Automated Multi-graceful Degradation: A Case Study

We focus on the problem of multi-graceful degradation. In multi-graceful degradation, the system provides successively reduced guarantees in the presence of increasingly severe faults. We present an automated technique for generation of a multi-graceful-degraded program from its original fault-intolerant/ideal version. In this algorithm, we begin with (1) an ideal program that satisfies all its specification in the absence of faults, (2) a set of faults that need to be tolerated and (3) reduced requirements in their presence. We subsequently generate several gracefullly degrading programs that only satisfy the reduced requirements. This step also identifies new states to which program needs to recover to satisfy the reduced specification. Subsequently, we utilize the original input program and the generated programs that ensures that (1) in the absence of faults, the entire specification is satisfied and (2) in the presence of faults, the program recovers to states from where the corresponding reduced specification is satisfied. We illustrate our technique with a case study of a system in the fuelcell lab of the Ohio Coal Research Center (OCRC). In this system, it is important to satisfy safety of lab personnel as well as safety of people in the building in which it is located. Moreover, in case of device failures, it is necessary to provide weaker guarantees that capture the best possible protection. In our example, we begin with an ideal model for this system and successively add multi-graceful degradation to obtain the same program (with some abstractions) as the one that was designed manually for this system.