J1939 & Functional Safety
trait de séparation
Reading time: 5 minutes
Commercial road vehicles, off-road vehicles, and construction machinery often use application layers based on SAE J1939. To meet the growing demand for functional safety, the SAE developed dedicated protocols for both CAN CC (classic) and CAN FD: J1939-76 and J1939-77, respectively.
J1939-76 and J1939-77
This article addresses the two SAE J1939 standards for functionally safe communications over CAN CC (SAE J1939-76) and CAN FD (SAE J1939-77).
- For SAE J1939-76, it describes the pairing approach of the Safety Header Message (SHM) and Safety Data Message (SDM) used to communicate safety data from a safety-producing application to a safety-consuming application. Additionally, it outlines the features of the original version published in 2020 and lists the shortcomings of that version. Finally, it details the features of the revised version under development, which addresses these gaps.
- For SAE J1939-77, the article explains how the space allocated for functional safety assurance information in the Multi-PG and FD Transport protocols is used to communicate safety data from a safety-producing application to a safety-consuming application. It also describes the three profiles under development, tailored to different systemic needs while meeting functional safety requirements.
IEC 61784-3: Communication Principles Relevant to Safety
The IEC 61784-3 standard defines various types of communication errors that may occur:
- Corruption: Unexpected and undesirable transformation of a message.
- Unintentional repetition: Unexpected and undesirable repetition of a message.
- Incorrect sequence: Communication of messages in the wrong order.
- Loss: Failure to receive a transmitted message.
- Unacceptable delay: Receipt of a message outside the allowed time window.
- Insertion: Receipt of a message from an unexpected or unknown source.
- Masquerading: Unintentional processing of a message from an insecure source as though it came from a secure source.
- Addressing: Delivery of a message to the wrong recipient.
Safety measures are defined to detect such errors in order to achieve the desired functional safety level:
- Sequence numbers: Identify the position of a message relative to others in the same stream.
- Time waits: Monitoring the time interval between consecutive messages.
- Connection authentication: Unique identifiers for security-linked participants.
- Data integrity assurance: Adding redundant data to detect corruption.
- Redundancy with cross-checking: Communicating safety data in separate instances.
Ces articles peuvent vous intéresser
What is a protocol gateway?
This article explains why protocol gateways are necessary, how they work and their benefits.
ISIT CANopen stack on STM32
Read the article published by our partner STMicroelectronics.
