systems modeling and analysis using colored petri nets

Systems Modeling and Analysis Using Colored Petri Nets

Vijay GehlotCenter of Excellence in Enterprise Technology

Department of Computing Sciences

CEET Conference 2007 2Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 2

OutlineOutline

•Introduction

•CPN Overview

•CPN Model of WMDNs

•SOA in Defense

•Presence/Discovery Model


Ariane 5 FailureAriane 5 Failure

•Ariane 5, ESA

•Maiden Flight, 6/4/1996

•37 sec later self-destructs

•Root cause: uncaught overflow exception


Mars Climate Orbiter FailureMars Climate Orbiter Failure

• Mars Climate Orbiter, NASA

• Launched, 12/11/1998

• Lost, 9/23/1999

• Root cause: failed translation of English units into metric units in a segment of ground-based, navigation-related mission software


London Ambulance Service FailureLondon Ambulance Service Failure

• Computer Aided Dispatch

• Introduced 10/26/1992

• Within days major system failure

Vehicle positions incorrectly recorded

Multiple vehicles dispatched to same location

Severe delays

Lives lost


Airbus A320 FailureAirbus A320 Failure


Why Does This Matter?Why Does This Matter?

• Computer systems perform many critical tasks

• Safety-critical systems will dominate

• Already complex nature of software

• SOAs and Net-centricity add dimensions of concurrent and distributed computations

• Systems for defense applications have very high dependability requirements

• Complex interactions that are hard to predict

• Consequences of failure Injury, loss of life, environmental damage, financial loss, … E.g, system downtime cost to brokerage operations: $7 Million/Hour Cost of software defects: $200 Billion/Year


Current StateCurrent State

From a recent report The Challenges of Complex IT Projects (Royal Academy of Engineering and British Computer Society):

“The pace of technological change and the ferociously competitive nature of the industry . . . . . . lead to the triumph of speed over thoughtfulness, of the maverick shortcut over discipline, and the focus on the short term.”


HopeHope

Robin Milner, a prominent computer scientist, in a lecture of January 2007:

“The software industry [and the report] focuses on managing software production [process], not on understanding software itself [science of software]. …Grand Challenge: Establish modeling as the basis of informatics.”


DesireDesire

Keynote Address by Mark Schaeffer, Director, Systems & Software Engineering, Office of Under Secretary of Defense, Acquisition & Technology, IEEE Systems Conference, Honolulu, Hawaii, April 2007:

“...System assurance is still a challenge … Use modeling and simulation to help refine warfighter concept of operations, system requirements, evaluate design alternative and identify constraints...”


An Example-Wireless Medical Device NetworksAn Example-Wireless Medical Device Networks

• Similar situations in defense and other settings too

• Modeled patient scenario with

Heart alarms

Pulse oxymeters alarms

Low battery alarms

• Used Colored Petri Nets


Colored Petri NetsColored Petri Nets

• Graphical modelling language

• Combination of Petri Nets and Programming Language

• Module support for hierarchical construction

• Support for both timed and untimed models

Petri Nets: concurrency control structures synchronisation communication resource sharingCPN ML:

data and manipulationcompact modelling


AnalysisAnalysis

•CPN Tools software for model construction and analysis

• Interactive- and automatic simulation

•Application domain visualization

•Simulation-based performance analysis

•State space construction, analysis, and verification

•External process communication


CPN Model of WMDNCPN Model of WMDN

Alarms

Alarms

Nurses

Nurses

Network

Network

ResetQS

1`[]

ALIST

AlarmQR

1`[]

ALIST

ResetQR

1`[]

ALIST

AlarmQS

1`[]

ALIST

Network NursesAlarms

DataGen

DataGen

Patient10

Patient10

Patient9

Patient9

Patient8

Patient8

Patient7

Patient7

Patient6

Patient6

Patient5

Patient5

Patient4

Patient4

Patient3

Patient3

Patient2

Patient2

Patient1

Patient1

AlarmQSOut

1`[]

ALIST

ResetQRIn

1`[]

ALISTIn

Out

Patient1Patient2Patient3Patient4Patient5Patient6Patient7Patient8Patient9Patient10DataGen

e @+ delD()e

numD`D(1)

a

a @+ delA(a)

q

a1::q

(a, t)

(a, getCurrTime())

a

SendWaveData

ConnectToAP

ConnectToAP

ResetAlarm

[a=a1]

GenAlarm

WaveDataFusion 2

E_T

AlarmAndData

ALARM_T

StatusNOk

ALARMxTIME

StatusOKFusion 1

ALARM_T

ResetQR

InALIST

AlarmQSOut ALISTOut

In

Fusion 1

Fusion 2

ConnectToAP


Results and ImplicationsResults and Implications

Heart Alarm Max Delay

0

5000

10000

15000

20000

25000

30000

35000

1 2 3 4 5 6 7 8

Number of Patients Monitored

Sim

ulat

ion

Tim

e U

nits

Non QoS Max Delay

QoS Max Delay

• Need for QoS requirement for medical applications

• Similar situation in other application domains


Net-Centricity in DoD ContextNet-Centricity in DoD Context

Service A

Service B

Service C

Node A

GIG Transport

Service Z

Service XUser 1

User 2

User 3Node

Infrastructure

User 1

User 2

User 3

Node B

Node C

Service D

Service D

Node Infrastructure

User 4

UA UA

SMTA

IMTA IMTA

ROOTDSA

GlobalDSA

RegionalDSA

MFI BMTA

MLA

BMTA

MLA

Node Infrastructure

User 1

User 2 User 3

ServiceDiscovery

Mediation Services

ESMServices

DataDiscovery

Security Services

Etc.

Core Enterprise Services

Service A

Service B

Service C

Node A

GIG Transport

Service Z

Service XUser 1

User 2

User 3Node

Infrastructure

User 1

User 2

User 3

Node B

Node C

Service D

Service D

Node Infrastructure

User 4

UA UA

SMTA

IMTA IMTA

ROOTDSA

GlobalDSA

RegionalDSA

MFI BMTA

MLA

BMTA

MLA

UA UA

SMTA

IMTA IMTA

ROOTDSA

GlobalDSA

RegionalDSA

MFI BMTA

MLA

BMTA

MLA

UA UA

SMTA

IMTA IMTA

ROOTDSA

GlobalDSA

RegionalDSA

MFI BMTA

MLA

BMTA

MLA

Node Infrastructure

User 1

User 2 User 3

ServiceDiscovery

Mediation Services

ESMServices

DataDiscovery

Security Services

Etc.

Core Enterprise Services


SOA for DoD ApplicationsSOA for DoD Applications

• Application characteristics include:Presence/Availability awareness Dynamic service discoveryInteroperable multiple connection typesLoad balancing…

• One implementation: SIP-based internal communications and information management

• Adds brokering, presence management and discovery capabilities to basic SOA


Example ESB Software InternalsExample ESB Software Internals


CPN Model of a Key Presence/Discovery ComponentCPN Model of a Key Presence/Discovery Component

~Non-INVITE Client Transaction (RFC 3261, Page 133)~

if isFinalResp(code4)then 1`SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)else empty

empty

t

SIPReq(cid1,fr1,to1,m1,b1,s1,exp1)

SIPReq(cid,fr,to,m,b,s,exp)

SIPResp(cid3,fr3,to3,code3,b3,s3,exp3)

cid2 @+ getTimerK() if isFinalResp(code5)then 1`SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)else empty


emptySIPReq(cid1,fr1,to1,m1,b1,s1,exp1)

(t,d1) @+ d1

(t,d)SIPReq(cid1,fr1,to1,m1,b1,s1,exp1)SIPReq(cid3,fr3,to3,m3,b3,s3,exp3)t



if isProvisionalResp(code5)then 1`SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)else empty

empty

if isFinalResp(code4)then 1`cid2else empty@+ getTimerK()

if isProvisionalResp(code4)then 1`SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)else empty

SIPResp(cid4,fr4,to4,code4,b4,s4,exp4) SIPResp(cid4,fr4,to4,code4,b4,s4,exp4)


t

SIPReq(cid3,fr3,to3,m3,b3, s3,exp3)

(t,d1) @+ d1(t,d)



(cid, getTimerT1()) @+ getTimerT1()

cid @+ getTimerF()

SIPReq(cid,fr,to,m,b,s,exp)

SIPReq(cid,fr,to,m,b,s,exp)SIPReq(cid,fr,to,m,b,s,exp)

ClearRetransmittedResp

[cid=cid3]

FireK

[t=cid1]

FireF2 [t=cid3]FireE2

[t=cid1]input (d);output (d1);actiongetNewEVal(d);

RecResp2

[cid2=cid5]

FireE1

[t=cid1]input (d);output (d1);actiongetNewEVal(d);

RecResp1

[cid2=cid4]FireF1

[t=cid3]

SendReq

[m<>INV,m<>ACK]

Completed1

Fusion 19

SIPMsg_T

Terminated3Fusion 16

SIPMsg_T

TimerK2Fusion 18

TimerType_T

Completed2Fusion 19

SIPMsg_T

Terminated2

Fusion 16SIPMsg_T

Terminated1

Fusion 16SIPMsg_T

TimerF2

Fusion 17

TimerType_T

TimerE2

Fusion 15

TimerxDel_T

Proceeding

SIPMsg_T

TimerK1

Fusion 18

TimerType_T

TimerE1

Fusion 15

TimerxDel_T

TimerF1

Fusion 17

TimerType_T

Trying

SIPMsg_T

FromTU

In SIPMsg_T

ToTransport

Out SIPMsg_T

FromTransport

In

SIPMsg_T

ToTU

OutSIPMsg_T

Out In

OutIn

Fusion 17 Fusion 15

Fusion 18 Fusion 15Fusion 17

Fusion 16

Fusion 16

Fusion 19Fusion 18

Fusion 16

Fusion 19


ResultsResults

Runtime Lab Output – Use case 1 Model Output – Use case1


Related Modeling EffortsRelated Modeling Efforts

•SOA Security

•SOA Compression

•SOA Governance

•SOA Granularity

•XMPP

•CPN as well as OPNET

systems modeling and analysis using colored petri nets

Documents

ieee systems conference

billionyear ceet conference

systems software engineering

computer systems

systems modeling

understanding software

science of software

software industry