SAVE ORCA Formal Modeling, Safety Analysis, and Verification of - - PowerPoint PPT Presentation

save orca
SMART_READER_LITE
LIVE PREVIEW

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of - - PowerPoint PPT Presentation

Mar 20, 2023 520 likes •839 views

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications Hella Seebach , Florian Nafz and Wolfgang Reif What has happend in the last months? Software Engineering Guideline for Resource-Flow Systems

slide-1
SLIDE 1

Formal Modeling, Safety Analysis, and Verification

  • f Organic Computing Applications

Hella Seebach, Florian Nafz and Wolfgang Reif

SAVE ORCA

slide-2
SLIDE 2

What has happend in the last months?

  • Software Engineering Guideline

for Resource-Flow Systems

  • Decentral Reconfiguration Mechanism
  • Verified result checker
  • Formal model of the agents behavior
  • New System class: Data-Flow Systems [ATC-2010]

2 08.10.2010 SAVE ORCA

slide-3
SLIDE 3

Software Engineering Approach

  • Why a software engineering guideline?

– Clearly defined steps to build a self-organizing system – Reproducible results

  • Organic Design Pattern for self-organising

resource-flow systems

– Static aspects and components – Models for the components behavior – Constraints for „good“ system configurations

  • Restore Invariant Approach
  • Formal model

– Correctness guarantees – Quantitative analysis – Formalization of self-x properties

3 08.10.2010 SAVE ORCA

slide-4
SLIDE 4

Software Engineering Guideline (SPEM)

08.10.2010 SAVE ORCA

  • http://guideline.saveorca.isse.de/
  • http://openup.saveorca.isse.de/

4

[SASO2010]

slide-5
SLIDE 5

DECENTRAL RECONFIGURATION

5 08.10.2010 SAVE ORCA

slide-6
SLIDE 6

Coalition formation

  • Uses system structure (role structure)
  • Agents have only local knowledge
  • Agent who detects a local constraint violation starts a

coalition formation

  • Coalition reconfigures just a small part of the system

(task fragment)

08.10.2010 SAVE ORCA 6

slide-7
SLIDE 7

Example: Adaptive Production Cell

08.10.2010 SAVE ORCA

1 2 3 4 5 1 2 3 4 5

Capabilities: Task:

1-4

Agents:

7

slide-8
SLIDE 8

Capability to insert engine is broken

Capability breaks

8

1 2 3 4 5 1 2 3 4

08.10.2010 SAVE ORCA 8

slide-9
SLIDE 9

Coalition formation

9

1 2 3 4 5 1 2 3 4

Task fragment of coalition:

08.10.2010 SAVE ORCA 9

slide-10
SLIDE 10

10

1 2 3 4 5 1 2 3 4

08.10.2010 SAVE ORCA

Coalition formation

Agents are now able to reconfigure this part of the system

10

slide-11
SLIDE 11

11

1 2 3 4 5 1 2 3 4

08.10.2010 SAVE ORCA

Coalition formation

Edge Agents are needed to establish a correct resource flow

11

slide-12
SLIDE 12

Role allocation

12

1 2 3 3 4 5

Every agent in the coalition changes the role if necessary: Task fragment:

  

08.10.2010 SAVE ORCA 12

slide-13
SLIDE 13

13

1 2 3 4 5 1 2 3 4

08.10.2010 SAVE ORCA

Reconfigured system

13

slide-14
SLIDE 14

Agent breaks

08.10.2010 SAVE ORCA

1

3

6 5 4 3 2

1 2 4 5 6

7

I/O-Graph RF-Graph Coalition request

14

slide-15
SLIDE 15

Agent breaks

08.10.2010 SAVE ORCA

1

3

6 5 4 3 2

1 2 4 5 6

7

I/O-Graph RF-Graph Coalition request

15

slide-16
SLIDE 16

Running Example

16 08.10.2010 SAVE ORCA

slide-17
SLIDE 17

Formal Analysis and Verification

  • Systematic identification of possible failures that lead to a

hazard

– Safety Analysis

  • No collision between agents

– Quantitative properties for self-x systems

  • MTTF, MTBF
  • Provide a technique to be able to verify properties of

systems despite self-x properties

– Functional correctness

  • Correct processing of resources

– Behavioral guarantees

  • Resources eventually will be finished
  • Reconfiguration is done correctly

08.10.2010 SAVE ORCA 17

slide-18
SLIDE 18

Formal Verification

08.10.2010 18

  • Challenges:

– No fixed behavior. Result of a self-x phase unknown – Algorithms/Mechanisms for self-organization are hard to verify – Systems have unknown amount of agents

SAVE ORCA

slide-19
SLIDE 19

Formal Verification

08.10.2010 19

Seperation of concerns – Functional system – Self-x system → RIA - Approach

Observer / Controller Functional System

  • Challenges :

– No fixed behavior. Result of a self-x phase unknown – Algorithms/Mechanisms for self-organization are hard to verify – Systems have unknown amount of agents

SAVE ORCA

slide-20
SLIDE 20

Formal Verification

08.10.2010 SAVE ORCA 20

   (res) CInv

true res  Inv

false

else Observer / Controller Functional System RC

Result Checking − monitors configurations propagated back to system

  • Challenges :

– No fixed behavior. Result of a self-x phase unknown – Algorithms/Mechanisms for self-organization are hard to verify – Systems have unknown amount of agents

slide-21
SLIDE 21

Formal Verification

08.10.2010 SAVE ORCA 21

Compositonal Verification − Verification on agent level leads to a global system property − Rely/Gurantee formalism

  • Challenges :

– No fixed behavior. Result of a self-x phase unknown – Algorithms/Mechanisms for self-organization are hard to verify – Systems have unknown amount of agents

slide-22
SLIDE 22

Rely/Guarantee Formalism

08.10.2010 SAVE ORCA 22

  • Each agent gives guarantees to its environment about the individual behavior

(Guarantee), if it can rely on some properties of the environment (Rely)

  • Typical Relies:
  • “environment doesn’t change the agents local variables”
  • “incoming resources have “valid” state”
  • Guarantees:
  • “incoming requests are finally fulfilled”
  • “resource is produced correctly”
  • “outgoing resources have “valid” state”

Gi := ( ¬ isEmpty(locST[allocR.prec.port]) ∧ isEmpty(locST[allocR.postc.port]) → locST = locST′

∨ ( locST[allocR.prec.port].state= allocR.prec.state ∧ locST[allocR.prec.port].task = allocR.prec.task ∧ locST′[allocR.prec.port].state := locST′[allocR.prec.port].state+allocR.capToApp ) ∨ ( locST[allocR.prec.port].state= allocR.postc.state ∧ locST[allocR.prec.port].task = allocR.postc.task ∧ locST′[allocR.postc.port] := locST[allocR.prec.port] ∧ locST′[allocR.prec.port] :=⊥ )

slide-23
SLIDE 23

Rely/Guarantee Formalism

08.10.2010 SAVE ORCA 23

  • Each agent gives guarantees to its environment about the individual behavior

(Guarantee), if it can rely on some properties of the environment (Rely)

  • Typical Relies:
  • “environment doesn’t change the agents local variables”
  • “incoming resources have “valid” state”
  • Guarantees:
  • “incoming requests are finally fulfilled”
  • “resource is produced correctly”
  • “outgoing resources have “valid” state”

Compositionality theorem for reasoning about global properties.

slide-24
SLIDE 24

Formal Model

08.10.2010 SAVE ORCA 24

Software Engineering Models Parameterized formal model

slide-25
SLIDE 25

Formal Verification

  • Verification of system class properties

– „Resource-flow is correct“ – „ Leaving resources have been processed according to their task“ – „ Agents behave according to their roles“

  • Application specific properties

– Need to be verified once per application – Using instantiated parameterized model

08.10.2010 25

□ (∀ag ∈ Agents, ∀ r ∈ Resources (ag.outport = Ø ∧ r.location = ag → isFinished(r)) )

SAVE ORCA

slide-26
SLIDE 26

Outlook

  • Further work on self-optimization
  • Implementation of wave-like reconfiguration

mechanism

  • Deeper investigation of the system class: Data-Flow

systems

  • Extending RIA-Theorem to liveness properties
  • Extending theory for continously self-organisation

08.10.2010 SAVE ORCA 26

slide-27
SLIDE 27

Publications – Phase III

  • [ATC10] A Formal Framework for Compositional Verification of Organic Computing Systems

Florian Nafz, Hella Seebach, Jan-Philipp Steghöfer, Simon Bäumler, and Wolfgang Reif accepted for: Proceedings of the 7th International Conference on Autonomic and Trusted Computing (ATC 2010), Springer

  • [ATC10] Designing Self-Healing in Automotive Systems

Hella Seebach, Florian Nafz, Jörg Holtmann, Jan Meyer, Matthias Tichy, Wolfgang Reif, and Wilhelm Schäfer accepted for: Proceedings of the 7th International Conference on Autonomic and Trusted Computing (ATC 2010), Springer

  • [SASO10] A Software Engineering Guideline for Self-organizing Resource-Flow Systems

Hella Seebach, Florian Nafz, Jan-Philipp Steghöfer, and Wolfgang Reif Proceedings of the Fourth IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2010)

  • [ICRA10]Developing Self-Organizing Robotic Cells using Organic Computing Principles

Alwin Hoffmann, Florian Nafz, Hella Seebach, Andreas Schierl, and Wolfgang Reif Workshop on Bio-Inspired Self-Organizing Robotic Systems, 2010 IEEE International Conference on Robotics and Automation (ICRA 2010), Anchorage, Alaska, USA, May 3-8, 2

  • [ARCS10]On Deadlocks and Fairness in Self-organizing Resource-Flow Systems

Jan-Philipp Steghöfer, Pratik Mandrekar, Florian Nafz, Hella Seebach, Wolfgang Reif Proceedings of ARCS 2010 - Architecture of Computing Systems, Springer

  • [MAS&S10]Design and Simulation of a Wave-like Self-Organization Strategy for Resource-Flow Systems

Jan Sudeikat, Jan-Philipp Steghöfer, Hella Seebach, Wolfgang Reif, Wolfgang Renz, Thomas Preisler, and Peter Salchow accepted for: Proceedings of the 4th International Workshop on Multi-Agent Systems and Simulation

  • [ICSE09]A generic software framework for role-based Organic Computing systems

Florian Nafz, Frank Ortmeier, Hella Seebach, Jan-Philipp Steghöfer and Wolfgang Reif SEAMS 2009: ICSE 2009 Workshop Software Engineering for Adaptive and Self-Managing Systems

  • [ATC09] A universal self-organization mechanism for role-based Organic Computing systems

Florian Nafz, Frank Ortmeier, Hella Seebach, Jan-Philipp Steghöfer and Wolfgang Reif Proceedings of the Sixth International Conference on Autonomic and Trusted Computing (ATC-09)

08.10.2010 27 SAVE ORCA

slide-28
SLIDE 28

Publications – Phase I and II

  • [SASO08] A specification and construction paradigm for Organic Computing systems
  • M. Güdemann, F.Nafz, F.Ortmeier, H.Seebach and W.Reif

Proceedings of the Second IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2008), IEEE Computer Society Press (2008)

  • [HINF08] Organic Computing for Health Care Systems
  • F. Nafz, F. Ortmeier, H. Seebach, and W. Reif

Proceedings of International Conference on Health Informatics

  • [ENASE08] Implementing Organic Computing Systems with Agentservice

Florian Nafz, Frank Ortmeier, Hella Seebach, Jan-Philipp Steghöfer and Wolfgang Reif 3rd International Conference on Evaluation of Novel Approaches to Software Engineering

  • [CEC07]Design and Construction of Organic Computing Systems

Hella Seebach, Frank Ortmeier, Wolfgang Reif Proceedings of 2007 IEEE Congress on Evolutionary Computation, IEEE Computer Society Press 2007

  • [ISCAS07]Modeling of self-adaptive systems with SCADE

Matthias Güdemann, Andreas Angerer, Frank Ortmeier, Wolfgang Reif Proceedings of 2007 IEEE International Symposium on Circuits and Systems, IEEE Computer Society Press 2007

  • [ISOLA06] Safety and Dependability Analysis of Self-Adaptive Systems
  • M. Güdemann, F. Ortmeier, W. Reif

Proceedings of ISoLA 2006, 2nd International Symposium on Leveraging Applications of Formal Methods, Verification and Validation, IEEE Computer Society Press 2006

  • [GI06]Towards Safe and Secure Organic Computing Applications

Matthias Güdemann, Florian Nafz, Wolfgang Reif and Hella Seebach INFORMATIK 2006 – Informatik für Menschen, volume P-93 of GI-Edition – Lecture Notes in Informatics

  • [ATC06] Formal Modeling and Verification of Systems with Self-x Properties

Matthias Güdemann, Frank Ortmeier and Wolfgang Reif Proceedings of the Third International Conference on Autonomic and Trusted Computing (ATC-06)

08.10.2010 28 SAVE ORCA

slide-29
SLIDE 29

THANKS FOR YOUR ATTENTION

29 08.10.2010 SAVE ORCA