Real-Time Systems. Design Principles for Distributed Embedded Applications. Herman Kopetz. Second Edition (811374), страница 98
Текст из файла (страница 98)
Everychange of state is an event (1.1).A message is an event message if it contains informationabout events and if every new version of the messageis queued at the receiver and consumed on reading(➔ state message) (4.3.3).An observation is event-triggered if the point of observation is determined by the occurrence of an event otherthan a tick of a clock (5.2).A real-time computer system is event-triggered (ET)if all communication and processing activities are triggered by events other than a clock tick (1.5.5).A voter that considers two messages the same if theycontain the exactly same sequence of bits (➔ inexactvoter) (6.4.2).The execution time is the duration it takes to executean action by a computer.
If the speed of the oscillatorthat drives a computer is increased, the execution time isdecreased. The worst-case execution time is called ➔WCET (4.1.2).In explicit flow control the receiver of a message sendsan explicit acknowledgment message to the sender,informing the sender that the previously sent messagehas correctly arrived and that the receiver is now readyto accept the next message (➔ flow control, ➔ implicitflow control) (7.2.3).The process of synchronization of a clock with a reference clock (3.1.3).A fail-operational system is a real-time system where asafe state cannot be reached immediately after theoccurrence of a failure (1.5.2).A fail-safe system is a real-time system where a safestate can be identified and quickly reached after theoccurrence of a failure (1.5.2).A subsystem is fail-silent if it either produces correctresults or no results at all, i.e., it is quiet in case it cannotdeliver the correct service (6.1.1).A failure is an event that denotes a deviation of theactual service from the intended service (6.1.3).GlossaryFaultFault HypothesisFault-Tolerant AverageAlgorithm (FTA)Fault-ContainmentUnit (FCU)Fault-TolerantUnit (FTU)Field ReplaceableUnit (FRU)Firm DeadlineFITFlow ControlGateway componentGlobal TimeGranularity of a ClockGround (g) StateGuaranteed Timeliness349A fault is the cause of an error (6.1.1).The fault hypothesis identifies the assumptions thatrelate to the type and frequency of faults that a faulttolerant computer system is supposed to handle (6.1.1).A distributed clock synchronization algorithm that handles Byzantine failures of clocks (3.4.3).A unit that contains the direct consequences of a fault.Different FCUs must fail independently.
A componentshould be an FCU. (6.4.2).A unit consisting of a number of replica determinate ➔FCUs that provides the specified service even if some ofits constituent FCUs (components) fail (6.4.2).An FRU is a subsystem that is considered atomic fromthe point of view of a repair action (1.4.3).A deadline for a result is firm if the result has no utilityafter the deadline has passed (1.1).A FIT is a unit for expressing the failure rate. 1 FIT is1 failure/10-9 h (1.4.1).Flow control assures that the speed of the informationflow between a sender and a receiver is such that thereceiver can keep up with the sender (➔ explicit flowcontrol, ➔ implicit flow control) (7.2.3).A component of a distributed real-time system that is amember of two clusters and implements the relativeviews of these two interacting clusters (4.5).The global time is an abstract notion that is approximated by a properly selected subset of the microticks ofeach synchronized local clock of an ensemble.
Theselected microticks of a local clock are called the ticksof the global time (3.2.1).The granularity of a clock is the nominal number ofmicroticks of the reference clock between two microticks of the clock (3.1.2).The ground state of a component of a distributed systemat a given level of abstraction is a state at an instantwhere there is a minimal dependency of future behavioron past behavior. At the ground state instant all information of the past that is considered relevant for thefuture behavior is contained in a declared ground statedata structure. At the ground state instant no task isactive and all communication channels are flushed.The instants of the ground state are ideal for reintegrating components (4.2.3).A real-time system is a guaranteed timeliness system ifit is possible to reason about the temporal adequacy of350Hamming DistanceHard DeadlineHard Real-TimeComputer SystemHazardHidden ChannelIdempotencyImplicit Flow ControlInexact VotingInstantInstrumentationInterfaceIntelligent ActuatorIntelligent ProductIntelligent SensorGlossarythe design without reference to probabilistic arguments,provided the assumptions about the load- and faulthypothesis hold (➔ best effort) (1.5.3).The Hamming distance is one plus the maximum number of bit errors in a codeword that can be detected bysyntactic means (6.3.3).A deadline for a result is hard if a catastrophe can occurin case the deadline is missed (1.1).A real-time computer system that must meet at least onehard deadline (Synonym: safety-critical real-time computer system) (1.1).A hazard is an undesirable condition that has the potential to cause or contribute to an accident (11.4.2).A communication channel outside the given computational cluster (5.5.1).Idempotency is a relation between a set of replicatedmessages arriving at the same receiver.
A set of replicated messages is idempotent if the effect of receivingmore than one copy of a message is the same as receiving only a single copy (5.5.4).In implicit flow control, the sender and receiver agree apriori, i.e., before the start of a communication session,about the instants when messages will be sent. Thesender commits to send only messages at the agreedinstants, and the receiver commits to accept all messagessent by the sender, as long as the sender fulfills itsobligation (➔ explicit flow control, ➔ flow control)(7.2.3).A voter that considers two messages the “same” if bothof them conform to some application specific “sameness” criterion (➔ exact voter) (6.4.2).An instant is a cut of the timeline (1.1).The instrumentation interface is the interface between thereal-time computer system and the controlled object (1.1).An intelligent actuator consists of an actuator and amicrocontroller, both mounted together in a single housing (9.5.5).An intelligent product is a self-contained system thatconsists of a mechanical subsystem, a user interface,and a controlling embedded real-time computer system(➔ embedded system) (1.6.1).An intelligent sensor consists of a sensor and a microcontroller such that measured data is produced at theoutput interface.
If the intelligent sensor is fault-tolerant,agreed data is produced at the output interface (9.5.5).GlossaryInterfaceInterface ComponentInternal ClockSynchronizationInternationalAtomic Time (TAI)IntrusionIntuitive ExperientalProblem SolvingSystemInternet of Things (IoT)Irrevocable actionJitterLaxityLeast-Laxity(LL) AlgorithmLogical ControlMaintainabilityMalicious Code AttackMeasured Data351An interface is a common boundary between two subsystems (4.4).A component with an interface to the external environment of a component. An interface component is agateway (4.5).The process of mutual synchronization of an ensembleof clocks in order to establish a global time with abounded precision (3.1.3).An international time standard, where the second isdefined as 9 192 631 770 periods of oscillation of aspecified transition of the Cesium atom 133 (3.1.4).the successful exploitation of a vulnerability (6.2).A human preconscious emotionally-based problemsolving subsystem that operates holistically, automatically, and rapidly, and demands minimal cognitiveresources for its execution (2.1.1).The direct connection of physical things to the Internetsuch that remote access and control of physical devicesis enabled (13).An action that cannot be undone, e.g., drilling a hole,activation of the firing mechanism of a firearm (1.5.1).The jitter is the difference between the maximum andthe minimum duration of an action (processing action,communication action) (1.3.1).The laxity of a task is the difference between the deadline interval minus the execution time (the WCET) of thetask (9.2.2).An optimal dynamic preemptive scheduling algorithmfor scheduling a set of independent tasks (10.4.1).Logical control is concerned with the control flowwithin a task.
The logical control is determined by thegiven program structure and the particular input data toachieve the desired data transformation (➔ temporalcontrol) (4.1.3).The Maintainability (d) is the probability that the systemis restored to its operational state and restarted within atime interval d after a failure (1.4.3).A malicious code attack is an attack where an adversaryinserts malicious code, e.g., a virus, a worm, or a Trojanhorse, into the software in order that the attacker getspartial or full control over the system (6.2.2).A measured data element is a raw data element that hasbeen preprocessed and converted to standard technicalunits. A sensor that delivers measured data is called anintelligent sensor (➔ raw data, agreed data) (9.6.1).352Membership ServiceMessage StructureDeclaration (MSD)MicrotickNon-Blocking WriteProtocol (NBW)Non-DeterministicDesign Construct(NDDC)ObservationOffsetPeriodic FiniteState Machine (PFSM)Periodic TaskPermanencePhase-AlignedTransactionPoint of ObservationGlossaryA membership service is a service in a distributed system that generates consistent information about theoperational state (operating or failed) of all componentsat agreed instants (membership points).
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
