STREAM01 / Mastère SE Distributed Embedded Systems and realtime networks Embedded network TTP Marie-Agnès Peraldi-Frati AOSTE Project UNSA- CNRS-INRIA January 2008 1 Abstract Requirements for TT Systems The Time Triggered Protocol Objectives Frame Architecture 2 Marie-agnès Peraldi-Frati- UNSA 1
Requirements for communication architecture Time-triggered control system Determinism : All activities are carried out at certain points in time know a priori at design time (based on a globally synchronized time base) Transmission of messages All nodes have a common notion of time Monitoring of external states Fault tolerance : detection monitoring recovery Composability, extensibility Temporal : the temporal control of the communication network is determined predictable and independent from the application. 3 SAE Communication Classes SAE: Society of Automotive Engineers Three Communication System Classes Class A For systems with low speed networks Soft Real-Time systems Class B For systems with high speed networks, but without safety-critical requirements Class C For systems with safety-critical requirements Hard Real-Time systems 4 Marie-agnès Peraldi-Frati- UNSA 2
Time-Triggered Protocol TTP: Family of TDMA based, fault tolerant protocols TDMA: Time Division Multiple Access TTP/C: A communication protocol specifically designed for safety-related automotive applications The development of TTP and TTP/C has been led by Prof. Hermann Kopetz, Technical University of Vienna The commercial development of TTP/C tools and products is led by TTTech (www.tttech.com) Existing protocols J1850 and CAN meet the bandwidth specification for an SAE Class C protocol, but not the fault tolerant requirements 5 Two TTP Protocols TTP/A (Automotive Class A = Soft Real-Time) A scaled-down version of TTP A cheaper master/slave variant TTP/C (Automotive Class C = Hard Real-Time) A full version of TTP A fault-tolerant distributed variant Bandwith : 500kbit/s, 1Mbit/s, 2Mbit/s, 5Mbit/s, 25Mbit/s 6 Marie-agnès Peraldi-Frati- UNSA 3
TTP Protocol Objectives Message transport with low latency and minimal jitter Support for composition Provision of a fault-tolerant membership service Fault-tolerant clock synchronization Distributed redundancy management Minimal overhead Scalability to high data rates efficient operation both on twisted wires and on optical fibers 7 TTP/C Cluster 8 Marie-agnès Peraldi-Frati- UNSA 4
Definitions SRU: Smallest Replaceable Unit A single node consisting of a TTP protocol processor and a Host processor Shadow SRU : the unit emits in case of failure of the main node FTUs: Fault Tolerant Units Group of actively replicated units, each unit emits the same information 2 nodes : protection in temporal domain 3 nodes : protection in the value domain CNI: Communication Network Interface The Host programming interface to the Time-triggered network 9 TTP/C Bus Access Scheme 10 Marie-agnès Peraldi-Frati- UNSA 5
TDMA: Time Division Multiple Access A distributed static medium access strategy The right to transmit a frame is controlled by the progression of real time Requires that a fault-tolerant global time-base is available to all nodes The channel capacity is statically divided into a number of slots A unique sending slot is assigned to every node A node can only send one frame in every TDMA round If there are no data to send, an empty frame is transmitted The sequence of sending slots within a group of nodes is called a TDMA round The sequence of all different TDMA rounds is called a cluster cycle 11 TTP/C Frame Types: N-Frames I/N Message Mode bit 1 Mode bit 2 4 bit Header Frame type Mode change request Mode bit 3 16 bit Data = Application Data + Explicit C-State Or Data = Application Data 12 Marie-agnès Peraldi-Frati- UNSA 6
TTP/C Frame types: Cold start frame I/N Message Mode bit 1 4 bit Header Mode bit 2 Mode bit 3 C-State: Controller state Current clock Sender slot Current mode 16 bit 13 Continuous state agreement : CRC Calculation C-State is not emitted in each message The CRC at the sender is calculated over the message contents concatenated with the sender C-State At the receiver side the CRC is recalculated with the receiver C-State. If CRC are different, the message has been corrupted or there is a disagreement on C-States. Message must be discarded 14 Marie-agnès Peraldi-Frati- UNSA 7
Continuous state agreement : CRC Calculation CRC calculation at sender Header Data Field C-State of Sender CRC Message on the network Header Data Field CRC CRC calculation at receiver Header Data Field C-State of Receiver CRC 15 TTP/C Frame validity To be acceptable by the receiver node : A frame must be valid according to the MEDL table of the receiver i.e. Correct slot Correct length And correct CRC sender side = CRC receiver side 16 Marie-agnès Peraldi-Frati- UNSA 8
TTP/C frame transmission phases Slot duration for the i node Slot duration for the i +1 node PRP idle PSP TP PRP idle PSP TP PRP idle PSP slot i in the «TDMA round» slot i+1 in the «TDMA round» AT Action Time IFG Inter Frame Gap PSP (Pre Send Phase) TP (Transmission Phase) PRP (Post Receive Phase) 17 TTP/C : C-State C-State is a data structure generated by each node and transmitted during the slot node. C-State of a node N may contains : Clock of the N node (master clock only) Slot number associated with the N node in the current TDMA round Demand for a mode switching at the next cluster cycle Local vector of the Membership. 18 Marie-agnès Peraldi-Frati- UNSA 9
Membership The node membership vector contains as many bits as there are nodes in a cluster each node is assigned to a specific bit position True indicates that the node was operating successfully during the last sending slot False indicates that the node was not operating successfully The position bit of the bit membership indicates the position point for the node to send or receive. Update every SRU slot after a CRC checking on the received messages (PRP phase). The delay for updating all membership information is at most one TDMA round Consequence : a node is considered operational or not until its following membership point in the next TDMA round 19 Membership A node which doesn t receive any correct message assumes that the sending node has crashed and it eliminates the sending node from its membership vector If however the conclusion is different for the other nodes, from this moment two cliques have formed that cannot communicates with each other because they don t have the same C-State In such conflict, TTP ensure that the majority view wins, and the nodes with the failed input port is eliminated from the membership. 20 Marie-agnès Peraldi-Frati- UNSA 10
TTP/C System Architecture 21 TTP Node Configuration CNI: Communication Network Interface Dual Port RAM TTP/C Controller Host Processor «global clock tick» Protocol Processor Bus Guardian ROM TTP/C Control Data (MEDL) Driver Driver 22 Marie-agnès Peraldi-Frati- UNSA 11
Bus guardian Open the bus access at determined slots Slots are specified in the MEDL Protection from desynchronized units Protection from babbling idiot unit 23 Clock synchronization Not managed with additional traffic A minimum of 4 Master Clocks (MC) nodes Maximum jitter between MC is 10-4 s/s Each node compares its clock with the one of the sender node (if it is a master clock node) If the difference is greater than a precision, the reception node disconnect from the network Otherwise, the reception node updates its clock and the associated data with the a fault tolerant synchronization algorithm. 24 Marie-agnès Peraldi-Frati- UNSA 12
Conceptual Layers of TTP/C Host Layer FTU Layer RM Layer Application Software in Host FTU Membership Permanent value management Redundancy Management FTU CNI Basic CNI SRU Layer Data Link/Physical Layer SRU Membership Clock Synchronization Media Access: TDMA 25 The Basic CNI Structure Updated by TTP Controller Status Registers Global Internal Times SRU-Time (part of C state) Dual Port Ram Control Registers Watchdog Timeout Register Updated by Host MEDL (part of C state) Membership (part of C state) Status Information Mode Change Request Reconfiguration Request External Rate Correction Message Area 26 Marie-agnès Peraldi-Frati- UNSA 13
Communication Network Interface - CNI CNI : Dual Port RAM + registers Consistent Data Transfert : Arbitration of the DPRAM access Host may derive read access interval from the global time base and the MEDL Host may access the RAM arbitrarily to read/modify the communication objects. In that case a Non Blocking Write Protocol is provided to ensure integrity of data. The TTP controller is never delayed. 27 The Message Descriptor List (MEDL) MEDL SRU-Time message time Address Attributes D L I A Message Area Message D: Direction input/output message L: Length of message I: Initialization Initialization or normal message A: Additional parameter protective information concerning mode change The MEDL s of a cluster are generated automatically by a cluster compiler 28 Marie-agnès Peraldi-Frati- UNSA 14
Operating Modes Different operating modes require different message schedules Accelerating vs. cruise might need different information Operation vs. diagnosis need emphasis on different aspects of the vehicle Failure recovery might need access to different message traffic TTP solution: use multiple schedules Precompute a different MeDL for every possible situation Currently used on TTP/A; but could be used on TTP/C with special care ) 29 Fault-tolerant Node 30 Marie-agnès Peraldi-Frati- UNSA 15
Conclusion : TTP/C Properties Static Scheduling Guaranteed delivery times with known variance (jitter) Clock Synchronization All nodes synchronized to within one microsecond each TDMA round Composability TTP/C nodes are temporally composable as well as functionally composable Fail Silent The bus guardians ensure transmission only during the correct timeslot in all cases Membership Every node s membership is available during each TDMA round 31 Advantages/Disadvantages of TTP Advantages Simple protocol to implement Deterministic response time No wasted time for Master polling message Disadvantages Wasted bandwidth when some nodes are idle Fixed network size after installation 32 Marie-agnès Peraldi-Frati- UNSA 16
TTP/TTA References Real-Time Systems Research Group at the Vienna University of Technology http://www.vmars.tuwien.ac.at TTA Group Forum (the open industry consortium for time-triggered systems today) http://www.ttagroup.org/ TTTech Computertechnik AG supplier of technology in the field of time-triggered systems and TTP (Time-Triggered Protocol). http://www.tttech.com/ 33 Informations on these slides are extracted from : - [1] H. Kopetz course and from its textbook: Real-Time Systems Design Principles for Distributed Embedded Applications Chapter 8: The Time-Triggered Protocol Chapter 14: The Time-Triggered Architecture - [2] P. Koopman Course (http://www.ece.cmu.edu/~ece540/lecture/) -[3] Slides TTPtech (http://www.tttech.com/ ) [4] Course F. Simonot-Lion, TDMA 34 Marie-agnès Peraldi-Frati- UNSA 17