In this paper, we present an approach for fault-tolerant synthesis by combining predefined patterns for fault-tolerance with algorithmic game solving. A non-fault-tolerant system, together with the relevant fault hypothesis and fault-tolerant mechanism templates in a pool are translated into a distributed game, and we perform an incomplete search of strategies to cope with undecidability. The result of the game is translated back to executable code concretizing fault-tolerant mechanisms using constraint solving. The overall approach is implemented to a prototype tool chain and is illustrated using examples.
In this paper, we investigate methods to perform automatic fault-tolerant (FT for short) synthesis under the context of embedded systems, where our goal is to generate executable code which can be deployed on dedicated hardware platforms.
Creating such a tool supporting the fully-automated process is very challenging as the inherent complexity is high: bringing FT synthesis from theory to practice means solving a problem consisting of (a) interleaving semantics, (b) timing, (c) fault-tolerance, (d) dedicated features of concrete hardware, and optionally, (e) the code generation framework. To generate tamable results, we first constrain our problem space to some simple yet reasonable scenarios (sec. II). Based on these scenarios we can start system modeling (sec. III) taking into account all above mentioned aspects.
To proceed further, we find it important to observe the approach nowadays to understand the need: for engineers working on ensuring fault-tolerance of a system, once the corresponding fault model is decided, a common approach is to select some fault-tolerant patterns [14] (e.g., fragments of executable code) from a pattern pool. Then engineers must fine-tune these mechanisms, or fill in unspecified information in the patterns to make them work as expected. With the above scenario in mind, apart from generating complete FT mechanisms from specification, our synthesis technique emphasizes automatic selection of predefined FT patterns and automatic tuning such that details (e.g., timing) can be filled without human intervention. This also reduces a potential problem where unwanted FT mechanisms are synthesized due to under-specification. Following the statement, we translate the system model, the fault hypothesis, and the set of available FT patterns into a distributed game [18] (sec. V), and a strategy generated by the game solver can be interpreted as a selection of FT patterns together with guidelines of tuning.
For games, it is known that solving distributed games is, in most cases, undecidable [18]. To cope with undecidability, we restrict ourselves to the effort of finding positional strategies (mainly for reachability games). We argue that finding positional strategies is still practical, as the selected FT patterns may introduce additional memory during game creation. Hence, a positional strategy (by pattern selection) combined with selected FT patterns generates mechanisms using memory. By posing this restriction, the problem of finding a strategy of the game (for control) is NP-Complete (sec. VI), and searching techniques (e.g., SAT translation or combining forward search with BDD) are thus applied to assist the finding of solutions.
The final step of the automated process is to translate the result of synthesis back to concrete implementation: the main focus is to ensure that the newly synthesized mechanisms do not change the implementability of the original system (i.e., the new system is schedulable). Based on our modeling framework, this problem can be translated to a linear constraint system, which can be solved efficiently by existing tools.
To evaluate our methods, we have created our prototype software, which utilizes the model-based approach to facilitate the design, synthesis, and code generation for fault-tolerant embedded systems. We demonstrate two small yet representative examples with our tool for a proof-of-concept (sec. VIII); these examples indicate the applicability of the approach. Lastly, we conclude this paper with an overview of related work (sec. IX) and a brief summary including the flow of our approach (sec. X).
We give a motivating scenario in embedded systems to facilitate our mathematical definitions. The simple system described in Figure 1 contains two processes A, B and one bidirectional network N . Processes A and B start executing sequential actions together with a looping period of 100ms. In each period, A first reads an input using a sensor to • T i : N → Q is a function which maps the index (or priority) of a message to the worst case message transmission time (WCMTT). • size i is the number of messages used in N i .
[Example] Based on the above definitions, the system under execution in section II-A can be easily modeled by PISEM: let A, B, and N in section II-A be renamed in a PISEM as A 1 , A 2 , and N 1 . For simplicity, we use A.j to represent the variable j in process A, assume that the network transmission time is 0, and let v env contain only one variable v in A 1 . Then in the modeled PISEM, we have N 1 = (f : N → 0, 1), T = 100, and the action sequence of process A 1 is
For convenience, we use |σ i | to represent the length of the action sequence σ i , σ j .deadline to represent the deadline of σ j , and iSet(σ i ) to represent a set containing (a) the set of subscript numbers in σ i and (b) |σ i |+1, i.e., {1, . . . , k i , k i +1}.
Definition 2: The configuration of S is ( i=1…n A (v i , v envi , ∆ nexti ), j=1…n N (occu j , s j
This content is AI-processed based on open access ArXiv data.
