[ main page ] [ back ]

1999 : Configuration Tool for a Fault Tolerance Layer in a Time Triggered System Architecture

Christoph Mack
The autonomous computation-nodes of the Time Triggered Architecture (TTA) exchange messages via a replicated communication bus in a statically defined time-multiplexed manner. The nodes are divided into two autonomous subsystems, called the communication- and the host subsystem. In safety critical applications nodes can be replicated to tolerate eventual failures of the system's components. A group of replicated nodes is called a Fault Tolerant Unit (FTU).

With the occurrence of multiple instances of one message this replication becomes visible at an interface (SRU CNI) inside the communication subsystem. The instances origin from the member nodes of an FTU. To hide these effects of the replication from the host subsystem, a protocol layer called the Fault Tolerance Layer (FT-Layer) is introduced which provides an interface (FT CNI) making FTUs partners instead of nodes. This assures that instead of multiple message instances there is only one agreed FT-Message visible at the FT CNI. Also the information about the aliveness-state of the computation nodes which is provided at the SRU CNI is transformed into FTU semantics and provided at the FT CNI.

In a time-triggered architecture the actions which have to be performed by the FT-Layer as well as the instances at which these actions have to be initiated can be defined statically a priory at system design time. If this information is available in a machine readable format, the FT-Layer performs the necessary actions at the appropriate points in real-time according to this action schedule.

The contribution of this thesis is the development of a configuration tool that generates a machine readable action schedule for any FT-Layer of a TTA application. The Message Description List (MEDL) specifies the bus access behavior of the computation nodes in the time domain and consequently the availability of the message instances at the SRU CNI. The message exchange behavior of a host defines which messages it has to send or receive. It implicitly specifies the demands on the FT-Layer concerning the message transfer. Based on these demands and the MEDL the developed configuration tool generates the actions necessary for the message transfer and calculates the points in real-time when these actions have to be executed to achieve an optimal temporal accuracy of the transported values. Because the formation of the FTUs is also established at system design time, this knowledge is used to update the information about the aliveness-state of the FTUs.

@mastersthesis{ mack:1999,
  author =      "Christoph Mack",
  title =       "Configuration Tool for a Fault Tolerance Layer in a Time Triggered System Architecture",
  address =     "Treitlstr. 3/3/182-1, 1040 Vienna, Austria",
  school =      "Technische Universit{\"a}t Wien, Institut f{\"u}r Technische Informatik",
  year =        "1999"
Get Diplomarbeit_Mack_Christoph.pdf - Adobe PDF-format, (708.5186 KB; posted at July 09 2013)

[ main page ] [ back ]