Reliability analysis of wireless automotive applications with transceiver redundancy.

“Reliability analysis of wireless automotive
applications with transceiver redundancy.”
Final Presentation – Master Thesis:
Roshan Chulyada
(EEIT Master at FH-Rosenheim – University of Applied Science)
Supervisors: Prof. Dr.-Ing. Holger Stahl Advisor: Dipl.-Ing. Hauke Stähle
Prof. Dr. –Ing. Markus Stichler
09.10.2014 Final presentation - Master Thesis 1

Outline
1. Problems and Solution.
2. Challenges for Solution.
3. Comparison of Wireless technologies.
4. Safety Analysis of Existing System in eCar.
5. Approach and Analysis to get Reliable System in
eCar.
6. Design of Fail-Operational System.
7. Implementation.
8. Experiments.
9. Conclusion and Further works.
10. Demonstration

1. Problems (I).
3
Increase comfort and safety.
Increase sensors (150), switches etc.
Increase integration efforts (inter domain)and complexity.
09.10.2014 Final presentation - Master Thesis

1. Problem (II).
source: http://bainite.wordpress.com/category/cars/

1. Solution (III).
5
Simple
integration.
Wireless
Reduce weight.
Increase
design
Flexibility.
Enable dynamic
inter-domain
data
Transmission.

2. Challenges
• Interferences
• Complete Blocking
• Distortion
Wireless Channel
• Protocols are not designed for this use case.
No protocols are designed
for automotive in vehicle
communication.
Fail-Operational Behavior • System runs with failure.
Safe System
Fail Operational
System

3. Comparison of Wireless Technologies.
Data rate
Range Cost
Link Budget
ZigBee
Bluetooth
Wi-Fi

1. System
Architecture
Safety
Analysis
2. FMEA
3. MTTF
5. Reliability
4. Reliability
Block
Diagram.
Reliable = ASIL D
Source: ISO 26262 ASIL standard

9
Master Node
1
Safety
Analysis
2
4 3
5
Slave Node

10
2. Failure Mode and Effect Analysis (FMEA).
2.6. Severity ranking and
probability
2.5. Perform failure
Source: "Department of the Army, TM 5-698-4, Failure Modes, Effects and Criticality Analyses (FMECA) for Command, Control,
Communications, Computer, Intelligence, Surveillance, and Reconnaissance (C4ISR) Facilities, 29 September 2006."
1
Safety
Analysis
2
4 3
5
FMEA
2.1. Define the system and
Identify elements or
components.
2.2. Define Ground
Rules and Assumptions
2.3. System
Block
Diagram
2.4. Identify
Failure
modes
effects/causes
Methodology
The system is inside the car with
the shielding box. The master
node is at central system and
slave node is at rear axel
connected to the sensor to
control the wheel. Master and
Slave node sends or received data
via wireless channel.
•Overview of system failure by
research and brain storming.
•Assume severity and probability
values are according to system.
•Mission Time: 12hrs.
•Severity Classifications (IV to I).
•Probability levels(1 to 4).

4. Existing System Arch. in e-Car (II)
11
Node
(MSP430F5438)
Transceiver
(CC2520)
Power Supply
System
UART SPI
Networks
or
Systems.
Node
(MSP430F5438)
Transceiver
(CC2520)
UART SPI
Networks
or
Systems.
Master Node
Slave Node
ZigBee
Protocols
2.3 System Block Diagram.

12
FMEA Table
LOW HIGH
1, 1
1, 2
2, 2
Probability and Severity
3, 1
Moderate
1, 3
4, 3
1, 4
2, 1
3, 4
4, 2
1 2
3
4
5
1 2 3 4 5
Severity
Probability
Severity
HIGH
High risk
Moderate
Low
LOW

13
3. Mean Time To Failure.
• Measure of rate of failure in useful time for non-repairable systems.
• Formulas for MTTF, Failure Rate( ) and reliability (R) calculation. (Ref: mil-hdbk 338B
and mil-hdbk 217F version 1 and 2)
MTTF ( )  1/
- t -t/MTTF Re R(t)  e  e  liability
Failure Rate = base failure rate X temperature X stress X
environment X etc.. Failures/10^6 hours
For example :
Resistor
) (

Base failure
Power factor
Environment factor
b T P S Q E         res
Temp. factor
Power Stress
Quality factor

Example :
Resistors on MSP430 board:
base failure
Temperature Factor , for 120 degree centegrate
Power Stress Factor , for max. power stress 0.9
Quality Factor
Environmental factor , for environment GM, Ground, Mobile
Power factor
14
( )  0.0024 b 
( )  2.1 T 
( ) 1.9 S 
( )  0.03 Q 
( ) 16 E 
( )  0.3391 P 

15
MTTF of Resistor
-3
hours
failures
res 6
10
( ) 1.5586610
Total MTTF of Board = hours 5 9.8210
Reliability of Board = 6 999987.7 10 

16
3. Reliability Block Diagram (RBD).
• What is RBD? (Ref: mil-hdbk 338B)
1
Safety
Analysis
2
4 3
5
Reliability Block Diagram RBD
Types of RBD
3.1 Series 3.2 Parallel
3.3 Combine
Series & Parallel.

4.Reliability Block Diagram (RBD) of Existing System.
17
Master Node
1
Safety
Analysis
2
4 3
5
Networks
or
Systems.
Series Combination
ps u n sp tr ch Rs  R  R  R  R  R  R

18
5.Reliability Evaluation of System.
How we did:
R
FMEA
MTTF
RBD
• System Architecture.
• System Block diagram
• Mil-hdbk-338.
Components Reliability
• Component List
• Mil-hdbk-217F
(Process
Reliability)
(Passive
components)
Mission Time
12 hours
1
Safety
Analysis
2
4 3
5

R t
(t 12hrs) R (t) R (t) R (t) R (t) R (t) R ( ) ps u n sp tr ch
19
5.Reliability Evaluation of System.
 Calculations and Analysis:
Reliability in Series combination:
1
Safety
Analysis
2
4 3
      
5
(t) 
0.999956
s
R
s
0.36 10 failures/hrs. -5   
ASIL A
Suppose 40 million autos running
12hrs then failure will be 1760
autos.

5. Approach & Analysis to get Reliable System in eCar.
Approach System Design:
CHx
20
Transceiver1
(CC2520)
UART1 SPI1
Transceiver2
(CC2520)
UART-R
SPI2
ZigBee
Protocols
Networks
or
Systems.
CHr
CHy
Node1
(MSP430F5438)
Power Supply
System1
Power Supply
System2
Node2
(MSP430F5438)
UART2
Redundancy

Reliability Block Diagram:
21
Networks
or
Systems.
Rps1
Rps2
(t) R (t) R (t) R (t) R ( ) ps sys com ch R t
p
   
Ru1
Ru2
Rn1
Rn2
Rsp1
Rsp2
Rtr1
Rtr2
Rchx
Rchy
Rur
Rchr
Power System Controller System
Rps Rsys
Rch Rcom

Analysis:
22
R t
(t)  R (t)  R (t)  R (t) 
R ( )
p
R t
(  12hrs)  0.999999999  0.9999999996  1 
1
p
R (t) 0.999999995
-9

0.41666 10 failures/hour
p
ps sys com ch
 

ASIL D
Suppose 40 million autos running
12hrs then failure will be 0.2
autos.

6. Design of Fail-Operational System
Algorithm Design (I): Master Node2 monitoring Master Node1
Start
Is
UART-R
status
Ok?
YES
Is
Master
Node1
Ok?
Inform to
All Nodes.
Get Status
of Master
Node1
from
Wireless
Channel.
Inform to
All Nodes.
1
NO
NO
YES
Major Failure Levels
•UART-R failure
•Power Supply failure
•Node Failure
•Freeze
•Signal Blocked

24
Start
YES
Is Tx &
Rx
counter
increasing
CRC
BIT
Ok?
Switched
to backup
Channel.
Block data
send from
Master
Node1 to
Network.
2
Algorithm Design (II):
Start 1
NO
NO
YES
YES
Major Failure Levels
•Babling Idiot
Moderate Failure Levels
•Frame error

25
Start
YES
RSSI >
-80dBm?
50 >=
Corr.
Value
<= 108
?
Increase
Transmit
Power.
3
Algorithm Design (III):
2
Switched
to backup
Channel.
NO
NO
YES
YES
Moderate Failure Levels
•Path loss
•Distortion
•Signal Blocked

26
Start
YES
Is
Payload
size
equal?
YES
Frame
sequence
number
equal?
Block data
send from
Master
Node1 to
Network.
Algorithm Design (IV):
3
Send
data from
Master
Node1 to
Network.
END
NO
YES NO
Minor Failure Levels
•Payload mismatch
•Packet lost

7. Implementation
Channelstat. Tx. Power reset block n/w
Fig. Action Protocol
27
7.1 Redundant Fail-Operational Protocol - RFOP (I).
Status Actions RSSI Correl. CRC Fra. Sq. PayloadSize Tx. Count. Rx. Count.
Fig. Redundant Fail-Operational Protocol (RFOP) for UART
Redundant rUart1 rUart2 M. Node1 M. Node2 S. Node1 S. Node2
Fig. Status Protocol

7. Implementation
MAC Protocol
Fig. Redundant Fail-Operational Protocol (RFOP) for Wireless Channel
channelstat. Tx. Power reset block n/w
Fig. Action Protocol
28
7.1 Redundant Fail-Operational Protocol - RFOP (II).
Status Actions PayloadSize
Redundant rUart1 rUart2 M. Node1 M. Node2 S. Node1 S. Node2
Fig. Status Protocol

7. Implementation
29
7.1 Redundant Fail-Operational Protocol – RFOP (III).
MAC
header
RFOP for
wireless
FCS
..
Status, Action, RSSI,
Corr. val. , CRC, Fra. Sq.,
payload, Tx. Counter,
Rx. counter
Master Node1 Slave Node1
RFOP for UART
UART-R UART-R1
RFOP for UART
MAC
header
RFOP for
wireless
FCS
..
Master Node2 Slave Node2
Status, Action, RSSI,
Corr. val. , CRC, Fra. Sq.,
payload, Tx. Counter,
Rx. counter
RFOP for UART-R
How it works?

7. Implementation (Hardware-I).
30
FET connector
MSP430F5438 LCD
PWR
SPI
UART
SPI
LEDs
Header Ports (GPIOs)

7. Implementation (Hardware-II).
31
CC2520 Radio Module
Block diagram of CC2520
Features:
1. Excellent link budget (103dB).
2. Extended temp. range (-40 to +125°C).
3. DSSS transceiver.
4. Three flexible power modes.
5. Very good sensitivity (-98dBm).
6. High adjacent channel rejection.
7. 768 bytes on-chip RAM.
8. 4 wires SPI and 6 configurable GPIOs.
9. Many more…

7. Implementation (Hardware-III).
32
UART connection between Node and its redundant node:

7. Implementation (Hardware-III).
33
MSP430F5438 Board
CC2520EMK

7. Implementation (Software-I).
FreeRTOS
• FreeRTOS used as Operating System.
• Open source and royalty free.
• Priority based preemptive scheduling.
• Same priority tasks use round-robin fashion.
• Queues, binary semaphores, counting semaphores, recursive semaphores
34
and mutexes for communication and synchronisation between tasks, or
between real time tasks and interrupts.
• Available five different memory allocation and management algorithms
heap1 to heap5.
• Heap2 is favorable.
NOTE: reference from http://www.freertos.org/

7. Implementation (Software - II).
35
• Software Architecture Overview.

7. Implementation (Software - III).
36
• Software Architecture Detail.

8. Experiments(I).
37
Experiment Setup:
Master Node2
Or
Redundant Node
Master Node1
Slave Node2
Or
Redundant Node
Slave Node1
UART-R1
UART-R
Aluminum foil
Default Channel – 12 & 19
Backup Channel - 16 & 21
Transmit power – 3dBm
Max. Transmit Power – 5dBm

8. Experiments(II).
38
Test Case – I (UART failure):
UART1
Network
s or
Systems.
CH12
CH19
Master
Node1
Power
Supply
Sys1/Sys2
UART-R
Master
Node2
UART2
UART3
Networks
or
Systems.
CH12
CH19
Slave
Node1
Power Supply
Sys3/Sys4
Slave
Node2
UART4
UART-R1
Master Slave
Experiment Scenario 12

UART-R
UART-R1
8. Experiments(III).
39
Test Case – II (Node Failure):
UART1
Network
s or
Systems.
CH12
CH19
Master
Node1
Power
Supply
Sys1/Sys2
Master
Node2
UART2
UART3
Networks
or
Systems.
CH12
CH19
Slave
Node1
Power Supply
Sys3/Sys4
Slave
Node2
UART4
Master Slave
Experiment Scenario 1234

Tx Pow. 5dBm CH16 CH16 Tx Pow. 5dBm
UART-R
UART-R1
8. Experiments(IV).
40
Test Case – III (RSSI Decreases):
UART1
Network
s or
Systems. CH12
CH21 CH21
CH19
Master
Node1
Power
Supply
Sys1/Sys2
Master
Node2
UART2
UART3
Networks
or
CH12 Systems.
CH19
Slave
Node1
Power Supply
Sys3/Sys4
Slave
Node2
UART4
Tx Pow. 5dBm
Tx Pow. 5dBm
Master Slave

UART-R
UART-R1
8. Experiments(V).
41
Test Case – IV (Wireless Channel Failure):
UART1
Network
s or
Systems. CH12
CH16 CH16
CH19
Master
Node1
Power
Supply
Sys1/Sys2
Master
Node2
UART2
UART3
Networks
or
CH12 Systems.
CH19
Slave
Node1
Power Supply
Sys3/Sys4
Slave
Node2
UART4
CH21 CH21
Master Slave

9. Conclusion and Further works.
With using parallel redundant system we can have higher reliability
(ASIL D) of wireless automotive application and we have verified
mathematically using our research and methodologies.
The algorithm and protocol have been designed and implemented
using software architecture for controlling and monitoring nodes so
that even with single point failure system works in fail-operational
behavior.
42
Further works:
-UART connection can be replaced by wireless channel.
-Initial main component like CPU, Power supply etc. of system
check before other functions start.
-Integration in eCar.

Demonstration.

Thank You All!
Any questions or suggestion?

Reliability analysis of wireless automotive applications with transceiver redundancy.

More Related Content

What's hot

Similar to Reliability analysis of wireless automotive applications with transceiver redundancy.

Recently uploaded

Reliability analysis of wireless automotive applications with transceiver redundancy.

Editor's Notes