Model Checking a Fault-Tolerant Startup Algorithm: From Design Exploration To Exhaustive Fault Simulation

Authors:
Wilfried Steiner;John Rushby;Maria Sorea;Holger Pfeifer
Affiliations:
Technische Universität Wien, Austria;SRI International, USA;Universität Ulm, Germany;Universität Ulm, Germany
Venue:
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Year:
2004

Citing 0
Cited 9

The TTA's Approach to Resilience after Transient Upsets

Real-Time Systems
Parametric Verification of a Group Membership Algorithm

Theory and Practice of Logic Programming
Role-Based Symmetry Reduction of Fault-Tolerant Distributed Protocols with Language Support

ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Safety verification of an aircraft landing protocol: a refinement approach

HSCC'07 Proceedings of the 10th international conference on Hybrid systems: computation and control
Capturing conflict and confusion in CSP

IFM'07 Proceedings of the 6th international conference on Integrated formal methods
Advancements in dependable time-triggered communication

SEUS'07 Proceedings of the 5th IFIP WG 10.2 international conference on Software technologies for embedded and ubiquitous systems
Achieving fault tolerance by a formally validated interaction policy

Rigorous Development of Complex Fault-Tolerant Systems
Probabilistic compositional reasoning for guaranteeing fault tolerance properties

OPODIS'11 Proceedings of the 15th international conference on Principles of Distributed Systems
Brief announcement: parameterized model checking of fault-tolerant distributed algorithms by abstraction

Proceedings of the 2013 ACM symposium on Principles of distributed computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The increasing performance of modern model-checkingtools offers high potential for the computer-aided designof fault-tolerant algorithms. Instead of relying on humanimagination to generate taxing failure scenarios to probea fault-tolerant algorithm during development, we definethe fault behavior of a faulty process at its interfaces tothe remaining system and use model checking to automaticallyexamine all possible failure scenarios. We call this approach"exhaustive fault simulation". In this paper we illustrateexhaustive fault simulation using a new startup algorithmfor the Time-Triggered Architecture (TTA) and showthat this approach is fast enough to be deployed in the designloop. We use the SAL toolset from SRI for our experimentsand describe an approach to modeling and analyzingfault-tolerant algorithms that exploits the capabilities oftools such as this.