Time-triggered architecture (abbreviated as TTA), also known as a time-triggered system, is a computer system that executes one or more sets of tasks according to a pre-determined and set task schedule. —in turn—release the system tasks at predetermined points in time.Implementation of a TT system will typically involve use of a single interrupt that is linked to the periodic overflow of a timer. This interrupt may drive a task scheduler (a restricted form of real-time operating system). The scheduler will
Because they have highly deterministic timing behavior, TT systems have been used for many years to develop safety-critical aerospace and related systems.
An early text that sets forth the principles of time triggered architecture, communications, and sparse time approaches is Real-Time Systems: Design Principles for Distributed Embedded Applications in 1997.
Use of TT systems was popularized by the publication of Patterns for Time-Triggered Embedded Systems (PTTES) in 2001and the related introductory book Embedded C in 2002. The PTTES book also introduced the concepts of time-triggered hybrid schedulers (an architecture for time-triggered systems that require task pre-emption) and shared-clock schedulers (an architecture for distributed time-triggered systems involving multiple, synchronized, nodes).
Since publication of PTTES, extensive research work on TT systems has been carried out.
Time-triggered systems are now commonly associated with international safety standards such as IEC 61508 (industrial systems), ISO 26262 (automotive systems), IEC 62304 (medical systems) and IEC 60730 (household goods).
Time-triggered systems can be viewed as a subset of a more general event-triggered (ET) system architecture (see event-driven programming).
Implementation of an ET system will typically involve use of multiple interrupts, each associated with specific periodic events (such as timer overflows) or aperiodic events (such as the arrival of messages over a communication bus at random points in time). ET designs are traditionally associated with the use of what is known as a real-time operating system (or RTOS), though use of such a software platform is not a defining characteristic of an ET architecture.
In digital computers, an interrupt is a response by the processor to an event that needs attention from the software. An interrupt condition alerts the processor and serves as a request for the processor to interrupt the currently executing code when permitted, so that the event can be processed in a timely manner. If the request is accepted, the processor responds by suspending its current activities, saving its state, and executing a function called an interrupt handler to deal with the event. This interruption is temporary, and, unless the interrupt indicates a fatal error, the processor resumes normal activities after the interrupt handler finishes.
OSEK is a standards body that has produced specifications for an embedded operating system, a communications stack, and a network management protocol for automotive embedded systems. It has produced related specifications, namely AUTOSAR. OSEK was designed to provide a reliable standard software architecture for the various electronic control units (ECUs) throughout a car. Lately, it is supported by popular SSL/TLS libraries such as wolfSSL for optimal security measures.
Nucleus RTOS is a real-time operating system (RTOS) produced by the Embedded Software Division of Mentor Graphics, a Siemens Business, supporting 32- and 64-bit embedded platforms. The operating system (OS) is designed for real-time embedded systems for medical, industrial, consumer, aerospace, and Internet of things (IoT) uses. Nucleus was released first in 1993. The latest version is 3.x, and includes features such as power management, process model, 64-bit support, safety certification, and support for heterogeneous computing multi-core system on a chip (SOCs) processors.
FreeRTOS is a real-time operating system kernel for embedded devices that has been ported to 35 microcontroller platforms. It is distributed under the MIT License.
Azure RTOS ThreadX is a highly deterministic, embedded real-time operating system (RTOS) programmed mostly in the language C.
Safety integrity level (SIL) is defined as a relative levels of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a safety instrumented function (SIF).
IEC 61508 is an international standard published by the International Electrotechnical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.
EtherCAT is an Ethernet-based fieldbus system. The protocol is standardized in IEC 61158 and is suitable for both hard and soft real-time computing requirements in automation technology.
PikeOS is a commercial, hard real-time operating system (RTOS) that offers a separation kernel based hypervisor with multiple logical partition types for many other operating systems and applications. It enables users to build certifiable smart devices for the Internet of things according to the high quality, safety and security standards of different industries.
TTP/A is a time-triggered real-time fieldbus protocol used for the interconnection of low-cost smart transducer nodes. In contrast to the Time-Triggered Protocol (TTP), which is a high-speed, fault-tolerant communication network intended for safety critical applications, TTP/A provides a low-speed, low-cost protocol suitable for non-critical applications like car body electronics.
The Time-Triggered Ethernet standard defines a fault-tolerant synchronization strategy for building and maintaining synchronized time in Ethernet networks, and outlines mechanisms required for synchronous time-triggered packet switching for critical integrated applications, IMA and integrated modular architectures. SAE International has released SAE AS6802 in November 2011.
Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system should be designed to properly handle likely human errors, hardware failures and operational/environmental stress.
Liverpool Data Research Associates (LDRA) is a provider of software analysis, and test and requirements traceability tools for the Public and Private sectors and a pioneer in static and dynamic software analysis.
ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles, defined by the International Organization for Standardization (ISO) in 2011, and revised in 2018.
TargetLink is a software for automatic code generation, based on a subset of Simulink/Stateflow models, produced by dSPACE GmbH. TargetLink requires an existing MATLAB/Simulink model to work on. TargetLink generates both ANSI-C and production code optimized for specific processors. It also supports the generation of AUTOSAR-compliant code for software components for the automotive sector. The management of all relevant information for code generation takes place in a central data container, called the Data Dictionary.
Development testing is a software development process that involves synchronized application of a broad spectrum of defect prevention and detection strategies in order to reduce software development risks, time, and costs.
Automotive Safety Integrity Level (ASIL) is a risk classification scheme defined by the ISO 26262 - Functional Safety for Road Vehicles standard. This is an adaptation of the Safety Integrity Level (SIL) used in IEC 61508 for the automotive industry. This classification helps defining the safety requirements necessary to be in line with the ISO 26262 standard. The ASIL is established by performing a risk analysis of a potential hazard by looking at the Severity, Exposure and Controllability of the vehicle operating scenario. The safety goal for that hazard in turn carries the ASIL requirements.
Hercules is a line of ARM architecture-based microcontrollers from Texas Instruments built around one or more ARM Cortex cores. This "Hercules safety microcontroller platform" includes series microcontrollers specifically targeted for Functional Safety applications, through such hardware-base fault correction/detection features as dual cores that can run in lock-step, full path ECC, automated self testing of memory and logic, peripheral redundancy, and monitor/checker cores.
Cantata++, or simply Cantata in newer versions, is a commercial computer program for dynamic testing, specifically unit testing and integration testing, and code coverage at run time of C and C++ programs. It is developed and sold by QA Systems, and was formerly a product of IPL Information Processing Ltd.
CodeSonar is a static code analysis tool from GrammaTech. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.