Introduction to TTP and FlexRay real-time protocols

Introduction to TTP and FlexRay real-time protocols 15.11.2005 IDA/DSFD meeting 15.11.2005 at IHA Århus by Finn Overgaard Hansen, Ingeniørhøjskolen i Århus foh@iha.dk Agenda Application areas for Time Triggered Systems: X-by-Wire systems Two competing approaches (TTP-FlexRay) The Time Triggered Protocol (TTP) & the Time Triggered Architecture (TTA) The FlexRay Protocol Summary Slide 2 1

Automotive Electronic Market Development 2005 Slide 3 Automotive Network Demands Source: General Motor FlexRay presentation in Japan Slide 4 2

Total Connectivity in the Vehicle TTP: Time Triggered Protocol Slide 5 Automotive X-by Wire Systems Mechanical & hydraulic subsystems controlling safetyrelated functions are replaced by computer control systems Examples: brake-by-wire, steer-by-wire, vehicle dynamics control, active suspension Advantages Cost reduction, weight reduction, easier design, assembly and maintenance, passenger safety and comfort Critical technologies because they serve as the foundation for such features as: adaptive cruise control, automatic collision avoidance and autonomous lane keeping They also enable automakers to improve: crashworthiness (by reconfiguring under-the-hood regions), boost fuel efficiency through adoption of new motor controls improve adaptability to design changes, such as moving steering wheels from the left to right side of a vehicle Slide 6 3

X-by-wire System Requirements Safety-critical applications require: Fault tolerance: no single point of failure may lead to a system failure Predictable and timely system behavior Synchronized time base (global time) Automotive constraints: Automotive temperature requirements -40 to +125 degrees Celsius Automotive and legal EMC requirements Support of future high supply voltages (36/42V instead of 12 V) Slide 7 Example 1: Steer-by-wire System Slide 8 4

Example 1: Steer-by-wire Slide 9 Example 2: Break-by-wire Slide 10 5

Event-Triggered vs. Time-Triggered Systems Time-triggered control system All activities are carried out at certain points in time know a priori at design time (based on a globally synchronized time base) Transmission of messages Task execution Monitoring of external states All nodes have a common notion of time Event-triggered control system All activities are carried out in response to events external to the system Slide 11 Competing TT Approaches TTP (Time-Triggered Protocol) TTA Group TTTech Company Adopted by Audi, PSA Peugot, Renault for automotive applications Honneywell for avionics and aircraft control functions Alcatel for Railway signaling systems FlexRay Protocol Consortium: BMW, DaimlerChrysler, Motorola, Philips, Ford, Texas Instrument, Bosch Launched in 2000, Engineering samples in 2004 Slide 12 6

Time-Triggered Protocol (TTP) History Research at University of Berlin & University of Vienna (TU Wien) Professor Hermann Kopetz MARS 1979 TTP Foundation of TTA Group 1998 Foundation of TTTech Company EU Research Projects (TTA, X-by-wire) 2005 FlexRay 2000 Foundation of FlexRay Consortium (DaimlerChrysler, BMW) Foundation of TTAutomotive march 2005 Slide 13 TTAutomotive Joins FlexRay Consortium Vienna, Austria March 15, 2005 TTAutomotive, a subsidiary of TTTech, has joined the FlexRayTM consortium as a development member. TTAutomotive acts as development partner for time-triggered systems in the automotive industry. The company s mission is to use part of TTTech s know-how in the field of Time- Triggered Architecture (TTA) to advance the implementation of time-triggered technology in the automotive industry. This is done in accordance with the principles of the FlexRay standard. TTAutomotive cooperates with automotive partners to bring FlexRay-based TTA into automotive commercial production. Slide 14 7

Example: TTP in Aerospace Electronics Airbus s new superjumbo A380 use TTP for its cabin pressure control system Slide 15 Time-Triggered Protocol (TTP) TTP: Family of TDMA based, fault tolerant protocols TDMA: Time Division Multiple Access TTP/C: A communication protocol specifically designed for safety-related automotive applications The development of TTP and TTP/C has been led by Prof. Hermann Kopetz, Technical University of Vienna TTP is based on more than 20 years development work in research and prototype applications TTP integrated circuits have been available since 1998 Second generation silicon, supporting communication speeds of up to 25 Mbit/s, is available today The commercial development of TTP/C tools and products is led by TTTech (www.tttech.com) Existing protocols J1850 and CAN meet the bandwidth specification for an SAE Class C protocol, but not the fault tolerant requirements Slide 16 8

SAE Communication Classes & TTP SAE: Society of Automotive Engineers Three Communication System Classes Class A For systems with low speed networks Soft Real-Time systems Class B For systems with high speed networks, but without safetycritical requirements Class C For systems with safety-critical requirements Hard Real-Time systems TTP/A (Automotive Class A = Soft Real-Time) A scaled-down version of TTP A cheaper master/slave variant TTP/C (Automotive Class C = Hard Real-Time) A full version of TTP A fault-tolerant distributed variant Slide 17 Time-Triggered Protocol (TTP) The Time-Triggered Protocol (TTP) is a real-time communication protocol for the interconnection of electronic modules of distributed fault-tolerant real-time systems TTP/C was originally intended to meet the requirements of SAE class C automotive applications The current protocol specification is targeted at distributed real-time systems with strong requirements for safety, availability, and composability in the fields of: automotive aerospace electronics industrial control Slide 18 9

TTP Protocol Objectives Message transport with low latency and minimal jitter Support of composability Provision of a fault-tolerant membership service Fault-tolerant clock synchronization Distributed redundancy management Minimal overhead Scalability to high data rates efficient operation both on twisted wires and on optical fibers Slide 19 TDMA: Time Division Multiple Access A distributed static medium access strategy The right to transmit a frame is controlled by the progression of real time Requires that a fault-tolerant global time-base is available to all nodes The channel capacity is statically divided into a number of slots A unique sending slot is assigned to every node A node can only send one frame in every TDMA round If there are no data to send, an empty frame is transmitted The sequence of sending slots within an ensemble of nodes is called a TDMA round The sequence of all different TDMA rounds is called a cluster cycle Slide 20 10

TTP/C Bus Access Scheme FTU: Fault Tolerant Unit Slide 21 Time-Triggered Architecture (TTA) The Time-Triggered Architecture (TTA) generates a framework for the domain of distributed embedded real-time systems in high-dependability environments A central characteristic of the Time-Triggered Architecture is the treatment of (physical) real time as a first-order quantity The TTA decomposes a large embedded application into clusters and nodes and provides a fault-tolerant global time base of known precision at every node Slide 22 11

TTA Cluster and Nodes CNI: Communication Network Interface The Host programming interface to the Time-triggered network Slide 23 TTA Layers Slide 24 12

TTP Node Configuration CNI: Communication Network Interface Dual Port RAM Host Processor TTP/C Controller «global clock tick» Protocol Processor Bus Guardian ROM TTP/C Control Data (MEDL) Driver Driver Slide 25 Conceptual Model Slide 26 13

Conceptual Layers of TTP/C Host Layer Application Software in Host FTU CNI FTU Layer FTU Membership RM Layer Redundancy Management Basic CNI SRU Layer Data Link/Physical Layer SRU Membership Clock Synchronization Media Access: TDMA Slide 27 Updated by TTP Controller The Basic CNI Structure Dual Port Ram Status Registers Control Registers Global Internal Time Watchdog SRU-Time (part of C state) Timeout Register Updated by Host MEDL (part of C state) Membership (part of C state) Status Information Mode Change Request Reconfiguration Request External Rate Correction Message Area Slide 28 14

Membership The node membership vector contains as many bits as there are (sending) nodes in a cluster each node is assigned to a specific bit position a TRUE indicates that the node was operating during the last sending slot a False indicates that the node was not operating Slide 29 The Message Descriptor List (MEDL) MEDL SRU-Time message time Address Attributes D L I A Message Area Message D: Direction input/output message L: Length of message I: Initialization Initialization or normal message A: Additional parameter The MEDL s of a cluster are generated automatically by a cluster compiler Slide 30 15

TTP Frame Application data length is variable for each node Slide 31 TTP/C Frame Types: N-Frames (max 240 Bytes) 16 bit I/N Message Mode bit 1 Mode bit 2 Mode bit 3 4 bit Header Slide 32 16

TTP/C Frame types: I-Frames I/N Message Mode bit 1 4 bit Header Mode bit 2 Mode bit 3 16 bit C-State: Controller state Slide 33 CRC Calculation CRC calculation at sender Header Data Field C-State of Sender CRC Message on the network Header Data Field CRC CRC calculation at receiver Header Data Field C-State of Receiver CRC Slide 34 17

Fault-tolerant Node Slide 35 TTP/C Communication Properties Static Scheduling Guaranteed delivery times with known variance (jitter) Clock Synchronization All nodes synchronized to within one microsecond each TDMA round Composability TTP/C nodes are temporally composable as well as functionally composable Fail Silent The bus guardians ensure transmission only during the correct timeslot, in all cases Membership Every node s membership is available during each TDMA round Slide 36 18

Advantages/Disadvantages of TTP Advantages Simple protocol to implement Deterministic response time No wasted time for Master polling message Disadvantages Wasted bandwidth when some nodes are idle Static solution Fixed network size after installation Slide 37 TTP Software Tool Suite Slide 38 19

TTP-OS: Time-Triggered OS Slide 39 TTP-IP Module The IndustryPack- Compatible TTP Node TTP-IP Module is an IndustryPack -compatible high-performance node for the Time-Triggered Protocol (TTP ). It is equipped with a Freescale MPC555 PowerPC and the TTP controller AS8202NF and suitable for distributed hard real-time systems. It supports the fault-tolerant real-time operating system TTP-OS which is based on OSEKtime and specifically designed for applications based on time-triggered technology. Slide 40 20

FlexRay Protocol The Communication Systems for advanced automotive control applications The FlexRay protocol provides flexibility and determinism by combining a scalable static and dynamic message transmission, incorporating the advantages of familiar synchronous and asynchronous protocols Source: FlexRay Protocol Specification version 2.1, 12-May-2005 Slide 41 FlexRay Context Demand for a bus system with high data rate for automotive applications Deterministic and fault-tolerant bus system for advanced automotive control applications Support from the bus system for distributed control systems Limited number of different communication systems within vehicles Slide 42 21

FlexRay Goals Develop an advanced communication technology for high-speed control applications in vehicles Make the technology available in the market place for everyone Drive the technology as a defacto standard Slide 43 FlexRay Core Partners (1) Definition of the requirements for FlexRay the automotive communication system for future automotive applications - in cooperation with DaimlerChrysler and General Motors. Definition of the requirements for FlexRay the automotive communication system for future automotive applications - in cooperation with BMW and General Motors. Development of requirements for FlexRay - the advanced communication system for future automotive applications, in cooperation with BMW and DaimlerChrysler. STUTTGART, Germany, Aug. 5, 2003 The FlexRay Consortium today announced a breakthrough in establishing FlexRay as the de facto international standard for advanced automotive control applications with the news that Volkswagen has joined the Consortium as a Core Partner. Slide 44 22

FlexRay Core Partners (2) Contribution of experiences from the development of CAN and TTCAN to the FlexRay protocol. Development of the FlexRay protocol specification and implementation into silicon solutions. Development of the FlexRay physical layer specification and implementation into silicon solutions. Four Asian automakers join FlexRay Consortium (2004-03-01) Toyota, Nissan, Honda and Hyundai Kia Motors have joined the FlexRay Consortium, adding their weight to the group's effort to create a common standard for automotive by-wire technology. With the new automakers, FlexRay members now build almost seven of every 10 new vehicles in the world each year. Slide 45 Current FlexRay Plans Source: www.flexray.com Slide 46 23

FlexRay Architecture Example Slide 47 Basic Features Synchronous and asynchronous data transmission (scalable) High net data rate of up to 10 Mbit/sec Deterministic data transmission, guaranteed message latency and message jitter Support of redundant transmission channels Fault tolerant and time triggered services implemented in hardware Fast error detection and signaling Support of a fault tolerant synchronized global time base Error containment on the physical layer through an independent "Bus Guardian" Support of optical and electrical physical layer Support for bus, star and multiple star topologies Slide 48 24

Layered Protocol Structure Slide 49 FlexRay Node Architecture (1) ECU= Electronic Control Unit Slide 50 25

FlexRay Node Architecture (2) Slide 51 Static and Dynamic Segments Periodic statically scheduled message transfer is a benefit for automotive applications, especially distributed control loops with replication Static message segment deterministic communication behavior state message semantic required support for distributed control and closedloop control functions benefits for design and simulation of distributed functions Spontaneous message transfer in a dynamic segment to allow burst transmissions diagnosis information ad hoc messages in general Slide 52 26

Topologies - Bus & Star Bus passive medium no active components within the channel most automotive experience automotive costs Star best suited technology for high speed networks different degrees of intelligence possible with/without protocol knowledge can protect against concurrent media access limits the error domain of not correctly working sub networks Slide 53 Passive Bus Topology Slide 54 27

Active Star Toplogy Slide 55 Active Star Component A branch has to be deactivated if a faulty signal is detected A deactivated branch shall be fail-silent and should be reactivated if the fail condition is no longer available Slide 56 28

Hybride Toplogy Slide 57 Topology Example A node can either be connected to both channels or only to one of the channels Slide 58 29

Frame Transfer (1) Communication cycle with static and dynamic segments A,D,C,E A,B,C,E Slide 59 Frame Transfer (2) Communication cycle in a pure dynamic system Slide 60 30

Communication Scheme (1) Each node must be able to make use of a distributed clock Each node must send frames inside a predefined static slot or/and inside a dynamic segment Transmission can be divided into 3 phases: The bus guardian must enable the access to the bus It must be signaled that a frame should be transmitted The transmission itself Slide 61 Communication Scheme (2) Slide 62 31

Frame Transfer Cycles consisting of two segment Static: Divided in timeslots (TDMA) The slot length is defined off-line and therefore fixed during runtime Dynamic: Has start delimiter: Start of cycle SOC (alarm/normal) Dynamic frame length Media is accessed via timers and priorities Mixed Slide 63 FlexRay Frame Format (1) Frame ID (11 bits): The frame ID defines the slot in which the frame should be transmitted. A frame ID is used no more than once on each channel in a communication cycle. Slide 64 32

FlexRay Frame Format (2) Network Management Vector The message ID is an application determinable number that identifies the contents of the data segment Slide 65 FlexRay Configurations Slide 66 33

FlexRay Communication Cycle Slide 67 Static Part Characteristics (1) Slide 68 34

Static Part Characteristics (2) Slide 69 Dynamic Part Minislotting (1) Slide 70 35

Dynamic Part Minislotting (2) Slide 71 Dynamic Characteristics (1) Slide 72 36

Dynamic Characteristics (2) Slide 73 Start-Up For each configuration the start-up of the communication network has to be possible as soon as two nodes are able to communicate The integration of controllers that are powered on later must not disturb the start-up procedure or normal operation of the other nodes The communication network must be operational after 100 ms No reliance on collision detection Static/Mixed Startup, reintegration etc. must be fault tolerant against: Temporary/permanent failure of controllers, channels or frames Dynamic Master sends SOC (Start of cycle) Slide 74 37

Clock Synchronisation In a pure dynamic mode a master sends a SOC In static mode: The clock synchronization mechanism must be able to keep all fault-free controllers within the precision. A clock synchronization precision within the different controllers of better than 1 microsecond is required The absolute value of the global time must be the same at every controller The start node determines the value of the global time The cycle time is a counter incremented in units of macro ticks The cycle time is reset to 0 at the beginning of each communication cycle The synchronization algorithm uses FTM (Fault Tolerant Midpoint) algorithm External synchronization must be supported (e.g. GPS) Slide 75 FlexRay Communication Controller http://www.semiconductors.bosch.de/de/20/flexray/flexray.asp Slide 76 38

E-Ray FlexRay Controller Block Diagram PRT A: Protocol Controller (Protocol Finit State Machine) TBF A: Transient Buffer RAM IBF: Input Buffer OBF: Output Buffer Source: www.bosch.de Slide 77 Summary TTP is currently the most mature technology is used in commercial safety critical systems aerospace and industrial applications TTP allows only static (synchronous) defined communication TTP is supported by the TTA framework FlexRay seems to win in the automotive market FlexRay supports both static and dynamic communication Slide 78 39

References (FlexRay) [FlexRay2002] FlexRay Requirements Specification, Version 2.0.2, 9-april-2002 [FlexRay2005] FlexRay Communications System, Protocol Specification Version 2.1, 12-may-2005 [FlexRay] FlexRay Consortium home page: www.flexray-group.com Slide 79 References (TTA/TTP) [TTP2003] Time-Triggered Protocol TTP/C High-Level Specification Document, Protocol Version 1.1, 19-nov-2003, TTTech & TTA Group [ViennaUnivesity] Real-Time Systems Research Group at the Vienna University of Technology, http://www.vmars.tuwien.ac.at [TTA Group] TTA Group Forum (the open industry consortium for timetriggered systems today), http://www.ttagroup.org/ [TTTech] TTTech Computertechnik AG, supplier of technology in the field of time-triggered systems and TTP (Time-Triggered Protocol), http://www.tttech.com/ [Kopetz97] Real-Time Systems Design Principles for Distributed Embedded Applications, Hermann Kopetz, Technische Universität Wien, Kluwer Academic Publishers, 1997, ISBN 0-7923-9894-7 Slide 80 40