The fault hypothesis for the time-triggered architecture

Abstract

A precise fault-hypothesis is essential for the design and validation of a safety-critical computer system. The fault-hypothesis must specify the fault-containment regions (FCRs), the assumed failure modes of the FCRs with their respective failure frequencies, the error detection latency and the time-interval that is required in order that an FCR can repair the state corruption that has occurred as a consequence of a transient fault. After a general discussion of the detailed contents of the fault-hypothesis document, this paper presents the fault-hypothesis that has formed the basis for the design of the time-triggered architecture. The time-triggered architecture is a distributed architecture that has been developed for the control of safety-critical embedded applications. © 2004 Springer Science + Business Media, Inc.