The Time-Triggered Architecture (TTA) is a platform for safety-critical embedded systems like aircraft flight control that uses a time-triggered protocol over redundant communication channels. Nodes are precisely scheduled to transmit and receive messages to ensure deterministic and fault-tolerant execution. While providing real-time performance guarantees, the rigid schedule allows easy testing but limits flexibility for spontaneous messages.

1. Time-Triggered Architectures

2. The Time-Triggered Architecture:
What Is It?
-The Time-Triggered Architecture (TTA) is a
platform for safety-critical embedded systems
E.g., aircraft and engine flight control
-Functionally, it is a TDMA (time-triggered) serial
bus
-“Bus" understates its criticality and sophistication
*It is the safety-critical core of the systems built
above it

3. • The components of a TTA will
communicate using a time-triggered
protocol.
– Hardware support needed for running the
protocol.

4. TTA: Where Did It Come From?
-Developed by the group of Hermann
Kopetz, TU Vienna
-Commercialized by TTTech
-TTA is unique in being developed for mass-
market for automobile applications (Audi,
PSA etc.) but also used for aircraft
applications (Honeywell)

5. • Application domains:
– Automotive electronics
– Fly-by-wire cockpits
– Railway signaling systems
• Reason: time-deterministic executions.

6. The Main Idea
• Time-triggered
– Every speaker is assigned a predetermined time slot.
– After one round, the speaker gets a slot again.
– Also, a topic-schedule has been worked out in
advance.
• Top1, Top2, Top4 in the first round.
• Top1, Top3 and Top5 in the second round
• Top2, Top4 and Top5 in the third round.
– Ensure no one breaks the rules!

7. Basic Characteristics of TTA
• Exists in both bus and star topologies
(logically still a bus)
• All functionality implemented in the
distributed interfaces (called TTP/C
controllers)
• And in the hub of the star topology (a
modified controller)
• Creates a synchronous, TDMA ring on a
broadcast bus

9. Time-Triggered Architecture

10. Time-Triggered Architecture
• Basic unit: NODE
• Node:
 A processor with memory
 I-O subsystem
 Operating system
 Application software
 Time-triggered communication
controller

11. Time-Triggered Architecture
• Communication (TTA Protocol)
 Nodes connect to each other via two
independent channels.
 The communication subsystem
executes a periodic Time Division
Multiple Access (TDMA) schedule.
 Read a data frame + state information
from CNI (Communication Node
Interface) at predetermined fetch instant
and deliver to the CNIs of all receiving
nodes at predetermined delivery
instants.

12. Time-Triggered Architecture
• Communication
 All the TTPs in a cluster know this
schedule.
 All nodes of a cluster have the “same”
notion of global time. (achieved by
synchronizing local time)
 fault-tolerant clock synchronization.
 TTA BUS topology.

13. System Overview
• Replicated
communication channels
• The channel is a
broadcast bus
• Access is by TDMA
driven by progression of
global time
• Local nodes time
synchronized by TTP
• Communication by rapid
and periodic message
exchanges

14. Features of the TTP
• Fault-tolerance
• Only data signals (and no control signals)
cross interfaces.
• Integrates numerous services
– Predictable message transmission
– Message acknowledgement in group communication
– Clock synchronization
– Membership

15. TTP Design Rationale
• Sparse time base
– Messages are sent only at statically designated intervals
– Inflexible compared to Event-triggered (ET) model, but easier to
test
• Use of a priori knowledge
– All nodes are aware of when each node is scheduled to transmit
• Broadcast
– Correctness of transmitted message can be concluded as soon
as one receiver acknowledges message delivery (broadcast
medium)

16. Protocol Highlights
• Bus access
– A FTU will have one or two time slots depending on class of
fault-tolerance
– Number of slots in a TDMA round given to an FTU may also be
different
• Membership Service
– If a message from a sending node does not occur in designated
interval, its membership is set to 0 in other nodes
– Membership checked before transmission. A node is alive if
• Its internal error detection mechanism has not indicated error
• At least one of its transmitted frames has been correctly
acknowledged.

17. Protocol Highlights
• Temporary blackout handling
– Correlated failure of a number of nodes
– Identified by sudden drop in membership
– Nodes send I-messages and perform local
emergency control
– After membership has stabilized, mode
changed to global emergency service

18. Protocol Highlights
Temporal encapsulation of nodes
– Communication bandwidth assigned statically
– Time base is sparse- every input can be observed
and reproduced exactly
• Testability
– Easy to test the implementation in comparison to ET
– Easy to simulate –finite number of execution
scenarios
• Uncontrolled interactions between nodes are prevented
• Determinism: can replicate states of nodes

19. Strengths
• Can provide fault-tolerant real-time performance
• Practical (MARS platform), efficient, and
scalable
– Can be implemented using available hardware,
signalling mechanisms
– Low overhead
– High data rates, used in both twisted fiber and optical
channels
• Reusability, composability, and testability

20. Weaknesses
• The schedule is fixed so there is no bandwidth
allocated for alarms and other spontaneous
messages
• All fault-tolerance mechanism is implemented
at system level, this means that very little
“freedom” is left for application specific
implementations
• Addition of nodes affects the existing system
(although not the application)

21. • Time-Triggered architectures and
protocols will become important.
• Seemingly simple
– But quite sophisticated
• for time-deterministic, robust distributed
systems.