About the Customer:
Our customer is an electronics manufacturing company with expertise in various control systems used in automotive and other industries.
ISO 26262 compliant automotive applications involve exchange of safety-critical data amongst the ECUs. Safety-critical data must reach the intended node within the timeframe, in the correct sequence and without any loss of data.
The customer’s development team faced the challenge in implementing the required protection modules for exchange of safety-critical data. Although the customer had completed the concept phase and were ready with the technical safety-requirements (TSR) and safety-goals, implementation of some of the safety mechanism related to data transmission was posing considerable challenge.
In a nutshell,
- End-to-end protection mechanism were to be implemented to detect and handle faults in the communication link at run-time.
- Faults to be handled were mostly random hardware faults and systematic faults.
- Safety-mechanisms had to meet ASIL-C requirements.
In order to mitigate this challenge, the customer was looking for a technology partner with deep domain knowledge of ECU communication as well as ISO 26262 functional safety. Embitel totally fit the bill for both ISO 26262 and ECU communication expertise.
End-to-End protection module was designed based on the technical safety requirements provided by the customer.
Our automotive team divided the scope of the project into two parts- E2E profile development and CRC Library implementation.
- E2E protection profile based on AUTOSAR 4.4 version
The protection module ensured that:
- The safety-related data exchange at runtime is protected from effects of faults within the communication. Examples of such faults are random HW faults and systematic faults.
- By using E2E communication protection mechanisms, the faults in the communication link can be detected and handled at runtime. The E2E Library provides mechanisms for E2E protection, adequate for safety-related communication having requirements up to ASIL D.
The E2E data exchange protection module was designed to handle the following potential faults:
Repetition : Unintended message repetition due to the same message being unintentionally sent again.
Loss : message loss during transmission.
- Insertion : insertion of messages due to receiver unintentionally receiving an additional message, which is interpreted to have correct source and destination addresses.
- Incorrect Sequence : Re-sequencing due to the order of the data being changed during transmission, i.e., the data is not received in the same order in which it was sent.
- Message Corruption : Message corruption due to one or more data bits in the message being changed during transmission.
- Delay : Message delay due to the message being received correctly, but not in time.
- Blocking : Blocking access to data bus due to a faulty node violating the expected patterns of use and demanding unwarranted service, which in turn reduces its availability to other nodes.
- CRC Library Implementation as per AUTOSAR 4.4 version
The following cyclic redundancy check algorithms were developed and implemented to ensure the integrity of the data that is exchanged. The required version of the CRC can be chosen at runtime.
- CRC8: SAEJ1850
- CRC8H2F: CRC8 0x2F polynomial
- CRC32P4: CRC32 0x1F4ACFB13 polynomial
- CRC64: CRC-64-ECMA
We had assumed complete responsibility of E2E protection module development which left the customer with ample resources and bandwidth to execute development of the application parallelly.
The customer was able to integrate the E2E protection profile with the target environment without losing any time, thus reducing the turn-around time.
Since we went for AUTOSAR 4.4 implementation, all APIs were standardized, and compatibility issues were mitigated right from the start to ensure seamless integration.
Tools and Technologies:
- MPLAB with Embedded C
- E2E – AUTOSAR 4.4 Specification
- Infineon Microcontroller
- CAPL Script
- CANoE Environment