optimizations of an application-level protocol for enhanced dependability in flexray
DESCRIPTION
Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay. Wenchao Li 1 , Marco Di Natale 2 , Wei Zheng 1 , Paolo Giusto 3 , Alberto Sangiovanni-Vincentelli 1 , Sanjit A. Seshia 1 1 UC Berkeley 2 Scuola Superiore S. Anna 3 General Motors. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
DATE 2009 1
Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay
Wenchao Li1, Marco Di Natale2, Wei Zheng1, Paolo Giusto3,
Alberto Sangiovanni-Vincentelli1, Sanjit A. Seshia1
1UC Berkeley 2Scuola Superiore S. Anna
3General Motors
DATE 2009 2
Introduction
[IMG: www.autofieldguide.com]
DATE 2009 3
CAN vs. FlexRay
FlexRay- Capable of 10 Mbps
communication- Time-triggered and
event-triggered communication
- Reliable- Clock
Synchronization- Clique Detection- Bus Guardian
CAN- Max 1 Mbps;- Protocol overhead of
> 40%;- Contention resolved
by priority.- Acknowledgment
and retransmission when message is corrupted
DATE 2009 4
Motivation
The current error-management scheme instructs the receiver to discard a corrupted frame.
Need for application-level protocol for enhanced dependability, such as an acknowledgement-retransmission scheme which exists in CAN.
DATE 2009 5
Challenge
The main challenge of implementing the fault recovery scheme is finding available transmission time in slots that can be used for acknowledgment and retransmission.
DATE 2009 6
Agenda
Introduction Motivation
Preliminaries and Related Work Tool Flow and MILP Formulation
Case Study Conclusion
DATE 2009 7
FlexRay
[FlexRay Specification v2.1]
DATE 2009 8
FlexRay
[FlexRay Specification v2.1]
DATE 2009 9
Related Work
Schedulability analysis of the FlexRay communication protocol [Pop’08]
Embedded System Design for Automotive Applications [Sangiovanni-Vincentelli’07]
NO previous work on optimizing FlexRay schedule for fault-tolerance.
DATE 2009 10
Objective
We define Fault Recovery Rate (FRR) as
the percentage of faulty messages guaranteed to be retransmitted before their deadlines.
Objective: maximize FRR
How: optimize remaining static slot assignments to ECUs to allow placement of acknowledgements and retransmissions in static slots on top of an existing schedule.
DATE 2009 11
Agenda
Introduction Motivation
Preliminaries and Related Work Tool Flow and MILP Formulation
Case Study Conclusion
DATE 2009 12
Tool Flow
Schedule
Schedule with recovery allocation
Optimized Acknowledgment
and Retransmission Scheme
Task Graph
FlexRay Scheduler
1st: Optimize FRR
2nd: Optimize allocation
DATE 2009 15
Assumptions
Hard Real Time Constraints Fixed Schedule
minimum changes to the existing subsystems. Fault Hypothesis:
Fault Mode: fault can behave inconsistently to different ECUs;
Fault Arrival Rate*: one per application cycle; Acknowledgments are represented as a single bit. Delay in CRC/adapter is not modeled Error on messages is uniformly random
DATE 2009 16
Assumptions
Fault rate data in CAN is used to understand the challenges in FlexRay
Bit Error Rate (BER) for CAN [Ferreira’04]
Benign: 3 £ 10-11
Normal: 3.1 £ 10-9
Aggressive: 2.6 £ 10-7
Without a fault-tolerant mechanism, the number of errors per hour can be between 0.22 and 1.
If one error per cycle is masked, the number of errors per hour is between 3 £ 10-8 and 4.86 £ 10-1.
DATE 2009 17
MILP Formulation
Parameters: ECUs E: {ECUi} Messages Mi: {wi, msi, mci, di, sei, dei} Number of cycles nc, number of slots ns
Schedule matrix ns £ nc
Variables*: Message Mi: {fi, rsi, rci, asij, acij} Static slot Si: ownij
DATE 2009 18
MILP Formulation II
Some Constraints: Acknowledgments are placed iff the original
message is protected against faults
8 i, j : {1 · i · nm, j 2 dei} and M is large enough constant
fi · asij · M £ fi
fi · acij · M £ fi
DATE 2009 19
MILP Formulation III
Retransmissions must follow acknowledgments
8 i s.t. 1 · i · nm, 8 j 2 dei,
(fi ! (asi + (aci – 1)ns · rsij + (rcij – 1)ns))
Corresponding linear inequality is:
asij + (acij-1)ns – ri – (ri – 1)ns · M(1 – fi)
DATE 2009 20
MILP Formulation IV
Two-stage optimization 1st: optimize the fault recovery rate.
maximize: fi
2nd: optimize the placement of acknowledgement and retransmission such that latency is minimized.
8 i minimize: rsi + (rci – 1) £ ns
DATE 2009 21
Agenda
Introduction Motivation
Preliminaries and Related Work Tool Flow and MILP Formulation
Case Study Conclusion
DATE 2009 22
Case Study I A real schedule for an x-by-
wire application configuration from General Motors: 10 ECUs, 22 static slots, 8 cycles, 78 messages, 56 tasks.
DATE 2009 23
Case Study II
Optimal fault recovery rate is 55.1% (43/78 messages)
vs. 40.8% (random slot assignment) vs. 33.3% (no using unassigned slots)
Placements of acknowledgments and retransmissions can be optimized in a greedy fashion after slot assignments are optimized.
DATE 2009 24
Discussion
Recovery rate changes as the load increases.
DATE 2009 25
Conclusion
A MILP formualation for implementing an application-level acknowledgment and retransmission scheme in FlexRay.
Drawbacks: Works on top of an existing schedule Works only on the static segment Limited configuration change.
DATE 2009 26
Ongoing Work
Extend it to handle different criticalities on messages
Reschedule for more vacancies Combine this with a scheduling
formulation Dynamic window Lift fault tolerance analysis to control
algorithm
DATE 2009 27
Acknowledgment Hellman Family Faculty Fund Gigascale Systems Research Focus Center ArtistDesign network of Excellence STREP project COMBEST
DATE 2009 28
Q & A
Thank you!