Re: You’ve possibly made a mistake....
Those controllers on your desk - interesting and very worrying indeed.
Certainly at the automotive prime I worked for, putting periodic messages onto a *powertrain* CAN would be considered grounds for instant dismissal. In a literal, not metaphorical sense.
On a secondary CAN bus, eg infotainment or window motors, as I said personally I think that’s safe, but still would not have been considered remotely acceptable at that company.
Error checks - yes, I think we differ in our definitions. One should count errors, and update statuses, at transport level, but not act upon them. Application level can perform mode switch based on error status. But within an operating mode, definitely no conditional operations.
Microsecond timing - my statement was short for baud rate.
“Rebooting a controller isn’t an option”....yes, obvs. So, you don’t. Critical nodes are run with hot redundancy, and hot-swapped on fail. Ditto controller. Errors trigger a mode change to whatever safe-mode is defined, so if it’s something critical then even if you have swapped to something working you have lost the backup node, so you need to be in safe mode.
Once you are in safe mode, then you can cycle the redundant failed node, because the operations are running correctly on primary.
Biting the hand that feeds IT
