J. Peleska. Design and verification of fault tolerant systems with CSP. Distributed Computing, 5:95--106, 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....by construction ) has so far not received much attention. This may be partly due to indirect verification of fault tolerance which dominates in literature: by reduction to proving correctness of a fault affected system, obtained by inserting syntactically all anticipated faults, e.g. [5, 3, 12, 11, 13, 16]. As shown in [7] for bisimulations, this method is in general insufficient for claiming fault tolerance because it does not deal adequately with unpredictability of faults: fault tolerance should be invariant under the removal of an arbitrary set of faults from the assumptions. In other words: ....

J. Peleska. Design and verification of fault tolerant systems with CSP. Distributed Computing, 5:95--106, 1991.

.... to a fault assumption F aults and a specification Spec, we only proceed to prove correctness of an implementation T (Impl; F aults) representing syntactically how Impl behaves in the presence of F aults [12, 13, 7] this reduction is most common without introducing the transformation T explicitly [5, 4, 10, 18, 14, 15, 17, 11, 3, 19]. Although attractive for many reasons, e.g. reuse of a variety of tools and techniques already available for proving correctness, the method also raises some questions about its feasibility and applicability. Feasibility: correctness under all anticipated faults is necessary for provable ....

J. Peleska. Design and verification of fault tolerant systems with CSP. Distributed Computing, 5:95--106, 1991.

.... Psi p, provided the number of successive permutations is not greater than n: Bufm n 2 e T (Spn a Bufm a Rpn ; Psi p; n) 2 8 Conclusions Currently, there is a number of methods for specifying and proving correctness of systems which are tolerant of faults in the operating environment [Cri85, JH87, LJ91, Nor92, Pel91, PJ93, Pra87]. Based on different formalisms and various semantic models, of systems and faults, using different ways to represent effects of faults on the behaviour of systems, they are difficult to compare and relate. In particular, it is not certain whether a system which is fault tolerant with respect to ....

J. Peleska. Design and verification of fault tolerant systems with CSP. Distributed Computing, 5:95--106, 1991.

....elaborate algebraic manipulation whereas real time properties are dealt with by the more sophisticated timed failure model. The compatibility of the two models is taken care by the theory of timewise refinement. CSP has been used in the design and verification of fault tolerant systems elsewhere [11, 12], but without addressing the timing dimension. Our treatment also differs in the modelling of faults we do not model faults as explicit events but rather we model the nondeterministic behaviour of faulty processes. As a result, a component need not be aware of faults occurred in other ....

Jan Peleska. Design and verification of fault tolerant systems with CSP. Distributed Computing, 5:95--106, 1991.

.... a fault assumption F aults and a specification Spec, we only proceed to prove correctness of an implementation T (Impl; F aults) representing syntactically how Impl behaves in the presence of F aults [12, 13, 7] this reduction is most common without introducing the transformation T explicitly [5, 4, 10, 18, 14, 15, 17, 11, 3, 19]. Although attractive for many reasons, e.g. reuse of a variety of tools and techniques already available for proving correctness, the method also raises some questions about its feasibility and applicability. Feasibility: correctness under all anticipated faults is necessary for provable ....

J. Peleska. Design and verification of fault tolerant systems with CSP. Distributed Computing, 5:95--106, 1991.

....with the effects of faults that have occurred by partitioning the initial state space into disjoint subspaces, and providing a separate specification for each part. In the formalisms that have been proposed in the more recent literature to deal with the occurrence of faults during execution (cf. [5, 12, 13, 17, 20, 27]) the occurrence of a fault is modeled explicitly. In contrast, we want to model the effects of faults on the externally visible input and output behaviour and let the syntactic interface of a process remain unchanged. For instance, we do not separate the observable actions generated by the ....

J. Peleska, Design and verification of fault tolerant systems with CSP, Distributed Computing 5 (1991) 95--106.

....by construction ) has so far not received much attention. This may be partly due to indirect verification of fault tolerance which dominates in literature: by reduction to proving correctness of a fault affected system, obtained by inserting syntactically all anticipated faults, e.g. [5, 3, 12, 11, 13, 16]. As shown in [7] for bisimulations, this method is in general insufficient for claiming fault tolerance because it does not deal adequately with unpredictability of faults: fault tolerance should be invariant under the removal of an arbitrary set of faults from the assumptions. In other words: ....

J. Peleska. Design and verification of fault tolerant systems with CSP. Distributed Computing, 5:95--106, 1991.

....4. In [1] we have applied the approach to an alternative fault tolerant technique based on an error detection mechanism and a couple of mirrored disks, analysing the set of tolerated faults. 5 Conclusions A lot of effort has been put on the formalisation of fault tolerance in literature [4, 5, 6, 12, 14, 17, 18, 19, 20, 21, 22, 23, 24]. In this paper we have shown how it is possible to formally reason about the fault coverage of a fault tolerant technique. Actions which explicitly model fault occurrences have been introduced for a b c d e f g h m n content1 content0 read1 write10 write11 write21 write21 write10 write20 ....

Peleska, J.: Design and verification of fault tolerant systems with CSP. Distributed Computing, 5 (2), (1990) 95--106

No context found.

J. Peleska. Design and verification of fault tolerant systems with CSP. Distributed Computing, 5:95--106, 1991.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC