The Time-Triggered System-on-a-Chip Architecture
Roman Obermaisser, Christian El Salloum, Bernhard Huber, Hermann Kopetz
Real-Time Systems Group
Vienna University of Technology, Austria
Abstract—It is the objective of the presented System-on-a-Chip
(SoC) architecture to provide a predictable integrated execution
environment for the component-based design of many different
types of embedded applications (e.g., automotive, avionics, con-
sumer electronics). At the core of this architecture is a time-
triggered network-on-a-chip for the predictable interconnection
of heterogeneous components. A component can be a self-
contained computer, including system and application software,
an FPGA, or a custom hardware unit. By providing a single
uniform interface to all types of components for the exchange of
messages, the architecture supports the component-based design
of large applications and enables the massive reuse of compo-
nents. The time-triggered network-on-a-chip offers inherent fault
isolation to facilitate the seamless integration of independently
developed components, possibly with different criticality levels.
Furthermore, mechanisms for integrated resource management
support dynamically changing resource requirements (e.g., dif-
ferent operational modes of an application), fault-tolerance, a
power-aware system behavior, and the implementation of fault-
handling by reconfiguration.
During the past forty years, the semiconductor industry has
developed chips of breathtaking complexity, increasing the
number of transistors per chip to close to a billion. Fueled by
these spectacular improvements in the functionality of chips
and the cost-reduction of semiconductor devices, the field of
embedded computing has grown to become the most important
segment of the computer industry. However, the management
of the increasing complexity is becoming a key challenge in
the domain of embedded systems. The 2005 semiconductor
industry roadmap  considers system design complexity and
designer’s productivity as key challenges on the way to giga-
scale SoCs. This challenge can only be tackled if we lift the
design process to a higher level of abstraction.
Also, it is amazing that the basic computational model has
not changed significantly over the past forty years. According
to Pollack’s rule , the increase in performance of a sequen-
tial computer is only about the square root of the increase in
the number of devices, which implies that doubling the tran-
sistor count will lead to a performance improvement of about
40%. Fortunately, the inherent concurrencyin a typical embed-
ded application (e.g., automotive electronics, avionics) offers
the potential to circumvent Pollack’s rule. If an application
can be partitioned into a set of nearly autonomous concurrent
functions, then a nearly linear performance improvement could
be achieved by assigning a dedicated processing element to
each of these concurrent functions. This architectural approach
is followed in a number of embedded SoCs: to partition the
SoC into a set of nearly autonomous possibly heterogeneous
Intellectual Property (IP)-blocks or micro components that
interact via an appropriate Network-on-a-Chip (NoC) .
It is the purpose of the paper to address these challenges
by introducing a novel system architecture for SoCs, which
offers a component-based design methodology for managing
the complexity of billion-of-transistors SoCs through the con-
sequent decoupling of the computational components from
the communication infrastructure. The introduced system ar-
chitecture provides an architectural framework that supports
composability , , i.e., the side-effect-free composition
of component services (based solely on interface specifica-
tions) to form larger systems-of-systems. For this purpose,
the computational components are interconnected through a
predictable and deterministic time-triggered NoC with inherent
The contributions and key properties of the presented SoC
architecture are as follows:
a) Elevation of the level of design abstractions: In
order to manage the complexity of an evolving design at a
higher level of abstraction, we must conceptualize components
that form stable intermediate forms and exhibit aggregate
properties. If we can describe and specify these aggregate
properties on their own by an appropriate interface model,
then it is not required to understand the structure and the
interactions within the components in order to reason about
the interactions among components and the emerging system
properties. Furthermore, it is then possible to change and
enhance the implementation of the components in response to
technological developments without a redesign of the system
at this higher level of abstraction.
For this reason, we introduce in the proposed SoC architec-
ture the notion of a micro component, which can be considered
as a unit of abstraction that provides its functionality at a well-
defined message-based network interface to its partners .
The clear separation of the processing within a micro compo-
nent from the interactions among the micro components leads
to a communication-centric model that is highly appropriate
for many applications.
b) Predictability and determinism through encapsu-
lation: The SoC architecture offers a predictable on-chip
interconnect that is free of interference. Each micro component
is assigned dedicated slots in a time-triggered communication
schedule, which are protected from other micro components
through the communication system. Encapsulation results in
a complexity reduction, because the behavior of interfering
periodic send instances of application-level messages to the
phase of the periodic activation instances of a time-triggered
application (e.g., periodic dissemination of a sensor value
in a process controll application). In addition, a global time
base is provided at the application level in order to facilitate
the temporal coordination of subsystems distributed across
multiple micro components. The global time base, which is
internally synchronized (between the micro components of an
SoC with different clock domains) and externally synchronized
(with the SoC environment).
With its inherent fault isolation capabilities, the time-
triggered SoC is an effective solution for mixed criticality
systems. A mixed criticality system is characterized by the
coexistence of safety-critical micro components (e.g., X-by-
wire functionality, active safety-functions in a car) and micro
components with a lower level of criticality (e.g., multime-
dia, comfort functionality in a car). The trusted subsystem
(i.e., TISSs, time-triggered NoC, TNA) ensures that a design
fault (e.g., a software fault) within a given micro component
cannot lead to a violation of the micro component’s tempo-
ral interface specification in a way that the communication
between other micro components would be disrupted. It is
prevented by design that a faulty micro component sends mes-
sages during the sending slots of any other micro component.
This work has been supported in part by the European IST
project ARTIST2 under project No. IST-004527 and the FIT-
IT (Research Programme initiatiated by the Austrian Federal
Ministry of Transport, Innovation, and Technology (BMVIT))
project TT-SoC under grant number 813299/7852.
 Semiconductor Industry Association (SIA).
roadmap for semiconductors. Technical report, 2005.
 P. Gelsinger.Microprocessors
lenges,opportunities, and new frontiers.
Circuit Conference. IEEE Press, 2001.
 W. Wolf. The future of multiprocessors systems on chips. In Proc. of
the Design Automation conference. IEEE Press, 2004.
 H. Kopetz and R. Obermaisser. Temporal composability. Computing &
Control Engineering Journal, 13:156–162, August 2002.
 J. Sifakis. A framework for component-based construction. In Proc. of
3rd IEEE Int. Conference on Software Engineering and Formal Methods
(SEFM05), pages 293–300, September 2005.
 C. Jones et al. DSOS conceptual model. Technical Report Techn. Report
CS-TR-782, University of Newcastle, 2003.
 P.J. Feltovic, R. Coulson, and R. Spiro. Learners’ misunderstandidng of
important and difficult concepts. Smart Machines in Education, pages
354–380, 2001. AAAI Press.
 J. Owens. GPUs: Engines for future high-performance computing.
Technical report, Lincoln Labs, Boston, September 2004.
 S. Poledna. Replica determinism in distributed real-time systems: A
brief survey. Real-Time Systems, 6:289–316, 1994.
 O.S. Unsal and I. Koren. System-level power-aware design techniques
in real-time systems. Proceedings of the IEEE, 91(7):1055–1069, 2003.
 K. Goossens, J. Dielissen, and A. Radulescu. The aethereal network on
chip: Concepts, architectures, and implementations. IEEE Design and
Test of Computers, 22(5):414–421, 2005.
 Sonics. Sonics unetwork technical overview (www.sonicsinc.com),
 OCP-IP Association. Open core protocol specification 2.1, 2005.
 ARM. Axi protocol specification, 2004.
for the new millenium, chal-
In Proc. of the Solid State
 IBM, Sony, and Toshiba. Cell broadband engine architecture. Technical
report, October 2006.
 T.W. Ainsworth amd T.M. Pinkston.
of the cell broadband engine element interconnect bus. In Proc. of the
First International Symposium on Networks-on-Chip, pages 18–29, May
 OMG. Smart Transducers Interface.
Object Management Group, May 2002. Available at http://www.
 H. Kopetz. Pulsed data streams. In IFIP TC 10 Working Conference
on Distributed and Parallel Embedded Systems (DIPES 2006), pages
105–124, Braga, Portugal, October 2006. Springer.
 H. Kopetz and G. Gr¨ unsteidl. TTP – a protocol for fault-tolerant real-
time systems. Computer, 27(1):14–23, January 1994. Vienna University
of Technology, Real-Time Systems Group.
 H. Kopetz, A. Ademaj, P. Grillinger, and K. Steinhammer. The Time-
Triggered Ethernet (TTE) design. Proc. of 8th IEEE Int. Symposium on
Object-oriented Real-time distributed Computing (ISORC), May 2005.
 Robert Bosch Gmbh, Stuttgart, Germany. CAN Specification, Version
 N. Suri, C.J. Walter, and M.M. Hugue. Advances In Ultra-Dependable
Distributed Systems, chapter 1. IEEE Computer Society Press, 10662
Los Vaqueros Circle, P.O. Box 3014, Los Alamitos, CA 90720-1264,
 B. Pauli, A. Meyna, and P. Heitmann.
components and control units in motor vehicle applications. In VDI
Berichte 1415, Electronic Systems for Vehicles, pages 1009–1024. Verein
Deutscher Ingenieure, 1998.
 H. Kopetz. Sparse time versus dense time in distributed real-time
systems. In Proc. of 12th Int. Conference on Distributed Computing
Systems, Japan, June 1992.
 J. Rushby. Partitioning for avionics architectures: Requirements, mech-
anisms, and assurance. NASA Contractor Report CR-1999-209347,
NASA Langley Research Center, June 1999.
On characterizing performance
Reliability of electronic