| CPC G06F 9/4401 (2013.01) [G06F 8/65 (2013.01)] | 15 Claims |
|
1. A control device constituting a system of a vehicle, the control device comprising a central processing unit (CPU) configured to:
store first software for executing a predetermined process, the predetermined process including a first process for implementing a first function of the vehicle in cooperation with another control device constituting the system, the control device and the other control device each being configured to update software at startup when software update is available;
execute the first software;
receive information about second software stored in the other control device from the other control device before execution of the first software at the startup of the control device, the information about the second software including a program for executing the first process;
execute a startup check process including a check process for checking consistency between the first software and the second software prior to executing the first process;
conditionally permit execution of the first process based on a result of the startup check process, wherein the execution of the first process is permitted only if the check process confirms software consistency between the first software and the second software;
during operation of the control device after startup, monitor for an event indicating that the other control device has restarted or undergone a software update, wherein the CPU is configured to detect a post-startup software inconsistency based on receiving updated software information from the other control device after execution of the first software has started; and
execute a real-time enforcement process that, in response to detecting the post-startup software inconsistency, immediately stops execution of the first process if already executing, and prevents execution of the first process if not yet started.
|