Coral: a tool for Compositional Reliability and Availability analysis† Hichem Boudali 1, Pepijn Crouzen 2, and Mariëlle Stoelinga 1. 1 Formal Methods and Tools group CS, University of Twente, NL. 2 Dependable Systems and Software group, CS, Saarland University, Germany
Context & Motivation § Systems do fail § Reliability Engineering: - Analyze system reliability § Many formalisms: Petri nets, RBDs, DFTs, AADL, § DFTs: - Graphical, popular formalism - Unreliabilty = P[failure during mission time]
Dynamic Fault trees road trip § Graphical, intuitive formalism § Specify system failures in terms of component failure § Tree/DAG § leaves: basic events = component failures § gates: failure propagation car phone engine § CORAL methodology § formal semantics using IOIMCs § Compositional modeling + verification § state space reduction techniques tire 1 tire 2 tire 3 tire 4 spare
Tool Chain mission time DFT dft 2 bcg SVL bcg_labels IOIMC model dft 2 bcg CORAL SVL DFT repository dft_eval CTMC + goal state bcg_trans Unrealiability = P[failure during mission time]
What is deep compositionality? § Semantics of a DFT arises naturally as composition of the semantics of its building blocks Translation each gate gets IOIMC Composition f(G 1) Failure f(G 1) 2/3 A B C S f(NE 1) § But: This may lead to huge models. … f(NE 4)
Prototype tool chain Coral – DFT analysis dft 2 bcg: Translation 1325 states instead of 32757 states composer: Composition User-given ordering composer: Repeat dft_eval: Analysis composer: minimization Composition order matters Result: unreliability CTMC dft_eval: MC generation
Tool Chain composition script DFT dft 2 bcg SVL bcg_labels IOIMC models dft 2 bcg CORAL SVL DFT repository mission time IOIMC model dft_eval CTMC + goal state bcg_trans Unrealiability
Case studies Analysis method MDCS Max number of states transitions Unreliability 2. 00 · 10 -9 190 723 2. 00 · 10 -9 Monolithic 4113 24608 1. 35 · 10 -3 133 465 1. 35 · 10 -3 Monolithic 8 10 0. 657 Compositional FTPP 1383 Compositional CAS 253 Compositional HCPS Monolithic 32 116 0. 657 Monolithic 32757 426826 2. 55479 · 10 -8 Compositional 1325 14153 2. 55479 · 10 -8
CORAL: lifting previous drawbacks of DFTs road trip § Lack of formal semantics § semantics in terms of IOIMCs § Each gate & BE has corresp. IOIMC § DFT semantics = composition of gate semantics car phone § Lack of modularity § severe restrictions on reuse of submodels in larger models § CORAL is much more liberal engine § State space explosion problem § use bisimulation to combate state space explosion tire 1 tire 2 tire 3 tire 4 spare
Future work § Fully automated tool § Get rid of composition script § Order of composition matters heuristics § More aggressive state reduction § Weaker equivalence, interface constraints, Phase-type minimization § Further extensions to DFT modeling capabilities § Extension to non-exponential distributions § New DFT building blocks § Simulation for DFTs § Apply deep compositionality to other engineering formalisms! § E. g. Architectural description languages like AADL
References § H. Boudali, P. Crouzen, M. Stoelinga. “Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains”, DSN 2007 proceedings. § H. Boudali, P. Crouzen, M. Stoelinga. “A compositional semantics for Dynamic Fault Trees in terms of Interactive Markov Chains”, ATVA 2007. § More info: § crouzen@alan. cs. uni-sb. de § hboudali@cs. utwente. nl § marielle@cs. utwente. nl
Скачать презентацию Coral a tool for Compositional Reliability and Availability
589dca53f2451ecfab88a86d6ad0ea68.ppt