Real-Time Systems. Design Principles for Distributed Embedded Applications. Herman Kopetz. Second Edition (811374), страница 30
Текст из файла (страница 30)
One could sendthese data immediately after collection via a satellite link to a storage site on the ground inorder to avoid the problems of having to recover a black box after an accident.4.3The Message ConceptThe concept of a message is the third basic concept of our model. A message is anatomic data structure that is formed for the purpose of communication, i.e., datatransmission and synchronization among components.4.3.1Message StructureThe concept of a message is related to the concept of a letter in the postal system.A message consists of a header, a data field, and a trailer.
The header, correspondingto the envelope of a letter, contains the port address of the receiver (the mailbox)where the message must be delivered, information about how the message must be4.3 The Message Concept89handled (e.g., a registered letter), and may contain the address of the sender. Thedata field contains the application specific data of the message, corresponding tothe content of a letter.
The trailer, corresponding to the signature in a letter, containsinformation that allows the receiver to detect whether the data contained in themessage is uncorrupted and authentic. There are different types of trailers in use:the most common trailer is a CRC-field that allows the receiver to determinewhether the data field has been corrupted during transport. A message may alsocontain an electronic signature in the trailer that makes it possible to determinewhether the authenticated contents of the message have not been altered (seeSect. 6.2). The notion of atomicity implies that a message is delivered either in itsentirety or not at all. If a message is corrupted or only parts of the message arrive atthe receiver’s site, the whole message is discarded.The temporal dimension of the message concept relates to the instants when amessage is sent by the sender and received by the receiver, and consequently howlong the message has been in transit.
We call the interval between the send instantand the receive instant the transport delay. A second aspect of the temporaldimension relates to the rate of message production by the sender and messageconsumption by the receiver. If the sending rate is constrained, then we speak abouta rate-constrained message system. In case the sender’s rate is not constrained, thesender may overload the transport capacity of the communication system (we callthis congestion) or the processing capacity of the receiver. In case the receivercannot keep up with the message production rate of the sender, the receiver cansend a control message to the sender telling the sender to slow down (back pressureflow control).
Alternatively, the receiver or the communication system may simplydiscard messages that exceed its processing capacity.4.3.2Event Information Versus State InformationThe state of a dynamic system changes as real-time progresses. Let us assume thatwe periodically observe the state variables of a system with a duration d betweentwo successive observation instants.
If we observe that the value of all statevariables is the same in two successive observations, then we infer that no event,i.e., change of state, has occurred in the last observation interval d. This conclusionis only valid, if the dynamics of the system is slow compared to our observationinterval d (refer to Shannon’s theorem [Jer77]). If two successive observations ofthe values of some state variables differ, then we conclude that at least one eventhas occurred in the last observation interval d.
We can report about the occurrenceof an event, i.e., a change of state, in two different ways: either by sending a singlemessage containing event information or by sending a sequence of messagescontaining state information.We talk about event information if the information conveys the difference invalues of the previous state observation and the current state observation.904 Real-Time ModelThe instant of the current (later) observation is postulated to be the instant of eventoccurrence.
This assumption is not fully accurate, since the event may haveoccurred at any instant during the last interval of duration d. We can reduce thistemporal observation error of an event by making the interval d smaller, but wecannot fully eliminate the temporal uncertainty about the observation of events.This holds true even if we use the interrupt system of a processor to report about anevent. The input signal that relays the occurrence of an interrupt is not sensedcontinuously by the processor, but only after the termination of the execution of aninstruction. This delay is introduced in order to reduce the amount of processorstate that has to be saved and restored in the processor in order to be able to continuethe interrupted task after the interrupt has been served.
As outlined in Sect. 4.2.3,the state is minimal immediately before or after the execution of an atomic operation – in this case, the execution of a complete instruction by a processor.If the precise timing of an event is critical, we can provide a separate dedicatedhardware device to time-stamp the observed state-change of the interrupt lineimmediately and thus reduce the temporal observation error to a value that is inthe order of magnitude of the cycle time of the hardware. Such hardware devices areintroduced to achieve precise clock synchronization in distributed systems, wherethe precision of the distributed clocking system must be in the nanosecond range.Example: The IEEE 1588 standard for clock synchronization suggests the implementationof a separate hardware device to precisely capture the arrival instant of a clock synchronization message.We talk about state information if the information conveys the values of thecurrent state variables.
If the data field of a message contains state information, it isup to the receiver to compare two successive state observations and determinewhether an event has occurred or not. The temporal uncertainty about the eventoccurrence is the same as above.4.3.3Event-Triggered MessageA message is called event-triggered (ET) if the triggering signal for sending themessage is derived from the occurrence of a significant event, such as the executionof a send message command by the application software.ET messages are well suited to transport event information.
Since an event refersto a unique change of state, the receiver must consume every single event messageand it is not allowed to duplicate an event message. We say that an event messagemust adhere to the exactly-once semantics. The event message model is the standardmodel of message transmission that is followed in most non-real time systems.Example: The event message valve must be closed by 5 means that the new intendedposition of the valve equals the current position plus 5 .
If this event message is lost orduplicated, then the image of the state of the valve position in the computer will differ from4.3 The Message Concept91the actual state of the valve position in the environment by 5 . This error can be correctedby state alignment, i.e., the (full) state of the intended valve position is sent to the valve.In an event-triggered system, error detection is in the responsibility of the senderwho must receive an explicit acknowledgment message from the receiver telling thesender that the message has arrived correctly. The receiver cannot perform errordetection, because the receiver cannot distinguish between no activity by the senderand loss of message. Thus the control flow must be bidirectional control flow, evenif the data flow is only unidirectional.
The sender must be time-aware, because itmust decide within a finite interval of real time that the communication has failed.This is one reason why we cannot build fault-tolerant system that are unaware of theprogression of real time.4.3.4Time-Triggered MessageA message is called time-triggered ( TT) if the triggering signal for sending themessage is derived from the progression of real-time.
There is a cycle, characterizedby its period and phase, assigned to every time-triggered message before the systemstarts operating. At the instant of cycle start, the transmission of the message isinitiated automatically by the operating system. There is no send message commandnecessary in TT message transmission.TT messages are well suited to transport state information. A TT message thatcontains state information is called a state message. Since a new version of a stateobservation normally replaces the existing older version, it is reasonable that a newstate message updates-in-place the older message.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
