General Navigation Buttons - Home | Search | Contact Us | Site Map | Whats New
engineering graphic
white space
engineering
Simplex main page
Introduction
Demonstrations
References
Simplex Sponsors
Simplex Glossary
white space
About SEI|Mgt|Eng|Acq|Collaboration|Prod.& Services|Pubs
pixel
Rollover Popup Hints for Topic Navigation Buttons above
pixel
A Glossary of Simplex Terms


analytic redundancy
If a set of objects, A and B, meet a safety requirement R, they are said to be analytically redundant. Analytically redundant objects do not need to be identical or even similar as long as they meet the safety requirement. For Simplex, control software must be analytically redundant, but the individual modules need not be written using the same programming language, run on the same machine architecture or use the same algorithms.

bounded priority inversion
The circumstance where priority inversion can occur, but only for a bounded time period. Bounded priority inversion may be treated mathematically to build predictably schedulable systems.

distribution tag
A logical handle by which messages can be communicated between replacement units. A distribution tag represents a logical channel for messages. Subscribers can subscribe to and receive all messages published on a particular tag and need not know the publisher(s). Similarly, the publishers need not know the subscriber(s).

leadership protocol
A method for reducing multiple streams of control output to a single output which can be used to actually control a device. This step is typically required whenever multiple controllers are run in parallel. Using a set of monitoring and switching rules (the safety net), leadership protocol allows one of the analytically redundant controllers to exert control. This leader is allowed to control for as long as it meets the rules of the safety net.

priority inversion
A situation where a lower-priority process blocks the execution of a higher-priority process.

replacement unit
A process abstraction which encapsulates an application process with a uniform communications template into an executable module. Replacement units are designed so that they can be replaced by an equivalent replacement unit and can be replaced themselves. The basic building block of the Simplex Architecture.

replacement unit manager
Software which creates and manages replacement units. Provides the initialization and finalization support.

safety controller
A replacement unit which holds the highest precedence controller for a system. Used as a last chance and recovery controller when switching between controllers. In single CPU configurations the safety controller must be error free; this condition is relaxed in multiple CPU systems. Generally the safety controller is either designed to be simple and verifiable or has a long operational history which provides a high confidence factor.

safety net
The set of rules which are used to monitor operation of control software. Simplex safety nets are designed operate effectively based on the external behavior replacement units.

upgrade paradox
Refers to the difficulty of adding new functionality in a fault tolerant way to some types of software architectures. If the fault tolerant scheme requires complete agreement between redundant components, safe partial substitution of new components for testing is, at best, problematic.


The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University.

Copyright 2007 by Carnegie Mellon University
Terms of Use
URL: http://www.sei.cmu.edu/simplex/simplex_glossary.html
Last Modified: 21 February 2007