Marie-agnès Peraldi-Frati- UNSA 1
Cours Mastere SE / Stream01-EPU-SI 3
1
STREAM01 Course / Mastère SE
Distributed embedded Systems and Real-time networks
Marie-Agnès Peraldi-FratiAOSTE Project
UNSA- CNRS-INRIA
December 2007
2
Course Schedule
Evolutions in real-time architecture (C)
Real-time Communications (C )
Standards AUTOSAR and OSEK/VDX : A Real-time Middleware (C)
Example of RealTime embedded protocols Time triggered Protocol : TTP (C, TD)
An asynchronous network : CAN/VAN protocol (C-TD-TP)
Marie-agnès Peraldi-Frati- UNSA 2
Cours Mastere SE / Stream01-EPU-SI 3
3
Plan
Evolutions in real-time architectureReal-time control system design exampleReal-time control systems characteristicsCentralized vs distributed architecture «Event triggered » vs. «Time triggered» systemTechnical context Examples : Automotive, mobile robots, avionicDesign methodology in automotive
4
Control system block diagram
Controller + controlled systemEvent triggered, Continuous time, HierarchyFeedforward and Feedback control loopsWell established mathematical theory
Marie-agnès Peraldi-Frati- UNSA 3
Cours Mastere SE / Stream01-EPU-SI 3
5
Control system Implementation
Engine Control SystemABS/ESP Brake by wire Steer by wire
Mapping of function to hardware and
software components controler
controler
controler
6
Control system mapping
Engine Control System
Engine Control system Brake Control system
Marie-agnès Peraldi-Frati- UNSA 4
Cours Mastere SE / Stream01-EPU-SI 3
7
Gasoline engine hardware architecture
8
Real-time system characteristics ?
Events are emitted by the process and their occurrences are imposed to the controller. Interaction with the environment
Reactivity
Measures are permanently emitted by the controlled system.Measures are received by the controller at a rate determined by itselfCommands are permanently received by the processCommands are emitted by the controller at a rate determined by itself.
Marie-agnès Peraldi-Frati- UNSA 5
Cours Mastere SE / Stream01-EPU-SI 3
9
Hard RTS Timing problems
Response time, Execution time, Blocking ,Scheduling, Arbitration, Transmission time, Jitters, Transient error, Etc …
Safety : absence of catastrophic consequences on the user and the environment
Reliability : continuity of correct serviceComplexity
10
Centralized – « Dispersed » - Distributed
Determined by the granularity and the physical distribution of components and computers.
Centralized
• One computer connected to a set of Input/Output channels
• “Old-style” for embedded systems before the low-cost microcontrollers.
Contrôleur Processus
Capteurs
Actionneurs
Marie-agnès Peraldi-Frati- UNSA 6
Cours Mastere SE / Stream01-EPU-SI 3
11
Advantages of a centralized system
Simple programming model CPU is a central element
Variation of the power depends of the needs. Computers are maintain in a safe and secure space Protection to external elements : fire, temperature
Central management : modifications must be done only on a single machine
The evolution depends only on the number of available racks. Any of these reasons might be sufficient to justify a centralized system
12
Centralized - Dispersed - Distributed
Multiple CPU and Input/output devices on a single computer A single common memory spaceCommunication between modules using a shared memory (Blackboard)
Marie-agnès Peraldi-Frati- UNSA 7
Cours Mastere SE / Stream01-EPU-SI 3
13
Centralized or Dispersed or Distributed
Dispersed“Multiple” computers ( 2- 10) architectureEach one with input/output capabilities Limited communications between computers
Contrôleur 1
Processus
Contrôleur 2
14
Centralized vs. Dispersed vs. Distributed
DistributedProcessus
Controller 1 Controller 2 Controller 3
Communication link
Marie-agnès Peraldi-Frati- UNSA 8
Cours Mastere SE / Stream01-EPU-SI 3
15
An example of distributed embedded system
• Multiple controllers connected to their multiple I/O
• Communication between modules by message passing
16
Centralized, Dispersed or Distributed
DistributedComputer with input/output modules Multiple computers (until hundred computers)Few input/output channels by computer
A controller by equipmentIntelligent sensors/actuators Central components of the system : Input/Output
Marie-agnès Peraldi-Frati- UNSA 9
Cours Mastere SE / Stream01-EPU-SI 3
17
Benefit of distributed systems
Modularity in the design phaseMultiple teams conceive each node of the system (Car part manufacturer, IP integration in electronics)Well-defined, tightly enforced interface (system message formats)Independent « Upgrade » of modules that limit effect of changes on rest of system
Modularity at the resource level Reduction of the competition for the use of resources.Incremental addition of I/O and microcontrollers in the architecture.
18
Benefit of distributed systems
Modularity for the validation/test
Worst case evaluation time is more easy one module by one. Modularity in the certification ( Avionic DO-178B Level A, IEC 61508 SIL3/SIL4) Limitation of the certification to critical modules (X-By-Wire in automotive New IEC certification : AUTOSAR)
Marie-agnès Peraldi-Frati- UNSA 10
Cours Mastere SE / Stream01-EPU-SI 3
19
Benefit of distributed systems
Diagnosis is more simpler to establishContainment of faults on nodes Useful for systems with frequent errors on cabling.
Controller ProcessActuators
Error ? Error ?
Error ?
Where is the problem ?
C 1 C. 2 C3
Network cutted
Sensors and Actuators OK I hear C2 but
not C1
Sensors and Actuators OK I hear C3 but
not C1
Sensors and Actuators OK I hear neither
C2 nor C3
20
Benefits of distributed system
Simplicity in the cabling and the hardware maintenanceOne-wire cabling instead of numerous wire lines. Simplified connectivitySubstitution of nodes with failures “online”The system can continue in a degraded operational mode with a failure nodeIn case of failure possibility of error confinement
Marie-agnès Peraldi-Frati- UNSA 11
Cours Mastere SE / Stream01-EPU-SI 3
21
Benefits of a distributed system
Fault tolerance One single point of failure in a centralized system In a distributed potential fault recovery mechanismsA defection of one node may not imply the defection of all the system.
22
Input/output management
Event Triggered• system must reacts to significant external events directly and immediately.
• external Events arrive in a sporadic way
• Closed to “interrupt- driven I/O”
• Efficient – treatments are only executed if necessary
• Concurrency problem – What’s happen if all potential events arrive concurrently ?
Marie-agnès Peraldi-Frati- UNSA 12
Cours Mastere SE / Stream01-EPU-SI 3
23
Inputs/Outputs management
Time-triggered• system must reacts to significant external events at pre-
specified instants.• Events arrive according to a scheduling (fixed or variable
scheduling)• Closed to the “I/O polling”• Sometimes inefficient – Treatments are executed in a
periodic way even if it is not necessary.• Calculable load – for the full system
24
Communications in distributed systems
Event-Triggered protocolsCommunications are initiated when a “send” message is received. Problem of multiple access ,Events arrive in a sporadic manner
Time-triggered protocols
Communication are triggered at pre-specified periodic instants.Message sending is periodic Message carry the newest informationMessage lost is not a big problemMessage update is detected thanks to a modification of its value.
Marie-agnès Peraldi-Frati- UNSA 13
Cours Mastere SE / Stream01-EPU-SI 3
25
Applications domains of distributedRTS
Automotive systemsEngine/steering/brake functions :Comfort functions, body electronic functionsMaintenance
Control system, Embedded control/commandAutomated production system Robotics
AvionicAvionic architecture Specific communication buses
System on Chip …
26
Example : Evolutions of electronics in automotive systems
Old style : A centralized power control command Actuators are triggered using electro mechanical relaysPoint to point wire connections
New architecture : distributed numerical controllers with command of multiple sensors/actuators
Local cabling between ECU (Electronic Control Unit) and its sensors/actuators. Global cabling between ECUsLow power energy is managed by ECU, relays are in charge of distributing high level power.
Marie-agnès Peraldi-Frati- UNSA 14
Cours Mastere SE / Stream01-EPU-SI 3
27
Evolution in automotive
Past[Kassadian96]
28
Evolution in automotive
Recent past[Kassadian96]
Marie-agnès Peraldi-Frati- UNSA 15
Cours Mastere SE / Stream01-EPU-SI 3
29
Evolution in automotive
Present
ECU
ECU
ECU ECU ECU
ECU
ECU
ECUECUECU
[Kassadian96]
30
Embedded system in automotive
Electronics represent 20% of a vehicle price 80% of innovations are due to electronics Control and command laws are more complexes
ESP : Electronic Stability Program CGC : Chassis controlACC : Automatic cruise control
Coupling between the different control elements Brakes, suspensions, engine …
Mechanical command are replaced by electronics commandsX by Wire
Marie-agnès Peraldi-Frati- UNSA 16
Cours Mastere SE / Stream01-EPU-SI 3
31
The Peugeot 607 PSA electronic architecture
Up to 24 electronic equipment’s are connected through 5 electronic busses
CAN intersystem networkVAN Comfort networkVAN body network 1 dedicated to highly safety critical functions ( airbags, headlights switching , … )VAN body network 2 for the other functions (door control, seat control, fuel additivation requested by particle filter for multi valve diesel engine …)An optical data link for large data transfer between navigation system and the multifunction display
Copyright PSA Peugeot Citroen
32
PSA electrical electronic architecture
Based Bi-VAN – CAN – optical fibre networksImmediate consequence on wiring
Citroën Xantia number of wires : 670 in previous version 429 in actual version -39%
Peugeot 306 number of wires635 in previous version 373 in actual version -41%
Copyright PSA Peugeot Citroen
Marie-agnès Peraldi-Frati- UNSA 17
Cours Mastere SE / Stream01-EPU-SI 3
33
Technological context in automotive
Functional : ArchitecturalInteraction between systems Flexibility
Complexity !
34
Functional complexity
Systems size
Number of automatic control laws
Coupling between controllers
CourtoisieJ.P.Elloy - Irccyn
Marie-agnès Peraldi-Frati- UNSA 18
Cours Mastere SE / Stream01-EPU-SI 3
35
Example of Knock: The Physical phenomenon
Spark ignition engine phases: Intake, Compression, Explosion, Exhaust
At end of compression, a spark is generated to ignite air/fuel mixture. Under particular conditions, a second ignition point is auto-generated. This causes a 2nd combustion.When the 2 flame fronts are crossing each-other, pressure is increasing quickly.
=> KNOCK
36
Illustrating Engine Knock
Fresh Compressed Mixture
Cylinder Head
Spark Plug
Flame Front
Desired Combustion Knocking
Auto Ignition
Knocking
Courtesy A. Albinet SiemensVDO
Marie-agnès Peraldi-Frati- UNSA 19
Cours Mastere SE / Stream01-EPU-SI 3
37
Functional complexity
Multiple sampling asynchronous periodsRégulation AirFuel : Lambda sensor, Gas : vanne EGAS
Sampling periods with variationKnock sensor acquisition : Hertz
Engine Rotation Speed : CAMShaft rotation
Event-triggered sampling Epuration du catalyseur à accumulateur : richesseKnock control : Knock detection; Ignition angle correction.
38
Architectural complexity
Number and heterogeneity of numerical controllers
Multiplicity of networks
Engine controller
Gear Box controller
Powertrainnetwork
Comfort network
CourtoisieJ.P.Elloy - Irccyn
Marie-agnès Peraldi-Frati- UNSA 20
Cours Mastere SE / Stream01-EPU-SI 3
39
Architectural complexity
Synchronization by data handlingVehicle speed : tachymeter, Engine torque : induction sensor
Connection between networks (bridge) :Vehicle speed : engine and brake network, comfort network
Airbag sub-networkFault tolerance and recovery from errors
Fault recovery : lost of tachymeter measures => re-emission Engine torque information + Gear Box => Robotized Gear Box
40
Complexity of interactions between systems
Co-operation of functionalities : new functionalities
Light controlled by the windscreen wiper speed and the ignition key
Functionalities Inclusion :
ABS => ESPAnti-lock Braking System Electronic Stability Program
Steering-wheel sensor
Yaw-rate sensorCourtoisieJ.P.Elloy - Irccyn
Marie-agnès Peraldi-Frati- UNSA 21
Cours Mastere SE / Stream01-EPU-SI 3
41
Complexity of interactions between systemsPower train functions
Engine - Brake Steering - Gear box Suspension - Clutch
Comfort functions
Continuous wiper speed depending on the weather and the vehicle speedVolume detection in the cockpit for airbag Intelligent lighting systempower-assisted steering
Security functionsDetection of hypo vigilance of the driverObstacle detection and assistance to braking
42
Complexity of interactions between systems
Common synchronization mechanismsEvents, commands, Rendez-vous ….
Standardized access to vehicle data. Time Stamped data Blackboard, Mailbox, ports, multi-cast
Freshness of data , temporal consistency
Templates for cooperationClient-server architecture
Marie-agnès Peraldi-Frati- UNSA 22
Cours Mastere SE / Stream01-EPU-SI 3
43
Complexity of interactions between systems
VehicleGamme G, VersionV, Year A2
Flexibility in the projectionECU ComputerC: sensorA : actuator
VehicleGamme G, VersionV, Year A1
CourtoisieJ.P.Elloy - Irccyn
44
Complexity linked to flexibility
Flexibility Integration of new servicesEvolution of componentsHardware optimization
CourtoisieJ.P.Elloy - Irccyn
Marie-agnès Peraldi-Frati- UNSA 23
Cours Mastere SE / Stream01-EPU-SI 3
45
Complexity linked to flexibilityFlexibility due to
variabilityAd’hoc vehiclesVariability in the commercial proposal
Courtoisie J.P.Elloy - Irccyn
46
Complexity linked to flexibility – diversity
Flexibility in the projection of functions onto hardware .Diversification of configurations
Access to data independent from the projection Middleware => data locations are transparent for the designer.
Causal relations must be ensured : independent from the projection Event-driven, data-driven, time-triggered protocols
Management of functions : absence/ presence Supervision, degraded modes
Marie-agnès Peraldi-Frati- UNSA 24
Cours Mastere SE / Stream01-EPU-SI 3
47
Example of robotique application : Cycab
Electrical VehicleDesigned for circulation in restricted area
Urban zoneRailway station / airport University Touristic zone
Vehicles designed to be used in a safe and simple mode :
Access with magnetic card Driving assistance using a joystick Automatic park and battery energy reload Availability from one point to another Multimedia information terminal
48
Cycab equipements
Borne de recharge par induction fixée sur la voirie
Caméra CCD pour la téléopération
Joystick central de commande pour la conduite sécurisée
Terminal multimédia
Caméra linéaire pour la conduite en train
Balises infra rouges pour la conduite en train
Capteurs ultrasons pour la détection d’obstacles
Vérin de direction électrique
moteur électrique par rouefrein électrique par roue
batteries + gestionnaire automatique de charge
Marie-agnès Peraldi-Frati- UNSA 25
Cours Mastere SE / Stream01-EPU-SI 3
49
Cycab architecture
Control and command of 9 motorsAn distributed hardware architecture : 3 intelligent nodes
One Steering node that control the joystick and the steering actuatortwowheel drive nodes that control the wheel drive motors and brakes
An industrial PC manage the finger touch screen A MVME162 microcontroller with VxWorks operating system for implementing control motor laws Communication between nodes with a fielbusControllerArea Network (CAN).Ultasonics sensors and the CCD camera are connected on the CAN bus.
50
Cycab architecture
Marie-agnès Peraldi-Frati- UNSA 26
Cours Mastere SE / Stream01-EPU-SI 3
51
Avionic first class concepts
SIL 4Safety Dependability Certification Redundancy
52
Classical Avionic architecture
A340 Black boxed functionalities Single emission bus Isolated functionalitiesMulti suppliers for functionalities
ConventionalAvionics
(several LRU Suppliers)
Marie-agnès Peraldi-Frati- UNSA 27
Cours Mastere SE / Stream01-EPU-SI 3
53
Classical avionic architecture
54
IMA Avionic architecture
A380 IMA (Integrated Modular Avionic)Complexity increase
Number of FunctionalitiesCommunication increaseBuses arinc, ethernet commuté full duplex
Marie-agnès Peraldi-Frati- UNSA 28
Cours Mastere SE / Stream01-EPU-SI 3
55
IMA A380 architrecture
56
Design methodology for DRTSSystem requirement process
What the system will do : Functional/Non functionalWhat is the environment Hierarchical description Refinement of requirementsTraceability links
Software architecture processElicitation of functionalities Control flow and data flow between functionsTemporal constraints on functionsControl view / software view / implementation view Reaction in case of errors (Degraded mode of computation, Critical situations : Fault tolerance : To preserve the operational capacity of the system, Redundancy of hardware components.
Marie-agnès Peraldi-Frati- UNSA 29
Cours Mastere SE / Stream01-EPU-SI 3
57
Design methodologyHardware architecture process
Computation resources (CPU, memory, ASIC…)Communication resources (protocols, interfaces … ) OS and middleware
Implementation process Allocation Automatic code generationPreserve propertiesTake into account physical architecture parametersOS compatible with specifications ?
58
Methodology in automotive control design
Courtoisie J.P.Elloy - Irccyn
Decomposition into different layers
Marie-agnès Peraldi-Frati- UNSA 30
Cours Mastere SE / Stream01-EPU-SI 3
59
Functional layer
Functions and sub-fonctions : what the system do ?
F1
F2
F3
F1.1 F1.2
F1.3Sensor #2
Sensor #1
Actuator #3
Sub-functions : Can be shared by different functions
Non-definedActuator
60
Software layer : specific componentsProjection of functions on specific software components
Notion of servicesServices are provided by multiple components
LDM : local drivers for sensors and actuatorsASC : application software components
CourtoisieJ.P.Elloy - Irccyn
Marie-agnès Peraldi-Frati- UNSA 31
Cours Mastere SE / Stream01-EPU-SI 3
61
Hardware/Software layers : dedicatedcomponents
Hardware components : Sensors-ActuatorsECU: Electronical Control UnitNetwork
Software components :
DriversProtocols , Exchange systemOS
ECU Network
Driver Com-SC OS-SCICEM
62
Operational layer
Projection of functional components onto hardware and software
CourtoisieJ.P.Elloy - Irccyn
Marie-agnès Peraldi-Frati- UNSA 32
Cours Mastere SE / Stream01-EPU-SI 3
63
Operational layer
Control and data flow connections
CourtoisieJ.P.Elloy - Irccyn
#1
#2
#3
#4
#5
#6
64
Deployment phase
Courtoisie J.P.Elloy - Irccyn
Projection of synchronizations and communication onto OS and network primitives
Deployment of components into logical tasks Transformation of logical tasks into
executable tasks
Marie-agnès Peraldi-Frati- UNSA 33
Cours Mastere SE / Stream01-EPU-SI 3
65
Operational view of an ECU
Courtoisie J.P.Elloy - Irccyn
#1
#4
#2
#5
#6
#2 #4
#5
#6#3
A
Bb a
ba
66
Conclusion
Pros and cons of distributed real-time systems Definitely distributed !Modular, fault tolerant, reduction of cabling cost, reconfiguration…Necessity of “ad’hoc” methodology and tools for taking into account, Physical characteristics, Determinism, Fault tolerance at the system level
We will focus on communications protocols and middleware in automotive
Realtime networksWhat is the level of service of these networks ? What are the response of these networks to determinism, fault tolerance,
temporal validation…?
Marie-agnès Peraldi-Frati- UNSA 34
Cours Mastere SE / Stream01-EPU-SI 3
67
Plan of course 2
Realtime CommunicationsSTANDARD
OSEK/VDX standardAUTOSAR
ISO and realtimeMedium Access Protocols
68
Thanks
Jean pierre Elloy –Professor Irccyn Nantes for itsdocumentation about automotive design informationsYvon Trinquet – Professor Irccyn Nantes for documentation about OSEK/VDX
Marie-agnès Peraldi-Frati- UNSA 35
Cours Mastere SE / Stream01-EPU-SI 3
69
Réferences
• H. Kopetz, Real-Time Systems : Design Principles for Distributed Embedded Applications, Kluwer, 1997.• Autosar Automotive Open System Architecture, www.autosar.org• EAST ADL EAST-EEA Architecture Description Language www.east-eea.net
70
Trends for the future
Electrical Electronic architecture deployment
Copyright PSA Peugeot Citroen
1999 2000 2001 2002 2003 2004 2005
Marie-agnès Peraldi-Frati- UNSA 36
Cours Mastere SE / Stream01-EPU-SI 3
71
Caractérisation des communicationstemps réel
Latence du protocole : c’est l’intervalle de temps entre le début d’une transmission d’un message au niveau du CNI (Network Communication Interface)du nœud émetteur et la réception par le CNI du nœud récepteur. Jitter :
72
Embedded distributed system
Brakes Steering Suspension Engine Gear box Transmission
Supervision
Vehicle Electrical energy control
Contrôle de châssis
Steering
controlExecutionController
Heat-energy control