Dealing with Faults During Operations: Beyond Classical Use of Formal Methods

Abstract

Formal methods provide support for validation and verification of interactive systems by means of complete and unambiguous description of the envisioned system. Used in the early stages of the development process, they allow detecting and correcting development faults at design and development time. However, events that are beyond the envelope of the formal description may occur and trigger unexpected behaviours in the system at execution time (inconsistent from the formally specified system) resulting in failures. Sources of such interactive system failures can be permanent or transient hardware failures, due to, e.g. natural faults triggered by alpha particles from radioactive contaminants in the chips or neutrons from cosmic radiation. This chapter first presents a systematic identification of the faults that can be introduced in the system during both at development and operations time and how formal methods can be used in such context. To exemplify such usage of formal methods, we present their use to describe software architecture and self-checking components to address these faults in the context of interactive systems. As those faults are more likely to occur in the high atmosphere, the proposed solutions are illustrated using an interactive application within the field of interactive cockpits. This application allows us to demonstrate the use of the concepts and their application for WIMP interactive systems (such as the ones of the nuclear case study of the book).