Formal development of reactive fault tolerant systems

Abstract

Usually complex systems are controlled by an operator co-operating with a computer-based controller. The controlling software runs in continuous interaction with the operator and constantly reacts on operator's interruptions by dynamically adapting system behaviour. Simultaneously it catches the exceptions signalling about errors in the system components and performs error recovery. Since interruptions are asynchronous signals they might concurrently co-exist and conflict with exceptions. To ensure dependability of a dynamically adaptable system, we propose a formal approach for resolving conflicts and designing robust interruption and exception handlers. We present a formal specification pattern for designing components of layered control systems that contain interruption and exception handlers as an intrinsic part of the specification. We demonstrate how to develop a layered control system by recursive application of this pattern. © Springer-Verlag Berlin Heidelberg 2006.