page 1  (18 pages)
2to next section

The Design of Large Real-Time Systems:

The Time-Triggered Approach

H. Kopetz M. Braun C. Ebner A. Krueger
D. Millinger R. Nossal A. Schedl

Institut fuer Technische Informatik
Technische Universitaet Wien, Austria
email: [email protected]


The time-triggered(TT) architecture approach supports the spatial partitioning of a large, distributed real-time system into a set of autonomous subsystems with small control-free data-sharing interfaces between them. This paper presents such a TT architecture and gives a detailed description of the interface between an autonomous time-triggered communication subsystem based on the TTP protocol and the host computer within a node of this architecture. This interface acts as a temporal firewall that eliminates the possibility of control error propagation from one subsystem to another subsystem. It thus facilitates the independent development and validation of the subsystems and supports the composability of the distributed architecture with respect to timeliness, validation, and certification.

1 Introduction

The dramatic improvements in the cost/performance ratio of microelectronics devices over the past ten years have opened large new markets for the utilization of real-time computer technology. Many of these new applications, e.g., the computer control of core vehicle functions, such as engines, transmissions, and brakes in the mass market of automotive electronics have high dependability requirements.

The notion of dependability covers the nonfunctional attributes of a computer system that relate to the quality of service a system delivers over an extended period of time. In the context of hard real-time systems, all five measures of dependability, i.e., reliability, safety, availability, maintainability, and security [Laprie, 1992] are relevant. The most critical of these measures is safety: the probability that a system will not fail in a catastrophic failure mode. Safety is a system issue that depends on the proper operation of both, the hardware and the software. Whereas a number of techniques are known to mask the consequences of random hardware failures, the problems of avoiding, detecting, and handling design failures in the software (and possibly in the hardware) have not been solved satisfactorily up to now [Littlewood & Strigini, 1995].

Design failures have their origin in the unmanaged complexity of a design. Although there is no universally accepted measure of the complexity of a design available, there is general agreement [Rushby, 1993] that the following system attributes increase the complexity of a design: