Real-Time Systems. Design Principles for Distributed Embedded Applications. Herman Kopetz. Second Edition (811374), страница 35
Текст из файла (страница 35)
Table 4.3compares the different characteristics of a monolithic system versus a system ofsystems. The interactions of the autonomous constituent systems can evoke plannedor unanticipated emergent behavior, e.g., a cascade effect [Fis06], that must bedetected and controlled (see also Sect. 2.4).In many distributed real-time applications it is not possible to bring temporallyaccurate real-time information to a central point of control within the availabletime interval between the observation of the local environment and the need tocontrol the local environment. In these applications central control by a monolithiccontrol system is not possible.
Instead, the autonomous distributed controllers mustcooperate to achieve the desired effects.Example: It is not possible to control the movement of the cars in an open road system,where cyclists and pedestrians interfere with the traffic flow of the cars, by a monolithiccentral control system because the amount and timeliness of the real-time information thatmust be transported to and processed by the central control system is not manageable withinthe required response times. Instead, each car performs autonomous control functions andcooperates with other cars in order to maintain an efficient flow of traffic.
In such a system acascade effect of a traffic jam can occur due to emergent behavior if the traffic densityincreases beyond a tipping point.Any ensemble of constituent systems that form an SoS must agreed on a sharedpurpose, a chain of trust, and a shared ontology on the semantic level. These global1064 Real-Time ModelTable 4.3 Comparison of a monolithic system and a system of systemsMonolithic systemSystem of systems (SoS)Sphere of control and system responsibilityConstituent systems are in the sphere of controlwithin a single development organization.of different development organizations.Subsystems are obedient to a centralSubsystems are autonomous and can only beauthority.influenced, but not controlled, by othersubsystems.The architectural styles of the subsystems areThe architectural styles of the constituentaligned.
Property mismatches are thesystems are different. Property mismatchesexception.are the rule, rather than the exception.The LIFs that effectuate the integration areThe LIFs that effectuate the integration areestablished by international standardcontrolled by the responsible systemorganizations and outside the control of aorganization.single system supplier.Normally hierarchical composition that leadsNormally the interactions among the constituentto levels of integration.systems follow a mesh network structurewithout clear integration levels.Subsystems are designed to interact in orderConstituent systems have their own goals thatto achieve the system goal: Integration.are not necessarily compatible with the SoSgoal.
Voluntary cooperation of systems toachieve a common purpose: Interoperation.Evolution of the components that form theEvolution of the constituent systems that formsubsystems is coordinated.the SoS is uncoordinated.Emergent behavior controlled.Emergent behavior often planned, butsometimes unanticipated.properties must be established at the meta-level and are subject of a carefullymanaged continuous evolution. A new entity must be established at the metalevel that monitors and coordinates the activities of the constituent systems inorder that the shared purpose can be achieved.An important characteristic of an SoS is the independent development anduncoordinated evolution of the constituent systems (Table 4.3).
The focus in SoSdesign is on the linking interface behavior of the monolithic systems. The monolithic system themselves can be heterogeneous. They are developed according todifferent architectural styles by different organizations. If the monolithic systemsare interconnected via open communication channels, then the topic of security is ofutmost concern, since an outside attacker can interfere with the system operation,e.g., by executing a denial-of-service attack (see Sect. 6.2.2).[Sel08, p.
3] discusses two important properties of an evolutionary architecture:(1) The complexity of the overall framework does not grow as constituent systemsare added or removed and (2) a given constituent system does not have to bereengineered if other constituent systems are added, changed, or removed. Thisimplies a precise specification and continuous revalidation of the relied uponinterface properties (in the domains of value and time) of the constituent systems.The evolution of a constituent system will have no adverse effect on the overallbehavior if the relied-upon interface properties of this constituent system arePoints to Remember107not modified.
Since the precise specification of the temporal dimension of therelied-upon interface properties requires a time-reference, the availability of a synchronized global time in all constituent systems of a large SoS is helpful, leading to atime-aware architecture (TAA, see Sect. 14.2.5). Such a global time can be established by reference to the global GPS signals (see Sect. 3.5).
We call an SoS where allconstituent systems have access to a synchronized global time a time-aware SoS.The preferred interconnection medium for the construction of systems of systemsis the Internet, leading to the Internet of Things (IoT). Chapter 13 is devoted to thetopic of the Internet of Things.Points to RememberllllllllllA real-time component consists of a design (e.g., the software), an embodiment(e.g., the hardware, including a processing unit, memory, and an I/O interface),and a real-time clock that makes the component aware of the progression ofreal-time.The timed sequence of output messages that a component produces at aninterface with its environment is the behavior of the component at that interface.The intended behavior is called the service.
An unintended behavior is called afailure.Temporal control is concerned with determining the instants in the domain ofreal time when tasks must be activated while logical control is concerned withthe control flow within a task.Synchronous programming languages distinguish cleanly between temporalcontrol, which is related to the progression of real time, and logical control,which is related to execution time.A cycle, characterized by its period and phase, is associated with every timetriggered activity.At a given instant, the state of a component is defined as a data structure thatcontains the information of the past that is relevant for the future operation of thecomponent.In order to enable the dynamic reintegration of a component into a runningsystem, it is necessary to design periodic reintegration instants into the behavior,where the state at the reintegration instant is called the ground state of thecomponent.A message is an atomic data structure that is formed for the purpose of communication, i.e., data transmission and synchronization, among components.Event information conveys the difference of the previous state observation andthe current state observation.
Messages that contain event information mustadhere to the exactly-once semantic.State messages support the principle of independence because sender andreceiver can operate at different (independent) rates and there is no danger ofbuffer overflow.108llllllllllll4 Real-Time ModelIn real-time systems, the information pull strategy should be followed wheneverpossible.Elementary interfaces are inherently simpler than composite interfaces, becausethere is no dependency of the behavior of the sender on the behavior of the receiver.The services of a component are offered at its cluster LIF to the other components of the cluster. The cluster LIF is an operational message-based interfacethat is relevant for the integration of components into the cluster. The detailedstructure, naming, and access mechanisms of the local interface of a componentis intentionally left unspecified at its cluster LIF.Every system is developed according to an architectural style, i.e., a set of adoptedrules and conventions for the conceptualization, representation of data, naming,programming, interaction of components, semantics of the data, and many more.Whenever a communication channel links two systems developed by two differentorganizations, it is highly probable that some of the properties of the messages thatare exchanged across this channel are in disagreement because of the differences inarchitectural styles.A gateway component resolves property mismatches and exposes the externalworld information in the form of cluster-standard messages at the cluster LIF ofthe gateway components.We distinguish between three parts of a LIF specifications: (1) the transportspecification of the messages (2) the operational specification of the messagesand the (3) the meta-level specification of the messages.Only the operational specification of an open component can be providedwithout knowing the context of use of the open component.The information on how the data field of a message is structured into syntacticunits is contained in a message-structure declaration (MSD).
The MSD establishes the message variable names (i.e., the fixed part of the message variable)that point to the respective concepts and specify which part of the unstructuredbit vector denotes the variable part of a message variable.The four principles of composability are (1) independent development of components, (2) stability of prior services, (3) non-interfering interactions, and (4)preservation of the component abstraction in case of failures.Multi-levelness is an important organizing principle in large systems.The distinction between a system of sub-systems and a system of systems is basedmore on organizational than on technical grounds.Bibliographic NotesThe presented real-time model of computation has been developed over the past25 years and is documented in a number of publications, starting with The Architecture of Mars [Kop85] and further in the following publications: Real-time ObjectModel [Kim94], the Time-Triggered Model of Computation in [Kop98], Elementary versus Composite Interfaces in Distributed Real-Time Systems [Kop99], andPeriodic Finite State Machines [Kop07].Review Questions and Problems109Review Questions and Problems4.1 How is a real-time system component defined? What are elements of acomponent? How is the behavior of a component specified?4.2 What are the advantages of separating computational components fromthe communication infrastructure? List some of the consequences of thisseparation.4.3 What is the difference between temporal control and logical control?4.4 What is the definition of the state of a real-time system? What is the relationship between time and state? What is the ground state? What is a databasecomponent?4.5 What is the difference between event information and state information?What is the difference in the handling of an event message from the handlinga state message?4.6 List and describe the properties of the four interfaces of a component? Whyare the local interfaces of a component intentionally left unspecified at thearchitectural level?4.7 What are the differences between an information push interface and aninformation pull interface? What are the differences between an elementaryinterface and a composite interface?4.8 What do we mean by the term architectural style? What is a propertymismatch?4.9 What are the characteristics of a local process I/O interface and the LIFmessage interface?4.10 What is the role of a gateway component?4.11 What are the three parts of a linking interface specification?4.12 What is the message-structure declaration (MSD)? How do we associate theMSD with the bit-vector contained in a message?4.13 List the four principles of composability?4.14 What is an integration level? How many integration levels are introduced inthe GENESYS architecture?4.15 Assume that the pressures p1 and p2 between the first two pairs of rolls inFig.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
