SLIDE 1 Computer Networks and Communication Systems Friedrich-Alexander-University Erlangen-Nuremberg
- Prof. Dr.-Ing. Reinhard German
Fault Tree Generation from EMF Models
Christoph Lauer1, Reinhard German1 and Jens Pollmer2
1Department of Computer Science 7 – Computer Networks and Communication Systems,
Friedrich-Alexander University, Erlangen-Nuremberg, Germany
2Department of Safety Electronics,
Audi AG, Ingolstadt, Germany {christoph.lauer, german}@informatik.uni-erlangen.de, jens.pollmer@audi.de
SLIDE 2
2
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Outline Introduction Integrated Safety Architectures System Models Fault Tree Generation Conclusions and Future Work
SLIDE 3
3
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
(PreVent, 2007)
SLIDE 4
4
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
SLIDE 5 5
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Integrated Safety Architecures in the Automotive Domain (1)
Integrated ECU x/y Controller
Safety ASIC Squibs φ Energy Reserve Watchdog CAN PSi5 Transceiver SPI Bus
SLIDE 6 6
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Integrated Safety Architecures in the Automotive Domain (1)
Integrated ECU x/y Controller
Safety ASIC Squibs φ Energy Reserve Watchdog PSi5 Transceiver Flexray SPI Bus
SLIDE 7 7
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Integrated Safety Architecures in the Automotive Domain (3)
Integrated ECU x/y Dual Core Controller
Safety ASIC Squibs φ Energy Reserve Watchdog PSi5 Transceiver Flexray SPI Bus
SLIDE 8 8
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Integrated Safety Architecures in the Automotive Domain (4)
Integrated ECU x/y Controller 1
Safety ASIC Squibs φ Energy Reserve Watchdog PSi5 Transceiver Controller 2 Flexray SPI Bus
SLIDE 9 9
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Integrated Safety Architecures in the Automotive Domain (5)
Integrated ECU x/y Controller 1
Safety ASIC Squibs φ Energy Reserve Watchdog PSi5 Transceiver Controller 2 Flexray SPI Bus
SLIDE 10
10
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Task Binding Decisions
SLIDE 11
11
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Requirements for Modeling & Generation
Seperate modeling of system architecture and functional behavior Flexible allocation of functional tasks to system nodes Automatic generation of fault trees for further analysis using state-of-the-art tools No extensive design space exploration
SLIDE 12 12
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
EMF Model Support (1)
+ T_plaus (S_trans)
SLIDE 13
13
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
EMF Model Support (2)
SLIDE 14 14
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Transformation Rules
1) Start at top-level event 2) Evaluate top-level event
- a. Get faults from allocated system entity
- b. Add faults of entity directly (via OR gate)
3) Evaluate all incoming edges 4) Evaluate node
- a. Get faults from allocated system entity
- b. Traverse graph to top-level event
- c. Add fault directly (via OR gate) if fault propagates, or add
guardian (via AND gate) if fault is not propagated
5) Terminate if no incoming edges exist, else go to 3)
SLIDE 15
15
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Transformation Example (1)
SLIDE 16
16
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Transformation Example (2)
SLIDE 17
17
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Transformation Example (3)
S_Pers_1 S_Trans_1 S_Pers_i S_Trans_i S_Pers_3 S_Trans_3 S_Pers_2 S_Trans_2 T_Impl T_Plaus: (S_Trans_1,2,3,i)
SLIDE 18
18
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Transformation Example (4)
SLIDE 19 19
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Conclusions
Modeling of system and behavior using the EMF Model transformation from separated system model + behavior model to fault trees Just a transformation, the algorithm does not „create knowledge“ Level-of-detail of the fault trees depends on the level-of-detail
Method supports analysis of different architecture options at early design stages
SLIDE 20
20
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Future Work
Leave the Ecore path for the sake of UML
Modeling of the system and the behavior view using MARTE(+ Depandability profile from Bernardi et al. (2008)) or EAST-ADL2 Papyrus plug-in for easy modeling without having to cope with UML
Implementation (!) of interfaces to FaultTree+ (ISOGraph)
SLIDE 21
21
7/6/2009
Lauer, Christoph, Bounding the Number of Relevant Objects in Automotive Environment Perception Systems
Last slide
Thanks for your attention!
