Talks and Poster Presentations (with Proceedings-Entry):
H. Paulitsch, R. Obermaisser, C. El Salloum, B. Huber, H. Kopetz:
"A Diagnostic Unit for the time-triggered System-on-a-Chip architecture";
Poster: Design, Automation and Test in Europe Conference (DATE'07),
Nice, France;
2007-04-16
- 2007-04-20; in: "Workshop Digest, Diagnostic Services in Network-on-Chips",
DATE'07,
(2007),
Paper ID ? (Seite 387f),
2 pages.
English abstract:
The time-triggered System-on-a-Chip (SoC) architecture is developed to provide a composable and dependable cross-domain, multi-core platform for gigascale SoCs. It supports the integration of multiple application subsystems of different criticality within a single hardware platform. The SoC architecture divides the chip into physically separated cores. The application subsystems are mapped onto the cores. The cores co-operate exclusively via exchange of messages on a time-triggered Network-on-Chip (NoC). On each core a Trusted Interface Subsystem (TISS) guards the access of the core to the time-triggered NoC. The NoC can online be reconfigured via the Resource Management Authority (RMA). The Trusted Network Authority (TNA) guards the reconfiguration activities of the RMA. The TISSs of all cores, the NoC and the Trusted Network Authority (TNA) form the Trusted Subsystem, which is assumed to be free of design faults. The Trusted Subsystem must be made as simple as possible to facilitate formal analysis in order to justify the strong assumption to be free of design faults. Diagnosis is often treated as add-on to communication, rather than an integral part of the architecture, which results in diagnostic insufficiencies [5]. In the TT SoC architecture diagnosis is an integral part. A dedicated component, the Diagnostic Unit (DU), collects and analyses system-level and application-specific information relevant for maintenance with the ultimate goal to perform or instruct the correct maintenance action (e.g., software update, SoC replacement). Systemlevel information is provided by the TISS, which informs the DU upon core crash failures (noticed via watchdog expiration) and input/ouput queue overflows. Moreover, the DU monitors all messages on the NoC.