Environmental Engineering Reference
In-Depth Information
ing system is deemed necessary, it should execute
only the simplest functions. The use of interrupts
in the course of executing the most critical func-
tions should be prohibited. One should note that
in order to fulfill this requirement more precise
criteria should be developed, after providing a
detailed explanation of the functions for which
the use of the operating system must be limited.
Requirements for monitoring and diagnostics
can be divided into four groups with consideration
of the kinds of processes and objects, for evaluation
of the state of which software is used:
not built-in or permanently connected monitor-
ing devices; all degradations of characteristics of
safety functions are discovered on a timely basis; if
any failure is discovered timely automatic actions
that correspond to the situation are generated.
Moreover, an important part of requirements
for monitoring and diagnosis are the requirements
related to execution of mandatory limitations
and procedures during their implementation:
implementation of monitoring and diagnostic
programs (self-monitoring and self-diagnostics)
should not affect fulfillment of programs of the
main information and control functions and/or lead
to unacceptable degradation of a characteristic;
one should make an analysis of the situations and
procedure, which allow to avoid false errors; the
software should provide automatic recording, stor-
age and display of data on results of monitoring and
diagnostics (self-monitoring and self-diagnostics).
Requirements for reliability and stability:
By reliability of software we mean its property
of preserving serviceability and converting raw
data to the result being sought under the given
conditions in the assigned time. By stability of
software we mean its ability to execute its functions
in anomalous situations (during breakdowns and
failures of hardware devices, operator errors and
errors in the raw data) (DSTU, 1994).
Requirements for software related to assur-
ance of reliability and stability can be classified
according to a scheme, whose basic elements are:
sources of failures and influences on software
and I&C system; kind of failures and influences;
methods of protection from them.
Sources of failures can be: internal sources
with respect to I&C system (both software and
hardware); external sources with respect to the I&C
system (other I&C systems; operating personnel;
repair personnel).
By kind of failures, which should be compen-
sated by means of programming devices, we can
distinguish: failures (breakdowns) of hardware
devices; failures (breakdowns) caused by the ap-
pearance of software defects, which are introduced
1. Requirements to monitoring I&C system by
programming means.
2. Requirements to diagnosis (search for mal-
functions) of I&C system by software means.
3. Requirements to self-monitoring of software.
4. Requirements to self-diagnostics of software.
In other words the main requirements for
monitoring and diagnosis are:
a. Software should perform (a) continuous
automatic monitoring of operating condition
and (b) periodic function checks of the I&C
system.
b. Software should provide diagnostics of I&C
system at the level required by specification.
c. Software should provide self-monitoring
and self-diagnosis.
For this purpose, the following should be used:
monitoring of intermediate and the final results
of the execution of programs and their allowable
duration; repeated counting and comparison of
the results; discovery of prohibited situations;
monitoring data in memory and so forth. For
monitoring of I&C software of safety class 2 dif-
ferent types of diversity can be used.
It is necessary that in the process of monitoring
and diagnosis: all functions are checked that are
important for I&C system safety; during periodic
testing it is mandatory to check devices which are
Search WWH ::
Custom Search