Failure Annotations - Communication buses
The communication buses are considered to only have internal failures of the omission type due to the TTP/C proprieties: in the presence of other types of faults, such as a value failure caused by EMI interference, a Cyclic Redundancy Check (CRC) mechanism is responsible for discarding the message at the receiving unit, assuring fail-silent behavior. In this way the failure can be classified as of the omission type. Omission of the output of each bus can also be caused by the omission of its two inputs.
Considering the scenario where the electronic pedal produces value deviated outputs, again the behavior of components within TTP/C architectures must be kept in mind: components are expected to deliver correct information or no information at all. Therefore, if a value failure signal is inputted to the bus, the deviation will be propagated. However, as the pedal unit includes two communications controllers, it can be considered that the buses' outputs will only have a value deviation if:
- the output of the leading controller is value deviated OR
- the output of the leading controller has an omission deviation and the replica controller outputs a value deviated signal.
Leading controller refers to the element whose information is considered first in the receiving unit. The replica controller information is used when a failure (no information) is detected in the leading element.
|Omission-Out1||OmissionFailure1 OR Omission-In1 AND Omission-In2|
|Value-Out2||Omission-In1 AND Value-In2 OR Value-In1|