Time-Triggered Protocol
From Wikipedia, the free encyclopedia
The Time-Triggered Protocol (TTP) is a convention used to facilitate fault tolerant communications between distributed real-time computing platforms (Kopetz & Grunsteidl 1993). TTP is used in hard real-time, high-speed, safety critical applications.
TTP is based on more than 25 years of development work. During that time a great number of patents were filed and the protocol was stabilized. All those activities resulted in the bringing of the first TTP communication controller onto the market in 1998.
TTP involves a continuous communication of all connected nodes via redundant data buses at predefined intervals. The communication scheme uses a TDMA (Time Division Multiple Access) half-duplex access, where all nodes share a common time-base. There are no collisions or overloads.
Additional nodes can be added later as long as there are free time-slots. Those added nodes do not interfere with the existing communication scheme, so there is a high composability.
The clock synchronisation is computed (masterless) from the measured time-differences of arriving frames exploiting a fault-tolerant-mean algorithm. The expected times of sending and receiving are defined in an MEDL (Message Descriptor List) which is known to all communication controllers. The nodes are synchronized up to a configurable precision.
Due to clock synchronization a global time-base is established, that can be used by the application. Latencies are known at design-time, which eases the design of a realtime system.
The protocol has been designed specifically for safety critical systems. There is a published fault hypothesis that guarantees to tolerate one arbitrary fault. A never-give-up strategy may allow multiple faults. Formal methods have been applied to assure the basic mechanisms. Fault containments are the chip-hardware, the dual bus, the frame (CRC) and the membership service.
Membership service: each controller maintains a list of "healthy" nodes (the 64 bit membership vector). This information is exchanged between all nodes either implicitly within the CRC or explicitly over the bus. A clique-avoidance algorithm sorts out the healthy majority of nodes and the minority clique is forced into a passive mode (fail-silent). Therefore each sending node is informed that its frame has been consistently received by all healthy nodes (consistency service) within two TDMA cycles.
A bus guardian is used to avoid babbling idiots (faulty, continuously sending nodes).
The protocol is defined independent of a physical layer. Current implementation supports 5Mb/s using RS-485 and 25Mb/s using Ethernet physical layer. Cable length of up to 1km are possible.
A TTP-frame consists of a 4 bit header, an optional C-state, up to 240 bytes of payload and a 24 bit CRC (Cyclic Redundancy Check). The C-state informs other controllers about the (node local view) of the network cluster (e.g. membership vector). It is used for consistency check and to help integrating nodes.
The communication between the communication controller and the host is facilitated by a dual-ported-ram-like interface with life-sign mechanism.
The C2NF-chip of TTTech implements, additionally to the TTP-protocol, a configurable "remote pin voting": voting nodes control a node by sending periodic voting bits. If this node is not acknowledged, the C2NF pulls a pin that can be used for corrective action (e.g. node restart).
Chip IP and design tools are available from TTTech.
TTP is used in a variety of commercial production projects. Honeywell deploys the protocol for jet engine control systems in the Lockheed Martin F-16 and the Aermacchi M-346 fighter trainer as well as for a fly-by-wire cockpit. TTP chips from TTTech are used in Nord-Micro's cabin pressure control system on the Airbus A380 mega-airliner. Hamilton Sundstrand has selected a TTP-based data communication platform for use in electric and environmental control systems on the Boeing 787 Dreamliner. Since 2002 Alcatel has been deploying TTP as field bus protocol in the railway signaling system ELEKTRA 2.
[edit] See also
[edit] References
Kopetz, Herman & Grunsteidl, Gunter (1993-06-22 - 1993-06-24), “TTP - A time-triggered protocol for fault-tolerant real-timesystems”, Fault-Tolerant Computing, 1993. FTCS-23. Digest of Papers., The Twenty-Third International Symposium on, Toulouse, France: IEEE, pp. 524-533, 0-8186-3680-7, DOI 10.1109/FTCS.1993.627355
