On the dependability and flexibility of CAN and CAN-based protocols J. Ferreira 1 , L. Almeida 2 , J. Fonseca 2 , P. Pedreiras 2 , M. Santos 3 1 DETI, Escola Superior de Tecnologia de Castelo Branco, Portugal 2 DET-IEETA, Universidade de Aveiro, Portugal 3 Centro Universitátio do Leste de Minas Gerais, Brasil jjf@est.ipcb.pt, {lda, jaf, pedreiras}@det.ua.pt, maxmauro@unilestemg.br Abstract. CAN is nowadays a mature and popular protocol with a large installed base in different application fields, ranging from automotive systems to medical and factory au- tomation. However there have been some concerns about its ability to cope with dependable and more bandwidth demanding applications. This has lead to the development of some CAN related protocols aimed to eliminate some of native CAN impairments to dependability while maintaining unchanged its bandwidth, due to physical limitations. Among the emerg- ing CAN-based protocols, TTCAN, TCAN and FTT-CAN deserve special attention and will briefly described and compared in terms of dependability and flexibility. 1. Introduction Distributed embedded systems (DES) have been widely used in the last few decades in several ap- plication fields, ranging from industrial machinery to avionics and automotive systems. Controller Area Network (CAN) is often adopted in DES to interconnect different sub-systems. In some of these application domains the dependability requirements are of utmost importance, since failing to provide services in a timely and predictable manner may cause important economic losses or even put human life in risk. Controller Area Network (CAN) is a popular and very well-known bus system, both in academia and in industry, initially targeted to automotive applications as a single digital bus to replace the wiring harnesses that were growing in complexity, weight and cost with the advent of new electrical and elec- tronic subsystems in vehicles. The widespread and successful use of CAN in the automotive industry, the low cost associated with high volume production of controllers and CAN’s inherent technical merit, have driven to CAN adoption in other application domains such as: industrial communications, medical equipment, machine tools and robotics. The large installed base of CAN nodes (over 10 9 ) with low failure rates over almost two decades, lead to the use of CAN in some critical applications such as Anti-Locking Brake System (ABS) and Electronic Stability Program (ESP) in cars. In parallel with the wide dissemination of CAN in industry, the academia also devoted a large effort to CAN analysis and research, making CAN one the must studied fieldbuses. The large scale adoption of CAN in safety-critical applications is still, however, an open issue with some arguing that it is not suitable [9] while others argue that it may be adopted in some applications if some precautions are adopted [2] [11]. The former ones come mostly from the dependable systems community where there the dogma of fixed time-triggered communication schedules prevails. It is clear that the a priori knowledge of the communication schedule favors error detection and simplifies the fault-tolerance mechanisms and the certification process, however those in favor of CAN argue that CAN inherent flexibility can help reacting to transient overloads (e.g., due to electromagnetic interference), also that CAN may still accommodate some kind of time-triggered behavior and finally that CAN has proved, over the years, its merits with low failure rates. Over the years, several CAN-based protocols were presented that take advantage of some CAN properties to improve its fault tolerance features. This paper focuses on 3 specific protocols (TCAN, FTT-CAN and TTCAN) that are particularly relevant with respect to the combination of dependability with flexibility.