A model for fault-tolerant networked control system using TTP/C communication

Safety-critical aerospace functions are generally required to have failure rates less than 10(-9) per hour [4], and an architecture that is going to support several such functions is required to have failure rates less than 10(-10) per hour. Though the requirement for an individual automobile may be more relaxed, similar requirements apply for automobiles in general [10] because of their large number compared to aircraft. Consumer-grade electronics have failure rates orders of magnitude worse than this. Hence, redundancy to improve failure rates and fault tolerance to prevent faults from propagating, both are essential elements of a safety critical networked control system (NCS). TTP/C is a member of the TTP (time-triggered protocol) family that satisfies SAE Class C requirements for hard real-time fault-tolerant communication. A model is presented for a fault-tolerant NCS using TTP/C communication. Appropriate features of TTP/C are incorporated in the model.