Dependable, safety-critical real-time (SCRT) systems are becoming increasingly important and complex. Examples of such systems are autonomous or self-driving cars which are poised to revolutionise the transport industry. A critical part of these SCRT systems is the network communication protocol that is used by components in an SCRT system to exchange data. Communication protocols for SCRT systems are required to exhibit predictable, worst-case execution times and thus have to be designed in a more static and less flexible way. To ensure this predictability, current state-of-art communication protocols for SCRT systems are based on the Time-Triggered Architecture (TTA), where static and equal-length time-slots are used for all nodes to access the communication channel, irrespective of the size of their transmission payload. This determinism forms the basis of predictable timing, behaviour and fault tolerance. However, this determinism comes at the cost of poor channel and bandwidth utilisation, which hinders the development of SCRT systems. In this paper, we propose a more flexible approach, INCUS+, that allocates the slot length of a node based on its transmission requirements in a Time Division Multiple Access (TDMA) round. We achieve this while retaining the level of dependability required for SCRT systems and ensuring fail-silence. We validate this through formal verification of the timing parameters for the transmission windows of all participating nodes as well as independent bus guardians. Our design exhibits a significant improvement in bandwidth and channel utilisation, as we demonstrate in an autonomous vehicle case study.
Read full abstract