Peters, D.K.
Parnas, D.L.
Fac. of Eng. & Appl. Sci., Memorial Univ. of Newfoundland, St. John's, Nfld.;
This paper appears in: Software Engineering, IEEE Transactions on
Publication Date: Feb 2002
Volume: 28,
Issue: 2
On page(s): 146-158
ISSN: 0098-5589
References Cited: 44
CODEN: IESEDJ
INSPEC Accession Number: 7187230
Digital Object Identifier: 10.1109/32.988496
Posted online: 2002-08-07 00:41:23.0
Abstract
Before designing safety- or mission-critical real-time systems, a
specification of the required behavior of the system should be produced
and reviewed by domain experts. After the system has been implemented,
it should be thoroughly tested to ensure that it behaves correctly. This
is best done using a monitor, a system that observes the behavior of a
target system and reports if that behavior is consistent with the
requirements. Such a monitor can be used both as an oracle during
testing and as a supervisor during operation. Monitors should be based
on the documented requirements of the system. If the target system is
required to monitor or control real-valued quantities, then the
requirements, which are expressed in terms of the monitored and
controlled quantities, will allow a range of behaviors to account for
errors and imprecision in observation and control of these quantities.
Even if the controlled variables are discrete valued, the requirements
must specify the timing tolerance. Because of the limitations of the
devices used by the monitor to observe the environmental quantities,
there is unavoidable potential for false reports, both negative and
positive, This paper discusses design of monitors for real-time systems,
and examines the conditions under which a monitor will produce false
reports. We describe the conclusions that can be drawn when using a
monitor to observe system behavior
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
