Real-Time Systems. Design Principles for Distributed Embedded Applications. Herman Kopetz. Second Edition (811374), страница 19
Текст из файла (страница 19)
It is difficult to isolate theinteraction among tasks.behavior of a single task.Sequential: Behavior can be understood by aSimultaneous: Many concurrent processessequential step-by-step analysis.interact in generating visible behavior. Stepby-step analysis is difficult.Homogeneous: Components, explanatoryHeterogeneous: Many different components,schemes, and representations are alike.explanatory schemes, and representations.Mechanism: Cause and effect relationsOrganicism: Behavior characterized by adominate.multitude of feedback mechanisms.Linear: Functional relationships are linear.Non-linear: Functional relationships are nonlinear.Universal: Explanatory principles do notConditional: Explanatory principles are contextdepend on context.dependent.Regular: Domain characterized by a highIrregular: Many different context dependentregularity of principles and rules.rules.Deep: Important principles are covert andSurface: Important principles and rules areabstract and not detectable when looking atapparent by looking at observable surfacesurface properties.properties.the component on the basis of its precise interface specifications without anyneed to understand the internals of the component operation.
In order to maintainthe abstraction of a component even in the case that faults are occurring, acomponent should be a fault-containment unit (Sect. 6.1.1). If components standin a hierarchical relationship to each other, different levels of abstraction can bedistinguished. At a high level of abstraction, the behavior of a complete autonomous constituent system (consisting of many clusters of components) of asystem-of-systems (SoS) is captured in the precise linking interface specificationof its gateway component (see Sects.
4.6 and 4.7.3).2. Principle of Separation of Concerns. This principle helps to build simplesystems by disentangling functions that are separable in order that they can begrouped in self-contained architectural units, thus generating stable intermediateforms [Sim81]. This principle is sometimes called principle of partitioning[Ses08]. An example is the strict separation of computational activities fromcommunication activities such that the communication system and the computational components can be developed independently (Sect.
4.1.1).3. Principle of Causality. The analytical-rational problem solving subsystem ofhumans excels in reasoning along causal chains. The deterministic behavior ofbasic mechanisms makes it possible that a causal chain between a cause and theconsequent effect can be established without a doubt (Sect.
5.6).Points to Remember474. Principle of Segmentation. This principle suggests that hard-to-understand behavior should be decomposed, wherever possible, into a serial behavioral structure suchthat a sequential step-by-step analysis of the behavior becomes possible. Each steprequires only the investigation of the limited context that is of relevance at this step.5. Principle of Independence. This principle suggests that the interdependence ofarchitectural units (components or clusters, see Sect.
1.1) should be reduced tothe necessary minimum that is required by the application. An example is theprovision of a single unidirectional primitive for the communication amongcomponents such that any low-level dependency of the sender of a message onthe correct operation of the receiver is eliminated by design. This principle is ofparamount importance in the design of fault-tolerant systems to ensure thatback-propagation of failures is avoided and the independence of failures offault-containment units can be assumed (Sect. 6.4).6.
Principle of Observability. Non-visible communication channels among architectural units pose a severe impediment for the understanding of system behavior. This can be avoided by supporting a multicast topology in the basic messagepassing primitive. It is then possible to observe the external behavior of anycomponent without a probe effect (Sect.
12.2).7. Principle of a Consistent Time. The progression of real-time is an importantindependent variable in any behavioral model of the physical subsystem of anembedded system. This principle suggests that a global time base should be introduced in the distributed computer system such that system-wide consistent temporalrelations (e.g., simultaneity) and temporal distances among events can be established on the basis of global time-stamps (Sect. 3.3).
The availability of a global timesimplifies the solution of many problems in distributed systems (see Sect. 14.2.1).Points to RememberlllllHumans have two quite different mental subsystems for solving problems: theintuitive-experiential subsystem and the analytic-rational subsystem.The experiential subsystem is a preconscious emotionally-based subsystem thatoperates holistically, automatically, and rapidly, and demands minimal cognitive resources for its execution.The rational subsystem is a conscious analytic subsystem that operates according tothe laws of logic. It is well equipped to handle deterministic relations and causality.Adult humans have a conscious explicit model of reality in their rationalsubsystem, in addition to their implicit model of reality in the experientialsubsystem. These two models of reality coincide to different degrees and formjointly the conceptual landscape of an individual.Knowledge is acquired by the process of abstraction, by which the particular issubordinated to the general, so that what is known about the general is applicableto many particulars.48llllllllllllll2 SimplicityA concept is a category that is augmented by a set of beliefs about its relationsto other categories.
The set of beliefs relates a new concept to already existingconcepts and provides for an implicit theory (a subjective mental model).Understanding means that the concepts and relationships that are employed inthe representation of a scenario have been adequately linked with the conceptuallandscape and the methods of reasoning of the observer. The tighter the links are,the better is the understanding. Understanding (and therefore simplicity) is thusa relation between an observer and a scenario, not a property of the scenario.The elapsed time needed to understand a model by an intended observer is areasonable measure for the cognitive effort and thus for the complexity of amodel relative to the observer.Complexity can only be assigned to models of physical systems, but not to thephysical systems themselves, no matter whether these physical systems arenatural or man made.The complexity of a large system depends on the number and complexity of themodels that must be comprehended in order to understand the complete system.The time it takes to understand all these models can be considered as a measurefor the cognitive complexity of a large system.Invisible information flows between identified subsystems pose a considerablebarrier for understanding.The resources in the rational problem solving subsystem of humans, both instorage and processing capacity, are limited.The four strategies to simplify a complex scenario in order that it can beprocessed by the limited cognitive capabilities of humans are abstraction,partitioning, isolation, and segmentation.The formation of concepts is governed by the following two principles theprinciple of utility and the principle of parsimony (also called Occam’s razor).The essence of a concept, i.e., the semantic content of a concept, associated witha name, can be assumed to be the same within a natural language community(denotation), but different individuals may associate different shades of meaningwith a concept (connotation).A variable is a language construct that assigns an attribute to a concept at thegiven instant.
A variable thus consists of two parts, a fixed part, the variablename, and a variable part called the value of the variable that is assigned to thevariable at a particular instant.Differences in the representations of the semantic content of a variable becomeimportant when we look at gateway components which link two subsystems thathave been developed by two different organizations according to two differentarchitectural styles.A model is a deliberate simplification of reality with the objective of explaining achosen property of reality that is relevant for a particular purpose.If the purpose of a model is not crystal clear, or if there are multiple divergentpurposes to satisfy, it is not possible to develop a simple model.Review Questions and Problemsllll49The recursive application of the principles of abstraction leads to such a hierarchyof models. More general models can be formed by abstraction and more concretemodels can be formed by refinement.The major challenge of design is the building of a software/hardware artifact(an embedded computer system) that provides the intended behavior (i.e.
theservice) under given constraints and where relevant properties of this artifact(e.g., the behavior) can be modeled at different levels of abstraction by models ofadequate simplicity.We talk about emergence when the interactions of subsystems give rise tounique global properties at the system level that are not present at the level ofthe subsystems. Emergent properties are irreducible, holistic, and novel – theydisappear when the system is partitioned into its subsystems.We classify a system as complex if we are not in the position to develop a set ofmodels of adequate simplicity – commensurate to the rational capabilities of thehuman mind – to explain the structure and behavior of the system.Bibliographic NotesThe textbook by Reisberg [Rei10] gives a good overview of the state-of-the-art inthe field of cognition and introduces many of the terms that have been used in thischapter.
Epstein [Eps08] discusses the characteristics of the intuitive-experientialsubsystem and the analytic-rational subsystem of problem solving. Boulding[Bou61] elaborates extensively on the notion of conceptual landscape (which hecalls the Image) and the role of the message metaphor in all types of communication. The hierarchy of concepts, the abstraction ladder, is taken from Hayakawa[Hay90].
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
