To reach this aim of on-line adaption of a fault tolerant system requires new design techniques. This work aims at understanding and mastering the impact of such software modification in operation, especially regarding side effects on functionalities and dependability properties. The underlying technologies must provide separation of concerns, easy decomposition of the software and on-line modelling of the software behaviour to perform the changes without impacting safety and liveness properties.

Our approach relies on a reflective architecture and component-based software engineering but also models of the software that reflects on the one hand the content of the software in terms of state and algorithms (architectural/structural model) and on the other hand the expected correct behaviour (behavioural model). The first one is used to determine the modifications and apply them at runtime, and the second one is used to drive the system in a state in which modifications can be done consistently, and maintain the system in such a state. We have shown that, thanks to manipulation capabilities and execution control, we can master the modification of fault tolerance software.

A complete reflective architecture was defined and includes both adaptation and assessment engines. Currently only a first adaptation engine was developed and applied to a case study. The structural model was described using OpenCOM and the behavioural model was developed with Petri Nets. The analysis of the behavioural model enables Suitable Adaptation States to be identified during the execution to synchronize the adaptation of the software with respect to its execution. This approach was applied to the adaptation of variants of duplex replication strategies.

This work is very promising and challenging. It must be extended to address the evolution of fault tolerant software system that cannot be ignored in the next future. Proactive assessment is also part of the work to be carried out. This is currently of interest for the aerospace industry.