Figure - available from: Real-Time Systems
This content is subject to copyright. Terms and conditions apply.
Source publication
Due to increased bandwidth and scalability demands, Ethernet technology is finding its way into recent in-vehicle networks. Tomorrow’s heterogeneous networks will feature legacy buses [e.g. controller area network (CAN) or FlexRay] as well as high-speed Ethernet devices, connected by switches and gateways. As Ethernet offers significantly larger fr...
Citations
... In terms of deterministic delay guarantee for CAN to TSN network message scheduling, Kim et al. [22] proposed a gateway architecture that supports CAN, FlexRay and Ethernet, and conducted theoretical analysis and experimental measurement of end-to-end processing delay of the gateway. Thiele et al. [23] focused mainly on message packing when forwarding messages from CAN to Ethernet, but did not delve into worst case response time and end-to-end realtime performance guarantees on heterogeneous network buses. Herber et al. [14] proposed a CAN-to-AVB Ethernet gateway, which aggregated and scheduled multiple CAN frames into a single AVB Ethernet frame through the earliest deadline first (EDF) scheduling algorithm. ...
... But this work does not extend to the TSN to CAN Ethernet gateway. The methods proposed in these studies [14], [22], [23] are for CAN-Ethernet gateways, the Ethernet type is not extended to TSN, and they mainly focus on improving the real-time performance of the network through frame aggregation without considering the network congestion problem that exists in TSN Ethernet to CAN transmission. ...
As automobiles continue to develop in the direction of intelligence and networking, the requirements for in-vehicle network bandwidth and deterministic time delay continue to increase. However, existing in-vehicle network standard protocols such as Controller Area Network (CAN) cannot meet the increasing bandwidth needs of in-vehicle networks, and Time Sensitive Networking (TSN) has emerged a research hot-spot for next-generation in-vehicle network standards. The next-generation in-vehicle network is developing towards a domain network architecture with TSN as the backbone and other conventional buses as branches. In this architecture, the TSN-CAN gateway is an important component that handles the data communication between the TSN domain and CAN. Due to the large difference in transmission rates between TSN and CAN, the TSN-CAN heterogeneous gateway suffers from congestion resulting in unguaranteed real-time transmission of messages across the gateway. To address this issue, a high response ratio priority scheduling algorithm (HRRP) for TSN-CAN gateways based on worst-case response time analysis theory is proposed in this paper. The algorithm assigns forwarding priority to CAN messages based on the value of their response ratio, and the experimental demonstrate show that the method can significantly improve the schedulability and reduce latency, improving the real-time performance of the system.
... Similar to [39], the authors in [40] propose a formal method to analyze and derive upper limits on end-to-end latencies for complex frame aggregation strategies in gateways. This is by capturing complex signal paths between domains that span multiple buses, gateways, and switches. ...
Vehicles today use a variety of network segments operated by different technologies and protocols within the car (CAN, LIN, Automotive Ethernet, MOST, FlexRay, etc.) to exchange data between different control modules, sensors, and actuators. The exchange of information between other network domains (heterogeneous networks) is enabled through various interconnection points called gateways/bridges. The resulting performance depends on its interconnection structure, network segment traffic aggregation scheme, and medium access technique. Although protocols such as CAN, LIN, FlexRay, and Ethernet have been used in network design for some time, performance modeling and analysis are still needed given the variety of traffic types and sources, new application limitations, and especially the lack of formal verification of network performance for different network scenarios and configurations. This paper presents an end-to-end throughput and delay performance analysis for a reference intra-vehicular network scenario. These models have been validated through simulations in which high correlation values were obtained from 98.7400 to 99.9999, with a low mean square error. The validation cases show that for different LIN, CAN, and Ethernet network configurations, the performance threshold values defined for most current vehicle applications are preserved. However, if the network configuration is modified, the proposed analytical models can be used to formally verify the corresponding performance and delay changes and thus validate whether or not the application requirements are met.
... Ditze et al. [26] identify three requirements that any conversion strategy should satisfy: a) adaptation between the connection-oriented IP and the message-oriented CAN policies, b) real time priority control, to allow for CAN arbitration, and c) fragmentation of IP frames to match the CAN structure. As opposed to a typical 1:1 CAN to Ethernet approach, the practicability of a multiplexed transmission is investigated by Thiele et al. [27]. They compare the effects of different multiplexing strategies on worst-case latency and gateway load and conclude that there is a trade-off, albeit optimizable. ...
To date, the development of automotive electronic control units (ECUs) has been a product of outsourcing arrangements among the OEM and their suppliers. Following each external supplier’s contribution, prototype versions of ECUs are eventually shipped to the automotive OEM for in-house integration testing. Should any device behave incorrectly, it must be successively returned to the corresponding supplier for an update. This introduces time delays in development and adds to the problem of late-development errors. In this paper, we describe challenges, our vision, and research directions for a framework that enables remote ECU integration among automotive OEM and suppliers whose locations are geographically distributed. We, furthermore, investigate aspects of the framework, identify research gaps, and outline future contributions.
... Finally, TC9 constrains the age delay in a chain of software components that is initiated at the HPC server connected to the TSN network and terminated at an ECU connected to the CAN network in the body electronics domain. This constraint cannot be fully verified as the state-of-the-art analysis does not support the flows from TSN to CAN (the other way around is supported) [78,100]. See Table 2 for further details. ...
... Joined-event models can be computed by maximum/minimum and summation as shown in [Jer05]. Furthermore, in [TSAE15], multiplexing and demultiplexing semantics have been explored in the scope of CPA. ...
... Arbitrary TCMs according to Definition 4.3.1 (including OR-joins), however, require a decomposition that employs eventmodel propagation as in conventional CPA (cf. [Jer05], [TSAE15]) at the joins. ...
In this thesis, I take up the idea of in-field integration for critical embedded systems that are subject to real-time, safety and security constraints. Component-based operating systems and service-oriented architectures already equip software systems with flexibility and adaptivity. However, in critical application domains, assurance must be provided for critical requirements, which complicates making changes after the initial deployment as these require re-verification.
Automating a significant part of the integration process so that it can be moved into the system itself could enable self-controlled updates and adaptations. Yet, the current trend towards more dynamic high-performance embedded processing platforms further increases platform complexity. The growing complexity further challenges the integration and assurance process as well as the faithfulness of model-based methods used for formal verification.
... Recent work in the area underlines applicability for industrial-scale use cases [13,28] and improves, i.e. reduces, pessimism of the estimations [18]. Related work from the second category is concerned with estimations for the time needed to propagate signal changes through the software within an ECUs. ...
Controller networks in today's automotive systems consist of more than 100 ECUs connected by various bus protocols. Seamless operation of the entire system requires a well-orchestrated interaction of these ECUs. Consequently, to ensure safety and comfort, a performance analysis is an inherent part of the engineering process. Conducting such an analysis manually is expensive, slow, and error prone. Tool support is therefore crucial, and a number of approaches have been presented. However, most work is limited to either network latencies or software latencies which results in an analysis gap at the transition between different layers of the communication stack. The work presented here introduces an approach to close this gap. Furthermore, we discuss the integration of different methods to obtain an end-to-end latency analysis.
... Recent work in the area underlines applicability for industrial-scale use cases [13,28] and improves, i.e. reduces, pessimism of the estimations [18]. Related work from the second category is concerned with estimations for the time needed to propagate signal changes through the software within an ECUs. ...
... As a long-term solution, Ethernet technology, which is capable of providing a much higher bandwidth, embraces a logical transition towards IoV [7][8][9]. Currently, there are a few Ethernet-based protocol standards for in-vehicle communications [10]. While these protocols have undergone massive advancements, the reliability of the network to respond to emergency situations in a timely manner has been the main requirement. ...
As we power through to the future, in-vehicle communications reliance on speed is becoming a challenging predicament. This is mainly due to the ever-increasing number of electronic control units (ECUs), which will continue to drain network capacity, hence further increasing bandwidth demand. For a wired network, a tradeoff between bandwidth requirement, reliability, and cost-effectiveness has been our main motivation in developing a high-speed network architecture that is based on the integration of two time-triggered protocols namely; Time Triggered Ethernet (TT-E) and Time Triggered Controller Area Network (TT-CAN). Therefore, as a visible example of an Internet of Vehicles technology, we present a time triggered communication-based network architecture. The new architecture can provide scalable integration of advanced functionalities, while maintaining safety and high reliability. To comply with the bandwidth requirement, we consider high-speed TT-Ethernet as the main bus (i.e., backbone network) where sub-networks can use more cost-effective and lower bandwidth TT-CAN to communicate with other entities in the network via a gateway. The main challenge in the proposed network architecture has been to resolve interoperability between two entirely different time-triggered protocols, especially in terms of timing and synchronization. In this paper, we first explore the main key drivers of the proposed architecture, which are bandwidth, reliability, and timeliness. We then demonstrate the effectiveness of our gateway design in providing full interoperability between the two time-triggered protocols.
... After that, the concept of frame preemptions was also analysed from the real-time perspective [TE16b]. Finally, the software-defined networking (SDN) concept for Ethernet was investigated [TE16a] as well as the gateway strategies for CAN-to-Ethernet networks [TSAE15]. ...
... State-of-the-art As previously mentioned, the gateway strategies for CAN-to-Ethernet gateways have already been investigated [TSAE15], while gateways connecting other network types are likely to be studied in the near future. ...
Safety-critical systems have become part of our daily life, for example, braking control in cars, controllers in aircraft, wind turbines, and trains, etc. A system failure or malfunction of these systems can cause death, serious injury to people, loss/severe damage to equipment/property, or environmental harm. An increasingly important trend is Mixed-Criticality Systems (MCS), which combines safety criticalcomponents with components that need a lower level of assurance for failure. With increasing demands from the consumers, services like infotainment that need no certification are also required to be combined with safety-critical components. The design ofMCSis becoming increasingly difficult due to the adoption of COTS multicore and manycore devices. COTS multicore and manycore device designs are driven by large consumer segments like mobile phones, laptops, etc.; they do not take into account requirements posed by MCS in systems. With increasing demands for connected systems and the emergence of Internet-based technologies like cloud computing, IoT, etc. and related technologies like Industry 4.0, autonomous cars, etc., the traditionallyisolatedMCSsystems now have to combine stringent real-time and reliability requirements with the need for an open-world assumption. As a result, they should not only consider safety but also security. The above trends, combined with closed hardware design, have made the process of certification for MCS difficult, expensive and time-consuming. This white paper outlines the research challenges and problems not solved in DREAMS wrt.MCS.It is a result of the road-mapping process done during the DREAMS project with inputs from the projectpartners and the MCS community. It is meant to act as a guide forMCSresearch in the next 5–10years.
... The proposed method can obtain a shorter transmission delay and ensure a higher transmission success rate. The timing impact introduced by various CAN/Ethernet multiplexing strategies at the gateways is determined [12]. They present a formal analysis method to derive upper bounds on end-to-end latencies for complex multiplexing strategies, which is the key for the design of safety-critical real-time systems. ...
This paper proposes “An Integrated Self-diagnosis System (ISS) for an Autonomous Vehicle based on an Internet of Things (IoT) Gateway and Deep Learning” that collects information from the sensors of an autonomous vehicle, diagnoses itself, and the influence between its parts by using Deep Learning and informs the driver of the result. The ISS consists of three modules. The first In-Vehicle Gateway Module (In-VGM) collects the data from the in-vehicle sensors, consisting of media data like a black box, driving radar, and the control messages of the vehicle, and transfers each of the data collected through each Controller Area Network (CAN), FlexRay, and Media Oriented Systems Transport (MOST) protocols to the on-board diagnostics (OBD) or the actuators. The data collected from the in-vehicle sensors is transferred to the CAN or FlexRay protocol and the media data collected while driving is transferred to the MOST protocol. Various types of messages transferred are transformed into a destination protocol message type. The second Optimized Deep Learning Module (ODLM) creates the Training Dataset on the basis of the data collected from the in-vehicle sensors and reasons the risk of the vehicle parts and consumables and the risk of the other parts influenced by a defective part. It diagnoses the vehicle’s total condition risk. The third Data Processing Module (DPM) is based on Edge Computing and has an Edge Computing based Self-diagnosis Service (ECSS) to improve the self-diagnosis speed and reduce the system overhead, while a V2X based Accident Notification Service (VANS) informs the adjacent vehicles and infrastructures of the self-diagnosis result analyzed by the OBD. This paper improves upon the simultaneous message transmission efficiency through the In-VGM by 15.25% and diminishes the learning error rate of a Neural Network algorithm through the ODLM by about 5.5%. Therefore, in addition, by transferring the self-diagnosis information and by managing the time to replace the car parts of an autonomous driving vehicle safely, this reduces loss of life and overall cost.
