Professional Documents
Culture Documents
html
Chapter 7
After too much time playing with the simulation software(s), and having become familiar with the basic NMT
procedures of J1939, it downed on me that Microchip's provided source code for J1939.c CAN library has a
nasty bug.
Not only that, but also Vector's CAPL code for their AddressClaiming_CN.cfg sample, much touted by myself
in Chapter 5 suffers exactly the same bug!
Let us start with Microchip's J1939.c CAN library (app. note 930):
1 of 9 28/09/2012 22:53
J1939 CAN bus spy, Chapt. 7: bug in Microchip App. Note J1939.c library http://recursos3.planetaclix.pt/canuart/index_7.html
Saddly to say, our most beloved Microchip provided source code for J1939.c CAN library has a serious bug.
I wonder why nobody has already pointed that (as far as I know), since Microchip's source code has been around
since at least 2004. Either nobody is using it, or nobody payed much attention.
No two nodes can have the same Source Address, therefore according to SAE J1939-81, a node must
successfully claim an address according to the procedures explained in section 4.2 “Network Management
Procedure” prior to sending any other messages on the network.
In SAE J1939-81, the key to resolve any contention between 2 nodes claiming the same address is to use the
node's NAMEs which must always be unique:
Each ECU on the network will have at least one name and one address associated with it. (...) The
address of an ECU defines a specific communications source or destination for messages, the name
includes identification of the primary function performed at that address and adds an indication of the
instance of that functionality in the event that multiple ECUs with the same primary function coexist on
the same network. As many as 254 different ECUs of the same function can coexist on the network,
each identified by their own address and name.
To uniquely name each ECU, J1939 defines a 64 bit NAME consisting of the fields shown in Table 1.(...)
In general, most ECUs will use their Preferred Addresses immediately upon power up. A specific
procedure (defined in J1939/81 and elaborated on in J1939/01) for assigning addresses after powerup is
used to resolve any conflicts that may occur. Each ECU must be capable of announcing which
address(es) it intends to use.
1 bit 3 bit 4 bit 7 bit 1 bit 8 bit 5 bit 3 bit 11 bit 21 bit
Now, when it comes to comparing the 64 bit NAMEs, SAE J1939-81 states:
The byte ordering of the NAME fields in a CAN message is shown in table 2, and is arranged to allow the
NAME to be treated as a number in a manner consistent with SAE J1939-71. The entire 8 byte NAME is
2 of 9 28/09/2012 22:53
J1939 CAN bus spy, Chapt. 7: bug in Microchip App. Note J1939.c library http://recursos3.planetaclix.pt/canuart/index_7.html
used as a single numeric value in arbitration processes when multiple CAs attempt to claim the same
address (see 4.4.3.3).
Notice that "Byte1, Bit 8 is the bit sent closest to the DLC bits of the message", and that "Byte8, Bit 1 is the last of the
data bits sent and is closest to the CRC in the message" (SAE uses bits 8..1 where we use bits 7...0).
This really means that the bytes are output to the CAN bus in the reverse order of their priority.
That the Arbitrary Address Capable bit is the most significant makes all sense, as a node (in J1939 parlance, a
Controller Application (CA)) with such capability can afford to loose arbitration for a less endowed node (!):
3 of 9 28/09/2012 22:53
J1939 CAN bus spy, Chapt. 7: bug in Microchip App. Note J1939.c library http://recursos3.planetaclix.pt/canuart/index_7.html
for a Preferred Address since the setting of the Arbitrary Address Capable bit in its NAME lowers its
priority for address claim. This is correct behavior since its ability to operate correctly on the network
will not be affected by the loss of arbitration. Note that if its function is one that would normally use a
Preferred Address in the lower 128, it will claim that address first. Only upon losing arbitration during
Address Claim will it claim an unused
address from the range above 128.
(...)
Our hardware configuration to test the J1939.c CAN library was this:
2 PIC CAN bus + RS232 configuration to test J1939.c CAN library - the nodes' NAMEs differ only
by the J1939_IDENTITY_NUMBER (12344 for node A, 12345 for node B)
2A 0A 62 5A 28 20 30 38 (#128)
2A 0A 62 5A 28 20 30 39 (#129)
1. our breadboard assembly was downsized to have just 2 functional PIC18F4580, one of them with the UART
interface connected to the PC
2. the J1939 NAMEs and Source Addresses were matched to the simulation run with Michael Eisele's Xtm, as
we got quite familiar with these bytes by now
3. added a few instructions to compareNames() function, see below the highlighted code
4. so that while reacting to the generated Address Claimed message, the CAN - UART PIC compareNames()
function outputs the values of the compared NAMEs arrays thru the serial port
5. which we then colect in the PC's terminal program
4 of 9 28/09/2012 22:53
J1939 CAN bus spy, Chapt. 7: bug in Microchip App. Note J1939.c library http://recursos3.planetaclix.pt/canuart/index_7.html
Running the code in MPLAB simulator, then watching the array CA_Name:
Again, notice that the NAME's bytes are output to the CAN bus in the reverse order of their priority.
If you remember the previous chapter, bit 7 of that last byte CA_name[7] = 0x2A is the place where the Arbitrary
Address Capable bit (in our case it is 0) ended...
In the PC's Terminal v1.9b (provided by Bray++) window we collect the folowing strings, dumped by our UART:
/*********************************************************************
CompareName
This routine compares the passed in array data NAME with the CA's
current NAME as stored in CA_Name.
Parameters: unsigned char * Array of NAME bytes
Return: -1 - CA_Name is less than the data
0 - CA_Name is equal to the data
1 - CA_Name is greater than the data
*********************************************************************/
signed char CompareName( unsigned char *OtherName )
{
unsigned char i;
if (i == J1939_DATA_LENGTH)
return 0;
else if (CA_Name[i] < OtherName[i] )
return -1;
else
return 1;
}
5 of 9 28/09/2012 22:53
J1939 CAN bus spy, Chapt. 7: bug in Microchip App. Note J1939.c library http://recursos3.planetaclix.pt/canuart/index_7.html
The error in the code is that instead of comparing from Name[0] up to Name[7] it should be done in reverse, from
Name[7] down to Name[0] - because the NAME's bytes are output to the CAN bus in the reverse order of their
priority.
With the code "as is", the contention is wrongly decided by first looking at the 64th bit, in the low byte of Identity
Number, then the second byte of Identity Number etc. etc., but SAE J1939-81 says it should start by the 1rst
bit, our old Arbitrary Address Capable.
Don't get me wrong, other then the Function CompareName () bug, on the whole this is the best (free) piece of
source code I came upon, related to J1939.
And if you didn't notice yet, let me show you that it is prepared to be integrated in Application Maestro, which is quite
useful to generate code for diefferent configurations.
To see it yourself, grab Application Maestro from Microchip's site, install and launch (or check if you already have it
at \Program Files\Microchip\MpAM):
6 of 9 28/09/2012 22:53
J1939 CAN bus spy, Chapt. 7: bug in Microchip App. Note J1939.c library http://recursos3.planetaclix.pt/canuart/index_7.html
The content of a module is defined in the Application Maestro Software script file named j1939.cls, which is located
at the root level of the Modules folder.
The Application Maestro Software uses this file to provide information for the Available Module pane (name,
revision level, language format and descriptive comments), as well as define the valid range of the configurable
parameters and the output for the module.
So, extract the above files to \Program Files\Microchip\MpAM\Modules\J1939 then move j1939.cls up one level to
folder \Modules.
Close then relaunch MpAm.exe, and now you have a new module ready:
7 of 9 28/09/2012 22:53
J1939 CAN bus spy, Chapt. 7: bug in Microchip App. Note J1939.c library http://recursos3.planetaclix.pt/canuart/index_7.html
And now you can configure your j1939 node in the left pane with much ease.
5 - What is next?
Don't want to look paranoid, but Vector's CAPL code for their AddressClaiming_CN.cfg sample, which we used for
our Chapter 5, is also wrong (yes - the same bug; perhaps there is some link between these two sources?).
So next time we go over that.
Don't forget: if you don't want to miss the next chapter, just drop me an email
to recursos.pt@gmail.com subject: J1939 CAN, and I will notify you.
No other use will be made of your e-mail address.
8 of 9 28/09/2012 22:53
J1939 CAN bus spy, Chapt. 7: bug in Microchip App. Note J1939.c library http://recursos3.planetaclix.pt/canuart/index_7.html
©Rec (recursos.pt@gmail.com)
06-05-04
9 of 9 28/09/2012 22:53