Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Construction of sfiCAN: a star-based fault-injection infrastructure for the Controller Area Network
1. Construction of sfiCAN: a star-based
fault-injection infrastructure for the
Controller Area Network
Alberto Ballesteros
Supervisors
Julián Proenza y Manuel Barranco
Universitat de les Illes Balears
3. Introduction
CAN
• The Controller Area Network (CAN) is a field bus
communication protocol
3
4. Introduction
CAN
• CAN is widely used in distributed embedded control
systems
– In-vehicle communication
– Factory automation
– Robotics
• Main benefits
– Low cost
– Good resilience to electromagnetic interferences
– Good real-time features
4
5. Introduction
CAN
• Error frame
• Overload frame
• Remote frame
• Data frame
5
6. Introduction
CAN
• CAN has been traditionally used in applications
in which faults can have very negative effects
• It is mandatory to evaluate the capacity of
these applications for dealing with faults
6
7. Introduction
A widely used technique to evaluate
high-dependable systems is fault injection,
which allows to observe efficiently
the response of the system
when errors do occur
7
8. Introduction
Fault injection
• Generic architecture of a fault-injection system
8
10. Introduction
Limitations of previous CAN fault-injection systems
• Low spatial resolution
• Low time resolution
• Traffic restrictions
• Modifications on the nodes
10
11. Introduction
Why is it so important to provide a fault-injection
system that does not show those limitations?
11
12. Introduction
Motivations for an adequate CAN fault-injection systems
• CAN is being incorporated in safety-related
systems
• New technologies are being developed to
improve dependability of CAN
12
13. Introduction
GOAL
To build a new fault-injection infrastructure
capable of reproducing complex fault scenarios and,
thus, to test the response of CAN-based applications
and protocols when these faults do occur
13
14. Introduction
To achieve this goal we developed a
physical fault-injection system called sfiCAN
14
19. Requirements
• The user must be capable of specifying the fault scenario by
means of an intuitive fault-injection specification language
• The user must be capable of retrieving the data collected during a
test
• SfiCAN must be able to force dominant and recessive values, as
well as the inverted value of the coupled signal
• SfiCAN must be able to reproduce scenarios involving several
simultaneous erroneous bit-patterns
• SfiCAN must be able to inject cascading erroneous bit-patterns
• SfiCAN must be able to inject faults without a previous
knowledge of the traffic
19
20. Requirements
• SfiCAN must be able to inject simple erroneous bit-patterns
• SfiCAN must provide enough spatial resolution to independently
affect the signal each node transmits/receives
• SfiCAN must provide enough time resolution to independently
modify the value of every single bit
• SfiCAN must be able to inject permanent and temporary faults,
including transient and intermittent ones
• SfiCAN must collect enough information during a test to allow
the user to check the behaviour of the system
20
21. Requirements
• SfiCAN must be able to inject simple erroneous bit-patterns
• SfiCAN must provide enough spatial resolution to independently
affect the signal each node transmits/receives
• SfiCAN must provide enough time resolution to independently
modify the value of every single bit
• SfiCAN must be able to inject permanent and temporary faults,
including transient and intermittent ones
• SfiCAN must collect enough information during a test to allow
the user to check the behaviour of the system
21
60. Test of sfiCAN
Bit-flipping
• The value of a bit is inversed
[fault injection 1]
value_type = inverse
target_link = port1dw
mode = single-shot
aim_filter = 0
aim_field = idle
aim_link = coupled
aim_count = 2
fire_field = data
fire_bit = 2
cease_bc = 1
60
61. Test of sfiCAN
Bit-flipping
• Oscilloscope screenshot
Transmitted
Received
61
62. Test of sfiCAN
Bit-flipping
• Loggers dump
Transmitter Receiver
Node 0 Node 1 Hub
1 Tx 123#00 Rx 123#00 Ok 123#00
Time 2 Er 123#01 Er 123#01 Er AckD(0)
3 Tx 123#01 Rx 123#01 Ok 123#01
4 Tx 123#02 Rx 123#02 Ok 123#02
62
64. Conclusions
We achieved the goal, we developed a physical
fault-injection system capable of reproducing
complex fault scenarios to test the response of
CAN-based applications and protocols
64
65. Conclusions
• Fault model
– Global/local faults
– Bit granularity
– Transient, permanent and intermittent
– Simple/complex scenarios
• Semantic faults to some extent
65
67. Articles and potential impact
Articles
D. Gessner, M. Barranco, A. Ballesteros, and J. Proenza,
Designing sfiCAN: a star-based physical fault injector for CAN,
in 16th IEEE International Conference on Emerging Technologies and
Factory Automation, 2011.
D. Gessner, M. Barranco, J. Proenza, and A. Ballesteros,
sfiCAN : a Star-based Physical Fault Injector for CAN networks,
2011.
67
68. Articles and potential impact
Potential impact
• sfiCAN has generated interest in a particular company
involved in the evaluation of high dependable systems
• Part of CANbids project
– CANcentrate
– ReCANcentrate
– Aggregated Error Flag Transmitter (AEFT)
68
69. Construction of sfiCAN: a star-based
fault-injection infrastructure for the
Controller Area Network
Alberto Ballesteros
Supervisors
Julián Proenza y Manuel Barranco
Universitat de les Illes Balears