optimizations of an application-level protocol for enhanced dependability in flexray
DESCRIPTION
Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay. Wenchao Li 1 , Marco Di Natale 2 , Wei Zheng 1 , Paolo Giusto 3 , Alberto Sangiovanni-Vincentelli 1 , Sanjit A. Seshia 1 1 UC Berkeley 2 Scuola Superiore S. Anna 3 General Motors. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/1.jpg)
DATE 2009 1
Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay
Wenchao Li1, Marco Di Natale2, Wei Zheng1, Paolo Giusto3,
Alberto Sangiovanni-Vincentelli1, Sanjit A. Seshia1
1UC Berkeley 2Scuola Superiore S. Anna
3General Motors
![Page 2: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/2.jpg)
DATE 2009 2
Introduction
[IMG: www.autofieldguide.com]
![Page 3: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/3.jpg)
DATE 2009 3
CAN vs. FlexRay
FlexRay- Capable of 10 Mbps
communication- Time-triggered and
event-triggered communication
- Reliable- Clock
Synchronization- Clique Detection- Bus Guardian
CAN- Max 1 Mbps;- Protocol overhead of
> 40%;- Contention resolved
by priority.- Acknowledgment
and retransmission when message is corrupted
![Page 4: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/4.jpg)
DATE 2009 4
Motivation
The current error-management scheme instructs the receiver to discard a corrupted frame.
Need for application-level protocol for enhanced dependability, such as an acknowledgement-retransmission scheme which exists in CAN.
![Page 5: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/5.jpg)
DATE 2009 5
Challenge
The main challenge of implementing the fault recovery scheme is finding available transmission time in slots that can be used for acknowledgment and retransmission.
![Page 6: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/6.jpg)
DATE 2009 6
Agenda
Introduction Motivation
Preliminaries and Related Work Tool Flow and MILP Formulation
Case Study Conclusion
![Page 7: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/7.jpg)
DATE 2009 7
FlexRay
[FlexRay Specification v2.1]
![Page 8: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/8.jpg)
DATE 2009 8
FlexRay
[FlexRay Specification v2.1]
![Page 9: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/9.jpg)
DATE 2009 9
Related Work
Schedulability analysis of the FlexRay communication protocol [Pop’08]
Embedded System Design for Automotive Applications [Sangiovanni-Vincentelli’07]
NO previous work on optimizing FlexRay schedule for fault-tolerance.
![Page 10: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/10.jpg)
DATE 2009 10
Objective
We define Fault Recovery Rate (FRR) as
the percentage of faulty messages guaranteed to be retransmitted before their deadlines.
Objective: maximize FRR
How: optimize remaining static slot assignments to ECUs to allow placement of acknowledgements and retransmissions in static slots on top of an existing schedule.
![Page 11: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/11.jpg)
DATE 2009 11
Agenda
Introduction Motivation
Preliminaries and Related Work Tool Flow and MILP Formulation
Case Study Conclusion
![Page 12: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/12.jpg)
DATE 2009 12
Tool Flow
Schedule
Schedule with recovery allocation
Optimized Acknowledgment
and Retransmission Scheme
Task Graph
FlexRay Scheduler
1st: Optimize FRR
2nd: Optimize allocation
![Page 13: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/13.jpg)
DATE 2009 15
Assumptions
Hard Real Time Constraints Fixed Schedule
minimum changes to the existing subsystems. Fault Hypothesis:
Fault Mode: fault can behave inconsistently to different ECUs;
Fault Arrival Rate*: one per application cycle; Acknowledgments are represented as a single bit. Delay in CRC/adapter is not modeled Error on messages is uniformly random
![Page 14: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/14.jpg)
DATE 2009 16
Assumptions
Fault rate data in CAN is used to understand the challenges in FlexRay
Bit Error Rate (BER) for CAN [Ferreira’04]
Benign: 3 £ 10-11
Normal: 3.1 £ 10-9
Aggressive: 2.6 £ 10-7
Without a fault-tolerant mechanism, the number of errors per hour can be between 0.22 and 1.
If one error per cycle is masked, the number of errors per hour is between 3 £ 10-8 and 4.86 £ 10-1.
![Page 15: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/15.jpg)
DATE 2009 17
MILP Formulation
Parameters: ECUs E: {ECUi} Messages Mi: {wi, msi, mci, di, sei, dei} Number of cycles nc, number of slots ns
Schedule matrix ns £ nc
Variables*: Message Mi: {fi, rsi, rci, asij, acij} Static slot Si: ownij
![Page 16: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/16.jpg)
DATE 2009 18
MILP Formulation II
Some Constraints: Acknowledgments are placed iff the original
message is protected against faults
8 i, j : {1 · i · nm, j 2 dei} and M is large enough constant
fi · asij · M £ fi
fi · acij · M £ fi
![Page 17: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/17.jpg)
DATE 2009 19
MILP Formulation III
Retransmissions must follow acknowledgments
8 i s.t. 1 · i · nm, 8 j 2 dei,
(fi ! (asi + (aci – 1)ns · rsij + (rcij – 1)ns))
Corresponding linear inequality is:
asij + (acij-1)ns – ri – (ri – 1)ns · M(1 – fi)
![Page 18: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/18.jpg)
DATE 2009 20
MILP Formulation IV
Two-stage optimization 1st: optimize the fault recovery rate.
maximize: fi
2nd: optimize the placement of acknowledgement and retransmission such that latency is minimized.
8 i minimize: rsi + (rci – 1) £ ns
![Page 19: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/19.jpg)
DATE 2009 21
Agenda
Introduction Motivation
Preliminaries and Related Work Tool Flow and MILP Formulation
Case Study Conclusion
![Page 20: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/20.jpg)
DATE 2009 22
Case Study I A real schedule for an x-by-
wire application configuration from General Motors: 10 ECUs, 22 static slots, 8 cycles, 78 messages, 56 tasks.
![Page 21: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/21.jpg)
DATE 2009 23
Case Study II
Optimal fault recovery rate is 55.1% (43/78 messages)
vs. 40.8% (random slot assignment) vs. 33.3% (no using unassigned slots)
Placements of acknowledgments and retransmissions can be optimized in a greedy fashion after slot assignments are optimized.
![Page 22: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/22.jpg)
DATE 2009 24
Discussion
Recovery rate changes as the load increases.
![Page 23: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/23.jpg)
DATE 2009 25
Conclusion
A MILP formualation for implementing an application-level acknowledgment and retransmission scheme in FlexRay.
Drawbacks: Works on top of an existing schedule Works only on the static segment Limited configuration change.
![Page 24: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/24.jpg)
DATE 2009 26
Ongoing Work
Extend it to handle different criticalities on messages
Reschedule for more vacancies Combine this with a scheduling
formulation Dynamic window Lift fault tolerance analysis to control
algorithm
![Page 25: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/25.jpg)
DATE 2009 27
Acknowledgment Hellman Family Faculty Fund Gigascale Systems Research Focus Center ArtistDesign network of Excellence STREP project COMBEST
![Page 26: Optimizations of an Application-Level Protocol for Enhanced Dependability in FlexRay](https://reader035.vdocuments.site/reader035/viewer/2022062519/56814fe6550346895dbdb117/html5/thumbnails/26.jpg)
DATE 2009 28
Q & A
Thank you!