[Back]

R. Obermaisser, H. Kopetz, C. El Salloum, B. Huber:
"Error Containment in the Time-Triggered System-On-a-Chip Architecture";
Talk: International Embedded Systems Symposiom (IESS'07), Irvine, Orange County, in Southern California (USA); 2007-05-30 - 2007-06-01; in: "Embedded System Design: Topics, Techniques and Trends", Springer Boston, Volume 231/2007 (2007), ISBN: 978-0-387-72257-3; 339 - 352.

The time-triggered System-on-a-Chip (SoC) architecture provides a generic multi-
core system platform for a family of composable and dependable giga-scale SoCs. It
supports the integration of multiple application subsystems of different criticality
levels within a single hardware platform. A pivotal property of the architecture is
the integrated error containment, which facilitates modular certification, robustness,
and composability. By dividing the complete SoC into physically separated
components that interact exclusively by the timely exchange of messages on a time-
triggered Network-on-a-Chip (NoC), we achieve error containment for both
computational and communication resources. The time-triggered design allows
protecting the access to the NoC with guardians that are associated with each
component. Based on the protection of the time-triggered NoC with inherent
predictability and determinism, the architecture also enables error containment for
faulty computational results. These value message failures can be masked using
active redundancy (e.g., off-chip and on-chip Triple Modular Redundancy (TMR))
or detected using diagnostic assertions on messages. The design of the error
containment mechanisms systematically follows a categorization of significant fault
classes that an SoC is subject to (e.g., physical/design, transient/permanent).
Evidence for the effectiveness of the error containment mechanisms is available
through experimental data from a prototype implementation.

http://dx.doi.org/10.1007/978-0-387-72258-0_29