Summary of the impact

This case study concerns the design and methodology adopted in the construction of high reliability (safety-critical and real-time) embedded systems, particularly as applied in the automotive and avionics industry. The key impact has been for the automotive and avionics industry to adopt a change in the way these systems are designed, leading to more reliable systems, faster time to market, lower production and verification costs, and lower maintenance costs.

The subject matter concerns the fundamental architecture of high reliability embedded systems. Specifically it is a paradigm shift in the theoretical design of the software and hardware from established event-driven architectures to novel time-triggered architectures developed at the University of Leicester (UoL). The novel paradigm is supported by a range of development tools, processor designs, and diagnostic/maintenance tools developed by a spin-out company, TTE Systems Ltd. Research was exploited commercially by TTE Systems Ltd to provide economic impact via software tools sales, consultancy services, bespoke product development, and training courses.

Underpinning research

Primary research into the construction and use of time triggered embedded system concepts was conducted at the Embedded Systems Laboratory (ESL), UoL, under Pont from 1992 - 2003. Research was undertaken through a variety of externally funded research projects for instance [G1], and a series of 17 PhD projects (see below). The theoretical foundations were built on with concrete implementations, development of case studies and experimental tool support by the ESL Research team, funded by a variety of sources such as [G2, G4]. Dissemination was primarily through normal academic routes, with associated publications in peer reviewed journals [4-6].

TTE Systems began trading in 2007. The period 2007 - 2013 represents the exploitation and impact phase of the research. It was developed commercially into the RapidiTTy Toolset by the company. Initial exploitation and impact was achieved via the Embedded Systems Demonstrator Laboratory, funded by the East Midlands Development Agency [G3]. Research and software tools development continued during this period under the auspices of TTE Systems. Commercial exploitation and rights were protected by a series of three patents [1-3]. The first of these is applicable to monitoring and error detection technology [1]. The second is applicable to task scheduling mechanisms in hardware [2]. The third is applicable to communication mechanisms in bespoke multi-core processors [3].

Summary of research outputs:

• The RapidiTTY Toolset and associated processor designs, TTE Systems 2012, available from http://www.safetty.net/.
• 12 peer reviewed journal articles since 2002. Publishers include IEEE Computer Society, Transactions of the Institute of Measurement and Control, IEEE Transactions on Industrial Informatics, Microprocessors and Microsystems, Pattern Recognition Letters, IEEE Transactions on Computers, Journal of Systems Architecture;
• More than 80 peer reviewed conference papers;
• 17 PhD projects since 1999 (all UoL): Kyriakopoulos, Ahmad, Hanif, Lakhani, Athaide, Chan, Sheikh, Bautista-Quironga, Gendy, Hughes, Kurian, Maita, Nahas, Ayavoo, Mwelwa, Phatrapornnat, Ong.
• Contribution of PhD projects include:
• Scheduling designs and algorithms,
• Fault-tolerant architectures,
• Techniques for managing severe resource constraints,
• Techniques for measuring stability and reliability,
• Scheduling schemes to reduce power consumption,
• Shared and distributed clock architectures,
• Patterns for designing systems,
• Guidelines for writing reliable code
• Development and predictive models of time triggered systems,
• Hybrid schemes incorporating time and event triggered schedulers.
• 2 published text books:
• Patterns for time-triggered embedded systems, Michael J. Pont, Addison-Wesley
• Embedded C, Michael J Pont, Addison-Wesley

Key research personnel:

• Professor Michael Pont, UoL 1992 — present. Contributions include theoretical foundations of time triggered systems, scheduling algorithms, design patterns and pattern languages. Role: CEO of TTE Systems Ltd, Head of the ESL.
• Dr Michael Short, UoL 2003 - 2010. Contributions include networking protocols, techniques for predictable networks and task scheduling, techniques for measuring task overrun and task jitter. Role: Researcher and Lecturer in the ESL, Leader of the Embedded Systems Demonstrator Laboratory.
• Dr Zemian Hughes, UoL 2004 -2010, TTE Systems 2007 - 2012. Contributions include IP core development, hardware schedulers and tools development. Role: PhD student in the ESL, Systems Developer/ Hardware Designer for TTE.
• Dr Dev Ayavoo, UoL 2003 - 2006, TTE Systems 2007 - 2010. Contributions include analysis of tool requirements, and development of tool support. Role: PhD student in the ESL, Technical manager of TTE Systems Ltd.
• Dr Keith Athaide, UoL 2006 - 2010, TTE Systems 2006 - 2013. Contributions include hardware designs supporting time triggered architectures, and tool support for automatic code generation. Role: PhD student in the ESL, Researcher/Technical manager for TTE Systems Ltd.

References to the research

Patents:

1. University of Leicester [GB]; Pont Michael Joseph [GB]; Chan Kam Leung [GB], US2010281298 (A1) — Monitoring Device, Application number: US20080599792 20080509, 2008-11-06

2. University Leicester [GB]; Hughes Zemian Mark [GB]; Pont Michael Joseph [GB], WO2007028942 (A1) — Time-Triggered Co-Operative Hardware Scheduler, Application number WO2006GB03007 20060814, 2007-03-15

3. TTE Systems LTD [GB]; Athaide Keith [GB], WO2012069831 (A1) — Method And Arrangement For A Multi-Core System, Application number: WO2011GB52303 20111123, 2010-11-24

Key publications:

Primary externally funded projects and grants:

G1. Design and implementation of safety-critical control and monitoring systems, £183,000, Pont, Leverhulme Trust, 2004-2006

G2. MIRA Case award and studentships, £16,000, Pont, 2002 - 2005

G3. Embedded Systems Demonstrator, £120,000, Pont, East Midlands Development Agency, 2006-2009

G4. Various EPSRC Case awards, total £210,000 Pont, 2002 - 2011

Details of the impact

The "time triggered" approach to building embedded systems is a new paradigm enabling the development of a new class of high reliability embedded systems where guarantees of meeting timing deadlines are crucial from a safety perspective and therefore in many cases certification. The benefits of the research are a large collection of design patterns and engineering knowledge demonstrating how such systems can be constructed, and a set of software tools supporting the construction and development of deterministic hardware and processors supporting the requirements of these systems. Impact is on the way safety and reliability of embedded systems is considered in automotive and avionic sectors.

The above research was primarily exploited through the formation of TTE Systems Ltd (a spin-out company from the University of Leicester) using two commercial activities: the "TT" product family, and training courses. Since it began trading in 2007, TTE Systems attracted total investment in excess of £1m with an annual turnover of approximately £0.8m. On average in that period, there were 10 technical and training staff working with a number of customers in the UK, Europe, US, and Asia.

From 2008-2013, professional training courses attracted approximately 100 current industrial practitioner customers from UK/Europe, and a similar number in South East Asia. Significant customers for these activities include Rolls Royce, Aero Engine Controls, Smith Electric Vehicles, [text removed for publication] Mira, [text removed for publication]. The training activities are currently being supported by UoL as an ongoing activity.

Smith Electric Vehicles (SEV):

SEV manufacture and market zero-emission commercial electric vehicles that are designed to be a superior performing alternative to traditional diesel trucks due to higher efficiency and lower total cost of ownership. They have research and development centres in the UK and USA. SEV have exploited the technology in embedded applications for battery systems. The use of time-triggered methodologies and tools has increased speed to market and lowered development costs.

"Using the skills learnt on the Reliable Embedded Systems course we have been able to design and write embedded applications for our new battery system. These applications were written using time triggered methodology allowing us to increase our speed to market, lower our cost of development and enhance our team skills base. These advantages have had a small but demonstrable impact on our new battery system, leading to a $10,000 cost saving on the parts list (BOM) for one of our electric vehicles.", Ross Cooney, Engineering Software & Telemetry Manager, Smith Electric Vehicles (A). It should be noted that this is a $10,000 cost saving on each vehicle at a time when there is a major focus on reducing the cost of electric vehicle.

Aero Engine Controls (AEC):

AEC are part of the international Rolls-Royce Group, with research, development and production centres in the UK, USA, UAE, and Singapore. They provide a single solution to the design, manufacture, procurement, testing and support of high-integrity, harsh environment control systems, including safety critical software, electronic, electrical and hydro-mechanical products.

"The technology has been directly applied to in-house testing tools for the generation of test cases, SCADE model simulator, and AdaTest code generation. This has a direct technical, certification, and cost benefit as it enables the same use of procedures to test design and executable code for compliance with DO178B industry regulator standards." Duncan Brown, Chief of Systems Capability, Aero Engine Controls (B).

"Since 2010, AEC have invested a total of £1m in development and training in high reliability and time triggered architectures via TTE Systems resulting in the creation of more than 14 full-time engineer positions in this area with more to follow in 2014. This represents approximately 5% of the total AEC capability in the Embedded Systems area. This has significantly accelerated capability development within AEC in the embedded systems area." Duncan Brown, Chief of Systems Capability, Aero Engine Controls (B).

MIRA:

MIRA is a UK-based international independent vehicle engineering consultancy providing engineering innovations and testing/certification solutions in the field of vehicle and systems technology. MIRA offer services ranging across commercial vehicles, defence, UAV, intelligent transport systems, aerospace, rail, and motorsport.

"The principles of Time Triggered Embedded Systems design have been used in several developments of bespoke embedded systems and have enabled dependable systems to be created in a shorter timescale than using traditional techniques. The basic platform developed using such techniques has been reused with minimal redesign in several subsequent applications." David Ward, Head of Functional Safety, Mira (C).

Other impacts:

Embedded Systems Demonstrator Laboratory (2007 - 2013). The ESDL, funded by the East Midlands Development Agency opened in 2007. The facility enabled researchers, end users and other interested groups including Midlands-based SME's to trial new embedded time-triggered technologies.

Sources to corroborate the impact

A. Ross Cooney, Engineering Software & Telemetry Manager, Smith Electric Vehicles

B. Duncan Brown, Chief of Systems Capability, Aero Engine Controls,

C. David Ward, Head of Functional Safety, MIRA