Flexibility in dependable real-time communication

THE ROLE OF THE COMMUNICATIONS BUS is fundamental in distributed real-time control systems. Such systems are increasingly used for critical functions in avionics, automotive and factory control situations, placing increased dependability and real-time constraints on the bus. Environmental influences such as electromagnetic interference are hard to avoid so a “flexible” bus may be able to provide active fault tolerance. However its effects on reliability and timeliness are difficult to predict. This thesis contends that guaranteeing to meet all deadlines in communication is not only impractical, but often impossible, due to the unpredictability of environmental interference, no matter which type of electrical bus is used. However, many applications are capable of safe operation if a small number of communication deadlines are missed. In such systems, an analysable and reliable system can be achieved through the use of flexible fault tolerance. Using CAN (a widely used bus protocol) as a basis, this thesis first shows how weakly-hard analysis (which considers timing behaviour over a number of invocations) can be applied to flexible bus scheduling. This allows consideration of more than just the worst case scenario, leading to analysable and predictable behaviour under severe environmental conditions. A second form of analysis based on a probabilistic fault model is used to provide accurate probabilities of failure, providing the facility to explore system behaviour analytically for fault scenarios which exceed normal behaviour. Finally, a simple extension to the CAN protocol, TCAN (Timely-CAN), is proposed which enforces timely recovery from faults by only using CAN message retransmission where it is useful to do so without imposing further delays on the bus. Hence the flexibility of CAN is exploited to provide fault tolerance, and both timeliness and predictability are achieved.

[1]  José Rufino,et al.  Fault-tolerant clock synchronization in CAN , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[2]  M. Rahnema,et al.  Overview of the GSM system and protocol architecture , 1993, IEEE Communications Magazine.

[3]  Holger Dipl Ing Hilmer,et al.  A fault-tolerant communication architecture for real-time control systems , 1997, Proceedings 1997 IEEE International Workshop on Factory Communication Systems. WFCS'97.

[4]  Alan Burns,et al.  GUARANTEED MESSAGE LATENCIES FOR DISTRIBUTED SAFETY-CRITICAL HARD REAL-TIME CONTROL NETWORKS1 , 1994 .

[5]  Florian Hartwich,et al.  CAN Network with Time Triggered Communication , 2000 .

[6]  Anton Cervin Analyzing of the Effects of Missed Deadlines in Control Systems , 2001 .

[7]  Yeqiong Song,et al.  Worst-case deadline failure probability in real-time applications distributed over controller area network , 2000, J. Syst. Archit..

[8]  J. L. Norman Violette,et al.  An Introduction to Electromagnetic Compatibility , 1987 .

[9]  Alan Burns,et al.  Weakly hard real-time constraints on controller area network , 2002, Proceedings 14th Euromicro Conference on Real-Time Systems. Euromicro RTS 2002.

[10]  Thomas Nolte,et al.  Using bit-stuffing distributions in CAN analysis , 2001 .

[11]  Peter Boait,et al.  Open Systems Interconnection , 1988 .

[12]  John P. Lehoczky,et al.  The rate monotonic scheduling algorithm: exact characterization and average case behavior , 1989, [1989] Proceedings. Real-Time Systems Symposium.

[13]  José Miró-Julià,et al.  MajorCAN: A Modification to the Controller Area Network Protocol to Achieve Atomic Broadcast , 2000, ICDCS Workshop on Group Communications and Computations.

[14]  José Rufino,et al.  Embedded platforms for distributed real-time computing: challenges and results , 1999, Proceedings 2nd IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC'99) (Cat. No.99-61702).

[15]  Jeffrey C. Mogul,et al.  Measured capacity of an Ethernet: myths and reality , 1988, CCRV.

[16]  Hermann Kopetz,et al.  The time-triggered model of computation , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[17]  Hermann Kopetz,et al.  Clock Synchronization in Distributed Real-Time Systems , 1987, IEEE Transactions on Computers.

[18]  Ian Broster,et al.  The Babbling Idiot in Event-triggered Real-time Systems , 2001 .

[19]  Peter B. Ladkin Electromagnetic Interference with Aircraft Systems: why worry? , 1997 .

[20]  L. Abeni,et al.  A new kernel approach for modular real-time systems development , 2001, Proceedings 13th Euromicro Conference on Real-Time Systems.

[21]  Tom Standage The Turk: The Life and Times of the Famous Eighteenth-Century Chess-Playing Machine , 2002 .

[22]  Francisco Vasques,et al.  Timing analysis of reliable real-time communication in CAN networks , 2001, Proceedings 13th Euromicro Conference on Real-Time Systems.

[23]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[24]  Flaviu Cristian,et al.  The Timed Asynchronous Distributed System Model , 1999, IEEE Trans. Parallel Distributed Syst..

[25]  Michael J. Muller,et al.  Requirements specification , 2002 .

[26]  Dm Johnson,et al.  Integrated Modular Avionics: A Scheme for Autonomous Dynamic System Reconfiguration , 1996 .

[27]  Eduardo Tovar,et al.  Integrating inaccessibility in response time analysis of CAN networks , 2000, 2000 IEEE International Workshop on Factory Communication Systems. Proceedings (Cat. No.00TH8531).

[28]  Michael González Harbour,et al.  POSIX-compatible application-defined scheduling in MaRTE OS , 2002, Proceedings 14th Euromicro Conference on Real-Time Systems. Euromicro RTS 2002.

[29]  Yeqiong Song,et al.  Validation of in-vehicle real-time applications , 2001, Comput. Ind..

[30]  Henrik Lönn,et al.  A comparison of fixed-priority and static cyclic scheduling for distributed automotive control applications , 1999, Proceedings of 11th Euromicro Conference on Real-Time Systems. Euromicro RTS'99.

[31]  M. Di Natale,et al.  Scheduling The Can Bus With Earliest Deadline Techniques , 2000, RTSS.

[32]  Guillem Bernat,et al.  Guaranteed on-line weakly-hard real-time systems , 2001, Proceedings 22nd IEEE Real-Time Systems Symposium (RTSS 2001) (Cat. No.01PR1420).

[33]  Kang G. Shin,et al.  Statistical real-time communication over Ethernet for manufacturing automation systems , 1999, Proceedings of the Fifth IEEE Real-Time Technology and Applications Symposium.

[34]  John A. Stankovic Strategic directions in real-time and embedded systems , 1996, CSUR.

[35]  Alan Burns,et al.  Calculating controller area network (can) message response times , 1994 .

[36]  Alan Burns,et al.  Probabilistic analysis of CAN with faults , 2002, 23rd IEEE Real-Time Systems Symposium, 2002. RTSS 2002..

[37]  Jörg Kaiser,et al.  EDF Consensus on CAN Bus Access for Dynamic Real-Time Applications , 1998, IPPS/SPDP Workshops.

[38]  C. D. Locke,et al.  Best-effort decision-making for real-time scheduling , 1986 .

[39]  Paolo Gai,et al.  The FTT-ethernet protocol: merging flexibility, timeliness and efficiency , 2002, Proceedings 14th Euromicro Conference on Real-Time Systems. Euromicro RTS 2002.

[40]  Alan Grigg,et al.  Timing analysis of the ARINC 629 databus for real-time applications , 1997, Microprocess. Microsystems.

[41]  Alan Burns,et al.  An analysable bus-guardian for event-triggered communication , 2003, RTSS 2003. 24th IEEE Real-Time Systems Symposium, 2003.

[42]  John Rushby,et al.  A Comparison of Bus Architectures for Safety-Critical Embedded Systems , 2003 .

[43]  Bruno Gaujal,et al.  Fault confinement mechanisms on CAN: analysis and improvements , 2005, IEEE Transactions on Vehicular Technology.

[44]  Li Ming,et al.  How hard is hard real-time communication on field-buses? , 1997, Proceedings of IEEE 27th International Symposium on Fault Tolerant Computing.

[45]  Donal Heffernan,et al.  Expanding Automotive Electronic Systems , 2002, Computer.

[46]  Julian Proenza,et al.  COTS-based hardware support to timeliness in CAN networks , 2003, EFTA 2003. 2003 IEEE Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.03TH8696).

[47]  Hermann Kopetz,et al.  Dependability: Basic Concepts and Terminology , 1992 .

[48]  Gerhard Fohler,et al.  Improving quality-of-control using flexible timing constraints: metric and scheduling , 2002, 23rd IEEE Real-Time Systems Symposium, 2002. RTSS 2002..

[49]  Wei Zhao,et al.  Hard real-time communication in multiple-access networks , 1995, Real-Time Systems.

[50]  T. Führer,et al.  Time Triggered Communication on CAN ( Time Triggered CAN-TTCAN ) , 2000 .

[51]  Andy J. Wellings,et al.  Analysing APEX applications , 1996, 17th IEEE Real-Time Systems Symposium.

[52]  Alan Burns,et al.  How to Verify a Safe Real-Time System: The Application of Model Checking and Timed Automata to the Production Cell Case Study* , 2003, Real-Time Systems.

[53]  Iain Bate,et al.  Establishing timing requirements and control attributes for control loops in real-time systems , 2003, 15th Euromicro Conference on Real-Time Systems, 2003. Proceedings..

[54]  Klaus Turski A global time system for CAN networks , 1994 .

[55]  Bruno Gaujal,et al.  Fault Confinement Mechanisms of the CAN Protocol : Analysis and Improvements , 2002 .

[56]  David Wright,et al.  Probabilistic scheduling guarantees for fault-tolerant real-time systems , 1999, Dependable Computing for Critical Applications 7.

[57]  Hermann Kopetz A solution to an automotive control system benchmark , 1994, 1994 Proceedings Real-Time Systems Symposium.

[58]  T J Wissing,et al.  DEVELOPMENT, EVALUATION, AND DEMONSTRATION OF A TRACTOR TRAILER INTELLIGENT COMMUNICATION AND POWER LINK , 1998 .

[59]  P. J. Prisaznuk,et al.  Integrated modular avionics , 1992, Proceedings of the IEEE 1992 National Aerospace and Electronics Conference@m_NAECON 1992.

[60]  Chung Laung Liu,et al.  Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment , 1989, JACM.

[61]  Kang G. Shin,et al.  Non-preemptive scheduling of messages on controller area network for real-time control applications , 1995, Proceedings Real-Time Technology and Applications Symposium.

[62]  José Rufino,et al.  A Columbus' egg idea for CAN media redundancy , 1999, Digest of Papers. Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing (Cat. No.99CB36352).

[63]  José Rufino,et al.  Fault-tolerant broadcasts in CAN , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[64]  Kang G. Shin,et al.  Scheduling messages on controller area network for real-time CIM applications , 1997, IEEE Trans. Robotics Autom..

[65]  R. Caponetto,et al.  Fuzzy traffic smoothing: an approach for real-time communication over Ethernet networks , 2002, 4th IEEE International Workshop on Factory Communication Systems.

[66]  Alan Burns,et al.  Weakly Hard Real-Time Systems , 2001, IEEE Trans. Computers.

[67]  Eduardo Tovar,et al.  Supporting real-time communications with standard factory-floor networks , 1999 .

[68]  Peter J. Fleming,et al.  A CANbus-based safety-critical distributed aeroengine control systems architecture demonstrator , 1999, Microprocess. Microsystems.

[69]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[70]  Hagbae Kim,et al.  Modeling of externally-induced/common-cause faults in fault-tolerant systems , 1994, AIAA/IEEE Digital Avionics Systems Conference. 13th DASC.

[71]  Astrom Computer Controlled Systems , 1990 .

[72]  Iain Bate,et al.  Establishing timing requirements for control loops in real-time systems , 2003, Microprocess. Microsystems.

[73]  Gerhard Fohler,et al.  Jitter compensation for real-time control systems , 2001, Proceedings 22nd IEEE Real-Time Systems Symposium (RTSS 2001) (Cat. No.01PR1420).

[74]  Jean Pierre Thomesse,et al.  A review of the fieldbuses , 1998 .

[75]  Neeraj Suri,et al.  Advances in ULTRA-Dependable Distributed Systems , 1994 .

[76]  A.L. Hopkins,et al.  FTMP—A highly reliable fault-tolerant multiprocess for aircraft , 1978, Proceedings of the IEEE.

[77]  Aloysius K. Mok,et al.  Safety analysis of timing properties in real-time systems , 1986, IEEE Transactions on Software Engineering.

[78]  I. Puaut,et al.  A Taxonomy of Clock Synchronization Algorithms , 1997 .

[79]  Jörg Kaiser,et al.  Invocation of real-time objects in a CAN bus-system , 1998, Proceedings First International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC '98).

[80]  Iain John Bate,et al.  Scheduling and timing analysis for safety critical real-time systems , 1998 .

[81]  David Wright,et al.  Some Conservative Stopping Rules for the Operational Testing of Safety-Critical Software , 1997, IEEE Trans. Software Eng..

[82]  Jörg Kaiser,et al.  Achieving Fault-Tolerant Ordered Broadcasts in CAN , 1999, EDCC.

[83]  G. Fohler,et al.  Minimising Sampling Jitter Degradation in Real-Time Control Systems , 2001 .

[84]  Thomas Nolte Reducing Pessimism and Increasing Flexibility in the Controller Area Network , 2003 .

[85]  Hermann Kopetz,et al.  Real-time systems , 2018, CSC '73.

[86]  Alan Burns,et al.  Hard Real-Time Scheduling: The Deadline-Monotonic Approach , 1991 .

[87]  Alan Burns,et al.  Timely use of the CAN protocol in critical hard real-time systems with faults , 2001, Proceedings 13th Euromicro Conference on Real-Time Systems.

[88]  Martin Gergeleit,et al.  Implementing a distributed high-resolution real-time clock using the CAN-bus , 1994 .

[89]  Paul Horowitz,et al.  The Art of Electronics , 1980 .

[90]  José Alberto Fonseca,et al.  FTT-CAN: A Network-Centric Approach for CAN-Based Distributed Systems , 2000 .

[91]  Holger Zeltwanger Failure detection and error handling in CAN-based networks , 1998 .

[92]  Glenn K. Manacher,et al.  Production and Stabilization of Real-Time Task Schedules , 1967, JACM.

[93]  Hans A. Hansson,et al.  Response time analysis under errors for CAN , 2000, Proceedings Sixth IEEE Real-Time Technology and Applications Symposium. RTAS 2000.

[94]  Matos Rufino,et al.  Computational System for Real-Time Distributed Control , 2002 .

[95]  Alan Burns,et al.  Applying new scheduling theory to static priority pre-emptive scheduling , 1993, Softw. Eng. J..

[96]  Boaz Patt,et al.  A theory of clock synchronization , 1994 .

[97]  Nancy G Leveson,et al.  Software safety: why, what, and how , 1986, CSUR.

[98]  Weijia Jia,et al.  Scheduling Hard and Soft Real-Time Communication in the Controller Area Network (CAN) , 1998 .

[99]  R. T. McLaughlin EMC Susceptibility Testing of a CAN Car , 1993 .

[100]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.

[101]  Petru Eles,et al.  Holistic scheduling and analysis of mixed time/event-triggered distributed embedded systems , 2002, Proceedings of the Tenth International Symposium on Hardware/Software Codesign. CODES 2002 (IEEE Cat. No.02TH8627).

[102]  M. Buckingham Noise in electronic devices and systems , 1983 .

[103]  S. J. Berger,et al.  ARINC 629 digital communication system - application on the 777 and beyond , 1997, Microprocess. Microsystems.

[104]  Guilherme Arrozruf Deening a Can-based Infrastructure for Fault-tolerant Real-time Distributed Computing , 1998 .

[105]  Joseph Y.-T. Leung,et al.  On the complexity of fixed-priority scheduling of periodic, real-time tasks , 1982, Perform. Evaluation.

[106]  Hans Rischel,et al.  Design and prototyping of real-time systems using CSP and CML , 1997, Proceedings Ninth Euromicro Workshop on Real Time Systems.

[107]  Johan Nilsson,et al.  Some topics in real-time control , 1998, Proceedings of the 1998 American Control Conference. ACC (IEEE Cat. No.98CH36207).

[108]  Joachim Charzinski Performance of the Error Detection Mechanisms in CAN , 1994 .