New version page

Experiences with CANoe-based Fault Injection for AUTOSAR

Upgrade to remove ads

This preview shows page 1-2-3-4-5-34-35-36-37-68-69-70-71-72 out of 72 pages.

Save
View Full Document
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 72 pages.
Access to all documents
Download any document
Ad free experience

Upgrade to remove ads
Unformatted text preview:

Experiences*with*CANoe2Based*Fault2Injec;on*for*AUTOSAR*Patrick*E.*Lanigan*([email protected])Patrick E. Lanigan, Priya NarasimhanElectrical & Computer EngineeringCarnegie Mellon UniversityExperiences with CANoe-based Fault Injection for AUTOSARThomas E. FuhrmanResearch & DevelopmentGeneral Motors Company1Experiences*with*CANoe2Based*Fault2Injec;on*for*AUTOSAR*Patrick*E.*L ani gan*([email protected])WHAT TO EXPECT•A brief overview of automotive systems / tools–AUTOSAR–FlexRay–Vector CANoe•A description of a proof-of-concept software-implemented fault-injection framework•An example application of the framework•A qualitative discussion of the what worked well, as well as what did not work so well.2Experiences*with*CANoe2Based*Fault2Injec;on*for*AUTOSAR*Patrick*E.*L ani gan*([email protected])WHAT NOT TO EXPECT•A dependability evaluation of the...–AUTOSAR specification–AUTOSAR implementation–FlexRay protocol–demo application•A discussion of specific fault-models•A coverage assessment•A quantitative analysis3Experiences*with*CANoe2Based*Fault2Injec;on*for*AUTOSAR*Patrick*E.*L ani gan*([email protected])ROADMAP•Introduction–Overview of automotive systems–Motivation–Goals•Fault-injection framework•Runtime evaluation•Conclusion4Experiences*with*CANoe2Based*Fault2Injec;on*for*AUTOSAR*Patrick*E.*L ani gan*([email protected])AUTOMOTIVE SYSTEMS•What is an “automotive system”?–Many mechanical, hydraulic and electrical (incl. hardware and software) components interact to perform vehicle functions–Operates in a dynamic environment (other vehicles, pedestrians, animals, etc)•Our focus is on the embedded computing architecture–Electronic Control Units (ECUs) and software–Distributed, serial communication(e.g. CAN, FlexRay)–Sensors and actuators5Experiences*with*CANoe2Based*Fault2Injec;on*for*AUTOSAR*Patrick*E.*L ani gan*([email protected])Electronics account for significant and increasing proportion of innovation as well as cost.BACKGROUND: AUTOSAR•Standard software-architecture for automotive applications–Encourage reuse of software–Reduce development costs•Layered architecture–Basic Software (BSW) layers provide hardware abstractions–Application layer implements high-level functionality–Runtime Environment (RTE) layer enables information exchange6Page 13-AUTOSAR Confidential -Layered Software ArchitectureV2.2.2R3.1 Rev 0001Document ID 053Part 2 – Overview of Software Layers ID: 02-02 Layered View: CoarseComplexDriversMicrocontrollerMicrocontroller Abstraction LayerServices LayerApplication LayerAUTOSAR Runtime Environment (RTE)ECU Abstraction LayerSource: AUTOSAR Layered Software Architecture, Document ID 053, p. 13.http://www.autosar.org/download/R4.0/AUTOSAR_EXP_LayeredSoftwareArchitecture.pdfExperiences*with*CANoe2Based*Fault2Injec;on*for*AUTOSAR*Patrick*E.*L ani gan*([email protected])BACKGROUND: FLEXRAY•High-speed, synchronous serial communication protocol–Communication schedule is divided into equal-length time slots and executed periodically–Slots are statically assigned to nodes–Support for dual channels (up to 10 mbps each)•FlexRay nodes are synchronized to a global time-base7FlexRay Protocol Specification Version 2.1 Revision A 15-December-2005Chapter 5: Media Access ControlPage 102 of 245 The media access procedure is specified by means of the media access process for channel A. The nodeshall contain an equivalent media access process for channel B.5.1.3 Static segmentWithin the static segment a static time division multiple access scheme is applied to coordinate transmis-sions. 5.1.3.1 Structure of the static segmentIn the static segment all communication slots are of identical, statically configured duration and all framesare of identical, statically configured length.For communication within the static segment the following constraints apply:1. Sync frames shall be transmitted on all connected channels.2. Non-sync frames may be transmitted on either channel, or both.3. Only one node shall transmit a given frame ID on a given channel.564. If the cluster is configured for single slot mode, all non-sync nodes shall designate a frame as the sin-gle slot frame.5.1.3.2 Execution and timing of the static segmentIn order to schedule transmissions each node maintains a slot counter state variable vSlotCounter forchannel A and a slot counter state variable vSlotCounter for channel B. Both slot counters are initializedwith 1 at the start of each communication cycle and incremented at the end boundary of each slot.Figure 5-3 illustrates all transmission patterns that are possible for a single node within the static segment.In slot 1 the node transmits a frame on channel A and a frame on channel B. In slot 2 the node transmits aframe only on channel A57. In slot 3 no frame is transmitted on either channel.Figure 5-3: Structure of the static segment.The number of static slots gNumberOfStaticSlots is a global constant for a given cluster.56 This requirement applies to the entire operation of the cluster, as opposed to only a single cycle. For example, it is not acceptable to configure a cluster such that different nodes transmit in the same slot/channel combination in different cycles.57 Analogously, transmitting only on channel B is also allowed.channel Achannel Bframe ID 1frame ID 1frame ID 2static segment containing gNumberOfStaticSlots static slotsstatic slot 1 static slot 2 static slot 3t112233slot counter channel Aslot counter channel BRegistered copy for [email protected]: FlexRay Consortium, FlexRay Protocol Specification, V2.1, p 102http://www.flexray.comExperiences*with*CANoe2Based*Fault2Injec;on*for*AUTOSAR*Patrick*E.*L ani gan*([email protected])An increasing amount of control and autonomy is being delegated to embedded computing architectures.AUTOMOTIVE SYSTEMS (CONT.)•Adaptive cruise control•Forward collision warning•Curve speed control•Side blind zone alert•Lane keeping / lane centering control•Cross traffic collision avoidance8Experiences*with*CANoe2Based*Fault2Injec;on*for*AUTOSAR*Patrick*E.*L ani gan*([email protected])MOTIVATION FOR OUR FRAMEWORK•AUTOSAR is likely to be a key enabler of functional safety systems•Fault-injection plays an important role in the dependability analysis of such systems–“Highly recommended” by upcoming ISO 26262 standard•Hardware-based fault injection requires specialized equipment


Download Experiences with CANoe-based Fault Injection for AUTOSAR
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Experiences with CANoe-based Fault Injection for AUTOSAR and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Experiences with CANoe-based Fault Injection for AUTOSAR 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?