Results 11  20
of
69
Structured Redundancy for Fault Tolerance in LTI StateSpace Models and Petri Nets
 Kybernetika
, 1999
"... The design and implementation of dynamic systems has traditionally focused on minimal representations which require the least number of state variables. However, \structured redundancy"  redundancy that has been intentionally introduced in some systematic way  can be extremely important when ..."
Abstract

Cited by 13 (13 self)
 Add to MetaCart
(Show Context)
The design and implementation of dynamic systems has traditionally focused on minimal representations which require the least number of state variables. However, \structured redundancy"  redundancy that has been intentionally introduced in some systematic way  can be extremely important when fault tolerance is desired. The redundancy can be used to detect and correct errors or to guarantee desirable performance despite hardware or computational failures. Modular redundancy, the traditional approach to fault tolerance, is prohibitively expensive because of the overhead in replicating the hardware. This paper discusses alternative methods for systematically introducing redundancy in dynamic systems. Our approach consists of mapping the state space of the original system into a redundant space of higher dimension while preserving the properties of the original system in some encoded form within this larger space. We illustrate our approach by focusing on linear timeinvariant (LTI) dyna...
Global Development via Local Observational Construction Steps
, 2002
"... The way that refinement of individual "local" components of a specification relates to development of a "global" system from a specification of requirements is explored. Observational interpretation of specifications and refinements add expressive power and flexibility while brin ..."
Abstract

Cited by 9 (6 self)
 Add to MetaCart
(Show Context)
The way that refinement of individual "local" components of a specification relates to development of a "global" system from a specification of requirements is explored. Observational interpretation of specifications and refinements add expressive power and flexibility while bringing in some subtle problems. The results are instantiated in the context of Casl architectural specifications.
Encoded Dynamics for Fault Tolerance in Linear FiniteState Machines
 IEEE Transactions on Automatic Control
, 2002
"... Modular redundancy, the traditional approach to fault tolerance, is prohibitively expensive because of the overhead in replicating the hardware. In this paper we discuss fault tolerance in linear finitestate machines (LFSM's) and present a range of alternatives to modular redundancy. Our appro ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
Modular redundancy, the traditional approach to fault tolerance, is prohibitively expensive because of the overhead in replicating the hardware. In this paper we discuss fault tolerance in linear finitestate machines (LFSM's) and present a range of alternatives to modular redundancy. Our approach replaces a given LFSM with a larger, redundant one that preserves the state, evolution and properties of the original LFSM, perhaps in some linearly encoded form. The encoded state of the larger LFSM allows an external mechanism to perform error detection and correction by identifying and analyzing violations of the code restrictions. For a given LFSM and a given linear coding scheme, we completely characterize the class of appropriate redundant machines and illustrate how error detection and correction can be performed using techniques already developed in the communications setting. The existence of the class of redundant machines is a possibility that was not considered in previous work; we illustrate the consequences and applications of our approach through examples.
Toward ComponentOriented Formal Software Development: An Algebraic Approach (Extended Abstract)
"... Component based design and development of software is one of the most challenging issues in software engineering. In this paper, we adopt a somewhat simplified view of software components and discuss how they can be conveniently modeled in a framework that provides a modular approach to formal ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
Component based design and development of software is one of the most challenging issues in software engineering. In this paper, we adopt a somewhat simplified view of software components and discuss how they can be conveniently modeled in a framework that provides a modular approach to formal software development by means of stepwise refinements. In particular we take into account an observational interpretation of requirements specifications and study its impact on the definition of the semantics of specifications of (parametrized) components. Our study is carried out in the context of Casl architectural specifications.
A Decomposition Theorem for Probabilistic Transition Systems
, 1995
"... In this paper we prove that every finite Markov chain can be decomposed into a cascade product of a Bernoulli process and several simple permutationreset deterministic automata. The original chain is a statehomomorphic image of the product. By doing so we give a positive answer to an open question ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
In this paper we prove that every finite Markov chain can be decomposed into a cascade product of a Bernoulli process and several simple permutationreset deterministic automata. The original chain is a statehomomorphic image of the product. By doing so we give a positive answer to an open question stated in [Paz71] concerning the decomposability of probabilistic systems. Our result is based on the observation that in probabilistic transition systems, "randomness" and "memory" can be separated so as to allow the nonrandom part to be treated using common deterministic automatatheoretic techniques. The same separation technique can be applied to other kinds of nondeterminism as well. 1 Preliminaries The object of our study is a probabilistic inputoutput statetransition system. Its definition is not new and has appeared under various names in the past (e.g., [Arb68, Paz71, Sta72]). Definition 1 (Probabilistic Transition Systems) A probabilistic transition system (PTS) is a quadr...
F.W.: A theory of normed simulations
 ACM Trans. Comput. Log
, 2004
"... In existing simulation proof techniques, a single step in a lowerlevel specification may be simulated by an extended execution fragment in a higherlevel one. As a result, it is cumbersome to mechanize these techniques using general purpose theorem provers. Moreover, it is undecidable whether a giv ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
In existing simulation proof techniques, a single step in a lowerlevel specification may be simulated by an extended execution fragment in a higherlevel one. As a result, it is cumbersome to mechanize these techniques using general purpose theorem provers. Moreover, it is undecidable whether a given relation is a simulation, even if tautology checking is decidable for the underlying specification logic. This paper studies various types of normed simulations. In a normed simulation, each step in a lowerlevel specification can be simulated by at most one step in the higherlevel one, for any related pair of states. In earlier work we demonstrated that normed simulations are quite useful as a vehicle for the formalization of refinement proofs via theorem provers. Here we show that normed simulations also have pleasant theoretical properties: (1) under some reasonable assumptions, it is decidable whether a given relation is a normed forward simulation, provided tautology checking is decidable for the underlying logic; (2) at the semantic level, normed forward and backward simulations together form a complete proof method for establishing behavior inclusion, provided that the higherlevel
Representation of a Class of Nondeterministic Semiautomata by Canonical Words
, 2005
"... Abstract. It has been shown recently that deterministic semiautomata can be represented by canonical words and equivalences; that work was motivated by the traceassertion method for specifying software modules. Here we generalize these ideas to a class of nondeterministic semiautomata. A semiautoma ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Abstract. It has been shown recently that deterministic semiautomata can be represented by canonical words and equivalences; that work was motivated by the traceassertion method for specifying software modules. Here we generalize these ideas to a class of nondeterministic semiautomata. A semiautomaton is settable if, for every state q, there exists a word wq such that q can be reached from some initial state by a path spelling wq, and no other state can be reached from an initial state by a path spelling wq. We extend many results from the deterministic case to settable nondeterministic semiautomata. Each word now has a number of canonical representatives. We show that a prefixrewriting system exists for transforming any word to any of its representatives. In case the set of canonical words is prefixcontinuous (meaning that, if a word w and a prefix u of w are in the set, then all prefixes of w longer than u are also in the set), the rewriting system has no infinite derivations. Examples of specifications of nondeterministic modules are given. 1
On the Cascaded Decomposition of Automata, its Complexity and its Application to Logic
 ACTS Mobile Communication
, 1994
"... The primary decomposition theorem due to Krohn and Rhodes ([KR65]), which has been considered as one of the fundamental results in the theory of automata and semigroups, states that every automaton is homomorphic to a cascaded decomposition (wreathproduct) of simpler automata of two kinds: reset au ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
The primary decomposition theorem due to Krohn and Rhodes ([KR65]), which has been considered as one of the fundamental results in the theory of automata and semigroups, states that every automaton is homomorphic to a cascaded decomposition (wreathproduct) of simpler automata of two kinds: reset automata and permutation automata. If the automaton is noncounting (and correspondingly its transformation semigroup is groupfree) then it can be decomposed using only reset components. There exist various proofs and partial proofs for the primary decomposition theorem e.g., [HS66, Ze67a, Ze67b, Gi68, MT69, La71, We76, Ei76]. None of them give explicit bounds on the size of the decomposition. 1 In this paper we give tight exponential bounds on the size of the decomposition as a function of the size of the original automaton. For the upperbound we give an exponential algorithm by modifying the implicit construction appearing in [Ei74]. Our algorithm is constructive enough to allow implemen...