© 2000 by British Computer Society
Formally Verifying Fault Tolerant System Designs
1 Dipartimento di Ingegneria della Informazione, Universi
di Pisa, Via Diotisalvi 2, 56126 Pisa, Italy Email: cinzia@iet.unipi.it 2 Dipartimento di Sistemi e Informatica, Universi di Firenze, via S. Marta 3, 50139 Firenze, Italy
This paper presents an approach for the specification and the verification of the correctness of fault tolerant system designs achieved by the application of fault tolerant techniques. The approach is based on process algebras, equivalence theory and temporal logic. The behaviour of the system in the absence of faults is formally specified and faults are assumed as random events which interfere with the system by modifying its behaviour. The fault tolerant technique is formalized by a context that specifies how replicas of the system cooperate to deal with faults. The system design is proved to behave correctly under a given fault hypothesis by proving the observational equivalence between the system design specification and the fault-free system specification. Additionally, model checking of a temporal logic formula which gives an abstract notion of correct behaviour can be applied to verify the correctness of the design. The opportunities given by the expression of the fault hypothesis using temporal logic are discussed. The actual usability of the approach in real case studies is supported by the availability of automatic tools for equivalence checking and for proving the temporal logic properties by model checking.
Received 13 September, 1999. Revised 5 April, 2000.