Similar Pages

Transcript

Time Triggered Protocol (TTP/C): A Safety-Critical System Protocol Literature Review EE382c Fall 1999 Howard Curtis Global Technology Services MCC Robert France Global Software Division Motorola, Inc. The Evolution of Automotive Electronics • Button Rectifiers • Unleaded Gas • Engine Control • Positive Crankcase Ventilation • 2 & 3-Way Catalytic Converters • Fuel Injection • Power Steering • Fuel Mix Sensors • MPU’s • Reformulating Gas • High speed MCU for realtime control • Cold Start • Onboard Diagnostic level 2 • Valve timing control • Airbags • Electric power steering • Adaptive cruise control • ABS with traction control and vehicle stability • First available EVs and hybrids Source: Motorola, 1999 +&XUWLV5)UDQFH Automotive Electronics Market Development Automotive Semiconductor TAM World-Wide [$B] 40 35 30 25 20 Electronics and electromechanics (‘Mechatronics’) are replacing hydraulic and mechanical components in vehicles. 5th Wave (EPAS, X-by-Wire, 42V…) ITS (Navigation, Telematics) Body (Comfort, Light…) Safety (ABS, Airbag…) Powertrain The role of the driver will (gradually) change from machine operator to supervisor of a transportation system. 15 10 5 0 1975 1980 1985 1990 1995 2000 2005 Source: Motorola, 1999 +&XUWLV5)UDQFH 2010 Total Connectivity in the Vehicle Body (Comfort, Safety, Lighting, Instrumentation) Driver Powertrain Information Vehicle Systems Dynamics CAN-B Dashboard Left Door Module Right Door Module Lighting Control Control Panel Seat Positioner Light Level Regulation Sun-Roof Stepper Motor Climate Panel Seat Heating CAN-C Wiper Wish-Wash Remote Keyless Entry Stand-By Heating Sub Bus DC Motor Air Bag Sensor Squib Central ECU & Gateway ITS-Bus / MOST Sub Bus Climate Control Video/ Radar Processing HVAC/ Aux Gauges Multi-use Display Cellular Telematics Navigation CD/DVD HiFi Radio/ Audio TV-Tuner Video Monitor ISO 9141 Cameras Engine Control Gear Box Control High Speed Solenoid Network Radar Vehicle Dynamics TTP Brake Petal TTP Electric Brake Source: Motorola, 1999 +&XUWLV5)UDQFH TTP Steering Event-Triggered vs Time-Triggered Systems • Event-triggered systems react to events – Reception of a message – Termination of a task – External interrupt • Time-triggered systems derive actions from the progression of a globally synchronized time base – Transmission of messages – Task execution – Monitoring of external states +&XUWLV5)UDQFH Time-Triggered Protocols • • TTP: Family of TDMA based, fault tolerant protocols. • The development of TTP and TTP/C has been led by Prof. Hermann Kopetz, Technical University of Vienna. • The commercial development of TTP/C tools and products is led by TTTech. • Existing protocols J1850 and CAN meet the the bandwidth specification for an SAE Class C protocol, but not the fault tolerant requirements. TTP/C: A communication protocol specifically designed for safety-related automotive applications. +&XUWLV5)UDQFH TTP/C Node Architecture • Host – The Host runs the application software. • Controller Network Interface (CNI) – De-couples the applications-level software from the network using dual ported RAM. – Contains the Message Descriptor List (MEDL) controlling bus access. • TTP/C Communications Controller. – Provides the actual connection between the TTP/C node and the shared network. – “…the TTP/C controller provides guaranteed transmission times with minimal latency, jitter, fault-tolerant clock synchronization, and fast error detection.” (Ross Bannatyne, “Time Triggered Protocol ...,” Wescon 1998, p. 88.) • Replica Determinant – • Allows multiple parallel nodes for fault tolerance Fail Silent – Enforced by bus guardians. +&XUWLV5)UDQFH TTP/C Cluster Fault Tolerant Units (FTUs): Groups of actively replicated nodes Nodes are Smallest Replaceable Units (SRUs) Host Subsystems FTU 0 FTU 1 Host CPU Host HostHostCPU CPUCPU TTP TTP TTPTTP FTU 2 HostHost CPUCPU TTPTTP Communication Subsystem Duplicated broadcast busses Source: Motorola, 1999 Communication Network Interface (CNI): • System partitioning: autonomous TTP controllers, host CPUs • Hides communication subsystem behind memory abstraction • Predictable interface behavior achieves composability +&XUWLV5)UDQFH TTP/C Communication Properties • Static Scheduling – Guaranteed delivery times with known variance (jitter). • Clock Synchronization – All nodes synchronized to within one microsecond each TDMA round. • Composability – TTP/C nodes are temporally composable as well as functionally composable. This is a key property of being replica determinant. • Fail Silent – The bus guardians ensure transmission only during the correct timeslot, in all cases. • Membership – Every node’s membership is available during each TDMA round. +&XUWLV5)UDQFH TTP/C Bus Access Scheme Time Division Multiple Access (TDMA): • Fixed assignment of slots to nodes • Every node periodically transmits in its slot FTU Slot Bus 1 Bus 0 SRU Slot A B B B FTU 1 B FTU 0 A B C C FTU 2 B C C D B B B FTU 1 B FTU 0 D B E E t FTU 2 B E E t TDMA Round Message Descriptor List (MEDL): • Static data structure • Message dispatching table Source: Motorola, 1999 +&XUWLV5)UDQFH X-by-Wire Systems • Mechanical & hydraulic subsystems controlling safety-related functions are replaced by computer control systems – Examples: brake-by-wire, steer-by-wire, vehicle dynamics control, active suspension • Advantages: Cost reduction, weight reduction, easier design, assembly and maintenance, passenger safety and comfort • Safety-critical applications require: – Fault tolerance: no single fault may lead to a system failure – Predictable and timely system behavior – Synchronized time base (global time) +&XUWLV5)UDQFH Evolution of Steering Systems Electric Power Assist (Newest Technology) Hydraulic Power Assist (Conventional Steering) Cooling (high end) reservoir Servo actuator Torque sensor To MUX network hoses EPS Motor Hydraulic pump Control unit Source: Motorola, 1999 +&XUWLV5)UDQFH Steer By Wire Systems Steering TTP/C TTP/C Control Comms Comms Unit with Redundant ECU ECU ECUs Triple TTP/C TTP/C TTP/C Redundant Comms Comms Comms Actuators and Control Control Control And And Controllers And Motor Motor TTP/C TTP/C TTP/C Comms Comms Comms Sensor Sensor Sensor Motor Source: Motorola, 1999 +&XUWLV5)UDQFH Modeling & Simulation in Automotive Design Trigger, Crank Angle based Matlab/Simulink Control Algorithm Crank Angle Source PWM frequency pre-Driver Signal Conditioning Power Module Thermal Behavior Electro Mechanical Valve Engine Data, Combustion Chamber Back Pressure Source: Motorola, 1999 +&XUWLV5)UDQFH Simulation Results Open / Close Valve Speed Coil Current Crank Angle Cylinder Back Pressure Force Position Source: Motorola, 1999 +&XUWLV5)UDQFH Summary & Conclusions • Safety critical systems are the next big development area in the automotive industry. • TTP/C provides the basic features needed for implementing safety critical systems. • Modeling and Simulation are increasingly important to designing highly complex, safety critical systems affordably. • Proposed project to implement a partial high level model of TTP/C in Ptolemy as proof of concept. • Prof. Hermann Kopetz lecturing at UT, Nov. 18. +&XUWLV5)UDQFH