26 CHAPTER 1 Industrial control systems significant overheads, leading to many aperiodic instead of periodic tasks. Moreover, deadlocks can appear in closed-loop systems, which could cause execution to fail. Shared memory and proper synchronization mechanisms are used to prevent deadlocks, and priority inversion should be used. (b) Incorrect timing Many RTOS kernels provide a program delay, running or waiting mechanism for hardware oper- ations, such as I/O data transfer and CPU cleaning of memory partitions. They are implemented as empty or dummy loops, which can be lead to non-optimal delays. RTOS timing mechanisms should be used here for implementing exact time delays. Program design should be done with execution-time measurement. It is very common to assume that the program is short enough, and the available time is sufficient, but measuring of execution time should be part of the standard testing in order to avoid surprises. The system should be designed such that the execution timing of code is always measurable. (c) Misuse interrupts In a real-time system, interrupts cannot be scheduled by the scheduler because interrupts are mandatory for getting services. Because they can occur randomly, interrupts seriously affect real-time multi-tasking predictability. Programs based on interrupts are very difficult to debug and to analyze. Moreover, interrupts operate in the task context handled by the RTOS kernel; a task corresponding to the response to a given event could lack a real-time timing requirement. There is a very common misunderstanding which says that interrupts save CPU time and they guarantee the start of execution of a task. This can be true in small systems, but it is not the case for complex real-time systems, where non-pre-emptive periodic tasks can provide similar latency with better predictability and CPU utilization. Therefore, interrupt service routines should be programmed in such a form that their only function is to signal an aperiodic server. (d) Poor analyses Memory use is often ignored during program design. The amount of memory available in most real- time systems is limited. Frequently, programmers have no idea how much memory is used by a certain program or data structure. A memory analysis is quite simple in most real-time system development environments, but without it a program can easily crash at run-time. Sometimes, statements are used to specify register addresses, limits for arrays, and configuration constants. Although this practice is common, it is undesirble as it prevents on-the-fly software patches for emergency situations, and it increases the difficulty of reusing the software in other applications. In fact, changes in configuration require that the entire application has to be recompiled. 1.3 DISTRIBUTED CONTROL SYSTEMS 1.3.1 Principles and functions The distributed control system (DCS) is a concept which is difficult to define. To fully clarify what a distributed control system is, it is helpful to understand the evolution of control system imple- mentation and hardware elements, and how information flow and decision-making developed.