1 / 26

Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay

Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay. Wenchao Li 1 , Marco Di Natale 2 , Wei Zheng 1 , Paolo Giusto 3 , Alberto Sangiovanni-Vincentelli 1 , Sanjit A. Seshia 1 1 UC Berkeley 2 Scuola Superiore S. Anna 3 General Motors. Introduction.

dani
Download Presentation

Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay Wenchao Li1, Marco Di Natale2, Wei Zheng1, Paolo Giusto3, Alberto Sangiovanni-Vincentelli1, Sanjit A. Seshia1 1UC Berkeley 2Scuola Superiore S. Anna 3General Motors DATE 2009

  2. Introduction [IMG: www.autofieldguide.com] DATE 2009

  3. CAN vs. FlexRay • CAN • Max 1 Mbps; • Protocol overhead of > 40%; • Contention resolved by priority. • Acknowledgment and retransmission when message is corrupted • FlexRay • Capable of 10 Mbps communication • Time-triggered and event-triggered communication • Reliable • Clock Synchronization • Clique Detection • Bus Guardian DATE 2009

  4. Motivation • The current error-management scheme instructs the receiver to discard a corrupted frame. • Need for application-level protocol for enhanced dependability, such as an acknowledgement-retransmission scheme which exists in CAN. DATE 2009

  5. Challenge • The main challenge of implementing the fault recovery scheme is finding available transmission time in slots that can be used for acknowledgment and retransmission. DATE 2009

  6. Agenda • Introduction • Motivation • Preliminaries and Related Work • Tool Flow and MILP Formulation • Case Study • Conclusion DATE 2009

  7. FlexRay [FlexRay Specification v2.1] DATE 2009

  8. FlexRay [FlexRay Specification v2.1] DATE 2009

  9. Related Work • Schedulability analysis of the FlexRay communication protocol [Pop’08] • Embedded System Design for Automotive Applications [Sangiovanni-Vincentelli’07] • NO previous work on optimizing FlexRay schedule for fault-tolerance. DATE 2009

  10. Objective • We define Fault Recovery Rate (FRR) as the percentage of faulty messages guaranteed to be retransmitted before their deadlines. • Objective: maximize FRR • How: optimize remaining static slot assignments to ECUs to allow placement of acknowledgements and retransmissions in static slots on top of an existing schedule. DATE 2009

  11. Agenda • Introduction • Motivation • Preliminaries and Related Work • Tool Flow and MILP Formulation • Case Study • Conclusion DATE 2009

  12. FlexRay Scheduler Task Graph 1st: Optimize FRR 2nd: Optimize allocation Tool Flow Schedule Optimized Acknowledgment and Retransmission Scheme Schedule with recovery allocation DATE 2009

  13. Assumptions • Hard Real Time Constraints • Fixed Schedule • minimum changes to the existing subsystems. • Fault Hypothesis: • Fault Mode: fault can behave inconsistently to different ECUs; • Fault Arrival Rate*: one per application cycle; • Acknowledgments are represented as a single bit. • Delay in CRC/adapter is not modeled • Error on messages is uniformly random DATE 2009

  14. Assumptions • Fault rate data in CAN is used to understand the challenges in FlexRay • Bit Error Rate (BER) for CAN [Ferreira’04] • Benign: 3 £ 10-11 • Normal: 3.1 £ 10-9 • Aggressive: 2.6 £ 10-7 • Without a fault-tolerant mechanism, the number of errors per hour can be between 0.22 and 1. • If one error per cycle is masked, the number of errors per hour is between 3 £ 10-8 and 4.86 £ 10-1. DATE 2009

  15. MILP Formulation Parameters: • ECUsE: {ECUi} • MessagesMi: {wi, msi, mci, di, sei, dei} • Number of cyclesnc, number of slotsns • Schedule matrixns£ nc Variables*: • Message Mi: {fi, rsi, rci, asij, acij} • Static slotSi: ownij DATE 2009

  16. MILP Formulation II Some Constraints: • Acknowledgments are placed iff the original message is protected against faults 8 i, j : {1 · i · nm, j 2 dei}and M is large enough constant fi· asij· M £ fi fi· acij· M £ fi DATE 2009

  17. MILP Formulation III • Retransmissions must follow acknowledgments 8i s.t. 1 · i · nm, 8 j 2 dei, (fi! (asi + (aci – 1)ns· rsij + (rcij – 1)ns)) Corresponding linear inequality is: asij + (acij-1)ns – ri – (ri – 1)ns· M(1 – fi) DATE 2009

  18. MILP Formulation IV • Two-stage optimization • 1st: optimize the fault recovery rate. maximize: fi • 2nd: optimize the placement of acknowledgement and retransmission such that latency is minimized. 8 i minimize: rsi + (rci – 1) £ ns DATE 2009

  19. Agenda • Introduction • Motivation • Preliminaries and Related Work • Tool Flow and MILP Formulation • Case Study • Conclusion DATE 2009

  20. Case Study I • A real schedule for an x-by-wire application configuration from General Motors: 10 ECUs, 22 static slots, 8 cycles, 78 messages, 56 tasks. DATE 2009

  21. Case Study II • Optimal fault recovery rate is 55.1% (43/78 messages) vs. 40.8% (random slot assignment) vs. 33.3% (no using unassigned slots) • Placements of acknowledgments and retransmissions can be optimized in a greedy fashion after slot assignments are optimized. DATE 2009

  22. Discussion Recovery rate changes as the load increases. DATE 2009

  23. Conclusion • A MILP formualation for implementing an application-level acknowledgment and retransmission scheme in FlexRay. Drawbacks: • Works on top of an existing schedule • Works only on the static segment • Limited configuration change. DATE 2009

  24. Ongoing Work • Extend it to handle different criticalities on messages • Reschedule for more vacancies • Combine this with a scheduling formulation • Dynamic window • Lift fault tolerance analysis to control algorithm DATE 2009

  25. Acknowledgment • Hellman Family Faculty Fund • Gigascale Systems Research Focus Center • ArtistDesign network of Excellence • STREP project COMBEST DATE 2009

  26. Q & A Thank you! DATE 2009

More Related