; Hand this in to: ece849-staff+hw@ece.cmu.edu ;Required Readings @inproceedings{kopetz85_mars, author = "Kopetz, H. and Merker, W.", title = "The Architecture of MARS", booktitle = "FTCS 1985", year = "1985", abstract = "MARS (MAintainable Real time System) is a distributed fault tolerant system for real time applicatoins. The architecture consists of a set of selfchecking components which communicate by the exchange of state and event messages with an infromation validity time. All components of Mars have access to an approcimate global time which is realized by a fault tolerant clock synchronizatoin algorithm. This paper describes the architecture, the interporcess communication and the fault tolerance aspects of Mars. The final sectoin reports about the experiences gainted from a prototype implementation.", url = "http://ieeexplore-beta.ieee.org//iel3/3846/11214/00532611.pdf", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @article{kopetz94_ttp, author = "Kopetz, H. and Grunsteidl, G.", title = "TTP-a protocol for fault-tolerant real-time systems", journal = "IEEE Computer", year = "1994", volume = "27", number = "1", abstract = "The Time-Triggered Protocol integrates such services as predictable message transmission, clock synchronization, membership, mode change, and blackout handling. It also supports replicated nodes and replicated communication channels. The authors describe their architectural assumptions, fault hypothesis, and objectives for the TTP protocol. After they elaborate on its rationale, they give a detailed protocol description. They also discuss TTP characteristics and compare its performance with that of other protocols proposed for control applications", url = "http://dx.doi.org/10.1109/2.248873", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @inproceedings{kopetz03, author = "Hermann Kopetz and Günther Bauer ", title = "The Time-Triggered Architecture,", booktitle = "Proceedings of the IEEE", volume = "91", number = "1", month = "Jan.", pages = "112--126", year = "2003", abstract = "The time-triggered architecture (TTA) provides a computing infrastructure for the design and implementation of dependable distributed embedded systems. A large real-time application is decomposed into nearly autonomous clusters and nodes, and a fault-tolerant global time base of known precision is generated at every node. In the TTA, this global time is used to precisely specify the interfaces among the nodes, to simplify the communication and agreement protocols, to perform prompt error detection, and to guarantee the timeliness of real-time applications. The TTA supports a two-phased design methodology, architecture design, and component design. During the architecture design phase, the interactions among the distributed components and the interfaces of the components are fully specified in the value domain and in the temporal domain. In the succeeding component implementation phase, the components are built, taking these interface specifications as constraints. This two-phased design methodology is a prerequisite for the composability of applications implemented in the TTA and for the reuse of prevalidated components within the TTA. This paper presents the architecture model of the TTA, explains the design rationale, discusses the time-triggered communication protocols TTP/C and TTP/A, and illustrates how transparent fault tolerance can be implemented in the TTA.", url = "http://dx.doi.org/10.1109/JPROC.2002.805821", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } ;Supplemental Readings @article{Maier02, author = "Maier, R. ; Bauer, G. ; Stoger, G. ; Poledna, S.", title = "Time-triggered architecture: a consistent computing platform", journal = "IEEE Micro 22,", year = "2002", pages = "36-45", number = "4", abstract = "The time-triggered architecture provides a consistent computing platform for large complex applications and safety-relevant systems. TTA is already in use in railway systems, and the aerospace and automotive industries are beginning to adopt it, with first products making their way into the field", url = "http://ieeexplore.ieee.org/iel5/40/22099/01028474.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @article{Poledna00, author = "Poledna, S. ; Burns, A. ; Wellings, A. ; Barrett, P.", title = "Replica determinism and flexible scheduling in hard real-time dependable systems", journal = "IEEE Transactions on Computers 49,", year = "2000", pages = "100-11", number = "2", abstract = "Fault-tolerant real-time systems are typically based on active replication where replicated entities are required to deliver their outputs in an identical order within a given time interval. Distributed scheduling of replicated tasks, however, violates this requirement if on-line scheduling, preemptive scheduling, or scheduling of dissimilar replicated task sets is employed. This problem of inconsistent task outputs has been solved previously by coordinating the decisions of the local schedulers such that replicated tasks are executed in an identical order. Global coordination results either in an extremely high communication effort to agree on each schedule decision or in an overly restrictive execution model where on-line scheduling, arbitrary preemptions, and nonidentically replicated task sets are not allowed. To overcome these restrictions, a new method, called timed messages, is introduced. Timed messages guarantee deterministic operation by presenting consistent message versions to the replicated tasks. This approach is based on simulated common knowledge and a sparse time base. Timed messages are very effective since they neither require communication between the local scheduler nor do they restrict usage of on-line flexible scheduling, preemptions and nonidentically replicated task sets", url = "http://ieeexplore.ieee.org/iel5/12/18035/00833107.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @article{Kopetz89, author = "Kopetz, H. ; Damm, A. ; Koza, C. ; Mulazzani, M. ; Schwabl, W. ; Senft, C. ; Zainlinger, R.", title = "Distributed fault-tolerant real-time systems: the Mars approach", journal = "IEEE Micro 9,", year = "1989", pages = "25-40", number = "1", abstract = "The authors describe the Maintainable Real-Time System, a fault-tolerant distributed system for process control, developed under the Mars project started in 1980 at the Technische Universitat Berlin. They explore the characteristics of distributed real-time systems and then present the Mars approach to real-time process control, its architectural design and implementation, and one of its applications. The authors focus on the maintainability of the Mars architecture, describe the Mars operating system, and discuss timing analysis. The control of a rolling mill that produces metal plates and bars is examined", url = "http://ieeexplore.ieee.org/iel1/40/609/00016792.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", }