The Time-Triggered Architecture (TTA) provides many state-of-the-art mechanisms to guarantee fault tolerance and highest system availability, in part due to the use of a fault-tolerant communication protocol. However, some failure modes are known that cannot be tolerated by a fault-tolerant communication protocol alone and that can threaten the availability of distributed systems. The possibility of these failure modes occurring in safety critical applications like steer-by-wire or brake-by-wire without mechanical backup is not acceptable.
A dedicated device can be used to transform arbitrary node failures to failure modes tolerated by the Time-Triggered Protocol (TTP), eliminating failures that can lead to a loss of communication and thus to a loss of availability of the distributed system. In the star architecture, this functionality is concentrated in two redundant nodes (called TTA StarCouplers) placed in the center of a star configuration, providing highest system availability at lowest cost.
The paper describes the functional blocks of the TTA StarCoupler. A description of the specific faults that are addressed by this architecture, i.e., “SOS faults”, “spatial proximity faults” and “babbling idiot faults”, is given, and the impossibility to protect a distributed system against these faults without such dedicated countermeasures is shown.