An experimental evaluation of the assumption of independence in multiversion programming
IEEE Transactions on Software Engineering
Supervisory control of a class of discrete event processes
SIAM Journal on Control and Optimization
Data Diversity: An Approach to Software Fault Tolerance
IEEE Transactions on Computers - Fault-Tolerant Computing
Handbook of theoretical computer science (vol. B)
A temporal logic approach to discrete event control for the safety canonical class
Systems & Control Letters
Model checking
Modeling software design diversity: a review
ACM Computing Surveys (CSUR)
Software Fault Tolerance
Towards Research on Software Cybernetics
HASE '02 Proceedings of the 7th IEEE International Symposium on High Assurance Systems Engineering
An Overview of Software Cybernetics
STEP '03 Proceedings of the Eleventh Annual International Workshop on Software Technology and Engineering Practice
IEEE Transactions on Computers
Towards runtime optimization of software quality based on feedback control theory
Proceedings of the First Asia-Pacific Symposium on Internetware
| Hi-index | 0.00 |
Existing schemes for software fault-tolerance are based on the ideas of redundancy and diversity. Although being experimentally tested valid, existing fault-tolerant schemes are mainly ad hoc and lack theoretically rigorous foundation. They substantially increase software complexity and incur high development costs. They also impose challenges for real-time concurrent software systems where timing requirements may be stringent and faults in concurrent processes can propagate one another. In this paper we treat software fault-tolerance as a robust supervisory control (RSC) problem and propose a RSC approach to software fault-tolerance. In this approach the software component under consideration is treated as a controlled object that is modeled as a generalized Kripke structure or finite-state concurrent system, and an additional safety guarder or supervisor is synthesized and compounded to the software component to guarantee the correctness of the overall software system, which is aimed to satisfy a temporal logic (CTL*) formula, even if faults occur to the software component. The proposed RSC approach requires only a single version of software and is based on a theoretically rigorous foundation. It is essentially an approach of model construction and thus complementary to the approach of model checking. It is a contribution to the theory of supervisory control, software fault-tolerance as well as the emerging area of software cybernetics that explores the interplay between software and control.