Statecharts: A visual formalism for complex systems
Science of Computer Programming
The existence of refinement mappings
Theoretical Computer Science
ACM Transactions on Programming Languages and Systems (TOPLAS)
ACM Transactions on Programming Languages and Systems (TOPLAS)
Functional documents for computer systems
Science of Computer Programming
Completeness and Consistency in Hierarchical State-Based Requirements
IEEE Transactions on Software Engineering - Special issue: best papers of the 17th International Conference on Software Engineering (ICSE-17)
Automated consistency checking of requirements specifications
ACM Transactions on Software Engineering and Methodology (TOSEM)
Component Based Design of Multitolerant Systems
IEEE Transactions on Software Engineering
Synthesis of fault-tolerant concurrent programs
PODC '98 Proceedings of the seventeenth annual ACM symposium on Principles of distributed computing
Automatic generation of state invariants from requirements specifications
SIGSOFT '98/FSE-6 Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering
Specification and verification of fault-tolerance, timing, and scheduling
ACM Transactions on Programming Languages and Systems (TOPLAS)
Model checking
Using I/O automata for developing distributed systems
Foundations of component-based systems
Component Software: Beyond Object-Oriented Programming
Component Software: Beyond Object-Oriented Programming
Synchronous Programming of Reactive Systems
Synchronous Programming of Reactive Systems
A Discipline of Programming
Salsa: Combining Constraint Solvers with BDDs for Automatic Invariant Checking
TACAS '00 Proceedings of the 6th International Conference on Tools and Algorithms for Construction and Analysis of Systems: Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS 2000
Automating the Addition of Fault-Tolerance
FTRTFT '00 Proceedings of the 6th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems
Using Relative Refinement for Fault Tolerance
FME '93 Proceedings of the First International Symposium of Formal Methods Europe on Industrial-Strength Formal Methods
Abstract State Machines: A Method for High-Level System Design and Analysis
Abstract State Machines: A Method for High-Level System Design and Analysis
A strategy for efficiently verifying requirements
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Automatic synthesis of fault-tolerance
Automatic synthesis of fault-tolerance
Generating optimized code from SCR specifications
Proceedings of the 2006 ACM SIGPLAN/SIGBED conference on Language, compilers, and tool support for embedded systems
Model-driven Development of Complex Software: A Research Roadmap
FOSE '07 2007 Future of Software Engineering
Engineering and theoretical underpinnings of retrenchment
Science of Computer Programming
Applying Formal Methods to a Certifiably Secure Software System
IEEE Transactions on Software Engineering
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Aspect categories and classes of temporal properties
Transactions on Aspect-Oriented Software Development I
| Hi-index | 0.00 |
This article introduces a new model-based method for incrementally constructing critical systems and illustrates its application to the development of fault-tolerant systems. The method relies on a special form of composition to combine software components and a set of proof rules to obtain high confidence of the correctness of the composed system. As in conventional component-based software development, two (or more) components are combined, but in contrast to many component-based approaches used in practice, which combine components consisting of code, our method combines components represented as state machine models. In the first phase of the method, a model is developed of the normal system behavior, and system properties are shown to hold in the model. In the second phase, a model of the required fault-handling behavior is developed and "or-composed" with the original system model to create a fault-tolerant extension which is, by construction, "fully faithful" (every execution possible in the normal system is possible in the fault-tolerant system). To model the fault-handling behavior, the set of states of the normal system model is extended through new state variables and new ranges for some existing state variables, and new fault-handling transitions are defined. Once constructed, the fault-tolerant extension is shown, using a set of property inheritance and compositional proof rules, to satisfy both the overall system properties, typically weakened, and selected fault-tolerance properties. These rules can often be used to verify the properties automatically. To provide a formal foundation for the method, formal notions of or-composition, partial refinement, fault-tolerant extension, and full faithfulness are introduced. To demonstrate and validate the method, we describe its application to a real-world, fault-tolerant avionics system.