CAN network in real time on board systems

The network system of data exchange between the various components is an inherent element of every car. Because of the specific and different requirements for data transfer between specific devices, currently used communication protocols have different properties of performance, security, and degree of determinism. The paper presents the increasing complexity of the data exchange system based on the example of the latest requirements for digital tachographs. The article describes also the data transmission initialization methods in the context of network data exchange organization. The hybrid use of time triggering and event triggering mechanisms has been presented in relation to the operation of the CAN network under increased real-time conditions requirements implemented as TTCAN (time triggered CAN).


Introduction
Electronic systems of modern cars and their networks feature an increasing amount of circulating information as well as diversity in terms of the required level of time determinism or the security.
The network structure optimization must take into account many frequently contradictory criteria such as cost, weight of the system, expandability, and use of hardware and software security mechanisms.
Proper evaluation of the on-board solution is significantly difficult due to the complexity of modern network systems. A visible trend in the construction of automotive communication networks is the tendency for a strong integration of individual network subsystems allowing the exchange of information between any node or node groups across the network. The advantage of such solutions is the easy distribution of information from a single source to multiple receivers / subsystems, as well as the opposite: the possibility of redundant disposing of data from more than one source p. ex. for their verification. The negative consequence of strong network integration, however, is the increase of its vulnerability to unauthorized, and often undesirable, interference [21,22]. Apart from numerous ways of securing networks based on data encryption [20], one of the simplest methods is to isolate the part of bus that is critical for the security by physical isolation of the bus signal lines or using a gateway as the intermediate element.
An example of a highly autonomous system, based on many communication solutions, is the digital tachograph system described, among others, in [14,15,18], based on signal received from the motion sensor coupled to the drive system of the vehicle. Although the improper operation of this system has no direct effect on the vehicle security, the potential consequences of uncontrolled driving times make the relevant regulations and restrictions on its production, operation and transmission very restrictive. Recent regulations, [16,17] regulating the use of GNSS as a second source of motion data, add to the set of digital network protocols implemented by the ISO/IEC 7816-4:2013 the interface for data exchange between a vehicle unit and an external GNSS device. The smart tachograph described in this document has at least two precise sources of time, location and vehicle speed data.
Use of this information in accordance with the [19] will not be limited to the other car subsystems, but it will also be used in the group of technologies such as intelligent car sharing, fleet management system (FMS), advanced driver assistance system (ADAS) etc. The proposed access to motion data for recipients other than the tachograph recorder is located alternatively directly on the GNSS receiver or as a vehicle unit interface (VU) where it acts as a gate. From this point of view, the tachograph system reduces its autonomous character to function as part of a larger system.
Taking into account the deterministic temporal way of acquiring and using of vehicle motion data as well as the number of potential senders and recipients, it seems appropriate to make greater use of time-deterministic data exchange systems.

Time/event triggering
The current automotive data exchange networks link elements of the complex real-time system.
The effectiveness of such systems depends on both the results of the calculations and the time of their occurrence. The critical parameter for real time systems is the so-called deadline, indicating the time, until which the target specified in the operation of this system is reached. In other words, the execution of actions to be performed must be predictable over time. The problem of proper scheduling of these actions is getting complicated with the increase of amount of them and the restrictions on the data transmission and processing. The automotive mechatronic systems use mainly the serial transmission in which data is transmitted in the form of single bit streams one by one. If the line is busy with a data stream associated with one sender, it locks the flow of messages from others. The deterministic time access to the bus must be guaranteed to any sender being the network nod in order to ensure the real-time system predictability. Messages sent in real-time systems have varying deadline values. Assuming constant transmission speed and the known data packet dimension, the required time of arrival at the destination can be explicitly predicted by the time it begins transmitting. Transmission start is called triggering. In the most commonly used, in the automotive network, the communication protocol based on the CAN specifications, the initiation of the transmission occurs as a result of a specific event (event triggering). This type of triggering allows a maximum reduction of the response time between the input and output of the selected part of the processing process, provided the sender is free to access the bus. In real conditions, where the network is heavily loaded with data, the time from the occurrence of the event to the action undertaken by the message recipient must be within the significantly extended time deadline range.
Transmission initiation associated with a point in the timeline is called time triggering. In most cases, it is used for parts of a system based on data processed in a recurring manner with a fixed cycle. Under such conditions, the jitter on the assumed moment of receiving the message is minimal and the deadline time is strictly defined. A detailed description of the related issues is described in [1]. The best triggering system selection is the very complex task, and is often taken into consideration at the design stage of the object on which this system is implemented. Increasingly large amounts of data and requirements on the time predictability indicate the growing importance of timetriggering networks. Obviously the advantages of event triggering lead designers and manufacturers to develop solutions that combine both modes of transmission initiation such as FlexRay. An example of the time triggered CAN protocol (TTCAN) which features high adaptability to the most popular in automotive CAN systems, are described later in the article.

Time trigeered CAN
Time Triggered CAN (TTCAN) can be considered as a deterministic temporal extension of the network protocol described in specification that formerly described the data layer. ISO standards ISO 11898, based on the CAN specification, extend the scope of the description to the physical layer [2,3].
Specific for CAN the way of accessing the bus based on the arbitrary function CSMA/CD implicates a flexible degree of temporal detriment, mainly related to the assignment of the message identifiers to the object. In traditional CAN networks, the access to the bus is highly hierarchical, as the lowest ID has most privileged bus access. Assuming the uniqueness of identifiers, there is no possibility of imposing the equal degree of temporal determinism for the transmission of two different messages. For a classic CAN, the lower limit of deviation from the desired point on the time ax (jitter) can be determined by considering that the node with lowest ID should start transmitting while the transmission of any other message is already proceeding assuming, that the start of transmission can only occur when the line state is IDLE. This may result in, in the worst case, the delay in the transmission equal to bit lengths consisting of a full frame header (29 bits) and a maximal length of the data field provided for the CAN specification, ie 8 x 8 bit. Other elements of the frame such as ACK checksum, etc., have a fixed dimension. The "worst case" assumption should take into account the possibility of adding extra transmission time in conjunction with the occurrence of stuffing bits, which in extreme cases increases the transmission time by about 1/5 (20%).
The Time Triggering CAN (TTCAN) concept is based on so-called The System Matrix, in which the timing of the start of transmission is attributed to the message. The System Matrix, Illustrated schematically in Fig. 1, describing the full cycle of network data exchange consists on a finite (2^n) number of consequential Basic Cycles, which are defined as rows and a finite number of time windows within a single Basic Cycle which are called columns in the given description. Depending on the way of accessing the TTCAN bus, there are Exclusive time windows and Arbitrating time windows. In order to facilitate possible further extension of the network, there are also planned socalled Free windows which, as the name suggests, are not assigned to any message.
The presence of exclusive time widows is a fundamental feature of TTCAN, giving this network a highly deterministic character. The message attributed to the unique Exclusive time widow is delivered cyclically at specific times because of its constant position in the matrix system. In such cases there is no message hierarchy for bus access. Taking into account the different requirements of the object, in relation to ensuring the proper transmission of the message due to the appropriate type of information, specific messages can be assigned to more than one Exclusive time window. For example, in the diagram shown in Fig. 1 the message A is transmitted in the same frequency as the message C and four times more frequent than the message U.
The arbitrating time windows are used to allow the transmission of significant, though irregular or even occasional messages, while preserving their hierarchy.TTCAN uses here the CAN 2.0 arbitration mechanism, based on the binary bit identifier comparison. Although the size of a specific arbitration window results from the construction of the matrix system (the size of the column imposes the size of the window), there is the possibility to merge the consequential windows of this type, thus giving a window of equal size to their total length. Every network node, being a frame sender, has information included in the System Matrix, based on which the start of transmission of specific messages is set. The key issue is therefore the need to set up time mechanisms to synchronize the work of all senders. The basic feature for synchronizing network node work is the so-called Reference message, sent at the beginning of each Basic cycle (see Fig. 1). Reference message is a data frame, transmitted by a node that has Time Master function. The simplest form the reference message data field consists of one data byte, bearing the information about so called Next_Is_Gap. The time master identifier, contained in the reference message, is stored in the memory controller of each network node at the configuration stage so that the message is properly recognized. The receipt of a reference message by each network node initiates a network synchronization process to set the common time base clock in a so-called network time unit (NTU), equal to the nominal time of one bit. Thanks to this process, each of the node knows exactly when times windows, described by System Matrix, begin. The synchronization process is repeated at the beginning of each Basic cycle. As a result, the Cycle_Time is established at the beginning of each basic cycle. Cycle_time is set to zero at the start of a frame (SOF) bit, and it is incremented during the entire basic cycle. The correct Cycle_Time value appears at the end of the reference message as illustrated in Fig. 2.
The presented synchronization procedure refers to the so-called TTCAN Level 1. In conditions where enhanced synchronization quality, the use of global time or external clock synchronization are required, the Level 2 is used. In level 2 the reference message contains additional information about network time resolution (NTU_Res), discontinuity bit (Disc_Bit) and Master_Ref_Mark (MRM).
In this case NTU _Res refers to NTU based on the physical second. Disc_Bit signals discontinuity in global time with external clock correction. Global time is a uniform timeline for all nodes in the network. Global time view of every node is the sum of the Local Time and the Local Time offset. The local time offset is defined as the difference between the local time and the global time contained in reference message, received by the node, as MRM. The comparison of global time in consecutive basic cycles allows the correction of differences in local NTU caused by, for example, different clock drift (Typical oscillator has an accuracy of 20 to 5 ppm).
The time and the way to send and receive messages in the application is defined by Tx_Trigger and Rx_Trigger, which contains information about the associated time win-dow in the form of so called Time_Marks. The positive result of Time_Mark and Cycle_Time comparison means the occurrence of a specific Time Windows and consequently sending of a specific message or received message handing, as illustrated in Fig. 3.

Summary
The undisputable position of CAN-based communication networks in automotive applications proves their high efficiency and reliability. The fact that CAN is used in so many different applications, such as comfort or driving control systems also confirms their flexibility. However, the scope of on-board systems based on data interchange and processing is constantly growing, what is followed by the evolution of the network structure, and the development and deployment of alternative, to CAN, solutions. Among classic communication networks co-existing in a car, LIN, MOST, FlexRay should be listed. The use of ethernet-based protocols in the automotive industry is also strongly considered and discussed [5,6]. The reasons for looking for alternative data exchange systems are, for example, costs reduction -Lin development in comfort / body systems, the increase of transmission speeds -MOST, or the need to improve the security and reliability as in FlexRay, dedicated to future X-By-wire solutions. Practical implementations of these protocols indicate, however, that in some cases the achieved results are not satisfactory. As suggested by [10], the transmission baudrate in Flex Ray, assuming the use of all protection features defined for this protocol, doesn't differ significantly from the ones of CAN. Likewise, the cost of using Lin instead of CAN eventually does not show significant savings.
These problems may be addressed by a modification of the CAN data layer protocol for CAN FD [11][12][13]24] as well as its implications for the higher layers of the OSI model -TTCAN [7]. The comparison of protocols is presented in [4].
The TTCAN -specific transmission initiation, described in the article, allows in many cases to achieve assumed goals by the existing network structure evolving, without the need to use much more complex protocols such as FlexRay, although some of the mechanisms in the two standards are very similar.
The control of the traffic on the data bus, organized by time transmission initiation control rules introduction allows, for example, similarly as in Flex Ray, to introduce passive Bus Guardian nodes to ensure the correct transmission. The visible feature of TTCAN is the ability to override time triggered transmissions, on which basic cycles are based, by event triggered one. An example of the event that requires an event-triggering transmission may be the object failure state, what requires the time triggered information about the current circumstances or subsystem state.

Acknowledgement
The article funded under the project entitled "Development of innovative manufacturing technology of motion sensors to a new generation of digital tachographs, according to the common criteria EAL4 +." The subsidy contract No. UDA-POIG.01.04.00-28-004/11-00 under the measure 1.4 Support special projects of the priority axis 1