Model-based construction and verification of critical systems using composition and partial refinement
| Autor: | Elizabeth I. Leonard, Myla Archer, Constance L. Heitmeyer, Ralph D. Jeffords |
|---|---|
| Rok vydání: | 2010 |
| Předmět: |
State variable
Finite-state machine Theoretical computer science Correctness Computer science business.industry Software development Fault tolerance Theoretical Computer Science System model Automated theorem proving Hardware and Architecture Formal specification Component-based software engineering business Algorithm Software |
| Zdroj: | Formal Methods in System Design. 37:265-294 |
| ISSN: | 1572-8102 0925-9856 |
| Popis: | This article introduces a new model-based method for incrementally constructing critical systems and illustrates its application to the development of fault-tolerant systems. The method relies on a special form of composition to combine software components and a set of proof rules to obtain high confidence of the correctness of the composed system. As in conventional component-based software development, two (or more) components are combined, but in contrast to many component-based approaches used in practice, which combine components consisting of code, our method combines components represented as state machine models. In the first phase of the method, a model is developed of the normal system behavior, and system properties are shown to hold in the model. In the second phase, a model of the required fault-handling behavior is developed and "or-composed" with the original system model to create a fault-tolerant extension which is, by construction, "fully faithful" (every execution possible in the normal system is possible in the fault-tolerant system). To model the fault-handling behavior, the set of states of the normal system model is extended through new state variables and new ranges for some existing state variables, and new fault-handling transitions are defined. Once constructed, the fault-tolerant extension is shown, using a set of property inheritance and compositional proof rules, to satisfy both the overall system properties, typically weakened, and selected fault-tolerance properties. These rules can often be used to verify the properties automatically. To provide a formal foundation for the method, formal notions of or-composition, partial refinement, fault-tolerant extension, and full faithfulness are introduced. To demonstrate and validate the method, we describe its application to a real-world, fault-tolerant avionics system. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full text from SpringerLink