Tolerating Arbitrary Node Failures in the Time-Triggered Architecture

The Time-Triggered Architecture (TTA) is a distributed architecture for high-dependability real-time systems such as break-by-wire or steer-by-wire systems. This paper is devoted to the fault-tolerance and fault-handling capabilities of the TTA. We will present the architectural and algorithmic features of the time-triggered communication protocol TTP/C that allow isolation of arbitrary failures of a node-computer in the distributed system. Having node failures isolated, the introduction of redundant nodes accompanied by voting services located in a generic fault-tolerance layer makes the architecture tolerant to Byzantine failures of node-computers. We will also present the mechanisms that detect multiple failure scenarios at the communication system level and provide means for rapid handling of and deterministic recovery from such situations. Based on a sample brake-by-wire application we will provide some figures concerning the performance of the architecture and discuss how the system engineer benefits from the inherent properties of the TTA.