Design and Verification of Fault-Tolerant Components

We present a systematic approach to design and verification of fault-tolerant components with real-time properties as found in embedded systems. A state machine model of the correct component is augmented with internal transitions that represent hypothesized faults. Also, constraints on the occurrence or timing of faults are included in this model. This model of a faulty component is then extended with fault detection and recovery mechanisms, again in the form of state machines. Desired properties of the component are model checked for each of the successive models. The models can be made relatively detailed such that they can serve directly as blueprints for engineering, and yet be amenable to exhaustive verification. The approach is illustrated with a design of a triple modular fault-tolerant system that is a real case we received from our collaborators in the aerospace field. We use UPPAAL to model and check this design. Model checking uses concrete parameters, so we extend the result with parametric analysis using abstractions of the automata in a rigorous verification.

[1]  Barry W. Johnson Design & analysis of fault tolerant digital systems , 1988 .

[2]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[3]  Martín Abadi,et al.  The Existence of Refinement Mappings , 1988, LICS.

[4]  R. Ramaswami,et al.  Book Review: Design and Analysis of Fault-Tolerant Digital Systems , 1990 .

[5]  D. E. Long,et al.  Model checking and abstraction , 1992, POPL '92.

[6]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[7]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[8]  Mathai Joseph,et al.  Verification of fault tolerance and real time , 1996, Proceedings of Annual Symposium on Fault Tolerant Computing.

[9]  Orna Grumberg,et al.  Abstract interpretation of reactive systems , 1997, TOPL.

[10]  Gerard J. Holzmann,et al.  Validating requirements for fault tolerant systems using model checking , 1998, Proceedings of IEEE International Symposium on Requirements Engineering: RE '98.

[11]  Frits W. Vaandrager,et al.  Root Contention in IEEE 1394 , 1999, ARTS.

[12]  Mathai Joseph,et al.  Specification and verification of fault-tolerance, timing, and scheduling , 1999, TOPL.

[13]  Stephen Gilmore,et al.  Specifying Performance Measures for PEPA , 1999, ARTS.

[14]  Frits W. Vaandrager,et al.  Verification of a Leader Election Protocol: Formal Methods Applied to IEEE 1394 , 2000, Formal Methods Syst. Des..

[15]  Brian Randell,et al.  Fundamental Concepts of Dependability , 2000 .

[16]  Kim G. Larsen,et al.  Scaling up Uppaal Automatic Verification of Real-Time Systems Using Compositionality and Abstraction , 2000, FTRTFT.

[17]  Mariëlle Stoelinga,et al.  Mechanical verification of the IEEE 1394a root contention protocol using Uppaal2k , 2001, International Journal on Software Tools for Technology Transfer.

[18]  Karen Yorav,et al.  Exploiting syntactic structure for automatic verification , 2000 .

[19]  Joost-Pieter Katoen,et al.  A probabilistic extension of UML statecharts: Specification and Verification. , 2002 .

[20]  Patrick Cousot,et al.  On Abstraction in Software Verification , 2002, CAV.

[21]  Stefania Gnesi,et al.  Model checking fault tolerant systems , 2002, Softw. Test. Verification Reliab..

[22]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[23]  Joseph Sifakis,et al.  Tools and Applications II: The IF Toolset , 2004 .

[24]  Kim Guldstrand Larsen,et al.  Formal Methods for the Design of Real-Time Systems , 2004, Lecture Notes in Computer Science.

[25]  Gabriele Lenzini,et al.  Logical Specification and Analysis of Fault Tolerant Systems Through Partial Model Checking , 2005, SVV@ICLP.

[26]  Frits W. Vaandrager,et al.  Analysis of the zeroconf protocol using UPPAAL , 2006, EMSOFT '06.

[27]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.