Real-Time Systems III. Alan Burns University of York, UK

Similar documents
Distributed Real-Time Systems (TI-DRTS) Track 2. CAN-BUS Introduction. Version Ref. VECTOR application note & Motorola note

Welcome to the Introduction to Controller Area Network web seminar My name is William Stuart, and I am a Applications Engineer for the Automotive

Comparison of FlexRay and CAN-bus for Real-Time Communication

Understanding SAE J1939. by Simma Software, Inc.

Bluetooth in Automotive Applications Lars-Berno Fredriksson, KVASER AB

Data Exchange On The CAN Bus I

Introduction to RACE FUELS Hans-Christian von der Wense Munich, Germany

Local Interconnect Network Training. Local Interconnect Network Training. Overview

Elettronica dei Sistemi Digitali Costantino Giaconia SERIAL I/O COMMON PROTOCOLS

Introduction to. LIN (Local Interconnect Network)

In-Vehicle Networking

LOCAL INTERCONNECT NETWORK (LIN)

LIN (Local Interconnect Network):

Microcomputer Protocol Implementation at Local Interconnect Network Georgi Krastev

In-Vehicle Networking

Tutorial.

FlexRay A Communications Network for Automotive Control Systems

Automotive Communication Network Trends

DeviceNet Communication Manual

Vehicle data acquisition using CAN By Henning Olsson, OptimumG

Direct Link Networks. Introduction. Physical Properties. Lecture - Ethernet 1. Areas for Discussion. Ethernet (Section 2.6)

Introduction. In this Self-study Programme we will explain to you the design and function of the CAN data bus. SSP 186/01

Road Vehicles - Diagnostic Systems

Bus Data Acquisition and Remote Monitoring System Using Gsm & Can

AUTOMOTIVE FIELDBUS TECHNOLOGY: DEVELOPMENT TOOLS AND ELECTRONIC EQUIPMENT FOR LABORATORY PRACTICES

Vorlesung Kommunikationsnetze Fieldbus Systems

174: Scheduling Systems. Emil Michta University of Zielona Gora, Zielona Gora, Poland 1 TIMING ANALYSIS IN NETWORKED MEASUREMENT CONTROL SYSTEMS

The SAE J1939 Communications Network

In-Vehicle Computer Networks

2.1 CAN Bit Structure The Nominal Bit Rate of the network is uniform throughout the network and is given by:

Real-Time Systems Hermann Härtig Real-Time Communication (following Kopetz, Liu, Schönberg, Löser)

Automotive electronics CAN and LIN buses. Copyright 2006 Matrix Multimedia Limited

The Impact of Network Topologies on the Performance of the In-Vehicle Network

CAN: Controller Area Network Introduction and Primer by Robert Boys

PEMS Conference. Acquiring Data from In-Vehicle Networks. Rick Walter, P.E. HEM Data Corporation

In-Vehicular Communication Networking Protocol

Service Manual Trucks

HOW TO TEST 10 GIGABIT ETHERNET PERFORMANCE

M.S Ramaiah School of Advanced Studies - Bangalore. On completion of this session, the delegate will understand and be able to appriciate:

4. Fixed-Priority Scheduling

INSTRUMENT PANEL Volvo 850 DESCRIPTION & OPERATION ACCESSORIES & EQUIPMENT Volvo Instrument Panels

Testing and Assessment Protocol Release 2.0. Programme Manager Dipl.-Ing. (FH) Sonja Schmidt ADAC Technik Zentrum

How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles

Do AUTOSAR and functional safety rule each other out?

Implementing the J1850 Protocol

Performance Testing BroadR-Reach Automotive Ethernet

Overview of European 2010 Release

RTT 60.5 msec receiver window size: 32 KB

Tutorial Introduction

Adaptive Cruise Control System Overview

A Dynamic Link Allocation Router

Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication

Protocols for Wired and Wireless Networks in Vehicle Systems

Development of Scalable CAN Protocol

ELEC 5260/6260/6266 Embedded Computing Systems

NETWORKS Controller Area Network (CAN)

Electronically Controlled Air Suspension (ECAS) for Trucks

CAN Bus Based Monitoring and Fault Diagnosis System for Wind Turbines

Local Area Networks transmission system private speedy and secure kilometres shared transmission medium hardware & software

The I2C Bus. NXP Semiconductors: UM10204 I2C-bus specification and user manual HAW - Arduino 1

Selecting the Optimum PCI Express Clock Source

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

Virtual scheduling for compositional real-time guarantees

Octavia (1U) 17-Dashboard up to 00 identification Octavia (1U) 17-Dashboard up to Coding Octavia (1U) 17-Dashboard up to Adaptation

LIN. Specification Package. Revision 2.0. This specification is provided on an "AS IS" basis only and cannot be the basis for any claims.

ZigBee Technology Overview

AN141 SMBUS COMMUNICATION FOR SMALL FORM FACTOR DEVICE FAMILIES. 1. Introduction. 2. Overview of the SMBus Specification. 2.1.

OSI Layers in Automotive Networks

Analogue Input, 4-fold, MDRC AE/S 4.1, GH Q R0001

Latency on a Switched Ethernet Network

Testing for the Unexpected: An Automated Method of Injecting Faults for Engine Management Development

ISO11783 a Standardized Tractor Implement Interface

USB-Link 2 Installation and Setup Manual

Implementing MOD bus and CAN bus Protocol Conversion Interface

LOW COST AUTOMOTIVE NETWORKS. Local Interconnect Network (LIN)

MOST150 The Next Generation Automotive Infotainment Backbone. Harald Kohler, SMSC Automotive Infotainment Systems

Ethernet. Ethernet Frame Structure. Ethernet Frame Structure (more) Ethernet: uses CSMA/CD

CAN Specification 2.0, Part B page 1 PART B. CAN in Automation, Am Weichselgarten 26, D Erlangen

Partition Scheduling in APEX Runtime Environment for Embedded Avionics Software

SPI I2C LIN Ethernet. u Today: Wired embedded networks. u Next lecture: CAN bus u Then: wireless embedded network

TD-03011E. Identifier Usage in CANopen Networks

CAN BUS UTILITY VW ACTIVE MSY

Basic Multiplexing models. Computer Networks - Vassilis Tsaoussidis

Electric Landing Gear controllers and sequencer LGC12 / LGC 13C

It explains the differences between the Plesiochronous Digital Hierarchy and the Synchronous Digital Hierarchy.

Real-Time (Paradigms) (70)

Serial Communications

Predictable response times in event-driven real-time systems

In networking ECUs in heavy-duty vehicles, it is the J1939 protocol that. plays a key role. J1939 networks are based on the CAN bus (high-speed

A Security Evaluation and Internal Penetration Testing Of the CAN-bus

EnOcean Radio Protocol 2. September 26, 2013 SPECIFICATION V1.0. Subject to modifications EnOcean Radio Protocol 2 V1.0 Page 1/19

KIBES Body and Chassis Control. Multiplex system for commercial vehicles.

HomeLink. Take advantage of our service. Operating Instructions and. Programming g Guidelines. Hotline:

Module 5. Broadcast Communication Networks. Version 2 CSE IIT, Kharagpur

OIL PRESS 71.8 PSI FUEL. Cloud based, diagnostic, engine monitoring and reporting system.

Chapter 4. Medium Access Control. IN2P3 Octobre 2002 Jean-Pierre Thomesse

Real-Time (Paradigms) (51)

DAB Digital Radio Broadcasting. Dr. Campanella Michele

Computer Network. Interconnected collection of autonomous computers that are able to exchange information

Installation instruction Multimedia socket MEDIA - IN

Transcription:

Real-Time Systems III Alan Burns University of York, UK

Hot Topics Multiprocessor systems Multi-resource scheduling Soc & NoC Probabilistic analysis Hierarchical scheduling Non-preemptive and safety-critical system 2

Controller Area Network (CAN) Schedulability Analysis: Refuted, Revisited and Revised Research by: Robert Davis, Alan Burns (University of York) Reinder Bril, Johan Lukkien (Technische Universiteit Eindhoven) Published Real-Time Systems Journal, Vol 35, No 3, pp 239--272 2007

CAN History Controller Area Network (CAN) Simple, robust and efficient serial communications bus for in-vehicle networks Developed by Starting in 1983 presented at SAE in 1986 Standardised by ISO in 1993 (11898) First CAN controller chips Intel (82526) and Philips (82C200) in 1987 First production car using CAN 1991 Mercedes S-class (W140) 4

Multiplex v. Point-to-point Wiring Traditional point-to-point wiring Early 1990s an average luxury car had: 30Kg wiring harness > 1km of copper wire > 300 connectors, 2000 terminals, 1500 wires Expensive to manufacture, install and maintain Example: Door system with 50+ wires Multiplex approach (e.g. CAN) Massive reduction in wiring costs Example: Door system reduced to just 4 wires Small added cost of CAN controllers, transceivers etc. Reduced as CAN devices became on-chip peripherals 5

Increase in Complexity of Automotive Electronics Number of Networked Electronic Control Units (ECUs) per Vehicle 50 Number of ECUs 45 40 35 30 25 20 15 10 5 0 S-class 8 Series 7 Series 5 Series 3 Series 7 Series E-class E-class C-class S-class S80 Golf 4 A6 A2 Phaeton 7 Series A6 XC90 Golf 5 A4 Polo Passat Passat BMW Mercedes Audi VW Volvo 1987 1989 1991 1993 1995 1997 1999 2001 2003 2005 6

Widespread use of CAN in Automotive Other European manufacturers quickly followed Mercedes lead in using CAN By 2004 15 different silicon vendors manufacturing over 50 different microprocessor families with on chip CAN capability Analogue Devices, Atmel, Cygnal, Fujitsu, Infineon, Maxim formally Dallas, Microchip, Mitsubishi, Motorola, NEC, Phillips, Renesas, Siemens, Silicon Laboratories, and STMicroelectronics Today Almost every new car sold in Europe has at least one CAN bus By 2008 EPA will make CAN mandatory for cars and light trucks sold in the US 7

CAN Node Sales Million units 400 350 300 250 200 150 32-bit 16-bit 8-bit stand alone CAN node sales Sales of microprocessors with on chip CAN capability increased from under 50 million in 1999 to over 340 million in 2003 100 50 0 1999 2000 2001 2002 2003 Year 8

CAN in Automotive CAN typically used to provide High speed (500 Kbit/sec) network connecting chassis and power train ECUs E.g. transmission control, engine management, ABS etc. Low speed (100-125 Kbit/sec) network(s) connecting body and comfort electronics E.g. door modules, seat modules, climate control etc. Data required by ECUs on different networks typically gatewayed between them via a powerful microprocessor connected to both 9

Volvo XC90 Network Architecture Volvo XC90 (2001) 500 Kbit/sec CAN bus for power train 125 Kbit/sec CAN bus for body electronics MOST (infotainment system) 10

Information on CAN CAN used to communicate signals between ECUs Signals typically range from 1 to 16-bits of information wheel speeds, oil and water temperature, battery voltage, engine rpm, gear selection, accelerator position, dashboard switch positions, climate control settings, window switch positions, fault codes, diagnostic information etc. > 2,500 signals in a high-end vehicle Multiple signals piggybacked into CAN messages to reduce overhead Real-time constraints on signal transmission End-to-end deadlines in the range 10ms 1sec Example LED brake lights 11

CAN Protocol: Data Frame Format Start of frame (synchronisation) Identifier determines priority for access to bus (11-bit or 29-bit) Control field (Data length code) 0-8 bytes useful data 15-bit CRC Acknowledgement field End of frame marker Inter-frame space (3 bits) 12

CAN Protocol CAN is a multi-master CSMA/CR serial bus Collision resolution is based on priority CAN physical layer supports two states: 0 dominant, 1 recessive Message transmission CAN nodes wait for bus idle before starting transmission Synchronise on the SOF bit ( 0 ) Each node starts to transmit the identifier for its highest priority (lowest identifier value) ready message If a node transmits 1 and sees 0 on the bus, then it stops transmitting (lost arbitration) Node that completes transmission of its identifier continues with remainder of its message (wins arbitration) Unique identifiers ensure all other nodes have backed off 13

CAN Protocol: Message Arbitration Message arbitration based on priority Identifiers 11001000110 11011000111 11001000101 11001000101 14

Schedulability Analysis CAN resembles single processor fixed priority non-pre-emptive scheduling Messages compete for access to the bus based on priority Effectively a global queue with transmission in priority order Once a message starts transmission it cannot be pre-empted Schedulability Analysis for CAN Derived at York in 1994 from earlier work on fixed priority preemptive scheduling Calculates worst-case response times of all CAN messages Used to check if all CAN messages meet their deadlines in the worst-case Possible to engineer CAN based systems for timing correctness, rather than test and hope 15

Schedulability Analysis Schedulability analysis for CAN Seminal research, appeared in conference proceedings, journal papers, tutorials etc. Referenced in over 200 subsequent research papers Lead to 2 PhD Theses In 1995 recognised by Volvo Car Corporation Used in the development of the Volvo S80 (P23) Enabled increases in network utilisation from 30-40% to >80% Formed basis of commercial CAN analysis products Used by many Automotive manufacturers who have built millions of cars with networks analysed using these techniques 16

Unfortunately The original schedulability analysis for CAN is seriously flawed 17

Schedulability Analysis: Model T m J m w m C m Initiating event Message queued ready to transmit D m R m Transmission starts Transmission completes Each CAN message has a: Unique priority m (identifier) Maximum transmission time C m Minimum inter-arrival time or period T m Compute: Worst-case queuing delay w m Worst-case response time R m = J m +w m +C m Compare with deadline Deadline D m <=T m Maximum queuing jitter J m 18

Schedulability Analysis: TX Time Maximum transmission time Bit stuffing Bit patterns 000000 and 111111 used to signal errors Transmitter insert 0s and 1s to avoid 6 consecutive bits of same polarity in messages Increases transmission time of message 11-bit identifiers: 29-bit identifiers: C C = ( 55 + 10 m s m = ( 80 + 10 m s m ) τ ) τ bit bit 19

Schedulability Analysis: Equations Blocking Queuing delay Response time B m = max ( C ) k k lp( m) n n+ 1 wm + J k + τ bit wm = B m + T k hp( m) k R = J + w + m m m C m C k Initiating events for message k J k T k T k Message k queued B m C k C k C k C m Initiating event for message m J m w m R m 20

Schedulability Analysis: Example 125 Kbit/s bus 11-bit identifiers 3 messages with 7 data bytes each, max. 125 bits including bit stuffing Message Priority Period Deadline TX Time R A B C 1 2.5ms 2.5ms 1ms 2 3.5ms 3.25ms 1ms 3 3.5ms 3.25ms 1ms 2ms 3ms 3ms 21

Response time of message C R c =3 R c =3.5 A B C A B A C 0 1 2 3 4 5 6 7 t=0ms t=2.5ms t=3.5ms t=5ms t=6.75ms Messages A,B,C queued Message A queued Messages B and C queued Message A queued Message C misses its deadline Existing schedulability analysis gives an optimistic response time for message C: 3ms v. 3.5ms Message C misses its deadline on the 2 nd invocation 22

Schedulability Analysis: Example Message Priority Period Deadline TX Time R A 1 2.5ms 2.5ms 1ms 2ms B 2 3.5ms 3.25ms 1ms 3ms C 3 3.5ms 3.25ms 1ms 3ms If the periods of messages B and C were also 3.25ms Existing analysis would result in the same response times implying a schedulable system with a total utilisation of 102%! 23

What is the flaw in the existing analysis? R c =3 A B C 0 1 2 3 A Response time of 1 st invocation of message C is 3ms - less than its period (and deadline) B A C 4 5 6 7 BUT transmission of message C is non-pre-emptive and blocks message A, pushing extra interference into next period of C Busy period at priority of message C does NOT end with transmission of message C Busy period ends here. Must examine all invocations of message C in the busy period to find WCRT 24

Revised Schedulability Analysis Find length of longest busy period for message m. (Busy period includes all invocations of message m and higher priority messages queued strictly before the end of the busy period) n n tm J + 1 + k tm = Bm + C k T k hp( m) m k Starts with 0 t m = C m Number of invocations of message m ready before end of busy period tm + J m Qm = Tm 25

Revised Schedulability Analysis For each invocation q (q = 0 to Q m 1) in the busy period, compute the longest time from the start of the busy period to that invocation of message m starting transmission: w n+ 1 m ( q) = B m + qc k hp( m) Response time of invocation q of message m: m + n wm + J k + τ Tk bit C k R ( q) = J + w ( q) qt + m m m m C m Worst-case response time of message m: R m = max q= 0.. Q m 1 ( R m ( q)) 26

Example Revisited Message Priority Period Deadline TX Time A B C 1 2.5ms 2.5ms 1ms 2 3.5ms 3.25ms 1ms 3 3.5ms 3.25ms 1ms Message A B C Busy period Q R(0) R(1) R max 2ms 1 2ms - 5ms 2 3ms 1.5ms 7ms 2 3ms 3.5ms 2ms 3ms 3.5ms 27

When does existing analysis fail? Can the existing analysis give faulty guarantees to messages of any priority? 1 st and 2 nd highest priority messages ok 3 rd and lower can get faulty guarantees If the bus utilization is low, can the existing analysis still result in optimistic response times? Yes Number of messages Breakdown Utilisation 5 21.4% 10 9.2% 25 3.4% 100 0.82% 28

When does existing analysis fail? Do error models give sufficient margin for error to account for flaws in the analysis? Yes: If a system is deemed schedulable by the existing analysis, including a reasonable error model, then it is actually schedulable when there are no errors on the bus Does the omission of maximum length diagnostic messages during normal operation mean that the deadlines of the remaining messages will be met? Yes: other messages will meet their deadlines. In normal operation, with no diagnostic messages, there can be no problem due to the flawed analysis 29

When does existing analysis fail? Which message guarantees can we be sure are not at risk? Messages where there exists at least one lower priority message with the same or longer transmission time are not at risk If all messages are the same length, then only the lowest priority message is at risk 30

Impact on deployed CAN systems Will your car still work? Typical systems have 8 data byte diagnostic messages: no problems in normal operation Analysis used allows for errors: no issues when errors not present Typically all messages have 8 data bytes: only lowest priority message could be affected Deadline failures require worst-case phasing, worst-case bit stuffing and errors on the bus: very low probability of occurrence Systems designed to be resilient to some messages missing their deadlines and simpler problems such as intermittent wiring faults 31

Commercial CAN Analysis Tools Volcano Network Architect Commercial CAN schedulability analysis product from Volcano Communications Technologies Uses a simple sufficient schedulability test, assuming maximum blocking factor irrespective of message priorities / number of data bytes w + n n+ 1 MAX wm + J k τ bit m = B + T k hp( m) k Pessimistic but correct upper bound on message worst-case response times Used to analyse CAN systems for Volvo S80, S/V/XC 70, S40, V50, XC90 and many other cars from other manufacturers Over 20 million cars with an average 20 ECUs each developed using Volcano technology C k 32

Technical report and Paper Technical Report Controller Area Network (CAN) Schedulability analysis, refuted, revisited and revised Department of Computer Science Technical Report YCS-2006-408, University of York, August 2006 www.cs.york.ac.uk/ftpdir/reports/ycs-2006-408.pdf Paper published in Journal of Real-Time Systems 33

Conclusions Real-time systems are everywhere Scheduling analysis is necessary to build these systems Fixed priority dispatching and responsetime analysis (RTA) is a mature engineering approach, but Errors are still possible 34

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information