![Page 1: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/1.jpg)
2 April, 2008 AADL/UML workshop - Belfast 1
Arcade:A formal, extensible, model-based
dependability evaluation framework
Hichem Boudali1, Pepijn Crouzen1,2, Boudewijn R. Haverkort1, Matthias Kuntz1, Mariëlle Stoelinga1
1CS, Twente University, The Netherlands2CS, Saarland University, Germany
![Page 2: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/2.jpg)
2 April, 2008 AADL/UML workshop - Belfast 2
Motivation/Goals
Approaches to dependability evaluation: Low level (CTMC, SPN, SPA) Dependability specific (fault trees) Architecture-based (AADL, UML)
None is perfect, in terms of: Modeling effort Hierarchy & modularity Expressiveness (formal) Clear semantics Effective solution techniques
Our objective: To devise a formalism that scores high on all these aspects
![Page 3: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/3.jpg)
2 April, 2008 AADL/UML workshop - Belfast 3
Our solution: Arcade methodology
Architectural approach (system design) Expressive and extensible Modular modeling Formal semantics (based on I/O-IMC) Efficient state-space generation (compositional-
aggregation technique)
![Page 4: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/4.jpg)
2 April, 2008 AADL/UML workshop - Belfast 4
What’s an I/O-IMC? Combination of I/O automata and CTMC Discrete state space Markovian transitions Interactive transitions Action signature
? - Input actions ! - Output actions ; - Internal actions
Behavior of the system results from the composition of its elements.
Well-defined composition operator & bisimulation equivalence (state minimization)
λ
failed!
![Page 5: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/5.jpg)
2 April, 2008 AADL/UML workshop - Belfast 5
Sketch of the proposal
Processor 1 Processor 2Bus
Process 1 Process 2
Control System
Dependability analysisOther analyses
Std. solver
Result
Dependability Annotation(User)
compositional-aggregation
![Page 6: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/6.jpg)
2 April, 2008 AADL/UML workshop - Belfast 6
Arcade: Current status Use I/O-IMCs as the underlying formal semantics At an architectural level, we have identified/defined:
(1) Basic (physical/logical) components (BC) (2) Repair units (RU) (3) Spare management units (SMU) All kinds of behaviors/interactions/dependencies, e.g.:
Operational/failure modes Repair and spare management policies Functional dependencies
Textual syntax (ultimately graphical and integrate to an ADL) To each component/unit corresponds a pre-defined basic I/O-
IMC Use I/O-IMCs’ machinery to carry out state-space generation
(compositional-aggregation technique) and analysis
![Page 7: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/7.jpg)
2 April, 2008 AADL/UML workshop - Belfast 7
VOP1
HX
VOHX
VB1 VB2
VHX
VIP2FP2
P2 VP2 VOP2
VIHX FHX
reactor
VP1VIP1 FP1 P1motor-driven valve
check valve
pump
heat exchanger
manual valve
filter
repair unit
Key
dependability annotation
P.rep
Architectural design model Extra dependability annotations
Dependability measure
Intermediatestate model
Automated steps
Example & Results
# of states: 98,056
# of transitions: 411,688
Unavailability (50 hours): 6.52100 ∙10-10
Unreliability (50 hours): 52.92420 ∙ 10-10
![Page 8: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/8.jpg)
2 April, 2008 AADL/UML workshop - Belfast 8
Arcade: Tool chain
![Page 9: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/9.jpg)
2 April, 2008 AADL/UML workshop - Belfast 9
Arcade: A summary
Low modeling effort: High level & Graphical Standard features (BC, RU, SMU) Tight to an ADL (alternative to AADL error annex)
Expressive/Extensible Standard features, but also (well-structured) user-
defined features Formal semantics (I/O-IMCs) Compositional & efficient SS generation Hierarchical modeling
Architectural Dependability Evaluation with Arcade.
Dependable Systems & Networks (DSN 2008),
Anchorage, Alaska, USA.
![Page 10: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/10.jpg)
2 April, 2008 AADL/UML workshop - Belfast 10
Extra slides
![Page 11: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/11.jpg)
2 April, 2008 AADL/UML workshop - Belfast 11
Arcade: Example 2
Measure Arcade SAN Galileo
# states 6522 16695 -
Availability 0.999997 0.999997 -
Reliability 0.402018 0.425082 0.402018
![Page 12: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/12.jpg)
2 April, 2008 AADL/UML workshop - Belfast 12
The State-Space Battle
Defined and used the I/O-IMC formalism to describe the semantics of each DFT element.
I/O-IMCs: CTMC + I/O transitions. Semantics of the entire DFT arises naturally as
the composition of its elements’ semantics. Used the compositional-aggregation approach to
combat the state-space explosion problem. Lifted the restrictions extended DFT
formalism.
![Page 13: 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability evaluation framework Hichem Boudali 1, Pepijn Crouzen](https://reader035.vdocuments.us/reader035/viewer/2022062309/5697c0191a28abf838cce614/html5/thumbnails/13.jpg)
2 April, 2008 AADL/UML workshop - Belfast 13
The State-Space Battle
Translation Composition +
Hiding
Aggregation
(minimization)
Repeat
Aggregated system CTMC
Result: System failure probability
compositional-aggregation
CORAL