time triggered protocol (ttp/c): a safety-critical system...
TRANSCRIPT
Time Triggered Protocol (TTP/C): ASafety-Critical System Protocol
Literature Review EE382c Fall 1999
Robert FranceGlobal Software DivisionMotorola, Inc.
Howard CurtisGlobal Technology ServicesMCC
+��&XUWLV��5��)UDQFH���������
• ButtonRectifiers
• PositiveCrankcaseVentilation
• PowerSteering
• UnleadedGas
• 2 & 3-WayCatalyticConverters
• EngineControl
• Fuel Injection
• Fuel MixSensors
• MPU’s
• Reformulating Gas
• High speed MCU forrealtime control
• Cold Start
• Onboard Diagnostic level 2
• Valve timing control
• Airbags
• Electric power steering
• Adaptive cruise control
• ABS with traction controland vehicle stability
• First available EVsand hybrids
The Evolution ofAutomotive Electronics
Source: Motorola, 1999
+��&XUWLV��5��)UDQFH���������
Automotive Electronics Market Development
0
5
10
15
20
25
30
35
40Automotive Semiconductor TAM World-Wide [$B]
1975 1980 1985 1990 1995 2000 2005 2010
ITS (Navigation, Telematics)
Body (Comfort, Light…)
Safety (ABS, Airbag…)Powertrain
Source: Motorola, 1999
Electronics andelectromechanics(‘Mechatronics’) arereplacing hydraulicand mechanicalcomponents invehicles.
The role of the driverwill (gradually)change from machineoperator to supervisorof a transportationsystem.
5th Wave(EPAS, X-by-Wire, 42V…)
+��&XUWLV��5��)UDQFH���������
Total Connectivity in the Vehicle
Driver Information
Systems
Powertrain Vehicle
Dynamics
Body (Comfort, Safety, Lighting, Instrumentation)
Video/Radar
Processing
LightingControl
CD/DVD
HVAC/Aux Gauges
TV-TunerVideo
Monitor
Navigation
Cellular
Multi-useDisplay
ITS
-Bu
s / M
OS
T
CAN-C
SubBus
DC Motor
CAN-B
HiFi Radio/Audio
Seat Heating
Stand-ByHeating
ISO 9141
Solenoid
Electric Brake
SquibSensor
StepperMotor
Light LevelRegulation
RemoteKeyless Entry
SeatPositioner
ControlPanel
Central ECU& Gateway
Dashboard
TTP TTPTelematics
Vehicle Dynamics
EngineControl
Gear BoxControlSun-Roof
Wiper Wish-Wash
ClimateControl
ClimatePanel
Su
b B
us
Air Bag
Left Door Module
Right DoorModule
BrakePetal
Steering
High Speed
Network Radar
Cameras
TTP
Source: Motorola, 1999
+��&XUWLV��5��)UDQFH���������
Event-Triggered vsTime-Triggered Systems
• Event-triggered systems react to events– Reception of a message
– Termination of a task
– External interrupt
• Time-triggered systems derive actions from the progressionof a globally synchronized time base
– Transmission of messages
– Task execution
– Monitoring of external states
+��&XUWLV��5��)UDQFH���������
Time-Triggered Protocols
• TTP: Family of TDMA based, fault tolerant protocols.
• TTP/C: A communication protocol specifically designed forsafety-related automotive applications.
• The development of TTP and TTP/C has been led by Prof.Hermann Kopetz, Technical University of Vienna.
• The commercial development of TTP/C tools and productsis led by TTTech.
• Existing protocols J1850 and CAN meet the the bandwidthspecification for an SAE Class C protocol, but not the faulttolerant requirements.
+��&XUWLV��5��)UDQFH���������
TTP/C Node Architecture• Host
– The Host runs the application software.
• Controller Network Interface (CNI)– De-couples the applications-level software from the network using dual ported
RAM.
– Contains the Message Descriptor List (MEDL) controlling bus access.
• TTP/C Communications Controller.– Provides the actual connection between the TTP/C node and the shared network.
– “…the TTP/C controller provides guaranteed transmission times with minimallatency,jitter, fault-tolerant clock synchronization, and fast error detection.”(Ross Bannatyne, “Time Triggered Protocol ...,” Wescon 1998, p. 88.)
• Replica Determinant– Allows multiple parallel nodes for fault tolerance
• Fail Silent– Enforced by bus guardians.
+��&XUWLV��5��)UDQFH���������
FTU 0
TTP
FTU 1 FTU 2
TTPTTP
Host Subsystems
Communication SubsystemDuplicatedbroadcastbusses
Nodes are Smallest Replaceable Units (SRUs)
Fault Tolerant Units (FTUs): Groups of actively replicated
nodes
Communication Network Interface (CNI):• System partitioning: autonomous TTP controllers, host CPUs• Hides communication subsystem behind memory abstraction• Predictable interface behavior achieves composability
TTPTTPTTP
TTP/C Cluster
HostCPU
HostCPU
HostCPU
HostCPU
HostCPU
HostCPU
Source: Motorola, 1999
+��&XUWLV��5��)UDQFH���������
TTP/C Communication Properties
• Static Scheduling– Guaranteed delivery times with known variance (jitter).
• Clock Synchronization– All nodes synchronized to within one microsecond each TDMA round.
• Composability– TTP/C nodes are temporally composable as well as functionally composable.
This is a key property of being replica determinant.
• Fail Silent– The bus guardians ensure transmission only during the correct timeslot, in all cases.
• Membership– Every node’s membership is available during each TDMA round.
+��&XUWLV��5��)UDQFH���������
FTU Slot
SRUSlot
A
A
Bus
0B
us 1
FTU 0 FTU1
FTU 2
TDMA Round
B B B
B B B
C
C
C
C
D
D
FTU 0 FTU1
FTU 2
B B B
B B B
E
E
E
E
t
t
Time Division Multiple Access (TDMA):• Fixed assignment of slots to nodes• Every node periodically transmits in its slot
Message Descriptor List (MEDL):• Static data structure• Message dispatching table
TTP/C Bus Access Scheme
Source: Motorola, 1999
+��&XUWLV��5��)UDQFH���������
X-by-Wire Systems
• Mechanical & hydraulic subsystems controllingsafety-related functions are replaced by computer controlsystems
– Examples: brake-by-wire, steer-by-wire, vehicle dynamics control, active suspension
• Advantages: Cost reduction, weight reduction, easierdesign, assembly and maintenance, passenger safety andcomfort
• Safety-critical applications require:– Fault tolerance: no single fault may lead to a system failure
– Predictable and timely system behavior
– Synchronized time base (global time)
+��&XUWLV��5��)UDQFH���������
Evolution of Steering Systems
Hydraulic Power Assist(Conventional Steering)
Cooling(high end) reservoir
Hydraulicpump
hoses
Servo actuator
Electric Power Assist(Newest Technology)
Torquesensor
Control unit
To MUX network
EPS Motor
Source: Motorola, 1999
+��&XUWLV��5��)UDQFH���������
Steer By Wire Systems
Triple Redundant
Actuators andControllers
ECU ECU
SteeringControl
Unit withRedundant
ECUs
TTP/CComms
TTP/CComms
TTP/CComms
TTP/CComms
TTP/CComms
Sensor
TTP/CComms
TTP/CComms
TTP/CComms
Sensor Sensor
ControlAnd
Motor
ControlAnd
Motor
ControlAnd
Motor
Source: Motorola, 1999
+��&XUWLV��5��)UDQFH���������
Modeling & Simulation in Automotive Design
Engine Data,Combustion ChamberBack Pressure
ElectroMechanicalValve
pre-DriverSignal ConditioningPower ModuleThermal Behavior
Matlab/SimulinkControl Algorithm
Trigger, CrankAngle based
CrankAngleSource
PWMfrequency
Source: Motorola, 1999
+��&XUWLV��5��)UDQFH���������
Position
Cylinder Back Pressure Force
Crank Angle
Coil Current
Valve Speed
Open / Close
Simulation Results
Source: Motorola, 1999
+��&XUWLV��5��)UDQFH���������
Summary & Conclusions
• Safety critical systems are the next big development area inthe automotive industry.
• TTP/C provides the basic features needed for implementingsafety critical systems.
• Modeling and Simulation are increasingly important todesigning highly complex, safety critical systems affordably.
• Proposed project to implement a partial high level model ofTTP/C in Ptolemy as proof of concept.
• Prof. Hermann Kopetz lecturing at UT, Nov. 18.