block. Are determined to be equal to each other, a check is made by checksum verification, and if the non-volatile memory is determined to be faulty in the checks by this checksum verification, a program or data in each of the blocks is written. Outputting another fault code different from the fault code output when the last data is not equal to the last data of each block copied to the management block to the external device. The control device for a vehicle according to claim 1. 5. The control apparatus for a vehicle according to claim 1, wherein the last data in the program or the data written for each block by the determination means and the last data for each block copied to the management block. 2. The vehicle control device according to claim 1, wherein when it is determined that the values are not equal to each other, the program or data is rewritten in the nonvolatile memory as an incomplete state due to a program or data write error. .