Journal of Systems and Software
| Hi-index | 0.00 |
An established approach to achieve fault tolerance isto deploy multiple copies of the same functionality onmultiple processors to ensure that if one processor failsanother can provide the same functionality. This approachis known as replication. In spite of the number of studieson the topic, designing a replication pattern is still errorprone. This is due to the fact that its final behavior is theresult of the combination of design decisions that involvesreasoning about a collection of non-deterministic eventssuch as hardware failures and parallel computations. Inthis paper we present an approach to model replicationpatterns in the Architecture Analysis and Design Language(AADL) and analyze potentially unintended behaviors. Suchan approach takes advantage of the strong semantics ofAADL to model replication patterns at the architecture level.The approach involves developing two AADL models. Thefirst one defines the intended behavior in synchronous callsequences. And the second model describes the replicationarchitecture. These two models are then compared using adifferential model in Alloy [5] where the requirements of thefirst model and the concurrency and potential failure of thesecond are combined. The additional behaviors discoveredin this model are presented to the designer as potentialerrors in the design. The designer then has the opportunity tomodify the replication architecture to correct these behaviorsor qualify them as valid behaviors. Finally, we validated ourapproach by recreating the verification experiment presentedin [6] but limiting ourselves to the AADL syntax.