Construction of sfiCAN: a star-basedfault-injection infrastructure for theController Area NetworkAlberto BallesterosSuperv...
IntroductionWhat is the Controller Area Network?                                       2
Introduction                         CAN• The Controller Area Network (CAN) is a field bus  communication protocol        ...
Introduction                                CAN• CAN is widely used in distributed embedded control  systems   – In-vehicl...
Introduction                       CAN• Error frame• Overload frame• Remote frame• Data frame                             ...
Introduction                           CAN• CAN has been traditionally used in applications  in which faults can have very...
Introduction    A widely used technique to evaluatehigh-dependable systems is fault injection,    which allows to observe ...
Introduction                        Fault injection• Generic architecture of a fault-injection system                     ...
IntroductionAlready available fault injection systems for        CAN present some limitations                             ...
Introduction    Limitations of previous CAN fault-injection systems• Low spatial resolution• Low time resolution• Traffic ...
IntroductionWhy is it so important to provide a fault-injection system that does not show those limitations?              ...
Introduction Motivations for an adequate CAN fault-injection systems• CAN is being incorporated in safety-related  systems...
Introduction                      GOAL    To build a new fault-injection infrastructurecapable of reproducing complex faul...
Introduction     To achieve this goal we developed aphysical fault-injection system called sfiCAN                         ...
sfiCAN                       Architecture• Hub  – Coupling  – Fault injection  – Logging• Node  – Execute software  – Logg...
sfiCAN                             Architecture• Simplex star topology   – Dedicated links for the nodes   – Standard link...
Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact                 ...
Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact                 ...
Requirements• The user must be capable of specifying the fault scenario by  means of an intuitive fault-injection specific...
Requirements• SfiCAN must be able to inject simple erroneous bit-patterns• SfiCAN must provide enough spatial resolution t...
Requirements• SfiCAN must be able to inject simple erroneous bit-patterns• SfiCAN must provide enough spatial resolution t...
Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact                 ...
Design   sfiCAN is constructed froma set of independent modules that carry out different tasks      related to the injecti...
Design                        sfiCAN architecture• Modules of sfiCAN   – Centralized Fault Injector (CFI)   – Hub Logger (...
DesignHow we carry out an experiment?                                  25
DesignPhases of a fault-injection experiment                                         26
DesignPhases of a fault-injection experimentuser                                         27
Design      Phases of a fault-injection experiment             fault-injection              specification      user  nodes...
DesignPhases of a fault-injection experiment       start experimentuser                                         29
DesignPhases of a fault-injection experiment       start experimentuser                                         30
DesignPhases of a fault-injection experiment                                         31
DesignPhases of a fault-injection experiment       end experimentuser                                         32
DesignPhases of a fault-injection experiment       end experimentuser                                         33
DesignPhases of a fault-injection experiment        reportuser                                         34
DesignWhich types of faults can sfiCAN inject?                                           35
Design                Types of faults• Transient• Permanent• Intermitent                                  36
Design                     Types of faults• Fault-injection modes  – Single-shot → transient  – Continuous → transient and...
Design                     Types of faults• Fault-injection modes  – Single-shot → transient  – Continuous → transient and...
Design      Types of faults – Single-shotaim                fire             ceaseId              data                    ...
DesignFault-injection specification language                                         40
Design             Fault-injection specification language[fault injection 1]value_type = inversetarget_link = port1dwmode ...
Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact                 ...
Implementation   Development environment/platformsfiCAN’s prototype is based on a previous       ReCANcentrate prototype  ...
Implementation             Development environment/platform• Hub hardware   – Xilinx XSA-3S1000 FPGA board   – Xilinx Spar...
Implementation            Development environment/platform• Nodes hardware   – Microchip dsPICDEM 80-pin Starter Developme...
Implementation              Development environment/platform• PC hardware   – Linux-based PC   – Peak System-Technik PCAN-...
ImplementationImplementation of the fimCfgExecuter                                       47
ImplementationImplementation of the fimCfgExecuter                                       48
Implementation         Implementation of the fimCfgExecuter• Hub Core                                                49
Implementation         Implementation of the fimCfgExecuter• Hub Core                                                50
Implementation          Implementation of the fimCfgExecuter• faultInjectionModule                                        ...
Implementation          Implementation of the fimCfgExecuter• faultInjectionModule                                        ...
Implementation          Implementation of the fimCfgExecuter• fimExecuter                                                 53
Implementation          Implementation of the fimCfgExecuter• fimExecuter                                                 54
Implementation         Implementation of the fimCfgExecuter• fimCfgExecuter                                               ...
Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact                 ...
Test of sfiCAN                  Testbed setup• Experimental platform                                  57
Test of sfiCAN                         Realized tests• Bit-flipping (single-shot)• Recessive Downlink Message Omission (co...
Test of sfiCAN                         Realized tests• Bit-flipping (single-shot)• Recessive Downlink Message Omission (co...
Test of sfiCAN                             Bit-flipping• The value of a bit is inversed [fault injection 1] value_type = i...
Test of sfiCAN                      Bit-flipping• Oscilloscope screenshot   Transmitted     Received                      ...
Test of sfiCAN                            Bit-flipping• Loggers dump              Transmitter     Receiver               N...
Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact                 ...
ConclusionsWe achieved the goal, we developed a physical fault-injection system capable of reproducingcomplex fault scenar...
Conclusions• Fault model   – Global/local faults   – Bit granularity   – Transient, permanent and intermittent   – Simple/...
Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact                 ...
Articles and potential impact                             ArticlesD. Gessner, M. Barranco, A. Ballesteros, and J. Proenza,...
Articles and potential impact                       Potential impact• sfiCAN has generated interest in a particular compan...
Construction of sfiCAN: a star-basedfault-injection infrastructure for theController Area NetworkAlberto BallesterosSuperv...
Upcoming SlideShare
Loading in …5
×

Construction of sfiCAN: a star-based fault-injection infrastructure for the Controller Area Network

469 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
469
On SlideShare
0
From Embeds
0
Number of Embeds
71
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Construction of sfiCAN: a star-based fault-injection infrastructure for the Controller Area Network

  1. 1. Construction of sfiCAN: a star-basedfault-injection infrastructure for theController Area NetworkAlberto BallesterosSupervisorsJulián Proenza y Manuel Barranco Universitat de les Illes Balears
  2. 2. IntroductionWhat is the Controller Area Network? 2
  3. 3. Introduction CAN• The Controller Area Network (CAN) is a field bus communication protocol 3
  4. 4. Introduction CAN• CAN is widely used in distributed embedded control systems – In-vehicle communication – Factory automation – Robotics• Main benefits – Low cost – Good resilience to electromagnetic interferences – Good real-time features 4
  5. 5. Introduction CAN• Error frame• Overload frame• Remote frame• Data frame 5
  6. 6. Introduction CAN• CAN has been traditionally used in applications in which faults can have very negative effects• It is mandatory to evaluate the capacity of these applications for dealing with faults 6
  7. 7. Introduction A widely used technique to evaluatehigh-dependable systems is fault injection, which allows to observe efficiently the response of the system when errors do occur 7
  8. 8. Introduction Fault injection• Generic architecture of a fault-injection system 8
  9. 9. IntroductionAlready available fault injection systems for CAN present some limitations 9
  10. 10. Introduction Limitations of previous CAN fault-injection systems• Low spatial resolution• Low time resolution• Traffic restrictions• Modifications on the nodes 10
  11. 11. IntroductionWhy is it so important to provide a fault-injection system that does not show those limitations? 11
  12. 12. Introduction Motivations for an adequate CAN fault-injection systems• CAN is being incorporated in safety-related systems• New technologies are being developed to improve dependability of CAN 12
  13. 13. Introduction GOAL To build a new fault-injection infrastructurecapable of reproducing complex fault scenarios and,thus, to test the response of CAN-based applications and protocols when these faults do occur 13
  14. 14. Introduction To achieve this goal we developed aphysical fault-injection system called sfiCAN 14
  15. 15. sfiCAN Architecture• Hub – Coupling – Fault injection – Logging• Node – Execute software – Logging• PC – Management 15
  16. 16. sfiCAN Architecture• Simplex star topology – Dedicated links for the nodes – Standard link for the PC 16
  17. 17. Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact 17
  18. 18. Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact 18
  19. 19. Requirements• The user must be capable of specifying the fault scenario by means of an intuitive fault-injection specification language• The user must be capable of retrieving the data collected during a test• SfiCAN must be able to force dominant and recessive values, as well as the inverted value of the coupled signal• SfiCAN must be able to reproduce scenarios involving several simultaneous erroneous bit-patterns• SfiCAN must be able to inject cascading erroneous bit-patterns• SfiCAN must be able to inject faults without a previous knowledge of the traffic 19
  20. 20. Requirements• SfiCAN must be able to inject simple erroneous bit-patterns• SfiCAN must provide enough spatial resolution to independently affect the signal each node transmits/receives• SfiCAN must provide enough time resolution to independently modify the value of every single bit• SfiCAN must be able to inject permanent and temporary faults, including transient and intermittent ones• SfiCAN must collect enough information during a test to allow the user to check the behaviour of the system 20
  21. 21. Requirements• SfiCAN must be able to inject simple erroneous bit-patterns• SfiCAN must provide enough spatial resolution to independently affect the signal each node transmits/receives• SfiCAN must provide enough time resolution to independently modify the value of every single bit• SfiCAN must be able to inject permanent and temporary faults, including transient and intermittent ones• SfiCAN must collect enough information during a test to allow the user to check the behaviour of the system 21
  22. 22. Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact 22
  23. 23. Design sfiCAN is constructed froma set of independent modules that carry out different tasks related to the injection 23
  24. 24. Design sfiCAN architecture• Modules of sfiCAN – Centralized Fault Injector (CFI) – Hub Logger (HL) – Node Logger (NL)• Fault-Injection Management Station (FIMS)• Communication FIMS - modules – Protocol on top of CAN (NCC protocol) 24
  25. 25. DesignHow we carry out an experiment? 25
  26. 26. DesignPhases of a fault-injection experiment 26
  27. 27. DesignPhases of a fault-injection experimentuser 27
  28. 28. Design Phases of a fault-injection experiment fault-injection specification user nodes’workload 28
  29. 29. DesignPhases of a fault-injection experiment start experimentuser 29
  30. 30. DesignPhases of a fault-injection experiment start experimentuser 30
  31. 31. DesignPhases of a fault-injection experiment 31
  32. 32. DesignPhases of a fault-injection experiment end experimentuser 32
  33. 33. DesignPhases of a fault-injection experiment end experimentuser 33
  34. 34. DesignPhases of a fault-injection experiment reportuser 34
  35. 35. DesignWhich types of faults can sfiCAN inject? 35
  36. 36. Design Types of faults• Transient• Permanent• Intermitent 36
  37. 37. Design Types of faults• Fault-injection modes – Single-shot → transient – Continuous → transient and permanent – Iterative → intermittent 37
  38. 38. Design Types of faults• Fault-injection modes – Single-shot → transient – Continuous → transient and permanent – Iterative → intermittent 38
  39. 39. Design Types of faults – Single-shotaim fire ceaseId data crc··· ··· ··· 39
  40. 40. DesignFault-injection specification language 40
  41. 41. Design Fault-injection specification language[fault injection 1]value_type = inversetarget_link = port1dwmode = single-shotaim_filter = 0aim_field = idleaim_link = coupledaim_count = 2fire_field = datafire_bit = 2cease_bc = 1 41
  42. 42. Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact 42
  43. 43. Implementation Development environment/platformsfiCAN’s prototype is based on a previous ReCANcentrate prototype 43
  44. 44. Implementation Development environment/platform• Hub hardware – Xilinx XSA-3S1000 FPGA board – Xilinx Spartan-3 XC3S1000 FPGA chip• Implementation environment – VHDL – Xilinx ISE (Integrated Software Environment) 44
  45. 45. Implementation Development environment/platform• Nodes hardware – Microchip dsPICDEM 80-pin Starter Development Board – Microchip dsPIC30F6014A• Implementation environment – C – Piklab + MPLAB C30 45
  46. 46. Implementation Development environment/platform• PC hardware – Linux-based PC – Peak System-Technik PCAN-PCI• Implementation environment – shell script / C++ – GCC – SocketCAN 46
  47. 47. ImplementationImplementation of the fimCfgExecuter 47
  48. 48. ImplementationImplementation of the fimCfgExecuter 48
  49. 49. Implementation Implementation of the fimCfgExecuter• Hub Core 49
  50. 50. Implementation Implementation of the fimCfgExecuter• Hub Core 50
  51. 51. Implementation Implementation of the fimCfgExecuter• faultInjectionModule 51
  52. 52. Implementation Implementation of the fimCfgExecuter• faultInjectionModule 52
  53. 53. Implementation Implementation of the fimCfgExecuter• fimExecuter 53
  54. 54. Implementation Implementation of the fimCfgExecuter• fimExecuter 54
  55. 55. Implementation Implementation of the fimCfgExecuter• fimCfgExecuter 55
  56. 56. Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact 56
  57. 57. Test of sfiCAN Testbed setup• Experimental platform 57
  58. 58. Test of sfiCAN Realized tests• Bit-flipping (single-shot)• Recessive Downlink Message Omission (continuous)• Iterative Integrity Error (iterative)• Inconsistent Message Omission (single-shot)• Unfair Primary Error (iterative) 58
  59. 59. Test of sfiCAN Realized tests• Bit-flipping (single-shot)• Recessive Downlink Message Omission (continuous)• Iterative Integrity Error (iterative)• Inconsistent Message Omission (single-shot)• Unfair Primary Error (iterative) 59
  60. 60. Test of sfiCAN Bit-flipping• The value of a bit is inversed [fault injection 1] value_type = inverse target_link = port1dw mode = single-shot aim_filter = 0 aim_field = idle aim_link = coupled aim_count = 2 fire_field = data fire_bit = 2 cease_bc = 1 60
  61. 61. Test of sfiCAN Bit-flipping• Oscilloscope screenshot Transmitted Received 61
  62. 62. Test of sfiCAN Bit-flipping• Loggers dump Transmitter Receiver Node 0 Node 1 Hub 1 Tx 123#00 Rx 123#00 Ok 123#00 Time 2 Er 123#01 Er 123#01 Er AckD(0) 3 Tx 123#01 Rx 123#01 Ok 123#01 4 Tx 123#02 Rx 123#02 Ok 123#02 62
  63. 63. Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact 63
  64. 64. ConclusionsWe achieved the goal, we developed a physical fault-injection system capable of reproducingcomplex fault scenarios to test the response of CAN-based applications and protocols 64
  65. 65. Conclusions• Fault model – Global/local faults – Bit granularity – Transient, permanent and intermittent – Simple/complex scenarios• Semantic faults to some extent 65
  66. 66. Outline• Requirements• Design• Implementation• Test of sfiCAN• Conclusions• Articles and potential impact 66
  67. 67. Articles and potential impact ArticlesD. Gessner, M. Barranco, A. Ballesteros, and J. Proenza,Designing sfiCAN: a star-based physical fault injector for CAN,in 16th IEEE International Conference on Emerging Technologies andFactory Automation, 2011.D. Gessner, M. Barranco, J. Proenza, and A. Ballesteros,sfiCAN : a Star-based Physical Fault Injector for CAN networks,2011. 67
  68. 68. Articles and potential impact Potential impact• sfiCAN has generated interest in a particular company involved in the evaluation of high dependable systems• Part of CANbids project – CANcentrate – ReCANcentrate – Aggregated Error Flag Transmitter (AEFT) 68
  69. 69. Construction of sfiCAN: a star-basedfault-injection infrastructure for theController Area NetworkAlberto BallesterosSupervisorsJulián Proenza y Manuel Barranco Universitat de les Illes Balears

×