Image Processing Reference
In-Depth Information
14.5.1.1 Clock Synchronization
TTP/C provides fault-tolerant clock synchronization via the Fault-Tolerant Average clock synchro-
nization algorithm [LL]. The clock synchronization algorithm of the TTA has been formally
verified in Ref. [PSF]. It differs from other algorithms by the fact that no special synchroniza-
tion messages are used for the exchange of the local clock values of nodes. The difference between
the expected and the actual arrival time of an incoming message is used to estimate the deviation
between the local clock of the receiver and the sender. Furthermore, TTP/C provides support to col-
lect timing information only from selected nodes, thereby nodes with inferior oscillators can be left
out as inputs for clock synchronization.
14.5.1.2 Periodic Exchange of State Messages
TTP/C distinguishes between two types of messages, namely, initialization frames (i-frames) and
normal frames (n-frames). i-Frames carry the part of the controller state, which is required for the
startup and the reintegration of nodes. This subset of the controller state is denoted as c-state and
includes the current position in the communication schedule, the global time, and the membership
vector. N-frames are used during normal operation and carry application data. Both i- and n-frames
are protected by cyclic redundancy code (CRC) checks. In n-frames, CRC checking is also used for
enforcing agreement on the controller states. he sender calculates the CRC of an n-frame over the
message contents and the c-state of the sender. At the receiver, the CRC of an n-frame is calculated
over the received message contents and the c-state of the receiver. Consequently, different c-states at
the receiver and the sender will produce a negative result of the CRC check and result in a message
omission failure.
14.5.1.3 Fault Isolation Mechanisms
Fault containment in TTP/C is achieved by proper architectural design decisions concerning resource
sharing to limit the impact of a single fault to a single FCR [Kop]. The fault hypothesis of
TTP/C [Kop] regards a complete node computer as an FCR because of the shared hardware
resources. The shared resources of a node computer include the computing hardware, the power
supply, the timing source, or the physical space. Consequently, there is a nonnegligible probability
that a fault in any one of these resources will affect the entire node computers.
Based on the fault containment, TTP/C prevents timing-error propagation out of an FCR
through guardians (e.g., using an intelligent star coupler [KBP]). Error containment for value-
failure is performed at the application level on top of the TTP/C communication protocol, e.g.,
using TMR.
14.5.1.4 Diagnostic Services
In addition, TTP/C includes a membership service. The membership service provides nodes with
consistentinformationabouttheoperationalstateofeverynodeinthecluster.Incasemultiplecliques
with different membership views form, clique avoidance ensures that the minority cliques leave the
membership [BP].
14.5.1.5 Commercial or Prototypical Components
TTP/C-based products are available from the company TTTech Computertechnik AG http://
www.tttech.com/. For example, the “TTP Powernode” [TTTa] is equipped with a Motorola
embedded Power PC processor (MPC Black Oak) and the TTP-C controller ASNF.
Through its on-chip FPU, this host CPU is suited for simulation purposes and code generated
from Matlab/Simulink. The TTP Powernode is flexible and provides interfaces to a -channel
