Time driven real-time systems are of increasing importance in the field of critical computer control applications [Sta90]. Because of their predictable behavior they are well suited for systems whose correct operation in the time domain must be guaranteed already in the design phase of an application. Time driven systems allow the proof of the correct timing behavior of an application by construction of a feasible schedule.In the MARS system [Kop89] the time driven approach is realized. The structure of the MARS operating system kernel differs significantly from that of others because of the specific demands which a distributed time driven system imposes on its underlying operating system. Based on the experiences with the first prototype of the MARS operating system [Dam89] (MARS-1), a new operating system kernel, MARS-2, has been developed from scratch. There have been some motivations for the development of MARS-2:• New processor boards ('MARS components') have been developed to fully support the MARS concepts [Ste91]. These boards provide mechanisms to achieve a high self-checking coverage and a highly predictable timing behavior.• The introduction of new concepts and mechanisms into the MARS system (e.g. membership protocol, time redundant process execution, shadow component [Kop90], [Kop91]) requires support by the runtime system.• A predictable timing behavior should be achieved by the new kernel. Although the system overhead caused by the old implementation was boundable in principle, the calculated bounds were too high to guarantee the correct timing behavior of an application already at design time [Vrc91].• The self-checking coverage of the MARS components has to be high because the fault tolerance mechanisms of MARS are based on it. Whereas the old kernel was not specifically designed in order to meet this requirement, MARS-2 uses both hardware and software mechanisms to increase the self-checking coverage to a sufficiently high degree.MARS-2 is based on a microkernel operating system architecture in contrast to the monolithic kernel of MARS-1.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	David Cheriton, The V distributed system, Communications of the ACM, v.31 n.3, p.314-333, March 1988  [doi>10.1145/42392.42400]
	2	A. Damm , J. Reisinger , W. Schwabl , H. Kopetz, The real-time operating system of MARS, ACM SIGOPS Operating Systems Review, v.23 n.3, p.141-157, July 1989  [doi>10.1145/71021.71029]
	3	{Foh92} Gerhard Fohler. Realizing Changes of Operational Modes with Pre Run-Time Scheduled Hard Real-Time Systems. Proceedings of the second Workshop on Responsive Computer Systems, Japan 1992, Springer Verlag, Vienna.
	4	Andrze Goscinski, Distributed Operating Systems: The Logical Design, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1991
	5	H. Kopetz , W. Ochsenreiter, Clock synchronization in distributed real-time systems, IEEE Transactions on Computers, v.36 n.8, p.933-940, Aug. 1987  [doi>10.1109/TC.1987.5009516]
	6	Hermann Kopetz , Andreas Damm , Christian Koza , Marco Mulazzani , Wolfgang Schwabl , Christoph Senft , Ralph Zainlinger, Distributed Fault-Tolerant Real-Time Systems: The Mars Approach, IEEE Micro, v.9 n.1, p.25-40, January 1989  [doi>10.1109/40.16792]
	7	{Kop90} Hermann Kopetz, Heinz Kantz, Günter Grünsteidl, Peter Puschner, and Johannes Reisinger. Tolerating Transient Faults in MARS. In Proc. 20th Int. Symposium on Fault-Tolerant Computing, pages 466-473, Newcastle upon Tyne, UK, June 1990.
	8	{Kop91} Hermann Kopetz, Günter Grünsteidl, and Johannes Reisinger. Fault-Tolerant Membership Service in a Synchronous Distributed Real-Time System. In A. Avizienis and J.C. Laprie (editors), Dependable Computing for Critical Applications, pages 411-429. Springer Verlag, 1991.
	9	Sape J. Mullender , Guido van Rossum , Andrew S. Tanenbaum , Robbert van Renesse , Hans van Staveren, Amoeba: A Distributed Operating System for the 1990s, Computer, v.23 n.5, p.44-53, May 1990  [doi>10.1109/2.53354]
	10	P. Puschner , Ch. Koza, Calculating the maximum, execution time of real-time programs, Real-Time Systems, v.1 n.2, p.159-176, Sep. 1989  [doi>10.1007/BF00571421]
	11	John A. Stankovic , Krithi Ramamritham, What is predictability for real-time systems?, Real-Time Systems, v.2 n.4, p.247-254, Nov. 1990  [doi>10.1007/BF01995673]
	12	{Ste91} Andreas Steininger and Johannes Reisinger. Integral Design of Hardware and Operating System for a DCCS. In Proceedings of the 10th IFAC Workshop on Distributed Computer Control Systems, Semmering, Austria, published by Pergamon Press, Oxford, New York, Sep. 1991.
	13	{Vrc91} Alexander Vrchoticky and Peter Puschner. On the Feasibility of Response Time Predictions --- An Experimental Evaluation. In Second Year PDCS Report, Vol. 2, Newcastle, UK, May 1991.