novel communication and system constructs for integrated … · platoons, vanets, clusters, …...

G. Le Lann VCA Workshop 2012 COST IC0906 WiNeMO School 2012 1

Novel Communication and System Constructs

for Integrated Safety and Efficiency in

Intelligent Vehicular Networks

Gérard Le Lann

INRIA – IMARA Team

[email protected]

Intelligent Vehicular Networks

Platoons, VANETs, clusters, … comprising fully automated

cooperative « smart » vehicles

1st International Workshop on Vehicular Communications and Applications

Cyprus, 18 June 2012

G. Le Lann VCA Workshop 2012 COST IC0906 WiNeMO School 2012

Presentation

0. Motivations – Safety requirements – System model 1. Safety and efficiency issues in stationary scenarios Problem and solution (cohorts) 2. Safety issues in transitory scenarios Problem and solution (groups)

3. Open problems & widespread beliefs (V2V communications)

Reliable Bcast, Mcast, Geocast, Convergecast protocols for safety-critical

scenarios

Weaknesses of existing/published MAC protocols for V2V/V2I safety-

critical communications

Hints for solutions

2


Efficiency

High vehicular network compactness, high asphalt utilization ratio,

small inter-vehicle spacing.

Safety (sécurité-innocuité)

Probability or likelihood of experiencing some “damage” while

using, or being part of, a system: lower than some infinitesimally

small threshold.

Mandatory in every safety-critical (SC) domain. Air transportation:

safety figures have a lower bound in the order of 1-10-9 per hour.

“Damage” is application-dependent (environmental catastrophes,

human casualties, destructions of species, of property,…).

Safety vs. Efficiency on Roads and Highways


Safety vs. Efficiency on Roads and Highways

≈ 120 km/h

What if B’s longitudinal telemetry function fails, and

R decelerates abruptly? (Beyond ISO 26262)

R ≈ 3 m spacing B


Criteria

Platoons

VANETs

Efficiency

yes

no

Safety % failuresSafety % failures

??

??

Strong features

rigorous definitions platoon is a structuring construct proofs (e.g., kinematics)

ad hoc mirrors reality communications an integral part of VANETs

Limitations

complexity communications are an add-on

no rigorous definitions (clusters, … ?) lack of structuring constructs simulations, few proofs

New constructs (building upon platoons and VANETs)

needed for reconciling efficiency and safety


Something else? We have been here before…

Lack of appropriate structuring concepts/constructs , definitions, is an

impediment to proving properties. Ex.: “vehicle cluster” ≡ ?

Recall the early days of (static) distributed computing? Cloud computing?

Fundamental concepts of “atomicity”, “transactions”, “concurrency control”, ...

can be usefully applied to (mobile) distributed cyber-physical systems ...

a cluster?


Something else? We have been here before…

► 2 distinct constructs

Time spent in single-lane scenarios significantly higher than time spent in

risky maneuvers (lane changes, steep breaking).

COHORTS

For “atomic” stationary (non safety-critical) scenarios

(considered in isolation from each other) GROUPS

For “interfering” cohorts, i.e. transitory (safety-critical)

scenarios

Yet another reason for distinguishing cohorts and groups separately.

Anticipated single-lane SC scenario

Change of inter-vehicle spacing ▬ Z: vehicle accelerating or decelerating

beyond nominal rate

Unanticipated single-lane SC scenarios

Brutal stopping ▬ Z: vehicle which stops abruptly (the “brick wall”

paradigm, e.g. collision with a deer) ▬ Z, Z’: vehicles involved in an

accident, 1 lane blocked

Emergency breaking ▬ Z: vehicle which decelerates abruptly (e.g.

obstacle or accident detected)

Imminent sudden stopping (fatal failure of vehicle equipment, of on-board

system) ▬ Z: vehicle which is about to stop abruptly

Sudden acceleration ▬ Z: vehicle which accelerates abruptly (failure of

vehicle equipment)

Categorization of SC scenarios (types F)

Anticipated multi-lane SC scenarios

On ramp merging ▬ Z: entrant vehicle

Individual lane change ▬ Z: vehicle which wants to change lane

Collective lane change ▬ Z: head of cohort wanting to move a cohort to a

different lane in a monolithic fashion

Overtaking ▬ Z: vehicle wanting to overtake (double inverted lane change)

Unanticipated multi-lane SC scenarios

Brutal stopping ▬ Z: vehicle which stops abruptly (the “brick wall” paradigm)

▬ Z, Z’: vehicles involved in an accident, blocking more than 1 lane

Imminent interleaved lane changes ▬ Z, Z’, and so on: vehicles wanting to

change lane(s) “immediately”, being interleaved with vehicles circulating on

the targeted lane(s)

Emergency stopping (individual multi-lane change) ▬ Z: vehicle wanting to

reach the emergency lane as soon as possible

Categorization of SC scenarios (types F)


Cohorts: States and state transitions internal to a cohort that

meet the cohort specification are not visible from outside: no lane

change(s), no more than r vehicles, no violation of nominal

bounds set for velocities, spacing, ac/dc,... rates, no fatal failure(s)

(nominal, risk-free, single-lane scenarios)

Groups: States and state transitions internal to a cohort that do

not meet the cohort specification are visible from outside

(risk-prone, safety-critical, single/multi-lane scenarios)

Intentional: lane change(s)

Unintentional (fatal failure, avoidance of obstacle/accident):

lane change(s), violation(s) of some nominal bound(s)


Safety concerns – Which obligations SO?

SO1. Realistic assumptions –Trustable modeling of system and adversaries

Every assumption has a coverage lower bound in the order of 1-10-9 per hour.

Adversaries: Mobility

Imprecise knowledge of physical variables (e.g., positioning)

Failures

SO2. Worst-case analyses and proofs

Properties shall be established for worst-case conditions or strategies deployed by

adversaries (assumed arbitrary smart).

An essential property: Strict, stringent, timeliness (“real time”) properties

Example: 1-hop SC message transmission delay < 100 ms

Mandatory: prior to proving (or simulating), demonstrate that you have identified

worst cases.

SO3. Designs/solutions that meet the 1-10-9 per hour lower bound requirement

Stochastic or deterministic approaches?

Among others …


Safety in the presence of failures?

We have been here before …


Impressive experience and knowledge accumulated in air transportation

(TACAS, …), aerospace, railways, nuclear power plants, …

System = {functions} “building blocks”

Every function shall be resilient (e.g., availability/reliability

figures no less than 1-10-7/hour) built out of redundant

“building blocks” (devices, software, …)

Every function shall be backed by at least one other function

No common failure mode functions that may back each other

shall be built out of different “building blocks”

Fundamental principle: diversified functional redundancy

Safety concerns – Which principles?

DSRC/WAVE System Architecture

Applications

1609.1,

et al.

1609.3

1609.4

802.11p

802.11p

LLC

Multi-Channel

Operation

IPv6

UDP / TCP

Management Plane Data Plane

OS

MLME

WSMP

PLME

Airlin

k

WAVE PHY

WAVE MAC

on

-bo

ard

sys

tem

co

re o

f

on

-bo

ard

sys

tem

MAC protocol(s)

distributed algorithms

for decision making

On-Board System Model

Bcast, Mcast, Geocast,

Convergecast,…


No « longitudinal communications »?

What if some function fails? Safety proofs?

15

System Model

Vehicle On-Board Systems and Functions

Processing, I/Os, and storage (Emaps, …) Longitudinal telemetry: directional sensing-based technology (e.g., radars, infrared, free-space optics) for enforcing safe longitudinal inter-vehicle spacing Space-time localization and scene recognition: - 360° positioning and global time keeping (GPS/EGNOS/Galileo devices, …), worst-case inaccuracies γ (≈ 12 m) and τ (≈ 100 μs)

- 360° image processing (e.g., cameras, sensor fusion, AI) and lateral proximity detection (e.g., radars/lidars) 360° short-range omnidirectional radio communications (V2V and V2I), e.g. the IEEE 802.11p and IEEE 1609.x standards


Adversaries

Mobility (velocities, ac/dc, maneuvers, …)

Automated vehicles can be under control Enforced limits may depend on, e.g., type F for a SC scenario

Imperfect valuation of physical variables [e.g., space-time

coordinates: worst-case inaccuracies γ (≈ 12 m) and τ (≈ 100 μs)]

The best we can do is to minimize inaccuracy. Inaccuracy cannot be fully eliminated, and may vary with time, locations, conditions, …

Failures

The only possibility: redundancy time / space / coding redundancy

Detection-and-recovery Masking


Failures

Accidental (attacks not considered for this presentation)

Stop failures, omission failures

Transient or permanent

Tolerable vs. fatal Failures

OB system stop failure: fatal

Sensing-based function failures: tolerable (mandatory)

Radio antennas omission failures: tolerable (mandatory)

Ether/medium omission failures: tolerable (mandatory)

virtual radio links

While executing a SC scenario: up to f failures (any failure,

« anywhere ») may be experienced by participating vehicles


1-hop V2V communications

SC scenarios may develop far away from an RSU (SO1)

No relaying/routing delays can be accommodated (timeliness!)

Send, Receive, primitives

No upper bounds for delays (MAC level, successful deliveries, …)

can be assumed (SO2)

1-hop multi-ary V2V communications

Bcast, Mcast, Geocast, Convergecast, primitives, no atomicity

assumed (SO1)

Communication model


Presentation




scenarios



Hints for solutions

19


Cohorts on Roads and Highways

No lane changes

Bounds (some fixed, some variable)

r highest number of members (in a cohort)

v highest velocity

sxy safe spacing between contiguous cohort members X and Y

s° smallest safe inter-vehicle spacing

s highest inter-vehicle spacing

S° smallest safe inter-cohort spacing

α highest nominal acceleration rate (attainable by any vehicle)

δ highest nominal deceleration rate (attainable by any vehicle)

η threshold for nominal deceleration rates*, 0 < η < 1

*deceleration rate higher than ηδ start a SC scenario

Safety authorities stipulate nominal bounds


Cohorts on Roads and Highways

21

vehicle motion

cohort head CH

inter-cohort spacing Sct/ch such that CH always stops without hitting CT…

… in the absence of telemetry failures

cohort tail CT

s° ≤ sxy ≤ s

inter-vehicle spacing sxy is safe … in the absence of telemetry failures

S° ≤ Sct/ch

X Y

(s° = s?)


≈ 120 km/h

How to avoid rear-end collisions whenever:

* B’s longitudinal telemetry function fails

* R decelerates abruptly

at the same time (SO2)

R ≈ 3 m spacing B

Problem


Fundamental principle: diversified functional redundancy

Solution: N2N bidirectional beaconing

Failures of longitudinal telemetry shall be tolerable, backed by longitudinal communications

Neighbor-to-neighbor (N2N) beaconing/messaging with

unidirectional very short range antennas

Assumption: no coincidental failures of longitudinal telemetry and N2N communications (SO1)

Why not V2V communications?

Compared to V2V omnidirectional communications, reduction of worst-case

number of contenders by a factor of ≈ 100

Do we need a “deterministic” MAC protocol for sorting out

≈ half-a-dozen contenders (SO2 & SO3)?


beacon(X, i)

X

beacon(Y, j)

Y

Neighbor-to-neighbor

(N2N) periodic bidirectional

beaconing (period π)

Functional diversification with N2N communications permits to

withstand V2V channel jamming or/and V2V antennas’ failures, in

addition to withstanding longitudinal telemetry failures

Cohort management (membership, coordination, agreement, …)

greatly facilitated with N2N messaging & beaconing

Solution: N2N bidirectional beaconing


Worst-case analysis

25

vehicle motion

CH CT

σ° ≤ σxy ≤ σ

With N2N beaconing, inter-vehicle spacing σxy is safe in the presence of

telemetry failures

S° ≤ Sct/ch

What is σ°, counterpart of s° in the presence of telemetry failures?

X Y

N2N coms V2V coms

σ° = s° + c

In platoons, s° ≈ 3 m.

If c higher than ≈ 3 m, forget about efficiency.


Consider 2 cohort neighbors X and Y, Y following X Worst-case X decelerates, and Y’s telemetry fails. Beaconing period π. N2N beacon(X, i) sent to Y at t(i) carries:

- sequence number i and t(i)

- vx(i) , X’s velocity at t(i)

- x(i), averaged X’s decelerations over interval [t(i-1), t(i)]

● ● ● ● ●

Question: why not X’s space coordinates in beacon(X, i)?

Worst-case analysis

In Proc. IEEE Vehicular Networking Conference 2011, pp. 1-8


interval of deceleration by Y

time

X

Y

π

time

new t(i) t(i+h-2) t(i-1) t(i+h-1)

T(i+1) T(i+h-1) T(i+h-2)

≈ π

beacon(X, i+2)

sequence of h N2N beacons(X, *) sent by X, processed by Y

t(i+1)

beacon(X, i+h-1)

θ

θ-π’: time of Y’s telemetry failure occurrence

T(i-1)

upstream

warning beacon(X, i)

beacon(X, i-1)

π'

Worst-case analysis Smallest safe spacing for withstanding telemetry failures


Nominal bounds essential here: δ and (0 < < 1)

Parameter defines the boundary between “non SC deceleration” and

“SC deceleration”. In non SC situations, a cohort member decelerates

at rate ηδ at most. Recall: any vehicle shall be able to decelerate at

rate δ at least.

(η and rate δ mandated/stipulated by safety authorities) Worst-case non SC scenario/conditions:

X and Y circulate at identical velocity v at θ-π,

X starts decelerating at θ-π, right after sending beacon(X, i-1)

quoting vx(i-1) = v (proof is by contradiction). At θ (worst-case), Y sends X a N2N warning message (“telemetry

down”). X resets its periodic time referential (current time ≈ θ = new

t(i)) and returns beacon(X, i)).



At T(i) ≈ θ, in worst-case conditions: vy(i) = v and vx(i) = v-δηπ.

Lost X/Y spacing c’ in interval [θ-π, θ]: c’ = ηδπ2/2. Past T(i), X keeps decelerating continuously at highest rate ηδ,

while Y keeps decelerating at highest rate δ. Let c(t), t > θ, stand for

the distance travelled by Y minus the distance travelled by X during

interval [θ, t]. We have c(t) = δt{ηπ – t(1-η)/2}. Highest value of c(t) reached when its derivative w.r.t. t is 0, i.e. at

t* = ηπ/(1-η). Thus: c(t*) = δ(ηπ)2/2(1-η), and worst-case total lost

spacing c = c’+c(t*). Number of beaconing rounds: h = (1- )-1

c = π2δη/2(1-η) c does not depend on velocities Lower bound of σxy writes σ° = s° + c. Since bound s° holds for

velocities below v°, such is the case for σ°.



interval of deceleration by Y, rate ●

time

T(i-1) T(i+1) T(i+2)

beacon(X, i)

xy

beacon(X, i+1)

θ = T(i)

0

interval of deceleration by X, rate ●

vy = v

sxy

beacon(X, i+2)

c

s°

°

X/Y spacing

c

vx = 0 or vy = 0



U.S. Department of Transportation, NHTSA

Safety Benefit Evaluation of a Forward Collision Warning System: Final Report

DOT HS 810 910 February 2008

By Virginia Tech Transportation Institute 3500 Transportation Research Plaza (0536)

Blacksburg, VA 24061. Document available to the public from the National Technical

Information Service, Springfield, Virginia 22161

Page 82, Eq. (45) gives critical warning distances for two contiguous

decelerating vehicles based on velocities and deceleration rates.

Converted in our notations, original Eq. (45) is as follows:

vy2 /δy < vx

2/δx – 2εvy + 2sxy (1)

where ε stands for Y’s lag time (radar latency), human driver reaction

latency set to 0 (we consider fully automated vehicles).

Worst-case analysis Can this solution and analysis match conventional safe spacing algorithms?


Applied to our N2N beaconing model and accounting for telemetry

failures, original Eq. (45) becomes:

vy2 /δy < vx

2/δx – 2πvy + 2σxy (2)

with π > ε, σxy standing for X/Y spacing at t(i), other variables

averaged over interval [t(i-1), t(i)], excepted δy computed for interval

[t(i), t(i+1)].

Condition under which (2) implies (1): (π–ε) vy ≥ c

Quadratic constraint in π. Roots (π’s bounds) are :

π° = (1-η)vy[1-λ]/δη, π = (1-η)vy[1+λ]/δη,

where λ2 = 1 – 2ηδε/(1-η)vy

Highest (smallest) bound values :: vy = v for π (vy = v° for π°). ε = 0.05, δ = 7.5, η = 0.77, and vy = 40 π° = 0.051, and π = 3.14.

Worst-case analysis Can this solution and analysis match conventional safe spacing algorithms?


Practical answer: much less/no more than ≈ s°!

c = π2δη/2(1-η)

Realistic values of parameters in c: δ = 7.5 m/s2, η = 0.77

With π = 100 ms (10 Hz) c = 0.13 m

With π = 400 ms c = 2.01 m

With π = 500 ms c = 3.14 m

Worst-case analysis Does this solution reconcile safety and efficiency?

What is σ°, counterpart of s°, in the presence of telemetry failures?

Back to open question:


Presentation




scenarios



Hints for solutions

34


X’s situational data stdX(t):

stdX(t) {X, sizeX, …, t, locX(t), vX(t), αX(t) or δX(t), …}

Examples of SC scenarios


emergency lane

36

≈ 120 km/h

How to avoid (collective) collisions whenever risk-prone

maneuvers must be undertaken. Examples:

• Z1 decelerates abruptly

• Z2 needs to reach the emergency lane asap

≈ 3 m spacing Z1

Problem illustrated

Z2


A safety-critical (SC) scenario is always started by some vehicle (Z).

Early warning is possible despite obstacles, distances, …,

via V2V communications.

Solution: Groups & V2V communications

IVNs are cyber-physical systems A SC scenario comprises 5

phases, ratio physical/cyber from phase 1 to phase 5, involving:

• V2V communications, decision-making algorithms

• Coarse grain, fine grain, maneuvers.

► Knowing their respective roles earlier than when relying solely on

sensing-based capabilities (used for final “fine tuning”), participants

can adjust their motions early enough (“coarse tuning”).

Rationale for groups: SC maneuvers are undertaken under

(much) safer conditions (than without the group constructs)


► Phase 1:

Group forming started by Z, initiator of SC scenario {Z, F}.

Z does Geocast_MZ, MZ {stdZ(t), stdZ( ), F}, > t

group RZ,F comprises vehicles which receive MZ.

► Phase 2:

Group EZ,F comprises eligible vehicles, i.e. members of RZ,F which

match std predicates in MZ. These vehicles may have to take some

active part in {Z, F}.

Every eligible vehicle W does Bcast_EMW, EMW {stdW( ), Z, F},

and “adjusts” its velocity if necessary.

Group forming – Anatomy of a SC scenario (1)


► Phase 3:

Z computes the “winning group” AZ,F out of messages EM* received

from eligible vehicles decision message D(AZ,F, Z, F).

Actors group AZ,F subset of EZ,F. Z does Mcast_D(AZ,F, Z, F).

Actors do take an active part in {Z, F}.

Phase 4 (coarse grain maneuvers):

Z, as well as actors when they receive D(AZ,F, Z, F), adjust their

velocities accordingly – they may still be out-of-sight.

Phase 5 (fine grain maneuvers):

Via their sensing-based functions, Z and actors “fine tune” their

respective alignments. Other vehicles behave according to cohort

management rules.

Group forming – Anatomy of a SC scenario (2)


RZ,ORM

(not to scale)

AZ, ORM

EZ, ORM

Z on ramp

Q P

* Z processes messages received from members of EZ,ORM

* Z chooses P and Q

Roles are assigned: Z gets inserted on highway between P and Q

(velocities and motions adjusted accordingly)

Illustration with the On Ramp Merging SC scenario (type: ORM)


Hybrid IVNs (progressive migration towards increased automation)

How do heterogeneous vehicles (differing levels of automation or autonomy)

co-exist safely?

Shared/final authority

In “extreme” situations, who to trust? The automaton or the human (driver)?

“Automation addiction”

Slowly, humans may forget how to react correctly in “unusual” situations –

already a severe problem with pilots of commercial airplanes!

Legal issues

Who is to be held responsible in case of …

Other current limitations in relation to safety


Google’s first self-driving car accident (Aug. 2011)

There was "a huge screeching noise," according to Tiffany Winkelman, and Google's

Prius struck another Prius, which then struck her Honda Accord that her brother was

driving. That Accord then struck another Honda Accord, and the second Accord hit a

separate, non-Google-owned Prius.

Google's original statement reads: "Safety is our top priority. One of our goals is to

prevent fender-benders like this one, which occurred while a person was manually

driving the car."


Presentation




scenarios



Hints for solutions

43


Open problems & widespread beliefs (V2V communications)

Major open problems with mobile wireless networks. Notably:

Can Can wewe reasonablyreasonably expectexpect green lights green lights fromfrom safetysafety authoritiesauthorities whenwhen assertingasserting

« We can develop safety arguments despite lack of

guaranteed message deliveries within « acceptable » delays »? …


proofs showing that periodic beaconing at 1Hz at least is always achievable »? …


guaranteed (worst-case) radio channel access delays »? …



ReliabilityReliability Which reliable Bcast/Mcast/Geocast/Convergecast/… protocols? Reliability implies “guaranteed” message deliveries. Best protocols are those achieving smallest termination delays. More precisely: best protocols match smallest worst-case upper bounds for

message delivery delays in the presence of message losses (f).

Most popular solutions: PAR or/and NAR protocols

Questions and observations

• What if number of recipients/participants is unknown?

• Acks may be lost, rather than messages. Retransmissions are useless,

wasting time and bandwidth.

• Inefficient even if f = 1 (timers T set to highest value)


7 members in EZ,ORM

Q P

Z

on ramp

Worst-case run for Bcast_MZ or Mcast_DZ

6 acks (returned by P) lost over link {Z, P}

message by Z sent 7 times

smallest number of acks returned = 6 + 7

f = 6 virtual link {Z,P} targeted by

the adversary



Worst-case run – Simplified numerical illustration

n: number of recipients f: maximum number of virtual link failures

m: message transmission time a: ack transmission time

c: time lost per message and per ack due to contention (MAC level) with N

surrounding vehicles (N > n)

n = 7, f = 6, m = 3 ms, a = 0.15 ms, c = 20 ms (not a worst-case figure)

T = highest duration of Bcast in the absence of failures:

T = m+c + 7(a+c) = 164 ms

Worst-case termination time of Bcast in the presence of failures:

7T = 1.148 s Unacceptably high!

Hints for better solutions

Masking rather than DetectionMasking rather than Detection--andand--RecoveryRecovery

Take advantage of cohort propertiesTake advantage of cohort properties


Worst-case analysis (SO2)

IEEE 802.11p radio interference radius ≈ 400 m

Road/highway curvatures max. longitudinal distance between

interfering vehicles ≈ 1.2 km

4 lanes, each way

High compactness

v vehicle size 7 m s spacing 4 m

1 vehicle every ≈ 11 m highest number of interfering vehicles ≈ 870


Periodic V2V beaconing for situational awarenessPeriodic V2V beaconing for situational awareness Frequencies quoted … frequently [1 Hz, 10 Hz] for 2D spaces.


X’s beacons carry stdX(t):

stdX(t) {X, sizeX, …, t, locX(t), vX(t), αX(t) or δX(t), …}

Beacon size: b

Beaconing period: π

IEEE 802.11p channel: 6 Mbits/s

Channel utilization ratio: ρ

Smallest achievable period π* = 870 b/6ρ 10-6

Numerical example: b = 2600 bits ρ = 1 (utopia) π* = 377 ms 10 Hz unfeasible, even with a perfect MAC protocol



Limit of ρ with CSMA-CA (pre-thrashing threshold) 0.25

π* 1.5 s

1 Hz unfeasible with IEEE 802.11p CSMA-CA protocol

Moreover, stochastic « guarantee » ( SO2)


Hints for better solutions

Take advantage of cohort propertiesTake advantage of cohort properties

deterministic MAC protocol (to be patented or published)deterministic MAC protocol (to be patented or published) Example: b = 2600 bits, π = 0.5 s

Every vehicle has exactly 2 (dynamically assigned) exclusive

slots every second for broadcasting its beacons



MAC level timelinessMAC level timeliness Which MAC protocols that would guarantee the existence of predictable strict upper bounds (worst-case) for radio channel

access delays (SO2) under realistic assumptions (SO1)? (SO3) deterministic MAC protocols

Bad news

No such protocols may exist (popular belief)

“Best-effort” deterministic protocols only

However, no impossibility proofs!


TDMA: inadequate for open, highly dynamic, sets of vehicles

CDMA: deterministic code assignments?

SDMA, LCA: rest on unrealistic (best case) assumptions:

universal grid of tiny cells, non varying number of road/highway lanes, highly accurate vehicle space-time coordinates* ( SO1)

* γ ≈ 0 and τ ≈ 0, rather than γ ≈ 12 m and τ ≈ 100 μs

MAC protocols based on “situational awareness”, gathered

through V2V beaconing: problematic circularities

Hopeless?Hopeless?


Published proposals for 2D spaces


Few “deterministic” DCR algorithms published

(DCR ≡ deterministic collision resolution) «« DeterministicDeterministic » Ethernets (the 80’s). The » Ethernets (the 80’s). The

802.3D protocol, a variation of plain Ethernet, 802.3D protocol, a variation of plain Ethernet,

based upon balanced tree searches (stack based upon balanced tree searches (stack

algorithm), patented by INRIA at the request of algorithm), patented by INRIA at the request of

the French Navy. the French Navy. Fielded Fielded in various places:in various places:

•• Nuclear aircraft carrier CharlesNuclear aircraft carrier Charles--dede--GaulleGaulle

•• Frigates and submarinesFrigates and submarines

•• Industrial sites (SaintIndustrial sites (Saint--Gobain, …)Gobain, …)

•• European spatial base (European spatial base (ArianeAriane launcher) in launcher) in

KourouKourou (French Guyana)(French Guyana)

Traditional CSMA-CD solutions (static wired networks)

J.-F. Hermant, G. Le Lann, "A protocol and

Correctness Proofs for Real-Time High-

Performance Broadcast Networks", 18th IEEE

International Conference on Distributed

Computing Systems (ICDCS 98), Amsterdam,

The Netherlands, 26-29 May, pp. 360-369.


Traditional CSMA-CD solutions (static wired networks)

Reliable Broadcast in Wireless Mobile Ad Hoc Networks

Mansoor Mohsin, David Cavin, Yoav Sasson, Ravi Prakash, André Schiper

http://www.computer.org/csdl/proceedings/hicss/2006/2507/09/index.html

Can be adapted to work in

mobile wireless networks


Hints for solutions

Take advantage of cohort and group propertiesTake advantage of cohort and group properties

Two classes of solutions:Two classes of solutions:

CDCD--DCR protocols (CD feasible with the group construct)DCR protocols (CD feasible with the group construct)

CollisionCollision--free protocolsfree protocols


Magic?

Recall:

1) Lack of appropriate structuring concepts/constructs is an impediment to proving

properties. Recall the early days of (static) distributed computing? Fundamental

concepts of “atomicity”, “transactions” , “concurrency control”, ... can be usefully

applied to (mobile) distributed cyber-physical systems

► 2 distinct constructs


Cohorts and groups, not initially devised to that end, are

essential cornerstones for solving these open problems.

Keep thinking …

… and stay tuned!

Questions?

Thus, no contradictions with widespread beliefs.

And it makes sense to dig deeper …


novel communication and system constructs for integrated … · platoons, vanets, clusters, …...

Documents