Assessment of FTT-CAN Master Replication Mechanisms for Safety-Critical Applications

The operational flexibility of distributed embedded systems is receiving growing attention because it is required to support on-line adaptation to varying operational conditions, either due to changes in the environment or to faults in the system. However, flexibility makes dependability more difficult to achieve, because there is less a priori knowledge. One protocol that favors flexibility and is widely used in embedded systems, particularly in automotive and robotic systems, is CAN, but some claim that it is not adequate to support safety-critical applications. We argue that CAN, deployed with an adequate overlay protocol, can provide the required support for dependability and flexibility. One such overlying protocol is Flexible Time-Triggered CAN (FTTCAN), that enforces a global notion of time and a global periodic schedule by means of specific messages issued by a master node. In this paper we assess the FTT-CAN master replication mechanisms implemented in a distributed robot control system. Above all, we provide experimental results that show the robustness of such mechanisms.