Formal modelling and analysis of dynamic reconfiguration of dependable systems

PhD ThesisThe contribution of this thesis is a novel way of formally modelling and analyzing dynamic process reconfiguration in dependable systems. Modern dependable systems are required to be flexible, reliable, available and highly predictable. One way of achieving flexibility, reliability and availability is through dynamic reconfiguration. That is, by changing at runtime the structure of a system – consisting of its components and their communication links – or the hardware location of its software components. However, predicting the system’s behaviour during its dynamic reconfiguration is a challenge, and this motivates our research. Formal methods can determine whether or not a system’s design is correct, and design correctness is a key factor in ensuring the system will behave predictably and reliably at runtime. Therefore, our approach is formal. Existing research on software reconfiguration has focused on planned reconfiguration and link mobility. The focus of this thesis is on unplanned process reconfiguration. That is, the creation, deletion and replacement of processes that is not designed into a system when it is manufactured. We describe a process algebra (CCSdp) which is CCS extended with a new type of process (termed a fraction process) in order to model process reconfiguration. We have deliberately not introduced a new operator in CCSdp in order to model unplanned reconfiguration. Instead, we define a bisimulation ( o f ) that is used to identify a process for reconfiguration by behavioural matching. The use of behavioural matching based on o f (rather than syntactic or structural congruence-based matching) helps to make models simple and terse. However, o f is too weak to be a congruence. Therefore, we strengthen the conditions defining o f to obtain another bisimulation ( dp) which is a congruence, and (therefore) can be used for equational reasoning. Our notion of fraction process is recursive to enable fractions to be themselves reconfigured. We bound the depth of recursion of a fraction and its successors in order to ensure that o f and dp are decidable. Furthermore, we restrict the set of states in a model of a system to be finite, which also supports decidability of the two bisimulations and helps model checking. We evaluate CCSdp in two ways. First, with respect to requirements used to evaluate other formalisms. Second, through a simple case study, in which the reconfiguration of an o ce workflow is modelled using CCSdp.EPSRC fundin

Specification and Validation of Dynamic Systems Using Temporal Logic

Many modern systems show dynamic characteristics in a sense that they change their con guration dynamically during run-time. In object-oriented systems, for example, the con guration of objects and their links changes to reect the state of systems. Unfortunately, few analysis techniques address the dynamic nature explicitly and, thus, there is a gap between analysis result and reality. That is, it is a challenge to analyze the properties of dynamic evolution without information loss