Distributed Priority Synthesis and its Applications

Given a set of interacting components with non-deterministic variable update and given safety requirements, the goal of priority synthesis is to restrict, by means of priorities, the set of possible interactions in such a way as to guarantee the given safety conditions for all possible runs. In distributed priority synthesis we are interested in obtaining local sets of priorities, which are deployed in terms of local component controllers sharing intended next moves between components in local neighborhoods only. These possible communication paths between local controllers are specified by means of a communication architecture. We formally define the problem of distributed priority synthesis in terms of a multi-player safety game between players for (angelically) selecting the next transition of the components and an environment for (demonically) updating uncontrollable variables; this problem is NP-complete. We propose several optimizations including a solution-space exploration based on a diagnosis method using a nested extension of the usual attractor computation in games together with a reduction to corresponding SAT problems. When diagnosis fails, the method proposes potential candidates to guide the exploration. These optimized algorithms for solving distributed priority synthesis problems have been integrated into our VissBIP framework. An experimental validation of this implementation is performed using a range of case studies including scheduling in multicore processors and modular robotics.Comment: 1. Timestamp the joint work "Distributed Priority Synthesis" from four institutes (Verimag, TUM, ISCAS, fortiss). 2. This version (v.2) updates related work in distributed synthesi

Stabilization and Fault-Tolerance in Presence of Unchangeable Environment Actions

We focus on the problem of adding fault-tolerance to an existing concurrent protocol in the presence of {\em unchangeable environment actions}. Such unchangeable actions occur in practice due to several reasons. One instance includes the case where only a subset of the components/processes can be revised and other components/processes must be as is. Another instance includes cyber-physical systems where revising physical components may be undesirable or impossible. These actions differ from faults in that they are simultaneously {\em assistive} and {\em disruptive}, whereas faults are only disruptive. For example, if these actions are a part of a physical component, their execution is essential for the normal operation of the system. However, they can potentially disrupt actions taken by other components for dealing with faults. Also, one can typically assume that fault actions will stop for a long enough time for the program to make progress. Such an assumption is impossible in this context. We present algorithms for adding stabilizing fault-tolerance, failsafe fault-tolerance and masking fault-tolerance. Interestingly, we observe that the previous approaches for adding stabilizing fault-tolerance and masking fault-tolerance cannot be easily extended in this context. However, we find that the overall complexity of adding these levels of fault-tolerance remains in P (in the state space of the program). We also demonstrate that our algorithms are sound and complete

Automated Addition of Fault Recovery to Cyber-physical Component-based Models ∗

In this paper, we concentrate on automated synthesis of fault recovery mechanism for fault-intolerant componentbased models that encompass a cyber-physical system. We define the notion of fault recovery for cyber-physical component-based models. We also present synthesis constraints that preserve the correctness and cyber-physical nature of a given fault-intolerant model under which recovery can be added. We show that the corresponding synthesis problem is NP-complete and consequently introduce symbolic heuristics to tackle the exponential complexity. Our experimental results validate effectiveness of our heuristics for relatively large models. Categories and Subject Descriptors D.4.5 [Operating Systems]: Reliability—Fault-tolerance