Search Results

FlexRay is a communication system targeted at, among other things, fault tolerant applications. In contrast to some other communication systems, FlexRay systems often contain a central device such as an active star. Due to their ability to isolate portions of the communication system central devices offer opportunities to mitigate certain faults. This paper presents several alternatives for the central device of a FlexRay system, specifically active stars, FlexRay switches, and Central Bus Guardians. The paper analyzes the fault detection, isolation and mitigation mechanisms of each central device based on available documentation and specifications.

High demands on advanced safety and driving functions, such as active safety and lane departure warnings, increase a vehicle's dependency on automotive electrical/electronic architectures. Hard real-time requirements and high reliability constraints must be satisfied for the correct functioning of these safety-critical features, which can be achieved by using the AUTOSAR (Automotive Open System Architecture) standard. The AUTOSAR standard was introduced to simplify automotive system design while offering inter-operability, scalability, extensibility, and flexibility. The current version of AUTOSAR does not assist in the replication of tasks for recovering from task failures. Instead, the standard assumes that architecture designers will introduce custom extensions to meet such reliability needs. The introduction of affordable techniques with predictable properties for meeting reliability requirements will prove to be very valuable in future versions of AUTOSAR.

Among the several enhancements in AUTOSAR Release 4.0 is the addition of an End-to-End (E2E) Communication Protection Library. This library defines several E2E profiles, each of which implements a combination of End-to-End protection mechanisms such as sequence counters, data IDs and CRCs. Two of these profiles, Profiles 1 and 2, are intended to protect inter-ECU communication via databus systems like FlexRay or CAN, and are designed to address various communication faults. Although the AUTOSAR specification includes detailed descriptions of the profiles, it provides only limited insight about the fault coverage that can be obtained when using these profiles to detect communication faults. This paper focuses on the fault detection capabilities that profiles 1 and 2 offer with respect to message corruptions.

FlexRay is a time triggered automotive communication protocol that connects ECUs (Electronic Control Units) on which distributed automotive applications are executed. If exact agreement (e.g. on physical values measured by redundant sensors on different ECUs) must be reached in the presence of asymmetric communication faults, a byzantine agreement protocol like Signed Messages (SM) can be utilized. This paper gives examples of how byzantine faults can emerge in a FlexRay-based system and proposes optimizations for a FlexRay-specific implementation of the SM protocol. The protocol modifications allow for a reduction in the number of protocol messages under a slightly relaxed fault model, as well as for a reduction in the number of messages to be temporarily stored by the ECUs.