On Modelling and Analysis of Dynamic Reconfiguration of Dependable Real-Time Systems

This paper motivates the need for a formalism for the modelling and analysis of dynamic reconfiguration of dependable real-time systems. We present requirements that the formalism must meet, and use these to evaluate well established formalisms and two process algebras that we have been developing, namely, Webpi and CCSdp. A simple case study is developed to illustrate the modelling power of these two formalisms. The paper shows how Webpi and CCSdp represent a significant step forward in modelling adaptive and dependable real-time systems.Comment: Presented and published at DEPEND 201

Towards a Formalism-Based Toolkit for Automotive Applications

The success of a number of projects has been shown to be significantly improved by the use of a formalism. However, there remains an open issue: to what extent can a development process based on a singular formal notation and method succeed. The majority of approaches demonstrate a low level of flexibility by attempting to use a single notation to express all of the different aspects encountered in software development. Often, these approaches leave a number of scalability issues open. We prefer a more eclectic approach. In our experience, the use of a formalism-based toolkit with adequate notations for each development phase is a viable solution. Following this principle, any specific notation is used only where and when it is really suitable and not necessarily over the entire software lifecycle. The approach explored in this article is perhaps slowly emerging in practice - we hope to accelerate its adoption. However, the major challenge is still finding the best way to instantiate it for each specific application scenario. In this work, we describe a development process and method for automotive applications which consists of five phases. The process recognizes the need for having adequate (and tailored) notations (Problem Frames, Requirements State Machine Language, and Event-B) for each development phase as well as direct traceability between the documents produced during each phase. This allows for a stepwise verification/validation of the system under development. The ideas for the formal development method have evolved over two significant case studies carried out in the DEPLOY project

Formal modelling and analysis of dynamic reconfiguration of dependable systems

PhD ThesisThe contribution of this thesis is a novel way of formally modelling and analyzing dynamic process reconfiguration in dependable systems. Modern dependable systems are required to be flexible, reliable, available and highly predictable. One way of achieving flexibility, reliability and availability is through dynamic reconfiguration. That is, by changing at runtime the structure of a system – consisting of its components and their communication links – or the hardware location of its software components. However, predicting the system’s behaviour during its dynamic reconfiguration is a challenge, and this motivates our research. Formal methods can determine whether or not a system’s design is correct, and design correctness is a key factor in ensuring the system will behave predictably and reliably at runtime. Therefore, our approach is formal. Existing research on software reconfiguration has focused on planned reconfiguration and link mobility. The focus of this thesis is on unplanned process reconfiguration. That is, the creation, deletion and replacement of processes that is not designed into a system when it is manufactured. We describe a process algebra (CCSdp) which is CCS extended with a new type of process (termed a fraction process) in order to model process reconfiguration. We have deliberately not introduced a new operator in CCSdp in order to model unplanned reconfiguration. Instead, we define a bisimulation ( o f ) that is used to identify a process for reconfiguration by behavioural matching. The use of behavioural matching based on o f (rather than syntactic or structural congruence-based matching) helps to make models simple and terse. However, o f is too weak to be a congruence. Therefore, we strengthen the conditions defining o f to obtain another bisimulation ( dp) which is a congruence, and (therefore) can be used for equational reasoning. Our notion of fraction process is recursive to enable fractions to be themselves reconfigured. We bound the depth of recursion of a fraction and its successors in order to ensure that o f and dp are decidable. Furthermore, we restrict the set of states in a model of a system to be finite, which also supports decidability of the two bisimulations and helps model checking. We evaluate CCSdp in two ways. First, with respect to requirements used to evaluate other formalisms. Second, through a simple case study, in which the reconfiguration of an o ce workflow is modelled using CCSdp.EPSRC fundin

Verifiable resilience in architectural reconfiguration

This thesis addresses the formal veri cation of a support infrastructure for resilient dynami- cally recon gurable systems. A component-based system, whose architectural con guration may change at runtime, is classed as dynamically recon gurable. Such systems require a support infrastructure for the control of recon gurations to provide resilience. The veri cation of such recon guration support increases the trust that developers and stakeholders may place on the system. The thesis de nes an architectural model of an infrastructure of services for the support of dynamic recon guration and takes a formal approach to the de nition and veri cation of one aspect of the infrastructure. The execution of recon guration policies in a recon guration infrastructure provides guidance to the architectural change to be enacted on a recon gurable system. These recon guration policies are often produced using a language with informal syntax and no formal semantics. Predicting properties of these policies governing recon guring systems has yet to be attempted. In this thesis, we de ne RPL { a recon guration policy language with a formal syntax and semantics. With the use of a case study, theories of RPL and an example policy are developed and the veri cation of key proof obligations and validation conjectures of policies expressed in RPL is demonstrated. The contribution of the thesis is two-fold. Firstly, the architectural de nition of a support infrastructure provides a lasting contribution in that it suggests a clear direction for future work in dynamic recon guration. Secondly, through the formal de nition of RPL and the veri cation of properties of policies, the thesis provides a basis for the use of formal veri cation in dynamic recon guration and, more speci cally, in policies for dynamic recon guration.EThOS - Electronic Theses Online ServiceEPSRC DIRC ProjectGBUnited Kingdo