Abstract
It is widely agreed that building correct fault-tolerant systems is very difficult. To address this problem, this paper introduces a new model-based approach for developing masking fault-tolerant systems. As in component-based software development, two (or more) component specifications are developed, one implementing the required normal behavior and the other(s) the required fault-handling behavior. The specification of the required normal behavior is verified to satisfy system properties, whereas each specification of the required fault-handling behavior is shown to satisfy both system properties, typically weakened, and fault-tolerance properties, both of which can then be inferred of the composed fault-tolerant system. The paper presents the formal foundations of our approach, including a new notion of partial refinement and two compositional proof rules. To demonstrate and validate the approach, the paper applies it to a real-world avionics example.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M., Lamport, L.: The existence of refinement mappings. Theoretical Computer Science 82(2), 253–284 (1991)
Alpern, B., Schneider, F.B.: Defining liveness. Inf. Process. Lett. 21(4), 181–185 (1985)
Arora, A., Attie, P.C., Emerson, E.A.: Synthesis of fault-tolerant concurrent programs. In: Proc. PODC 1998, pp. 173–182 (1998)
Arora, A., Kulkarni, S.S.: Component based design of multitolerant systems. IEEE Trans. Softw. Eng. 24(1), 63–78 (1998)
Banach, R., Cross, R.: Safety requirements and fault trees using retrenchment. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 210–223. Springer, Heidelberg (2004)
Banach, R., Poppleton, M., Jeske, C., Stepney, S.: Engineering and theoretical underpinnings of retrenchment. Sci. Comput. Prog. 67, 301–329 (2007)
Bharadwaj, R., Heitmeyer, C.: Developing high assurance avionics systems with the SCR requirements method. In: Proc. 19th Digital Avionics Sys. Conf. (2000)
Bharadwaj, R., Sims, S.: Salsa: Combining constraint solvers with BDDs for automatic invariant checking. In: Schwartzbach, M.I., Graf, S. (eds.) TACAS 2000. LNCS, vol. 1785, p. 378. Springer, Heidelberg (2000)
Ebnenasir, A.: Automatic Synthesis of Fault-Tolerance. PhD thesis, Michigan State Univ., East Lansing, MI (2005)
Gärtner, F.C.: Transformational approaches to the specification and verification of fault-tolerant systems: Formal background and classification. J. Univ. Comput. Sci. 5(10) (1999)
Heitmeyer, C., Archer, M., Bharadwaj, R., Jeffords, R.: Tools for constructing requirements specifications: The SCR toolset at the age of ten. Computer Systems Science and Engineering 20(1), 19–35 (2005)
Heitmeyer, C.L., Jeffords, R.D., Labaw, B.G.: Automated consistency checking of requirements specifications. ACM Transactions on Software Engineering and Methodology 5(3), 231–261 (1996)
Heninger, K.L.: Specifying software requirements for complex systems: New techniques and their application. IEEE Trans. Softw. Eng. SE-6 (1980)
Jeffords, R., Heitmeyer, C.: Automatic generation of state invariants from requirements specifications. In: Proc. Sixth ACM SIGSOFT Symp. on Foundations of Software Eng. (1998)
Jeffords, R.D., Heitmeyer, C.L.: A strategy for efficiently verifying requirements. In: ESEC/FSE-11: Proc. 9th Euro. Softw. Eng. Conf./11th ACM SIGSOFT Int. Symp. on Foundations of Softw. Eng., pp. 28–37 (2003)
Katz, S.: Aspect categories and classes of temporal properties. In: Rashid, A., Aksit, M. (eds.) Transactions on Aspect-Oriented Software Development I. LNCS, vol. 3880, pp. 106–134. Springer, Heidelberg (2006)
Kiczales, G., Lamping, J., Medhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.-M., Irwin, J.: Aspect-oriented programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)
Kulkarni, S.S., Arora, A.: Automating the addition of fault-tolerance. In: Joseph, M. (ed.) FTRTFT 2000. LNCS, vol. 1926, pp. 82–93. Springer, Heidelberg (2000)
Liu, Z., Joseph, M.: Specification and verification of fault-tolerance, timing, and scheduling. ACM Trans. Program. Lang. Syst. 21(1), 46–89 (1999)
Miller, S.P., Tribble, A.: Extending the four-variable model to bridge the system-software gap. In: Proc. 20th Digital Avionics Sys. Conf. (October 2001)
Parnas, D.L., Madey, J.: Functional documentation for computer systems. Science of Computer Programming 25(1), 41–61 (1995)
Rothamel, T., Heitmeyer, C., Leonard, E., Liu, A.: Generating optimized code from SCR specifications. In: Proceedings, ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES 2006) (June 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jeffords, R., Heitmeyer, C., Archer, M., Leonard, E. (2009). A Formal Method for Developing Provably Correct Fault-Tolerant Systems Using Partial Refinement and Composition. In: Cavalcanti, A., Dams, D.R. (eds) FM 2009: Formal Methods. FM 2009. Lecture Notes in Computer Science, vol 5850. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05089-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-05089-3_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-05088-6
Online ISBN: 978-3-642-05089-3
eBook Packages: Computer ScienceComputer Science (R0)