Bootloader-based ECU (electronic control Unit) program programming method with backup functionTechnical Field
The invention relates to the field of automobile electronics, in particular to a program programming method of an ECU (electronic control Unit) with a backup function based on Bootloader.
Background
Bootlaoder is an indispensable software module in an electronic control unit (hereinafter referred to as ECU) of the automobile, and is responsible for guiding software start when the ECU is powered on. After the ECU leaves the controller supplier, the whole vehicle factory or the system integrator often needs to upgrade the software of the ECU in the development process, so the Bootloader generally has the function of upgrading the firmware of the ECU. When receiving the upgrade request, the ECU receives data from outside to upgrade the software.
After the ECU receives the software update request, flash data in the controller can be wiped out to be written. The upgrade data is typically transmitted to the ECU via LIN, CAN bus, ethernet, or the like. In the upgrading process, the transmission data may be lost, or even the upgrading process is interrupted accidentally, because the automobile is in some special working conditions or the user is operated improperly. When the situation occurs, the Bootloader needs to have a protection mechanism to ensure that the Bootloader can still continuously update the software of the controller after the upgrade fails. However, when the update is requested, the original program in the controller is erased, and the controller is in a state where normal functions cannot be executed and cannot be restored to a state before the update before the successful programming.
Disclosure of Invention
The invention aims to solve the problem that the original function cannot be normally executed after the software update of the prior art is failed and the problem that the prior art cannot roll back to the previous version after the software update is completed.
The invention realizes the above purpose through the following technical scheme:
a program programming method of an ECU with a backup function based on Bootloader comprises the following steps:
Step A1: the singlechip divides a program use area of FLASH in the singlechip into A, B sections;
Step A2: after receiving the programming request, the Bootloader firstly judges whether programs in the A, B partition are complete according to the check mark, and if the incomplete programs exist, the partition is erased to be used as the programming partition; when the programs are complete, selecting the current inactive partition as the current programming partition, and executing the step A3;
Step A3: after program erasure, the ECU writes the program received from the outside into the current programming partition, verifies the integrity of the program and the function after programming, records a time stamp after verification, and sets the current programming partition as an active partition to execute the step A4;
Step A4: when the ECU is normally started, the Bootloader guides the currently active program to execute; when the controller is abnormally reset during program execution, the Bootloader records the abnormal times, and when the times exceed the limit value, the Bootloader sets another partition as an active partition and executes a program before the new program is programmed into the singlechip.
The singlechip is a chip used for storing a new programming program in the controller.
The A, B partitions are two partitions which are completely consistent in size and structure and store programs, the two partitions are provided with two active partitions and inactive partitions, the addresses of the two partitions have a complete mapping relation, the two partitions can be used as backups, and the programs in the two partitions are provided with a time stamp and a check mark respectively.
The verification mark is placed in the program when the program is written, and the verification mark and the time stamp are used as the guiding basis of the Bootloader.
The programming partition is a partition storing a new programming program in the A, B partition.
The calculation formula of the limit value is n=rounded (2.5×p+1.6×q+3), where N is the limit value, P is the number of times that "if there is an incomplete program, erasing the partition as the current programming area", and Q is the number of times that "when the program is complete, the current inactive partition is selected as the current programming area".
Compared with the prior art, the invention has the following advantages:
1) The method can realize double backup of the ECU program, and ensure that the ECU can still execute the program before updating when programming or program execution is abnormal.
2) The method can enable the ECU program to be restored to the state before programming at any time.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
FIG. 2 is a schematic diagram of a conventional Bootloader programming flow with a backup function;
FIG. 3 is a schematic diagram of a Bootloader with backup function, which can execute an original program after a programming failure.
Detailed Description
The present invention will now be described in detail with reference to the drawings and specific embodiments thereof, wherein it is apparent that the embodiments described are only some, but not all, of the embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 1, a program programming method of ECU with backup function based on Bootloader includes the following steps:
Step A1: the singlechip divides a program use area of FLASH in the singlechip into A, B sections;
When A, B is carried out, the A, B partition is partitioned into two partitions with completely consistent sizes and structures and storing programs, the two partitions are provided with two active partitions and inactive partitions, the addresses of the two partitions have a set of complete mapping relation, the two partitions can be used as backup, the programs stored in the two partitions are stored with a time stamp and a check mark, and the check mark and the time stamp are used as the guiding basis of the Bootloader together.
Step A2: after receiving the programming request, the Bootloader firstly judges whether programs in the A, B partition are complete according to the check mark, and if the incomplete programs exist, the partition is erased to be used as the programming partition; and when the programs are complete, selecting the current inactive partition as the current programming partition, and executing the step A3.
Step A3: after the program is erased, the ECU writes the program received from the outside into the current programming partition, after programming is completed, the program and the functional integrity are checked, a time stamp is recorded after the program passes the check, the current programming partition is set as an active partition to execute the step A4, and when the check is out of the specification, a warning is given, and a programming person checks the problem and rewrites the program.
Step A4: after the programming is normal, the ECU is started normally, and the Bootloader guides the currently active program to execute; when the controller is abnormally reset during program execution, the Bootloader records the abnormal times, when the times exceed the limit value, the Bootloader sets another partition as an active partition, executes a program before writing a new program into the singlechip, wherein the calculation formula of the limit value is n=round (2.5×p+1.6×q+3), wherein N is the limit value, P is the times when an incomplete program exists, the partition is erased as a current writing area, Q is the times when the program is complete, and the current inactive partition is selected as the current writing area.
When the ECU receives a rollback request, the Bootloader sets the other partition as an active partition to realize program rollback.
The invention provides a program programming method of an ECU with a backup function based on Bootloader, which has the beneficial effects that:
The dual-backup of the ECU program can be realized, and the ECU can still execute the program before updating when programming or program execution is abnormal. And can be restored to the state before programming at any time.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.