Design of CAN interface circuit based on STM32F105 microcontroller

Controller Area Network (Controller Area Network, CAN) is a multi-master serial communication bus. The CAN bus has a high bit rate, strong resistance to electromagnetic interference, and a complete error detection mechanism. It is widely used in the automotive, manufacturing, and aerospace industries. Due to the extremely harsh environment of the ship’s engine room, and the maintenance conditions of the ship during navigation are not as good as those on land, the reliability of CAN communication is very high, and dual CAN redundant buses are adopted to improve communication reliability.

Controller Area Network (Controller Area Network, CAN) is a multi-master serial communication bus. The CAN bus has a high bit rate, strong resistance to electromagnetic interference, and a complete error detection mechanism. It is widely used in the automotive, manufacturing, and aerospace industries. Due to the extremely harsh environment of the ship’s engine room, and the maintenance conditions of the ship during navigation are not as good as those on land, the reliability of CAN communication is very high, and dual CAN redundant buses are adopted to improve communication reliability.

1 Hardware platform composition

STM32F105 is a 32-bit microcontroller based on the ARM Cortex-M3 core introduced by ST Microelectronics. Its core is specifically designed to meet the requirements of the embedded field of high-performance, low-power, real-time applications. Thanks to the Thumb-2 instruction set, STM32 can run up to 35% faster than ARM7 microcontrollers and save up to 45% in code. The higher main frequency and code execution efficiency enable the system to run the bus redundancy algorithm while transmitting and receiving CAN bus data. The STM32F105 microcontroller integrates two independent CAN controllers. The controller is integrated inside the chip, which avoids the interference caused by the expansion of the bus, and simplifies the circuit design and reduces the cost.

The system uses two completely independent CAN buses, two CAN bus transceivers and bus controllers to achieve full redundancy of the physical layer and data link layer. During the initialization, the two controllers are activated at the same time, one as the master CAN and the other as the slave CAN, which is the backup of the master controller. During normal operation, data is sent first through the master CAN; when the master CAN bus is busy, the slave CAN bus shares part of the communication traffic; when the master CAN bus fails, the data is transferred to the slave CAN controller for transmission, and vice versa. When any bus fails, the data can be transmitted via the other bus. When both buses are normal, the two buses are used for simultaneous transmission, which increases the communication bandwidth by about 1 times, which improves the reliability of the communication while at the same time. real-time.

The CAN bus interface circuit design is shown in Figure 1. Using T JA1050 as the bus transceiver, it completes the level conversion and differential transmission and reception between the CAN controller and the physical bus. Although TJA1050 itself has certain protection capabilities, it still adopts certain safety and anti-jamming measures for its interface with the bus. Two small 10pF capacitors are connected in parallel between CANH and CANL of TJA1050 and the ground, which can filter out the high voltage on the bus. Frequency interference; In addition, in order to enhance the anti-interference ability of CAN bus nodes, a transient suppression diode is connected between the bus input and the ground. When transient interference occurs between the two inputs and the ground, the transceiver input voltage Clamped in a safe range.

In order to prevent node damage caused by bus overvoltage, the data transceiver pins of the STM32F105 built-in CAN controller are not directly connected to the TJA1050, and the signal isolation transmission is realized through the ADuM1201 magnetic isolator. Compared with traditional optocoupler isolation, magnetic isolation simplifies the design of the isolation circuit, and the power consumption of the magnetic isolation chip is very low, which is about 1/10 of that of optocoupler isolation. In addition to isolating CAN data signals, the power and ground used by TJA1050T must also be completely isolated from the system. The switching power supply module IB0505LS with 5V isolated output provides isolated power. Due to the high data transmission rate of the CAN bus, in order to improve the signal quality, the network topology should be designed as a single-wire structure as far as possible to avoid signal reflection, and the terminal should be connected with a matching resistance of about 120 ohms.
  

Design of CAN interface circuit based on STM32F105 microcontroller

Figure 1 CAN interface circuit design

2 Software design

The data link layer and part of the physical layer defined by the CAN protocol specification are not complete. Dual CAN redundancy applications need to implement bus status monitoring, network fault diagnosis and identification, which must be achieved by adding software redundancy modules. The redundancy module is called in the main loop of the program, and the transceiver channel is switched according to different bus error states. CAN bus error status is divided into 3 categories: error activation, error recognition, and bus shutdown. When the bus is working normally, it is in an error active state. After the controller detects an error, the value of the send/receive error counter is incremented. When the value is greater than 127, it enters the error recognition, and when the value is greater than 255, the bus is closed. The CAN bus error detection module reads the error The status register is used as a test condition for bus failures. When the error status changes, the redundancy algorithm is called to perform the bus switching operation.

Through actual debugging, it is found that a transmission error occurs when the bus connection is disconnected and only one node continuously sends messages, the controller enters the error recognition state, but does not enter the bus off state; other errors all increase the error counter and enter the error recognition state in turn , The bus is closed, the latter two states indicate that the bus is severely disturbed, and corresponding measures need to be taken. In order to simplify the control logic design, wrong recognition and bus shutdown are combined as bus faults.

The redundancy algorithm uses a state machine to switch the transmission mode, and selects the bus used for transmission according to different bus failures. The state switching flow chart is shown in Figure 2. The program first reads the error status register to obtain the bus error status and judges whether the current bus is in the error activation mode. If a bus failure is detected, the program sets the corresponding flag to indicate the error to other program modules. In order to improve the efficiency of message sending, the sending program writes multiple messages into the sending mailbox at a time and automatically sends it by hardware control. When switching the bus, the messages in the sending mailbox of the faulty bus must be read back first, and sent first through the backup bus. This mechanism ensures that the message will not be lost due to bus switching. The controller sends a test message with an empty data field to the faulty bus. Every time a message is successfully sent, the value of the bus transmission error counter is decremented until its value is less than 128. The bus returns to the error passive state; redundant program reads every certain time Take the error status register and check whether the faulty bus is back to normal.

In the 2-bus simultaneous transmission mode, the sending program is written into the mailbox of Bus 1 first. When the mailbox of Bus 1 is full, it is written into the mailbox of Bus 2. As messages are sent according to priority arbitration, if a certain way of sending mailbox is often empty, it means that this way The bus communication traffic is small, and the sending program transfers more messages to the idle bus for transmission, so as to achieve message load balancing.
  

Design of CAN interface circuit based on STM32F105 microcontroller

Figure 2 Bus state switching flow chart.

3 Reliability analysis and testing of dual bus redundancy

Quantitative analysis of the reliability of the dual CAN redundancy system, introducing the concept of Mean Time To Fa ilure (MTTF). MTTF describes the time interval from when a system starts to work to when it fails, that is, the average life span. In order to simplify the analysis, the following assumptions are made: The failure rate of each CAN bus is the same; the damage of the CAN bus is physical damage, that is, irreparable damage. The exponential distribution can be used to describe the life of Electronic components. Assuming that the life distribution of the CAN bus obeys the exponential distribution, the reliability model of the CAN bus is shown in Figure 3.
 

Design of CAN interface circuit based on STM32F105 microcontroller

Figure 3 CAN bus reliability model diagram

Model 1 is a single bus reliability model, because the bus life obeys an exponential distribution, according to the single CAN bus failure-free running time MTTF1 = 1 /λ. Model 2 is a dual CAN bus redundancy reliability model. The system is composed of two independent buses in parallel, that is, the system communication will fail only when both of these two buses fail, so the average life span of the system MTTF2 = 3 /2. The use of two-wire redundancy design increases the mean time between failures of CAN communication by 50%.

Another key indicator of the two-wire CAN redundancy system is the bus switching time, which is equal to the sum of the time required to detect errors and the time required to process the failure of the bus to send messages. The shorter the switching time, the bus failure will cause message transmission. The smaller the delay. The time required to detect the error, that is, the time from the occurrence of the bus error to the detection by the redundant program. Taking the bus disconnection fault as an example, the transmitter generates an acknowledgment error every time a message is sent, and the error counter is incremented by 8 each time, and 16 consecutive transmissions are required, so that the error counter value reaches 128 to cause a bus switch. In the case of a bit rate of 125kbps, a message with a maximum length of 128 bits is sent. If the controller retransmission interval time is ignored, the response time from the occurrence of the fault to the detection is:

Design of CAN interface circuit based on STM32F105 microcontroller

In order to avoid losing messages during bus switching, the redundancy algorithm needs to read back the unsent messages in the faulty controller, resulting in additional fault processing time, because each sending mailbox can store up to 3 messages, and the false positioning rate is 125kbps No change, arbitration is obtained when the backup bus is sent, and the longest fault processing time is:

Design of CAN interface circuit based on STM32F105 microcontroller

Therefore, the bus switching time is 16. 38 + 3. 07 = 19. 45 m s.

Through experiments, the bus switching time of continuously sending different message lengths at 125kbps bit rate is shown in Table 1:

Table 1 Bus switching time
  

Design of CAN interface circuit based on STM32F105 microcontroller

The switching time is 22.80ms at a bit rate of 125kbps, which is slightly longer than the theoretically calculated value. This is extra consumption by running redundant algorithms and reading the controller error register (ESR) during bus switching, but in actual applications, The waiting time required for sending a message to obtain arbitration is much longer than the switching time, bus failures do not occur frequently, and the redundant switching algorithm has no significant impact on the operation of the system.

4 Conclusion

Compared with the redundant scheme of two CAN controllers outside the traditional MCU bus, this design makes full use of the two CAN controllers built in the STM32F105 microcontroller, which simplifies the circuit design and relatively reduces the cost. At the same time, the dual CAN redundant communication system The adoption of improved the overall reliability of the system. The dual-bus load balancing technology used can increase the bus bandwidth and balance the communication load. System The image and data signal transmission of the ship’s engine room monitoring system has achieved very good results.

The Links:   6MBI25J-120 C123HAN011

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *