This document summarizes a master's thesis presentation on reliability analysis of wireless automotive applications with transceiver redundancy. The presentation covers:
1) Problems with increasing sensors/integration in cars and the solution of using wireless transmission
2) Challenges of wireless communication in vehicles, including interferences and lack of dedicated protocols
3) A safety analysis of an existing wireless system in an electric car, including FMEA, MTTF calculation, and reliability block diagram
4) An approach and analysis to design a reliable redundant system in a car using parallel transceivers and channels analyzed through reliability block diagram and calculations.
Open Networking Better Networking Through ProgrammabilityTal Lavian Ph.D.
1st Degree of Emancipation:
Introverted APIs Emerge.
Modular code is native, local, and trusted. port required.
2nd Degree of Emancipation:
Extroverted APIs expose object capabilities to ISV code.
3th Degree of Emancipation:
Extroverted APIs extend a commodity Java runtime.
4th Degree of Emancipation:
ISV code is local/non-local, non-native, non-trusted, loaded on demand, and can teleport itself.
Time v Frequency Domain Analysis For Large Automotive SystemsAltair
It has been recognised since the 1960’s that the frequency domain method for structural analysis offers superior qualitative information about structural response; But computational and technological issues have held back the implementation for fatigue calculation until now. Recent technological developments have now enabled the practical implementation of the frequency domain approach and this paper will demonstrate this, with particular reference to the technology limitations that have been overcome, the resultant performance advantages, and accuracy. These techniques are of relevance to all the large automotive OEM’s as well as aerospace T1 suppliers and example case studies from these companies will be included.
Open Networking Better Networking Through ProgrammabilityTal Lavian Ph.D.
1st Degree of Emancipation:
Introverted APIs Emerge.
Modular code is native, local, and trusted. port required.
2nd Degree of Emancipation:
Extroverted APIs expose object capabilities to ISV code.
3th Degree of Emancipation:
Extroverted APIs extend a commodity Java runtime.
4th Degree of Emancipation:
ISV code is local/non-local, non-native, non-trusted, loaded on demand, and can teleport itself.
Time v Frequency Domain Analysis For Large Automotive SystemsAltair
It has been recognised since the 1960’s that the frequency domain method for structural analysis offers superior qualitative information about structural response; But computational and technological issues have held back the implementation for fatigue calculation until now. Recent technological developments have now enabled the practical implementation of the frequency domain approach and this paper will demonstrate this, with particular reference to the technology limitations that have been overcome, the resultant performance advantages, and accuracy. These techniques are of relevance to all the large automotive OEM’s as well as aerospace T1 suppliers and example case studies from these companies will be included.
Automatic test packet generation in networkeSAT Journals
Abstract Now a day’s we see that networks are widely distributed so administrators depends on various tools such as ping and traceroute to rectify the problem in the network. We proposed an automated and systematic approach for testing and debugging network called "Automatic Test Packet Generation"(ATPG). Initially ATPG reads router configuration and then generates a model which is device freelance. The model is used to generate the minimum number of test packets to cover every link and rule in network. ATPG is capable for detecting both functional and performance problems. Test packets are sent at regular intervals and special technique is used to localize faults. Keywords: Test Packet Generation Algorithm; Network Troubleshooting; Data Plane Analysis.
Robustness and Stability Analysis of a Predictive PI Controller in WirelessHA...IJECEIAES
As control over wireless network in the industry is receives increasing attention, its appli- cation comes with challenges such as stochastic network delay. The PIDs are ill equipped to handle such challenges while the model based controllers are complex. A settlement between the two is the PPI controller. However, there is no certainty on its ability to preserve closed loop stability under such challenges. While classical robustness measures do not require extensive uncertainty modelling, they do not guarantee stability under simultaneous process and network delay variations. On the other hand, the model uncertainty measures tend to be conservative. Thus, this work uses extended complementary sensitivity function method which handles simultaneously those challenges. Simulation results shows that the PPI controller can guarantee stability even under model and delay uncertainties.
Integrating fault tolerant scheme with feedback control scheduling algorithm ...ijics
In order to provide Quality of Service (QoS) in open and unpredictable environment, Feedback based
Control Scheduling Algorithm (FCSA) is designed to keep the processor utilization at the scheduling
utilization bound. FCSA controls CPU utilization by assigning task periods that optimize overall control
performance, meeting deadlines even if the task execution time is unpredictable and through performance
control feedback loop. Current FCSA doesn’t ensure Fault Tolerance (FT) while providing QoS in terms of
CPU utilization and resource management. In order to assure that tasks should meet their deadlines even
in the presence of faults, a FT scheme has to be integrated at control scheduling co-design level. This paper
presents a novel approach on integrating FT scheme with FCSA for real time embedded systems. This
procedure is especially important for control scheduling co-design of embedded systems.
A Sense-based Registration Process for TDMA in IEEE 802.11 Network qIJECEIAES
TDMA implementation offer better fairness and throughput in IEEE 802.11. To implement TDMA, new registration process is needed, because current registration mechanism can disrupt TDMA process. This paper proposes a sense-based TDMA registration process using service slot and random timer. Simulation result shows, by using our mechanism, we can reduce the number of unused timeslot, and for 10 new nodes, each node only need 7 ms to complete the registration process.
Cloud computing is a large-scale and complex distributed computing paradigm where the configurable resources (servers, storage, network, data and software applications) are provided as multi-level services via virtualization technologies. Software aging is the biggest problem in Cloud Application.
I propose a novel and holistic software rejuvenation based fault tolerance scheme to counteract aging obstacles for cloud applications.
First, an adaptive failure detection and aging degree evaluation approach is proposed to predict which cloud service components deserve foremost to be rejuvenated. Second, a component rejuvenation approach based on checkpoints with trace replay is proposed to guarantee the continuous running of cloud application systems.
Abstract: Design verification is an essential step in the development of any product. It ensures that the product as designed is the same as the product as intended. Software simulation is the common approach for validating hardware design unfortunately, it will take hours together to execute. Difficulties in validation arise due to the complexity of the design and also due to the lack of on chip observability. One common solution to this problem is to instrument the prototype using trace-buffers to record a subset of internal signals into on-chip memory for subsequent analysis. In the proposed system, an example circuit is implemented to perform the tracing operation and various trace buffers are designed to record the different stages of internal signal states. The resulting signal states are to be stored, like a error outputs. Low power methodologies are also implemented to achieve low power consumption. Thus the errors are separately stored in the memory for analyzing the signals. This might be used for changes in the logic wherever needed. Thus this tracing is performed to monitor signal states of an FPGA.
In considering the techniques that may be used for digital circuit testing, two distinct philosophies may be found, First is Functional Testing, which undertake a series of functional tests and check for the correct (fault free) 0 or 1 output response. It does not consider how the circuit is designed, but only that it gives the correct output during test and second one is Fault Modelling in whichto consider the possible Faults that may occur within the circuit, and then to apply a series of tests which are specifically formulated to check whether each of these faults is present or not.The faults which are likely to occur on the wafer during the manufacture of the ICs, and compute the result on the circuit output(s) with or without each fault present. Each of the final series of tests is then designed to show that a particular fault is present or not.
Automatic test packet generation in networkeSAT Journals
Abstract Now a day’s we see that networks are widely distributed so administrators depends on various tools such as ping and traceroute to rectify the problem in the network. We proposed an automated and systematic approach for testing and debugging network called "Automatic Test Packet Generation"(ATPG). Initially ATPG reads router configuration and then generates a model which is device freelance. The model is used to generate the minimum number of test packets to cover every link and rule in network. ATPG is capable for detecting both functional and performance problems. Test packets are sent at regular intervals and special technique is used to localize faults. Keywords: Test Packet Generation Algorithm; Network Troubleshooting; Data Plane Analysis.
Robustness and Stability Analysis of a Predictive PI Controller in WirelessHA...IJECEIAES
As control over wireless network in the industry is receives increasing attention, its appli- cation comes with challenges such as stochastic network delay. The PIDs are ill equipped to handle such challenges while the model based controllers are complex. A settlement between the two is the PPI controller. However, there is no certainty on its ability to preserve closed loop stability under such challenges. While classical robustness measures do not require extensive uncertainty modelling, they do not guarantee stability under simultaneous process and network delay variations. On the other hand, the model uncertainty measures tend to be conservative. Thus, this work uses extended complementary sensitivity function method which handles simultaneously those challenges. Simulation results shows that the PPI controller can guarantee stability even under model and delay uncertainties.
Integrating fault tolerant scheme with feedback control scheduling algorithm ...ijics
In order to provide Quality of Service (QoS) in open and unpredictable environment, Feedback based
Control Scheduling Algorithm (FCSA) is designed to keep the processor utilization at the scheduling
utilization bound. FCSA controls CPU utilization by assigning task periods that optimize overall control
performance, meeting deadlines even if the task execution time is unpredictable and through performance
control feedback loop. Current FCSA doesn’t ensure Fault Tolerance (FT) while providing QoS in terms of
CPU utilization and resource management. In order to assure that tasks should meet their deadlines even
in the presence of faults, a FT scheme has to be integrated at control scheduling co-design level. This paper
presents a novel approach on integrating FT scheme with FCSA for real time embedded systems. This
procedure is especially important for control scheduling co-design of embedded systems.
A Sense-based Registration Process for TDMA in IEEE 802.11 Network qIJECEIAES
TDMA implementation offer better fairness and throughput in IEEE 802.11. To implement TDMA, new registration process is needed, because current registration mechanism can disrupt TDMA process. This paper proposes a sense-based TDMA registration process using service slot and random timer. Simulation result shows, by using our mechanism, we can reduce the number of unused timeslot, and for 10 new nodes, each node only need 7 ms to complete the registration process.
Cloud computing is a large-scale and complex distributed computing paradigm where the configurable resources (servers, storage, network, data and software applications) are provided as multi-level services via virtualization technologies. Software aging is the biggest problem in Cloud Application.
I propose a novel and holistic software rejuvenation based fault tolerance scheme to counteract aging obstacles for cloud applications.
First, an adaptive failure detection and aging degree evaluation approach is proposed to predict which cloud service components deserve foremost to be rejuvenated. Second, a component rejuvenation approach based on checkpoints with trace replay is proposed to guarantee the continuous running of cloud application systems.
Abstract: Design verification is an essential step in the development of any product. It ensures that the product as designed is the same as the product as intended. Software simulation is the common approach for validating hardware design unfortunately, it will take hours together to execute. Difficulties in validation arise due to the complexity of the design and also due to the lack of on chip observability. One common solution to this problem is to instrument the prototype using trace-buffers to record a subset of internal signals into on-chip memory for subsequent analysis. In the proposed system, an example circuit is implemented to perform the tracing operation and various trace buffers are designed to record the different stages of internal signal states. The resulting signal states are to be stored, like a error outputs. Low power methodologies are also implemented to achieve low power consumption. Thus the errors are separately stored in the memory for analyzing the signals. This might be used for changes in the logic wherever needed. Thus this tracing is performed to monitor signal states of an FPGA.
In considering the techniques that may be used for digital circuit testing, two distinct philosophies may be found, First is Functional Testing, which undertake a series of functional tests and check for the correct (fault free) 0 or 1 output response. It does not consider how the circuit is designed, but only that it gives the correct output during test and second one is Fault Modelling in whichto consider the possible Faults that may occur within the circuit, and then to apply a series of tests which are specifically formulated to check whether each of these faults is present or not.The faults which are likely to occur on the wafer during the manufacture of the ICs, and compute the result on the circuit output(s) with or without each fault present. Each of the final series of tests is then designed to show that a particular fault is present or not.
Timing verification of real-time automotive Ethernet networks: what can we ex...RealTime-at-Work (RTaW)
Switched Ethernet is a technology that is profoundly reshaping automotive communication architectures as it did in other application domains such as avionics with the use of AFDX backbones. Early stage timing verification of critical embedded networks typically relies on simulation and worst-case schedulability analysis. When the modeling power of schedulability analysis is not sufficient, there are typically two options: either make pessimistic assumptions or ignore what cannot be modeled. Both options are unsatisfactory because they are either inefficient in terms of resource usage or potentially unsafe. To overcome those issues, we believe it is a good practice to use simulation models, which can be more realistic, along with schedulability analysis. The two basic questions that we aim to study here is what can we expect from simulation, and how to use it properly? This empirical study explores these questions on realistic case-studies and provides methodological guidelines for the use of simulation in the design of switched Ethernet networks. A broader objective of the study is to compare the outcomes of schedulability analyses and simulation, and conclude about the scope of usability of simulation in the desi gn of critical Ethernet networks
Challenges in Protection Relay Testing for Tomorrow’s Power Grid
Very many challenges related to protection relay testing are met today in the field and in the research industry.
There are often new and more complex applications such as wind turbines, very fast switching power electronics, photovoltaic cells and the battery and electric vehicle technologies. This implies among other things new converter topologies and smart grid considerations. These systems cannot be protected the same way as what was already being done, so this increases the complexity of the algorithms used.
Real-time simulation is a novel approach to design and test protection relay algorithms.
The RaPId Toolbox for Parameter Identification and Model Validation: How Mode...Luigi Vanfretti
RaPId is a recursive acronym for Rapid Parameter Identification. The toolbox was built within WP3 of the FP7 iTesla project. It uses Modelica models compiled in FMUs compliant with the FMI standard, which are imported into Simulink using the FMI Toolbox for Matlab/Simulink from Modelon. Within the Matlab environment, we have developed a plug-in architecture that lets the user choose many different (or even their own) optimization solvers for parameter calibration. Not to mention, you can choose any simulation solver available in Simulink (not just trapezoidal integration!)
Complete Simulation of IEC 101 Server as per Protocol Standard including File transfer. Support Balanced and unbalanced modes.
Add up to 50 server node in the simulator. Every server node will work independently.
User can update the monitoring Point information and quality bits. Send all type of commands, parameter activation, file transfer.
Features
Multiple Server Simulation
In a Single Server(link) simulate Multiple Stations (Common Address)
Mapping of Control Point to monitor Information point, consider C_SC point can map to M_SP point
Balanced & Unbalanced Mode
Supports "select-before-operate" or "direct-execute" command execution modes
supports File Transfer, Directory commands
On-demand transmission (single indications, analog )
Spontaneous transmission (single indications with time tag)
Clock synchronization
* License - Perpetual * One-time payment, royalty-free * Neither license manager nor dongle required.
Support all type of Typeid ASDU, APCI, APDU, Command activation, termination.
support all Cause of transmission (COT), Parameter in control direction
"Trans Failsafe Prog" on your BMW X5 indicates potential transmission issues requiring immediate action. This safety feature activates in response to abnormalities like low fluid levels, leaks, faulty sensors, electrical or mechanical failures, and overheating.
What Does the PARKTRONIC Inoperative, See Owner's Manual Message Mean for You...Autohaus Service and Sales
Learn what "PARKTRONIC Inoperative, See Owner's Manual" means for your Mercedes-Benz. This message indicates a malfunction in the parking assistance system, potentially due to sensor issues or electrical faults. Prompt attention is crucial to ensure safety and functionality. Follow steps outlined for diagnosis and repair in the owner's manual.
Symptoms like intermittent starting and key recognition errors signal potential problems with your Mercedes’ EIS. Use diagnostic steps like error code checks and spare key tests. Professional diagnosis and solutions like EIS replacement ensure safe driving. Consult a qualified technician for accurate diagnosis and repair.
Why Is Your BMW X3 Hood Not Responding To Release CommandsDart Auto
Experiencing difficulty opening your BMW X3's hood? This guide explores potential issues like mechanical obstruction, hood release mechanism failure, electrical problems, and emergency release malfunctions. Troubleshooting tips include basic checks, clearing obstructions, applying pressure, and using the emergency release.
In this presentation, we have discussed a very important feature of BMW X5 cars… the Comfort Access. Things that can significantly limit its functionality. And things that you can try to restore the functionality of such a convenient feature of your vehicle.
What Exactly Is The Common Rail Direct Injection System & How Does It WorkMotor Cars International
Learn about Common Rail Direct Injection (CRDi) - the revolutionary technology that has made diesel engines more efficient. Explore its workings, advantages like enhanced fuel efficiency and increased power output, along with drawbacks such as complexity and higher initial cost. Compare CRDi with traditional diesel engines and discover why it's the preferred choice for modern engines.
Comprehensive program for Agricultural Finance, the Automotive Sector, and Empowerment . We will define the full scope and provide a detailed two-week plan for identifying strategic partners in each area within Limpopo, including target areas.:
1. Agricultural : Supporting Primary and Secondary Agriculture
• Scope: Provide support solutions to enhance agricultural productivity and sustainability.
• Target Areas: Polokwane, Tzaneen, Thohoyandou, Makhado, and Giyani.
2. Automotive Sector: Partnerships with Mechanics and Panel Beater Shops
• Scope: Develop collaborations with automotive service providers to improve service quality and business operations.
• Target Areas: Polokwane, Lephalale, Mokopane, Phalaborwa, and Bela-Bela.
3. Empowerment : Focusing on Women Empowerment
• Scope: Provide business support support and training to women-owned businesses, promoting economic inclusion.
• Target Areas: Polokwane, Thohoyandou, Musina, Burgersfort, and Louis Trichardt.
We will also prioritize Industrial Economic Zone areas and their priorities.
Sign up on https://profilesmes.online/welcome/
To be eligible:
1. You must have a registered business and operate in Limpopo
2. Generate revenue
3. Sectors : Agriculture ( primary and secondary) and Automative
Women and Youth are encouraged to apply even if you don't fall in those sectors.
Core technology of Hyundai Motor Group's EV platform 'E-GMP'Hyundai Motor Group
What’s the force behind Hyundai Motor Group's EV performance and quality?
Maximized driving performance and quick charging time through high-density battery pack and fast charging technology and applicable to various vehicle types!
Discover more about Hyundai Motor Group’s EV platform ‘E-GMP’!
𝘼𝙣𝙩𝙞𝙦𝙪𝙚 𝙋𝙡𝙖𝙨𝙩𝙞𝙘 𝙏𝙧𝙖𝙙𝙚𝙧𝙨 𝙞𝙨 𝙫𝙚𝙧𝙮 𝙛𝙖𝙢𝙤𝙪𝙨 𝙛𝙤𝙧 𝙢𝙖𝙣𝙪𝙛𝙖𝙘𝙩𝙪𝙧𝙞𝙣𝙜 𝙩𝙝𝙚𝙞𝙧 𝙥𝙧𝙤𝙙𝙪𝙘𝙩𝙨. 𝙒𝙚 𝙝𝙖𝙫𝙚 𝙖𝙡𝙡 𝙩𝙝𝙚 𝙥𝙡𝙖𝙨𝙩𝙞𝙘 𝙜𝙧𝙖𝙣𝙪𝙡𝙚𝙨 𝙪𝙨𝙚𝙙 𝙞𝙣 𝙖𝙪𝙩𝙤𝙢𝙤𝙩𝙞𝙫𝙚 𝙖𝙣𝙙 𝙖𝙪𝙩𝙤 𝙥𝙖𝙧𝙩𝙨 𝙖𝙣𝙙 𝙖𝙡𝙡 𝙩𝙝𝙚 𝙛𝙖𝙢𝙤𝙪𝙨 𝙘𝙤𝙢𝙥𝙖𝙣𝙞𝙚𝙨 𝙗𝙪𝙮 𝙩𝙝𝙚 𝙜𝙧𝙖𝙣𝙪𝙡𝙚𝙨 𝙛𝙧𝙤𝙢 𝙪𝙨.
Over the 10 years, we have gained a strong foothold in the market due to our range's high quality, competitive prices, and time-lined delivery schedules.
What Does the Active Steering Malfunction Warning Mean for Your BMWTanner Motors
Discover the reasons why your BMW’s Active Steering malfunction warning might come on. From electrical glitches to mechanical failures and software anomalies, addressing these promptly with professional inspection and maintenance ensures continued safety and performance on the road, maintaining the integrity of your driving experience.
5 Warning Signs Your BMW's Intelligent Battery Sensor Needs AttentionBertini's German Motors
IBS monitors and manages your BMW’s battery performance. If it malfunctions, you will have to deal with an array of electrical issues in your vehicle. Recognize warning signs like dimming headlights, frequent battery replacements, and electrical malfunctions to address potential IBS issues promptly.
Things to remember while upgrading the brakes of your carjennifermiller8137
Upgrading the brakes of your car? Keep these things in mind before doing so. Additionally, start using an OBD 2 GPS tracker so that you never miss a vehicle maintenance appointment. On top of this, a car GPS tracker will also let you master good driving habits that will let you increase the operational life of your car’s brakes.
Tyre Industrymarket overview with examples of CEAT
Reliability analysis of wireless automotive applications with transceiver redundancy.
1. “Reliability analysis of wireless automotive
applications with transceiver redundancy.”
Final Presentation – Master Thesis:
Roshan Chulyada
(EEIT Master at FH-Rosenheim – University of Applied Science)
Supervisors: Prof. Dr.-Ing. Holger Stahl Advisor: Dipl.-Ing. Hauke Stähle
Prof. Dr. –Ing. Markus Stichler
09.10.2014 Final presentation - Master Thesis 1
2. Outline
1. Problems and Solution.
2. Challenges for Solution.
3. Comparison of Wireless technologies.
4. Safety Analysis of Existing System in eCar.
5. Approach and Analysis to get Reliable System in
eCar.
6. Design of Fail-Operational System.
7. Implementation.
8. Experiments.
9. Conclusion and Further works.
10. Demonstration
09.10.2014 Final presentation - Master Thesis 2
3. 1. Problems (I).
3
Increase comfort and safety.
Increase sensors (150), switches etc.
Increase integration efforts (inter domain)and complexity.
09.10.2014 Final presentation - Master Thesis
4. 1. Problem (II).
source: http://bainite.wordpress.com/category/cars/
09.10.2014 Final presentation - Master Thesis 4
6. 2. Challenges
• Interferences
• Complete Blocking
• Distortion
Wireless Channel
• Protocols are not designed for this use case.
No protocols are designed
for automotive in vehicle
communication.
Fail-Operational Behavior • System runs with failure.
Safe System
Fail Operational
System
09.10.2014 Final presentation - Master Thesis 6
7. 3. Comparison of Wireless Technologies.
Data rate
Range Cost
Link Budget
ZigBee
Bluetooth
Wi-Fi
09.10.2014 Final presentation - Master Thesis 7
8. 4. Safety Analysis of Existing System in eCar.
1. System
Architecture
Safety
Analysis
2. FMEA
3. MTTF
5. Reliability
4. Reliability
Block
Diagram.
Reliable = ASIL D
Source: ISO 26262 ASIL standard
09.10.2014 Final presentation - Master Thesis 8
9. 4. Safety Analysis of Existing System in eCar.
9
Master Node
1
Safety
Analysis
2
4 3
5
Slave Node
09.10.2014 Final presentation - Master Thesis
10. 4. Safety Analysis of Existing System in eCar.
10
2. Failure Mode and Effect Analysis (FMEA).
2.6. Severity ranking and
probability
2.5. Perform failure
Source: "Department of the Army, TM 5-698-4, Failure Modes, Effects and Criticality Analyses (FMECA) for Command, Control,
Communications, Computer, Intelligence, Surveillance, and Reconnaissance (C4ISR) Facilities, 29 September 2006."
1
Safety
Analysis
2
4 3
5
FMEA
2.1. Define the system and
Identify elements or
components.
2.2. Define Ground
Rules and Assumptions
2.3. System
Block
Diagram
2.4. Identify
Failure
modes
effects/causes
Methodology
The system is inside the car with
the shielding box. The master
node is at central system and
slave node is at rear axel
connected to the sensor to
control the wheel. Master and
Slave node sends or received data
via wireless channel.
•Overview of system failure by
research and brain storming.
•Assume severity and probability
values are according to system.
•Mission Time: 12hrs.
•Severity Classifications (IV to I).
•Probability levels(1 to 4).
09.10.2014 Final presentation - Master Thesis
11. 4. Existing System Arch. in e-Car (II)
11
Node
(MSP430F5438)
Transceiver
(CC2520)
Power Supply
System
UART SPI
Networks
or
Systems.
Node
(MSP430F5438)
Transceiver
(CC2520)
UART SPI
Networks
or
Systems.
Master Node
Slave Node
ZigBee
Protocols
2. Failure Mode and Effect Analysis (FMEA).
2.3 System Block Diagram.
09.10.2014 Final presentation - Master Thesis
12. 4. Safety Analysis of Existing System in eCar.
12
2. Failure Mode and Effect Analysis (FMEA).
FMEA Table
LOW HIGH
1, 1
1, 2
2, 2
Probability and Severity
3, 1
Moderate
1, 3
4, 3
1, 4
2, 1
3, 4
4, 2
1 2
3
4
5
1 2 3 4 5
Severity
Probability
Severity
HIGH
High risk
Moderate
Low
LOW
09.10.2014 Final presentation - Master Thesis
13. 4. Safety Analysis of Existing System in eCar.
13
3. Mean Time To Failure.
• Measure of rate of failure in useful time for non-repairable systems.
• Formulas for MTTF, Failure Rate( ) and reliability (R) calculation. (Ref: mil-hdbk 338B
and mil-hdbk 217F version 1 and 2)
MTTF ( ) 1/
- t -t/MTTF Re R(t) e e liability
Failure Rate = base failure rate X temperature X stress X
environment X etc.. Failures/10^6 hours
For example :
Resistor
) (
Base failure
Power factor
Environment factor
b T P S Q E res
Temp. factor
Power Stress
Quality factor
09.10.2014 Final presentation - Master Thesis
14. 4. Safety Analysis of Existing System in eCar.
3. Mean Time To Failure.
Example :
Resistors on MSP430 board:
base failure
Temperature Factor , for 120 degree centegrate
Power Stress Factor , for max. power stress 0.9
Quality Factor
Environmental factor , for environment GM, Ground, Mobile
Power factor
14
( ) 0.0024 b
( ) 2.1 T
( ) 1.9 S
( ) 0.03 Q
( ) 16 E
( ) 0.3391 P
09.10.2014 Final presentation - Master Thesis
15. 4. Safety Analysis of Existing System in eCar.
15
3. Mean Time To Failure.
MTTF of Resistor
-3
09.10.2014 Final presentation - Master Thesis
hours
failures
res 6
10
( ) 1.5586610
Total MTTF of Board = hours 5 9.8210
Reliability of Board = 6 999987.7 10
16. 4. Safety Analysis of Existing System in eCar.
16
3. Reliability Block Diagram (RBD).
• What is RBD? (Ref: mil-hdbk 338B)
1
Safety
Analysis
2
4 3
5
Reliability Block Diagram RBD
Types of RBD
3.1 Series 3.2 Parallel
3.3 Combine
Series & Parallel.
09.10.2014 Final presentation - Master Thesis
17. 4. Safety Analysis of Existing System in eCar.
4.Reliability Block Diagram (RBD) of Existing System.
17
Master Node
1
Safety
Analysis
2
4 3
5
Networks
or
Systems.
Series Combination
ps u n sp tr ch Rs R R R R R R
09.10.2014 Final presentation - Master Thesis
18. 4. Safety Analysis of Existing System in eCar.
18
5.Reliability Evaluation of System.
How we did:
R
FMEA
MTTF
RBD
• System Architecture.
• System Block diagram
• Mil-hdbk-338.
Components Reliability
• Component List
• Mil-hdbk-217F
(Process
Reliability)
(Passive
components)
Mission Time
12 hours
1
Safety
Analysis
2
4 3
5
09.10.2014 Final presentation - Master Thesis
19. 4. Safety Analysis of Existing System in eCar.
R t
(t 12hrs) R (t) R (t) R (t) R (t) R (t) R ( ) ps u n sp tr ch
19
5.Reliability Evaluation of System.
Calculations and Analysis:
Reliability in Series combination:
1
Safety
Analysis
2
4 3
5
(t)
0.999956
s
R
s
0.36 10 failures/hrs. -5
ASIL A
Suppose 40 million autos running
12hrs then failure will be 1760
autos.
09.10.2014 Final presentation - Master Thesis
20. 5. Approach & Analysis to get Reliable System in eCar.
Approach System Design:
CHx
20
Transceiver1
(CC2520)
UART1 SPI1
Transceiver2
(CC2520)
UART-R
SPI2
ZigBee
Protocols
Networks
or
Systems.
CHr
CHy
Node1
(MSP430F5438)
Power Supply
System1
Power Supply
System2
Node2
(MSP430F5438)
UART2
Redundancy
09.10.2014 Final presentation - Master Thesis
21. 5. Approach & Analysis to get Reliable System in eCar.
Reliability Block Diagram:
21
Networks
or
Systems.
Rps1
Rps2
(t) R (t) R (t) R (t) R ( ) ps sys com ch R t
p
Ru1
Ru2
Rn1
Rn2
Rsp1
Rsp2
Rtr1
Rtr2
Rchx
Rchy
Rur
Rchr
Power System Controller System
Rps Rsys
Rch Rcom
09.10.2014 Final presentation - Master Thesis
22. 5. Approach & Analysis to get Reliable System in eCar.
Analysis:
22
R t
(t) R (t) R (t) R (t)
R ( )
p
R t
( 12hrs) 0.999999999 0.9999999996 1
1
p
R (t) 0.999999995
-9
0.41666 10 failures/hour
p
ps sys com ch
ASIL D
Suppose 40 million autos running
12hrs then failure will be 0.2
autos.
09.10.2014 Final presentation - Master Thesis
23. 6. Design of Fail-Operational System
Algorithm Design (I): Master Node2 monitoring Master Node1
Start
Is
UART-R
status
Ok?
YES
Is
Master
Node1
Ok?
Inform to
All Nodes.
Get Status
of Master
Node1
from
Wireless
Channel.
Inform to
All Nodes.
1
NO
NO
YES
Major Failure Levels
•UART-R failure
•Power Supply failure
•Node Failure
•Freeze
•Signal Blocked
30.10.2014 Final presentation - Master Thesis 23
24. 6. Design of Fail-Operational System
24
Start
YES
Is Tx &
Rx
counter
increasing
CRC
BIT
Ok?
Switched
to backup
Channel.
Block data
send from
Master
Node1 to
Network.
2
Algorithm Design (II):
Start 1
NO
NO
YES
YES
Major Failure Levels
•Babling Idiot
Moderate Failure Levels
•Frame error
09.10.2014 Final presentation - Master Thesis
25. 6. Design of Fail-Operational System
25
Start
YES
RSSI >
-80dBm?
50 >=
Corr.
Value
<= 108
?
Increase
Transmit
Power.
3
Algorithm Design (III):
2
Switched
to backup
Channel.
NO
NO
YES
YES
Moderate Failure Levels
•Path loss
•Distortion
•Signal Blocked
09.10.2014 Final presentation - Master Thesis
26. 6. Design of Fail-Operational System
26
Start
YES
Is
Payload
size
equal?
YES
Frame
sequence
number
equal?
Block data
send from
Master
Node1 to
Network.
Algorithm Design (IV):
3
Send
data from
Master
Node1 to
Network.
END
NO
YES NO
Minor Failure Levels
•Payload mismatch
•Packet lost
09.10.2014 Final presentation - Master Thesis
27. 7. Implementation
Channelstat. Tx. Power reset block n/w
Fig. Action Protocol
27
7.1 Redundant Fail-Operational Protocol - RFOP (I).
Status Actions RSSI Correl. CRC Fra. Sq. PayloadSize Tx. Count. Rx. Count.
Fig. Redundant Fail-Operational Protocol (RFOP) for UART
Redundant rUart1 rUart2 M. Node1 M. Node2 S. Node1 S. Node2
Fig. Status Protocol
09.10.2014 Final presentation - Master Thesis
28. 7. Implementation
MAC Protocol
Fig. Redundant Fail-Operational Protocol (RFOP) for Wireless Channel
channelstat. Tx. Power reset block n/w
Fig. Action Protocol
28
7.1 Redundant Fail-Operational Protocol - RFOP (II).
Status Actions PayloadSize
Redundant rUart1 rUart2 M. Node1 M. Node2 S. Node1 S. Node2
Fig. Status Protocol
09.10.2014 Final presentation - Master Thesis
29. 7. Implementation
29
7.1 Redundant Fail-Operational Protocol – RFOP (III).
MAC
header
RFOP for
wireless
FCS
..
Status, Action, RSSI,
Corr. val. , CRC, Fra. Sq.,
payload, Tx. Counter,
Rx. counter
Master Node1 Slave Node1
RFOP for UART
UART-R UART-R1
RFOP for UART
MAC
header
RFOP for
wireless
FCS
..
Master Node2 Slave Node2
Status, Action, RSSI,
Corr. val. , CRC, Fra. Sq.,
payload, Tx. Counter,
Rx. counter
09.10.2014 Final presentation - Master Thesis
RFOP for UART-R
How it works?
31. 7. Implementation (Hardware-II).
31
CC2520 Radio Module
Block diagram of CC2520
Features:
1. Excellent link budget (103dB).
2. Extended temp. range (-40 to +125°C).
3. DSSS transceiver.
4. Three flexible power modes.
5. Very good sensitivity (-98dBm).
6. High adjacent channel rejection.
7. 768 bytes on-chip RAM.
8. 4 wires SPI and 6 configurable GPIOs.
9. Many more…
09.10.2014 Final presentation - Master Thesis
32. 7. Implementation (Hardware-III).
32
UART connection between Node and its redundant node:
09.10.2014 Final presentation - Master Thesis
34. 7. Implementation (Software-I).
FreeRTOS
• FreeRTOS used as Operating System.
• Open source and royalty free.
• Priority based preemptive scheduling.
• Same priority tasks use round-robin fashion.
• Queues, binary semaphores, counting semaphores, recursive semaphores
34
and mutexes for communication and synchronisation between tasks, or
between real time tasks and interrupts.
• Available five different memory allocation and management algorithms
heap1 to heap5.
• Heap2 is favorable.
NOTE: reference from http://www.freertos.org/
09.10.2014 Final presentation - Master Thesis
38. 8. Experiments(II).
38
Test Case – I (UART failure):
UART1
Network
s or
Systems.
CH12
CH19
Master
Node1
Power
Supply
Sys1/Sys2
UART-R
Master
Node2
UART2
UART3
Networks
or
Systems.
CH12
CH19
Slave
Node1
Power Supply
Sys3/Sys4
Slave
Node2
UART4
UART-R1
Master Slave
Experiment Scenario 12
09.10.2014 Final presentation - Master Thesis
39. UART-R
UART-R1
8. Experiments(III).
39
Test Case – II (Node Failure):
UART1
Network
s or
Systems.
CH12
CH19
Master
Node1
Power
Supply
Sys1/Sys2
Master
Node2
UART2
UART3
Networks
or
Systems.
CH12
CH19
Slave
Node1
Power Supply
Sys3/Sys4
Slave
Node2
UART4
Master Slave
Experiment Scenario 1234
09.10.2014 Final presentation - Master Thesis
40. Tx Pow. 5dBm CH16 CH16 Tx Pow. 5dBm
UART-R
UART-R1
8. Experiments(IV).
40
Test Case – III (RSSI Decreases):
UART1
Network
s or
Systems. CH12
CH21 CH21
CH19
Master
Node1
Power
Supply
Sys1/Sys2
Master
Node2
UART2
UART3
Networks
or
CH12 Systems.
CH19
Slave
Node1
Power Supply
Sys3/Sys4
Slave
Node2
UART4
Tx Pow. 5dBm
Tx Pow. 5dBm
Master Slave
09.10.2014 Final presentation - Master Thesis
41. UART-R
UART-R1
8. Experiments(V).
41
Test Case – IV (Wireless Channel Failure):
UART1
Network
s or
Systems. CH12
CH16 CH16
CH19
Master
Node1
Power
Supply
Sys1/Sys2
Master
Node2
UART2
UART3
Networks
or
CH12 Systems.
CH19
Slave
Node1
Power Supply
Sys3/Sys4
Slave
Node2
UART4
CH21 CH21
Master Slave
09.10.2014 Final presentation - Master Thesis
42. 9. Conclusion and Further works.
With using parallel redundant system we can have higher reliability
(ASIL D) of wireless automotive application and we have verified
mathematically using our research and methodologies.
The algorithm and protocol have been designed and implemented
using software architecture for controlling and monitoring nodes so
that even with single point failure system works in fail-operational
behavior.
42
Further works:
-UART connection can be replaced by wireless channel.
-Initial main component like CPU, Power supply etc. of system
check before other functions start.
-Integration in eCar.
09.10.2014 Final presentation - Master Thesis
44. Thank You All!
Any questions or suggestion?
09.10.2014 Final presentation - Master Thesis 44
Editor's Notes
Welcome Prof. and Introduction myself.
Current vehicles have more than 150 sensors and switches.
And it is still growing because of new features and customer requirements.
So, this will further increase the more complexity, cost and weight of the wiring harness.
3. Decrease vehicle weight, increases the fuel efficiency.
(source: http://bainite.wordpress.com/category/cars/)
1. Simple integration: No hares of connections of wires.
2. Almost 50kg weight will be reduced so it will increase fuel efficiency.
3. Placement of sensor will be easy. Also can put sensor in tyres etc.
Enable Dynamic inter-domain data transmission:
In wired system transmission goes through gateway only and chaotic design for inter-domain communication.
Now, from wireless we can use wireless channel between any of two domain.
Explanation example is in note book.
Electromagnetic interferences.
Same frequency signal can block – maybe hacker.
More noise from engines, vibrations or reflection cause path loss results Distortion
Even run with single point failure of some component.
Safety + Fail Operational System = Reliable System.
Bandwidth bluetooth: 1Mhz wifi: 22Mhz zigbee:2MHz
Data rate bluetooth: <1Mbps wifi: 10-105Mbps zigbee: 250kbps
No. of cell Nodes 8 2007 >65000
Latency Low High Low
Data rate <1Mbps 10-105Mbps 250kbps
component Cost Cheap expensive very cheap
Power consuption low high very low
Protocol overhead 158 bytes 31 58
range 10m 10-100m 10-400m
link Budget 97dB Low 103dB
Methodology for safety analysis
Automotive Safety Integrity Level (ASIL)
Our objective to get failure rate = 10-9 failure per hour which is ASIL D level.
From standard ISO 26262 automotive is safe or reliable if its ASIL D containment.
FMEA is a systematic techniques for failure analyze using component level or functional level of the system.
Qualitative analysis
FMEA – Qualitative analysis – from the research and environmental scenario we have decided the probabilities and severity.
3,1 – Software hang.
4,2 – Signal Distortion.
4,3 – Path loss.
Severity classification:
A) Category I - Catastrophic: A failure which may cause death or weapon
system loss (i.e., aircraft, tank, missile, ship, etc.)
B) Category II - Critical: A failure which may cause severe injury, major
property damage, or major system damage which will result in mission loss.
C) Category III - Marginal: A failure which may cause minor injury, minor
property damage, or minor system damage which will result in delay or loss
of availability or mission degradation.
D) Category IV - Minor: A failure not serious enough to cause injury, property
damage or system damage, but which will result in unscheduled
maintenance or repair.
Quantitative analysis
All values are from mil-hdbk 217F version 1 and 2.
Excel sheet for component list are from vendor.
From that table is created to calculate total MTTF – mean time to failure is rate of failure time.
Reliability Block Diagram (RBD) is a graphical representation of how the components of a system are connected from reliability point of view.
Reliability Block Diagram helps reliability analysis using a functional diagram to portray and analyze the reliability relationship of components in a system.
Reliability Block Diagram (RBD) is a graphical representation of how the components of a system are connected from reliability point of view.
Reliability Block Diagram helps reliability analysis using a functional diagram to portray and analyze the reliability relationship of components in a system.
For component reliability we calculate MTTF and we did not take consideration of process reliability that how board is develop and its processes.
Component list collected from vendor like Texas instruments, Murata, KOA etc.
Process reliability: How the board layers is developed and its MTTF.
Passive components on board: audio jack, IC, resistors, USB connector which is not actively connected with our ICS or which components we used from the board. All components from LCD also not included.
FMEA we came to know the failure components and causes to develop RBD.
We assume that one driver can only drive for 12 hrs in a day non-stop.
After the reliability analysis, to run the reliable system the algorithm is design for failure detection which again secure to more reliable system even in single point failure.
Whole redundant system is working without error on start.
Algorithm is designed for failure detection/monitoring and controlling.
Major Failure – Major failure level are more related with the system component which are most essential for running the system and to detect other failures.
Although in the FMEA graph, path lost and distortion are in High risk area these are not in Major failure level because without the detection of power supply failure, node failure, UART-R failure etc. it is not possible to detect the path lost and distortion in the wireless communication system.
4) Various type of failure levels are distinguished according to the effects on system.
If failure has effect on whole redundant system or on mission time then it is major failures.
Example: If one Node power supply is failed then drive may lost complete control over car.
5) Explanation of each cases.
1) Moderate Failure. – This failure level includes failures in which the wireless system may not be effected on complete failures and it can be overcome by remedies.
2)Babbling idiot – Channel occupies all the time rejecting others and does not follow the scheduling.
3) Only with valid frame we can detect the below failures.
High risk failures are in Moderate failure.
Link Quality can be determined by RSSI and Correlation value
Reflection of channel inside the shielding box and vibrations of car can cause Path loss and engine noise can cause distortion which results in bad frame quality and bad reception value RSSI (Receiver signal strength indicator).
Signal Block can happen if nothing is received although node status is fine and also if signal link quality is bad so it can be divided in Major and Moderate level.
Assumption, below -80dBm may lost the communication.
From the cc2520 data sheet, approx. less than 50 – bad frame quality and approx. 108 and less – good frame quality
Minor failure levels includes minor risk area and it has almost no effect on complete failure.
Even with this failure in one node other node can send the data to the network.
Payload size mismatch refer to data lost or payload corruption.
Packet lost determined by frame sequence number results in BER increase.
To implement the algorithm, protocol has been designed with reference to failure levels.
RFOP for UART-R and UART-R1
Node Status bit are set by itself.
Redundant bit is set and unset according to the ruart1 and ruart2 bits.
All the data in RSSI, Correl., CRC, Frame seq. payloadsize, tx count., rx. Count. is from received frame of one Node and send to another node or redundant node via UART.
Action protocol are send according to the failure of one node to another.
To implement the algorithm, protocol has been designed with reference to failure levels.
After 9bytes of MAC protocol, there are additional 14bytes for protocol design which now useful for redundant wireless to send status, actions and payloadsize.
If uart-r is failed then status can be sent via this RFOP wireless channel protocol.
The components used – for debug: JTAG, Power switches, System switches, UART and SPI connectors, MSP430 micorcontroller, LCD.
Passive component: - Audio volume, joystick, temp. sensor.
Features:
It incorporates a 16-bit RISC CPU that has access to 16kB of SRAM and 256kB of flash memory.
-various power saving modes to fulfill strict power consumption requirements.
-built-in hardware support for common serial communication interfaces such as I2C, SPI or UART.
-quartz crystal (32.768kHz ) on board that can be used as a timer clock source.
-ZigBee RF transceiver (IEEE 802.15.4).
-operating frequency is 2.4 GHz
-16 Orthogonal channel.
-payload size 125bytes.
-250 Kbps.
Link budget: transmitter output, receiver sensitivity, antenna gain, Free space loss, connector and cable loss, link margin etc.
DSSS modulation technique: http://www.telecomabc.com/d/dsss.html
Means spread spectrum technique.
-It is spread spectrum technique whereby the original data signal is multiplied with a pseudo random noise spreading code.
-Produce wideband time continuous scrambled signal.
-DSSS significantly improves protection against interfering (or jamming) signals, especially narrowband and makes the signal less noticeable.
Sensitivity:
Sensitivity in a receiver is normally taken as the minimum input signal (Smin) required to produce a specified output
signal having a specified signal-to-noise (S/N) ratio and is defined as the minimum signal-to-noise ratio times the mean
noise power.
Adjacent channel: if channel 13 is desirable then 12 and 14 are adjacent but 11 and 15 are alternate channels.
The CC2520 radio module can transmit frames on carrier frequencies from 2394MHz
to 2507MHz2. The carrier frequency is defined in steps of 1MHz.
Tx and Rx are connected and has common ground.
UART-R example connection but for all nodes its same.
SPI connection:
-the radio module is connected to the microcontroller via a serial peripheral interface (SPI) using four digital lines: Clock (SCLK), Master-In-Slave-Out (MISO), Master-Out-Slave-In (MOSI) and Chip Select (CS).
-The microcontroller acts as SPI master and the CC2520 radio module is the SPI slave. SPI is main interface to configure and transport data.
-MISO and MOSI provide bidirectional data communication between master and slave.
GPIO:
-They provide a more direct and also faster way of communication than the SPI interface.
-GPIO pins that are used as input can be driven high or low by the microcontroller to directly issue some of the SPI commands without using the SPI interface. This gives very precise control about the timing of certain commands because changing the output level of a microcontoller pin is fast and the commands are directly executed without delay.
-Output GPIO pins can be used to directly signal the occurrence of exceptions which trigger the interrupt at the microcontroller.
Signaling by GPIO to microcontroller are :
-SFD: This signal is raised each time the start of frame delimiter (SFD) of a frame is sent
or received. Slave nodes store the reception time of beacon SFDs and use this time
stamp to synchronize to the master node and correct their clock offset.
-FIFOP: The FIFOP signal is raised when a certain amount of bytes is received and
written to the rx buffer by the CC2520. It is also raised when a compelete packet is received and available in the CC2520’s rx buffer.
-TX FRM DONE: When a packet is successfully transmitted, this signal is raised.
-STXON: to enable receiver after transmission. Enable transmitter in node.
-FreeRTOS provides a priority based preemptive scheduling mechanism:
Tasks are assigned priorities and it is ensured that from the set of all currently runnable tasks, the task with the highest priority is active.
-HEAP2 is used because this scheme or algorithm can be used when the tasks are created and deleted dynamically with always same size of stack allocation.
-The implementation and functionality of the application depends on the ECU.
-The communication Controller is the main component. It is responsible for schedule execution, timeslot interval generation as well as node synchronization.
-MAC Logic controller is my propose layer to make the logics for controlling CC2520 and communication controller from which we can have control over transceiver.
-Because we can control from the mac layer services are: beacon loss/active, synchronization, power lost, logical channel support by PHY layer and also security services etc.
-cc2520 driver is used by communication controller to utilize spi and access to MSP430 hardware via SPI driver.
-UART drive is used by MAC logic layer for connection with redundant node/active node.
DB wireless In and DB wireless OUT are two databases (Double buffer) for external network.
UART TX and RX tasks are for controlling and maintaining the redundant node by issuing the actions, status etc.
HAL is Hardware Abstraction Layer different functionalities to access hardware layer by different tasks.
Explain from Master Beacon task and end at receiver task.
SPI commands always writes not read.