{"title":"容错时间触发通信中的启动问题","authors":"W. Steiner, H. Kopetz","doi":"10.1109/DSN.2006.69","DOIUrl":null,"url":null,"abstract":"Fault-tolerant time-triggered communication relies on the synchronization of local clocks. The startup problem is the problem of reaching a sufficient degree of synchronization after power-on of the system. The complexity of this problem naturally depends on the system assumptions. The system assumptions in this paper were compiled from cooperation with partners in the automotive and aeronautic industry. We present a general startup strategy for safety-critical systems that discusses the solution to the startup problem from an abstract point of view. From this abstract view we derive and analyze a new startup algorithm that is used in a TTP/C research derivative protocol (LTTP). We also analyze the FlexRay startup algorithm and discuss its behavior in presence of simple failures. The analyses were done by exhaustive fault simulation using the SAL model checker. While LTTP was found to tolerate the arbitrary failure of one node, the FlexRay startup shows to be vulnerable to simple failure modes","PeriodicalId":228470,"journal":{"name":"International Conference on Dependable Systems and Networks (DSN'06)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":"{\"title\":\"The Startup Problem in Fault-Tolerant Time-Triggered Communication\",\"authors\":\"W. Steiner, H. Kopetz\",\"doi\":\"10.1109/DSN.2006.69\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Fault-tolerant time-triggered communication relies on the synchronization of local clocks. The startup problem is the problem of reaching a sufficient degree of synchronization after power-on of the system. The complexity of this problem naturally depends on the system assumptions. The system assumptions in this paper were compiled from cooperation with partners in the automotive and aeronautic industry. We present a general startup strategy for safety-critical systems that discusses the solution to the startup problem from an abstract point of view. From this abstract view we derive and analyze a new startup algorithm that is used in a TTP/C research derivative protocol (LTTP). We also analyze the FlexRay startup algorithm and discuss its behavior in presence of simple failures. The analyses were done by exhaustive fault simulation using the SAL model checker. While LTTP was found to tolerate the arbitrary failure of one node, the FlexRay startup shows to be vulnerable to simple failure modes\",\"PeriodicalId\":228470,\"journal\":{\"name\":\"International Conference on Dependable Systems and Networks (DSN'06)\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-06-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"27\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Dependable Systems and Networks (DSN'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSN.2006.69\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Dependable Systems and Networks (DSN'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2006.69","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Startup Problem in Fault-Tolerant Time-Triggered Communication
Fault-tolerant time-triggered communication relies on the synchronization of local clocks. The startup problem is the problem of reaching a sufficient degree of synchronization after power-on of the system. The complexity of this problem naturally depends on the system assumptions. The system assumptions in this paper were compiled from cooperation with partners in the automotive and aeronautic industry. We present a general startup strategy for safety-critical systems that discusses the solution to the startup problem from an abstract point of view. From this abstract view we derive and analyze a new startup algorithm that is used in a TTP/C research derivative protocol (LTTP). We also analyze the FlexRay startup algorithm and discuss its behavior in presence of simple failures. The analyses were done by exhaustive fault simulation using the SAL model checker. While LTTP was found to tolerate the arbitrary failure of one node, the FlexRay startup shows to be vulnerable to simple failure modes
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
