reliability analysis of wireless automotive applications with transceiver redundancy

“Reliability analysis of wireless automotive

applications with transceiver redundancy.”

Final Presentation – Master Thesis:

Roshan Chulyada

(EEIT Master at FH-Rosenheim – University of Applied Science)

Supervisors: Prof. Dr.-Ing. Holger Stahl Advisor: Dipl.-Ing. Hauke Stähle

Prof. Dr. –Ing. Markus Stichler

09.10.2014 Final presentation - Master Thesis 1

Outline1. Problems and Solution.

2. Challenges for Solution.

3. Comparison of Wireless technologies.

4. Safety Analysis of Existing System in eCar.

5. Approach and Analysis to get Reliable System in eCar.

6. Design of Fail-Operational System.

7. Implementation.

8. Experiments.

9. Conclusion and Further works.

10. Demonstration

209.10.2014 Final presentation - Master Thesis

1. Problems (I).

3

Increase comfort and safety.

Increase sensors (150), switches etc.

Increase integration efforts (inter domain)and complexity.


1. Problem (II).


source: http://bainite.wordpress.com/category/cars/

1. Solution (III).

5

Wireless

Simple integration.

Reduce weight.

Increase design

Flexibility.

Enable dynamic inter-domain

data

Transmission.


2. Challenges


• Interferences

•Complete Blocking

•DistortionWireless Channel

•Protocols are not designed for this use case.

No protocols are designed for automotive in vehicle

communication.

• System runs with failure.Fail-Operational Behavior

Safe SystemFail Operational

System

3. Comparison of Wireless Technologies.


Data rate

CostRange

Link Budget

ZigBee

Bluetooth

Wi-Fi



Safety Analysis

1. System Architecture

2. FMEA

3. MTTF4. Reliability

Block Diagram.

5. Reliability

Reliable = ASIL D

Source: ISO 26262 ASIL standard


9

Master NodeSafety

Analysis

1

2

34

5

Slave Node



10

2. Failure Mode and Effect Analysis (FMEA).

Source: "Department of the Army, TM 5-698-4, Failure Modes, Effects and Criticality Analyses (FMECA) for Command, Control, Communications, Computer, Intelligence, Surveillance, and Reconnaissance (C4ISR) Facilities, 29 September 2006."

Safety Analysis

1

2

34

5

FMEA

2.1. Define the system and Identify elements or

components.

2.2. Define Ground Rules and Assumptions

2.3. System Block

Diagram

2.4. Identify Failure modes

2.5. Perform failure effects/causes

2.6. Severity ranking and probability

Methodology

The system is inside the car with the shielding box. The master node is at central system and slave node is at rear axel connected to the sensor to control the wheel. Master and Slave node sends or received data via wireless channel.

•Overview of system failure by research and brain storming.•Assume severity and probability values are according to system.•Mission Time: 12hrs.•Severity Classifications (IV to I).•Probability levels(1 to 4).


4. Existing System Arch. in e-Car (II)

11

Node

(MSP430F5438)

Transceiver

(CC2520)

Power Supply System

UART SPINetworks

or Systems.

Node

(MSP430F5438)

Transceiver

(CC2520)

UART SPI

Networks or

Systems.

Master Node

Slave Node

ZigBeeProtocols

2. Failure Mode and Effect Analysis (FMEA).

2.3 System Block Diagram.



12

2. Failure Mode and Effect Analysis (FMEA).FMEA Table

1, 2

1, 11, 1

2, 2

3, 1

1, 41, 4

1, 11, 1

1, 41, 4

1, 1 2, 11, 1

3, 4

1, 3

1, 4

1, 3

1, 4

1, 3

1, 21, 2

1, 1

1, 4

2, 1

1, 4

2, 2

4, 3

4, 2

1, 11

2

3

4

5

1 2 3 4 5

Seve

rity

Probability

Probability and Severity

Severity

HIGH

High risk

ModerateLow

Moderate

HIGHLOW

LOW



13

3. Mean Time To Failure.• Measure of rate of failure in useful time for non-repairable systems.

• Formulas for MTTF, Failure Rate( ) and reliability (R) calculation. (Ref: mil-hdbk 338B

and mil-hdbk 217F version 1 and 2)

Failure Rate = base failure rate X temperature X stress X

environment X etc.. Failures/10^6 hours

For example :

Resistor

)(

1/ )( MTTF-t/MTTFt- e e R(t) Re liability

EQSPTb res

Base failure

Temp. factorPower Stress

Power factor

Quality factor

Environment factor



14

3. Mean Time To Failure.

Example :

Resistors on MSP430 board:

base failure

Temperature Factor , for 120 degree centegrate

Power Stress Factor , for max. power stress 0.9

Quality Factor

Environmental factor , for environment GM, Ground, Mobile

Power factor


0.0024 )( b

2.1 )( T

1.9 )( S

0.03 )( Q

16 )( E

0.3391 )( P


15

3. Mean Time To Failure.

MTTF of Resistor


hoursfailures

res 6

3-

10101.55866 )(

Total MTTF of Board = hours51082.9

Reliability of Board = 610 999987.7


16

3. Reliability Block Diagram (RBD).• What is RBD? (Ref: mil-hdbk 338B)

Safety Analysis

1

2

34

5

Types of RBD

Reliability Block Diagram RBD

3.1 Series 3.2 Parallel3.3 Combine

Series & Parallel.



17

4.Reliability Block Diagram (RBD) of Existing System.

Master Node

Safety Analysis

1

2

34

5

Networks or

Systems.

chtrspnups R R R R R R Rs

Series Combination



18

5.Reliability Evaluation of System.How we did:

R

FMEA

MTTF

RBD

• System Architecture.

• System Block diagram

• Mil-hdbk-338.

Components Reliability

• Component List

• Mil-hdbk-217F

(Passive components)

(Process Reliability)

Mission Time

12 hoursSafety

Analysis

1

2

34

5



19

5.Reliability Evaluation of System. Calculations and Analysis:

Reliability in Series combination:

Safety Analysis

1

2

34

5

0.999956 (t)

)(R (t)R (t)R (t)R (t)R (t)R 12hrs)(t chtrspnups

s

s

R

tR

rs.failures/h 10 0.36 -5

ASIL A

Suppose 40 million autos running12hrs then failure will be 1760autos.


Approach System Design:

5. Approach & Analysis to get Reliable System in eCar.

20

Transceiver1

(CC2520)

UART1 SPI1

Transceiver2

(CC2520)

UA

RT

-R

SPI2

ZigBee

Protocols

Networks

or

Systems.

CHr

CHx

CHy

Node1

(MSP430F5438)

Power Supply

System1

Power Supply

System2

Node2

(MSP430F5438)

UA

RT

2

Redundancy09.10.2014 Final presentation - Master Thesis

Reliability Block Diagram:


21

Networks or

Systems.

)(R (t)R (t)R (t)R (t) chcomsysps tRp

Rps1

Rps2

Ru1

Ru2

Rn1

Rn2

Rsp1

Rsp2

Rtr1

Rtr2

Rchx

Rchy

Rur

Rchr

Power System Controller System

Rps Rsys

RcomRch


Analysis:


22

ourfailures/h 10 0.41666

50.99999999 (t)R

1 1 960.99999999 90.99999999 )12hrs (

)(R (t)R (t)R (t)R (t)

9-

p

chcomsysps

tR

tR

p

p

ASIL D

Suppose 40 million autos running12hrs then failure will be 0.2autos.


6. Design of Fail-Operational System


Start

IsUART-RstatusOk?

Is MasterNode1

Ok?

Inform toAll Nodes.

Get Statusof MasterNode1fromWirelessChannel.

Inform toAll Nodes.

1

Algorithm Design (I): Master Node2 monitoring Master Node1

NO

NO

YES

YES

Major Failure Levels

•UART-R failure•Power Supply failure•Node Failure•Freeze•Signal Blocked


24

Start

Is Tx &Rx

counterincreasing

CRCBITOk?

Switchedto backupChannel.

Block datasend fromMasterNode1 toNetwork.

2

Algorithm Design (II):

Start 1

NO

NO

YES

YES

YES

Major Failure Levels

•Babling Idiot

Moderate Failure Levels

•Frame error



25

Start

RSSI >-80dBm?

50 >= Corr. Value

<= 108

?

IncreaseTransmitPower.

3

Algorithm Design (III):

2

Switchedto backupChannel.

NO

NO

YES

YES

YES

Moderate Failure Levels

•Path loss•Distortion•Signal Blocked



26

Start

IsPayload

sizeequal?

Framesequencenumberequal?

Block datasend fromMasterNode1 toNetwork.

Algorithm Design (IV):

3

Senddata fromMasterNode1 toNetwork.

END

NO

NOYES

YES

YES

Minor Failure Levels

•Payload mismatch•Packet lost


Channelstat. Tx. Power reset block n/w

Fig. Action Protocol

7. Implementation

27

7.1 Redundant Fail-Operational Protocol - RFOP (I).

Rx. Count.ActionsStatus RSSI Correl. CRC Fra. Sq. PayloadSize Tx. Count.

Fig. Redundant Fail-Operational Protocol (RFOP) for UART

Redundant rUart1 rUart2 M. Node1 M. Node2 S. Node1 S. Node2

Fig. Status Protocol


channelstat. Tx. Power reset block n/w

Fig. Action Protocol

7. Implementation

28

7.1 Redundant Fail-Operational Protocol - RFOP (II).

ActionsStatus PayloadSize

Redundant rUart1 rUart2 M. Node1 M. Node2 S. Node1 S. Node2

Fig. Status Protocol

MAC Protocol

Fig. Redundant Fail-Operational Protocol (RFOP) for Wireless Channel


7. Implementation

29

7.1 Redundant Fail-Operational Protocol – RFOP (III).


Master Node1 Slave Node1

Master Node2 Slave Node2

UART-R UART-R1

RFO

P fo

r UA

RT

Status, Action, RSSI, Corr. val. , CRC, Fra. Sq., payload, Tx. Counter, Rx. counter

MAC header

RFOP for wireless

FCS..

RFO

P fo

r UA

RT

Status, Action, RSSI, Corr. val. , CRC, Fra. Sq., payload, Tx. Counter, Rx. counter

MAC header

RFOP for wireless

FCS..

RFO

P fo

r UA

RT-R

How it works?

7. Implementation (Hardware-I).

30

MSP430F5438 LCD

SPI

SPI

UART

PWR

LEDs

FET connector

Header Ports (GPIOs)


7. Implementation (Hardware-II).

31

CC2520 Radio Module

Block diagram of CC2520

Features:1. Excellent link budget (103dB).

2. Extended temp. range (-40 to +125°C).

3. DSSS transceiver.4. Three flexible power modes.5. Very good sensitivity (-98dBm).6. High adjacent channel rejection.7. 768 bytes on-chip RAM.8. 4 wires SPI and 6 configurable GPIOs.

9. Many more…


7. Implementation (Hardware-III).

32

UART connection between Node and its redundant node:


7. Implementation (Hardware-III).

33

MSP430F5438 Board

CC2520EMK


7. Implementation (Software-I).

34

• FreeRTOS used as Operating System.

• Open source and royalty free.

• Priority based preemptive scheduling.

• Same priority tasks use round-robin fashion.

• Queues, binary semaphores, counting semaphores, recursive semaphores and mutexes for communication and synchronisation between tasks, or between real time tasks and interrupts.

• Available five different memory allocation and management algorithms heap1 to heap5.

• Heap2 is favorable.

FreeRTOS

NOTE: reference from http://www.freertos.org/


7. Implementation (Software - II).

35

• Software Architecture Overview.


7. Implementation (Software - III).

36

• Software Architecture Detail.


8. Experiments(I).

37

Experiment Setup:

Master Node2Or

Redundant Node

Master Node1

Slave Node2Or

Redundant Node

Slave Node1

UART-R1UART-R

Aluminum foil

Default Channel – 12 & 19Backup Channel - 16 & 21Transmit power – 3dBmMax. Transmit Power – 5dBm


8. Experiments(II).

38

Test Case – I (UART failure):

UART1

Network

s or

Systems.

CH12

CH19

Master

Node1

Power

Supply

Sys1/Sys2

Master

Node2

UA

RT

2

UART3

Networks

or

Systems.

CH12

CH19

Slave

Node1

Power Supply

Sys3/Sys4

Slave

Node2

UA

RT

4

Master Slave

UA

RT

-R

UA

RT

-R1

Experiment Scenario 1Experiment Scenario 2


UA

RT

-R

UA

RT

-R1

8. Experiments(III).

39

Test Case – II (Node Failure):

UART1

Network

s or

Systems.

CH12

CH19

Master

Node1

Power

Supply

Sys1/Sys2

Master

Node2

UA

RT

2

UART3

Networks

or

Systems.

CH12

CH19

Slave

Node1

Power Supply

Sys3/Sys4

Slave

Node2

UA

RT

4

Master Slave

Experiment Scenario 1Experiment Scenario 2Experiment Scenario 3Experiment Scenario 4


UA

RT

-R

UA

RT

-R1

8. Experiments(IV).

40

Test Case – III (RSSI Decreases):

UART1

Network

s or

Systems. CH12

CH19

Master

Node1

Power

Supply

Sys1/Sys2

Master

Node2

UA

RT

2

UART3

Networks

or

Systems.CH12

CH19

Slave

Node1

Power Supply

Sys3/Sys4

Slave

Node2

UA

RT

4

Master Slave

Experiment Scenario 1

CH16 CH16Tx Pow. 5dBm Tx Pow. 5dBm


Tx Pow. 5dBmTx Pow. 5dBm

CH21 CH21


UA

RT

-R

UA

RT

-R1

8. Experiments(V).

41

Test Case – IV (Wireless Channel Failure):

UART1

Network

s or

Systems. CH12

CH19

Master

Node1

Power

Supply

Sys1/Sys2

Master

Node2

UA

RT

2

UART3

Networks

or

Systems.CH12

CH19

Slave

Node1

Power Supply

Sys3/Sys4

Slave

Node2

UA

RT

4

Master Slave


CH16 CH16


CH21 CH21


9. Conclusion and Further works.

42

With using parallel redundant system we can have higher reliability (ASIL D) of wireless automotive application and we have verified mathematically using our research and methodologies.

The algorithm and protocol have been designed and implemented using software architecture for controlling and monitoring nodes so that even with single point failure system works in fail-operational behavior.

Further works:

-UART connection can be replaced by wireless channel.

-Initial main component like CPU, Power supply etc. of system check before other functions start.

-Integration in eCar.


Demonstration.


Thank You All!

Any questions or suggestion?


reliability analysis of wireless automotive applications with transceiver redundancy

Automotive

approach system design

approach analysis

roshan chulyadaeeit

wired system transmission

wireless channel

design of fail

data rate bluetooth

chaotic design