Font Size: a A A

The Research On Safety-Critical Real-time Communication Protocols

Posted on:2012-05-29Degree:DoctorType:Dissertation
Country:ChinaCandidate:C J LiFull Text:PDF
GTID:1228330368993856Subject:Applied Mathematics
Abstract/Summary:PDF Full Text Request
Nowadays, real-time computing and communication technology have been widely deployed in safety-critical systems, such as aerospace, defense, transportation, nu-clear power-stations and health-care. Time-triggered architecture (TTA) as well as time-triggered protocol (TTP) has been widely accepted in safety-critical systems, due to its predictability, temporal composability and replica determinism. However, the research on improvement of flexibility and average resource utilization of TTP is still ongoing, developing several new protocols such as Byteflight and FlexRay, which clearly shows the need for more flexibility as well as improved utilization to reach wider acceptance. Though these protocols improve the flexibility of TTP, they not only jeopardize the safety capabilities of TTP, but also do not address the safety-related issue on complexity of protocol design and formal validation. In addi-tion, TTP can not be independent of TTA deploying on the top of COTS networks, such as Ethernet, because its fault hypothesis depends on the system architecture. Such issue is remained in Byteflight and FlexRay.In this thesis, a new real-time communication protocol-Node Order Proto-col, is proposed. which is based on node order concept. Further, from the node order perspective, the existing protocols can be classified as two categories:non-node ordered and node ordered. The most important design principle of NOP is the inversion of the correlation between global time and the communication protocol layer. The existing node order protocols are all based on global time to establish the transmission order. While NOP design swaps these two layers, which makes the transmission order the basis of global time. Thus NOP establishes the arbitra-tion and the transmission control mechanism independent of global time, turning time-triggered communication semantics into event-triggered. And what is most important is that NOP can maintain the same safety capability of time-triggered protocols with better flexibility and resource utilization.In this thesis, the NOP design is described in detail, emphasizing on error detection and diagnosis mechanisms based on event-triggered model. Unlike time-triggered protocols, such as TTP. NOP detects and diagnoses errors by itself without the assumption on failure modes of a faulty node and on system model, which not only enhances its fault coverage but also improves its composability. In the early phase of the protocol design, the safety assessment is integrated to validate the correctness of protocol design and reduce the possibility of design fault. In this procedure, Failure Mode & Effect Analysis (FMEA) is complemental with model checking to form the static and dynamic analysis framework. The core of the pro-cedure is controlling the complexity and reducing it. In the case of performance evaluation, theoretic analysis and prototype testing are done in parallel. The anal-ysis results show that the worst case response time is bounded even at the peak network load when each node has a ready message with maximum size to be trans-mitted in its turn. And more important, in such scenario, protocol latency is with less jitter. Especially, network throughput reaches its maximum, which is about 9.5Mbps in 10Mbps Ethernet. This result further.confirms that NOP, different from the traditional event-triggered protocols, such as CAN, is designed for worst case. At the same time, it outperforms the time-triggered protocol by saturating the net-work if possible. The interface of NOP in the value domain and in the time domain is analyzed and derived from the worst-case latency. When the nodes can be inte-grated based on the worst-case temporal behavior, and then temporal composability can be supported by NOP. Moreover, NOP design is independent of the underlying network, which facilitates the capability of the composability with COTS networks, such as Ethernet. At the same time, NOP can guarantee replica determinism in event-triggered model by eliminating non-deterministic time-related factors. The consistent order of input messages and observed events (e.g. timeout events) guar-antees the consistent protocol status among correct nodes within a given interval. Thus, the active redundant system can be implemented on the top of NOP, such as Triple Redundancy Modular (TMR).NOP protocol uses a new design principle combining the features of time-triggered protocols and event-triggered protocols, which preserves the safety features with flexibility and effectiveness of resource utilization. The outstanding merits of NOP makes it a potential option to be used in the safety-critical system with node order requirement, which adopts a low flexibility or low network bandwidth time-triggered protocol at present, such as a TMR redundant system.
Keywords/Search Tags:Safety-critical system, functional safety, time-triggered protocol, event-triggered protocol, formal verification, composability, fault tolerance
PDF Full Text Request
Related items