Real-Time Systems. Design Principles for Distributed Embedded Applications. Herman Kopetz. Second Edition (811374), страница 13
Текст из файла (страница 13)
In a malign failuremode, the cost of a failure can be orders of magnitude higher than the utility ofthe system during normal operation.Maintainability is a measure of the time it takes to repair a system after the lastexperienced benign failure, and is measured by the probability M(d) that thesystem is restored within a time interval d after the failure.Availability is a measure for the correct service delivery regarding the alternation of correct and incorrect service, and is measured by the probability A(t) thatthe system is ready to provide the service at time t.The main security concerns in real-time systems are the authenticity, integrity,and timeliness of the real-time information.The probability of failure of a perfect system with guaranteed response isreduced to the probability that the assumptions concerning the peak load andthe number and types of faults are valid in reality.If we start out from a specified fault- and load-hypothesis and deliver a designthat makes it possible to reason about the adequacy of the design withoutreference to probabilistic arguments (even in the case of the extreme load andfault scenarios) we speak of a system with a guaranteed response.An embedded real-time computer system is part of a well-specified larger system,an intelligent product.
An intelligent product normally consists of a mechanicalsubsystem, the controlling embedded computer, and a man–machine interface.The static configuration, known a priori, of the intelligent product can be used toreduce the resource requirements and increase the robustness of the embeddedcomputer system.Usually, every plant automation system is unique. Compared to development cost,the production cost (hardware cost) of a plant automation system is less important.The embedded system market is expected to grow significantly during the next10 years.
Compared with other information technology markets, this market willoffer the best employment opportunities for the computer engineers of the future.Bibliographic NotesThere exist a number of textbooks on real-time and embedded systems, such asIntroduction to Embedded Systems – A Cyber-Physical Systems Approach [Lee10]by Ed Lee and Seshia, Embedded System Design: Embedded Systems Foundationsof Cyber-Physical Systems [Mar10] by Peter Marwedel, Real-Time Systems byReview Questions and Problems27Jane Liu [Liu00], Hard Real-Time Computing Systems: Predictable SchedulingAlgorithms and Applications by Giorgio Buttazzo [But04], and Real-Time Systemsand Programming Languages: Ada, Real-Time Java and C/Real-Time POSIX byBurns and Wellings [Bur09]. The Journal Real-Time Systems by Springer publishesarchival research articles on the topic.Review Questions and Problems1.1 What makes a computer system a real-time computer system?1.2 What are typical functions that a real-time computer system must perform?1.4 Where do the temporal requirements come from? What are the parametersthat describe the temporal characteristics of a controlled object?1.5 Give a “rule of thumb” that relates the sampling period in a quasi-continuoussystem to the rise time of the step-response function of the controlled object.1.6 What are the effects of delay and delay jitter on the quality of control?Compare the error-detection latency in systems with and without jitter.1.7 What does signal conditioning mean?1.8 Consider an RT entity that changes its value periodically according tovðtÞ ¼ Ao sinð2pt=TÞ where T, the period of the oscillation, is 100 ms.
Whatis the maximum change of value of this RT entity within a time interval of1 ms? (express the result in percentage of the amplitude Ao).1.9 Consider an engine that rotates with 3,000 rpm. By how many degrees will thecrankshaft turn within 1 ms?1.10 Give some examples where the predictable rare-event performance determines the utility of a hard real-time system.1.11 Consider a fail-safe application.
Is it necessary that the computer systemprovides guaranteed timeliness to maintain the safety of the application?What is the level of error-detection coverage required in an ultrahigh dependability application?1.12 What is the difference between availability and reliability? What is therelationship between maintainability and reliability?1.13 When is there a simple relation between the MTTF and the failure rate?1.14 Assume you are asked to certify a safety-critical control system. How wouldyou proceed?1.15 What are the main differences between a soft real-time system and a hard realtime system?1.16 Why is an end-to-end protocol required at the interface between the computersystem and the controlled object?1.17 What is the fraction development cost/production cost in embedded systems andin plant automation systems? How does this relation influence the system design?1.19 Assume that an automotive company produces 2,000,000 electronic enginecontrollers of a special type.
The following design alternatives are discussed:281 The Real-Time Environment(a) Construct the engine control unit as a single SRU with the applicationsoftware in Read Only Memory (ROM).The production cost of such a unitis $250. In case of an error, the complete unit has to be replaced.(b) Construct the engine control unit such that the software is contained in aROM that is placed on a socket and can be replaced in case of a softwareerror.
The production cost of the unit without the ROM is $248. The costof the ROM is $5.(c) Construct the engine control unit as a single SRU where the software isloaded in a Flash EPROM that can be reloaded. The production cost ofsuch a unit is $255.The labor cost of repair is assumed to be $50 for each vehicle.
(It is assumed tobe the same for each one of the three alternatives). Calculate the cost ofa software error for each one of the three alternative designs if 300,000 carshave to be recalled because of the software error (example in Sect. 1.6.1).Which one is the lowest cost alternative if only 1,000 cars are affected bya recall?1.20 Estimate the relation (development cost)/(production cost) in an embeddedconsumer application and in a plant automation system.1.21 Compare the peak load (number of messages, number of task activationsinside the computer) that can be generated in an event-triggered and a timetriggered implementation of an elevator control system!Chapter 2SimplicityOverview A recent report on Software for Dependable Systems: SufficientEvidence? [Jac07] by the National Academies contains as one of its centralrecommendations: One key to achieving dependability at reasonable cost is aserious and sustained commitment to simplicity, including simplicity of criticalfunctions and simplicity in system interactions.
This commitment is often the markof true expertise. We consider simplicity to be the antonym of cognitive complexity(in the rest of this book we mean cognitive complexity whenever we use the wordcomplexity). In every-day life, many embedded systems seem to move in theopposite direction. The ever-increasing demands on the functionality, and thenon-functional constraints (such as safety, security, or energy consumption) thatmust be satisfied by embedded systems lead to a growth in system complexity.In this chapter we investigate the notion of cognitive complexity and developguidelines for building understandable computer systems.
We ask the question:What does it mean when we say we understand a scenario? We argue that it is notthe embedded system, but the models of the embedded system that must be simpleand understandable relative to the background knowledge of the observer. Themodels must be based on clear concepts that capture the relevant properties of thescenario under investigation. The semantic content of a program variable is one ofthese concepts that we investigate in some detail. The major challenge of design isthe building of an artifact that can be modeled at different levels of abstractionby models of adequate simplicity.This chapter is structured as follows.
Section 2.1 focuses on the topic ofcognition and problem solving and an elaboration of the two different humanproblem-solving subsystems, the intuitive-experiential subsystem and the analytic-rational subsystem. Concept formation and the conceptual landscape, that isthe private knowledge base that a human develops over his lifetime, are discussed inSect.
2.2. Section 2.3 looks at the essence of model building and investigates whatmakes a task difficult. Section 2.4 deals with the important topic of emergence inlarge systems.H. Kopetz, Real-Time Systems: Design Principles for Distributed Embedded Applications,Real-Time Systems Series, DOI 10.1007/978-1-4419-8237-7_2,# Springer Science+Business Media, LLC 201129302 Simplicity2.1CognitionCognition deals with the study of thought processes and the interpretation andbinding of sensory inputs to the existing knowledge base of an individual [Rei10].It is an interdisciplinary effort that stands between the humanities, i.e., philosophy,language studies, and social science on one side and the natural sciences, such asneural science, logic, and computer science on the other side.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
