Principles of Data Conversion System Design

The monitoring system has to provide users with the effective control system on the ground of existing requirements and standards. To generalize the SCR techniques for writing requirements and to establish a formal foundation for the notions introduced in the A-7 requirements document (e.g., the inputs and outputs, the accuracy and timing requirements, and the required responses to undesired events), Parnas and Madey in 1995 published the Four Variable Model [37]. This model represents the required behavior of a software system in terms of four sets of variables|monitored, controlled, input, and output variables|and four relations|NAT, REQ, IN, and OUT. Whereas the A-7 requirements document specifies the required behavior of software by describing outputs as functions of the state and history of the environment, the Four Variable Model describes the required behavior of a software system by describing the required relation between two sets of environmental quantities, quantities that the system monitors and those that it controls. NAT and REQ are relations on the monitored and controlled variables, variables that represent the time-varying discrete and continuous environmental quantities that the system monitors and controls.

NAT describes assumptions about system behavior, i.e., constraints imposed on the monitored and controlled quantities by physical laws and the system environment. REQ describes those aspects of the environment that the system is expected to control, i.e., how the system is required to change the controlled quantities in response to changes in the monitored quantities. In the Four Variable Model, the system requirements are specified in two steps. First, the \ideal” system behavior is specified: i.e., NAT and REQ are defined as if the system could obtain perfect values of the monitored variables and compute perfect values of the controlled variables. Next, the relations IN and OUT are used to specify the tolerances, i.e., the accuracy required in measuring values of the monitored quantities and in computing values of the controlled quantities. In the model, input devices (e.g., sensors) measure values of the monitored quantities and output devices (e.g., actuators) assign values to the controlled quantities. The variables that the input devices read, called input variables, and those that the output devices write, called output variables, are directly available to the software. IN defines the tolerances on the monitored quantities as a mapping from the monitored quantities to the input variables. Similarly, OUT defines the tolerances on the controlled quantities as a mapping from the output variables to the controlled quantities.

Tables 1-3 define REQ, the required relation between the monitored and controlled variables in the SIS. Table 1 is a mode transition table describing the mode class Pressure as a function of the current mode and events defined on the monitored variable WaterPres. The table makes explicit all events that change the value of Pressure. For example, the first row states, \If Pressure is TooLow and WaterPres rises to or above Low, then Pressure changes to Permitted.” Events which do not change the mode are omitted from the table. For example, if Pressure is TooLow and WaterPres changes but remains less than Low, then Pressure remains TooLow after the event.

Table 1: Mode Transition Table for Pressure.

Old Event Event New Event
Too Low @T(WaterPres  Low) Permitted
Permitted @T(WaterPres  Permit) High
Permitted @T(WaterPres < Low) Too Low
High @T(WaterPres < Permit) Permitted

Table 2 is an event table describing the term Overridden as a function of Pressure and the monitored variables Block and Reset. Like mode transition tables, event tables make explicit only those events that cause the variable defined by the table to change. For example, the middle entry in the second row states, \If Pressure is Too Low or Permitted and Block becomes On when Reset is Off, then Overridden becomes true.” In contrast, if the mode is High and either Block or Reset changes, then the value of Overridden remains the same because no events in the first row involve either Block or Reset. The entry \False” in row 1 means that when the mode is High, no event can cause Overridden to become true.

Table 2: Event Table for Overridden.

Mode class pressure Events
High False @F(Pressure=High)
Too low Permitted @T(Block=On) WHEN Reset=Off @T(Pressure=High) OR @T(Reset=On)
Overridden True False

Table 3 is a condition table describing the controlled variable Safety Injection as a function of Pressure and the term Overridden. Table 3 states, \If Pressure is High or Permitted, or if Pressure is Too Low and Overridden is true, then Safety Injection is Off; if Pressure is Too Low and Overridden is false, then Safety Injection is On.” The entry \False” in the first row means that Safety Injection is never On when Pressure is High or Permitted.

Table 3: Condition Table for Safety Injection

Mode class pressure Conditions
High, Permitted True False
Too Low Overridden Not Overridden
Safety Injection Off On

In the model, a system state is defined as a function mapping each state variable to a type-correct value and TY as a function that maps each state variable to its type, i. e., set of legal values. In the SIS, the type definitions include TY(Pressure) = fTooLow, Permitted, Highg TY(WaterPres) = f0; 1; 2; 2000g TY(Overridden) = ftrue, falseg TY(Block) = fOn; Offg: In the model, a condition is a predicate on a single system state and an event a predicate on two system states which is true if the states differ in the value of at least one state variable. The model defines a conditioned event \@T(c) WHEN d” as @T(c) WHEN d def = :c ^ c 0 ^ d; (1) where c and d are conditions, and the unprimed c denotes c in the old state and the primed c denotes c in the new state. Applying the definition in (1), the conditioned event @T(Block=On) WHEN Reset=Off can be rewritten as Block 6= On ^ Block0 = On ^ Reset = Off: This event occurs if both Block and Reset are Off in the old state and Block is switched On in the new state.

In the SCR model, a software system  is represented as a state machine =(S; S0; Em ; T ), where S is a set of states, S0  S is the initial state set, Em is the set of monitored events, and T is the transform describing the allowed state transitions. The transform T (which corresponds to REQ in the Four Variable Model) maps a monitored event e in Em and a state s in S to a new state s 0 . A basic assumption, called the One Input Assumption, is that exactly one monitored event occurs at each state transition. A second assumption, called the Synchrony Assumption, requires a system  to completely process each monitored event before it processes the next monitored event. To compute the next state, the transform T composes the functions derived from the condition, event, and mode transition tables. For T to be well-defined, no circular dependencies are allowed in the definitions of the state variables. To achieve this, the model requires a partial order on the values of state variables in the new state. The model contains definitions of the functions that can be derived from the SCR tables.2 Applying the definition in the model to the condition table in Table 3 produces the following definition of the controlled variable SafetyInjection: SafetyInjection = ( Off if Pressure =High _ Pressure =Permitted _ (Pressure = TooLow ^ Overridden = true) On if Pressure = TooLow ^ Overridden = false: Similarly, applying the definition in the model to the event table in Table 2 produces the following definition of the term Overridden: Overridden0 = 8 >>>>>>>>>>>>< >>>>>>>>>>>>: true if (Pressure = TooLow ^ Block0 = On ^ Block = Off ^ Reset = Off) _ (Pressure = Permitted ^ Block0 = On ^ Block = Off ^ Reset = Off) false if (Pressure = TooLow ^ Reset0 = On ^ Reset = Off) _ (Pressure = Permitted ^ Reset0 = On ^ Reset = Off) _ (Pressure0 = High ^ Pressure 6= High) Overridden otherwise To define the required behavior completely and unambiguously, each SCR table must define a total function. To achieve this, the model requires the information in each table to satisfy certain properties. To define the required behavior unambiguously, each condition and event table must satisfy the Disjointness Property: the pairwise conjunction of conditions (events) in each row of a condition (an event) table must always be false. Inspection of Tables 2 and 3 shows that both tables satisfy the Disjointness Property. For example, in Table 3, true ^ false = false and Overridden ^ :Overridden = false . To define the required behavior completely, a condition table must satisfy the Coverage Property: the disjunction of the conditions in each row of the table must be true. Inspection shows that the condition table in Table 3 satisfies the Coverage Property (since true _ false = true and Overridden _ :Overridden = true). By requiring the value of the variable defined by an event table to remain the same if an event occurs which does not appear explicitly in the table, the model ensures that the table defines a total function.

References:

Behzad, R. (2003). Principles of Data Conversion System Design. New York: Random House.

Rudin, W. (1976).  Principles of Mathematical Analysis. New York: McGraw-Hill.

Tanenbaum, A. S. (2003). Computer Networks (4th Ed), Prentice Hall.

The terms offer and acceptance. (2016, May 17). Retrieved from

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016.

[Accessed: March 29, 2024]

freeessays.club (2016) The terms offer and acceptance [Online].
Available at:

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]
close
Haven't found the right essay?
Get an expert to write you the one you need!
print

Professional writers and researchers

quotes

Sources and citation are provided

clock

3 hour delivery

person