Time-Triggered Architecture A summary Tim Arrowsmith 2/6/2006
TTA- Introduction Infrastructure/guidelines for partitioning large applications into nearly autonomous subsystems. Also control the complexity of the evolving system. Decomposes a large embedded application into clusters and nodes Provides a FT global time base of known precision at each node Taking advantage of the global time to simplify communications and ensure timeliness of real-time applications Tim Arrowsmith
TTA – Architecture Model Broken into 6 sections: Model of Time Time and State RT Entities and RT Images State Information vs. Event Information Structure of the TTA Interconnection Topology Tim Arrowsmith
Model of Time Real time progresses as an infinite set of instants A happening that occurs at an instant is called an Event Ordering example: Node j increments clock Event e occurs Node k increments clock Tim Arrowsmith
Model of Time – cont. TTA introduces a sparse time base Time is partitioned into alternating durations of activity and silence External representation of time modelled according to the GPS time representation Time-stamp is an eight-byte integer Tim Arrowsmith
Time and State Sparse-time provides a system-wide notion of time “Interval of silence” on the sparse time base forms a system-wide consistent dividing line between the past and future and the interval when the state of the distributed system is defined Tim Arrowsmith
RT Entities and RT Images Dynamics of a real-time application are modeled by a set of relevant state variables, the RT-Entities that change their state as time progresses State Variable TT-model A RT Image is a temporally accurate picture of a RT entity at instant t Tim Arrowsmith
State Information vs. Event Information State Attribute – and property of a RT entity tha tis observed by a node of the distributed RT at a particular instant. State Information – corresponding information State Observation – records the state of a state variable at particular instant Event – sudden change of state of an RT entity that occurs at and instant Event information – information that describes an event, difference between the state before and the state after the event Tim Arrowsmith
Structure of the TTA Basic building block of the TTA is a node Tim Arrowsmith
Interconnection Topology TTA – bus configuration At every physical node there are three subsystems: the node and two guardians Tim Arrowsmith
Interconnection Topology TTA – star configuration In cluster of n node n+2 packages are needed (as opposed to 3n with bus) Tim Arrowsmith
Design Principles Discusses principles that guided TTA design Divided into 6 sections: Consistent Distributed Computing Base Unification of Interfaces Composability Scalability Transparent Implementation of FT Openness Tim Arrowsmith
Consistent Distributed Computing Base TTA exploits the short error detection latency of a TT protocol to perfome immediate error detection and distributed agreement membership Tim Arrowsmith
Unification of Interfaces The time-triggered transport protocol carries autonomously – driven by TT schedule – messages from the sender’s CNI to the receiver’s CNI Tim Arrowsmith
Unification of Interfaces – cont. An interface that prevents propagation of control errors by design is called a temporal firewall There are three types of interfaces of a node: Real-time service (RS) Diagnostic and Maintenance (DM) Configuration Planning (CP) Tim Arrowsmith
Composability Must distinguish between architeture design and node design Stability-of-prior service principle ensure that the validated service of a node is not refuted by the integration of a node into a system Tim Arrowsmith
Composability – cont. Constructive integration principle requires that if n nodes are already integrated then the integration of the n+1 node must not disturb the correct operation of the n already integrated nodes Tim Arrowsmith
Composability – cont. Replica Determinate if all members of this set have the same externally visible state, and produce the same output messages at points in time that are at most an interval of d time units apart ‘d’ is the time it takes to replace a missing message from redundant replicas Tim Arrowsmith
Scalability TTA is designed for very large distributed real-time applications Horizontal layering (abstraction) Vertical layering (partitioning) Tim Arrowsmith
Transparent Implementation of FT In TTA the FT mechanisms are implemented in a dedicated FT layer The FT CNI is identical in structure and timing to the basic non-FT CNI Tim Arrowsmith
Openness “ Provided that the CORBA security clearance is passed, it is thus possible to investigate remotely (via the Internet) the internals of every TTA node while the system is delivering its real-time service.” Tim Arrowsmith
Communication Divided into 4 sections: The TTP/C Protocol The TTP/A Protocol Event Message Channels Performance Limits Tim Arrowsmith
TTP/C Protocol Fault-tolerant time-triggered protocol that provides: Autonomous FT message transport with know delay and bounded jitter between CNI (via TDMA) FT clock synchronization, without relying on a central time server Membership service to inform every node about the “health-state” of every other node Clique avoidance Tim Arrowsmith
TTP/A Protocol Time-triggered fieldbus protocol of TTA. Connect low-cost smart transducers to a node of the TTA. Interface file system (IFS) holds real-time data, calibration data, diagnostic data, and configuration data. Information between the IFS of the smart transducer and the CNI of the TTA node is exchanged by TTP/A. TTP/A supports a “plug-and-play” mode. Tim Arrowsmith
Event Message Channels Event message channels constructed on top of basic TT communications Bytes designated a priori Two message queues provided at CNIs: Sender queue at sender’s CNI Receiver queue at receiver’s CNI Filter service and garbage collection service Tim Arrowsmith
Performance Limits Must maintain a 5µs inter-frame gap Testing currently being perfomed on 1GBit/s systems using COTS Tim Arrowsmith
Fault Tolerance Fault Hypothesis – it is assumed that a chip is a single fault-containment region. Fault-Tolerant Units – CNI implements replica determinism, it is up to host software to ensure replica determinism within the complete node. Also supports self-checking pairs. Never-Give-UP Strategy – highly application specific. Redundant Transducers – uses an agreement protocol. Tim Arrowsmith
TTA Design Methodology Architecture Design – application decomposed into clusters and nodes. Node Design – application software for host computers developed. Testing from the bottom-up. Validation – designed to reduce the validation effort. Design Tools – supported by a comprehensive set of integrated design tools of TTTech AG Tim Arrowsmith
Conclusion Guiding principle: take maximum advantage of the availability of global time. TTA currently occupies a niche position. The designers hope to broaden as mainstream application designers start to utilize time instead of attempting to dismiss it. Tim Arrowsmith