Control of Inaccessibility in CANELy

Continuity of service and bounded and known message delivery latency, are reliability requirements of a number of real-time applications, such as those served by standard fieldbuses. The analysis and design of such networks w.r.t. timing properties has traditionally been based on no-fault scenarios, rather than under a combined performance and reliability perspective. We have shown in earlier works that the performability of fieldbuses in normal operation is hindered by periods of inaccessibility. These derive from incidents in the protocol operation that affect non-faulty components, leading to failures of the expected hard realtime properties of the network. This is specially relevant if the fieldbus supports critical control functions, as it does in many application settings (e.g. industrial, automotive, avionics, aerospace). As part of our endeavor to design a CAN-based infrastructure capable of extremely reliable communication, dubbed CAN Enhanced Layer (CANELy), this paper provides a detailed analysis of CAN behavior in the presence of inaccessibility, discussing a generic and efficient methodology to enforce system correctness in the time-domain, despite the occurrence of network errors.

[1]  Weijia Jia,et al.  Scheduling Hard and Soft Real-Time Communication in the Controller Area Network (CAN) , 1998 .

[2]  Li Ming,et al.  How hard is hard real-time communication on field-buses? , 1997, Proceedings of IEEE 27th International Symposium on Fault Tolerant Computing.

[3]  Paulo Veríssimo,et al.  Real-time communication , 1993 .

[4]  José Rufino,et al.  Fault-tolerant broadcasts in CAN , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[5]  José Rufino,et al.  A Columbus' egg idea for CAN media redundancy , 1999, Digest of Papers. Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing (Cat. No.99CB36352).

[6]  Alan Burns,et al.  Timely use of the CAN protocol in critical hard real-time systems with faults , 2001, Proceedings 13th Euromicro Conference on Real-Time Systems.

[7]  Kang G. Shin,et al.  Scheduling messages on controller area network for real-time CIM applications , 1997, IEEE Trans. Robotics Autom..

[8]  Hans A. Hansson,et al.  Response time analysis under errors for CAN , 2000, Proceedings Sixth IEEE Real-Time Technology and Applications Symposium. RTAS 2000.

[9]  Alan Burns,et al.  Probabilistic analysis of CAN with faults , 2002, 23rd IEEE Real-Time Systems Symposium, 2002. RTSS 2002..

[10]  Alan Burns,et al.  Timing Analysis of Real-Time Communication Under Electromagnetic Interference , 2005, Real-Time Systems.

[11]  Günter Grünsteidl,et al.  TTP - A Protocol for Fault-Tolerant Real-Time Systems , 1994, Computer.

[12]  José Rufino,et al.  Fault-tolerant clock synchronization in CAN , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[13]  José Rufino,et al.  Node failure detection and membership in CANELy , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[14]  Eduardo Tovar,et al.  Integrating inaccessibility in response time analysis of CAN networks , 2000, 2000 IEEE International Workshop on Factory Communication Systems. Proceedings (Cat. No.00TH8531).

[15]  Yakov Rekhter,et al.  Mpls: Technology and Applications , 2000 .

[16]  Hermann Kopetz,et al.  A Comparison of CAN and TTP , 2000 .

[17]  Alan Burns,et al.  An analysable bus-guardian for event-triggered communication , 2003, RTSS 2003. 24th IEEE Real-Time Systems Symposium, 2003.