RUN-TIME MONITORING
Despite the use of the best state-of-the-art techniques for static or pre-run-time analysis and verification of a real-time system, there will often be system behavior that was not anticipated. This unexpected behavior may be caused by events and actions not modeled by the static analysis tools or may be the result of making simplified assumptions about the real-time system. Therefore, it is necessary to monitor the execution of the real-time system at run-time and to make appropriate adjustments in response to a monitored behavior that violates specified safety and progress constraints.
Even if the real-time system meets the specified safety and progress constraints at run-time, monitoring may provide information that can improve the performance
and reliability of the monitored system. Here, the monitored real-time system is the target system and its components, such as programs, are called target programs. The monitoring system is the system used to monitor and record the behavior of the target system. It consists of instrumentation programs, instrumentation hardware, and other monitoring modules. Basically, the monitoring system records the behavior of interest of the target system and produces event traces. These event traces may be used on-line as a feedback to the real-time controller or may be analyzed off-line to see if the target system needs to be fine-tuned.
There are two broad types of monitoring techniques: intrusive and nonintrusive. Intrusive monitoring uses the resources of the target system to record its behavior and thus may alter the actual behavior of the target system. A simple example is the insertion of print statements in a target program to display the values of the program variables. Another example is the extra statements inserted in the programs of computing nodes to record their states and the exchanges of these state variables in taking a snapshot of a distributed real-time system. A non-computer example is the addition of speed and impact-force sensing instruments in an automobile to record its performance. In all these monitoring cases, the monitoring system’s use of the target system’s resources (processor, memory, electricity, fuel) may change the target system’s behavior. The degree of intrusion varies in different monitoring systems, and different target systems may accept monitoring systems with different degrees of intrusion or interference.
Nonintrusive monitoring, however, does not affect the timing and ordering of events of the monitored target system. This is especially important in the monitoring of real-time systems where both timing and ordering of events are critical to the safety of the real-time systems. An example is the use of additional processor(s) to
run monitoring programs used to record the target system’s behavior in a real-time environment.
The availability of monitoring systems does not mean that we can relax on the task of stringent pre-run-time analysis and verification of the target system. Rather, monitoring should serve as an additional guarantee on the safety and reliability of the safety-critical target real-time system.
