A model for fault-tolerant networked control system using TTP/C communication

Safety-critical aerospace functions are generally required to have failure rates less than 10^-9 per hour (FAA, 1988) and an architecture that supports several such functions is required to have failure rates less than 10^-10 per hour. Although the requirement for an individual automobile may be more relaxed, similar requirements apply for automobiles in general (Rushby, 2001), because of their large number as compared to aircraft. Consumer-grade electronics have failure rates that are orders of magnitude worse than this. Hence, redundancy to improve failure rates and fault tolerance to prevent faults from propagating both are essential elements of a safety critical networked control system (NCS). TTP/C is a member of the time-triggered protocol (TTP) family that satisfies Society of Automotive Engineers Class C requirements for hard real-time fault-tolerant communication. A model is presented for a fault-tolerant NCS using TTP/C communication. Appropriate features of TTP/C are incorporated in the model. A simulation is presented for the electric power steering node with switching controller, which makes the node tolerant to the parameter faults column.