Coral: a tool for CompositionalReliability and Availability analysis†

Hichem Boudali1, Pepijn Crouzen2, and Mariëlle Stoelinga1.

1Formal Methods and Tools groupCS, University of Twente, NL.

2Dependable Systems and Software group,CS, Saarland University, Germany

Context & Motivation

Systems do fail Reliability Engineering:

- Analyze system reliability Many formalisms: Petri nets, RBDs, DFTs, AADL, DFTs:

- Graphical, popular formalism - Unreliabilty = P[failure during mission time]

Dynamic Fault trees

Graphical, intuitive formalism Specify system failures in terms

of component failure Tree/DAG

leaves: basic events = component failures

gates: failure propagation CORAL methodology

formal semantics using IOIMCs Compositional modeling +

verification state space reduction techniques

phone

engine

road trip

car

tire 1 tire 2 tire 3 tire 4 spare

Tool Chain

DFT

SVL bcg_labels

DFTrepository

dft2bcg

SVL

IOIMCmodel

dft2bcg dft_evalIOIMCmodels

CTMC +goal state

bcg_trans

mission

time

Unrealiability

C O R A L

= P[failure during mission time]

What is deep compositionality?

Failure

2/3

S

CBA

Semantics of a DFT arises naturally ascomposition of the semantics of its building blocks

But: This may lead to huge models.

f(G1)

f(NE1) f(NE4)…

f(G1)

Translation

each gate gets IOIMCComposition

Prototype tool chainCoral – DFT analysis

dft2bcg:

Translationcomposer:

Composition

composer:

minimization

composer:

Repeat

CTMC

Result:

unreliability

dft_eval:

Analysis

dft_eval:

MC generation

User-given

ordering

1325 states

instead of

32757 states

Composition

order

matters

Tool Chain

DFT

SVL bcg_labels

DFTrepository

dft2bcg

SVL

IOIMCmodel

dft2bcg dft_evalIOIMCmodels

CTMC +goal state

bcg_trans

composition

script

mission

time

Unrealiability

C O R A L

Case studies

Analysis

method

Max number of

states

Max number of transitions

Unreliability

MDCS Monolithic 253 1383 2.00 · 10-9

Compositional 190 723 2.00 · 10-9

HCPS Monolithic 4113 24608 1.35 · 10-3

Compositional 133 465 1.35 · 10-3

CAS Monolithic 8 10 0.657

Compositional 32 116 0.657

FTPP Monolithic 32757 426826 2.55479 · 10-8

Compositional 1325 14153 2.55479 · 10-8

CORAL: lifting previous drawbacks of DFTs

Lack of formal semantics semantics in terms of IOIMCs Each gate & BE has corresp. IOIMC DFT semantics = composition of gate

semantics Lack of modularity

severe restrictions on reuse of sub-models in larger models

CORAL is much more liberal State space explosion problem

use bisimulation to combate state space explosion

phone

engine

road trip

car

tire 1 tire 2 tire 3 tire 4 spare

Future work

Fully automated tool Get rid of composition script Order of composition matters heuristics

More aggressive state reduction Weaker equivalence, interface constraints, Phase-type

minimization Further extensions to DFT modeling capabilities

Extension to non-exponential distributions New DFT building blocks

Simulation for DFTs Apply deep compositionality to other engineering

formalisms! E.g. Architectural description languages like AADL

References

H. Boudali, P. Crouzen, M. Stoelinga. “Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains”, DSN 2007 proceedings.

H. Boudali, P. Crouzen, M. Stoelinga. “A compositional semantics for Dynamic Fault Trees in terms of Interactive Markov Chains”, ATVA 2007.

More info: crouzen@alan.cs.uni-sb.de hboudali@cs.utwente.nl marielle@cs.utwente.nl