Synthesizing a Specification-based Monitor for Safety Requirements

Safety-critical systems such as medical and avionic ones are the systems in which failure to satisfy the user requirements may put man’s life and resources in jeopardy. Since the adequate reliability of the software of such systems may be unobtainable via formal methods and the software testing approach single-handedly, verification of run-time behavior of software against user requirements violation is considered as a complementary approach. However, the synthesis of such a run-time verifier, hereafter we have called it a monitor, is confronted with the challenging problem of verifying low-level run-time behavior of target software against high-level user requirements violation. To solve this problem, we propose an approach in two phases. In the first phase, we obtain user requirements and then specify their violation formally. This formal specification is a high-level version of user requirements violations and should be mapped to a low-level one. To this end, in the second phase we extract a tabular automaton from the formal specification of user requirements violations in order to determine a state-based specification of the violations. This low-level specification, which constitutes the core of the monitor, determines those states which target software should not reach. To show the effectiveness of our approach, we apply it to the synthesis of a monitor for verifying behavior of the Continuous Insulin Infusion Pump (CIIP) system. Keywords– Safety-critical systems, run-time verification, event-based specification, state-based specification