Formal Fault Tolerant Architecture

This paper shows the need of development by refinement: from most abstract specification to the implementation, in order to ensure 1) the traceability of the needs and requirements, 2) a good management of the development and 3) a reliable and fault-tolerant design of systems. We propose a formal architecture of models and methods for critical requirements and fault-tolerance. System complexity increases and the choices of their implementation are numerous. So the architecture verification achieves a prominent role in the system design cycle. Fault detecting at this early level decreases the time and costs of correction. We show how a formal method, B method, may be used to write the abstract specification of a system then to product correct-by-construction architecture through many steps of formal refinement. During these steps, a fault scenario is injected with a suitable introspective reaction by the system. All refinement steps, including the introspective correction, should be proven to be correct and satisfy the initial specification of the system. At the lower levels, design is separated between hardware and software communities. But even at these levels many design traces could be captured to prove not only the consistency of each design unit but the coherence between the different sub-parts: software, digital or other technologies