ESA PetriNet: Petri Net Tool for Reliability Analysis
description
Transcript of ESA PetriNet: Petri Net Tool for Reliability Analysis
ESA PetriNet: Petri Net Tool for Reliability Analysis
Romaric Guillerm, Nabil Sadou, Hamid Demmou
14 Oct. 2009 LAAS-CNRS
Outline2
General Context and Motivation System Modelling Feared Scenario Deriving Algorithm The Tool: ESA PetriNet Case Study Conclusion
General Context3
Complexity of embedded system Integration of mechanic, hydraulic, electric,
electronic and information technologies Existence of reconfigurations to maintain
the system in safe degraded states Hybrid aspect (both discrete and
continuous) Complexity of the modelling Complexity of safety analysis
Motivations4
Why searching for critical scenarios? To evaluate safety as soon as possible during the
design phase To minimize the cost and the time of design
What is a feared scenario? List of events which leads from a normal
operating state to a feared one with a partial order relation between these events
The order of occurrence of the events is important !
System Modelling5
Hybrid aspect: Continuous dynamic: energetic system (differential
equations) Discrete dynamic: operation mode, failure and
reconfiguration mechanisms (Petri net) Use of Petri nets with a temporal abstraction
temporal Petri nets
The discrete part is deal with the Petri net structure and the continuous part is deal with the temporal aspect (through a temporal abstraction)
6
Algorithm: Automatic method for deriving feared scenarios. It is not a classical Petri nets player. It is a player based on linear logic which guides the
construction of partial order. It avoids the state space explosion. Petri nets
player
AlgorithmA
BC D
Et21t1
1
I1
I2 F2
F1
F G Ft41
t31
I1 F1
t32…t1
1t31I1 t4
1 t21…
interlacement
partial orders
A
B
CD
E
t1
t2
GF
t4
t3
Feared Scenario Deriving Algorithm
7
It is done on four steps: 1. Determine the normal states: The places that
when marked represent a normal operation states. These ‘normal’ places will be used as stop criteria for the backward reasoning.
2. Determine the target state (partial feared state or state to be analysed): It can be either a partial feared state or another partial state with a direct or indirect link to the feared state (Simulation, PHA).
Feared Scenario Deriving Algorithm
3. Backward Reasoning8
Starting from the feared state in the reversed Petri net:
OKS
rS
KOS
dS
OK1
r2
KO1
d1
OK2
r2
KO2
d2
OKe
re
KOe
de
The goal is to determine the normal states from which the system goes to the feared state.
Only the necessary transitions are fired. The objects are introduced progressively. Normal ‘conditioning’ states are the stop criterion.
Potentially enabled transition
Marking enrichment
Obj1 – satellite 1 Obj2 – satellite 2 Obj3 – ground station
Obj4 – alimentation
4. Forward Reasoning9
Starting from the conditioning state in the initial Petri net: Analysis of the bifurcations (transition conflict in the Petri
net) between the normal behavior and the feared one. Determination of the complete context of the feared state. Scenario deriving
OKS
rS
KOS
dS
OK1
r1
KO1
d1
OK2
r2
KO2
d2
OKe
re
KOe
de
Initial Marking : IM1=OKs OKeOKe de
KOe
ds KOsOKs
I1
I2 F1
F2KOe
Obj1 – satellite 1 Obj2 – satellite 2 Obj3 – ground station
Obj4 – alimentation
The Tool: ESA PetriNet Web link:
http://www.laas.fr/ESA
10
Example – Presentation 11
2 main tanks 1 electrovalve for each tank 1 relief electrovalve shared between the 2 tanks
Volume regulation system of two tanks
Objective:To keep the volume of each tank inside the interval [Vimin, Vimax]
Interest:Overflow of the tank 1
Example – Modelling12
“tank” class:
tank1 tank2
Example – Modelling13
“electrovalve” and “relief electrovalve” classes:
EV1EVS
EV2
Example – Scenarios Research
14
Research of the feared scenarios with the Petri net modelling: Feared state: overflow of the tank 1
Example – Scenarios Research
15
Conclusion 16
The approach that we have presented in this paper is the deriving feared scenario method in hybrid systems.
The T-temporal Petri net modeling approach allows to address the two aspects separately: The discrete aspect by linear logic, through the Petri net
structure The continuous aspect by temporal abstractions, through the
t-temporal aspect.
The extraction of the feared scenarios is automated by a tool: ESA PetriNet - temporal edition
But the great disadvantage of the approach is the temporal abstraction required for the system modelling…
Further Information…17
… We have developed another new approach based on Differential Predicate Transition Petri net (DPT Petri net).
The DPT Petri net modelling approach, in which the continuous and the discrete parts are represented by two different formalisms, allows to address the two aspects separately: The discrete aspect by linear logic The continuous aspect by local simulation of the differential
equations.
The causal relations are determined by combining the initial deriving feared scenarios algorithm (discrete simulator) and a differential equations solver (continuous simulator).
These two simulators evolves alternatively, the discrete simulator determines the state changes according to the timed data transmitted by the continuous simulator.
18
Thank you for your attention-----
Questions?
http://www.laas.fr/ESA
Annexes19
Hybrid Edition of ESA PetriNet
Differential Predicate Transition Petri Nets (DPT Petri Nets)
20
The main features to take into account the continuous part are : A set of variables (xi) is associated with each token. A differential equation system (Fi) is associated with each
place (Pi):
An enabling function (ei) is associated with each transition (ti): . It triggers the firing of the enabled transitions.
A junction function (ji) is associated with each transition (ti): . It defines the value xi associated with the tokens of the output places
li
tXXF
tXXFF
lll
iii
...1,
),(
),,(
.
,
.
0 ,,),( _ iinputi Xe
))(()( __ iinputiioutput XjX
Continuous Scenario Deriving Algorithm
21
The discrete algorithm is limited to discrete systems or hybrid systems in which the continuous dynamic is approximated by temporal abstraction
To deal with continuous dynamic, it is necessary exploit directly the hybrid model
Combines the Discrete Scenario Driving Algorithm with differential equation solver
P1
P2
P3 P4
max12 :),,(
22VVXXe inputinput
t1
t3t2
max22 :),,(
22VVXXe inputinput
)()( :j
1 VV
Algorithm Solver Configuration change
Definition of the equations to integrateList of the enabled transitions
List of enabling functions to keep a watch on
),,(
222 deddV
XXFpp FF
Execution of the junction functions
Integration of the equations
Dates of firing of the transitions
T3T2
T2<T3
22
List of junction functions to keep a watch on
Continuous Scenario Deriving Algorithm
Example – Presentation 23
2 main tanks 1 electrovalve for each tank 1 relief electrovalve shared between the 2 tanks
Volume regulation system of two tanks
Objective:To keep the volume of each tank inside the interval [Vimin, Vimax]
Interest:Overflow of the tank 1
Example – Modelling24
“tank” class:
tank1
Variables associated to places: XV1_cr = {v1} ; XV1_dec = {v1} ; XV1_dec_s = {v1}Enabling functions: eT11: v1=V1max=110 eT12: v1=V1min=90 eT14: v1=V1L=115 eT15: v1=V1min=90 eT13: v1=V1S=120Junction functions: jT11=jT12=jT13=jT14=jT15=ODifferential equations: FV1_cr: Dv1=0.017 FV1_dec: Dv1=-0.017 FV1_dec_s: Dv1=-0.017
Example – Modelling25
“electrovalve” and “relief electrovalve” classes:
ev1 evs
Example – Scenarios Research
26
Research of the feared scenarios with the Petri net modelling: Feared state: overflow of the tank 1
Example – Scenarios Research
27