Real-Time Systems. Design Principles for Distributed Embedded Applications. Herman Kopetz. Second Edition (811374), страница 95
Текст из файла (страница 95)
We distinguish between three categories of services: (1) the core systemservices that are needed in any instantiation of the architecture, (2) the optionalsystem services that provide, in addition to the core services, functionality that isneeded in many, but not all, instantiations of the architecture, and (3) the application specific services that are specific to a given application or application domain.The core system services and the optional system services are provided either bystandalone system components or are part of the generic middleware (GM) of thecomponent software (see also Sect. 9.1.4).We consider it a major achievement that in the TTA there is no need for a largemonolithic operating system.
It is difficult to estimate the execution time of a realtime computation if dynamic operating system mechanisms and a hypervisor stand14.3 Services of the TTA333between the application code and the execution of the code by the hardware.Furthermore, the certification of a large monolithic operating system is challenging.In the TTA, many of the conventional operating system functions can be implemented by self-contained system components. Whenever a system component ismature and stable, its implementation can be moved from a software-on-a-CPUimplementation to an ASIC, thus realizing a very significant reduction of energyrequirements (see Fig. 6.3) and silicon real estate.Every software-on-a-CPU component has a local lightweight operating systemand generic middleware (GM) that implements standardized high-level protocolsand interprets the control messages that arrive via the TII interface (see Sect.
4.4).14.3.2 Core System ServicesThe core system services of the TTA are minimal in the sense that only thoseservices that are absolutely essential to build higher-level services or to maintainthe desired properties of the architecture are included in the set of core systemservices. The core services must be free of NDDCs (non-deterministic designconstructs, see Sect. 5.6.3) in order that deterministic computations can be implemented. In many cases, the implementation of a powerful dynamic system service ispartitioned into a small core system service and a more intricate optional systemservice, since in a static safety-critical system only the core system services areneeded and therefore the subject of certification.Example: A dynamic message scheduler that must be part of any dynamic resourcemanagement is not included in the core system services.
However, a much simpler checkerthat checks the properties of a schedule and ascertains that the constraints of a static safetycritical schedule have not been violated by the dynamic scheduler is part of the core systemservices.The following paragraphs give a high-level overview of the TTA services. A moredetailed description of the services can be found in [Obm09].Basic Configuration Service. This service loads a job, i.e., the core image of thesoftware that has been generated by a development system, onto the specifiedhardware unit and thereby generates a TTA component. The core image of thesoftware includes the application software, the GM (generic middleware, seeSect. 9.1.4), and the local operating system. The basic configuration service isalso needed to reconfigure the system after a hardware unit has failed permanently.The basic configuration service includes: (1) a secure hardware identificationservice to uniquely identify the hardware and (2) a basic boot service that accessesthe boot access point of the hardware unit via the TII interface.
The basic bootservice establishes a connection to a development system that holds the job(the core image of the component software, including the application software,the GM, and the local operating system of the component) for the identifiedhardware unit.33414 The Time-Triggered ArchitectureInter-Component Channel Configuration Service. This service configures thecluster-local inter-component communication system by establishing, naming, connecting, and disconnecting the ports and communication channels of the componentLIFs within a cluster. This service observes the fate sharing principle.Basic Execution Control Service.
This service is used to control the execution of acomponent. Execution control is realized by sending an appropriate trusted controlmessage to the TII port of the respective component. It is assumed that in everycomponent there is a local resource manager (LRM) that accepts and executes thesemessages. The LRM is part of the GM (generic middleware) of a component. Thisservice can be used to reset (by a hardware reset) and restart a component with ag-state that is contained in the restart message.Basic Time Service. This service establishes the global time of specified precisionof a component. The global time is provided by the platform.
The time-format ofthe TTA is a binary time format based on the physical second. The basic timeservice includes a timer interrupt service.Basic Communication Service. This service enables the application software of acomponent to send and receive time-triggered, rate-controlled, and event-triggeredmessages. This service is implemented by the communication system of the platform, supported by the GM of the component.14.3.3 Optional System ServicesAn optional system service encapsulates a well-defined supportive functionality into aself-contained system component that interacts with the GM of the application components by the exchange of messages.
Alternatively, an optional service can beimplemented directly in the GM of an application component. The optional servicesare useful across many application domains and may be needed on many differentoccasions. They simplify the system development process by providing ready building blocks, i.e., new concepts that can be reused on the basis of their specification.The optional system services form an open set that can be extended if need arises.Diagnostic Services. These services include the periodic g-state externalization ofa component, a membership service that informs all components of a clusterconsistently about the health state of the other components of a cluster, and ag-state monitoring, analysis, and recovery service such that a failed componentcan be reintegrated into a running cluster.External Memory Management Service.
In many applications, the local scratchpadmemory of a component must be augmented by an external memory that can holdlarge amounts of data. The external memory management service, implemented in astandalone memory component, manages the storage of and access to long-liveddata and implements needed security and integrity mechanisms.14.3 Services of the TTA335Security Services. A basic security service – the provision of a tamper-resistantunique identification of any component is part of the core system services.
Usingthis core system service, a dedicated optional security component can be providedthat encrypts and decrypts all messages that leave or arrive in the defined securitydomain. For example, such a security domain can be a system-on-chip. Dependingon the application requirements, symmetric or asymmetric ciphers can be supported. This service is used to build a secure boot service. A secure boot serviceshould be part of any device that is connected to the Internet.Resource Management Services. At every level of the TTA a resource managementservice is provided.
At the lowest level, the component level, a local resourcemanager, the LRM that is part of the GM, controls the resources local to acomponent. The LRM of the component can be parameterized by a cluster resourcemanager, the CRM, that takes a holistic view of the functions of the whole clusterand may request a component to shut down (power gating) in order to save energy.The CRM, implemented in a self-contained system component, may contain adynamic scheduler that integrates the scheduling of the real-time task with voltageand frequency scaling in order to optimize the energy consumption while stillmeeting all deadlines.Gateway Services. Gateway components are needed to interface a cluster to itsexternal environment, i.e., other clusters, the physical process, the human operator,or the Internet.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
