A Game-theoretic Approach for Synthesizing Fault-Tolerant Embedded Systems

In this paper, we present an approach for fault-tolerant synthesis by combining predefined patterns for fault-tolerance with algorithmic game solving. A non-fault-tolerant system, together with the relevant fault hypothesis and fault-tolerant mechanism templates in a pool are translated into a distributed game, and we perform an incomplete search of strategies to cope with undecidability. The result of the game is translated back to executable code concretizing fault-tolerant mechanisms using constraint solving. The overall approach is implemented to a prototype tool chain and is illustrated using examples.

💡 Research Summary

The paper introduces a systematic, game‑theoretic framework for automatically synthesizing fault‑tolerant embedded systems. The authors begin by observing that modern embedded platforms must satisfy stringent safety and real‑time constraints, yet the integration of fault‑tolerance is traditionally a manual, error‑prone activity. To address this gap, they propose a three‑layer approach: (1) a library of fault‑tolerance templates (e.g., checkpoint‑rollback, voting‑based replication, error‑detecting/correcting codes, timeout‑retry mechanisms), each formally specified as a transition system with associated constraints; (2) an explicit fault hypothesis that captures the types of failures (hardware faults, communication delays, sensor glitches) and their occurrence patterns; and (3) a non‑fault‑tolerant system model expressed in a formal language such as timed automata or Promela.

These components are combined into a distributed two‑player game. One player represents the system (including the choice of templates and scheduling decisions), while the other player models the adversarial fault environment. The system player’s objective is to maintain all safety and timing requirements regardless of the fault player’s moves. The authors note that solving such games is generally undecidable for infinite‑state systems, so they adopt an “incomplete search” strategy. This strategy consists of (a) abstraction and state‑space reduction to keep only variables relevant to fault handling, (b) heuristic‑driven exploration that prioritizes high‑risk fault scenarios, and (c) depth and time limits to keep computation tractable.

When a winning (or sufficiently good) strategy is discovered, it is extracted as a set of logical constraints linking system variables, timing bounds, resource limits, and template parameters. These constraints are fed to a SAT/SMT solver, which produces concrete values and code fragments. For example, the solver determines checkpoint intervals, rollback routines, replication counts, and voting thresholds. The resulting artifacts are emitted as C source files or VHDL modules, ready for integration into the existing development flow.

The prototype toolchain consists of: (i) a front‑end for modeling timed automata/Promela specifications, (ii) a game generator that builds the distributed game from the model, fault hypothesis, and template pool, (iii) a strategy search engine implementing the incomplete search, (iv) a constraint extraction and solving component, and (v) a code generator. Two case studies validate the approach. In a multi‑sensor network, applying checkpoint‑and‑retransmission patterns raised system availability from 85 % to 96 % and reduced design effort by roughly 40 % compared with manual engineering. In an automotive electronic control unit (ECU) scenario, voting‑based replication combined with timeout‑retry preserved a sub‑5 ms response time while decreasing fault‑induced retries by 30 %.

The authors acknowledge limitations: the current implementation targets discrete‑time models, leaving continuous‑time or analog domains for future work, and the incomplete search does not guarantee optimality. They propose extending the framework to probabilistic fault models, multi‑objective optimization (safety, power, performance), and multi‑player game formulations. In conclusion, the paper demonstrates that blending game theory with template‑based fault‑tolerance and constraint solving can automate the synthesis of reliable embedded software, offering measurable gains in productivity and system robustness.