Formal Modelling and Analysis of Dynamic Reconfiguration of Dependable Systems (2013)
The full text of this thesis is available from the Newcastle University Library website: https://theses.ncl.ac.uk/dspace/handle/10443/1851
Bhattacharyya, A., School of Computing Science, University of Newcastle upon Tyne
The contribution of this thesis is a novel way of formally modelling and analyzing dynamic process reconfiguration in dependable systems. Modern dependable systems are required to be flexible, reliable, available and highly predictable. One way of achieving flexibility, reliability and availability is through dynamic reconfiguration. That is, by changing at runtime the structure of a system - consisting of its components and their communication links - or the hardware location of its software components. However, predicting the system's behaviour during its dynamic reconfiguration is a challenge, and this motivates our research. Formal methods can determine whether or not a system's design is correct, and design correctness is a key factor in ensuring the system will behave predictably and reliably at runtime. Therefore, our approach is formal. Existing research on software reconfiguration has focused on planned reconfiguration and link mobility. The focus of this thesis is on unplanned process reconfiguration. That is, the creation, deletion and replacement of processes that is not designed into a system when it is manufactured. We describe a process algebra (CCSdp) which is CCS extended with a new type of process (termed a fraction process) in order to model process reconfiguration. We have deliberately not introduced a new operator in CCSdp in order to model unplanned reconfiguration. Instead, we define a bisimulation (~of) that is used to identify a process for reconfiguration by behavioural matching. The use of behavioural matching based on ~of (rather than syntactic or structural congruence-based matching) helps to make models simple and terse. However, ~of is too weak to be a congruence. Therefore, we strengthen the conditions defining ~of to obtain another bisimulation (~dp) which is a congruence, and (therefore) can be used for equational reasoning. Our notion of fraction process is recursive to enable fractions to be themselves reconfigured. We bound the depth of recursion of a fraction and its successors in order to ensure that ~of and ~dp are decidable. Furthermore, we restrict the set of states in a model of a system to be finite, which also supports decidability of the two bisimulations and helps model checking. We evaluate CCSdp in two ways. First, with respect to requirements used to evaluate other formalisms. Second, through a simple case study, in which the reconfiguration of an office workflow is modelled using CCSdp.