1、_ SAE Technical Standards Board Rules provide that: “This report is published by SAE to advance the state of technical and engineering sciences. The use of this report is entirely voluntary, and its applicability and suitability for any particular use, including any patent infringement arising there
2、from, is the sole responsibility of the user.” SAE reviews each technical report at least every five years at which time it may be reaffirmed, revised, or cancelled. SAE invites your written comments and suggestions. Copyright 2011 SAE International All rights reserved. No part of this publication m
3、ay be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of SAE. TO PLACE A DOCUMENT ORDER: Tel: 877-606-7323 (inside USA and Canada) Tel: +1 724-776-4970 (outside U
4、SA) Fax: 724-776-0790 Email: CustomerServicesae.org SAE WEB ADDRESS: http:/www.sae.org SAE values your input. To provide feedback on this Technical Report, please visit http:/www.sae.org/technical/standards/AS6003 AEROSPACE STANDARD AS6003 Issued 2011-02 TTP Communication Protocol RATIONALE TTP is u
5、sed in a variety of aerospace applications (for example, Boeing 787 power generation systems and environmental controls, cabin pressure systems for Airbus A380, Aermacchi M-346 FADEC) and continues to attract significant cross-industry attention for commercial and defense applications. The SAE stand
6、ardization of TTP: acts as an integration risk reduction mechanism ensures compatible physical implementations enables common test/maintenance equipment leverages industry investments ensures openness and enables multiple component and tool suppliers and therefore reduces the overall cost and risk o
7、f applying this technology. The SAE standardization based on TTP specification protects long-term system design investments, enables development of the COTS ecosystem, and minimizes sourcing risks for OEMs, integrators and system suppliers. INTRODUCTION The Time-Triggered Protocol (TTP) is a real-ti
8、me communication protocol for the interconnection of electronic modules of distributed fault-tolerant real-time systems. TTP is a core technology for fault-tolerant distributed embedded computing and enables design of deterministic embedded computing platforms for critical systems. As such, it conta
9、ins communication protocol capability for data exchange among nodes, but also provides higher level services for design of reusable generic platforms with robust partitioning among functions. This document specifies the structure of the TTP protocol, services and mechanisms on an abstract level with
10、out implementation-specific details. TTPs features support the design of systems with a high degree of dependability, safety, availability, reliability, maintainability, and reduced system complexity. Some methods contained in the document are protected by granted and pending patents, and underlie S
11、AE standard IP policy. SAE AS6003 Page 2 of 56 TABLE OF CONTENTS 1. SCOPE 4 1.1 Purpose . 4 1.2 Application . 4 1.3 Interpretation . 4 2. REFERENCES 4 2.1 SAE Publications . 4 2.2 Other Publications . 5 2.3 Structure of the Document 5 2.4 Typographic Conventions . 5 3. OVERVIEW OF A TTP-BASED SYSTEM
12、 6 3.1 Structure of a TTP Network 6 3.2 Structure of an Electronic Module (Node) . 6 3.2.1 Communication Layer . 7 3.2.1.1 Central Characteristics of the Time-Triggered Protocol . 7 3.2.1.1.1 Protocol Services 7 3.2.1.1.2 Autonomous Operation of the TTP Controller 8 3.2.1.1.3 Global Time Base 8 3.2.
13、1.1.4 TDMA Bus Access 8 3.2.1.1.5 Configuration Data 9 3.2.1.2 Overview of the Host Interface 9 3.2.1.3 Overview of the Physical Layer Interface . 9 3.2.2 Application Layer - Time-Triggered Architecture 9 3.2.2.1 Application Layer Synchronous to Communication Layer 9 3.2.2.2 Application Layer Asynch
14、ronous to Communication Layer 9 4. HOST INTERFACE . 10 5. DATA LINK LAYER . 11 5.1 TDMA Scheme 11 5.2 TTP Frame Layout 12 5.2.1 Frame Header . 12 5.2.1.1 Frame Type . 13 5.2.1.2 Mode Change Request . 13 5.2.2 C-State 13 5.2.3 Frame CRC . 14 5.3 Frame Types . 15 5.3.1 N-Frame 15 5.3.2 I-Frame 16 5.3.
15、3 Cold Start Frame . 17 5.3.4 X-Frame 17 5.4 Frame Status . 18 5.4.1 Null-Frame Reception Status 20 5.4.2 Valid Frame Reception Status 20 5.4.3 Invalid Frame Reception Status 20 5.4.4 Incorrect Frame Reception Status 20 5.4.5 Tentative Frame Reception Status . 20 5.4.6 Correct Frame Reception Status
16、 20 5.4.7 Cluster Mode Violation 20 5.4.8 Slot Status . 20 6. PHYSICAL LAYER INTERFACE . 21 SAE AS6003 Page 3 of 56 7. FAULT-TOLERANT DISTRIBUTED CLOCK IN TTP . 22 7.1 Timing Parameters 22 7.1.1 Microtick 23 7.1.2 Macrotick . 23 7.1.3 Precision . 23 7.2 Synchronization . 24 7.2.1 Action Time and Exc
17、hange of Timing Information in a TTP Network . 24 7.2.2 Calculation of the Correction Term . 26 7.2.3 Correcting the Local Clock 27 8. PROTOCOL SERVICES . 28 8.1 Startup . 28 8.1.1 Integration . 28 8.1.2 Cold-start . 29 8.1.2.1 Timeouts . 30 8.1.2.1.1 Startup Timeout . 30 8.1.2.1.2 Listen Timeout .
18、30 8.1.2.1.3 Cold Start Timeout 30 8.1.2.2 Big Bang 31 8.2 Membership 32 8.2.1 Membership Vector . 33 8.2.2 Multiplexed Slots . 33 8.3 Acknowledgment . 34 8.3.1 Acknowledgement Algorithm 34 8.3.2 Acknowledgement Algorithm State 1 . 34 8.3.3 Acknowledgement Algorithm State 2 . 35 8.3.4 Sequence of Ch
19、ecks . 36 8.4 Clique Detection 37 8.4.1 Clique Error . 37 8.4.2 Communication System Blackout . 37 8.5 Host/Controller Life-sign . 37 8.6 Cluster Modes . 38 8.6.1 Distribution Phase . 38 8.6.2 Acceptance Phase 38 8.6.3 Execution Phase . 39 9. PROTOCOL STATES . 39 9.1 Protocol States and State Transi
20、tions 39 9.1.1 TTP Controller Protocol State Overview 39 9.1.2 TTP controller Protocol State Transitions 40 9.2 Operation in TTP Protocol States . 42 9.2.1 Protocol Variables . 42 9.2.2 Freeze State 43 9.2.3 Init State 44 9.2.4 Listen State . 44 9.2.5 Cold Start State . 46 9.2.6 Active and Passive S
21、tate 47 9.2.6.1 Pre-send Phase 47 9.2.6.2 Transmission Phase . 50 9.2.6.3 Post-receive Phase . 50 9.2.6.4 Idle Phase . 51 APPENDIX A GLOSSARY ACRONYMS 52 APPENDIX B COMPATIBILITY REQUIREMENTS FOR EXISTING TTP CONTROLLER IMPLEMENTATION 53 SAE AS6003 Page 4 of 56 1. SCOPE This SAE Aerospace Standard (
22、AS) establishes the specification for TTP communication protocol functionality as a core networking component for design of synchronous, time-triggered distributed real-time communication networks. This document is referred to as the “base” specification, containing the generic specification of TTP
23、communication protocol functionality, and frame formats, communication services and protocol state machines with transitions, TTP node operation, TTP network operation, distributed clock synchronization and error detection on the network layer. The details described in this standard enable interoper
24、able TTP controller implementations. 1.1 Purpose The purpose of this document is to standardize mechanisms and operation of the TTP protocol for safety-critical and mission-critical applications. The information herein will be used to assist in the design, fabrication, system integration, and obsole
25、scence management of TTP-based systems. This document is controlled and maintained by the SAE AS-2 committee with technical support from TTA-Group members and TTP users. 1.2 Application TTP is well-suited for the design of deterministic system architectures with hard real-time behavior in safety and
26、 mission-critical applications. The application of TTP as a fieldbus is viable for fault-tolerant distributed systems, deterministic networks, and distributed control system platforms (e.g., flight controls, by-wire steering, environmental controls, smart sensor/actuator networks, distributed power
27、generation, or landing gear). TTP supports design of time-triggered architectures and reusable generic platforms compliant with RTCA DO-297. TTP can also be used for backplane communication and design of modular aerospace system controls. 1.3 Interpretation The following interpretations shall be pla
28、ced upon these words, unless stated otherwise, where they are used in this document. May: An allowed action. Shall: A mandatory requirement. Should: A recommended action. Will: A declaration of intent. 2. REFERENCES The following publications form a part of this document to the extent specified here
29、in. The latest issue of SAE publications shall apply. The applicable issue of other publications shall be the issue in effect on the date of the purchase order. In the event of conflict between the text of this document and references cited herein, the text of this document takes precedence. Nothing
30、 in this document, however, supersedes applicable laws and regulations unless a specific exemption has been obtained. 2.1 SAE Publications Available from SAE International, 400 Commonwealth Drive, Warrendale, PA 15096-0001, Tel: 877-606-7323 (inside USA and Canada) or 724-776-4970 (outside USA), www
31、.sae.org. 940140 Fault Management in the Time Triggered Protocol (TTP) SAE AS6003 Page 5 of 56 2.2 Other Publications Kop87 H. Kopetz and W. Ochsenreiter. Clock Synchronization in Distributed Real-Time Systems. IEEE Transactions on Computers, 36(8):933940, Aug. 1987. Pal97 R. Pallierer and T. M. Gal
32、la. Multiplexed SRUs in TTP Concepts and Approaches. Research Report 19/97, Institut fur Technische Informatik, Technische UniversittWien, Vienna, Austria, October 1997. Confidential. Pfe99 Holger Pfeifer, Detlef Schwier, and Friedrich W. Von Henke. Formal Verification for Time-Triggered Clock Synch
33、ronization. In Charles B. Weinstock and John Rushby (eds.), Editors, Dependable Computing for Critical Applications 7, volume 12 of Dependable Computing and Fault-Tolerant Systems, pages 207226. IEEE Computer Society, January 1999. Pfe00 Holger Pfeifer. Formal Verification of the TTP Group Membershi
34、p Algorithm. In Tommaso Bolognesi and Diego Latella, Editors, Formal Methods for Distributed System Development Proceedings of FORTE XIII / PSTV XX 2000, pages 3-18, Pisa, Italy, October 2000. Kluwer Academic Publishers. 2.3 Structure of the Document This specification document is self-contained and
35、 gives a bottom-up approach to the functionality of the TTP protocol. It is divided into the following chapters: Chapter 3 provides an overview of the TTP network architecture. Chapter 4 defines the minimum characteristics and requirements for the host interface. Chapter 5 describes and defines the
36、requirements on Data Link Layer level for the frame formats and the bus access scheme. Chapter 6 defines the minimum characteristics and requirements for the Physical Layer. Chapter 7 describes the timing and synchronization algorithm used by TTP. Chapter 8 describes and defines the mechanisms for t
37、he protocol service layer. Chapter 9 defines the operation of the TTP controller in the context of the TTP state machine model. 2.4 Typographic Conventions The typographic conventions for this documentation are as follows: Element Typographic format Protocol variables / text emphasis lower case ital
38、ic Protocol states Upper case italic Header within a section bold SAE AS6003 Page 6 of 56 3. OVERVIEW OF A TTP-BASED SYSTEM The TTP controller is the core component of the time-triggered architecture, the conceptual time-triggered-based system design approach. This section describes general aspects
39、of TTP-based network design, as well as system design aspects of an electronic module or node. 3.1 Structure of a TTP Network A TTP-based communication network (TTP network) consists of a set of electronic modules that are typically connected by dual channels channel 0 and channel 1 which comprise a
40、 TTP-bus. A TTP network as shown in Figure 1 is called a cluster. The basic building block of a cluster is the electronic module (node). Depending on the system architecture and depending on the system requirements, e.g. with respect to fault tolerance, communication between nodes can be established
41、 on a single channel (channel 0 or channel 1) or redundant channels (channel 0 and channel 1) basis. FIGURE 1 - TYPICAL TTP NETWORK 3.2 Structure of an Electronic Module (Node) An electronic module has the general structure shown in Figure 2. A node comprises of a host (typically a CPU executing an
42、operating system which manages the application software, with memory and the access to the I/O subsystem, or an FPGA) and a TTP controller. SAE AS6003 Page 7 of 56 FIGURE 2 - STRUCTURE OF A TTP NODE A TTP controller shall process the execution of the protocol services based on a statically defined s
43、et of communication requirements (shown as configuration data in Figure 2). Furthermore the Protocol Processor shall use a well-defined interface to the host and to the TTP bus to provide reliable operation of the services defined by the TTP (Protocol services). From an abstract perspective, each no
44、de consists of two layers the communication layer, which shall ensure reliable time-triggered communication, and the host layer, which provides/consumes application data to/from the communication layer. The host and the communication layer shall run as autonomous subsystems on a node, but depending
45、on the chosen system design approach, both subsystems shall be able to run in a synchronous or asynchronous manner to each other. 3.2.1 Communication Layer The time-triggered protocol defines all the processes in the communication layer. The central characteristics of the time-triggered protocol are
46、 the interfaces of the communication layer, which are described in the next section. 3.2.1.1 Central Characteristics of the Time-Triggered Protocol 3.2.1.1.1 Protocol Services The protocol services are needed to reliably perform and to control the exchange of data between the nodes in a cluster. The
47、 protocol services can be divided into the following main categories: Communication services shall guarantee reliable data transmission, the startup of a cluster, the reintegration of nodes, the acknowledgment, fault-tolerant clock synchronization and handling of cluster mode changes. Safety service
48、s shall support error detection including node membership, the clique detection algorithm and Host/Controller life-sign service. The protocol services are defined in Chapter 8. SAE AS6003 Page 8 of 56 3.2.1.1.2 Autonomous Operation of the TTP Controller The TTP controller shall function as an autono
49、mous subsystem. That means that the operations that the TTP controller is able to perform at any given time are defined by the state machine model in chapter 9. But the TTP controller requires a running host for operation and some initialization data and control data as required to perform the individual TTP services (Chapter 8). 3.2.1.1.3 Global Time Base A TTP Controller shall pr
