Abstract
The Time-Triggered Architecture (TTA) is an architecture for safety-critical applications. Fault-tolerance mechanisms are therefor of upmost importance to ensure correct system operation in presence of failures as well as after transient disturbances. Currently the TTA tolerates one faulty component. Multiple transient failures are outside of the fault hypothesis of the TTA and scenarios can be established, after multiple transient failures, which cannot be corrected by the conventional TTA mechanism. Therefore, we propose an algorithm, for correction of the system after multiple transient failures, as an extension to the fault-tolerance mechanisms of the TTA. Furthermore, we discuss variations of this algorithm.