Safeware: system safety and computers
Safeware: system safety and computers
Problem frames: analyzing and structuring software development problems
Problem frames: analyzing and structuring software development problems
Safety Critical Computer Systems
Safety Critical Computer Systems
A Discipline of Programming
Fault Tolerance: Principles and Practice
Fault Tolerance: Principles and Practice
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Threshold and Bounded-Delay Voting in Critical Control Systems
FTRTFT '00 Proceedings of the 6th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems
Modeling Faults of Distributed, Reactive Systems
FTRTFT '00 Proceedings of the 6th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems
Action Systems with Synchronous Communication
PROCOMET '94 Proceedings of the IFIP TC2/WG2.1/WG2.2/WG2.3 Working Conference on Programming Concepts, Methods and Calculi
An Action System Approach to the Steam Boiler Problem
Formal Methods for Industrial Applications, Specifying and Programming the Steam Boiler Control (the book grow out of a Dagstuhl Seminar, June 1995).
Introducing Dynamic Constraints in B
B '98 Proceedings of the Second International B Conference on Recent Advances in the Development and Use of the B Method
Software Fault Tolerance: A Tutorial
Software Fault Tolerance: A Tutorial
Patterns for Fault Tolerant Software
Patterns for Fault Tolerant Software
Deriving specifications for systems that are connected to the physical world
Formal methods and hybrid real-time systems
Compositional action system derivation using enforced properties
MPC'10 Proceedings of the 10th international conference on Mathematics of program construction
Deriving real-time action systems in a sampling logic
Science of Computer Programming
Hi-index | 0.01 |
Control programs for safety-critical systems are required to tolerate faults in the devices they control. In this paper we examine a systematic approach to devising code to detect faulty devices at runtime. The approach is centred around the use of integrity constraints , which are invariants on the state of a system's variables, including its inputs and outputs. Under normal operation integrity constraints should always hold, but they are designed to fail to hold if there is a fault. By adding variables to capture the previous state of variables or the time of significant events, additional integrity constraints can be devised to check for faults in state transitions or faults with the rate of progress of the system. We discuss techniques for devising integrity constraints as well as efficiently evaluating the constraints. When an error is detected via the failure of an integrity constraint, the integrity constraint(s) that failed can help diagnose the likely fault. The techniques are presented by way of a simple case study of controller software written in the action system style, but the approach is equally applicable to other state machine approaches such as Event-B and TLA.