Final Exam | Dependability - Spring 2008 | CS 686, Exams of Computer Science

Material Type: Exam; Professor: Knight; Class: Dependability; Subject: Computer Science; University: University of Virginia; Term: Spring 2008;

Typology: Exams

Pre 2010

Uploaded on 07/29/2009

koofers-user-kmi
koofers-user-kmi 🇺🇸

9 documents

1 / 8

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
. This is a closed book, closed notes examination.
. Write your answers on the examination paper in ink or legible pencil.
.If your answer cannot be read or understood, or if your answer is vague or confused, it will be
marked wrong.
. In any question, make any assumptions that you need to but document your assumptions.
. The number in parentheses after each question is the number of points allocated to that ques-
tion.
NAME (Print Legibly. All Capitals):
PLEDGE (Write Out In Full And Sign):
CS 686
DEPENDABLE COMPUTING
FINAL EXAMINATION
SPRING 2008
Final Examination - Three Hours
pf3
pf4
pf5
pf8

Partial preview of the text

Download Final Exam | Dependability - Spring 2008 | CS 686 and more Exams Computer Science in PDF only on Docsity!

. This is a closed book, closed notes examination. . Write your answers on the examination paper in ink or legible pencil. . If your answer cannot be read or understood , or if your answer is vague or confused, it will be marked wrong. . In any question, make any assumptions that you need to but document your assumptions. . The number in parentheses after each question is the number of points allocated to that ques- tion.

NAME ( Print Legibly. All Capitals ):

PLEDGE ( Write Out In Full And Sign ):

CS 686

DEPENDABLE C OMPUTING

FINAL EXAMINATION

SPRING 2008

Final Examination - Three Hours

Page score

  1. You have been hired by the Bell Computer Corporation to help deal with the least dependable component of a laptop computer, the hard disk drive.

(a) What is the most significant hazard associated with the disk that a laptop faces? (5)

(b) For that hazard, draw the top three levels of the associated (hypothetical) fault tree. (10)

(c) List the nodes in your fault tree that would not be present with a disk-drive replacement based on compact-flash technology. (5)

(d) Suppose the current laptop disk was replaced with a mirrored disk (two drives operating in parallel with identical data). Using the fault tree from (b), estimate how effective mirror- ing the disk would be at increasing the MTTF of the disk system. (10)

Page score

  1. A computerized control system is required for a building’s hot water system. A large hot- water tank has digital temperature sensors from top to bottom every six inches, and two heat- ing elements, one at the top of the tank and one at the bottom. The control system has access to a simple clock that provides time of day as an hour in the range 0..11 with an AM/PM indi- cator. To ensure an adequate supply of hot water, the system uses the following algorithm (all temperatures are Fahrenheit):
    • From 6:00 a.m. to 9:00 a.m. if the top temperature is below 180, the upper heater is turned on and if the bottom temperature is below 120, the bottom heater is turned on.
    • From 1:00 a.m. to 6:00 a.m. if any temperature is below 160, the top heater is turned on.
    • At all other times, if any temperature is below 180, the top heater is turned on, but if the top temperature is below 140, both heaters are turned on.

(a) Write a formal specification for this controller in Z (correct syntax not essential). (20)

(b) Although this specification is quite simple, it is realistic. If you had this specification and an implementation in C, how would you go about testing the implementation? Pay atten- tion to the real-time elements of the problem and the other basic testing issues that make testing difficult. (10)

Page score

  1. The failure of the computer system for the hot water tank in the previous question could be very serious. If either heater is turned on and left on, the tank could explode. You decide to modify the software to include a safety kernel to make sure this does not happen.

(a) Concisely but fully explain the basic software system architecture of a safety kernel. (5)

(b) The safety policy you decide to enforce with the kernel is that all heaters must be off if any temperature sensor reads above 200 degrees. State this formally. (5)

(c) As a set of bullets, list the issues that you see in implementing a safety kernel to enforce this policy. (10)

(d) You are concerned about the possibility that one or more heaters could fail “on” and your computer would not be able to turn them off. You decide to connect an audible alarm to the system to warn building residents if any temperature reaches 205. Modify the formal specification from (b) to add this alarm capability. (10)

Page score

  1. Concisely explain what is meant by a safety case for a safety-critical system. (10)
  2. How is safety defined for a safety case? (5)
  3. Define a suitable top-level goal for a safety argument for the water heater system from ques- tion 3. (5)
  4. Critics have claimed that fault trees and safety arguments in the Goal Structuring Notation are basically the same thing. If this is the case, explain why. If not, explain why not. (10)

Page score

  1. Consider the following fragment of SPARK Ada code:

procedure divide (in x, y: integer; out z: integer) is begin z := 0; while x > y loop x := x - y; z := z + 1; end loop; end divide;

(a) State the precondition as SPARK Ada annotation(s). (5)

(b) State the postcondition as SPARK Ada annotation(s). (5)

(c) State the loop invariant as SPARK Ada annotations. (10)

(d) What are the two types of analysis that can be performed on properly annotated SPARK Ada programs? (5)

(e) The SPARK Ada annotation that documents data dependency (#defines) is supplying information much of which could be determined by a compiler. Why is this not left to a compiler (or similar tool)? (5)