Rigorous development of a safety-critical system based on coordinated atomic actions

Abstract: This paper describes our experience using coordinated atomic (CA) actions as a system structuring tool to design and validate a sophisticated control system for a complex industrial application that has high reliability and safety requirements. Our study is based on the "Fault-Tolerant Production Cell", which represents a manufacturing process involving redundant mechanical devices (provided in order to enable continued production in the presence of machine faults). The challenge posed by the model specificati… Show more

“…CAAs provide fault tolerance by means of cooperative exception handling and employ, where necessary, the action level abort as part of the more general exception handling. CAAs have been successfully used in several case studies (Di Marzo Serugendo et al, 1999;Romanovsky et al, 2003;Xu et al, 2002;) that demonstrate high usefulness and general applicability of the approach.…”

“…There has been a considerable work on formal description of CAAs, for example, using Temporal Logic (Xu et al, 2002), Timed CSP (Veloudis and Nissanke, 2000) and B (Tartanoglu et al, 2004). Here a clean formal high level description of the CAA behaviour is offered both to complement previous CAA formalisations and to be used by programmers as a reference to drive the CAA implementation phase.…”

Frameworks for designing and implementing dependable systems using Coordinated Atomic Actions: A comparative study

“…CAAs provide fault tolerance by means of cooperative exception handling and employ, where necessary, the action level abort as part of the more general exception handling. CAAs have been successfully used in several case studies (Di Marzo Serugendo et al, 1999;Romanovsky et al, 2003;Xu et al, 2002;) that demonstrate high usefulness and general applicability of the approach.…”

“…There has been a considerable work on formal description of CAAs, for example, using Temporal Logic (Xu et al, 2002), Timed CSP (Veloudis and Nissanke, 2000) and B (Tartanoglu et al, 2004). Here a clean formal high level description of the CAA behaviour is offered both to complement previous CAA formalisations and to be used by programmers as a reference to drive the CAA implementation phase.…”

Frameworks for designing and implementing dependable systems using Coordinated Atomic Actions: A comparative study

“…In [23] transactions are used as a tool for achieving atomic actions and use exceptions as a recovery tool in case a transaction fails. However, practice shows that exceptions are not practical for programming an alternative flow of the program in case of a failure [12].…”

Recovery oriented programming

“…by call intercepting, by incorporating each component into a container, etc.). Secondly, because all these technologies provide transactional services which can serve as a sound basis for developing CA action schemes [23,24,25]. And thirdly, because features are being developed to make it possible for CORBA, EJB and DCOM components to call each other or to incorporate a foreign component into a system.…”

“…When an action is not able to tolerate an error a failure exception is propagated to the containing action passing the responsibility for recovery to the higher system level and leaving the objects involved in the action execution in well-defined states, thus facilitating the recovery at the higher level. Significant experience has been gained in designing and implementing several applications using CA actions; in particular, a series of Production Cell case studies [25], including one in which faults of various production devices have to be tolerated [23] and one with real-time constraints [16]. In other experiments a distributed Internet Gamma computation [17] and an experimental Internet auction system [19] have been designed.…”

On applying coordinated atomic actions and dependable software architectures for developing complex systems