Search Results

The Time-Triggered Architecture (TTA) provides many state-of-the-art mechanisms to guarantee fault tolerance and highest system availability, in part due to the use of a fault-tolerant communication protocol. However, some failure modes are known that cannot be tolerated by a fault-tolerant communication protocol alone and that can threaten the availability of distributed systems. The possibility of these failure modes occurring in safety critical applications like steer-by-wire or brake-by-wire without mechanical backup is not acceptable. A dedicated device can be used to transform arbitrary node failures to failure modes tolerated by the Time-Triggered Protocol (TTP), eliminating failures that can lead to a loss of communication and thus to a loss of availability of the distributed system.

This paper presents a novel communication architecture denoted as time-triggered (TT) Ethernet that integrates real-time and non-real-time traffic into a single communication architecture. TT Ethernet supports applications of different levels of criticality, from simple data acquisition systems, to multimedia systems up to the most demanding fault-tolerant real-time control systems. The event triggered traffic in TT Ethernet is handled in conformance with the existing Ethernet standards of the IEEE. The architecture deploys a TT Ethernet switch, which distinguishes between event-triggered (ET) and time-triggered (TT) Ethernet traffic. Time-triggered traffic is transmitted with a predictable transmission delay, whereas event-triggered traffic is transmitted on a best-effort basis. The paper elaborates on the usage of TT Ethernet for in-vehicle communication in order to integrate different in-vehicle communication subsystems into a single communication architecture.

Electronically controlled safety-critical functions are becoming more and more prevalent in the off-highway industry (construction, agricultural or forestry machinery etc). Failures of such safety-critical functions may cause serious injury or death to people. Therefore, product safety and liability are becoming increasingly important for all OEMs in this industry. Currently, IEC 61508 [1] is considered the state-of-the-art standard for the development of safety-critical systems. Safety integrity levels (SIL) 2 and 3 are the most common levels required by off-highway applications. This paper shows a scalable architecture with a single ECU type that allows fulfilling both SIL2 and SIL3 requirements: A 1oo1D architecture (single ECU) will be used for systems with SIL2 requirements, a 1oo2D architecture for SIL3 requirements. In the 1oo2D variant two redundant ECUs exchange data over a time-triggered protocol.

The Time-Triggered Architecture (TTA) is a technology that is especially well suited for the design and implementation of ‘by-wire’ systems with demanding real-time and safety requirements. Design and prototyping require thorough planning. New hardware and software support simulation and prototyping of distributed real-time systems, easing the implementation of by-wire applications. Integrated tools support the whole design process from system setup to simulation and application programming. The paper describes a by-wire prototype design process based on the TTA and a currently available development environment.

TTP/A is the fieldbus protocol of the Time Triggered Architecture (TTA). It provides periodic transmission of real-time data and allows for on-line configuration, diagnostics, and maintenance by use of an interface file system. It is well integrated with the TTP/C protocol and is designed to meet the requirements of a low-cost sensor/actuator bus. TTP/A is a master-slave protocol where the master establishes a common time base within a TTP/A cluster. Since the master establishes the time base prior to the communication of slaves, the protocol can be implemented with low-cost on-chip RC oscillators for the slaves. Using a standard UART-based serial interface as physical layer, the slave TTP/A protocol can be implemented in very low cost Commercial Off-The-Shelf (COTS) hardware.

The paper presents a communication architecture for distributed embedded computer systems that require to transmit safety-critical real-time data - which must not be delayed - on the same bus as non-critical data. Such non-critical data can come from sources like sensors and event-based traffic, typically for on-demand diagnosis. This architecture utilizes the communication protocols TTP/C and TTP/A, and a software layer in the distributed nodes, to provide a fault-tolerant platform for reliable yet flexible communication over a multiplex bus.

The Time-Triggered Architecture (TTA) is a distributed architecture for high-dependability real-time systems such as break-by-wire or steer-by-wire systems. This paper is devoted to the fault-tolerance and fault-handling capabilities of the TTA. We will present the architectural and algorithmic features of the time-triggered communication protocol TTP/C that allow isolation of arbitrary failures of a node-computer in the distributed system. Having node failures isolated, the introduction of redundant nodes accompanied by voting services located in a generic fault-tolerance layer makes the architecture tolerant to Byzantine failures of node-computers. We will also present the mechanisms that detect multiple failure scenarios at the communication system level and provide means for rapid handling of and deterministic recovery from such situations.

The next generation of cars will consist of a high number of networked electronic control units (ECUs) and significantly more complex software modules and control applications than today's models. Besides applications like engine control, air condition control and anti-theft systems, which are already available in today's cars, the first steps towards the introduction of safety-relevant steer-by-wire and brake-by-wire systems will be undertaken. Additionally, the demand for in-car entertainment and information systems (e.g. Internet terminals, video-streaming applications) will also increase. Since all these systems have conflicting requirements to the underlying network protocol (latency, predictability, throughput…), the straight-forward way would be to use autonomous busses and networks for every kind of distributed system within the car body (ultra-available safety-relevant systems, non-safety-relevant control systems, entertainment and media systems).