I think we’re converging. My thinking is that this non-normative section is addressed to a bus architect who has to do the loading calculations and ensure that all possible states are valid for a system. Let me refine my proposal with that actor in mind:
- Exceptional - The bus designer can ignore these messages when calculating bus load since they should only be sent when a total system failure has occurred. For example, a self-destruct message on a rocket would use this priority (Since there will be no CAN bus after the message is sent the bus load is irrelevant, kaboom!). Another analogy is an NMI on a microcontroller.
- Immediate - Immediate is a “high priority message” but with additional latency constraints. Since exceptional messages are not considered when designing a bus, the latency of immediate messages can be determined by considering only immediate messages.
- Fast - Fast and immediate are both “high priority messages” but with additional latency constraints. Since exceptional messages are not considered when designing a bus, the latency of fast messages can be determined by considering only immediate and fast messages.
- High - High priority messages are more important than Nominal messages but have looser latency requirements than fast messages. This priority is used so that, in the presence of rogue nominal messages, important commands can be received. For example; one might envision a failure mode where a temperature sensor starts to load a vehicle bus with nominal messages. The vehicle remains operational (for a time) because the controller is exchanging fast and immediate messages with sensors and actuators. A system safety monitor is able to detect the distressed bus and command the vehicle to a safe state by sending high priority messages to the controller.
- Nominal - This is what all messages should use by default. Specifically the NodeStatus should use this priority.
- Low - Low priority messages are expected to be sent on a bus under all conditions but cannot prevent the delivery of nominal messages. They are allowed to be delayed but latency should be constrained by the bus designer.
- Slow - Slow messages are low priority messages that have no time sensitivity at all. The bus designer need only ensure that, for all possible system states, these messages will eventually be sent.
- Optional - These messages might never be sent (theoretically) for some possible system states. The system must tolerate never exchanging optional messages in every possible state. The bus designer can ignore these messages when calculating bus load. This should be the priority used for diagnostic or debug messages that are not needed on an operational system.