The X-By-Wire Concept: Time-Triggered Information Exchange and Fail Silence Support by New System Services
This paper presents the conceptual model and the fundamental mechanisms for software development in the context of the Brite-EuRam project Safety Related Fault Tolerant Systems in Vehicles (nick-named X-By-Wire). The objective of the X-By-Wire project is to achieve a framework for the introduction of safety related fault tolerant electronic systems without mechanical backup in vehicles. To achieve the required level of fault-tolerance, an X-By-Wire system must be designed as a distributed system comprising a number of fault-tolerant units connected by a reliable real-time communication system. For the communication system, the time-triggered TTP/C real-time communication protocol was selected. TTP/C provides fault-tolerance message transfer, state synchronization, reliable detection of node failures, a global time base, and a distributed membership service. Redundancy is used for masking failures of individual processor nodes and hardware peripherals.