FTOS-Verify: Analysis and Verification of Non-Functional Properties for Fault-Tolerant Systems

Abstract: The focus of the tool FTOS is to alleviate designers' burden by offering code generation for non-functional aspects including fault-tolerance mechanisms. One crucial aspect in this context is to ensure that user-selected mechanisms for the system model are sufficient to resist faults as specified in the underlying fault hypothesis. In this paper, formal approaches in verification are proposed to assist the claim. We first raise the precision of FTOS into pure mathematical constructs, and formulate the determin… Show more

“…This brings semantic incompatibility between different deployments. To solve these problems, we thus propose the concept called deterministic assumption [6]. Intuitively, the goal is to assume that the implementation of fault tolerance mechanisms will always provide a consistent view for all correct machines regardless of deadline violation and scheduling issues.…”

“…Our theoretical foundation enables us to construct a concise model with huge benefits 3 . For this phase, the mathematical formulation and the proof of theorems are stated in [6]; it will not be the focus of this paper.…”

“…Starting from the textual description of the fault model, we can construct the set of deadline requirements i (q i , q i , T i ) for the system model S. Intuitively this means that for all runs entering the location q i , it must subsequently enter q i within at most T i time units. Based on above definitions, we sketch the algorithm 6 how to generate the verification model from the system model as follows: forall deadline requirements (qi, q i , Ti), qi ∈ Qi, /* add new clock and new variable for testing */ ê := ê • λX.clock add(X, ci). ê := ê • λX.var add(X, vi).…”

Modeling and Verification for Timing Satisfaction of Fault-Tolerant Systems with Finiteness

“…This brings semantic incompatibility between different deployments. To solve these problems, we thus propose the concept called deterministic assumption [6]. Intuitively, the goal is to assume that the implementation of fault tolerance mechanisms will always provide a consistent view for all correct machines regardless of deadline violation and scheduling issues.…”

“…Our theoretical foundation enables us to construct a concise model with huge benefits 3 . For this phase, the mathematical formulation and the proof of theorems are stated in [6]; it will not be the focus of this paper.…”

“…Starting from the textual description of the fault model, we can construct the set of deadline requirements i (q i , q i , T i ) for the system model S. Intuitively this means that for all runs entering the location q i , it must subsequently enter q i within at most T i time units. Based on above definitions, we sketch the algorithm 6 how to generate the verification model from the system model as follows: forall deadline requirements (qi, q i , Ti), qi ∈ Qi, /* add new clock and new variable for testing */ ê := ê • λX.clock add(X, ci). ê := ê • λX.var add(X, vi).…”

Modeling and Verification for Timing Satisfaction of Fault-Tolerant Systems with Finiteness