A pattern-based approach for modeling and analyzing error recovery

Several approaches exist for modeling recovery of faulttolerant systems during the requirements analysis phase. Most of these approaches are based on design techniques for recovery. Such designbiased analysis methods unnecessarily constrain an analyst when specifying recovery requirements. To remedy such restrictions, we present an object analysis pattern, called the corrector pattern, that provides a generic reusable strategy for modeling error recovery requirements for embedded systems. In addition to templates for constructing structural and behavioral models of recovery requirements, the corrector pattern also contains templates for specifying properties that can be formally verified to ensure the consistency between recovery and functional requirements. Additional property templates can be instantiated and verified to ensure the fault-tolerance of the system to which the corrector pattern has been applied. We validate our analysis method in terms of UML diagrams, where we (1) use the corrector pattern to model recovery in UML behavioral models, (2) generate and model check formal models of the resulting UML models, and (3) visualize the model checking results in terms of the UML diagrams to facilitate model refinement. We demonstrate our analysis method in the context of an industrial automotive application