This paper presents the conceptual model and the fundamental mechanisms for software development in the context of the Brite-EuRam project Safety Related Fault Tolerant Systems in Vehicles (nick-named X-By-Wire). The objective of the X-By-Wire project is to achieve a framework for the introduction of safety related fault tolerant electronic systems without mechanical backup in vehicles.
To achieve the required level of fault-tolerance, an X-By-Wire system must be designed as a distributed system comprising a number of fault-tolerant units connected by a reliable real-time communication system.
For the communication system, the time-triggered TTP/C real-time communication protocol was selected. TTP/C provides fault-tolerance message transfer, state synchronization, reliable detection of node failures, a global time base, and a distributed membership service.
Redundancy is used for masking failures of individual processor nodes and hardware peripherals. To keep the required number of processors low, the processor nodes must exhibit fail-silent behavior, i.e., produce either correct results or none at all.
At the logical design level, the so called XBW-model was developed to combine the basic mechanisms for system design (BASEMENT and DFR). For the detailed software design of embedded distributed fault-tolerant hard real-time systems, the framework of the DFR meta object model is used. The model supports systematic error detection strategies for achie-ving fail-silence behavior at the node level and fault tolerance strategies for achieving fail-operational behavior at the system level. This eases the application software development for distributed fault-tolerant real-time systems considerably.
Within the X-By-Wire project, a prototype of a steer-by-wire system is developed. This prototype will demonstrate the application of the principles, model, and mechanisms developed by the X-By-Wire partners.