Achieving fault tolerance in FTT-CAN

In order to use the FTT-CAN protocol (flexible time-triggered communication over controller area network) in safety-critical applications, the impact of network errors and node failures must be thoroughly determined and minimized. This paper presents and discusses fault-tolerance techniques to limit that impact. The particular configuration of the communication system can be more or less complex and fault-tolerant as desired by the system designer. The paper includes the fault hypothesis and presents a replicated network architecture using bus guardians. An important aspect is the replication of the master node that schedules the time-triggered traffic. In this case, it is particularly important to assure correct synchronization of the master replicas. The mechanisms that support masters' replication and synchronization are described and their performance is evaluated. The resulting architecture allows a reduction of the conflicts between safety and flexibility, supporting the use of FTT-CAN in safety critical applications.

[1]  Francisco Vasques,et al.  Atomic Multicast Protocols for Reliable CAN Communication , 2001 .

[2]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[3]  Hans A. Hansson,et al.  Response time analysis under errors for CAN , 2000, Proceedings Sixth IEEE Real-Time Technology and Applications Symposium. RTAS 2000.

[4]  C. Norstrom,et al.  Integrating reliability and timing analysis of CAN-based systems , 2000, 2000 IEEE International Workshop on Factory Communication Systems. Proceedings (Cat. No.00TH8531).

[5]  Thomas Nolte,et al.  Integrating reliability and timing analysis of CAN-based systems , 2002, IEEE Trans. Ind. Electron..

[6]  Yeqiong Song,et al.  Worst-case deadline failure probability in real-time applications distributed over controller area network , 2000, J. Syst. Archit..

[7]  Seung Ho Hong,et al.  Scheduling algorithm of data sampling times in the integrated communication and control systems , 1995, IEEE Trans. Control. Syst. Technol..

[8]  Michael J. Muller,et al.  Requirements specification , 2002 .

[9]  Paulo Pedreiras,et al.  Combining event-triggered and time-triggered traffic in FTT-CAN: analysis of the asynchronous messaging system , 2000, 2000 IEEE International Workshop on Factory Communication Systems. Proceedings (Cat. No.00TH8531).

[10]  José Rufino,et al.  Fault-tolerant broadcasts in CAN , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[11]  Luis Almeida,et al.  Using a planning scheduler to improve the flexibility of real-time fieldbus networks , 1999 .

[12]  Ye-Qiong Song,et al.  Design of Reliable Real-Time Applications Distributed Over CAN (Controller Area Network) , 1997 .

[13]  Pedro Fonseca,et al.  Flexible Time-Triggered Communication on a Controller Area Network , 1998 .