Stefan Poledna

Time-triggered architecture: a consistent computing platform

The time-triggered architecture provides a consistent computing platform for large complex applications and safety-relevant systems. TTA is already in use in railway systems, and the aerospace and automotive industries are beginning to adopt it, with first products making their way into the field.

Fault tolerance in safety critical automotive applications: cost of agreement as a limiting factor

The high availability and safety requirements for automotive electronics are currently almost exclusively addressed by application specific engineering solutions to fault tolerance rather than by systematic approaches. Currently, systematic approaches are ruled out because of cost. The reason for this is that a systematic approach to fault tolerance requires: replication of components; and communication between replicated components to achieve agreement despite nondeterminism. While replicated components become more and more available with the connection of different control units by means of a multiplex bus, it is shown that the cost of agreement on sensor inputs will become the limiting factor for systematic approaches to fault tolerance. For that reason a new agreement algorithm is introduced which considers the problem of agreement and sensor inputs in an integrated fashion. This algorithm takes advantage of the a priori knowledge on the maximum deviation of replicated sensor inputs. Optimality of this algorithm is shown with respect to the minimum number of bits for agreement. This algorithm allows broader application of systematic fault tolerance to automotive applications. The result of this work will be used for a prototype implementation of a safety critical automotive application.<<ETX>>

Tolerating sensor timing faults in highly responsive hard real-time systems

Real-time systems that have to respond to environmental state changes within a very short latency period often use event-triggered task activation. If the system has to function correctly in the presence of sensor faults, event-triggered task activation is not reliable. Faulty sensors may cause task activations to occur too early, too late, or task activations are omitted entirely. In particular, early task activations can overload the system. Time-triggered task activation is reliable, but by defining a competitiveness ratio it is shown that the processor utilization for highly responsive tasks is unacceptably low. To overcome the problems of event-triggered task activation while preserving its good performance the task-splitting model is introduced. The task-splitting model integrates fault tolerance into the analysis and construction of hard real-time systems by using a combination of event-triggered and time-triggered task activation. Based on a general task model, it is independent of any particular scheduling algorithm. The result of this work has influenced the design of a new operating system which will be applied in a robust automotive engine controller of the next generation. >

A node as a real-time object

In real-time systems the temporal performance of the implementation is a key issue. Since this temporal performance depends not only on the functions and structure of the application software, but also on the services of the operating system, and the architecture and performance of the hardware, we argue that a node, i.e., a complete hardware software unit, is a proper unit of abstraction when building large distributed fault-tolerant real time systems.

Deterministic system design with Time-Triggered technology

With the growing complexity of cyber-physical systems, industry relies on proper architectures and design guidelines for successful product development. For markets with safety requirements there is a particular need for architectures that allow a deep and thorough understanding of the system behavior. The Time-Triggered Architecture (TTA) as initially developed at the Technical University of Vienna and further cultivated by TTTech is such an architecture. In this paper we give an overview of the TTA and describe its application in an industrial context.

Reliability of event-triggered task activation for hard real-time systems

Real-time systems which have to respond to environmental state changes within a very short latency period are often using event-triggered task activation. If the system has to work even in case of sensor failures, event-triggered task activation is not reliable. Task activations may occur too early, thus causing a system overload, they may occur too late or are entirely omitted. To overcome these problems the task-splitting model is introduced, which integrates fault tolerance into the analysis and construction of hard real-time systems. This model controls event-triggered task activations to handle faults while guaranteeing timely reponse to changes of environmental states. The task-splitting model is independent of any particular scheduling algorithm, it is based on a general task model. The result of this work has influenced the design of a robust engine controller of the next generation.<<ETX>>