safety dependability and performance
play

Safety, Dependability and Performance Analysis of Extended AADL - PowerPoint PPT Presentation

Jan 31, 2023 •274 likes •833 views

Safety, Dependability and Performance Analysis of Extended AADL Models 1 Marco Bozzano 2 Alessandro Cimatti 2 Marco Roveri 2 Joost-Pieter Katoen 1 Viet Yen Nguyen 1 Thomas Noll 1 1 Software Modelling and Verification Group RWTH Aachen University,

  1. Safety, Dependability and Performance Analysis of Extended AADL Models 1 Marco Bozzano 2 Alessandro Cimatti 2 Marco Roveri 2 Joost-Pieter Katoen 1 Viet Yen Nguyen 1 Thomas Noll 1 1 Software Modelling and Verification Group RWTH Aachen University, Germany 2 Embedded Systems Group Fondazione Bruno Kessler, Italy ROCKS Kick-Off Meeting 28 September 2009 1 Funded by ESA/ESTEC under Contract No. 21171/07/NL/JD

  2. Safety, Dependability and Performance Analysis of Extended AADL Models 1. Scope 2. AADL Syntax 3. Formal Characterisation 4. Injecting Faults 5. COMPASS Toolset 6. Conclusions

  3. How System Engineers Build Space Systems (in Europe) 2009,Viet Yen Nguyen 3/23

  4. AADL: Industry Standard for Modelling Embedded Systems Paradigm • 1989 MetaH ◮ Architecture-based and model-driven top-down and bottom-up engineering ◮ Real-time and performance critical distributed systems ◮ Complements component-based • 1998 SAE AS-2C product-line development • 2004 AADL 1.0 • 2006 Error Annex • 2009 AADL 2.0 2009,Viet Yen Nguyen 4/23

  5. Integrated and Coherent Approach for Codesigning Systems Modelling Language COMPASS Toolset ◮ NuSMV ◮ AADL + Error Annex ◮ FSAP ◮ Hardware/Software ◮ RAT ◮ Error Propagation ◮ Sigref ◮ Recovery Mechanisms ◮ MRMC ◮ Timing, Probability, Hybrid ◮ Formal Semantics Analyses Case Studies ◮ Symbolic Model Checking ◮ Satellite Thermal Regulation Manager ◮ SAT-Solving ◮ Satellite FDIR ◮ Probabilistic Model Checking ◮ European Train Control ◮ FTA System Level 3 ◮ FMEA 2009,Viet Yen Nguyen 5/23

  6. Integrated and Coherent Approach for Codesigning Systems Modelling Language COMPASS Toolset ◮ NuSMV ◮ AADL + Error Annex ◮ FSAP ◮ Hardware/Software ◮ RAT ◮ Error Propagation ◮ Sigref ◮ Recovery Mechanisms ◮ MRMC ◮ Timing, Probability, Hybrid ◮ Formal Semantics Analyses Case Studies ◮ Symbolic Model Checking ◮ Satellite Thermal Regulation Manager ◮ SAT-Solving ◮ Satellite FDIR ◮ Probabilistic Model Checking ◮ European Train Control ◮ FTA System Level 3 ◮ FMEA 2009,Viet Yen Nguyen 5/23

  7. Integrated and Coherent Approach for Codesigning Systems Modelling Language COMPASS Toolset ◮ NuSMV ◮ AADL + Error Annex ◮ FSAP ◮ Hardware/Software ◮ RAT ◮ Error Propagation ◮ Sigref ◮ Recovery Mechanisms ◮ MRMC ◮ Timing, Probability, Hybrid ◮ Formal Semantics Analyses Case Studies ◮ Symbolic Model Checking ◮ Satellite Thermal Regulation Manager ◮ SAT-Solving ◮ Satellite FDIR ◮ Probabilistic Model Checking ◮ European Train Control ◮ FTA System Level 3 ◮ FMEA 2009,Viet Yen Nguyen 5/23

  8. AADL Syntax

  9. AADL Example: Redundant Power System Power We shall show: primary ◮ hybrid behaviour of the batteries, backup ◮ composition of the power system, ◮ formalisation to automata, empty empty ◮ semantics as transition systems, batt1 batt2 ◮ interweaving of errors. voltage voltage voltage 2009,Viet Yen Nguyen 7/23

  10. AADL: Modelling the Battery Component Type and Implementation device type Battery end Battery; device implementation Battery.Imp end Battery.Imp; 2009,Viet Yen Nguyen 8/23

  11. AADL: Modelling the Battery Component Type Defines the Interface device type Battery features empty: out event port; voltage: out data port real initially 6.0; end Battery; device implementation Battery.Imp end Battery.Imp; 2009,Viet Yen Nguyen 8/23

  12. AADL: Modelling the Battery Adding Modes Behaviour device type Battery features empty: out event port; voltage: out data port real initially 6.0; end Battery; device implementation Battery.Imp modes charged: activation mode depleted: mode transitions charged -[]-> charged; charged -[empty]-> depleted; depleted -[]-> depleted; end Battery.Imp; 2009,Viet Yen Nguyen 8/23

  13. AADL: Modelling the Battery Adding Hybrid Behaviour device type Battery features empty: out event port; voltage: out data port real initially 6.0; end Battery; device implementation Battery.Imp subcomponents energy: data continuous initially 100.0; modes charged: activation mode while energy’=-0.02 and energy>=20.0; depleted: mode while energy’=-0.03; transitions charged -[then voltage:=energy/50.0+4.0]-> charged; charged -[empty when energy<=20.0]-> depleted; depleted -[then voltage:=energy/50.0+4.0]-> depleted; end Battery.Imp; 2009,Viet Yen Nguyen 8/23

  14. AADL: Modelling the Redundant Power System Power System with Battery Subcomponents system Power features voltage: out data port real; end Power; system implementation Power.Imp subcomponents batt1: device Battery.Imp batt2: device Battery.Imp end Power.Imp; 2009,Viet Yen Nguyen 9/23

  15. AADL: Modelling the Redundant Power System Adding Dynamic Reconfiguration system Power features voltage: out data port real; end Power; system implementation Power.Imp subcomponents batt1: device Battery.Imp in modes (primary); batt2: device Battery.Imp in modes (backup); modes primary: initial mode; backup: mode; transitions primary -[batt1.empty]-> backup; backup -[batt2.empty]-> primary; end Power.Imp; 2009,Viet Yen Nguyen 9/23

  16. AADL: Modelling the Redundant Power System Adding Port Connections system Power features voltage: out data port real; end Power; system implementation Power.Imp subcomponents batt1: device Battery.Imp in modes (primary); batt2: device Battery.Imp in modes (backup); connections data port batt1.voltage -> voltage in modes (primary); data port batt2.voltage -> voltage in modes (backup); modes primary: initial mode; backup: mode; transitions primary -[batt1.empty]-> backup; backup -[batt2.empty]-> primary; end Power.Imp; 2009,Viet Yen Nguyen 9/23

  17. Formal Characterisation

  18. Formalising AADL Components as Event-Data Automata Definition (Event-Data Automaton) An event-data automaton (EDA) is a tuple A = ( M , m 0 , X , v 0 , ι, E , − → ) with ◮ M finite set of modes ◮ m 0 ∈ M initial mode ◮ X = IX ⊎ OX ⊎ LX finite set of input/output/local variables ◮ V := { v | v : X → . . . } valuations ◮ v 0 ∈ V initial valuation ◮ ι : M → ( V → B ) mode invariants (where ι ( m 0 , v 0 ) = true ) ◮ E = IE ⊎ OE finite set of input/output events ◮ − → ⊆ M × E τ × ( V → B ) × ( V → V ) × M ���� � �� � � �� � trigger guard effect (mode) transition relation (where E τ := E ∪ { τ } ) 2009,Viet Yen Nguyen 11/23

  19. Formalising AADL Components as Event-Data Automata ◮ AADL modes/invariants/transitions � EDA modes/invariants/transitions Example (Battery) ◮ M = { charged , depleted } , m 0 = charged 2009,Viet Yen Nguyen 12/23

  20. Formalising AADL Components as Event-Data Automata ◮ AADL modes/invariants/transitions � EDA modes/invariants/transitions ◮ Incoming/outgoing data ports � input/output variables Example (Battery) ◮ M = { charged , depleted } , m 0 = charged ◮ IX = ∅ , OX = { voltage } 2009,Viet Yen Nguyen 12/23

  21. Formalising AADL Components as Event-Data Automata ◮ AADL modes/invariants/transitions � EDA modes/invariants/transitions ◮ Incoming/outgoing data ports � input/output variables ◮ Data subcomponents � local variables Example (Battery) ◮ M = { charged , depleted } , m 0 = charged ◮ IX = ∅ , OX = { voltage } ◮ LX = { energy } 2009,Viet Yen Nguyen 12/23

  22. Formalising AADL Components as Event-Data Automata ◮ AADL modes/invariants/transitions � EDA modes/invariants/transitions ◮ Incoming/outgoing data ports � input/output variables ◮ Data subcomponents � local variables ◮ AADL incoming/outgoing event ports � EDA input/output events Example (Battery) ◮ M = { charged , depleted } , m 0 = charged ◮ IX = ∅ , OX = { voltage } ◮ LX = { energy } ◮ IE = ∅ , OE = { empty } 2009,Viet Yen Nguyen 12/23

  23. LTS Semantics of Event-Data Automata ◮ States := M × V ◮ Transitions: timed or internal or event-labeled 2009,Viet Yen Nguyen 13/23

  24. LTS Semantics of Event-Data Automata ◮ States := M × V ◮ Transitions: timed or internal or event-labeled Example (Battery) � mode = charged , energy = 100 . 0 , voltage = 6 . 0 � 2009,Viet Yen Nguyen 13/23

  25. LTS Semantics of Event-Data Automata ◮ States := M × V ◮ Transitions: timed or internal or event-labeled Example (Battery) � mode = charged , energy = 100 . 0 , voltage = 6 . 0 � ↓ 30 . 0 � mode = charged , energy = 40 . 0 , voltage = 6 . 0 � 2009,Viet Yen Nguyen 13/23

  26. LTS Semantics of Event-Data Automata ◮ States := M × V ◮ Transitions: timed or internal or event-labeled Example (Battery) � mode = charged , energy = 100 . 0 , voltage = 6 . 0 � ↓ 30 . 0 � mode = charged , energy = 40 . 0 , voltage = 6 . 0 � ↓ τ � voltage:=... � � mode = charged , energy = 40 . 0 , voltage = 4 . 8 � 2009,Viet Yen Nguyen 13/23

  27. LTS Semantics of Event-Data Automata ◮ States := M × V ◮ Transitions: timed or internal or event-labeled Example (Battery) � mode = charged , energy = 100 . 0 , voltage = 6 . 0 � ↓ 30 . 0 � mode = charged , energy = 40 . 0 , voltage = 6 . 0 � ↓ τ � voltage:=... � � mode = charged , energy = 40 . 0 , voltage = 4 . 8 � ↓ 10 . 0 � mode = charged , energy = 20 . 0 , voltage = 4 . 8 � 2009,Viet Yen Nguyen 13/23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs Institute of Information Technology University of Duisburg-Essen, Germany kochs@uni-duisburg.de safety do, the idea is to extend dependability to

575 views • 3 slides
Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of a system can be carried out either: experimentally (heuristic) : a system prototype is built and empirical statistical data are used to evaluate

470 views • 25 slides
Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

8/27/2013 Dependability and Security with Dependability and Security with Clouds of Clouds lessons learned from n years of research Miguel Correia WORKSHOP ON DEPENDABILITY AND INTEROPERABILITY IN WORKSHOP ON DEPENDABILITY AND

657 views • 26 slides
Dependability and Performance Assessment of Dynamic C ONNECT ed Systems Antonia Bertolino,

Dependability and Performance Assessment of Dynamic C ONNECT ed Systems Antonia Bertolino,

Dependability and Performance Assessment of Dynamic C ONNECT ed Systems Antonia Bertolino, Felicita Di Giandomenico ISTI-CNR Joint work with A. Calabro, F. Lonetti, M. Martinucci, P. Masci, N. Nostro, A. Sabetta Outline V&amp;V in C

1.51k views • 109 slides
Software Architecture &amp; Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture &amp; Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture &amp; Dependability Valrie Issarny INRIA Joint work with Apostolos Zarras, Christos Kloukinas, Ferda Tartanoglou 1 Outline Dependability concepts SA and dependability analysis Automated dependability

1.45k views • 87 slides
1 Dependability Management Achieving dependability in WS Architectures Testing web services

1 Dependability Management Achieving dependability in WS Architectures Testing web services

Setting the scene Deutsche Bank AG has agreed to outsource two internal business processes to Accenture Ltd. as part of Dependability of its ambitious program to cut costs and Web Service Architectures increase efficiency by moving

357 views • 7 slides
efficient dependability analysis Fumio Machida University of Tsukuba April 8, 2019 In the 2nd

efficient dependability analysis Fumio Machida University of Tsukuba April 8, 2019 In the 2nd

Practices in model component reuse for efficient dependability analysis Fumio Machida University of Tsukuba April 8, 2019 In the 2nd Workshop on Education and Practice of Performance Engineering Outline Dependability analysis in practice

515 views • 26 slides
An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

University Of Paderborn Software Engineering Group Prof. Dr. W. Schfer An Architecture for An Architecture for Configurable Dependability of Configurable Dependability of Application Services Application Services Matthias Tichy

422 views • 11 slides
Dependability Evaluation Paulo R. M. Maciel et al. prmm@cin.ufpe.br www.modcs.org Centro de

Dependability Evaluation Paulo R. M. Maciel et al. prmm@cin.ufpe.br www.modcs.org Centro de

Bruno Silva, Rubens Matos, Gustavo Callou, Jair Figueiredo, Danilo Oliveira, Joo Ferreira, Jamilson Dantas, Aleciano Lobo Junior, Vandi Alves and Paulo Maciel. Mercury: An Integrated Environment for Performance and Dependability Evaluation of

616 views • 28 slides
System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009

System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009

System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009 Outline 2 Motivation Dependability Definition Dependability attributes Attribute relevance Threads Fault model

717 views • 29 slides
Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University ICSE Workshop on Architecting Dependable Systems May 2002 scher lis@cmu.edu Dependability and Architecture Dependability Reliance that

158 views • 13 slides
Dependability in the real world Dependability in the real world p Dependability needs arise from

Dependability in the real world Dependability in the real world p Dependability needs arise from

P redicting redicting V alue from alue from D esign esign Mary Shaw with Ashish Arora, Shawn Butler, Vahe Poladian, Chris Scaffidi Carnegie Mellon University http://www.cs.cmu.edu/~shaw/ Institute for Software Research, International 1

654 views • 63 slides
Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

The trade-off betw een energy consumption and dependability consumption and dependability Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology Gteborg, Sweden Trade-offs in Computer System Design

363 views • 22 slides
Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor {tim,johnmc}@cs.clemson.edu School of Computing Clemson University 1 Problem Statement How do we predict and evaluate the dependability of a software

733 views • 24 slides
Fault Tolerance Chi Zhang czhang@cs.fiu.edu Basic Concepts Dependability Includes

Fault Tolerance Chi Zhang czhang@cs.fiu.edu Basic Concepts Dependability Includes

COP 6611 Advanced Operating System Fault Tolerance Chi Zhang czhang@cs.fiu.edu Basic Concepts Dependability Includes Availability Run time / total time Reliability The length of uninterrupted run time Safety When a

544 views • 16 slides
Dependability Modelling and Assessment of Avionics Systems with Altarica. P. Bieber, Ch. Castel,

Dependability Modelling and Assessment of Avionics Systems with Altarica. P. Bieber, Ch. Castel,

Dependability Modelling and Assessment of Avionics Systems with Altarica. P. Bieber, Ch. Castel, G. Durrieu, Ch. Seguin, C. Pagetti, L. Sagaspe 1 General Problem Avionics are complex systems A380 (safety critical avionics): +100

445 views • 20 slides
Principles of Software Construction: Objects, Design, and Concurrency API Design 2: principles

Principles of Software Construction: Objects, Design, and Concurrency API Design 2: principles

Principles of Software Construction: Objects, Design, and Concurrency API Design 2: principles Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 4c due Thursday, 10/29, 11:59pm EST Homework 5 coming soon Team sign-up

620 views • 47 slides
Activating Family Caregivers to Help Keep Care at Home July 2018 Meeting Goals Introduce

Activating Family Caregivers to Help Keep Care at Home July 2018 Meeting Goals Introduce

Activating Family Caregivers to Help Keep Care at Home July 2018 Meeting Goals Introduce Structured Family Caregiving: a new in-home service option for HOPE Waiver participants Review characteristics of the new service Identify

442 views • 19 slides
&amp; the Impact of COVID-19 Denise Egan Stack, LMHC OCD in Children &amp; the Impact of

&amp; the Impact of COVID-19 Denise Egan Stack, LMHC OCD in Children &amp; the Impact of

OCD in Children &amp; the Impact of COVID-19 Denise Egan Stack, LMHC OCD in Children &amp; the Impact of Covid-19 Denise Egan Stack, LMHC Normal Development Common developmental phenomena in childhood. Similar in form and content to

517 views • 25 slides
Committee on Class and Labor Nadine J. Kaslow, PhD, ABPP nkaslow@emory.edu Membership 2

Committee on Class and Labor Nadine J. Kaslow, PhD, ABPP nkaslow@emory.edu Membership 2

Committee on Class and Labor Nadine J. Kaslow, PhD, ABPP nkaslow@emory.edu Membership 2 Faculty, Staff, Students, Administrators Nadine Kaslow, Chair; Gary Hauk, Co-Chair; Peter Barnes, Advisor Elizabeth Bounds, Angie Duprey, Bridget

208 views • 19 slides
Market volatility slide library 2020 updates 1 Geopolitical sell-offs are short-lived 5.3%

Market volatility slide library 2020 updates 1 Geopolitical sell-offs are short-lived 5.3%

Market volatility slide library 2020 updates 1 Geopolitical sell-offs are short-lived 5.3% Cuban President Nixon Iranian Soviet invasion 27% missile impeachment hostage Average total return of Afghanistan 26% 26% 6 months from event

238 views • 12 slides
Portfolio management 1 Portfolio management and investment banking Asset management and

Portfolio management 1 Portfolio management and investment banking Asset management and

Portfolio management 1 Portfolio management and investment banking Asset management and trading constitute the other major activity of IB, alongside investment banking (i.e. corporate finance) For large banks, asset management and

493 views • 45 slides
Chris Sheen Will Read Chief Operating Officer Founder &amp; CEO @MrChrisSheen @WillRead THE

Chris Sheen Will Read Chief Operating Officer Founder &amp; CEO @MrChrisSheen @WillRead THE

Chris Sheen Will Read Chief Operating Officer Founder &amp; CEO @MrChrisSheen @WillRead THE FTSE 100 INNOVATION INDEX # ideas from anywhere Innovation is on the increase Innovate or die Nobody wants to be a cautionary tale Blockbuster

526 views • 23 slides
Computational Statistics Lectures 10-13: Smoothing and Nonparametric Inference Dr Jennifer

Computational Statistics Lectures 10-13: Smoothing and Nonparametric Inference Dr Jennifer

Computational Statistics Lectures 10-13: Smoothing and Nonparametric Inference Dr Jennifer Rogers Hilary Term 2017 Background Smoothing and nonparametric methods Approximating function that attempts to capture important patterns in

1.2k views • 106 slides

More recommend