Design and Verification of a Media Redundancy Management Driver for a CAN Star Topology

Some of the severe dependability limitations of Controller Area Network (CAN) can be overcome by replacing its bus topology with a star topology. Thus, a replicated star topology with advanced error-containment and fault-tolerance mechanisms for CAN, called ReCANcentrate, has been proposed. Its two hubs are coupled with each other and create a single logical broadcast domain. This allows each node to easily manage the replicated star by means of a software driver, called reCANdrv, that abstracts away the details of this replication. The goal of reCANdrv is to manage the star's media redundancy transparently for a CAN application, allowing it to exchange information through the star while tolerating faults. This paper describes the design of reCANdrv, the specification as properties of reCANdrv's correct redundancy management, and the verification of these properties by means of model checking.

[1]  Julian Proenza,et al.  An active star topology for improving fault confinement in CAN networks , 2006, IEEE Transactions on Industrial Informatics.

[2]  Nicolas Navet,et al.  Trends in Automotive Communication Systems , 2005, Proceedings of the IEEE.

[3]  José Miró-Julià,et al.  MajorCAN: A Modification to the Controller Area Network Protocol to Achieve Atomic Broadcast , 2000, ICDCS Workshop on Group Communications and Computations.

[4]  Alan Burns,et al.  Controller Area Network (CAN) schedulability analysis: Refuted, revisited and revised , 2007, Real-Time Systems.

[5]  José Rufino,et al.  Fault-tolerant broadcasts in CAN , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[6]  Reinhard German,et al.  Stochastic and deterministic performance evaluation of automotive CAN communication , 2009, Comput. Networks.

[7]  Julian Proenza,et al.  Reliability improvement achievable in CAN-based systems by means of the ReCANcentrate replicated star topology , 2010, 2010 IEEE International Workshop on Factory Communication Systems Proceedings.

[8]  J. Proenza,et al.  Using UPPAAL to model and verify a clock synchronization protocol for the controller area network , 2005, 2005 IEEE Conference on Emerging Technologies and Factory Automation.

[9]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[10]  Julian Proenza,et al.  Modelling MajorCAN with UPPAAL , 2007, 2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA 2007).

[11]  Goran Cengic,et al.  On Formal Analysis of IEC 61499 Applications, Part B: Execution Semantics , 2010, IEEE Transactions on Industrial Informatics.

[12]  Julian Proenza,et al.  Towards understanding the sensitivity of the reliability achievable by simplex and replicated star topologies in CAN , 2011, ETFA2011.

[13]  J. Proenza,et al.  An UPPAAL Model for Formal Verification of Master/Slave Clock Synchronization over the Controller Area Network , 2006, 2006 IEEE International Workshop on Factory Communication Systems.

[14]  Francisco Javier González-Castaño,et al.  Extending Vehicular CAN Fieldbuses With Delay-Tolerant Networks , 2008, IEEE Transactions on Industrial Electronics.

[15]  Michael Paulitsch,et al.  ESCAPE CAN Limitations , 2007 .

[16]  Julian Proenza,et al.  Quantitative Comparison of the Error-Containment Capabilities of a Bus and a Star Topology in CAN Networks , 2011, IEEE Transactions on Industrial Electronics.

[17]  Tullio Vardanega,et al.  Toward Correctness in the Specification and Handling of Non-Functional Attributes of High-Integrity Real-Time Embedded Systems , 2010, IEEE Transactions on Industrial Informatics.

[18]  Mo-Yuen Chow,et al.  Networked Control System: Overview and Research Trends , 2010, IEEE Transactions on Industrial Electronics.

[19]  Donal Heffernan,et al.  Modeling and Verification of a Time-triggered Networking Protocol , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[20]  Julian Proenza,et al.  Combining operational flexibility and dependability in FTT-CAN , 2006, IEEE Transactions on Industrial Informatics.

[21]  Magnus Egerstedt,et al.  Observability of Switched Linear Systems , 2004, HSCC.

[22]  Michael J. Pont,et al.  Reducing message-length variations in resource-constrained embedded systems implemented using the Controller Area Network (CAN) protocol , 2009, J. Syst. Archit..

[23]  Z. Hanzalek,et al.  Timed automata approach to real time distributed system verification , 2004, IEEE International Workshop on Factory Communication Systems, 2004. Proceedings..

[24]  Cristian Mahulea,et al.  An Automated Framework for Formal Verification of Timed Continuous Petri Nets , 2010, IEEE Transactions on Industrial Informatics.

[25]  Wolfhard Lawrenz,et al.  CAN system engineering - from theory to practical applications , 1997 .

[26]  Robert I. Davis,et al.  Controller Area Network (CAN) Schedulability Analysis with FIFO Queues , 2011, 2011 23rd Euromicro Conference on Real-Time Systems.

[27]  Giuseppe Buja,et al.  Overcoming Babbling-Idiot Failures in CAN Networks: A Simple and Effective Bus Guardian Solution for the FlexCAN Architecture , 2007, IEEE Transactions on Industrial Informatics.

[28]  Michael J. Pont,et al.  Fault-Tolerant Time-Triggered Communication Using CAN , 2007, IEEE Transactions on Industrial Informatics.

[29]  Julian Proenza,et al.  First prototype and experimental assessment of media management in ReCANcentrate , 2010, 2010 IEEE 15th Conference on Emerging Technologies & Factory Automation (ETFA 2010).

[30]  Nicolas Navet,et al.  Impact of clock drifts on CAN frame response time distributions , 2011, ETFA2011.

[31]  Goran Cengic,et al.  On Formal Analysis of IEC 61499 Applications, Part A: Modeling , 2010, IEEE Transactions on Industrial Informatics.

[32]  Alberto Sangiovanni-Vincentelli,et al.  Stochastic Analysis of CAN-Based Real-Time Automotive Systems , 2009, IEEE Transactions on Industrial Informatics.

[33]  Manel Velasco,et al.  Runtime Allocation of Optional Control Jobs to a Set of CAN-Based Networked Control Systems , 2010, IEEE Transactions on Industrial Informatics.

[34]  Alberto L. Sangiovanni-Vincentelli,et al.  Using Statistical Methods to Compute the Probability Distribution of Message Response Time in Controller Area Network , 2010, IEEE Transactions on Industrial Informatics.

[35]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[36]  Julian Proenza,et al.  Dependable Automotive CAN Networks , 2009 .

[37]  Julian Proenza,et al.  Orthogonal, Fault-Tolerant, and High-Precision Clock Synchronization for the Controller Area Network , 2008, IEEE Transactions on Industrial Informatics.

[38]  Lars-Berno Fredriksson,et al.  CAN for Critical Embedded Automotive Networks , 2002, IEEE Micro.

[39]  Julian Proenza,et al.  Boosting the Robustness of Controller Area Networks: CANcentrate and ReCANcentrate , 2009, Computer.