Real-Time Systems. Design Principles for Distributed Embedded Applications. Herman Kopetz. Second Edition (811374), страница 100
Текст из файла (страница 100)
Temporal failures can only exist if thesystem specification contains information about theexpected temporal behavior of the system (Synonymtiming failure) (6.1.3).The temporal order of a set of events is the order ofevents as they occurred on the time line (3.1.1).The phenomenon that a system’s throughput decreasesabruptly with increasing load is called thrashing (7.2.4).A tick (synonym: macrotick) of the global time is aselected microtick of the local clock. The offset betweenany two respective global ticks of an ensemble of synchronized clocks must always be less than the precisionGlossaryTime StampTime-Division MultipleAccess (TDMA)Time-TriggeredArchitecture (TTA)Time-TriggeredEthernet (TTEthernet)Time-TriggeredProtocol (TTP)Timed MessageTiming FailureToken ProtocolTransducerTransient FaultTriggerTrigger TaskTriple-ModularRedundancy (TMR)Understanding357of the ensemble (➔ microtick, reasonableness condition) (3.2.1).A timestamp of an event with respect to a given clock isthe state of the clock at the instant of occurrence of theevent (3.1.2).Time-Division Multiple Access is a time-triggered communication technology where the time axis is staticallypartitioned into slots.
Each slot is statically assigned to acomponent. A component is only allowed to send amessage during its slot (7.5).A distributed computer architecture for real-time applications, where all components are aware of the progression of the global time and where most actions aretriggered by the progression of this global time.An extension of standard Ethernet that supports deterministic message transport (7.5.2).A communication protocol where the instant of startinga message transmission is derived from the progressionof the global time (7.5.1).A timed message is a message that contains the timestamp of an event (e.g., point of observation) in the datafield of the message (9.1.1).➔ Temporal FailureA communication protocol where the right to transmit iscontained in a token that is passed among the communicating partners (7.4.1).A device converting energy from one domain intoanother.
The device can either be a sensor or an actuator(9.5).A transient fault is a fault that exists only for a shortperiod of time after which it disappears. The hardware isnot permanently affected by a transient fault (6.1.1).A trigger is an event that causes the start of some action(1.5.5).A trigger task is a time-triggered task that evaluates acondition on a set of temporally accurate variables andgenerates a trigger for an application task (9.2.2).A fault-tolerant system configuration where a fault-tolerant unit (FTU) consists of three synchronized replicadeterministic components. A value or timing failure ofone component can be masked by the majority (➔ voting) (6.4.2).Understanding develops if the concepts and relationships that are employed in the representation a modelhave been adequately linked with the ➔ conceptual358Universal TimeCoordinated (UTC)Value FailureVoterVulnerabilityWatchdogWorst-CaseAdministrativeOverhead (WCAO)Worst-CaseCommunicationDelay (WCCOM)Worst-Case ExecutionTime (WCET)Glossarylandscape and the methods of reasoning of the observer(2.1.3).An international time standard that is based on astronomical phenomena (➔ International Atomic Time)(3.1.4).A value failure occurs if an incorrect value is presentedat the system-user interface (6.1.3).A voter is a unit that detects and masks errors by comparing a number of independently computed input messages and delivers an output message that is based on theanalysis of the inputs (➔ exact voting, ➔ inexact voting)(6.4.2).A deficiency in the design or operation of a computersystem that can lead to a security incident, such as anintrusion (6.2).A watchdog is an independent external device thatmonitors the operation of a computer.
The computermust send a periodic signal (life sign) to the watchdog.If this life sign fails to arrive at the watchdog within thespecified time interval, the watchdog assumes that thecomputer has failed and takes some action (e.g., thewatchdog forces the controlled object into the safestate) (9.7.4).The worst-case execution time of the administrativeservices provided by an operating system (5.4.2).The worst-case communication delay is the maximumduration it may take to complete a communicationaction under the stated load- and fault hypothesis(5.4.1).The worst-case execution time (WCET) is the maximumduration it may take to complete an action under thestated load- and fault hypothesis, quantified over allpossible input data (10.2).References[Ahu90][Ale77][Ami01][And01][And95][ARI05][ARI91][ARI92][Arl03][Art06][Att09][Avi04][Avi82][Avi85][Avr92][Bar01][Bar07][Bar93][Bea09]Ahuja, M., Kshemkalyani, A.
D. & Carlson, T. (1990). A Basic Unit of Computation ina Distributed System. Proc. of the 10th IEEE Distributed Computer Systems Conference. IEEE Press. (pp. 12-19).Alexander, C.S. et al. (1977). A Pattern Language. Oxford University Press.Amidzic, O., H.J.Riehle, T. Fehr, C. Wienbruch &T. Elbert.
(2001). Pattern of Focal ybursts in Chess Players. Nature. Vol. 412. (p. 603).Anderson, D.L. (2001). Occam’s Razor; Simplicity, Complexity, and Global Geodynamics. Proc. of the American Philosophical Society. Vol.14(1). (pp. 56-76).Anderson, J., S. Ramamurthy, & K. Jeffay. (1995). Real-Time Computing with LockFree Shared Objects. Proc. RTSS 1995.
IEEE Press. (pp. 28-37).ARINC. (2005). Design Assurance Guidance for airborne electronic hardware RTCA/DO-254. ARINC, Annapolis, Maryland.ARINC. (1991). Multi-Transmitter Data Bus ARINC 629–Part 1: Technical Description. ARINC, Annapolis, Maryland.ARINC. (1992). Software Considerations in Airborne Systems and Equipment Certification ARINC DO-178B.
ARINC, Annapolis, Maryland.Arlat, J. et al. (2003). Comparison of Physical and Software-Implemented FaultInjection Techniques. IEEE Trans. on Computers. Vol. 52(9). (pp. 1115-1133).ARTEMIS. (2006). Strategic Research Agenda. Reference designs and architectures.URL: https://www.artemisia-association.org/downloads/RAPPORT_RDA.pdfAttaway, S. (2009). Matlab, a Practical Introduction to Programming and ProblemSolving.
Elsevier.Avizienis, A., et al., (2004). Basic concepts and taxonomy of dependable and securecomputing. IEEE Trans. on Dependable and Secure Computing. Vol. 1(1). (pp. 11-33).Avizienis, A. (1982). The Four-Universe Information System Model for the Study ofFault Tolerance. Proc.
of the 12th FTCS Symposium. IEEE Press. (pp. 6-13).Avizienis, A. (1985). The N-version Approach to Fault-Tolerant Systems. IEEE Trans.on Software Engineering. Vol. 11(12). (pp. 1491-1501).Aversky, D., Arlat, J., Crouzet, Y., & Laprie, J. C. (1992). Fault Injection for theFormal Testing of Fault Tolerance. Proc. of FTCS 22. IEEE Press. (pp. 345-354).Baresi, L.
and M. Young. (2001). Test Oracles. University of Oregon, Dept. ofComputer Science.Baronti, P., et al. (2007). Wireless Sensor Networks: A Survey on the State of the Artand the 802.15.4 and Zigbee Standards. Computer Communication, Vol. 30. Elsevier.(pp.
1655-1695).Barborak, M., Malek, M. (1993). The Consensus Problem in Fault-Tolerant Computing. ACM Computing Surveys. Vol 25(2). (pp. 171-218).Beautement, A., M.A. Sasse, & M. Wonham. (2009). The Compliance Budget: Managing Security Behavior in Organizations. Proc of NSPW 08. ACM Press. (pp.
47-58).359360ReferencesBedau, M.A. & P. Humphrey. (2008). Emergence. MIT Press, Cambridge.Benini, L. & G. DeMicheli. (2000). System Level Power Estimation: Techniques and Tools.ACM Trans. on Design Automation of Electronic Systems. Vol. 5(2). (pp. 115-192).[Ber01] [Ber01] Berwanger, J., et al. (2001). FlexRay–The Communication System forAdvanced Automotive Control Systems.
SAE Transactions, Vol. 110(7). SAE Press.(pp. 303-314).[Ber07] Bertolino, A. (2007). Software Testing Research: Achievements, Challenges, Dreams.Proc. of FOSE 07. IEEE Press. (pp. 85-103).[Ber85] Berry, G. & L. Cosserat. (1985). The Synchronous Programming Language ESTERELand its Mathematical Semantics. Proc. of the Seminar on Concurrency. LNCS 197.Springer-Verlag.[Bha10] Bhattacharayya, R. et al. (2010). Low-Cost, Ubiquitous RFID-Tag-Antenna-BasedSensing. Proc.
of the IEEE. Vol. 98(10). (pp. 1593-1600).[Bla09]Black, D.C., J. Donovan, & B. Bunton. (2009). System C: From the Ground Up.Springer Verlag.[Boe01] Boehm, B. & V. Basili. (2001). Software Defect Reduction Top 10 List. IEEE Computer. January 2001. (pp. 135-137).[Bor07] Borkar, S. (2007).
Thousand Core Chips–a Technology Perspective. Proc. of DAC2007. ACM Press. (pp. 746-749).[Bou61] Boulding, K.E. (1961). The Image. Ann Arbor Paperbacks.[Bou96] Boussinot, F. & R. Simone. (1996). The SL Synchronous Language. IEEE Trans. onSoftware Engineering. Vol. 22(4). (pp. 256-266).[Bro00] Brown, S. (2000). Overview of IEC 61508—Design of electrical/electronic/programmable electronic safety-related systems.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
