A safety-critical cyber-physical system (CPS) is a system that will not endanger human life or the environment, or is intended to prevent such harm. Many safety-critical systems are also real-time, where the correctness depends, in addition to the validity of results, on the time instance at which they are produced. This thesis addresses safety-related distributed CPSes, interconnected using the communication protocol colloquially known as Time-Sensitive Networking (TSN). Ethernet, although is low cost and has high speeds, is known to be unsuitable for real-time and safety-critical applications. Therefore, standards such as TSN have been proposed to extend switched Ethernet in order to guarantee reliable and time-predictable communication. In a TSN-based network, the interacting nodes, known also as End Systems (ESes), are interconnected by full-duplex physical links and network switches. The data in TSN is exchanged via streams. TSN is highly suitable for applications of diﬀerent safety-criticality levels (highly critical, mission critical, non-critical), as it oﬀers several traﬃc types, such as Time-Triggered (TT) and Audio-Video Bridging (AVB) traﬃc types. TT has the highest priority and is sent based on schedule tables, called Gate Control Lists (GCLs). By synthesizing carefully the GCLs, TT messages can have low end-to-end latency and low jitter. AVB is an asynchronous traﬃc type that is intended for applications that require bounded end-to-end latencies, but has a lower priority than TT traﬃc. Regarding dependability, we assume that the engineer will specify for each application, depending on its criticality, the required redundancy level. This translates, at network topology level, into requirements for redundant disjoint routes between the devices involved in the communication. In this context, we focus on synthesizing a low-cost fault-tolerant network architecture, which can guarantee the safety and real-time requirements of the applications. We also solve the problem of routing disjoint redundant streams on the synthesized architecture. Similar to the debate in real-time systems between time-triggered and event triggered implementations there is no agreement on the appropriate traﬃc type for the messages of mixed-criticality applications (e.g., TT or AVB). Hence, we have also addressed the problem of traﬃc type assignment for mixed-criticality messages in TSN. We decide, for each message, if it should use the TT or AVB traﬃc type, such that the hard real-time messages meet their deadlines and soft real-time messages maximize their quality-of-service. Although researchers have started to propose approaches for the routing and scheduling (i.e., GCL synthesis) of TT traﬃc, all previous research has ignored lower priority real-time traﬃc such as AVB, resulting in TT conﬁgurations that may increase the worst-case delays of AVB traﬃc, rendering it unschedulable. Hence, we have also proposed a joint routing and scheduling approach for TT traﬃc, which takes into account the AVB traﬃc, such that both TT and the AVB traﬃc are schedulable. The work in this thesis has been implemented as software tools, which have been extensively evaluated on a large number of synthetic as well as realistic test cases.
|Number of pages||140|
|Publication status||Published - 2018|
|Series||DTU Compute PHD-2018|