Distributed embedded safety critical real-time systems, design and verification aspects on the example of the time triggered architecture

The Time Triggered Architecture (TTA) and its related communication protocol, TTP/C is an emerging communication principle for distributed fault-tolerant real-time systems. Typical applications are safety-critical digital control systems such as drive-by-wire and fly-by-wire. This paper highlights the hardware / software architecture and design of the first industrial single chip communication controller for the Time Triggered Protocol (TTP/C). An application specific RISC core with several specialized peripheral blocks, RAMs, flash memory and analog cells was implemented together with necessary protocol firmware to fulfill both cost and safety requirements. Whereas the controller chip itself can be seen as an embedded system, the composability characteristic of TTA enables a hierarchical system design style with nodes and communication clusters as higher level system components embedded into an application device like a car or airplane. A complete framework for hardware / software co-simulation and verification across all levels of hierarchy was buildt up to support the design work from chip to system level. Furthermore, system reliability and fault behavior of a safety critical system has to be shown to safety certification authorities. Extensive fault infection experiments have been performed at simulation and physical level to proof the concept, fault model and resulting implementation of an embedded TTA control system.