1 / 15

Onboard Diagnostics

Explore the network layer design with state diagrams and critical properties ensuring system safety and performance. Validate the model using Promela and Xspin for robust functionality.

Download Presentation

Onboard Diagnostics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Onboard Diagnostics Diagnostics III Project Manager: Dennis Kelly Documentation Manager: Paul Robinson Facilitator: Richard Ford Research Manager: Arif Momim

  2. Network Layer/Controller • Control logic of system responsible for the transmission of messages on a Controller Area Network (CAN) • Components • Segmentor • Reassembler • Timer

  3. Network Layer/Controller (cont.) • Functionality • Segmentation of messages • Reassembly of messages • Handling of timeouts and other errors • Conformance to ISO 15765-2 specifications • Models focus on operation of a single network controller • Reaffirms concept of connection-less communication • Handling of errors at every state • Faulty communication must not cause deadlock

  4. Network Layer/Controller (cont.) • Scenario - Send Segmented Message • Send N_USData.request • Send L_Data.request(FF N_PDU) • Receive L_Data.confirm(FF N_PDU) • Receive L_Data.indication(FC N_PDU) • Send L_Data.request(CF N_PDU) • Receive L_Data.confirm(CF N_PDU) • Send N_USData.confirm(N_OK)

  5. Network Layer/Controller (cont.) • Scenario - Send Segmented Message (cont.)

  6. Key Model - State Diagram • Models the behavior of the Network Layer • Shows how the Network Layer receives, processes, and delivers messages from one Diagnostics Application to another • Shows how the Network Layer responds to unexpected events such as a timeout or an unexpected Protocol Data Unit (PDU)

  7. Critical Properties • Safety Properties • Used to ensure that nothing undesirable will happen given a certain set of conditions • Liveness Properties • Used to ensure that something good eventually happens in the system

  8. Critical Properties (cont.) • Safety Properties • If an N_USData.confirm is issued, then an N_USData.request was issued at some prior point • If an N_USData.request is issued, then an N_USData.confirm is also issued • A timeout in sending an N_PDU by the network layer must cause an N_TIMEOUT_A to be issued to the application layer • If Node A is receiving a message from Node B, then Node B cannot be receiving a message from Node A

  9. Critical Properties (cont.) • Liveness Properties • Upon the start of the system, N_As(MAX), N_Ar(MAX), N_Cr(MAX) and N_WFTmax are set • If an L_Data.request is issued then an L_Data.confirm is eventually issued • If a timeout occurs in the data link layer then the transmission/reception of the message must stop and an N_USData.confirm must be sent to the application layer • If the network layer is waiting for a flow control, then it eventually receives an L_Data.indication

  10. Promela and Xspin • Liveness Properties • If an L_Data.request is issued, then an L_Data.confirm is eventually issued • If the network layer is waiting for a flow control then it eventually receives an L_Data.indication • Safety Properties • If an N_USData.confirm is issued, then an N_USData.request was issued at some prior point • Models Encoded • Send Unsegmented Messages state diagram • Send Segmented Message state diagram

  11. Results of Xspin Verification • In the course of verifying these properties, several inconsistencies in the state diagrams were encountered • Two states that served the same purpose were consolidated into a single state • A new variable was defined to help control the proper execution • All the critical properties were verified using Xspin

  12. Prototype • Network Service Data Unit (N_SDU) • Source Address (N_SA) • Target Address (N_TA) • User I/O • Send N_USData.request • Cause Timeout • Result_USDT

  13. Prototype (cont.) • Scenarios • Send Unsegmented Message • Send N_USData.request • Send L_Data.request(SF N_PDU) • Receive L_Data.confirm(SF N_PDU) • Send N_USData.confirm(N_OK) • Receive Unsegmented Message • Receive L_Data.indication(SF N_PDU) • Send N_USData.indication(N_OK)

  14. Prototype (cont.) • Scenarios (cont.) • Send Segmented Message • Send N_USData.request • Send L_Data.request(FF N_PDU) • Receive L_Data.confirm(FF N_PDU) • Receive L_Data.indication(FC N_PDU) • Send L_Data.request(CF N_PDU) • Receive L_Data.confirm(CF N_PDU) • Send N_USData.confirm(N_OK) • Receive Unsegmented Message • Receive L_Data.indication(FF N_PDU) • Send L_Data.request(FC N_PDU), Send N_USData_FF.indication • Receive L_Data.indication(CF N_PDU) • Send N_USData.indication(N_OK)

  15. Prototype (cont.) • Scenarios (cont.) • Send Unsegmented Message, timeout occurs • Send N_USData.request • Send L_Data.request(SF N_PDU) • Timeout occurs • Send N_USData.indication(N_TIMEOUT_A)

More Related