Automatic Synthesis of Fault-tolerance

AUTOMATIC SYNTHESIS OF FAULT-TOLERANCE By Ali Ebnenasir Fault-tolerance is an important property of today’s software systems as we rely on computers in our daily affairs (e.g., medical equipments, transportation systems, etc). Since it is difficult (if not impossible) to anticipate all classes of faults that perturb a program while designing that program, it is desirable to incrementally add fault-tolerance concerns to an existing program as we encounter new classes of faults. Hence, in this dissertation, we concentrate on automatic addition of fault-tolerance to (distributed) programs; i.e., synthesizing fault-tolerant programs from their faultintolerant version. Such automated synthesis generates a fault-tolerant program that is correct by construction, thereby alleviating the need for its proof of correctness. Also, there exists a potential for reusing the computations of the fault-intolerant program during the synthesis of its fault-tolerant version. In the absence of faults, the synthesized fault-tolerant program should behave similar to the fault-intolerant program. In the presence of faults, the synthesized fault-tolerant program has to provide a desired level of fault-tolerance, namely failsafe, nonmasking, or masking fault-tolerance. A failsafe fault-tolerant program guarantees safety even in the presence of faults. In the presence of faults, a nonmasking faulttolerant program recovers to states from where its safety and liveness specifications are satisfied. A masking fault-tolerant program always satisfies safety and recovers to states from where its safety and liveness specifications are satisfied. To provide a foundation for automatic synthesis of fault-tolerant programs, we concentrate on two directions: theoretical aspects, and the development of a software framework for the synthesis of fault-tolerant programs. The main contributions of the dissertation regarding theoretical aspects are as follows: • We identify the effect of safety specification modeling on the complexity of synthesizing fault-tolerant programs from their fault-intolerant version. • We show the NP-completeness proof of synthesizing failsafe fault-tolerant distributed programs from their fault-intolerant version. • We identify the sufficient conditions for polynomial-time synthesis of failsafe fault-tolerant distributed programs. • We design a sound and complete synthesis algorithm for enhancing the faulttolerance of high atomicity programs – where program processes can atomically read/write all program variables – from nonmasking to masking. • We present a sound algorithm for enhancing the fault-tolerance of distributed programs – where program processes have read/write restriction with respect to program variables. • We present a synthesis method for providing reuse in the synthesis of different programs where we automatically specify and add pre-synthesized faulttolerance components to programs. • We define and address the problem of synthesizing multitolerant programs that are subject to multiple classes of faults and provide (possibly) different levels of fault-tolerance corresponding to each fault-class. To validate our theoretical results, we develop an extensible software framework, called Fault-Tolerance Synthesizer (FTSyn), where developers of fault-tolerance can interactively synthesize fault-tolerant programs. Also, FTSyn provides a platform for developers of heuristics to extend FTSyn by integrating their heuristics for the addition of fault-tolerance in FTSyn. Using FTSyn, we have synthesized several fault-tolerant distributed programs that demonstrate the applicability of FTSyn for the cases where we have different types of faults, and for the cases where a program is subject to multiple simultaneous faults. c © Copyright by Ali Ebnenasir 2005 To my parents and my wife for all their love and sacrifices.