| Summary: |
Dual-scheduled TDMA-based (DuST) medium access control protocols are a new class of medium access control protocols that was designed for safety-critical applications. In contrast with conventional TDMA-based protocols that support static scheduling only, DuST protocols support both static and dynamic scheduling.
The automotive industry, in particular, has shown great interest in these protocols and many car manufacturers, and automotive electronics companies, have formed a consortium for the development of a protocol of this kind, FlexRay. It is expected that FlexRay will be adopted as the next generation communication system for automotive applications, replacing both less flexible TDMA-based protocols, such as TTP/C, with static scheduling only, and protocols with dynamic scheduling only, such as CAN. The latter make it hard to assure that the hard real-time requirements of the applications are met, whereas the former provide no support for non-periodic traffic and as consequence are less bandwidth efficient when applications have mixed traffic requirements.
Because of the size of its potential market, tens of million cars are manufactured every year, and the safety of persons is at stake, this new class of TDMA protocols is very important and deserves careful scrutiny.
Virtually all work on DuST protocols has focused on basic communication services required for safety-critical applications. In this project, we will focus on higher-level services. We propose to investigate new algorithms for group-membership and reliable broadcast that take advantage of the dual scheduling capability of protocols such as FlexRay. It is widely accepted that such core services facilitate the systematic development of safety-critical applications.
The basic idea is to schedule the non-periodic traffic generated by these 'services in the part of the TDMA-cycle with dynamic scheduling. Therefore, in a "quiescent" state, when no aperiodic traffic is generated by these servic  |
Summary
Dual-scheduled TDMA-based (DuST) medium access control protocols are a new class of medium access control protocols that was designed for safety-critical applications. In contrast with conventional TDMA-based protocols that support static scheduling only, DuST protocols support both static and dynamic scheduling.
The automotive industry, in particular, has shown great interest in these protocols and many car manufacturers, and automotive electronics companies, have formed a consortium for the development of a protocol of this kind, FlexRay. It is expected that FlexRay will be adopted as the next generation communication system for automotive applications, replacing both less flexible TDMA-based protocols, such as TTP/C, with static scheduling only, and protocols with dynamic scheduling only, such as CAN. The latter make it hard to assure that the hard real-time requirements of the applications are met, whereas the former provide no support for non-periodic traffic and as consequence are less bandwidth efficient when applications have mixed traffic requirements.
Because of the size of its potential market, tens of million cars are manufactured every year, and the safety of persons is at stake, this new class of TDMA protocols is very important and deserves careful scrutiny.
Virtually all work on DuST protocols has focused on basic communication services required for safety-critical applications. In this project, we will focus on higher-level services. We propose to investigate new algorithms for group-membership and reliable broadcast that take advantage of the dual scheduling capability of protocols such as FlexRay. It is widely accepted that such core services facilitate the systematic development of safety-critical applications.
The basic idea is to schedule the non-periodic traffic generated by these 'services in the part of the TDMA-cycle with dynamic scheduling. Therefore, in a "quiescent" state, when no aperiodic traffic is generated by these services, the bus bandwidth reserved for dynamic scheduling may be used by other aperiodic traffic.
An example of this approach is illustrated by a group-membership protocol that we have designed. Group membership protocols comprise two basic tasks: failure detection and set agreement, i.e. group membership agreement. In that protocol we rely on static scheduled messages to perform failure detection, and perform set agreement in the dynamic scheduled part of a cycle only when a failure is detected.
In order to provide a higher assurance on the correctness of the proposed protocols, in addition to traditional "hand proofs", we will use formal methods, namely model checking. The correctness of core services that are intended to be used as building blocks of safety-critical applications is essential, as any flaw in such a service may lead to failure of the application. On the other hand, traditional "hand proofs" are very hard and even renowned researchers have published incorrect protocols with respective "proofs". By using model checking we intend to provide higher assurance on the correctness of our protocols.
Finally, we will develop models to evaluate the reliability of the proposed protocols. From a practical point of view, the reliability of a service intended for safety-critical applications is very important. In proving a protocol correct we make assumptions regarding the types, number and rate of faults that system components may have. However, in a real system, these assumptions will hold only with a given probability that must be estimated.
In summary, we propose to design group-membership and reliable broadcast protocols that take advantage of DuST protocols, prove them correct and assess their reliability. |