Real-Time Systems. Design Principles for Distributed Embedded Applications. Herman Kopetz. Second Edition (811374), страница 27
Текст из файла (страница 27)
The Network Time Protocol of the Internet was publishedin 1991 by Mills [Mil91]. Kopetz presented the concept of a sparse time model first in[Kop92]. The excellent book by Eidson [Eid06] covers the IEEE 1588 protocol forclock synchronization in detail. The integration of internal and external clocksynchronization is discussed in Kopetz et al. [Kop04]. For a more philosophicaltreatment of the problem of time, the reader is advised to study the excellent bookby Withrow in [Wit90] entitled The Natural Philosophy of Time.Review Questions and Problems3.1 What is the difference between an instant and an event?3.2 What is the difference between temporal order, causal order, and a consistentdelivery order of messages? Which of the orders implies another?3.3 How can clock synchronization assist in finding the primary event of an alarmshower?3.4 What is the difference between UTC and TAI? Why is TAI better suited as atime base for distributed real-time systems than UTC?3.5 Define the notions of offset, drift, drift rate, precision, and accuracy.3.6 What is the difference between internal synchronization and externalsynchronization?3.7 What are the fundamental limits of time measurement?3.8 When is an event set e/D-precedent?783 Global Time3.9 What is an agreement protocol? Why should we try to avoid agreement protocols in real-time systems? When is it impossible to avoid agreement protocols?3.10 What is a sparse time base? How can a sparse time base help to avoidagreement protocols?3.11 Give an example that shows that, in an ensemble of three clocks, a Byzantineclock can disturb the two good clocks such that the synchronization conditionis violated.3.12 Given a clock synchronization system that achieves a precision of 90 ms, whatis a reasonable granularity for the global time? What are the limits for theobserved values for a time interval of 1.1 ms?3.13 What is the role of the convergence function in internal clock synchronization?3.14 Given a latency jitter of 20 ms, a clock drift rate of 105 s/s, and a resynchronization period of 1 s, what precision can be achieved by the central masteralgorithm?3.15 What is the effect of a Byzantine error on the quality of synchronization by theFTA algorithm?3.16 Given a latency jitter of 20 ms, a clock drift rate of 105 s/s and a resynchronization period of 1 s, what precision can be achieved by the FTA algorithm ina system with ten clocks where one clock could be malicious?3.17 Discuss the consequences of an error in the external clock synchronization.What effect can such an error have on the internal clock synchronization inthe worst possible scenario?Chapter 4Real-Time ModelOverview The objective of this chapter is to introduce the reader to a cross-domainarchitecture model of the behavior of a real-time system.
This model will be usedthroughout the rest of the book. The model is based on three basic concepts, theconcept of a computational component, the concept of state, and the concept of amessage. Large systems can be built by the recursive composition of componentsthat communicate by the exchange of messages. Components can be reused on thebasis of their interface specification without having to understand the componentinternals. Concerns about the understandability have been of utmost importance inthe development of this model.The chapter is structured as follows. In Sect. 4.1 we give a broad outline of themodel, describing the essential characteristics of a component and a message.
Relatedcomponents that work towards a joint objective are grouped into clusters. Thedifferences between temporal control and logical control are explained.The following section elaborates on the close relationship between real-time and thestate of a component. The importance of a well-defined ground state for the dynamicreintegration of a component is highlighted. Section 4.3 refines the message conceptand introduces the notions of event-triggered messages, time-triggered messages, anddata streams.
Section 4.4 presents the four interfaces of a component, two operationalinterfaces and two control interfaces. Section 4.5 deals with the concept of a gatewaycomponent that links two clusters that adhere to different architectural styles. Section 4.6 deals with the specification of the linking interface of a component. Thelinking interface is the most important interface of a component. It is relevant for theintegration of a component within a cluster and contains all the information that isneeded for the use of a component.
The linking interface specifications consists ofthree parts: (1) the transport specification that contains the information for thetransport of the messages, (2) the operational specification that is concerned withinteroperability of components and the establishment of the message variables, and (3)the meta-level specification that assigns meaning to the message variables. Points toconsider when composing a set of components to build systems of subsystems orsystem of systems are discussed in Sect.
4.6. In this section the four principles ofcomposability are introduced and the notion of a multilevel system is explained.H. Kopetz, Real-Time Systems: Design Principles for Distributed Embedded Applications,Real-Time Systems Series, DOI 10.1007/978-1-4419-8237-7_4,# Springer Science+Business Media, LLC 201179804.14 Real-Time ModelModel OutlineViewed from the perspective of an outside observer, a real-time (RT) system can bedecomposed into three communicating subsystems: a controlled object (the physical subsystem, the behavior of which is governed by the laws of physics),a “distributed” computer subsystem (the cyber system, the behavior of which isgoverned by the programs that are executed on digital computers), and a humanuser or operator. The distributed computer system consists of computational nodesthat interact by the exchange of messages. A computational node can host one ormore computational components.4.1.1Components and MessagesWe call the process of executing an algorithm by a processing unit a computation ortask.
Computations are performed by components. In our model, a component is aself-contained hardware/software unit that interacts with its environment exclusively by the exchange of messages. We call the timed sequence of output messagesthat a component produces at an interface with its environment the behavior of thecomponent at that interface. The intended behavior of a component is called itsservice.
An unintended behavior is called a failure. The internal structure of acomponent, whether complex or simple, is neither visible, nor of concern, to a userof a component.A component consists of a design (e.g., the software) and an embodiment (e.g.,the hardware, including a processing unit, memory, and an I/O interface). A realtime component contains a real-time clock and is thus aware of the progression ofreal-time. After power-up, a component enters a ready-for-start state to wait for atriggering signal that indicates the start of execution of the component’s computations. Whenever the triggering signal occurs, the component starts its predefinedcomputations at the start instant. In then reads input messages and its internal state,produces output messages and an updated internal state, and so on until it terminatesits computation – if ever – at a termination instant.
It then enters the ready-for-startstate again to wait for the next triggering signal. In a cyclic system, the real-timeclock produces a triggering signal at the start of the next cycle.An important principle of our model is the consequent separation of the computational components from the communication infrastructure in a distributed computer system. The communication infrastructure provides for the transport ofunidirectional messages from a sending component to one or more receivingcomponents (multicasting) within a given interval of real-time.
Unidirectionalityof messages supports the unidirectional reasoning structure of causal chains andeliminates any dependency of the sender on the receiver(s). This property of senderindependence is of utmost importance in the design of fault-tolerant systems,because it avoids error back-propagation from a faulty receiving component to acorrect sending component by design.4.1 Model Outline81Multicasting is required for the following reasons:1. Multicasting supports the non-intrusive observation of component interactionsby an independent observer component, thus making the interactions of components perceptually accessible and removing the barrier to understanding that hasits origin in hidden interactions (see Sect.
2.1.3).2. Multicasting is required for the implementation of fault-tolerance by activeredundancy, where each single message has to be sent to a set of replicatedcomponents.A message is sent at a send instant and arrives at the receiver(s) at some laterinstant, the receive instant. The message-paradigm combines the temporal-controland the value aspect of an interaction into a single concept. The temporal propertiesof a message include information about the send instants, the temporal order, theinter-arrival time of messages (e.g., periodic, sporadic, aperiodic recurrence), andthe latency of the message transport.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
