Extensible FlexRay communication controller for FPGA-based automotive systems

Modern vehicles incorporate an increasing number of distributed compute nodes, resulting in the need for faster and more reliable in-vehicle networks. Time-triggered protocols such as FlexRay have been gaining ground as the standard for high-speed reliable communications in the automotive industry, marking a shift away from the event-triggered medium access used in controller area networks (CANs). These new standards enable the higher levels of determinism and reliability demanded from next-generation safety-critical applications. Advanced applications can benefit from tight coupling of the embedded computing units with the communication interface, thereby providing functionality beyond the FlexRay standard. Such an approach is highly suited to implementation on reconfigurable architectures. This paper describes a field-programmable gate array (FPGA)-based communication controller (CC) that features configurable extensions to provide functionality that is unavailable with standard implementations or off-the-shelf devices. It is implemented and verified on a Xilinx Spartan 6 FPGA, integrated with both a logic-based hardware ECU and a fully fledged processor-based electronic control unit (ECU). Results show that the platform-centric implementation generates a highly efficient core in terms of power, performance, and resource utilization. We demonstrate that the flexible extensions help enable advanced applications that integrate features such as fault tolerance, timeliness, and security, with practical case studies. This tight integration between the controller, computational functions, and flexible extensions on the controller enables enhancements that open the door for exciting applications in future vehicles

A framework and methods for on-board network level fault diagnostics in automobiles

A significant number of electronic control units (ECUs) are nowadays networked in automotive vehicles to help achieve advanced vehicle control and eliminate bulky electrical wiring. This, however, inevitably leads to increased complexity in vehicle fault diagnostics. Traditional off-board fault diagnostics and repair at service centres, by using only diagnostic trouble codes logged by conventional onboard diagnostics, can become unwieldy especially when dealing with intermittent faults in complex networked electronic systems. This can result in inaccurate and time consuming diagnostics due to lack of real-time fault information of the interaction among ECUs in the network-wide perspective. This thesis proposes a new framework for on-board knowledge-based diagnostics focusing on network level faults, and presents an implementation of a real-time in-vehicle network diagnostic system, using case-based reasoning. A newly developed fault detection technique and the results from several practical experiments with the diagnostic system using a network simulation tool, a hardware- in-the- loop simulator, a disturbance simulator, simulated ECUs and real ECUs networked on a test rig are also presented. The results show that the new vehicle diagnostics scheme, based on the proposed new framework, can provide more real-time network level diagnostic data, and more detailed and self-explanatory diagnostic outcomes. This new system can provide increased diagnostic capability when compared with conventional diagnostic methods in terms of detecting message communication faults. In particular, the underlying incipient network problems that are ignored by the conventional on-board diagnostics are picked up for thorough fault diagnostics and prognostics which can be carried out by a whole-vehicle fault management system, contributing to the further development of intelligent and fault-tolerant vehicles

Recovery Time Considerations in Real-Time Systems Employing Software Fault Tolerance

Safety-critical real-time systems like modern automobiles with advanced driving-assist features must employ redundancy for crucial software tasks to tolerate permanent crash faults. This redundancy can be achieved by using techniques like active replication or the primary-backup approach. In such systems, the recovery time which is the amount of time it takes for a redundant task to take over execution on the failure of a primary task becomes a very important design parameter. The recovery time for a given task depends on various factors like task allocation, primary and redundant task priorities, system load and the scheduling policy. Each task can also have a different recovery time requirement (RTR). For example, in automobiles with automated driving features, safety-critical tasks like perception and steering control have strict RTRs, whereas such requirements are more relaxed in the case of tasks like heating control and mission planning. In this paper, we analyze the recovery time for software tasks in a real-time system employing Rate-Monotonic Scheduling (RMS). We derive bounds on the recovery times for different redundant task options and propose techniques to determine the redundant-task type for a task to satisfy its RTR. We also address the fault-tolerant task allocation problem, with the additional constraint of satisfying the RTR of each task in the system. Given that the problem of assigning tasks to processors is a well-known NP-hard bin-packing problem we propose computationally-efficient heuristics to find a feasible allocation of tasks and their redundant copies. We also apply the simulated annealing method to the fault-tolerant task allocation problem with RTR constraints and compare against our heuristics

A Survey on vehicular communication technologies

Nowadays it is common for vehicles to be equipped, not only with huge computing power, but also with great communication capabilities, materialized in multiple and various wired and wireless interfaces. This paper surveys the most common inter and intra vehicle technologies. First, an introduction to Intelligent Transportation Systems and Vehicle Communication Systems is presented. Then, the technologies usually found in vehicles are characterized in detail - their advantages and flaws regarding particular communication scenarios are also discussed. Finally, the paper concludes with a mapping between potential wireless communication technologies for the different types of ITS applications.This work has been supported by COMPETE: POCI-01-0145-FEDER-007043 and FCT - Fundação para a Ciência e Tecnologia ˆ within the Project Scope: UID/CEC/00319/201

Reference Avionics Architecture for Lunar Surface Systems

Developing and delivering infrastructure capable of supporting long-term manned operations to the lunar surface has been a primary objective of the Constellation Program in the Exploration Systems Mission Directorate. Several concepts have been developed related to development and deployment lunar exploration vehicles and assets that provide critical functionality such as transportation, habitation, and communication, to name a few. Together, these systems perform complex safety-critical functions, largely dependent on avionics for control and behavior of system functions. These functions are implemented using interchangeable, modular avionics designed for lunar transit and lunar surface deployment. Systems are optimized towards reuse and commonality of form and interface and can be configured via software or component integration for special purpose applications. There are two core concepts in the reference avionics architecture described in this report. The first concept uses distributed, smart systems to manage complexity, simplify integration, and facilitate commonality. The second core concept is to employ extensive commonality between elements and subsystems. These two concepts are used in the context of developing reference designs for many lunar surface exploration vehicles and elements. These concepts are repeated constantly as architectural patterns in a conceptual architectural framework. This report describes the use of these architectural patterns in a reference avionics architecture for Lunar surface systems elements

Fault Tolerant Services for Safe In-Car Embedded Systems

http://www.taylorandfrancis.com/Due to the increasing criticality of the functions in terms of safety, embedded automotive systems must now respect stringent dependability constraints despite the faults that may occur in a very harsh environment. In a context where critical functions are distributed over the network, the communication system plays a major role. First, we discuss the main services and functionalities that a communication system should offer for easying the design of fault-tolerant applications in the automotive context. Then, we review the features of the protocols that are currently considered for being used and, finally, we highlight areas where developments are still needed

Estudo do impacto de transientes elétricos em protocolos de comunicação em sistemas embarcados

O aumento da complexidade e responsabilidade dos dispositivos embarcados nos veículos hoje, tem orientado os esforços no desenvolvimento de sistemas de controle para que estes sejam mais rápidos, precisos, robustos e principamente seguros. Com isso, estes dispositivos estão levando os protocolos de comunicação a um patamar inédito de exigência, tanto no quesito de capacidade como confiabilidade. Protocolos como CAN, CAN-FD e FlexRay entre outros, tem sido utilizados devido às suas características de segurança e a capacidade de atender aos requisitos temporais dos diversos circuitos embarcados. O desenvolvimento e utilização cada vez mais frequente de dispositivos focados em segurança, fazem com que a comunicação entre os diversos componentes destes dispositivos seja exigida ao máximo, levando à necessidade de respostas confiáveis ao extremo. Sistemas como freios ABS, suspensão ativa, frenagem autonoma de emergência, controle de velocidade e distância adaptativo, entre outros, que envolvem várias ECUs distribuídas ao longo do veículo, dispões de frações de segundo para a reação do sistema, entre o sinal de entrada e a atuação correspondente, demandando uma comunicação segura e tolerante à falhas. Os veículos hoje estão passando por grandes mudanças conceituais, trazendo cada vez mais elementos onde o funcionamento demanda mais energia das fontes de alimentação. Diversos sistemas existentes nos veículos geram ruídos como os Transientes Elétricos Rápidos, ou "Electric Fast Transient" (EFT), que estão presentes nas mais simples operações cotidianas do veículo, como ligar e desligar o farol, o ar condicionado, o limpador de para brisas, ou mesmo o acionamento de iluminação diurna (DRL), etc. Neste trabalho foram realizados diversos ensaios, utilizando ECUs com diferentes funções e protocolos, para identificar a susceptibilidade dos referidos sistemas e os protocolos à presença destes ruídos. Visando atender às normas IEC 62228 e a ISO26262, este trabalho demandou o projeto e construção de dois circuitos eletrônicos diferentes, um circuito observando os dados de tempos de subida e de descida (rise and fall time) dos pulsos de EFT, e outro observando a arquitetura do layout da placa de circuito impresso (PCB), as suas entradas, saídas, componentes, etc. Estes ensaios visaram identificar o quanto estes protocolos são suscetíveis à estes tipos de ruídos, utilizando métricas de análise baseadas nos tempos de latência e variação de jitter dos pacotes de comunicação.The increasing complexity and accountability of embedded devices in vehicles today has driven efforts to develop control systems to make them faster, accuratest, safest, robustest. Thus, these devices are taking communication protocols to an unprecedented level of demand, both in terms of capacity and reliability. Protocols such as CAN, CANFD and FlexRay among others have been used due to their safety characteristics and the ability to meet the time requirements of various embedded circuits. The increasing development and use of safety-focused devices, means that communication between the various components of these devices is required to the utmost, leading to the need for extremely reliable responses. Systems such as ABS brakes, active suspension, autonomous emergency braking, adaptative cruise control, among others, which involve various ECUs distributed throughout the vehicle, have milliseconds for system reaction, between input signal and concrete actuation, requiring safe and failure tolerant communication. Vehicles today are undergoing major conceptual changes, bringing more and more elements whose operation require more energy from power supplies. These systems generate noise such as "Electric Fast Transient" (EFT), which are present in the simplest daily operations of the vehicle, such as turning the headlight on, the air conditioner, the windscreen wiper, or even the daytime running light (DRL), etc. In this work several tests were carried out, using different ECUs with different functions and different protocols to identify the susceptibility of these systems and the protocols to these noises. In order to comply with IEC 62228 and ISO 26262 standards, this work required the design and construction of two different electronic circuits, one circuit observing the rise and fall time data of the EFT pulses, and the other observing the architecture of the printed circuit board (PCB) layout, its inputs and outputs, components, etc. These tests aimed to identify how susceptible these protocols are to these types of noise, using analysis metrics based on latency time and jitter variation of communication packets

An Optimization Based Design for Integrated Dependable Real-Time Embedded Systems

Moving from the traditional federated design paradigm, integration of mixedcriticality software components onto common computing platforms is increasingly being adopted by automotive, avionics and the control industry. This method faces new challenges such as the integration of varied functionalities (dependability, responsiveness, power consumption, etc.) under platform resource constraints and the prevention of error propagation. Based on model driven architecture and platform based design’s principles, we present a systematic mapping process for such integration adhering a transformation based design methodology. Our aim is to convert/transform initial platform independent application specifications into post integration platform specific models. In this paper, a heuristic based resource allocation approach is depicted for the consolidated mapping of safety critical and non-safety critical applications onto a common computing platform meeting particularly dependability/fault-tolerance and real-time requirements. We develop a supporting tool suite for the proposed framework, where VIATRA (VIsual Automated model TRAnsformations) is used as a transformation tool at different design steps. We validate the process and provide experimental results to show the effectiveness, performance and robustness of the approach