The car's the star

The car’s the starManufacturers are going all out to create the electronics car of the Millennium by introducing extra gadgets to make you feel safer. Volvo is one manufacturer working to ensure that they all meet the real-time constraints of a distributed multiprocessor machine. Roy Rubenstein sits behind the wheel
If the risks drivers take are directly related to how safe they feel, then road travel is set to get a whole lot worse.
That’s because car manufacturers are now talking about having as many as 20 airbags per vehicle, including ‘air curtains’ which trigger down the side of the car. Designers are even coupling ultrasonic sensors to airbags to calculate the optimum triggering based on the occupant’s position.
Airbags are just one example of the increasing functionality being introduced into cars. Others include stability control as found in the Mercedes A-Class, and radar cruise control to discourage you from piling into the car in front. Taking all these gizmos into account, it becomes evident that cars are quickly becoming 70mph real-time distributed multiprocessor systems.
The latest Volvo S80, for example, has 18 control units – some containing multiple processors – to give a total of 30 microcontrollers. These are linked using two separate controller area network (CAN) buses, the multiplexed bus standard developed to connect hundreds of control units in a distributed system (see box). CAN at a glance The controller area network (CAN)bus transmits packets of data known as frames. Each frame has two elements: an identifier and a data area holding up to eight bytes. The identifier – as suggested by the name – distinguishes between the frames. It also determines the frame’s priority. The Volvo S80 uses two CANbuses – one linking the powertrain and engine management unit and operating at 250kbit/s, and the other at 125kbit/s for the car doors and lights. Exploiting the schedulability analysis, Volvo runs the higher speed CAN with a 60 per cent bus loading while the slower one is at 55 per cent.  
This trend of increasing signalling within cars – growing at up to ten per cent per annum – and the rise in software complexity is something that manufacturers have recognised for a while.
In particular, it has raised the issue of ensuring that all the real-time issues – such as the timely triggering of an airbag – are met as greater numbers of interacting units are added to the CAN-bus. It is a problem that Dr Ken Tindell, chief technology officer at Northern Real Time Applications, has been grappling with in his work with Volvo.
“Volvo spotted the trend of the huge growth in signalling early on,” said Tindell. Testing to see that the systems work correctly has traditionally involved loading the CAN-bus and driving the car.
“A typical car model has a 4 billion hour life – the number of drivers multiplied by the vehicle’s average life – whereas the testing involves some 50 cars and a few hundred hours of driving,” said Tindell. When cars were simpler such testing was adequate in covering all the possible conditions, but not now. “Volvo concluded that with the increasing loading on the [CAN] bus, it couldn’t test for real-time performance,” he said.
Enter Tindell with his expertise in ‘schedulability analysis’. This branch of mathematical theory enables the analysis of messages with differing priorities – such as those sent on the CAN bus – to determine the worst case timings. Using the technique, Volvo developed a ‘frame compiler’ which takes all the signals involved and works out the worst case interactions. “For each [CAN] message you can see the longest latency,” said Tindell.
Once such an analysis is available, ‘what-if’ questions can be asked. If a CAN message fails to get to one of the receivers in time, the system can be fine tuned. “You can increase the message’s priority or decrease its time,” said Tindell.
A further consequence of the analysis work was that three bus transmit buffers is the most efficient configuration for a CANmicrocontroller. If anything less is used then there is a risk of ‘priority inversion’, where a higher priority event cannot get out onto the bus due to a lower priority one blocking its access. And if more than three buffers are used, then the microcontroller’s cost goes up unnecessarily. Working with Motorola the result was the 8-bit msCAN controller which Volvo has used in the S80.
“In automotive it’s all about shaving off 10? here and there,” explained Tindell.

Leave a Reply

Your email address will not be published. Required fields are marked *