المقايضة في الأنظمة المدمجة

الاتصالات المدمجة.
جامعة كارنيجي ميلون.
18-849b أنظمة جزءا لا يتجزأ من ديبندابل.
المؤلف: ليو رولينز.
الاتصالات أمر ضروري لتحقيق نظام موثوق توزيعها جزءا لا يتجزأ. ويواجه مصممو هذه الأنظمة العديد من التحديات في تحديد شبكة الاتصالات. عادة ما تتطلب الأنظمة المعقدة نوعا من شبكة الوسائط المشتركة. وفي هذه البيئة، يجب على المصمم أن يعترف بالمفاضلة الأساسية القائمة بين كفاءة الشبكة وإمكانية التنبؤ بها. وبالنظر إلى هذه المفاضلة، يجب على المصمم تقييم واختيار شبكة الاتصالات. ويجب إيلاء اهتمام خاص للبروتوكولات التي تحدد كثيرا من سلوك الشبكة. وأخيرا، هناك العديد من أساليب الكشف عن الأخطاء المتاحة والتي هي ضرورية لبناء نظام اتصالات موثوق بها.
مواضيع ذات صلة:
يمكن اعتبار معظم أنظمة الاتصالات التاريخية & كوت؛ جزءا لا يتجزأ & كوت؛ على الأقل من منظور واحد: لديهم مهمة محددة للغاية. وهي ليست مصممة للاتصالات لأغراض عامة. فعلى سبيل المثال، صممت الهواتف لأغراض الإرسال الصوتي فقط. غير أن هذه الحقيقة أخذت تتغير في السنوات الأخيرة مع تصميم شبكات خدمات متكاملة. وقد صممت هذه الشبكات لحمل أنواع مختلفة من الاتصالات بما في ذلك الصوت والبيانات وإشارات الفيديو. وقد استغلت حتى الأنظمة ذات الغرض الأصلي الوحيد مثل المهاتفة لنقل حركة أخرى، مثل نقل البيانات لأجهزة الكمبيوتر. ومن التطورات الأخرى التي زادت الاهتمام بالاتصالات العامة الغرض الإنترنت. وبمجرد أن أصبحت أجهزة الكمبيوتر في جميع أنحاء العالم متصلة، أصبحت مشكلة الشبكات غير المتوافقة واضحة. تم تطوير النموذج المرجعي أوسي (أنظمة الربط البيني) في محاولة لحل مشكلة التوافق هذه. هذا النموذج يقسم نظام الاتصالات إلى سبع طبقات التي توفر مستويات مختلفة من الخدمة. وتهدف الطبقات إلى توفير واجهات وخدمات قياسية، بحيث يمكن أن تتعايش بروتوكولات وآلات وأنواع مختلفة من الشبكات.
على الرغم من انتشار الأفكار الشبكات العامة الغرض، لا يزال هناك العديد من النظم المغلقة التي لها أغراض محددة جدا. في هذه البيئة، يمكن تنفيذ بروتوكول بسيط وفعال دون خطر عدم التوافق. ومن الأمثلة على ذلك شبكة الأجهزة في السيارات الحديثة التي تتواصل عبر الشبكة. من وجهة نظر المؤلف هذه النظم المغلقة تعريف ضيق تعتبر نظم الاتصالات جزءا لا يتجزأ من. حتى في هذه الأنظمة المدمجة، هناك اهتمام متزايد في اتصال الأنظمة المدمجة لشبكات أكبر لأغراض مراقبة الحالة. ومثلما اقترضت النظم المدمجة بروتوكولات الاتصالات والتكنولوجيا من أنظمة الاتصالات الأكبر حجما، فمن المرجح أن تقترض العديد من أفكار التوصيل والتوحيد القياسي في المستقبل القريب.
وميكن تصنيف معظم أنظمة االتصاالت املدمجة كشبكات من نقطة إىل نقطة) روابط البيانات (أو شبكات الوسائط املشرتكة) الطرق السريعة للبيانات (. ومن املهم فهم املفاضلة بني هذين النوعني من األنظمة. في الشبكات من نقطة إلى نقطة، ترتبط كل عقدة من النظام بكل عقدة أخرى. هذه النظم بسيطة وموثوق بها. الموثوقية عالية منذ انتقال الصحيح بين العقدتين يعتمد فقط على جهاز إرسال واحد والمتلقي. وبما أن كل وصلة مكرسة للاتصال بين عقدتين، فمن السهل تلبية المواعيد النهائية في الوقت الحقيقي دون أي آلية جدولة متطورة. في أنظمة الوسائط المشتركة ترتبط جميع العقد معا باستخدام طوبولوجيا الحلبة أو الحافلة. والدافع الأساسي لوسائل الإعلام المشتركة هو خفض الأسلاك (وبالتالي التكلفة). هذه الشبكات قابلة للتمديد بسهولة دون إضافة أي منافذ بيانات جديدة إلى العقد الفردية. مطلوب كابلات جديدة محدودة.
وسعر قابلية التوسع في الشبكة الإعلامية المشتركة وانخفاض كلفتها هو التعقيد الذي يجب إضافته إلى بروتوكول الشبكة. يجب إضافة بعض الوسائل إلى التحكيم للوصول إلى الوسائط المشتركة. وتنطبق المناقشة المتبقیة في ھذه الورقة بشکل رئیسي علی أنظمة الاتصالات المشترکة في وسائل الإعلام المشترکة.
الحدث مقابل الاتصالات القائمة على الدولة.
وفي الممارسة العملية، قد لا تكون نظم الاتصالات مجرد حدث محض أو دولة. قد يحتوي بروتوكول الاتصالات على بعض خصائص كل منها. ومع ذلك، فإنه من المفيد لدراسة الاختلافات الأساسية بين النظام القائم على الحدث ونظام الدولة القائم. واحدة من المفاضلات الأساسية بين هذين النوعين من الأنظمة هو الاستخدام الفعال للموارد الموجودة في الأنظمة القائمة على الحدث مقابل التنبؤ بالشبكة الموجودة في الأنظمة القائمة على الدولة. والموارد الأولية المثيرة للقلق في الشبكة هي عرض النطاق الترددي (مقدار البيانات التي يمكن إرسالها لكل وحدة زمنية) والمساحة العازلة المطلوبة في العقد لمعالجة الرسائل الواردة أو الصادرة.
في نظام الاتصالات القائم على الحدث، يتم إنشاء الرسائل وإرسالها ردا على & كوت؛ الأحداث & كوت؛ تم اكتشافها في عقدة محلية في الشبكة. أمثلة على & كوت؛ الأحداث & كوت؛ وتشمل التغييرات في قيمة متغيرات العملية، وظروف الإنذار الجديدة التي تم الكشف عنها، والشروط التي تمثل تخليص أجهزة الإنذار، أو طلبات العقد الأخرى للبيانات. ومثال على نظام الاتصالات القائم على الحدث هو شبكة المكاتب النموذجية. يتم إنشاء الرسائل من قبل المستخدمين عند إرسال البيانات إلى الطابعات، والوصول إلى البيانات على محركات أقراص الشبكة المشتركة، وتشغيل التطبيقات الموجودة على أجهزة أخرى أو إرسال بريد إلكتروني إلى الآخرين في الشبكة.
أحد أهداف الاتصالات القائمة على الحدث هو الاستخدام الفعال لعرض النطاق الترددي للشبكة. ومن خلال نقل البيانات الضرورية فقط، يكفل الاستخدام الفعال لعرض النطاق الترددي للشبكة. ومع ذلك، وبما أن البيانات لا ترسل إلا عندما يكون هناك تغيير في عقدة المصدر، تصبح كل رسالة مهمة. وهذا يضع متطلبات إضافية على نظام الاتصالات لضمان تسليم كل رسالة بنجاح. إحدى آليات القيام بذلك هي لعقد الوجهة للإقرار بكل إرسال ناجح وطلب إعادة محاولة لكل رسالة تالفة. إذا لم يتم إنشاء إشعار بالاستلام خلال مهلة محددة، قد تقوم العقدة المصدر أيضا بتكرار الرسالة الخاصة بها. لاحظ أن آلية الإقرار وإعادة المحاولة هذه تستهلك بعض النطاق الترددي للشبكة الإضافية.
فكر في مثال نظام الرصد الموزع القائم على الحدث. هذا النظام يراقب ظروف المصنع ويولد الإنذارات عندما يتم إنشاء شروط معينة. أثناء التشغيل العادي، يجب أن تكون الشبكة محملة بخفة مع بعض ظروف الإنذار. أثناء إزعاج النظام، سوف تكون هناك حاجة العديد من الرسائل بسبب ظروف إنذار متعددة وتغيير الدولة. ومن الصعب التنبؤ بأقصى عدد من الرسائل التي يمكن تبادلها أثناء هذه الحالة. قد تتنافس العديد من العقد على قناة الاتصال. ولذلك من الصعب التأكد من أن تصميم النظام سيحتوي على موارد كافية (عرض النطاق والمخازن المؤقتة) للتعامل مع الحمل. وبالنسبة للنظام الذي يتسم بوظائف السلامة، تكون الشبكة في أسوأ حالاتها (من حيث التأخير والرسائل المفقودة) عندما تكون هناك حاجة إليها أكثر من غيرها. ويشار إلى هذه الحالة أحيانا باسم مشكلة الفيضانات التنبيه. ويتمثل أحد الحلول المحتملة لهذه المشكلة في تصميم شبكة محافظة بشكل مفرط من أجل تلبية أسوأ حالة. وقد لا يكون هذا النهج ممكنا في نظام صغير متضمن مع قيود على التكاليف.
في نظام الاتصالات القائم على الدولة، تمثل الرسائل الدولة بأكملها من العقدة. على سبيل المثال، يتم نقل جميع أجهزة الإنذار لعقدة إما على أو إيقاف تشغيله في رسالته. تقوم العقدة بإرسال رسالة حجمها الثابت في فترات محددة مسبقا ومنتظمة. الوصول إلى وسائل الإعلام من المقرر بسهولة، منذ متطلبات الرسالة من كل عقدة لا تتغير أبدا. يتم إصلاح تحميل الشبكة ويمكن حسابها بسهولة أثناء تصميم النظام. ومثال على النظام القائم على الدولة هو نظام مراقبة عملية موزعة. كل عقدة لديها عدد ثابت من المدخلات، القيم المحسوبة، وظروف الإنذار التي يرسلها في رسالته إلى العقد الأخرى في الشبكة.
النظام القائم على الدولة هو أقل كفاءة من حيث عرض النطاق الترددي للشبكة مما كان عليه في النظام القائم على الحدث. يتم التضحية بالنطاق الترددي للشبكة من أجل التنبؤ بحجم الرسائل العادية والوصول المنتظم إلى قناة الاتصال. لاحظ أن بعض الانخفاض في البيانات الشاملة أمر ممكن. كل قطعة من البيانات تحتل موقع ثابت في الرسالة. لذلك يمكن أن تقتصر البيانات على القيمة. لا يلزم إرسال المعلومات حول ما تمثله كل نقطة بيانات مع الرسالة.
ويمكن تصميم الأنظمة القائمة على الدولة بحيث تتسامح مع الرسالة المفقودة أحيانا. وقد لا يكون إعادة الإرسال ضروريا لأن الدولة بأكملها ستنقل مرة أخرى في الفاصل الزمني التالي. وإذا أرسلت الرسائل بمعدل ضعف التردد المطلوب، يمكن للنظام أن يفي بمواعيده النهائية حتى إذا كانت كل رسالة ثانية تالفة. من أجل التسامح مع اثنين من الرسائل التالفة على التوالي، يمكن تصميم كل عقدة لنقل رسائلها في ثلاثة أضعاف التردد المطلوب.
إحدى الصعوبات في الأنظمة القائمة على الدولة هي بيانات عابرة. من المهم بالنسبة لعقدة المصدر الحفاظ على إشارات لحظية لفترة كافية أن جميع العقد سوف ترى البيانات. على الرغم من أن البيانات لا تزال سوى جزء صغير من وقت رسالة واحدة، قد تحتاج عقدة المصدر لنقل البيانات في العديد من الرسائل المتعاقبة. ويشار إلى هذا الوضع اللحظي أحيانا باسم & كوت؛ نبض تمتد & كوت؛ مشكلة. مثال على البيانات المؤقتة هو لحظة دفع زر الذي هو مدخلات السلكية السلكية لعقدة واحدة. افترض أن هناك حاجة إلى مؤشرات على مكابس زر في بعض العقدة الأخرى في النظام. إذا تم إرسال شرط أن يتم الضغط على زر في رسالة واحدة فقط، وفقدت هذه الرسالة، وسيتم إبلاغ العقد الأخرى التي تم الضغط على زر.
العثور على أفضل بروتوكول في الوقت الحقيقي.
وفقا ل [Kopetz97] لم يكن هناك أبدا أو سيكون من أي وقت مضى الكمال في الوقت الحقيقي بروتوكول. وذلك لأن هناك صراعات أساسية في المتطلبات التي نود وضعها على نظام الاتصالات. هذه المتطلبات هي أفضل ميزات كل من النظم القائمة على الحدث والولاية. وتعكس النزاعات المفاضلة بين الكفاءة أو المرونة الموجودة في النظام القائم على الحدث وإمكانية التنبؤ الموجودة في النظام القائم على الدولة. وتوجد مقايضات للمراقبة الخارجية مقابل قابلية التركيب، والمرونة مقابل كشف الأخطاء، والحماية، والبيانات المتفرقة مقابل البيانات العادية، والخدمة التلقائية مقابل البساطة البينية، والاحتمال الاحتمالي مقابل الحتمية المتماثلة. للاطلاع على مناقشة تفصيلية لكل مقايضة محددة تشير إلى [Kopetz97].
على الرغم من عدم وجود & كوت؛ أفضل & كوت؛ بروتوكول موجود، لا يعفى مصممي النظام جزءا لا يتجزأ من مهمة تحديد نظام الاتصالات المناسبة. ولذلك فمن المهم التركيز على عوامل التفريق الرئيسية الموجودة في البروتوكولات. ويمكن استخدام النموذج المرجعي أوسي، المبين في الشكل 1، لدراسة بروتوكولات الاتصال. ويرد أدناه وصف موجز لوظيفة كل طبقة من الطبقات. لمزيد من المعلومات، يرجى الرجوع إلى [Spragins94]
الشكل 1: طبقة النموذج المرجعي أوسي 7: التطبيق - توفر واجهات معيارية لأنواع مختلفة من نقل البيانات مثل نقل البريد أو الملفات.
طبقة 6: عرض - يسمح البيانات التي سيتم تقديمها إلى التطبيق في تنسيق الأم يسمح التواصل بين النظم مع تمثيل البيانات المختلفة.
طبقة 5: جلسة - توفر وسيلة لتطبيقات لتنظيم حوار بين بعضها البعض.
الطبقة 4: النقل - توفر نقلا شفافا للبيانات والسيطرة من طرف إلى طرف لنقل الرسائل.
الطبقة 3: الشبكة - توفر التجريد من تكنولوجيا الاتصالات الخاصة المستخدمة في الطبقات السفلى. يتضمن وظائف توجيه وترحيل الرسائل داخل الشبكة.
الطبقة 2: وصلة البيانات - توفر إجراءات النفاذ إلى القناة، وبدء وإغلاق الوصلات بين المحطات، وتجميع الأحرف في رسائل أو أطر، والتحكم في الخطأ، وتزامن الرتل.
سوبلاير ليك - يرتبط التحكم المنطقي صلة أساسا مع إنشاء وإنهاء اتصال ظاهري بين محطتين في الشبكة. سوبلاير ماك - يتعلق التحكم بالوصول إلى الوسائط في المقام الأول مع التحكيم لمنح الوصول إلى قناة كومونسيايتون.
الطبقة 1: المادية - توفر خصائص الإرسال الكهربائي أو البصري وتمثيل الإشارات. وتشمل هذه الطبقة أيضا الإجراءات المستخدمة لتدخل أو إغلاق الاتصال على وصلة فعلية.
وتميل الأنظمة المدمجة إلى التركيز على الطبقة 1 (المادية) والطبقة 2 (وصلة البيانات) واستخدام الطبقات العليا الدنيا أو غير الموجودة. قد يكون سببان لهذا التركيز 1) نظم الاتصالات جزءا لا يتجزأ من بسيطة ولا تتطلب خدمات المستوى العلوي 2) الطبقات العليا إضافة النفقات العامة التي لا يمكن تحملها في بعض النظم في الوقت الحقيقي. ومع ذلك قد تتغير هذه الحالة مع زيادة التعقيد في الأنظمة المدمجة والمستخدمين تتطلب المزيد من الميزات مثل قابلية التشغيل البيني مع الشبكات الأخرى. من أجل شبكات متعددة للاتصال واجهة مشتركة هو مطلوب. قد توفر الطبقة العليا المشتركة في البروتوكول هذه الواجهة.
وداخل طبقة وصلة البيانات، توجد طبقة فرعية تسمى التحكم في النفاذ إلى الوسائط (ماك) تحدد العديد من خصائص نظام اتصالات الوسائط المشتركة. وقد تم اقتراح العديد من تقنيات الوصول إلى وسائل الإعلام واستخدامها بنجاح في البروتوكولات الشعبية. وفيما يلي بعض التقنيات والبروتوكولات الشائعة للوصول إلى الوسائط التي تستخدم هذه التقنيات.
سما / سد - إحساس الموجة الحاملة بالوصول المتعدد مع كشف الاصطدام. وتراقب كل عقدة القناة أو الموجة الحاملة لتحديد وقت توقف القناة عن العمل. ويعرف هذا بمعنى الناقل. إذا كانت العقدة لديها رسالة لإرساله يبدأ الإرسال. وتواصل العقدة مراقبة القناة أثناء إرسالها. ويمكن أيضا أن تبدأ عقدة أخرى في الشبكة الإرسال على القناة الواضحة. في هذه الحالة سيتم الكشف عن الاصطدام من قبل العقدتين. ستتوقف العقد عن إرسال رسائلها وإرسال إشارة المربى لمدة طويلة بما فيه الكفاية لجميع العقد في الشبكة لرؤية الاصطدام. وتحسب كل عقد ثم تنتظر الفاصل الزمني العشوائي قبل إعادة محاولة إرساله. وبروتوكول إيثرنت المستخدم في الشبكات المحلية للمكاتب (شبكات المناطق المحلية) شاع طريقة الوصول هذه. تم توحيدها في وقت لاحق كما إيي 802.3.
سما / كا - إحساس الناقل بالوصول المتعدد مع تجنب كوليسون. يتم تنفيذ الوصول الأولي إلى قناة واضحة مماثلة ل سما / سد. ومع ذلك، بعد الاصطدام وإشارة المربى، تستخدم المحطات فتحات التنافس لحل الوصول إلى القناة. تعطي هذه الفواصل الزمنية عقدة أو عقدا أولوية الوصول خلال فتحة التنافس. وبسبب فتحة التنافس ذات الأولوية هذه، يتم تجنب بعض التصادمات التي قد تحدث عند إعادة المحاولة في سما / سد في سما / كا. وتناوب تخصيصات الفواصل الزمنية بين الاصطدامات المتعاقبة لضمان الإنصاف. مثال على هذا البروتوكول هو لونوركس.
الاقتراع - في الاقتراع، عقدة رئيسية واحدة تتحكم في الوصول إلى القناة. يتم استطلاع جميع العقد الأخرى بالتتابع لتحديد ما إذا كان لديهم رسائل لإرسالها. إذا كان لديهم رسائل، يتم منحهم حق الوصول لإرسال رسائلهم. لاحظ أن هذه الطريقة تعتمد بشكل كبير على التشغيل الصحيح للسيد. بيتبوس إنتل والعديد من بروتوكولات الاتصالات فيلدبوس استخدام هذه الطريقة.
بت هيمنة - في بروتوكولات الهيمنة قليلا، تتم مزامنة جميع العقد. تبدأ كل عقدة الإرسال على قناة واضحة عن طريق إرسال عقدة أو معرف الرسالة. ويشير هذا المعرف إلى أولوية إرساله. العقدة مع أعلى إد يفوز العطاءات لأن 1 في معرفه تهيمن على أي 0 أرسلت بواسطة العقد الأخرى. لاحظ أن هذا يتطلب وسائل الإعلام الكهربائية حيث يرسل 1 التي تهيمن على 0. وتستخدم شبكة منطقة المراقب (كان) استنادا إلى طريقة النفاذ هذه بكثافة في السيارات.
تمرير الرموز المميزة - في تمرير الرمز المميز، يتم تحديد الوصول إلى القناة بواسطة حامل الرمز المميز. عند الانتهاء من هذه العقدة الإرسال، فإنه يمر الرمز المميز في رسالة خاصة إلى العقدة التالية في الشبكة. إذا كانت العقدة لا تحتوي على رسائل لإرسالها، فإنها ببساطة تمرر الرمز المميز. وكثيرا ما تكون عمليات تقديم العطاءات الخاصة مطلوبة لتحديد الحائز الأولي للرمز المميز ومدة عقد كل عقدة للرمز المميز. عب حلقة رمزية، وحافلة رمزية و فدي (الألياف واجهة البيانات الموزعة) كل استخدام بعض شكل ممر رمزية.
تدما - الوصول المتعدد تقسيم الوقت. وفي طريقة النفاذ هذه، يقسم عرض نطاق الشبكة إلى فواصل زمنية. وتخصص كل عقدة فتحة واحدة أو أكثر يكون فيها النفاذ الوحيد إلى القناة. وتكرر الفواصل الزمنية باستمرار، مما يمنح كل عقدة وصولا دوريا إلى القناة. أرينس 629 (الطيران راديو التأسيس) هو بروتوكول أنشئت لشبكات الطائرات جزءا لا يتجزأ من أن تستخدم هذه الطريقة. بروتوكول تدما آخر صمم خصيصا للتطبيقات في الوقت الحقيقي متسامح خطأ هو تب (بروتوكول أثار الوقت). هذا البروتوكول هو تطور حديث نسبيا (1993) وتطبيقاتها في النظم الحقيقية جزءا لا يتجزأ من غير معروفة للمؤلف.
وقد أجريت دراسات بروتوكول فردية ونشرت في المجلات. ولسوء الحظ، لم يتم إجراء سوى مقارنات محدودة من البروتوكولات المستخدمة في الأنظمة المدمجة. يرجى الرجوع إلى [كوبمان 94] لإجراء مقارنة نوعية للبروتوكولات المستخدمة في الأنظمة المدمجة وتغطية أكثر تفصيلا لتقنيات النفاذ إلى الوسائط الفردية.
على الرغم من أن البروتوكولات نفسها ليست حدثا صارما أو دولة مقرها، فإنها غالبا ما تكون أكثر سهولة في نوع واحد أو نظام آخر. على سبيل المثال، سما / سد المستخدمة في الإيثرنت هي طريقة الوصول الاحتمالية. الأنظمة القائمة على الحدث تناسب بشكل جيد مع هذا البروتوكول بسبب طبيعة متقطعة من الرسائل. تفصل بروتوكولات تقسيم تقسيم الوقت عرض النطاق الترددي للشبكة في شرائح زمنية للعقد الفردية. ويمكن للأنظمة القائمة على الدولة استخدام شرائح زمنية أو أكثر بكفاءة لإرسال بياناتها العادية.
اكتشاف الأخطاء / التشخيص.
إن اكتشاف الأخطاء وتشخيصها مهمان في أي نظام مضمن ولا سيما في الأنظمة الحساسة للسلامة. ونظم الاتصالات متقدمة إلى حد ما في قدراتها للكشف عن الأخطاء والتسامح وتصحيحها أحيانا. ويرد في الجدول 1 بعض الأخطاء النمطية لأنظمة الاتصالات. جنبا إلى جنب مع كل نوع خطأ، يتم مناقشة الدفاعات النموذجية المتاحة في نظام الاتصالات. معرفة أنواع الخطأ الشائعة والدفاعات لا تقدر بثمن لمصمم النظام.
تشويش القناة - عادة ما تحدث الضوضاء في قنوات الاتصال من البيئة أو عبر الحديث من الأسلاك المجاورة. وهناك طريقة لتقليل الضوضاء هي استخدام الألياف البصرية لقناة الاتصال. الألياف هي منيع للتداخل الكهرومغناطيسي. وكثيرا ما ترفق مخططات التجاوز الدورية (كرك) بالرسائل. وتتيح هذه المخططات الكشف عن جميع الأخطاء البادئة والمتعددة التي تحدث في الرسائل. ويمكن أيضا استخدام تقنيات تشفير الأخطاء الأكثر تطورا لتصحيح أخطاء البتات.
رسائل قديمة - قد تكون الرسائل القديمة التي لا تمثل بيانات دقيقة في الوقت الفعلي موجودة في النظام. تتضمن بعض البروتوكولات طابع زمني يتم إدراجه من قبل المصدر لوضع علامة على عمر الرسالة. لاحظ أن هذا يعني بعض قاعدة الوقت العالمي.
الرسائل المتكررة - في بعض حالات فشل عقدة المضيف أو واجهة الشبكة الخاصة به، قد تتكرر نفس الرسالة باستمرار. تتضمن بعض البروتوكولات رقما تسلسليا لكل رسالة. يمكن للعقد الوجهة بسهولة الكشف عن تكرار أو خارج تسلسل الرسائل.
انتشار الفشل - في نظام الوسائط المشتركة من المهم منع الفشل في عقدة واحدة من الانتشار إلى العقد الأخرى. وغالبا ما يتم تضمين حماية الطفرة لمنع انتشار الفشل الكهربائي. كابلات الألياف البصرية بمثابة العزلة الجلفانية بين العقد. ويمكن أن تمنع الشبكات الزائدة أيضا الانتشار.
تشغيل محطة - قد تفشل محطات في مثل هذه الطريقة أنها احتكار وسائل الإعلام المشتركة. وتحتوي بعض البروتوكولات، مثل إيثرنيت، على دائرة إشرافية لمكافحة الجابر. هذه الدوائر ملزمة الوقت الذي يسمح لأي محطة الوصول إلى وسائل الإعلام. سيتم تأمين المحطة حتى يتم ملاحظة فترة صمت محددة.
أخطاء الذاكرة - الداخلية إلى عقدة، قد يتم نسخ رسالة عدة مرات. وعادة ما تتم النسخ في معاملات دما أو عمليات التبادل الأخرى بين عقدة المضيف وشريحة واجهات الشبكة. ومن الممكن إضافة الاختبارية المعلومات إلى الرسائل التي يمكن استخدامها للكشف عن أخطاء الذاكرة في عملية النسخ.
فشل الأجهزة واجهة - واجهة الاتصالات يمكن أن تفشل الأجهزة. يتم تضمين التشخيص في العديد من أنظمة الاتصالات التي تسمح اختبار حلقة الظهر من واجهات.
أخطاء متقطعة - قد تبدأ الأخطاء تحدث بمعدل أعلى أقل من عتبة أخطاء النظام. ومع ذلك، فإن الزيادة في هذه الأخطاء قد تشير إلى جزء سيئ أو اتصال في النظام. وتشمل العديد من شرائح الاتصالات عدادات الإحصائية التي تظهر معدلات الخطأ وأنواع. إذا تم الإبلاغ إلى مستوى النظام، يمكن لهذه الأخطاء الإشارة إلى إجراء الصيانة قبل حدوث فشل النظام.
فواصل الكبل - يمكن عادة الكشف عن فقدان الاتصالات من خلال فواصل الكبلات من خلال فقدان الإشارة. ومع ذلك، فإن بعض نظم الاتصالات تشمل قدرات متسامحة مع التسامح مع فواصل الكبلات. ومن الأمثلة على ذلك فدي، الذي تم تكوينه كخواتم دوارة مضادة. ويمكن للمحطات الفردية إعادة تشكيل الحلقات لتجاوز فواصل الكبل.
بروتوكول المحللون يمكن أن تعلق على معظم الشبكات لفحص البيانات على مستوى بت، والحرف والإطار. يمكن فك رؤوس البروتوكولات الشائعة تلقائيا. هذه المحللين مفيدة بشكل خاص في فحص الأخطاء وانتهاكات البروتوكولات.
يمكن لمقاييس انعكاس المجال الزمني تحليل الكابلات والوصلات في الشبكات. توجد إصدارات من هذا الجهاز للوسائط الكهربائية والالياف البصرية. فهي مفيدة في العثور على فواصل كابل، وصلات سيئة وتحديد أطوال الكابل. هذه الأدوات تعمل عن طريق إرسال موجة أسفل كابل وفحص الانعكاسات. كل انعكاس يمثل اتصال أو خلل في الكابل. في الألياف البصرية، وجودة الاتصال في غاية الأهمية. ويمكن لهذه الأدوات أن تحدد الخسارة في مستوى الإشارة التي تستعملها كل وصلة.
وقد طبقت تقنيات الطرق الرسمية للتحقق من بروتوكولات الاتصال (شبكات بتري، لوتوس، سدل، Z & # 133؛). وشكلت شبكات بيتري على وجه الخصوص لتحليل شبكات الاتصالات. وعادة ما يتطلب التحقق من البروتوكول أثناء عملية التقييس. ويمكن ضمان مستوى معين من الصحة من قبل مصمم النظام جزءا لا يتجزأ إذا اختار بروتوكول موحد.
وهناك جهد أكثر احتمالا لمصممي النظام جزءا لا يتجزأ من اختيار نظام الاتصالات. من أجل القيام بذلك، هناك حاجة إلى التعامل الجيد بشأن المتطلبات والقضايا الرئيسية التي ينطوي عليها القرار. وترد قائمة بالمسائل والتوصيات المحددة في [Preckshot93] نوريغ / كر-6082، اتصالات البيانات. وقد وضعت هذه الوثيقة كدليل للسلطات التنظيمية لاستخدامها عند تقييم النظم المقترحة. على الرغم من أنها مخصصة للصناعة النووية فإنه ينطبق على أنظمة أخرى جزءا لا يتجزأ لأنها تسأل أسئلة مركزة حول نظام الاتصالات.
المقاييس الشائعة المنشورة في أدبيات الشركة الصانعة هي معدلات البيانات ومعدلات الخطأ. وتقدم دراسات البروتوكول تدابير أكثر تفصيلا للأداء المتوقع. وتشمل هذه الدراسات النمذجة المعقدة وتقنيات المحاكاة. ليس من المستغرب أن المقارنات الكمية واسعة النطاق بين العديد من البروتوكولات لم يتم محاولة. ومن الأمثلة على المقاييس التي تم العثور عليها في دراسات البروتوكول هي إنتاجية مقابل الحمل، والتأخير مقابل الإنتاجية، واستخدام أسوأ الحالات.
بشكل عام نظرية الاتصالات وتقنيات التحليل ناضجة تماما. ومع ذلك، فإن عملية اختيار نظام الاتصالات مخصصة في أحسن الأحوال.
ويمكن اعتبار الاتصالات شكلا من أشكال الإدخال / الإخراج. ومع ذلك، قد يكون هناك علاقة أكثر قابلية للتطبيق الاتجاه الحالي لاستخدام حافلات الحقل للتواصل مع I / O.
وغالبا ما تكون معمارية الاتصالات هي الطريقة المستخدمة لتحقيق نظام مضمن يمكن الاعتماد عليه، عادة عن طريق التكرار.
أنظمة الاتصالات جزءا لا يتجزأ من نظم في الوقت الحقيقي في معظم الأحيان. يغطي الموضوع في الوقت الحقيقي جدولة، وهو أمر مهم في شبكات وسائل الإعلام المشتركة.
الاتصالات تمكن الحوسبة التسامح خطأ من خلال استخدام الكشف عن الخطأ.
وكثيرا ما تستخدم تقنيات ترميز الأخطاء في الاتصالات من أجل كشف الأخطاء وتصحيح الأخطاء والموثوقية والضغط ونسبة الإشارة إلى الضوضاء المثلى.
وغالبا ما تستخدم الطرق الرسمية للتحقق من بروتوكول الاتصالات.
وهناك مفاضلة أساسية بين الكفاءة والقدرة على التنبؤ في اختيار نظام قائم على الحدث أو نظام قائم على الدولة. وبغض النظر عن القرار، هناك أوجه قصور يجب معالجتها. عدم وجود مقارنة كمية مفصلة من البروتوكولات يضع عبء تقييم نظام الاتصالات بشكل مباشر على مصمم النظام جزءا لا يتجزأ من. ويحدد بروتوكول النفاذ إلى الوسائط العديد من خصائص نظام الاتصالات. ولذلك، ينبغي أن تركز مصممي النظام جزءا لا يتجزأ من طريقة الوصول إلى الوسائط عند تحديد ما البروتوكول لاستخدامها. ومن العوامل الهامة الأخرى التي يجب مراعاتها تكنولوجيا الاتصالات وتكلفتها أو طول عمرها. غالبا ما يتم تجاهلها في التصميم هي ظروف الخطأ. أنظمة الاتصالات لديها مجموعة متنوعة من الآليات التي يمكن استخدامها لكشف الأخطاء. وباستخدام طرق الكشف هذه، يستطيع المصمم بناء نظام اتصالات موثوق به.
[كوبمان 94] كوبان، بيجاي، و أوبندر، بب، & كوت؛ بروتوكولات الاتصالات للأنظمة المضمنة & كوت ؛، برمجة الأنظمة المدمجة، 7 (11)، نوفمبر 1994، ص 46-48، cs. cmu. edu/People/koopman/protsrvy /protsrvy. html، أسسد: ماي ​​8، 1999.
ملاحظات: مقارنة نوعية جيدة من البروتوكولات، وخاصة مجموعة متنوعة من وسائل الوصول وسائل الإعلام المتاحة. عملي. كتب على مستوى تمهيدي. تفحص طرق الوصول إلى الوسائط المختلفة ببعض التفاصيل.
[Kopetz97] كوبيتز، H.، أنظمة الوقت الحقيقي، مبادئ التصميم للتطبيقات المضمنة الموزعة، كلور أكاديميك بوبليشرز، 1997، Chpt.7-8.
ملاحظات: مجموعة واسعة من المعلومات عن أنظمة الوقت الحقيقي. وتتناول المناقشة الرئيسية خمسة مفاضلات أساسية في المتطلبات المثالية لنظم الاتصالات. قسم الاتصالات يظهر التحيز نحو بروتوكول الوقت تريجرد (تب) الذي كتب أوراق أخرى حول.
ملاحظات: كتب من وجهة نظر مقيم نظام السلامة للنظم الحرجة. ومع ذلك، تسأل هذه الوثيقة جميع الأسئلة التي يجب على مصمم النظام المضمن أن يسأل نفسه. التذييل هو أكثر تعليمي في الطبيعة.
[Spragins94] سبراجينز، J. D.، هاموند، J. L.، أند بوليكوسكي، K.، تيليكومونيكاتيونس بروتوكولاتس أند ديسين، أديسون ويسلي بوبليشينغ، 1994.
ملاحظات: مصدر جيد لرياضيات الاتصالات، نظرية الطابور، والمقاييس. ولسوء الحظ، فإن الأمثلة المشمولة هي بروتوكولات الاتصال القياسية بدلا من بروتوكولات النظام المضمنة. وتوفر هذه المرجعية أيضا خلفية جيدة عن النموذج المرجعي أوسي وشبكات الاتصالات بشكل عام.
قراءة متعمقة.
[نوردن 98] نوردن، S.، مانيماران، G.، سيفا رام مورثي، C.، & كوت؛ بروتوكولات جديدة للاتصال الثابت في الوقت الحقيقي في بيئة الشبكة المحلية المحولة & كوت ؛، وقائع المؤتمر الدولي الثالث والعشرين لشبكات الحاسوب المحلية، ، 1998، ب. 364-373.
ملاحظات: إن المناقشة أكثر ملاءمة لاستخدام شبكات الاتصالات القائمة. لا ينطبق ذلك على الأنظمة المضمنة. وقد تكون هذه مسألة مستقبلية. لا تغطي قضية كوس و مزج أنواع الحركة.
[PAige90] بيج، الملازم J. L.، & كوت؛ سافينيت - A نافي أبروتش تو كومبيوتر نيتوركينغ & كوت ؛، بروسيدينغس - 15th إنترناشونال كونفيرانس أون لوكال كومبيوتر نيتوركس، إيي كومبيوتر سوسيتي، 1990، pp.268-273.
ملاحظات: معمارية عالية المستوى لأنظمة اتصالات حاسمة للسلامة. واحد يستند إلى إيثرنت، والآخر على فدي.
ملاحظات: يحاول التنبؤ بما إذا كانت الإيثرنت ستنتشر إلى أرضية المصنع. قد يكون جدا الرأي. ليست قوية جدا في دعم الحجج. قد تكون مخبأة جدول الأعمال، لأنه موجود على موقع صاحب العمل على شبكة الإنترنت.
[راماناثان] راماناثان، P.، شين، K. G.، بتلر R. W.، & كوت؛ فولت-توليرانت كلوك سينكرونيزاتيون إن ديستريبوتد سيستمز & كوت ؛، إيي كومبيوتر، 23 (10)، 1990، pp.33-42.
ملاحظات: هذه قضية كبيرة لبعض البروتوكولات مثل تدما (وبالنسبة لبعض التطبيقات التي تتطلب تسلسل الأحداث). يدخل في مشكلة البيزنطية العامة للتزامن في وجود الساعات الخاطئة. هناك الكثير من الأوراق حول هذه المسألة. [Kopetz97] لديه واحد أيضا.
[Scholl88] شول، F. W. أند كودين، M. H.، & كوت؛ باسيف أوبتيكال ستار سيستمز فور فيبر أوبتيك لوكال أريا نيتوركس & كوت ؛، إيي ترانزاكتيونس أون سيلكتد أرياس إن كومونيكاتيونس، 6 (6)، 1988، pp.913-923.
ملاحظات: فكرة جيدة لأن اتصال الشبكة هو سلبي وبالتالي أكثر موثوقية. لسوء الحظ، قد لا تكون هذه الطريقة معتمدة من قبل التكنولوجيا الحالية. ارتفاع الخسائر في النجوم تعمل فقط مع أجهزة الإرسال القوية. طيب في الأيام الأولى عندما المرسلات الألياف البصرية كانت عالية الطاقة. الآن معظم أجهزة الإرسال هي المصابيح مع انخفاض انتاج الطاقة.
[Upender97] عندر، B. P. و عميد، A. & كوت؛ شبكة الاتصالات المضمنة المزالق & كوت ؛، برمجة الأنظمة المدمجة، 10 (9)، 1997، إمبديد / 97 / fe29709.htm، أسسد: ماي ​​8، 1999.
ملاحظات: تحليل المشاكل مع بروتوكولات لبعض التطبيقات، ولكن يغطي فقط 3 (لونتالك، كان و إيي-1394).
[Zhao95] تشاو، W. أند مالكولم N.، & كوت؛ هارد ريال-تايم كومونيكاتيون إن مولتيبل-أسيس نيتوركس & كوت ؛، ريال تايم سيستمز، 8، 1995، pp.35-77.
ملاحظات: في تحليل متعمق لأنواع ماك. يميل نحو الرياضيات.

مشكلات تصميم النظام المضمنة.
(بقية القصة)
طبعة أولية للورقة منشورة في:
وقائع المؤتمر الدولي لتصميم الحاسوب (إكد 96)
بالتزامن مع جلسة تعليمية جزءا لا يتجزأ من نفس العنوان.
العديد من النظم جزءا لا يتجزأ من قيود التصميم مختلفة بكثير من تطبيقات الحوسبة المكتبية. ولا ينطبق أي توصيف وحيد على الطيف المتنوع من الأنظمة المدمجة. ومع ذلك، فإن بعض مزيج من ضغط التكلفة، ودورة حياة طويلة، ومتطلبات الوقت الحقيقي، ومتطلبات الموثوقية، وخلل في تصميم ثقافة يمكن أن تجعل من الصعب أن تكون ناجحة تطبيق منهجيات تصميم الكمبيوتر التقليدية والأدوات لتطبيقات جزءا لا يتجزأ. يجب أن تكون الأنظمة المدمجة في كثير من الحالات الأمثل لدورة الحياة والعوامل التي يحركها رجال الأعمال بدلا من أقصى قدر من الإنتاجية الحوسبة. هناك حاليا دعم أداة قليلة لتوسيع تصميم الكمبيوتر جزءا لا يتجزأ من نطاق شمولي تصميم نظام جزءا لا يتجزأ. ومع ذلك، فإن معرفة نقاط القوة والضعف في المناهج الحالية يمكن أن يضع التوقعات بشكل مناسب، ويحدد مجالات المخاطر لمتبني الأدوات، ويقترح الطرق التي يمكن بها لبناة الأدوات تلبية الاحتياجات الصناعية.
1 المقدمة.
يتم بيع ما يقرب من 3 مليارات وحدة المعالجة المركزية جزءا لا يتجزأ من كل عام، مع وحدات المعالجة المركزية أصغر (4، 8-، و 16 بت) تهيمن عليها كمية ومجموع مبلغ الدولار [1]. ومع ذلك، يبدو أن معظم البحوث وتطوير الأدوات تركز على احتياجات الراقية سطح المكتب والجيش / الفضاء جزءا لا يتجزأ من الحوسبة. وتسعى هذه الورقة إلى توسيع مجال النقاش ليشمل مجموعة واسعة من النظم المدمجة.
والتنوع الشديد في التطبيقات المدمجة يجعل التعميمات أمرا صعبا. ومع ذلك، هناك اهتمام الناشئة في مجموعة كاملة من النظم جزءا لا يتجزأ من (على سبيل المثال، [2]، [3]، [4]، [5]، [6]) والمجال ذي الصلة من الأجهزة / رموز البرمجيات (على سبيل المثال، [7 ]).
This paper and the accompanying tutorial seek to identify significant areas in which embedded computer design differs from more traditional desktop computer design. They also present "design challenges" encountered in the course of designing several real systems. These challenges are both opportunities to improve methodology and tool support as well as impediments to deploying such support to embedded system design teams. In some cases research and development has already begun in these areas -- and in other cases it has not.
The observations in this paper come from the author's experience with commercial as well as military applications, development methodologies, and life-cycle support. All characterizations are implicitly qualified to indicate a typical, representative, or perhaps simply an anecdotal case rather than a definitive statement about all embedded systems. While it is understood that each embedded system has its own set of unique requirements, it is hoped that the generalizations and examples presented here will provide a broad-brush basis for discussion and evolution of CAD tools and design methodologies.
2. Example Embedded Systems.
Figure 1 shows one possible organization for an embedded system.
Figure 1. An embedded system encompasses the CPU as well as many other resources.
In addition to the CPU and memory hierarchy, there are a variety of interfaces that enable the system to measure, manipulate, and otherwise interact with the external environment. Some differences with desktop computing may be:
The human interface may be as simple as a flashing light or as complicated as real-time robotic vision. The diagnostic port may be used for diagnosing the system that is being controlled -- not just for diagnosing the computer. Special-purpose field programmable (FPGA), application specific (ASIC), or even non-digital hardware may be used to increase performance or safety. Software often has a fixed function, and is specific to the application.
In addition to the emphasis on interaction with the external world, embedded systems also provide functionality specific to their applications. Instead of executing spreadsheets, word processing and engineering analysis, embedded systems typically execute control laws, finite state machines, and signal processing algorithms. They must often detect and react to faults in both the computing and surrounding electromechanical systems, and must manipulate application-specific user interface devices.
Table 1. Four example embedded systems with approximate attributes.
In order to make the discussion more concrete, we shall discuss four example systems (Table 1). Each example portrays a real system in current production, but has been slightly genericized to represent a broader cross-section of applications as well as protect proprietary interests. The four examples are a Signal Processing system, a Mission Critical control system, a Distributed control system, and a Small consumer electronic system. The Signal Processing and Mission Critical systems are representative of traditional military/aerospace embedded systems, but in fact are becoming more applicable to general commercial applications over time.
Using these four examples to illustrate points, the following sections describe the different areas of concern for embedded system design: computer design, system-level design, life-cycle support, business model support, and design culture adaptation.
Desktop computing design methodology and tool support is to a large degree concerned with initial design of the digital system itself. To be sure, experienced designers are cognizant of other aspects, but with the recent emphasis on quantitative design ( e. g. , [8]) life-cycle issues that aren't readily quantified could be left out of the optimization process. However, such an approach is insufficient to create embedded systems that can effectively compete in the marketplace. This is because in many cases the issue is not whether design of an immensely complex system is feasible, but rather whether a relatively modest system can be highly optimized for life-cycle cost and effectiveness.
While traditional digital design CAD tools can make a computer designer more efficient, they may not deal with the central issue -- embedded design is about the system, not about the computer. In desktop computing, design often focuses on building the fastest CPU, then supporting it as required for maximum computing speed. In embedded systems the combination of the external interfaces (sensors, actuators) and the control or sequencing algorithms is or primary importance. The CPU simply exists as a way to implement those functions. The following experiment should serve to illustrate this point: ask a roomful of people what kind of CPU is in the personal computer or workstation they use. Then ask the same people which CPU is used for the engine controller in their car (and whether the CPU type influenced the purchasing decision).
In high-end embedded systems, the tools used for desktop computer design are invaluable. However, many embedded systems both large and small must meet additional requirements that are beyond the scope of what is typically handled by design automation. These additional needs fall into the categories of special computer design requirements, system-level requirements, life-cycle support issues, business model compatibility, and design culture issues.
3. Computer Design Requirements.
Embedded computers typically have tight constraints on both functionality and implementation. In particular, they must guarantee real time operation reactive to external events, conform to size and weight limits, budget power and cooling consumption, satisfy safety and reliability requirements, and meet tight cost targets.
3.1. Real time/reactive operation.
Real time system operation means that the correctness of a computation depends, in part, on the time at which it is delivered. In many cases the system design must take into account worst case performance. Predicting the worst case may be difficult on complicated architectures, leading to overly pessimistic estimates erring on the side of caution. The Signal Processing and Mission Critical example systems have a significant requirement for real time operation in order to meet external I/O and control stability requirements.
Reactive computation means that the software executes in response to external events. These events may be periodic, in which case scheduling of events to guarantee performance may be possible. On the other hand, many events may be aperiodic, in which case the maximum event arrival rate must be estimated in order to accommodate worst case situations. Most embedded systems have a significant reactive component.
Worst case design analyses without undue pessimism in the face of hardware with statistical performance characteristics ( e. g., cache memory [9]).
3.2. Small size, low weight.
Many embedded computers are physically located within some larger artifact. Therefore, their form factor may be dictated by aesthetics, form factors existing in pre-electronic versions, or having to fit into interstices among mechanical components. In transportation and portable systems, weight may be critical for fuel economy or human endurance. Among the examples, the Mission Critical system has much more stringent size and weight requirements than the others because of its use in a flight vehicle, although all examples have restrictions of this type.
Non-rectangular, non-planar geometries. Packaging and integration of digital, analog, and power circuits to reduce size.
3.3. Safe and reliable.
Some systems have obvious risks associated with failure. In mission-critical applications such as aircraft flight control, severe personal injury or equipment damage could result from a failure of the embedded computer. Traditionally, such systems have employed multiply-redundant computers or distributed consensus protocols in order to ensure continued operation after an equipment failure ( e. g. , [10], [11])
However, many embedded systems that could cause personal or property damage cannot tolerate the added cost of redundancy in hardware or processing capacity needed for traditional fault tolerance techniques. This vulnerability is often resolved at the system level as discussed later.
Low-cost reliability with minimal redundancy.
3.4. Harsh environment.
Many embedded systems do not operate in a controlled environment. Excessive heat is often a problem, especially in applications involving combustion ( e. g., many transportation applications). Additional problems can be caused for embedded computing by a need for protection from vibration, shock, lightning, power supply fluctuations, water, corrosion, fire, and general physical abuse. For example, in the Mission Critical example application the computer must function for a guaranteed, but brief, period of time even under non-survivable fire conditions.
Accurate thermal modelling. De-rating components differently for each design, depending on operating environment.
3.5. Cost sensitivity.
Even though embedded computers have stringent requirements, cost is almost always an issue (even increasingly for military systems). Although designers of systems large and small may talk about the importance of cost with equal urgency, their sensitivity to cost changes can vary dramatically. A reason for this may be that the effect of computer costs on profitability is more a function of the proportion of cost changes compared to the total system cost, rather than compared to the digital electronics cost alone. For example, in the Signal Processing system cost sensitivity can be estimated at approximately $1000 ( i. e. , a designer can make decisions at the $1000 level without undue management scrutiny). However, with in the Small system decisions increasing costs by even a few cents attract management attention due to the huge multiplier of production quantity combined with the higher percentage of total system cost it represents.
Variable "design margin" to permit tradeoff between product robustness and aggressive cost optimization.
4. System-level requirements.
In order to be competitive in the marketplace, embedded systems require that the designers take into account the entire system when making design decisions.
4.1. End-product utility.
The utility of the end product is the goal when designing an embedded system, not the capability of the embedded computer itself. Embedded products are typically sold on the basis of capabilities, features, and system cost rather than which CPU is used in them or cost/performance of that CPU.
One way of looking at an embedded system is that the mechanisms and their associated I/O are largely defined by the application. Then, software is used to coordinate the mechanisms and define their functionality, often at the level of control system equations or finite state machines. Finally, computer hardware is made available as infrastructure to execute the software and interface it to the external world. While this may not be an exciting way for a hardware engineer to look at things, it does emphasize that the total functionality delivered by the system is what is paramount.
Software - and I/O-driven hardware synthesis (as opposed to hardware-driven software compilation/synthesis).
4.2. System safety & reliability.
An earlier section discussed the safety and reliability of the computing hardware itself. But, it is the safety and reliability of the total embedded system that really matters. The Distributed system example is mission critical, but does not employ computer redundancy. Instead, mechanical safety backups are activated when the computer system loses control in order to safely shut down system operation.
A bigger and more difficult issue at the system level is software safety and reliability. While software doesn't normally "break" in the sense of hardware, it may be so complex that a set of unexpected circumstances can cause software failures leading to unsafe situations. This is a difficult problem that will take many years to address, and may not be properly appreciated by non-computer engineers and managers involved in system design decisions ([12] discusses the role of computers in system safety).
Reliable software. Cheap, available systems using unreliable components. Electronic vs. non-electronic design tradeoffs.
4.3. Controlling physical systems.
The usual reason for embedding a computer is to interact with the environment, often by monitoring and controlling external machinery. In order to do this, analog inputs and outputs must be transformed to and from digital signal levels. Additionally, significant current loads may need to be switched in order to operate motors, light fixtures, and other actuators. All these requirements can lead to a large computer circuit board dominated by non-digital components.
In some systems "smart" sensors and actuators (that contain their own analog interfaces, power switches, and small CPUS) may be used to off-load interface hardware from the central embedded computer. This brings the additional advantage of reducing the amount of system wiring and number of connector contacts by employing an embedded network rather than a bundle of analog wires. However, this change brings with it an additional computer design problem of partitioning the computations among distributed computers in the face of an inexpensive network with modest bandwidth capabilities.
Distributed system tradeoffs among analog, power, mechanical, network, and digital hardware plus software.
4.4. Power management.
A less pervasive system-level issue, but one that is still common, is a need for power management to either minimize heat production or conserve battery power. While the push to laptop computing has produced "low-power" variants of popular CPUs, significantly lower power is needed in order to run from inexpensive batteries for 30 days in some applications, and up to 5 years in others.
Ultra-low power design for long-term battery operation.
5. Life-cycle support.
Figure 2 shows one view of a product life-cycle (a simplified version of the view taken by [13]).
Figure 2. An embedded system lifecycle.
First a need or opportunity to deploy new technology is identified. Then a product concept is developed. This is followed by concurrent product and manufacturing process design, production, and deployment. But in many embedded systems, the designer must see past deployment and take into account support, maintenance, upgrades, and system retirement issues in order to actually create a profitable design. Some of the issues affecting this life-cycle profitability are discussed below.
5.1. Component acquisition.
Because an embedded system may be more application-driven than a typical technology-driven desktop computer design, there may be more leeway in component selection. Thus, component acquisition costs can be taken into account when optimizing system life-cycle cost. For example, the cost of a component generally decreases with quantity, so design decisions for multiple designs should be coordinated to share common components to the benefit of all.
Life-cycle, cross-design component cost models and optimization rather than simple per-unit cost.
5.2. System certification.
Embedded computers can affect the safety as well as the performance the system. Therefore, rigorous qualification procedures are necessary in some systems after any design change in order to assess and reduce the risk of malfunction or unanticipated system failure. This additional cost can negate any savings that might have otherwise been realized by a design improvement in the embedded computer or its software. This point in particular hinders use of new technology by resynthesizing hardware components -- the redesigned components cannot be used without incurring the cost of system recertification.
One strategy to minimize the cost of system recertification is to delay all design changes until major system upgrades occur. As distributed embedded systems come into more widespread use, another likely strategy is to partition the system in such a way as to minimize the number of subsystems that need to be recertified when changes occur. This is a partitioning problem affected by potential design changes, technology insertion strategies, and regulatory requirements.
Partitioning/synthesis to minimize recertification costs.
5.3. Logistics and repair.
Whenever an embedded computer design is created or changed, it affects the downstream maintenance of the product. A failure of the computer can cause the entire system to be unusable until the computer is repaired. In many cases embedded systems must be repairable in a few minutes to a few hours, which implies that spare components and maintenance personnel must be located close to the system. A fast repair time may also imply that extensive diagnosis and data collection capabilities must be built into the system, which may be at odds with keeping production costs low.
Because of the long system lifetimes of many embedded systems, proliferation of design variations can cause significant logistics expenses. For example, if a component design is changed it can force changes in spare component inventory, maintenance test equipment, maintenance procedures, and maintenance training. Furthermore, each design change should be tested for compatibility with various system configurations, and accommodated by the configuration management database.
Designs optimized to minimize spares inventory. High-coverage diagnosis and self-test at system level, not just digital component level.
5.4. Upgrades.
Because of the long life of many embedded systems, upgrades to electronic components and software may be used to update functionality and extend the life of the embedded system with respect to competing with replacement equipment. While it may often be the case that an electronics upgrade involves completely replacing circuit boards, it is important to realize that the rest of the system will remain unchanged. Therefore, any special behaviors, interfaces, and undocumented features must be taken into account when performing the upgrade. Also, upgrades may be subject to recertification requirements.
Of special concern is software in an upgraded system. Legacy software may not be executable on upgraded replacement hardware, and may not be readily cross-compiled to the new target CPU. Even worse, timing behavior is likely to be different on newer hardware, but may be both undocumented and critical to system operation.
Ensuring complete interface, timing, and functionality compatibility when upgrading designs.
5.5. Long-term component availability.
When embedded systems are more than a few years old, some electronic components may no longer be available for production of new equipment or replacements. This problem can be especially troublesome with obsolete processors and small-sized dynamic memory chips.
When a product does reach a point at which spare components are no longer economically available, the entire embedded computer must sometimes be redesigned or upgraded. This redesign might need to take place even if the system is no longer in production, depending on the availability of a replacement system. This problem is a significant concern on the Distributed example system.
Cost-effectively update old designs to incorporate new components.
6. Business model.
The business models under which embedded systems are developed can vary as widely as the applications themselves. Costs, cycle time, and the role of product families are all crucial business issues that affect design decisions.
6.1. Design vs. production costs.
Design costs, also called Non-Recurring Engineering costs (NRE), are of major importance when few of a particular embedded system are being built. Conversely, production costs are important in high-volume production. Embedded systems vary from single units to millions of units, and so span the range of tradeoffs between design versus production costs.
At the low-volume end of the spectrum, CAD tools can help designers complete their work with a minimum of effort. However, at the high-volume end of the spectrum the designs may be simple enough and engineering cost such a small fraction of total system cost that extensive hand-optimization is performed in order to reduce production costs.
CAD tools may be able to outperform an average engineer at all times, and a superior engineer on very large designs (because of the limits of human capacity to deal with complexity and repetition). However, in small designs some embedded computer designers believe that a superior human engineer can outperform CAD tools. In the Small system example a programmer squeezed software into a few hundred bytes of memory by hand when the compiler produced overly large output that needed more memory than was available. It can readily be debated whether CAD tools or humans are "better" designers, but CAD tools face skepticism in areas that require extraordinary optimization for size, performance, or cost.
Intelligently trade off design time versus production cost.
6.2. Cycle time.
The cycle time between identification of a product opportunity and product deployment (also called Time to Market) can be quite long for embedded systems. In many cases the electronics are not the driving force; instead, product schedules are driven by concerns such as tooling for mechanical components and manufacturing process design. Superficially, this would seem to imply that design time for the electronics is not an overriding concern, but this is only partially true.
Because the computer system may have the most malleable design, it may absorb the brunt of changes. For example, redesign of hardware was required on the Mission Critical example system when it was found that additional sensors and actuators were needed to meet system performance goals. On the Small example system, delays in making masked ROM changes in order to revise software dominate concerns about modifications (and programmable memory is too expensive). So, although the initial design is often not in the critical path to product deployment, redesign of the computer system may need to be done quickly to resolve problems.
Rapid redesign to accommodate changing form factors, control algorithms, and functionality requirements.
6.3. Product families.
In many cases embedded system designs are not unique, and there are a variety of systems of various prices and capabilities forming a product family. To the extent that system designers can reuse components, they lower the total cost of all systems in the product family.
However, there is a dynamic tension between overly general solutions that satisfy a large number of niche requirements, and specifically optimized designs for each point in a product family space. Also, there may be cases in which contradictory requirements between similar systems prevent the use of a single subsystem design. In the Mission Critical and Small examples different customers require different interfaces between the embedded system and their equipment. In the Distributed example regulatory agencies impose different safety-critical behavior requirements depending on the geographic area in which the system is deployed.
Customize designs while minimizing component variant proliferation.
7. Design culture.
Design is a social activity as well as a technical activity. The design of desktop computers, and CPUs in particular, has matured in terms of becoming more quantitative in recent years. With this new maturity has come an emphasis on simulation and CAD tools to provide engineering tradeoffs based on accurate performance and cost predictions.
Computer designers venturing into the embedded arena must realize that their culture (and the underlying tool infrastructure) are unlike what is commonly practiced in some other engineering disciplines. But, because embedded system design requires a confluence of engineering skills, successful computer designers and design methodologies must find a harmonious compromise with the techniques and methodologies of other disciplines as well as company management. Also, in many cases the engineers building embedded computer systems are not actually trained in computer engineering (or, perhaps not even electrical engineering), and so are not attuned to the culture and methodologies of desktop computer design.
7.1. Computer culture vs. other cultures.
A specific problem is that computer design tools have progressed to the point that many believe it is more cost-effective to do extensive simulation than build successive prototypes. However, in the mechanical arena much existing practice strongly favors prototyping with less exhaustive up-front analysis. Thus, it may be difficult to convince project managers (who may be application area specialists rather than computer specialists) to spend limited capital budgets on CAD tools and defer the gratification of early prototype development in favor of simulation.
Make simulation-based computer design accessible to non-specialists.
7.2. Accounting for cost of engineering design.
One area of common concern is the effectiveness of using engineers in any design discipline. But, some computer design CAD tools are very expensive, and in general organizations have difficulty trading off capital and tool costs against engineering time. This means that computer designers may be deprived of CAD tools that would reduce the total cost of designing a system.
Also, in high-volume applications engineering costs can be relatively small when compared to production costs. Often, the number of engineers is fixed, and book-kept as a constant expense that is decoupled from the profitability of any particular system design, as is the case in all four example systems. This can be referred to as the "Engineers Are Free" syndrome. But, while the cost of engineering time may have a small impact on product costs, the unavailability of enough engineers to do work on all the products being designed can have a significant opportunity cost (which is, in general, unmeasured).
Improved productivity via using tools and methodologies may be better received by managers if it is perceived to increase the number of products that can be designed, rather than merely the efficiency of engineers on any given product design effort. This is a subtle but, in practice, important distinction.
7.3. Inertia.
In general, the cost of change in an organization is high both in terms of money and organizational disruption. The computer industry can be thought of as being forced to change by inexorable exponential growth in hardware capabilities. However, the impact of this growth seems to have been delayed in embedded system development. In part this is because of the long time that elapses between new technology introduction and wide-scale use in inexpensive systems. Thus, it may simply be that complex designs will force updated CAD tools and design methodologies to be adopted for embedded systems in the near future.
On the other hand, the latest computer design technologies may not have been adopted by many embedded system makers because they aren't necessary. Tool development that concentrates on the ability to handle millions of transistors may simply not be relevant to designers of systems using 4- and 8-bit microprocessors that constitute the bulk of the embedded CPU market. And, even if they are useful, the need for them may not be compelling enough to justify the pain and up-front expense of change so long as older techniques work.
That is not to say that new tools aren't needed, but rather that the force of cultural inertia will only permit adoption of low-cost tools with significant advantages to the problem at hand .
Find/create design tools and methodologies that provide unique, compelling advantages for embedded design.
8. Conclusions.
Many embedded systems have requirements that differ significantly both in details and in scope from desktop computers. In particular, the demands of the specific application and the interface with external equipment may dominate the system design. Also, long life-cycles and in some cases extreme cost sensitivity require more attention to optimization based on these goals rather than maximizing the computational throughput.
The business and cultural climates in many embedded system design situations are such that traditional simulation-based computer design techniques may not be viable in their current form. Such methodologies may not be cost-effective given constraints on categories of expenditures, may not be seen as worthwhile by non-computer-trained professionals, or may simply be solving the wrong problems.
Recent interest in hardware/software codesign is a step in the right direction, as it permits tradeoffs between hardware and software that are critical for more cost-effective embedded systems. However, to be successful future tools may well need to increase scope even further to include life-cycle issues and business issues.
The tutorial slide presentation presented at the conference augments this paper, and may be found at: cs. cmu. edu/
Acknowledgements.
This work was sponsored, in part, by DARPA contract DABT63-95-C-0026, and ONR contract N00014-96-1-0202.
المراجع.
[1] Bernard Cole, "Architectures overlap applications", Electronic Engineering Times , March 20, 1995, pp. 40,64-65.
[2] Stephanie White, Mack Alford & Julian Hotlzman, "Systems Engineering of Computer-Based Systems." In: Lawson (ed.), Proceedings 1994 Tutorial and Workshop on Systems Engineering of Computer-Based Systems , IEEE Computer Society, Los Alamitos CA, 1994, pp. 18-29.
[5] Daniel D. Gajski, Frank Vahid, Sanjiv Narayan & Jie Gong, Specification and Design of Embedded Systems , PTR Prentice Hall, Englewood Cliffs NJ, 1994.
[6] Jack Ganssle, Art of programming Embedded Systems , Academic Press, San Diego, 1992.
[7] Don Thomas & Rolf Ernst (eds.), Proceedings: Fourth International Workshop on Hardware/Software Co-Design , IEEE Computer Society, Los Alamitos CA, 1996.
[8] David Patterson & John Hennessy, Computer Architecture: a Quantitative Approach , Morgan Kaufmann, San Mateo CA, 1990.
[10] Shem-Tov Levi & Ashok Agrawala, Fault Tolerant System Design , McGraw-Hill, New York, 1994.
[11] Daniel Siewiorek & Robert Swarz, Reliable Computer Systems: design and evaluation (2nd edition) , Digital Press, Burlington MA, 1992.
[12] Nancy Leveson, Safeware: system safety and computers , Addison-Wesley, Reading MA, 1994.
[13] Georgette Demes et al. , "The Engineering Design Research Center of Carnegie Mellon University," Proceedings of the IEEE , 81 (1) 10-24, January 1993.

Embedded Communication.
Carnegie Mellon University.
18-849b Dependable Embedded Systems.
Author: Leo Rollins.
Communication is essential to achieving a dependable distributed embedded system. Designers of these systems are faced with several challenges in specifying the communication network. Complex systems usually require some sort of shared media network. In this environment, the designer must recognize the fundamental trade-off that exists between the efficiency and the predictability of the network. Given this trade-off, the designer must evaluate and select the communication network. Particular attention must be given to the protocols, which determine much of the network behavior. Finally, many error detection methods are available which are necessary to build a reliable communication system.
Related Topics:
Most historical communication systems can be considered to be "embedded" at least from one perspective: they have a very narrowly defined task. They are not designed for general purpose communication. For instance telephones were conceived for only for the purpose of voice transmission. However, this fact has been changing in recent years with the design of integrated services networks. These networks are designed to carry different types of communication including voice, data and video signals. Even systems with a single original purpose like telephony have been exploited for the transfer of other traffic, like data transfer for computers. Another development that has increased interest in general purpose communication is the internet. Once computers across the world began to be connected, the problem of incompatible networks became apparent. The OSI (Open Systems Interconnection) Reference Model was developed in an attempt to solve this compatibility problem. This model divides the communication system into seven layers which provide varying levels of service. The layers were intended to provide standard interfaces and services, so that various protocols, machines and network types could coexist.
Despite the spread of general purpose networking ideas, there are still many closed systems which have very specific purposes. In this environment, a simple and efficient protocol can be enforced without the danger of incompatibilities. An example is the network of devices in a modern automobile that communicate over a network. From the perspective of the author these narrowly defined closed systems are considered embedded communication systems. Even in these embedded systems, there is increasing interest in the connection of embedded systems to larger networks for status monitoring purposes. Just as the embedded systems have borrowed communication protocols and technology from larger communication systems, they are likely to borrow the many of the interconnection and standardization ideas in the near future.
The majority of embedded communication systems can be classified as either point-to-point networks (data links) or shared media networks (data highways). It is important to understand the trade-off between these two types of systems. In point-to-point networks, each node of the system is connected to every other node. These systems are simple and reliable. Reliability is high since correct transmission between two nodes only depends on a single transmitter and receiver. Since each link is dedicated to communication between two nodes, it is easy to meet real-time deadlines without any sophisticated scheduling mechanism. In shared media systems all nodes are connected together using a ring or bus topology. The primary motivation for shared media is the reduction in wiring (and thus cost). These networks are easily extendable without adding any new data ports to individual nodes. Limited new cabling is required.
The price for scalability and reduced cost of a shared media network is the complexity that must be added to the network protocol. Some means must be added to arbitrate for access to the shared media. The remaining discussion in this paper applies mainly to shared media embedded communication systems.
Event versus State Based Communication.
In practice communication systems may not be purely event or state based. A communication protocol may contain some properties of each. However, it is instructive to examine the fundamental differences between an event based system and a state based system. One of the fundamental trade-offs between these two types of systems is the efficient use of resources found in event based systems versus the predictablity of the network found in state based systems. The primary resources of concern in the network are bandwidth (the amount of data that can be transmitted per unit time) and the buffer space required at nodes to process incoming or outgoing messages.
In an event based communication system, messages are generated and transmitted in response to "events" detected at a local node in the network. Examples of "events" include changes in the value of process variables, new alarm conditions that have been detected, conditions that represent alarms clearing, or requests by other nodes for data. An example of an event based communication system is the typical office network. Messages are generated by users whenever they send data to printers, access data on shared network drives, run applications that exist on other machines or send email to others in the network.
One goal of event based communication is the efficient use of network bandwidth. By transmitting only necessary data, an efficient use of network bandwidth is assured. However, since data is transmitted only when there is a change at the source node, every message becomes important. This places additional requirements on the communication system to assure that each message is delivered successfully. One mechanism to do this is for destination nodes to acknowledge each successful transmission and request a retry for each corrupted message. If an acknowledgement is not generated within a specified timeout, the source node may also repeat the message of its own accord. Note that this acknowledge and retry mechanism consumes some additional network bandwidth.
Consider the example of an event based distributed monitoring system. This system monitors plant conditions and generates alarms when certain conditions are generated. During normal operation, the network should be lightly loaded with few alarm conditions. During system upsets, many messages will be required due to multiple alarm conditions and changing state. It is difficult to predict the maximum number of messages that might be exchanged during this situation. Many nodes may compete for the communication channel. Therefore it is difficult to confirm that a system design will contain adequate resources (bandwidth and buffers) to handle the load. For a system with safety functions, the network is at its worst (in terms of delay and lost messages) when it is needed the most. This condition is sometimes referred to as the alarm flood problem. One potential solution to this problem is to design an overly conservative network in order to meet the worst case situation. This approach may not be feasible in a small embedded system with cost constraints.
In a state based communication system, messages represent the entire state of a node. For instance, all of the alarms for a node are transmitted as either on or off in its message. A node sends its fixed size message at pre-defined, regular intervals. Access to the media is easily scheduled, since the message requirements of each node never change. Network load is fixed and can be easily calculated during system design. An example of a state based system is a distributed process control system. Each node has a fixed number of inputs, calculated values, and alarm conditions that it sends in its message to other nodes in the network.
The state based system is a less efficient in terms of network bandwidth than in the event based system. Network bandwidth is sacrificed for the predictability of regular message size and regular access to the communication channel. Note that some reduction in the overall data is possible. Each piece of data occupies a fixed location in the message. Therefore the data can be restricted to value. Information about what each data point represents is not required to be transmitted with the message.
State based systems can be designed to tolerate the occasional missed message. Re-transmission may not be necessary, since the entire state will be transmitted again in the next time interval. If messages are transmitted at twice the required frequency, the system can meet its deadlines even if every second message is corrupted. In order to tolerate two corrupted messages in a row, the each node could be designed to transmit its messages at three times the required frequency.
One difficulty in state based systems is transient data. It is important for a source node to maintain momentary signals for a sufficient duration that all nodes will see the data. Although the data persists for only a fraction of one message time, a source node may need to transmit the data in several successive messages. This momentary situation is sometimes referred to as the "pulse-stretching" problem. An example of transient data is a momentary push-button which is a hard-wired input to a single node. Assume that indications of button presses are needed at some other node in the system. If the condition that the button had been pushed was transmitted in only a single message, and that message was lost, other nodes would be informed that the button had been pressed.
Finding the Best Real-Time Protocol.
According to [Kopetz97] there has never been or will ever be a perfect real-time protocol. This is because there are fundamental conflicts in the requirements that we would like to place upon the communication system. These requirements are the best features of both event based and state based systems. The conflicts reflect trade-off between either the efficiency or flexibility found in the event-based system and the predictability found in the state-based system. Trade-offs exist for external control versus composability, flexibility versus error detection and protectiveness, sporadic data versus regular data, spontaneous service versus interface simplicity, and probabilistic access versus replica determinism. For a detailed discussion of each specific trade-off refer to [Kopetz97].
Even though no "best" protocol exists, embedded system designers are not relieved of the task of specifying an appropriate communication system. Therefore it is important to focus on the key differentiating factors found in the protocols. The OSI Reference Model, shown in Figure 1, can be used to examine communication protocols. A brief description of the function of each of the layers is provided below. For more information refer to [Spragins94]
Figure 1: OSI Reference Model Layer 7: Application - Provides standard interfaces for different types of data transfer such as mail or file transfer.
Layer 6: Presentation - Allows data to be presented to the application in the native format allowing communication between systems with different data representations.
Layer 5: Session - Provides a means for applications to structure a dialogue between each other.
Layer 4: Transport - Provides transparent transfer of data and end-to-end control of message transfer.
Layer 3: Network - Provides an abstraction from the particular communication technology used at lower layers. Includes the functions of routing and relaying messages within the network.
Layer 2: Data link - Provides the procedures for access to the channel, initiating and closing links between stations, grouping of characters into messages or frames, error control and frame synchronization.
Sublayer LLC - Logical Link control is concerned primarily with the establishment and termination of a virtual connection between two stations in a network. Sublayer MAC - Media Access Control is concerned primarily with arbitrating for and granting access to the communciaiton channel.
Layer 1: Physical - Provides the electrical or optical transmission characteristics and representation of signals. This layer also includes the procedures used to intiate or close communication on a physical link.
Embedded systems tend to focus on layer 1 (physical) and layer 2 (data link) and use minimal or non-existent upper layers. Two reasons for this focus may be 1) embedded communication systems are simple and do not require upper level services 2) upper layers add overhead that cannot be tolerated in some real-time systems. However this situation may change as complexity increases in embedded systems and users demand more features such as the interoperability with other networks. In order for multiple networks to communicate a common interface is needed. A common upper layer in the protocol may provide this interface.
Within the data link layer a sub-layer called media access control (MAC) exists which determines many of the characteristics of a shared media communication system. Several media access techniques have been proposed and successfully used in popular protocols. Some common media access techniques and protocols which use these techniques are covered below.
CSMA/CD - Carrier sense multiple access with collision detection. Each node monitors the channel or carrier to determine when the channel is idle. This is known as carrier sense. If the node has a message to send it begins transmission. The node continues to monitor the channel while it is transmitting. Another node in the network could also begin transmitting on the clear channel. In this case a collision would be detected by both nodes. The nodes would stop transmitting their messages and send a jam signal for a duration long enough for all nodes in the network to see the collision. Each nodes then computes and waits for a random interval before retrying its transmission. The Ethernet protocol used in office LANs (local area networks) popularized this access method. It was later standardized as IEEE 802.3.
CSMA/CA - Carrier sense multiple access with collison avoidance. Initial access to a clear channel is performed similiar to CSMA/CD. However, after a collision and a jam signal, stations use contention slots to resolve access to the channel. These slots give a node or nodes priority of access during its contention slot. Due to this priority contention slot, some collisions that would have occured on retries in CSMA/CD are avoided in CSMA/CA. The slots assignments are rotated between successive collisions to ensure fairness. An example of this protocol is LONWorks.
Polling - In polling, a single master node controls access to the channel. All other nodes are polled sequentially to determine if they have messages to send. If they have messages, they are granted access to send their messages. Note that this method relies heavily on correct operation of the master. Intel's BitBus and many fieldbus communication protocols use this method.
Bit Dominance - In bit dominance protocols, all nodes are synchronized. Each node begins transmission on a clear channel by sending its node or message ID. This ID indicates the priority of its transmission. The node with the highest ID wins the bidding because the 1's in its ID dominate any 0's sent by other nodes. Note that this requires an electrical media where sent 1's dominate over 0's. The Controller Area Network (CAN) based on this access method is used heavily in automobiles.
Token Passing - In token passing, access to the channel is determined by the holder of a token. When this node is finished transmitting, it passes the token in a special message to the next node in the network. If a node has no messages to send, it simply passes the token. Special bidding processes are often required to establish the initial holder of the token and how long each node may hold the token. IBM's token ring, token bus and FDDI (fiber distributed data interface) all use some form of token passing.
TDMA - Time division multiple access. In this access method, the bandwidth of the network is sliced into slots. Each node is allocated one or more slots where it has sole access to the channel. The slots repeat continuously, giving each node periodic access to the channel. ARINC 629 (Aeronautical Radio Incorporation) is a protocol established for embedded airplane networks that use this method. Another TDMA protocol designed specifically for fault tolerant real-time applications is TTP (time-triggered protocol). This protocol is a relatively recent development (1993) and its applications in real embedded systems are unknown to the author.
Individual protocol studies have been undertaken and published in journals. Unfortunately, only limited comparisons of the protocols used in embedded systems have been performed. Refer to [Koopman94] for a qualitative comparison of protocols used in embedded systems and more detailed coverage on individual media access techniques.
Although the protocols themselves are not strictly event or state based, they often lend themselves more easily to one or the other system type. For instance, CSMA/CD used in Ethernet is a probabilistic access method. Event based systems fit well with this protocol because of the sporadic nature of messages. Time division multiplexing protocols break up the network bandwidth into time slices for individual nodes. State based systems can efficiently use one or more time slices to send their regular data.
Error Detection / Diagnostics.
Error detection and diagnostics are important in any embedded system and especially in safety critical systems. Communication systems are fairly advanced in their capabilities for detecting, tolerating and sometimes correcting errors. In Table 1, some typical errors for communication systems are listed. Along with each error type, the typical defenses available in the communication system are discussed. Knowledge of common error types and defenses are invaluable to the system designer.
Channel noise - Noise is typically induced in communication channels from the environment or cross-talk from adjacent wires. A technique to reduce the noise is the use of fiber optics for the communication channel. Fibers are impervious to electro-magnetic interference. Cyclic redundancy checksums (CRC) are often appended to messages. These checksums allow the detection of all single and many multiple bit errors induced in messages. More sophisticated error coding techniques can also be used to correct bit errors.
Stale messages - Old messages that do no represent accurate real-time data may be present in the system. Some protocols include a time-stamp that is inserted by the source to mark the message age. Note that this implies some global time base.
Repeated messages - In certain failures of a host node or its network interface, the same message may be continuously repeated. Some protocols include a serial number for each message. Destination nodes can easily detect repeated or out of sequence messages.
Failure propagation - In a shared media system it is important to prevent failures in one node from propagating to other nodes. Surge protection is often included to prevent electrical failure propagation. Fiber optic cables serve as galvanic isolation between nodes. Redundant networks can also prevent propagation.
Station run-on - Stations may fail in such a way that they monopolize the shared media. Some protocols, such as Ethernet, contain an anti-jabber supervisory circuit. These circuits bound the time that any station is allowed access to the media. The station will be locked out until a specified silence period is observed.
Memory errors - Internal to a node, a message may be copied several times. Copies are typically made in DMA transactions or other exchanges between a host node and its network interface chipset. It is possible to add information checksums to messages that can be used to detect memory errors in the copy process.
Interface hardware failures - Communication interface hardware can fail. Diagnostics are included in many communication systems that allow loop-back testing of the interfaces.
Intermittent errors - Errors may begin to occur at a higher rate that is below the threshold for system errors. However, the increase in these errors may signal a bad part or connection in the system. Many communication chipsets include statistical counters that show error rates and types. If reported to the system level, these errors can signal maintenance action before system failures occur.
Cable breaks - The loss of communication through cable breaks is normally detectable through loss of signal. However, some communication systems include fault-tolerant capabilities that tolerate cable breaks. One example is FDDI, which is configured as counter rotating rings. Individual stations can reconfigure the rings to bypass the cable breaks.
Protocol Analyzers can be attached to most networks to examine data at the bit, character and frame level. Headers for common protocols can be automatically decoded. These analyzers are particularly useful in examining errors and violations of protocols.
Time domain reflectometers can analyze the cabling and connections in networks. Versions of this equipment exist for electrical and fiber optic media. They are useful in finding cable breaks, bad connections and determing cable lengths. These instruments work by sending a wave down a cable and examining the reflections. Each reflection represents a connection or impefection in the cable. In fiber optics, connection quality is extremely important. These instruments can determine the loss in signal level introduced by each connection.
Formal methods techniques have been applied to the verification of communication protocols (Petri Nets, Lotos, SDL, Z …). Petri Nets, in particular, were created to analyze communication networks. The verification of a protocol is normally required during the standardization process. Some level of correctness can be ensured by the embedded system designer if he chooses a standardized protocol.
A more likely effort for embedded system designers is the selection of a communication system. In order to do this, a good handle on the requirements and key issues involved in the decision is needed. A list of the issues and specific recommendations are presented in [Preckshot93] NUREG/CR-6082, Data Communication. This document was developed as a guide for regulatory authorities to use when evaluating proposed systems. Even though it is intended for the nuclear industry it is applicable to other embedded systems because it asks focused questions about the communication system.
The common metrics published in manufacturer's literature are data rate and error rates. Protocol studies give more detailed measures of the performance that may be expected. These studies involve complex modeling and simulation techniques. It is not surprising that large scale quantitative comparisons between many protocols have not been attempted. Examples of the metrics found in protocol studies are throughput versus load, delay versus throughput, and worst case utilization.
In general the communication theory and analysis techniques are quite mature. However, the process of selecting the communication system is ad hoc at best.
Communication may be considered as a form of I/O. However, a more applicable relationship may be the current trend to use field busses to communicate with I/O.
The communication architecture is often the method used for achieving a dependable embedded system, usually through redundancy.
Embedded communication systems are most often real-time systems. The real-time topic covers schedulability, which is important in shared media networks.
Communication enables fault tolerant computing through the use of error detection.
Error coding techniques are often used in communication for error detection, error correction, reliability, compression, and optimum signal-to-noise ratio.
Formal methods are often used for communication protocol verification.
A fundamental trade-off exists between efficiency and predictability in the selection of an event-based system or a state based system. Regardless of the decision, there are shortcomings that must be addressed. The lack of a detailed quantitative comparison of protocols places the burden of communication system evaluation squarely on the embedded system designer. Many of the properties of the communication system are determined by the media access protocol. Therefore, embedded system designers should focus on the media access method when determining what protocol to use. Other significant factors to consider include the communication technology and its cost or longevity. Often overlooked in design are the error conditions. Communication systems have a variety of mechanisms that can be used to detect errors. Utilizing these detection methods, the designer can build a reliable communication system.
[Koopman94] Koopman, P. J., and Upender, B. P, "Communication Protocols for Embedded Systems", Embedded Systems Programming, 7(11), November 1994, pp. 46-48, cs. cmu. edu/People/koopman/protsrvy/protsrvy. html, Accessed: May 8, 1999.
Notes: Good qualitative comparison of protocols, especially the variety of available media access methods. Practical. Written at an introductory level. Examines different media access methods in some detail.
[Kopetz97] Kopetz, H., Real-Time Systems, Design Principles for Distributed Embedded Applications, Klower Academic Publishers, 1997, Chpt.7-8.
Notes: Wide variety of information on real-time systems. A key discussion examines five fundamental trade-offs in the ideal requirements of communication systems. Communication section show bias towards the Time Triggerd Protocol (TTP) which he has written other papers about.
Notes: Written from an safety system assessor's viewpoint for critical systems. However, this document asks all the questions an embedded system designer should ask himself. The appendix is more tutorial in nature.
[Spragins94] Spragins, J. D., Hammond, J. L., and Pawlikowski, K., Telecommunications Protocols and Design, Addison Wesley Publishing, 1994.
Notes: Good source for mathematics of communication, queuing theory, and metrics. Unfortunately, the examples covered are standard communication protocols rather than embedded system protocols. This reference also provides a good background on the OSI Reference Model and communication networks in general.
قراءة متعمقة.
[Norden98] Norden, S., Manimaran, G., Siva Ram Murthy, C., "New Protocols for Hard Real-Time Communication in the Switched LAN Environment", Proceedings - 23rd International Conference on Local Computer Networks, IEEE Computer Society, 1998, pp. 364-373.
Notes: The discussion is more tailored to using existing telecom networks. Not so applicable to embedded systems. This may be a future issue. Does cover the issue of QOS and mixing of traffic types.
[Paige90] Paige, Lt. J. L., "SAFENET - A Navy approach to Computer Networking", Proceedings - 15th International Conference on Local Computer Networks, IEEE Computer Society, 1990, pp. 268-273.
Notes: High level architecture of two safety critical communication systems. One is based on Ethernet, the other on FDDI.
Notes: Tries to predict if Ethernet will spread to factory floor. May be too opinionated. Not very strong in supporting arguments. May have hidden agenda, since it is on his employer's web site.
[Raman90] Ramanathan, P., Shin, K. G., Butler R. W., "Fault-Tolerant Clock Synchronization in Distributed Systems", IEEE Computer, 23(10), 1990, pp. 33-42.
Notes: This is big issue for some protocols like TDMA (and for some applications that require sequence-of-events). Gets into the Byzantine General's problem for synchronization in the presence of faulty clocks. There are lots of papers about this issue. [Kopetz97] has one also.
[Scholl88] Scholl, F. W. and Coden, M. H., "Passive Optical Star Systems for Fiber Optic Local Area Networks", IEEE Transactions on Selected Areas in Communications, 6(6), 1988, pp.913-923.
Notes: Good idea because the network connection is passive and therefore more reliable. Unfortunately, this method may not be supported by current technology. High losses in stars only work with strong transmitters. Ok in early days when fiber optic transmitters were high power. Now most transmitters are LEDs with lower power output.
[Upender97] Upender, B. P. and Dean, A., "Embedded Communication Network Pitfalls", Embedded Systems Programming, 10(9), 1997, embedded/97/fe29709.htm, Accessed: May 8, 1999.
Notes: Analysis of the problems with protocols for certain applications, but only covers 3 (LonTalk, CAN and IEEE-1394).
[Zhao95] Zhao, W. and Malcolm N., "Hard Real-Time Communication in Multiple-Access Networks", Real Time Systems, 8, 1995, pp.35-77.
Notes: In depth analysis of MAC types. Tends toward mathematical.

Trade-off in embedded systems

The Infona portal uses cookies, i. e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
INFONA - science communication portal.
نبذة مختصرة.
Identifiers.
User assignment.
Assignment remove confirmation.
You're going to remove this assignment. هل أنت واثق؟
Sch. of Comput. Sci. وأمبير. Technol., Xidian Univ., Xi'an, China.
Yingfeng Wang.
Sch. of Comput. Sci. وأمبير. Technol., Xidian Univ., Xi'an, China.
Zhijing Liu.
Sch. of Comput. Sci. وأمبير. Technol., Xidian Univ., Xi'an, China.
Additional information.
Share.
Export to bibliography.
Reporting an error / abuse.
Sending the report failed.
Submitting the report failed. Please, try again. If the error persists, contact the administrator by writing to support@infona. pl.
Accessibility options.
You can adjust the font size by pressing a combination of keys:
You can change the active elements on the page (buttons and links) by pressing a combination of keys:
TAB go to the next element SHIFT + TAB go to the previous element.

Embedded Use.
HMIs for Embedded Devices.
Why Use Qt for Embedded Systems.
When my customers develop embedded systems, they face similar challenges:
Challenge 1: iPhone-Like HMI Challenge 2: Internet-Connected Challenge 3: Running Everywhere Challenge 4: Fast Time-To-Market.
Using examples from different industries, I’ll first elaborate on the challenges and then on how Qt can help us to solve these challenges. These challenges are typical for nearly every industry nowadays: automotive, agricultural, medical, manufacturing, home-appliance, home-automation – to name just a few.
Challenge 1: iPhone-Like HMI.
Challenge Explained.
Requirement specifications for HMIs have become pretty short these days: “My HMI shall look, feel and behave like an iPhone”. But – what does it mean for an HMI to be iPhone-like? I think that Larry Constantine’s five rules to characterise good usability give the best definition of “iPhone-like” (Note: I summarised Constantine’s rules 1, 2 and 3 into my rule 1):
Rule 1: HMI adapts easily to different experience levels (beginner, intermediate, expert). Rule 2: HMI is suited for the context, in which it is used. Rule 3: HMI makes real work easier, faster, more fun, or makes new things possible.
My simple washing machine has a strictly mechanical HMI: a rotary button, a few push buttons, no display. I have three types of laundry: the stinky stuff (underwear, towels, etc.), the normal stuff (shirts, good pants, etc.) and the special stuff (some woollen sweaters). For each type, I have to set the buttons again and again. There is no way to define a programme for each type. So, my simple washing machine fails Rule 1, as it is no good for intermediate or expert use.
A good example for Rule 2 are the different ways of user input for an in-vehicle infotainment system. Entering a destination is pretty tedious with a rotary knob, but pretty simple with touch. In contrast, changing the settings of the climate control is simpler and especially less distracting with the rotary knob than with touch. With touch input, the driver must look at the screen. With a rotary knob, the driver can do the change without looking. The simplest way of all is speech control, which fits the context of driving a car best.
Getting Rule 3 right is what made the iPhone such a success. Browsing through photos in cover flow with a simple flick of our finger is obviously easy, fast and fun. Everyone grasps the idea intuitively and gets grumpy when they have to browse photos in the old way. Another example for Rule 3 is navigation. By simply adding a GPS antenna to a smartphone, it became possible to use the smartphone as a sat nav – and save some money on buying a separate sat nav.
These three rules are a good guideline to tell apart a good and a bad HMI. They also give a pretty clear idea what customers mean when they want an “iPhone-like user experience”.
Solution with Qt.
Of course, the first step towards an iPhone-like user experience is a really good user interaction design. For the next step, the implementation of this design, we need a technology that makes it easy and quick to turn a great design into a great HMI of our embedded system. Enter QML!
QML is a lightweight declarative language built on top Qt. It is very easy to learn and leads to very compact code. In the early days of QML, I was tasked by a premium TV maker to rewrite a prototype of their TV GUI in QML. They needed 20 days and 18K lines of code to write the original prototype. The QML version took me only 5 days and 1.5K lines of code. And bonus, the QML version ran much faster and smoother on their TV hardware.
QML enables a pair of a UI designer and an application developer to develop a GUI very quickly in a very agile way. The design gets implemented almost instantly and tried out immediately on the target hardware. The pair can even ask some users to try out a feature. Based on the users’ feedback, the GUI is changed – often on the spot. Knowing early what works and seeing alternatives is very valuable to customers. QMLs support for an agile approach (very much in the sense of eXtreme Programming) makes it easy to satisfy the three golden rules of good usability.
QtCreator – a first-class IDE for developing software with QML, Qt and C++ – includes a UI designer (tool) for QML. So, it supports the work of both the UI designer (person) and the application developer very well. If this is not enough, QtCreator can be customised to special needs, as it is open-source and is implemented using a plugin architecture.
Here are a few examples of systems using QML for their GUIs: Blackberry 10 smartphones, in-vehicle infotainment (IVI) system of QNX’s concept car for CES 2017, IVI systems of three car OEMs (soon to be on the roads), Freebox set-top box (STB) by French telco Free, millions STBs and TVs, Loewe’s SoundVision system, in-flight entertainment systems of 50+ airlines, home appliances of several top-10 OEMs and many more systems. If you are still not convinced about the simplicity and power of QML, read KDAB’s post “Qt 5 under the hood”. It is a fantastic testimony by QNX how easy and fast it was to develop the in-vehicle infotainment system of QNX’s concept car for CES 2017. It says it all!
Challenge 2: Internet-Connected.
Challenge Explained.
If we hook up our home appliances to the Internet, new things become possible (Rule 3 from above). The oven can send an alert to our smartphone when the bread is ready. So, we can watch TV in another room without the bread getting burned. When our washing machine is defect, it can prepare a diagnostics report, which we can send to the technical support of the manufacturer. The technical support could even log into our washing machine to find out what’s wrong. Or, we can control our wireless speakers from our induction hob such that we can listen to Internet radio stations or our own music. There seem to be nearly limitless possibilities once a device is connected to the Internet.
Solution with Qt.
Qt supports the application layer protocols like HTTP, TLS/SSL, FTP and DNS right out of the box – even through proxy servers. This is easily enough to use web services over RESTful APIs. If we need other application layer protocols, say, like SIP, RPC or POP3, we can implement them using Qt’s TCP and UDP socket classes. We can also use these socket classes to implement proprietary protocols. More often than not, we’ll find out that someone else has implemented a communication stack with Qt already. There are stacks for SIP, VoIP, SOAP and many others. So, Qt has all that’s needed to connect our embedded systems to the Internet.
Challenge 3: Running Everywhere.
Challenge Explained.
Users can nowadays control their home appliances from their smartphones, tablets and PCs – in addition to controlling them directly from, say, a touch screen. Hence, similar HMI software must run on different smartphone and tablet OSs (iOS, Android, Windows Phone, etc.), on different desktop OSs (Windows 7/8, Mac OS X, Linux), and on the OS of the embedded system (Linux, QNX, vxWorks, etc.). On top of that, the OS must run on different processor architectures (ARM, Intel, SH4, MIPS, etc.) – with different means of graphics acceleration (OpenGL, OpenVG, DirectFB, none).
Of course, we do not want to develop the same HMI software for each mobile, desktop and embedded OS over and over again. That would multiply our development efforts. Hence, we want to reuse as much code as possible. And, we do not want to care on which OS and processor architecture our system will run in the end.
Solution with Qt.
There are two technologies that run everywhere: Web (HTML, JavaScript, CSS, etc.) and Qt. Especially on resource-restricted systems like embedded systems and smartphones, Web is not a serious contender. It is far too resource hungry with respect to memory, speed and power. Consequently, the user experience is not at all iPhone-like. Yes, that is exactly the reason why the HTML5 apps of Facebook and Google Maps were replaced by native apps on iOS and why the Palm Pre failed so miserably.
This leaves Qt as the last man standing when it comes to technologies running everywhere with near-native performance. Qt runs on all desktop operating systems (Windows XP/7/8, Mac OS X, Linux), on all relevant mobile operating systems (iOS, Android, Blackberry, Windows Phone) and on most embedded operating systems (Linux Embedded, Windows Embedded, QNX, vxWorks, Nucleos, Integrity). And, it runs at near-native performance. Qt makes a much better trade-off between being cross-platform and running at native performance than Web.
Once developed, we can run our system on every relevant mobile, desktop and embedded operating system. This is in stark contrast with developing the system for every operating systems natively and separately – using different technologies on these systems. Qt will save us a lot of development and allows us to bring our products to the market faster.
Challenge 4: Fast Time-To-Market.
Challenge Explained.
Volkswagen has nine brands including VW, Audi, Seat, Skoda and Porsche. Every brand has many different models (Up, Polo, Golf, Passat, Tiguan, Caddy, etc.) for different categories (supermini, compact, family, premium, SUV, etc.). Volkswagen sells its cars in nearly every country of the world (150+ countries), which requires localisations to the special regulations and user requirements of these wishes.
That is a lot of complexity, Volkswagen and other car makers have to cope with. And, they have to release their cars to market in ever shorter cycles. When it comes to hardware like the car body, engine, power train, seats or dashboard, they have figured it out pretty well. They use the same parts in cars of different brands addressing similar market segments. In short, car makers use a platform concept.
When it comes to software like in-vehicle infotainment (IVI) systems, car makers have failed miserably. Different brands use different suppliers to build their IVI systems. Even worse, car makers use different suppliers for the same brand. Every time car makers changes their supplier, they change to a completely different IVI system. The situation is not much better with makers of home appliance or agricultural machines. What a waste of time and money!
Solution with Qt.
What all these OEMs need, is a proper software platform! The platform must enable the OEMs to adapt their GUIs easily to the look, feel and behaviour of different brands, models, categories and countries. It must also enable them to run their system on different hardware platforms and operating systems. Essentially, the platform must enable the OEM to become independent of the supplier and change suppliers easily.
The platform provides APIs for functional areas like vehicle data, multimedia, radio, connectivity, navigation, window management, configuration management and diagnostics. These APIs constitute a software application layer, which makes the GUI of the IVI system independent of the actual software used for these areas. For example, the GUI doesn’t have to worry about, whether multimedia functionality is implemented with the GStreamer or Cinemo multimedia stack. On different hardware platforms, the multimedia API can even be implemented by different stacks.
Qt is ideally suited for this kind of abstraction, because it provides many of these APIs already like APIs for multimedia, connectivity and window management. Furthermore, Qt is all about cross-platform APIs that abstract away the actual implementations. If some APIs are missing in Qt, we can easily extend Qt. For our car OEM, we would provide a base SDK (software development kit), which serves as the base platform for all of its cars. There may be special SDKs, built on top of the base SDK, for different car categories or models.
These SDKs make it easy for the application developers to implement the HMI of the IVI system. These developers can work on their PCs and then try out their work on the actual hardware – right from the beginning of the project. Thanks to the SDKs, they don’t have to know on which platform they are running their software. Of course, the SDK also provides a library of standard widgets specific to the brand and the model.
This leaves us with the problem that the GUI of the IVI system must adapt easily to different brands, car models, car categories, countries, screen sizes and screen resolutions. Dealing with all these variants is where QML shines. As long as the layout of the GUI stays pretty much the same, we can handle this with themes (simple changes like colours, images, fonts, sounds, etc.). If the layout changes drastically, we must resort to skins, where we must rewrite parts of the GUI. In both cases, Qt’s file selectors will be of great help to manage all the different variants of the GUI.
Initially, the effort to build such a platform is higher than building just an IVI system. But the costs will quickly amortise – at the latest when the OEM changes a supplier or uses different suppliers for different brands. Personally, I know of three car OEMs that are building such platforms with Qt to be faster to the market. Unfortunately, they don’t want to be name at the moment.