基于TTP/C协议线控刹车系统仿真的设计与实现
|
摘要
随着人类科学技术的进步,汽车制动系统走过了由机械液压传动到电子控制的历程。但汽车电器的增加,同样使汽车电器之间信息交互的桥梁——线束占据了车内的有效空间,增加了装配和维修的难度,提高了整车成本,而且妨碍了整车可靠性的提高。随着信息技术日益渗透到各个行业中去,网络化成为汽车电子技术发展的必然趋势。
汽车网络化的发展使原有的很多控制方式发生了革命性的变化。目前各大汽车厂商投巨资开发基于车用网络的X-线控技术,在未来将是汽车中十分重要的技术。这种系统是从飞机控制系统引来的,但技术的日益成熟和成本的下降使之可以引入到汽车驾驶上,就成为线控驾驶,应用到制动上就有线控刹车BBW。
本文在介绍了汽车网络的发展历程、种类以及刹车系统采用线控形式的必要性,并分析比较了各种车用网络性能之后,选用TTP/C协议作为线控刹车系统的通信网络协议。在整个设计和实现仿真的过程中,主要做了以下工作:
首先,对TTP/C协议作了简要的分析。TTP/C协议的网络由各个节点和两条互冗的信道组成,节点中的MEDL和CNI是最重要的两部分,是协议的核心。同时协议也可以按照功能分为不同的逻辑层次,这些层次是TTP/C控制器的功能描述。协议只定义了两种帧在通信网络上传输:I -帧和N-帧,节点在传送这些帧的时候,以TDMA为媒体访问方式。节点在运行时,根据不同的情况可以有多个模态,因此传送的N-帧的数据也就有所不同,这些信息都存放在MEDL中。以上的结构和机制使TTP/C协议在可靠性方面有更为良好的表现。协议使用总线保护器,从根源上克服了以事件触发方式的车用网络无法避免的混串音故障,并结合成员关系算法,使出现在时域和值域上的故障在一个TDMA周期内就能得以发现。这些特点使此网络协议适合应用到对可靠性要求非常高的系统中去。
其次,在不影响对线控刹车系统进行仿真的前提下,对协议的功能进行了裁减,实现了协议的软件仿真模型。协议中的数据结构、算法以及总线保护器和物理信道都是模拟的对象。
对于数据结构中的常量参数,有的是协议中已经定义好的了,有的则是需要设计者自己来设定,如信道传输速度和帧中的数据域长度等等。CNI的数据结构包括状态区、控制区和报文区三部分。由于整个数据结构非常复杂,所以在定义时先定义三个区中的各个域,然后合成到各个区中,最后形成CNI数据结构。在定义裁减掉的域的时候,有的定义了没有用到,有的根本就没有定义。对于MEDL中的数据结构,很多和模拟无关的参数,根本就没有定义;模态地址入口中的一些数据结构协议中没有具体给出,本模型中添加了很大一部分参数。
实现成员关系确认算法时,模型中建立了状态图。对于总线保护器,也是利用状态图来实现模拟的。
物理信道是按总线型设计的,这就意味着每个节点都要有自己的总线保护器。由于信道只是一种数据结构,无法完成编解码功能以及时钟的漂移,所以各个节点要加入模拟的时钟漂移,来实现对时钟同步算法的模拟。
再次,是对刹车系统进行了设计。对踏板进行了冗余设计,两个踏板节点互为备份,并行运行。另外,正确的读取踏板节点的传感器采样值也是非常重要的,因此设置了四个踏板传感器,两个位置传感器和两个力传感器。当两个位置传感器采样得到的值相差很大时,力传感器就起到了判定的作用。在判定的时候,首先计算出力传感器的特征值,然后根据两个位置传感器值的不同情况得出传感器的最终值,最后和最近一次用到的传感器的最终值相比较,以判定这个值是否合法。以上采取的措施都是为了加强系统的可靠性。
由于刹车节点有四个,即使有一个不工作了,其它三个仍然会让汽车停下来,所以就没有做冗余设计,但当它们有一个、两个、三个甚至全出故障的时候需要加以处理。刹车节点在侦测到自己出错的时候要把出错信息传送给踏板节点。
刹车系统的最终目的是要在踏板踏下时执行制动的功能,因此就要对计算出的制动力进行执行,制动执行器在实际的系统中是一个闭环系统。这样,一个完整的刹车系统就设计出来了。
最后,根据线控刹车系统的功能需求,为集群中的节点划分了相应的时隙。然后为每个节点设定了MEDL参数,这些参数主要是和时域相关的,如时隙的长度、TDMA周期的长度以及各个计时器超时等,另外还确定了系统的模态和各个节点的时钟偏移量。为了增强系统的可维护性,各个节点的MEDL是以文件的形式存放的,存放形式要遵循一定的规则。C-SIM函数库具有简单、速度快、可移植性和可重用性好等优点,因此使用它为集群模型建立了以下线程:信道线程、控制器线程、计时器线程、总线保护器线程和主机线程。最后用C++Builder实现了仿真软件的界面开发,为了方便观察系统的运行情况,界面中含有成员关系向量、空帧向量和本地时钟的偏移指示;为了达到直观的效果,各个节点和总线保护器的不同状态用不同的颜色加以表示;为了简单的检验一下刹车系统的可靠性,设置了可以直接把某个或多个节点关闭复选框。如上所述,完成了对整个线控刹车系统的仿真。
目前,国产汽车距网络化还有一定距离,通过本文的工作,希望对我国汽车网络应用提供有意义的参考价值。
Along with the technical development in human science, the automotive brake system develops from the mechanical and fluid drive to the electronic control. But the increment of the electric appliances in the vehicle makes the wiring harness occupy too much the automotive room, making it difficult to assemble and maintain, increasing the whole vehicle costs, hindering the dependability. With the information technology developing more and more deeply, the vehicle network becomes the inevitable tendency.
The development of the vehicle network changes the automotive control methods revolutionarily. Currently, several automotive manufacturers invest a lot of funds to develop the X-by-wire technique based on the vehicle network, and in the future, this will be an important technique in vehicles. This kind of system comes from the airplane control system, but the maturity of the technique and the descent of the cost lead to the vehicle application at last, becoming drive-by-wire, applying to the brake system is brake-by-wire.
In this article, after presenting the kinds and the development process of the vehicle network, as well as comparing several kinds of the vehicle network function, the TTP/C protocol is used as the network the brake-by-wire system is based on. In whole design and implementation process, the main work is as following:
First, the TTP/C is analyzed briefly. TTP/C protocol network is composed of nodes and two channels that are redundant with each other, and the CNI and MEDL in the nodes is the most important part. The protocol also can be divided into several different logical levels; these levels are functions of the TTP/C controller. There are two kinds of frames defined in the protocol: the initialization frame and the normal frame. The frames are transmitted in the TDMA mode. All nodes, according to different circumstances, can operate in several modes, therefore the data delivered in the normal frame may be different, the information is stored in the MEDL. The construction makes TTP/C protocol to have the better performance in the dependablity. The protocol uses the bus guardian to protect the communication channel from babbling-idiot failure thoroughly, which is unavoidable in the event triggered protocol, combining the membership algorithm, the failure in the value domain and the time domain can be detected in onr TDMA round. These characters make this network protocol suite to apply to the system requesting very high dependablity.
In the next place, the function of the protocol is cut, and the model is implemented, but it does not affect the brake-by-wire simulating system. The data structure, algorithm and bus guardian are all simulating objects.
To the constant parameters in the data structure, some are defined in the protocol, the others are needed to be set up, such as the speed of the channel transmission and the length in the frame data area etc. The CNI data structure includes the state area, the control area and the message area. Because the whole data structure is very complicated, so it is wise first to define each fields of the area, then to synthesize in each area inside, and finally to become the CNI data structure. In defining the cut fields, some are defined but not to be used, the others are not defined at all. For the data structure in the MEDL, the irrelevant parameter are not defined at all; some data structures of the mode address entrance have not been given, in this model, these parameters are added to the entrance.
To realize membership algorithm, the state machine is established in the model. For the bus guardian, the state machine is also used to realize the simulation.
The physical channel is designed to be a bus format; this means that each node has its own bus guardian. Because of no code and decode function and clock drift since the bus is only a data structure, the virtual clock drift is needed to be set to realize clock synchronization algorithm.
Thirdly, it is time to design the brake system. The pedal node is designed to be redundant; two pedal nodes are
汽车网络化的发展使原有的很多控制方式发生了革命性的变化。目前各大汽车厂商投巨资开发基于车用网络的X-线控技术,在未来将是汽车中十分重要的技术。这种系统是从飞机控制系统引来的,但技术的日益成熟和成本的下降使之可以引入到汽车驾驶上,就成为线控驾驶,应用到制动上就有线控刹车BBW。
本文在介绍了汽车网络的发展历程、种类以及刹车系统采用线控形式的必要性,并分析比较了各种车用网络性能之后,选用TTP/C协议作为线控刹车系统的通信网络协议。在整个设计和实现仿真的过程中,主要做了以下工作:
首先,对TTP/C协议作了简要的分析。TTP/C协议的网络由各个节点和两条互冗的信道组成,节点中的MEDL和CNI是最重要的两部分,是协议的核心。同时协议也可以按照功能分为不同的逻辑层次,这些层次是TTP/C控制器的功能描述。协议只定义了两种帧在通信网络上传输:I -帧和N-帧,节点在传送这些帧的时候,以TDMA为媒体访问方式。节点在运行时,根据不同的情况可以有多个模态,因此传送的N-帧的数据也就有所不同,这些信息都存放在MEDL中。以上的结构和机制使TTP/C协议在可靠性方面有更为良好的表现。协议使用总线保护器,从根源上克服了以事件触发方式的车用网络无法避免的混串音故障,并结合成员关系算法,使出现在时域和值域上的故障在一个TDMA周期内就能得以发现。这些特点使此网络协议适合应用到对可靠性要求非常高的系统中去。
其次,在不影响对线控刹车系统进行仿真的前提下,对协议的功能进行了裁减,实现了协议的软件仿真模型。协议中的数据结构、算法以及总线保护器和物理信道都是模拟的对象。
对于数据结构中的常量参数,有的是协议中已经定义好的了,有的则是需要设计者自己来设定,如信道传输速度和帧中的数据域长度等等。CNI的数据结构包括状态区、控制区和报文区三部分。由于整个数据结构非常复杂,所以在定义时先定义三个区中的各个域,然后合成到各个区中,最后形成CNI数据结构。在定义裁减掉的域的时候,有的定义了没有用到,有的根本就没有定义。对于MEDL中的数据结构,很多和模拟无关的参数,根本就没有定义;模态地址入口中的一些数据结构协议中没有具体给出,本模型中添加了很大一部分参数。
实现成员关系确认算法时,模型中建立了状态图。对于总线保护器,也是利用状态图来实现模拟的。
物理信道是按总线型设计的,这就意味着每个节点都要有自己的总线保护器。由于信道只是一种数据结构,无法完成编解码功能以及时钟的漂移,所以各个节点要加入模拟的时钟漂移,来实现对时钟同步算法的模拟。
再次,是对刹车系统进行了设计。对踏板进行了冗余设计,两个踏板节点互为备份,并行运行。另外,正确的读取踏板节点的传感器采样值也是非常重要的,因此设置了四个踏板传感器,两个位置传感器和两个力传感器。当两个位置传感器采样得到的值相差很大时,力传感器就起到了判定的作用。在判定的时候,首先计算出力传感器的特征值,然后根据两个位置传感器值的不同情况得出传感器的最终值,最后和最近一次用到的传感器的最终值相比较,以判定这个值是否合法。以上采取的措施都是为了加强系统的可靠性。
由于刹车节点有四个,即使有一个不工作了,其它三个仍然会让汽车停下来,所以就没有做冗余设计,但当它们有一个、两个、三个甚至全出故障的时候需要加以处理。刹车节点在侦测到自己出错的时候要把出错信息传送给踏板节点。
刹车系统的最终目的是要在踏板踏下时执行制动的功能,因此就要对计算出的制动力进行执行,制动执行器在实际的系统中是一个闭环系统。这样,一个完整的刹车系统就设计出来了。
最后,根据线控刹车系统的功能需求,为集群中的节点划分了相应的时隙。然后为每个节点设定了MEDL参数,这些参数主要是和时域相关的,如时隙的长度、TDMA周期的长度以及各个计时器超时等,另外还确定了系统的模态和各个节点的时钟偏移量。为了增强系统的可维护性,各个节点的MEDL是以文件的形式存放的,存放形式要遵循一定的规则。C-SIM函数库具有简单、速度快、可移植性和可重用性好等优点,因此使用它为集群模型建立了以下线程:信道线程、控制器线程、计时器线程、总线保护器线程和主机线程。最后用C++Builder实现了仿真软件的界面开发,为了方便观察系统的运行情况,界面中含有成员关系向量、空帧向量和本地时钟的偏移指示;为了达到直观的效果,各个节点和总线保护器的不同状态用不同的颜色加以表示;为了简单的检验一下刹车系统的可靠性,设置了可以直接把某个或多个节点关闭复选框。如上所述,完成了对整个线控刹车系统的仿真。
目前,国产汽车距网络化还有一定距离,通过本文的工作,希望对我国汽车网络应用提供有意义的参考价值。
Along with the technical development in human science, the automotive brake system develops from the mechanical and fluid drive to the electronic control. But the increment of the electric appliances in the vehicle makes the wiring harness occupy too much the automotive room, making it difficult to assemble and maintain, increasing the whole vehicle costs, hindering the dependability. With the information technology developing more and more deeply, the vehicle network becomes the inevitable tendency.
The development of the vehicle network changes the automotive control methods revolutionarily. Currently, several automotive manufacturers invest a lot of funds to develop the X-by-wire technique based on the vehicle network, and in the future, this will be an important technique in vehicles. This kind of system comes from the airplane control system, but the maturity of the technique and the descent of the cost lead to the vehicle application at last, becoming drive-by-wire, applying to the brake system is brake-by-wire.
In this article, after presenting the kinds and the development process of the vehicle network, as well as comparing several kinds of the vehicle network function, the TTP/C protocol is used as the network the brake-by-wire system is based on. In whole design and implementation process, the main work is as following:
First, the TTP/C is analyzed briefly. TTP/C protocol network is composed of nodes and two channels that are redundant with each other, and the CNI and MEDL in the nodes is the most important part. The protocol also can be divided into several different logical levels; these levels are functions of the TTP/C controller. There are two kinds of frames defined in the protocol: the initialization frame and the normal frame. The frames are transmitted in the TDMA mode. All nodes, according to different circumstances, can operate in several modes, therefore the data delivered in the normal frame may be different, the information is stored in the MEDL. The construction makes TTP/C protocol to have the better performance in the dependablity. The protocol uses the bus guardian to protect the communication channel from babbling-idiot failure thoroughly, which is unavoidable in the event triggered protocol, combining the membership algorithm, the failure in the value domain and the time domain can be detected in onr TDMA round. These characters make this network protocol suite to apply to the system requesting very high dependablity.
In the next place, the function of the protocol is cut, and the model is implemented, but it does not affect the brake-by-wire simulating system. The data structure, algorithm and bus guardian are all simulating objects.
To the constant parameters in the data structure, some are defined in the protocol, the others are needed to be set up, such as the speed of the channel transmission and the length in the frame data area etc. The CNI data structure includes the state area, the control area and the message area. Because the whole data structure is very complicated, so it is wise first to define each fields of the area, then to synthesize in each area inside, and finally to become the CNI data structure. In defining the cut fields, some are defined but not to be used, the others are not defined at all. For the data structure in the MEDL, the irrelevant parameter are not defined at all; some data structures of the mode address entrance have not been given, in this model, these parameters are added to the entrance.
To realize membership algorithm, the state machine is established in the model. For the bus guardian, the state machine is also used to realize the simulation.
The physical channel is designed to be a bus format; this means that each node has its own bus guardian. Because of no code and decode function and clock drift since the bus is only a data structure, the virtual clock drift is needed to be set to realize clock synchronization algorithm.
Thirdly, it is time to design the brake system. The pedal node is designed to be redundant; two pedal nodes are
引文
[1] 秦贵和. 车上网络技术. 北京:机械工业出版社. 2003.6
[2] 秦贵和. 汽车网络与线控技术. 中国汽车工程学会汽车电子技术分会论文集(第五届年会 ). 2002.12
[3] 秦贵和, 葛安林, 李柱张, 洪先基.汽车网络技术. 汽车工程. 2003年02期
[4] 罗峰. 汽车网络技术及其发展趋势. 中国汽车工程学会汽车电子技术分会论文集(第五届年会). 2002.12
[5] 秦贵和. 媒体设备连接网络协议MOST. 计算机应用. 2003年S1期
[6] Borland/Inprise公司. C++ Builder 5开发人员指南.北京:机械工业出版社.2000.10
[7] 朱正茂. Borland C++ Builder 5实用编程技术. 北京:中国水利水电出版社. 2001
[8] TTTech Computertechnik AG, Vienna. TTT/C Protocol - Specification of the protocol, v. 1.0 of 1. Feb.1999
[9] TTTech Computertechnik AG, Vienna.TTT/C Protocol - C2 Communication Controller Preliminary Data Sheet Rev.1.6. May 2002
[10] H. Kopetz. A Comparison of TTP/C and FlexRay.TU Wien Research Report.May 2001
[11] Ross Bannatyne. Building Fault-Tolerant Embedded Systems Using TPP/C. Electronics Engineer. November 1999
[12] H. Pfeifer, D. Schwier, F. W. von Henke. Formal Verification for Time-Triggered Clock Synchronization. Dependable Computing for Critical Applications,volume 12 of Dependable Computing and Fault-Tolerant Systems, IEEE Computer Society. January 1999
[13]Temple C. Avoiding the Babbling-Idiot Failure in a Time-Triggered Communication System. Fault Tolerant Comp. Symp. FTCS 28.IEEE Press. 2000
[14] G. Bauer and M. Paulitsch. An Investigation of Membership and Clique Avoidance in TTP/C. In Proceedings 19th IEEE Symposium on Reliable Distributed Systems. October 2000.
[15] Bosch. CAN Specification Ver.2.2. Sept.1991
[16] LIN Consortium.LIN Specification Ver.1.2. Jun.2000
[17] MOST Cooperation.MOST Specification Ver.2.1. Feb.2001
[18] Ralf Belschner.FlexRay Requirements Specification Ver. 2.0.2. April.2002
[19] Paul Hansen. BMW and Mercedes Choose FlexRay .The Hansen Report on Automotive electronics. Jan.2001
[20] H. Pfeifer. Formal Verification of the TTP Group Membership Algorithm.Pisa, Italy, Kluwer Academic Publishers. FORTE/PSTV. 2000
[21] J.Rushby. Formal Verification of Group Membership for the Time-Triggered Architecture. Menlo Park, Cal, SRI International: 41.1998
[22] Stefan Poledna. The Time-Triggered Communication Protocol TTP/C. Real-Time Magazine. 1998.4
[23] B.Hedenetz,R. Belschner. Brake-by-wire without Mechanical Backup by Using a TTP-Communication Network. SAE International Congress and Exhibition. 1998
[24] Ross Bannatyne. Building Fault-Tolerant Embedded Systems Using TTP/C. Electronics Engineer. November 1999
[25] Paul Hansen. X-by-Wire Communication Protocol:Possible FlexRay and TTP Merger. The Hansen Report on Automotive Electronics. May 2001
[26] H.Kopetz. a distributed real-time architecture .TU Wien Research Report. May 2001
[27] Reinhard Maier,Georg St?ger,Stefan Poledna,Günther Bauer. Time-Triggered Society Architecture: A Consistent Computing Platform, the IEEE Computer. September.2002
[28] H.Kopetz, G.Bauer, S.Poledna. Tolerating Arbitrary Node Failures in the Time-Triggered Architecture. SAE 2001 World Congress. March 2001
[29] Petr Grillinger. Simulation Verification of Fault-Tolerant Brake-by-Wire System. Industrial Simulation Conference.2003
[30] Astrit Ademaj. Slightly-Off-Specification Failures in the Time-Triggered Architecture. Seventh Annual IEEE International Workshop on High Level Design Validation and Test. October 2002
[31] Astrit Ademaj. Achieving Fail Silence in the Time-Triggered Architecture 6th IEEE Int. Workshop on Design and Diagnostics of Electronics Circuits and Systems (DDECS'03) Apr.2003
[32] Raimund Kirner, Peter Puschner. Timing Analysis of Optimised Code. 8th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems. 2003
[33] Stefan Poledna , Th. Mocken , J. Schiemann , Th. Beck.ERCOS: An Operating System for Automotive Applications. Research Report. 1996
[34] Johannes Reisinger, Andreas Steininger. The Design of a Fail-Silent Processing Node for the Predictable Hard Real-Time System MARS. Distributed Systems Engineering Journal. 1994.5
[35] Hermann Kopetz, Johannes Reisinger. NBW: A Non-Blocking Write Protocol for Task Communication in Real-Time Systems.Proceedings of the 14th Real-Time Systems Symposium. 1993.7
[36] Peter Puschner, Christian Koza. Calculating the Maximum Execution Time of Real-Time Programs.Journal of Real-Time Systems. Sep.1989
[37] Peter Puschner. An Assessment of Task Execution Time Analysis. 10th IFAC Workshop on Distributed Computer Control Systems. Sep.1991.
[38] Hermann Kopetz. Fault Management in the Time Triggered Protocol (TTP). Euromicro 1994.IEEE Press.1994.
[39] Hermann Kopetz, Roman Nossal ,Roman Pallierer, Christopher Temple, Markus Krug .Mode Handling in the Time-Triggered Architecture .IFAC DCCS 97. June 1997
[40] Hermann Kopetz. The Time-Triggered Architecture. ISORC '98. April 1998
[41] Roman Nossal, Peter Puschner. Configurable Time-Redundant Task Execution for Fault-Tolerant Real-Time Systems.Proc. 15th IFAC Workshop on Distributed Computer Control Systems. Sep.1998
[42] S.Racek, J.Hlavicka. C-SIM - the c language enhancement for discrete-time simulation.In Proceedings of DSN/IPDS2. June 2002
[43] Thomas Galla, Roman Pallierer.Cluster Simulation -- Support for Distributed Development of Hard Real-Time Systems using TDMA-Based Communication. 11th Euromicro Conference on Real-Time Systems. Jun.1999
[44] Hermann Kopetz, Roman Nossal.Temporal Firewalls in Large Distributed Real-Time Systems. 6th IEEE Computer Society Workshop on Future Trends of Distributed Computing Systems. 1997.7
[45] Hermann Kopetz. Composability in the Time-Triggered Architecture. SAE International Congress and Exhibition. March 2000
[46] G.Bauer, Hermann Kopetz.Transparent Redundancy in the Time-Triggered Architecture.ICDSN 2000. Jun.2000.
[47] Christopher Temple. Identifying Bus Failures in a Time-Triggered Communication System Containing Redundant Communication Channels.The 2000 International Conference on Communications in Computing. June 2000
[48] G.Bauer, Thomas Frenning, Anna-Karin Jonsson, Hermann Kopetz, Christopher Temple. A Centralized Approach for Avoiding the Babbling-Idiot Failure in the Time-Triggered Architecture.ICDSN 2000. Jun.2000
[49] Hermann Kopetz, Wilfried Elmenreich, Christoph Mack.A Comparison of LIN and TTP/A. 3rd IEEE International Workshop on Factory Communication Systems. September 2000.
[50] G.Bauer, Hermann Kopetz, Peter Puschner. Assumption Coverage under Different Failure Modes in the Time-Triggered Architecture.8th IEEE International Conference on Emerging Technologies and Factory Automation. October 2001
[51] J. Aidemark, J. Vinter, P. Folkesson, J. Karlsson. Experimental Evaluation of Time-redundant Execution for a Brake-by-wire Application, in Proc. International Conference on Dependable Systems and Networks. June 2002
[52] Sara Blanc, Astrit Ademaj, Hakan Sivencrona, Pedro Gil, Jan Torin. Three Different Fault Injection Techniques Combined to Improve the Detection Efficiency for Time-Triggered Systems. Design & Diagnostic of Electronic Circuits and Systems. Apr.2002
[53] E. Dilger, T. Fuhrer, B. Muller. The X-By-Wire Concept: Time Triggered Information Exchange and Fail Silence Support by new System Services. SAE. 1997
[54] H. Kopetzet. A Synchronization Strategy for a TTP/C Controller.In Application of MultiplexingTechnology. Society of Automotive Engineers. 1996.
[55] P.Grillinger, Racek S. Transient faults robustness evaluation of safety critical system using simulation. In Proceedings of Baltic Electronics Conference.Oct. 2002
[56] H.Kopetz. A Comparison of CAN and TTP.Proceedings of the IFAC Distributed Computer Systems Workshop. 1998
[57] H.Kopetz, J.Reisinger. The Non-Blocking Write Protocol NBW: A Solution to a Real-Time Synchronisation Problem. Proc.14th Real-Time Systems Symposium, Raleigh-Durham. 1993
[58] P.Grillinger. Simulation Verification of Fault-Tolerant Brake-by-Wire System. ISC. 2003
[59] P.Grillinger. Simulation Model of TTP/C Protocol. 23th International Autumn Colloquium ASIS 2001 - Advanced Simulation of Systems. Sept.2001
[60] P.Grillinger. Simulation Tool for Functional Verification of TTP/C Based Systems. ESS. 2003
[2] 秦贵和. 汽车网络与线控技术. 中国汽车工程学会汽车电子技术分会论文集(第五届年会 ). 2002.12
[3] 秦贵和, 葛安林, 李柱张, 洪先基.汽车网络技术. 汽车工程. 2003年02期
[4] 罗峰. 汽车网络技术及其发展趋势. 中国汽车工程学会汽车电子技术分会论文集(第五届年会). 2002.12
[5] 秦贵和. 媒体设备连接网络协议MOST. 计算机应用. 2003年S1期
[6] Borland/Inprise公司. C++ Builder 5开发人员指南.北京:机械工业出版社.2000.10
[7] 朱正茂. Borland C++ Builder 5实用编程技术. 北京:中国水利水电出版社. 2001
[8] TTTech Computertechnik AG, Vienna. TTT/C Protocol - Specification of the protocol, v. 1.0 of 1. Feb.1999
[9] TTTech Computertechnik AG, Vienna.TTT/C Protocol - C2 Communication Controller Preliminary Data Sheet Rev.1.6. May 2002
[10] H. Kopetz. A Comparison of TTP/C and FlexRay.TU Wien Research Report.May 2001
[11] Ross Bannatyne. Building Fault-Tolerant Embedded Systems Using TPP/C. Electronics Engineer. November 1999
[12] H. Pfeifer, D. Schwier, F. W. von Henke. Formal Verification for Time-Triggered Clock Synchronization. Dependable Computing for Critical Applications,volume 12 of Dependable Computing and Fault-Tolerant Systems, IEEE Computer Society. January 1999
[13]Temple C. Avoiding the Babbling-Idiot Failure in a Time-Triggered Communication System. Fault Tolerant Comp. Symp. FTCS 28.IEEE Press. 2000
[14] G. Bauer and M. Paulitsch. An Investigation of Membership and Clique Avoidance in TTP/C. In Proceedings 19th IEEE Symposium on Reliable Distributed Systems. October 2000.
[15] Bosch. CAN Specification Ver.2.2. Sept.1991
[16] LIN Consortium.LIN Specification Ver.1.2. Jun.2000
[17] MOST Cooperation.MOST Specification Ver.2.1. Feb.2001
[18] Ralf Belschner.FlexRay Requirements Specification Ver. 2.0.2. April.2002
[19] Paul Hansen. BMW and Mercedes Choose FlexRay .The Hansen Report on Automotive electronics. Jan.2001
[20] H. Pfeifer. Formal Verification of the TTP Group Membership Algorithm.Pisa, Italy, Kluwer Academic Publishers. FORTE/PSTV. 2000
[21] J.Rushby. Formal Verification of Group Membership for the Time-Triggered Architecture. Menlo Park, Cal, SRI International: 41.1998
[22] Stefan Poledna. The Time-Triggered Communication Protocol TTP/C. Real-Time Magazine. 1998.4
[23] B.Hedenetz,R. Belschner. Brake-by-wire without Mechanical Backup by Using a TTP-Communication Network. SAE International Congress and Exhibition. 1998
[24] Ross Bannatyne. Building Fault-Tolerant Embedded Systems Using TTP/C. Electronics Engineer. November 1999
[25] Paul Hansen. X-by-Wire Communication Protocol:Possible FlexRay and TTP Merger. The Hansen Report on Automotive Electronics. May 2001
[26] H.Kopetz. a distributed real-time architecture .TU Wien Research Report. May 2001
[27] Reinhard Maier,Georg St?ger,Stefan Poledna,Günther Bauer. Time-Triggered Society Architecture: A Consistent Computing Platform, the IEEE Computer. September.2002
[28] H.Kopetz, G.Bauer, S.Poledna. Tolerating Arbitrary Node Failures in the Time-Triggered Architecture. SAE 2001 World Congress. March 2001
[29] Petr Grillinger. Simulation Verification of Fault-Tolerant Brake-by-Wire System. Industrial Simulation Conference.2003
[30] Astrit Ademaj. Slightly-Off-Specification Failures in the Time-Triggered Architecture. Seventh Annual IEEE International Workshop on High Level Design Validation and Test. October 2002
[31] Astrit Ademaj. Achieving Fail Silence in the Time-Triggered Architecture 6th IEEE Int. Workshop on Design and Diagnostics of Electronics Circuits and Systems (DDECS'03) Apr.2003
[32] Raimund Kirner, Peter Puschner. Timing Analysis of Optimised Code. 8th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems. 2003
[33] Stefan Poledna , Th. Mocken , J. Schiemann , Th. Beck.ERCOS: An Operating System for Automotive Applications. Research Report. 1996
[34] Johannes Reisinger, Andreas Steininger. The Design of a Fail-Silent Processing Node for the Predictable Hard Real-Time System MARS. Distributed Systems Engineering Journal. 1994.5
[35] Hermann Kopetz, Johannes Reisinger. NBW: A Non-Blocking Write Protocol for Task Communication in Real-Time Systems.Proceedings of the 14th Real-Time Systems Symposium. 1993.7
[36] Peter Puschner, Christian Koza. Calculating the Maximum Execution Time of Real-Time Programs.Journal of Real-Time Systems. Sep.1989
[37] Peter Puschner. An Assessment of Task Execution Time Analysis. 10th IFAC Workshop on Distributed Computer Control Systems. Sep.1991.
[38] Hermann Kopetz. Fault Management in the Time Triggered Protocol (TTP). Euromicro 1994.IEEE Press.1994.
[39] Hermann Kopetz, Roman Nossal ,Roman Pallierer, Christopher Temple, Markus Krug .Mode Handling in the Time-Triggered Architecture .IFAC DCCS 97. June 1997
[40] Hermann Kopetz. The Time-Triggered Architecture. ISORC '98. April 1998
[41] Roman Nossal, Peter Puschner. Configurable Time-Redundant Task Execution for Fault-Tolerant Real-Time Systems.Proc. 15th IFAC Workshop on Distributed Computer Control Systems. Sep.1998
[42] S.Racek, J.Hlavicka. C-SIM - the c language enhancement for discrete-time simulation.In Proceedings of DSN/IPDS2. June 2002
[43] Thomas Galla, Roman Pallierer.Cluster Simulation -- Support for Distributed Development of Hard Real-Time Systems using TDMA-Based Communication. 11th Euromicro Conference on Real-Time Systems. Jun.1999
[44] Hermann Kopetz, Roman Nossal.Temporal Firewalls in Large Distributed Real-Time Systems. 6th IEEE Computer Society Workshop on Future Trends of Distributed Computing Systems. 1997.7
[45] Hermann Kopetz. Composability in the Time-Triggered Architecture. SAE International Congress and Exhibition. March 2000
[46] G.Bauer, Hermann Kopetz.Transparent Redundancy in the Time-Triggered Architecture.ICDSN 2000. Jun.2000.
[47] Christopher Temple. Identifying Bus Failures in a Time-Triggered Communication System Containing Redundant Communication Channels.The 2000 International Conference on Communications in Computing. June 2000
[48] G.Bauer, Thomas Frenning, Anna-Karin Jonsson, Hermann Kopetz, Christopher Temple. A Centralized Approach for Avoiding the Babbling-Idiot Failure in the Time-Triggered Architecture.ICDSN 2000. Jun.2000
[49] Hermann Kopetz, Wilfried Elmenreich, Christoph Mack.A Comparison of LIN and TTP/A. 3rd IEEE International Workshop on Factory Communication Systems. September 2000.
[50] G.Bauer, Hermann Kopetz, Peter Puschner. Assumption Coverage under Different Failure Modes in the Time-Triggered Architecture.8th IEEE International Conference on Emerging Technologies and Factory Automation. October 2001
[51] J. Aidemark, J. Vinter, P. Folkesson, J. Karlsson. Experimental Evaluation of Time-redundant Execution for a Brake-by-wire Application, in Proc. International Conference on Dependable Systems and Networks. June 2002
[52] Sara Blanc, Astrit Ademaj, Hakan Sivencrona, Pedro Gil, Jan Torin. Three Different Fault Injection Techniques Combined to Improve the Detection Efficiency for Time-Triggered Systems. Design & Diagnostic of Electronic Circuits and Systems. Apr.2002
[53] E. Dilger, T. Fuhrer, B. Muller. The X-By-Wire Concept: Time Triggered Information Exchange and Fail Silence Support by new System Services. SAE. 1997
[54] H. Kopetzet. A Synchronization Strategy for a TTP/C Controller.In Application of MultiplexingTechnology. Society of Automotive Engineers. 1996.
[55] P.Grillinger, Racek S. Transient faults robustness evaluation of safety critical system using simulation. In Proceedings of Baltic Electronics Conference.Oct. 2002
[56] H.Kopetz. A Comparison of CAN and TTP.Proceedings of the IFAC Distributed Computer Systems Workshop. 1998
[57] H.Kopetz, J.Reisinger. The Non-Blocking Write Protocol NBW: A Solution to a Real-Time Synchronisation Problem. Proc.14th Real-Time Systems Symposium, Raleigh-Durham. 1993
[58] P.Grillinger. Simulation Verification of Fault-Tolerant Brake-by-Wire System. ISC. 2003
[59] P.Grillinger. Simulation Model of TTP/C Protocol. 23th International Autumn Colloquium ASIS 2001 - Advanced Simulation of Systems. Sept.2001
[60] P.Grillinger. Simulation Tool for Functional Verification of TTP/C Based Systems. ESS. 2003