2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability...

2 April, 2008 AADL/UML workshop - Belfast 1

Arcade:A formal, extensible, model-based

dependability evaluation framework

Hichem Boudali1, Pepijn Crouzen1,2, Boudewijn R. Haverkort1, Matthias Kuntz1, Mariëlle Stoelinga1

1CS, Twente University, The Netherlands2CS, Saarland University, Germany


Motivation/Goals

Approaches to dependability evaluation: Low level (CTMC, SPN, SPA) Dependability specific (fault trees) Architecture-based (AADL, UML)

None is perfect, in terms of: Modeling effort Hierarchy & modularity Expressiveness (formal) Clear semantics Effective solution techniques

Our objective: To devise a formalism that scores high on all these aspects


Our solution: Arcade methodology

Architectural approach (system design) Expressive and extensible Modular modeling Formal semantics (based on I/O-IMC) Efficient state-space generation (compositional-

aggregation technique)


What’s an I/O-IMC? Combination of I/O automata and CTMC Discrete state space Markovian transitions Interactive transitions Action signature

? - Input actions ! - Output actions ; - Internal actions

Behavior of the system results from the composition of its elements.

Well-defined composition operator & bisimulation equivalence (state minimization)

λ

failed!


Sketch of the proposal

Processor 1 Processor 2Bus

Process 1 Process 2

Control System

Dependability analysisOther analyses

Std. solver

Result

Dependability Annotation(User)

compositional-aggregation


Arcade: Current status Use I/O-IMCs as the underlying formal semantics At an architectural level, we have identified/defined:

(1) Basic (physical/logical) components (BC) (2) Repair units (RU) (3) Spare management units (SMU) All kinds of behaviors/interactions/dependencies, e.g.:

Operational/failure modes Repair and spare management policies Functional dependencies

Textual syntax (ultimately graphical and integrate to an ADL) To each component/unit corresponds a pre-defined basic I/O-

IMC Use I/O-IMCs’ machinery to carry out state-space generation

(compositional-aggregation technique) and analysis


VOP1

HX

VOHX

VB1 VB2

VHX

VIP2FP2

P2 VP2 VOP2

VIHX FHX

reactor

VP1VIP1 FP1 P1motor-driven valve

check valve

pump

heat exchanger

manual valve

filter

repair unit

Key

dependability annotation

P.rep

Architectural design model Extra dependability annotations

Dependability measure

Intermediatestate model

Automated steps

Example & Results

# of states: 98,056

# of transitions: 411,688

Unavailability (50 hours): 6.52100 ∙10-10

Unreliability (50 hours): 52.92420 ∙ 10-10


Arcade: Tool chain


Arcade: A summary

Low modeling effort: High level & Graphical Standard features (BC, RU, SMU) Tight to an ADL (alternative to AADL error annex)

Expressive/Extensible Standard features, but also (well-structured) user-

defined features Formal semantics (I/O-IMCs) Compositional & efficient SS generation Hierarchical modeling

Architectural Dependability Evaluation with Arcade.

Dependable Systems & Networks (DSN 2008),

Anchorage, Alaska, USA.


Extra slides


Arcade: Example 2

Measure Arcade SAN Galileo

# states 6522 16695 -

Availability 0.999997 0.999997 -

Reliability 0.402018 0.425082 0.402018


The State-Space Battle

Defined and used the I/O-IMC formalism to describe the semantics of each DFT element.

I/O-IMCs: CTMC + I/O transitions. Semantics of the entire DFT arises naturally as

the composition of its elements’ semantics. Used the compositional-aggregation approach to

combat the state-space explosion problem. Lifted the restrictions extended DFT

formalism.


The State-Space Battle

Translation Composition +

Hiding

Aggregation

(minimization)

Repeat

Aggregated system CTMC

Result: System failure probability

compositional-aggregation

CORAL

2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability...

Documents

Transcript of 2 April, 2008AADL/UML workshop - Belfast1 Arcade: A formal, extensible, model-based dependability...