A distributed object-oriented framework for dependable multiparty interactions
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Concurrent Exception Handling and Resolution in Distributed Object Systems
IEEE Transactions on Parallel and Distributed Systems
Coordinated atomic actions: how to remain ACID in the modern world
ACM SIGSOFT Software Engineering Notes
ACM SIGOPS Operating Systems Review
Rigorous Development of an Embedded Fault-Tolerant System Based on Coordinated Atomic Actions
IEEE Transactions on Computers - Special issue on fault-tolerant embedded systems
Implementing transactions using Ada exceptions: which features are missing?
ACM SIGAda Ada Letters - Exception handling for a 21st century programming language proceedings
Action-oriented exception handling in cooperative and competitive concurrent object-oriented systems
Advances in exception handling techniques
Modelling Coordinated Atomic Actions in Timed CSP
FTRTFT '00 Proceedings of the 6th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems
Action-Oriented Exception Handling in Cooperative and Competitive Concurrent Object-Oriented Systems
Advances in Exception Handling Techniques (the book grow out of a ECOOP 2000 workshop)
Analysing failure behaviours in component interaction
Journal of Systems and Software
The Guardian Model and Primitives for Exception Handling in Distributed Systems
IEEE Transactions on Software Engineering
Architectural reconfiguration using coordinated atomic actions
Proceedings of the 2006 international workshop on Self-adaptation and self-managing systems
Improving reliability of cooperative concurrent systems with exception flow analysis
Journal of Systems and Software
Requirements modeling for embedded realtime systems
MBEERTS'07 Proceedings of the 2007 International Dagstuhl conference on Model-based engineering of embedded real-time systems
| Hi-index | 0.00 |
This paper describes our experience using coordinated atomic (CA) actions as a system structuring tool to design and validate a sophisticated control system for a complex industrial application that has high reliability and safety requirements. Our study is based on an extended production cell model, the specification and simulator for which were defined and developed by FZI (Forschungszentrum Informatik, Germany). This "Fault-Tolerant Production Cell" represents a manufacturing process involving redundant mechanical devices (provided in order to enable continued production in the presence of machine faults). The challenge posed by the model specification is to design a control system that maintains specified safety and liveness properties even in the presence of a large number and variety of device and sensor failures. Based on an analysis of possible such failures, we provide in this paper details of: i) a design for a control program that uses CA actions to deal with both safety-related and fault tolerance concerns, and ii) the formal verification of this design based on the use of model-checking. We found that CA action structuring facilitated both the design and verification tasks by enabling the various safety problems (e.g. clashes of moving machinery) to be treated independently. The formal verification activity was performed in parallel with the design activity and the interaction between them resulted in a combined exercise in "design for validation"; formal verification was very valuable in identifying some very subtle residual bugs in early versions of our design which would have been difficult to detect otherwise.