2 april, 2008aadl/uml workshop - belfast1 arcade: a formal, extensible, model-based dependability...
TRANSCRIPT
2 April, 2008 AADL/UML workshop - Belfast 1
Arcade:A formal, extensible, model-based
dependability evaluation framework
Hichem Boudali1, Pepijn Crouzen1,2, Boudewijn R. Haverkort1, Matthias Kuntz1, Mariëlle Stoelinga1
1CS, Twente University, The Netherlands2CS, Saarland University, Germany
2 April, 2008 AADL/UML workshop - Belfast 2
Motivation/Goals
Approaches to dependability evaluation: Low level (CTMC, SPN, SPA) Dependability specific (fault trees) Architecture-based (AADL, UML)
None is perfect, in terms of: Modeling effort Hierarchy & modularity Expressiveness (formal) Clear semantics Effective solution techniques
Our objective: To devise a formalism that scores high on all these aspects
2 April, 2008 AADL/UML workshop - Belfast 3
Our solution: Arcade methodology
Architectural approach (system design) Expressive and extensible Modular modeling Formal semantics (based on I/O-IMC) Efficient state-space generation (compositional-
aggregation technique)
2 April, 2008 AADL/UML workshop - Belfast 4
What’s an I/O-IMC? Combination of I/O automata and CTMC Discrete state space Markovian transitions Interactive transitions Action signature
? - Input actions ! - Output actions ; - Internal actions
Behavior of the system results from the composition of its elements.
Well-defined composition operator & bisimulation equivalence (state minimization)
λ
failed!
2 April, 2008 AADL/UML workshop - Belfast 5
Sketch of the proposal
Processor 1 Processor 2Bus
Process 1 Process 2
Control System
Dependability analysisOther analyses
Std. solver
Result
Dependability Annotation(User)
compositional-aggregation
2 April, 2008 AADL/UML workshop - Belfast 6
Arcade: Current status Use I/O-IMCs as the underlying formal semantics At an architectural level, we have identified/defined:
(1) Basic (physical/logical) components (BC) (2) Repair units (RU) (3) Spare management units (SMU) All kinds of behaviors/interactions/dependencies, e.g.:
Operational/failure modes Repair and spare management policies Functional dependencies
Textual syntax (ultimately graphical and integrate to an ADL) To each component/unit corresponds a pre-defined basic I/O-
IMC Use I/O-IMCs’ machinery to carry out state-space generation
(compositional-aggregation technique) and analysis
2 April, 2008 AADL/UML workshop - Belfast 7
VOP1
HX
VOHX
VB1 VB2
VHX
VIP2FP2
P2 VP2 VOP2
VIHX FHX
reactor
VP1VIP1 FP1 P1motor-driven valve
check valve
pump
heat exchanger
manual valve
filter
repair unit
Key
dependability annotation
P.rep
Architectural design model Extra dependability annotations
Dependability measure
Intermediatestate model
Automated steps
Example & Results
# of states: 98,056
# of transitions: 411,688
Unavailability (50 hours): 6.52100 ∙10-10
Unreliability (50 hours): 52.92420 ∙ 10-10
2 April, 2008 AADL/UML workshop - Belfast 8
Arcade: Tool chain
2 April, 2008 AADL/UML workshop - Belfast 9
Arcade: A summary
Low modeling effort: High level & Graphical Standard features (BC, RU, SMU) Tight to an ADL (alternative to AADL error annex)
Expressive/Extensible Standard features, but also (well-structured) user-
defined features Formal semantics (I/O-IMCs) Compositional & efficient SS generation Hierarchical modeling
Architectural Dependability Evaluation with Arcade.
Dependable Systems & Networks (DSN 2008),
Anchorage, Alaska, USA.
2 April, 2008 AADL/UML workshop - Belfast 10
Extra slides
2 April, 2008 AADL/UML workshop - Belfast 11
Arcade: Example 2
Measure Arcade SAN Galileo
# states 6522 16695 -
Availability 0.999997 0.999997 -
Reliability 0.402018 0.425082 0.402018
2 April, 2008 AADL/UML workshop - Belfast 12
The State-Space Battle
Defined and used the I/O-IMC formalism to describe the semantics of each DFT element.
I/O-IMCs: CTMC + I/O transitions. Semantics of the entire DFT arises naturally as
the composition of its elements’ semantics. Used the compositional-aggregation approach to
combat the state-space explosion problem. Lifted the restrictions extended DFT
formalism.
2 April, 2008 AADL/UML workshop - Belfast 13
The State-Space Battle
Translation Composition +
Hiding
Aggregation
(minimization)
Repeat
Aggregated system CTMC
Result: System failure probability
compositional-aggregation
CORAL