Decide if the application of fault tolerant patterns do not change the functionality of the original system. Our work. First steps towards a general framework for ...
Behavioural preservation in fault tolerant patterns Diego Dias and Juliano Iyoda
´ Centro de Informatica / UFPE ˜ Paulo-SP, Brazil SBMF 2011, Sao
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
1 / 30
Agenda
Agenda
Overview Fault Tolerant Patterns Specification Case Study Conclusion and Future Work
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
2 / 30
Overview
Overview
There are several ways to introduce replication These design patterns are widely used in industry We call them here fault tolerant patterns
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
3 / 30
Overview
Overview
The problem Decide if the application of fault tolerant patterns do not change the functionality of the original system.
Our work First steps towards a general framework for proving correctness Separation of concerns: failure rates and functional behaviour Even fault tolerant patterns may fail (randomly) Compositional theorems Formalisation in HOL4
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
4 / 30
Overview
Overview
The problem Decide if the application of fault tolerant patterns do not change the functionality of the original system.
Our work First steps towards a general framework for proving correctness Separation of concerns: failure rates and functional behaviour Even fault tolerant patterns may fail (randomly) Compositional theorems Formalisation in HOL4
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
4 / 30
Overview
Overview
The problem Decide if the application of fault tolerant patterns do not change the functionality of the original system.
Our work First steps towards a general framework for proving correctness Separation of concerns: failure rates and functional behaviour Even fault tolerant patterns may fail (randomly) Compositional theorems Formalisation in HOL4
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
4 / 30
Overview
Overview
The problem Decide if the application of fault tolerant patterns do not change the functionality of the original system.
Our work First steps towards a general framework for proving correctness Separation of concerns: failure rates and functional behaviour Even fault tolerant patterns may fail (randomly) Compositional theorems Formalisation in HOL4
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
4 / 30
Overview
Overview
The problem Decide if the application of fault tolerant patterns do not change the functionality of the original system.
Our work First steps towards a general framework for proving correctness Separation of concerns: failure rates and functional behaviour Even fault tolerant patterns may fail (randomly) Compositional theorems Formalisation in HOL4
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
4 / 30
Overview
Overview
The problem Decide if the application of fault tolerant patterns do not change the functionality of the original system.
Our work First steps towards a general framework for proving correctness Separation of concerns: failure rates and functional behaviour Even fault tolerant patterns may fail (randomly) Compositional theorems Formalisation in HOL4
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
4 / 30
Overview
Overview
The problem Decide if the application of fault tolerant patterns do not change the functionality of the original system.
Our work First steps towards a general framework for proving correctness Separation of concerns: failure rates and functional behaviour Even fault tolerant patterns may fail (randomly) Compositional theorems Formalisation in HOL4
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
4 / 30
Overview
Overview
The problem Decide if the application of fault tolerant patterns do not change the functionality of the original system.
Our work First steps towards a general framework for proving correctness Separation of concerns: failure rates and functional behaviour Even fault tolerant patterns may fail (randomly) Compositional theorems Formalisation in HOL4
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
4 / 30
Fault Tolerant Patterns
Fault Tolerance
Exploits and manages redundancy Redundancy: having more resources than necessary To mask or otherwise work around failures We formalised 3 fault tolerant patterns Homogeneous redundancy Heterogeneous redundancy Triple modular redundancy.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
5 / 30
Fault Tolerant Patterns
Fault Tolerance
Exploits and manages redundancy Redundancy: having more resources than necessary To mask or otherwise work around failures We formalised 3 fault tolerant patterns Homogeneous redundancy Heterogeneous redundancy Triple modular redundancy.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
5 / 30
Fault Tolerant Patterns
Fault Tolerance
Exploits and manages redundancy Redundancy: having more resources than necessary To mask or otherwise work around failures We formalised 3 fault tolerant patterns Homogeneous redundancy Heterogeneous redundancy Triple modular redundancy.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
5 / 30
Fault Tolerant Patterns
Fault Tolerance
Exploits and manages redundancy Redundancy: having more resources than necessary To mask or otherwise work around failures We formalised 3 fault tolerant patterns Homogeneous redundancy Heterogeneous redundancy Triple modular redundancy.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
5 / 30
Fault Tolerant Patterns
Fault Tolerance
Exploits and manages redundancy Redundancy: having more resources than necessary To mask or otherwise work around failures We formalised 3 fault tolerant patterns Homogeneous redundancy Heterogeneous redundancy Triple modular redundancy.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
5 / 30
Fault Tolerant Patterns
Fault Tolerance
Exploits and manages redundancy Redundancy: having more resources than necessary To mask or otherwise work around failures We formalised 3 fault tolerant patterns Homogeneous redundancy Heterogeneous redundancy Triple modular redundancy.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
5 / 30
Fault Tolerant Patterns
Fault Tolerance
Exploits and manages redundancy Redundancy: having more resources than necessary To mask or otherwise work around failures We formalised 3 fault tolerant patterns Homogeneous redundancy Heterogeneous redundancy Triple modular redundancy.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
5 / 30
Fault Tolerant Patterns
Homogeneous Redundancy Duplicate the original system Systems operate in parallel Replicas are exactly the same Addresses random failures
inp1 inp
System
System1
out1
out
Monitor inp2
System2
out
out2
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
6 / 30
Fault Tolerant Patterns
Homogeneous Redundancy Duplicate the original system Systems operate in parallel Replicas are exactly the same Addresses random failures
inp1 inp
System
System1
out1
out
Monitor inp2
System2
out
out2
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
6 / 30
Fault Tolerant Patterns
Homogeneous Redundancy Duplicate the original system Systems operate in parallel Replicas are exactly the same Addresses random failures
inp1 inp
System
System1
out1
out
Monitor inp2
System2
out
out2
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
6 / 30
Fault Tolerant Patterns
Homogeneous Redundancy Duplicate the original system Systems operate in parallel Replicas are exactly the same Addresses random failures
inp1 inp
System
System1
out1
out
Monitor inp2
System2
out
out2
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
6 / 30
Fault Tolerant Patterns
Heterogenous Redundancy Extends homogeneous redundancy Dissimilar systems Systems operate in parallel Addresses random and systematic failures
inp1 inp
System
System1
out1
out
Monitor inp2
System2
out
out2
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
7 / 30
Fault Tolerant Patterns
Heterogenous Redundancy Extends homogeneous redundancy Dissimilar systems Systems operate in parallel Addresses random and systematic failures
inp1 inp
System
System1
out1
out
Monitor inp2
System2
out
out2
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
7 / 30
Fault Tolerant Patterns
Heterogenous Redundancy Extends homogeneous redundancy Dissimilar systems Systems operate in parallel Addresses random and systematic failures
inp1 inp
System
System1
out1
out
Monitor inp2
System2
out
out2
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
7 / 30
Fault Tolerant Patterns
Heterogenous Redundancy Extends homogeneous redundancy Dissimilar systems Systems operate in parallel Addresses random and systematic failures
inp1 inp
System
System1
out1
out
Monitor inp2
System2
out
out2
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
7 / 30
Fault Tolerant Patterns
Triple Modular Redundancy Original system is tripled The systems operate in parallel Voter compares and computes the average of the parts Addresses random failures (2)
inp1
inp
System
out
inp2
inp3
System1
System2
System3
out1
out2
Voter
out
out3
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
8 / 30
Fault Tolerant Patterns
Triple Modular Redundancy Original system is tripled The systems operate in parallel Voter compares and computes the average of the parts Addresses random failures (2)
inp1
inp
System
out
inp2
inp3
System1
System2
System3
out1
out2
Voter
out
out3
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
8 / 30
Fault Tolerant Patterns
Triple Modular Redundancy Original system is tripled The systems operate in parallel Voter compares and computes the average of the parts Addresses random failures (2)
inp1
inp
System
out
inp2
inp3
System1
System2
System3
out1
out2
Voter
out
out3
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
8 / 30
Fault Tolerant Patterns
Triple Modular Redundancy Original system is tripled The systems operate in parallel Voter compares and computes the average of the parts Addresses random failures (2)
inp1
inp
System
out
inp2
inp3
System1
System2
System3
out1
out2
Voter
out
out3
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
8 / 30
Specification
Methodology
Modelled in HOL a Simulink-like system Specification and implementation of a generic system. Specified fault tolerant patterns Proved theorems about the behaviour of the patterns Checked if the patterns preserve the behaviour of the original system
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
9 / 30
Specification
Methodology
Modelled in HOL a Simulink-like system Specification and implementation of a generic system. Specified fault tolerant patterns Proved theorems about the behaviour of the patterns Checked if the patterns preserve the behaviour of the original system
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
9 / 30
Specification
Methodology
Modelled in HOL a Simulink-like system Specification and implementation of a generic system. Specified fault tolerant patterns Proved theorems about the behaviour of the patterns Checked if the patterns preserve the behaviour of the original system
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
9 / 30
Specification
Methodology
Modelled in HOL a Simulink-like system Specification and implementation of a generic system. Specified fault tolerant patterns Proved theorems about the behaviour of the patterns Checked if the patterns preserve the behaviour of the original system
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
9 / 30
Specification
Methodology
Modelled in HOL a Simulink-like system Specification and implementation of a generic system. Specified fault tolerant patterns Proved theorems about the behaviour of the patterns Checked if the patterns preserve the behaviour of the original system
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
9 / 30
Specification
How is hardware specified in HOL?
input
INC
output
INC(input, output) = ∀ t. output t = (input t) + 1
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
10 / 30
Specification
Specification
Introducing random errors Signals are functions from time to α option The type α option is either NONE or SOME(v) A value NONE is never transformed into SOME( ) A value SOME( ) can be transformed into NONE Example: num is the natural numbers in HOL. num option can be NONE, SOME(0), SOME(200) etc.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
11 / 30
Specification
Specification
Introducing random errors Signals are functions from time to α option The type α option is either NONE or SOME(v) A value NONE is never transformed into SOME( ) A value SOME( ) can be transformed into NONE Example: num is the natural numbers in HOL. num option can be NONE, SOME(0), SOME(200) etc.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
11 / 30
Specification
Specification
Introducing random errors Signals are functions from time to α option The type α option is either NONE or SOME(v) A value NONE is never transformed into SOME( ) A value SOME( ) can be transformed into NONE Example: num is the natural numbers in HOL. num option can be NONE, SOME(0), SOME(200) etc.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
11 / 30
Specification
Specification
Introducing random errors Signals are functions from time to α option The type α option is either NONE or SOME(v) A value NONE is never transformed into SOME( ) A value SOME( ) can be transformed into NONE Example: num is the natural numbers in HOL. num option can be NONE, SOME(0), SOME(200) etc.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
11 / 30
Specification
Specification
Introducing random errors Signals are functions from time to α option The type α option is either NONE or SOME(v) A value NONE is never transformed into SOME( ) A value SOME( ) can be transformed into NONE Example: num is the natural numbers in HOL. num option can be NONE, SOME(0), SOME(200) etc.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
11 / 30
Specification
Specification
Introducing random errors Signals are functions from time to α option The type α option is either NONE or SOME(v) A value NONE is never transformed into SOME( ) A value SOME( ) can be transformed into NONE Example: num is the natural numbers in HOL. num option can be NONE, SOME(0), SOME(200) etc.
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
11 / 30
Specification
Specification
A system computes a function with some delay is amenable to random failures
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
12 / 30
Specification
Specification
SYSTEM d e f (inp, out) = ∀ t. out (t + d) = if (IS NONE(inp t) ∨ e(t)) then NONE else SOME(f t (THE(inp t)))
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
13 / 30
Specification
Specification
DEL d (inp, out) = ∀ t. out(t + d) = inp t
inp
DEL d
out
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
14 / 30
Specification
Specification
COMB f (inp, out) = ∀ t. out t = if IS NONE(inp t) then NONE else SOME(f t (THE(inp t)))
inp
COMB f
out
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
15 / 30
Specification
Specification
ERROR e (inp, out) = ∀ t. out t = if e(t) then NONE else (inp t)
inp
ERROR e
out
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
16 / 30
Specification
Specification
BLOCK d e f (inp, out) = ∃ out1, out2. ERROR e (inp, out1) ∧ COMB f (out1, out2) ∧ DEL d (out2, out)
inp
ERROR e
COMB f
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
DEL d
out
17 / 30
Specification
Specification
BLOCK implements SYSTEM.
` BLOCK d e f (inp, out) → SYSTEM d e f (inp, out)
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
18 / 30
Specification
Specification HR d e S1 S2 (inp, out) = ∃ outsys1, outsys2, outbus, inpsys1, inpsys2. MUX (inp, (inpsys1, inpsys2)) ∧ S1(inpsys1, outsys1) ∧ S2(inpsys2, outsys2) ∧ BUS((outsys1, outsys2), outbus) ∧ BLOCK d e MONITOR (outbus, out)
S1
inp
inp1 ,inp2
BUS
MUX
BLOCK d e MONITOR
out
S2
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
19 / 30
Specification
Specification Theorem. if
I1
implements a SYSTEM that computes f(inp 1)
I2
implements a SYSTEM that computes f(inp2)
˄
then HR
I1
I2
implements a SYSTEM that computes f(inp1) OR f(inp2)
` ∀ I1, I2, d, e1, e2, f , dm, em, inp, out. (∀ inp, out. I1 (inp, out) → SYSTEM d e1 f (inp, out)) ∧ (∀ inp, out. I2 (inp, out) → SYSTEM d e2 f (inp, out)) → (HR dm em I1 I2 (inp, out) → SYSTEM (d+dm) (E e1 e2 em d inp) (FHR f e1) (inp, out))
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
20 / 30
Specification
Specification
FHR f e t inp = if IS NONE(FST (inp)) ∨ e(t) then (f t)(THE(SND(inp))) else (f t)(THE(FST (inp)))
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
21 / 30
Specification
Similarly to Homogeneous Redundancy Theorem. if
I1
implements a SYSTEM that computes f1(inp1)
I2
implements a SYSTEM that computes f2(inp2)
˄
then HetR
I1
I2
implements a SYSTEM that computes f1(inp1) OR f2(inp2)
` ∀ I1, I2, d, e1, e2, f 1, f 2, dm, em, inp, out. (∀ inp, out. I1(inp, out) → SYSTEM d e1 f 1 (inp, out)) ∧ (∀ inp, out. I2(inp, out) → SYSTEM d e2 f 2 (inp, out)) → (HetR dm em I1 I2 (inp, out) → SYSTEM (d+dm) (E . . .) (FHetR f 1 f 2 e1) (inp, out))
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
22 / 30
Specification
Triple Modular Redundancy Theorem. if
I1
implements a SYSTEM that computes f(inp 1)
˄
I2
implements a SYSTEM that computes f(inp2)
˄
I3
implements a SYSTEM that computes f(inp3)
b
then implements a SYSTEM that computes
TMR
I1
I2
I3
f inp 1 f inp 2 f inp 3 3
` ∀ f , I1, I2, I3, e1, e2, e3, d, dv , ev , inp, out. (∀ inp, out. I1 (inp, out) → SYSTEM d e1 f (inp, out))∧ (∀ inp, out. I2 (inp, out) → SYSTEM d e2 f (inp, out))∧ (∀ inp, out. I3 (inp, out) → SYSTEM d e3 f (inp, out)) → (TMR dv ev I1 I2 I3 (inp, out) → SYSTEM (dv +d) (ETMR . . .) (FTMR e1 e2 e3 f ) (inp, out)) Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
23 / 30
Case Study
Case Study: Elevator Control System
Elevators surface control the aircraf’s orientation by changing the up-and-down movement of the aircraft’s nose (pitch). The original model is a Simulink diagram (translated as a HOL4 function) Several details were abstracted for conciseness We assume the translation is correct
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
24 / 30
Case Study
Case Study: Elevator Control System
Elevators surface control the aircraf’s orientation by changing the up-and-down movement of the aircraft’s nose (pitch). The original model is a Simulink diagram (translated as a HOL4 function) Several details were abstracted for conciseness We assume the translation is correct
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
24 / 30
Case Study
Case Study: Elevator Control System
Elevators surface control the aircraf’s orientation by changing the up-and-down movement of the aircraft’s nose (pitch). The original model is a Simulink diagram (translated as a HOL4 function) Several details were abstracted for conciseness We assume the translation is correct
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
24 / 30
Case Study
Case Study: Elevator Control System
Elevators surface control the aircraf’s orientation by changing the up-and-down movement of the aircraft’s nose (pitch). The original model is a Simulink diagram (translated as a HOL4 function) Several details were abstracted for conciseness We assume the translation is correct
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
24 / 30
Case Study
Case Study: Elevator Control System The elevator controller takes as input values from several sensors and outputs the command to the elevator. elevator t (PitchRate, Flap, WOW , LongSideStick, PitchRate Voted) = let out lpf = low pass filter (1, PitchRate)in let out cpt = compensator (1/2, 1/4, out lpf )in let out gfe = Gain(−150, out cpt)in let out gfc = Gain(−67, out cpt)in let out sth = SwitchThreshold(1/2, Flap, out gfe, out gfc)in let out not = NOT (WOW )in let out and = AND(out not, PitchRate Voted)in ... let out str = ElevSaturation(−25, 25, out sum) in out str
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
25 / 30
Case Study
Case Study: Elevator Control System
A BLOCK that computes the function elevator is a SYSTEM. ` ∀ d e inp out. BLOCK d e elevator (inp, out) → SYSTEM d e elevator (inp, out)
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
26 / 30
Case Study
Case Study: Elevator Control System
In a similar way... ` ∀ d, e1, e2, e3, ev , dv , inp, out. TMR dv ev (BLOCK d e1 elevator ) (BLOCK d e2 elevator ) (BLOCK d e3 elevator ) (inp, out) → SYSTEM (dv + d) (ETMR e1 e2 e3 ev d inp) (FTMR e1 e2 e3 elevator ) (inp, out)
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
27 / 30
Case Study
Case Study: Illustrating pattern’s composition
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
28 / 30
Conclusion and Future Work
Conclusion
A compositional model of fault tolerant patterns All patterns implement a SYSTEM (proved in HOL4) Patterns perform essentially the same computation of their parts
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
29 / 30
Conclusion and Future Work
Conclusion
A compositional model of fault tolerant patterns All patterns implement a SYSTEM (proved in HOL4) Patterns perform essentially the same computation of their parts
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
29 / 30
Conclusion and Future Work
Conclusion
A compositional model of fault tolerant patterns All patterns implement a SYSTEM (proved in HOL4) Patterns perform essentially the same computation of their parts
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
29 / 30
Conclusion and Future Work
Future Work
Formalise new notions of behavioural preservation Model generic block diagrams Provide inter-system comunication Allow non-deterministic computations Verify the correctness of industrial fault tolerant patterns
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
30 / 30
Conclusion and Future Work
Future Work
Formalise new notions of behavioural preservation Model generic block diagrams Provide inter-system comunication Allow non-deterministic computations Verify the correctness of industrial fault tolerant patterns
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
30 / 30
Conclusion and Future Work
Future Work
Formalise new notions of behavioural preservation Model generic block diagrams Provide inter-system comunication Allow non-deterministic computations Verify the correctness of industrial fault tolerant patterns
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
30 / 30
Conclusion and Future Work
Future Work
Formalise new notions of behavioural preservation Model generic block diagrams Provide inter-system comunication Allow non-deterministic computations Verify the correctness of industrial fault tolerant patterns
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
30 / 30
Conclusion and Future Work
Future Work
Formalise new notions of behavioural preservation Model generic block diagrams Provide inter-system comunication Allow non-deterministic computations Verify the correctness of industrial fault tolerant patterns
Diego Dias and Juliano Iyoda (CIn/UFPE) Behavioural preservation in FT Patterns
30 / 30
