SMT-based Analysis of Reli liability Architectures Alessandro - - PowerPoint PPT Presentation

smt based analysis of
SMART_READER_LITE
LIVE PREVIEW

SMT-based Analysis of Reli liability Architectures Alessandro - - PowerPoint PPT Presentation

Sep 15, 2022 274 likes •912 views

SMT-based Analysis of Reli liability Architectures Alessandro Cimatti Fondazione Bruno Kessler, Trento, Italy Joint work with Marco Bozzano and Cristian Mattarei Safety Critical Systems a system whose safety cannot be shown solely by test,

slide-1
SLIDE 1

SMT-based Analysis of Reli liability Architectures

Alessandro Cimatti

Fondazione Bruno Kessler, Trento, Italy

Joint work with Marco Bozzano and Cristian Mattarei

slide-2
SLIDE 2

Safety Critical Systems

“a system whose safety cannot be shown solely by test, whose logic is difficult to comprehend without the aid of analytical tools… …and that might directly or indirectly contribute to put human lives at risk, damage the environment, or cause big economical losses” [SAE ARP4754]

2

slide-3
SLIDE 3

Power system: …in a perfect world

Engine +

  • 3
slide-4
SLIDE 4

Power system: …in real world

4

slide-5
SLIDE 5

Reliability Improvement

  • How to improve reliability?
  • Redundancy is one of the fundamental solutions
  • Multiple replicas of components
  • Can act as backup
  • Adopted in many critical system design such as:
  • Computer and communication systems
  • Electric power transmission and distribution system
  • Rail and Road transportation systems
  • Water, Oil and Gas distribution
slide-6
SLIDE 6

A classification of Redundancy

  • Hot stand-by: redundant components are powered

and completely functional at the same time

  • Warm stand-by: redundant components are in an

idle state, and they become functional only when it is necessary

  • Cold stand-by: similar to warm stand-by, but

redundant components are turned off rather than being idle

slide-7
SLIDE 7

Our goal

  • Given a selected form of redundancy, what are its

features?

  • How to quantify reliability?
  • In practice, many forms of redundancy are possible
  • Which one is best?
  • Currently, this is a manual process!
  • In this talk:
  • SMT-based analysis of redundancy architectures
slide-8
SLIDE 8

Outline

  • Architectural Design in Critical Systems
  • Redundant Systems
  • Reliability Analysis
  • Automated Approaches
  • EUF modeling and Fault Tree Analysis
  • Efficient Analysis via Predicate Abstraction
  • Conclusion

8

slide-9
SLIDE 9
  • Increase reliability for critical design
  • Usage of redundant scheme (e.g. Triple Modular Redundancy)
  • Hard to analyze and optimize system reliability

Nominal architecture Redundant architecture

Redundant systems definition: TMR

[Abraham74]

9

slide-10
SLIDE 10

Triple Modular Redundancy: Possible Patterns

10

1 voter 2 voters 3 voters

slide-11
SLIDE 11

TMR: Linear Structures

M M M V

slide-12
SLIDE 12

TMR: Linear Structures

M M M V M M M V

slide-13
SLIDE 13

TMR: Linear Structures

M M M V M M M V M M M V M M M V

slide-14
SLIDE 14

TMR: Linear Structures

M M M V M M M V M M M V M M M V M M M V M M M V V M M M V V V M M M V

>

?

<

slide-15
SLIDE 15

TMR: Linear Structures

M M M V M M M V M M M V M M M V M M M V M M M V V M M M V V V M M M V M M M V V M M M V V M M M V M M M V V V M M M V V V M M M V V V M M M V V V M M M V V V

>

?

< >

?

< >

?

<

slide-16
SLIDE 16

16

Triple Redundant Module comparison (1 voter)

Reliability analysis: manual approach

[Hamamatsu10]

slide-17
SLIDE 17

Reliability analysis: manual approach

  • Manual approach to reliability computation:
  • Slow, expensive and error prone
  • Limited expressiveness
  • Support only for linear structures
  • no general approach also for Tree- and DAG-shaped
  • Needs space discretization
slide-18
SLIDE 18

Outline

  • Architectural Design in Critical Systems
  • Redundant Systems
  • Reliability Analysis
  • Automated Approaches
  • EUF modeling and Fault Tree Analysis
  • Efficient Analysis via Predicate Abstraction
  • Conclusion

18

slide-19
SLIDE 19

Automated Analysis of Reliability Architecture

  • 1. Model the extended system with uninterpreted

functions

19

slide-20
SLIDE 20

Modeling of the extended system

20

slide-21
SLIDE 21

Modeling of the extended system

21

slide-22
SLIDE 22

Automated Analysis of Reliability Architecture

  • 1. Model the extended system with uninterpreted

functions

  • 2. Perform Fault Tree Analysis

22

slide-23
SLIDE 23

SAT-Based Fault Tree Analysis

slide-24
SLIDE 24

SAT-Based Fault Tree Analysis

slide-25
SLIDE 25

Fault Tree Analysis: equivalence check

25

slide-26
SLIDE 26

Fault Tree Analysis: equivalence check

26

slide-27
SLIDE 27

Automated Analysis of Reliability Architecture

  • 1. Model the extended system with uninterpreted

functions

  • 2. Perform Fault Tree Analysis
  • 3. Extract Reliability Function, from BDD

representation of Fault Tree

27

slide-28
SLIDE 28

Reliability Function Extraction

28

BDD representation of the Fault Tree

slide-29
SLIDE 29

Reliability Function Extraction

29

BDD representation of the Fault Tree

slide-30
SLIDE 30

Reliability Function Extraction

30

BDD representation of the Fault Tree

slide-31
SLIDE 31

Reliability Function Extraction

31

BDD representation of the Fault Tree

slide-32
SLIDE 32

Reliability Function Extraction

32

BDD representation of the Fault Tree

slide-33
SLIDE 33

Reliability Function Extraction

33

BDD representation of the Fault Tree

slide-34
SLIDE 34

Automated Analysis of Reliability Architecture

  • 1. Model the extended system with uninterpreted

functions

  • 2. Perform Fault Tree Analysis
  • 3. Extract Reliability Function, from BDD

representation of Fault Tree

  • 4. Evaluate the results with analytical tools

(Octave/Matlab)

34

slide-35
SLIDE 35

35

Triple Redundant Module comparison (1 voter)

e d c b a

1-Rv 1-Rm

Automated Analysis of Reliability Architecture

slide-36
SLIDE 36

Uniform probability analysis

1 voter patterns comparison (2D) 1 voter patterns comparison (3D)

36

slide-37
SLIDE 37

Uniform probability analysis

1 vs 2 voters comparison (2D) 1 vs 2 voters comparison (3D)

37

slide-38
SLIDE 38

Uniform probability analysis

38

slide-39
SLIDE 39

Not uniform probability analysis

39

slide-40
SLIDE 40

Automated Analysis of Reliability Architectures

  • Full automated technique for the Analysis of

Reliability Architecture

  • Symbolic technique
  • generates the closed form of Reliability function
  • Allows for the reusability of analysis results
  • generation of Reliability Functions Libraries
  • Useful to explore the design space
  • Bottleneck:
  • the AllSMT computation is monolithic
  • Hard to deal with big systems (> 10 stages)
slide-41
SLIDE 41

Outline

  • Architectural Design in Critical Systems
  • Redundant Systems
  • Reliability Analysis
  • Automated Approaches
  • EUF modeling and Fault Tree Analysis
  • Efficient Analysis via Predicate Abstraction
  • Conclusion

41

slide-42
SLIDE 42

Counter-Example Guided Abstraction-Refinement (CEGAR)

slide-43
SLIDE 43

P0 P1 not P1 01 00 10 11 P2 not P2 000 010 011 001 100 101 Ψ0(X) Ψ1(X) Ψ2(X) I(X) R(X, X') State vars X Abstract State vars P AI (P) AR(P,P') not P0

Predicate abstraction

slide-44
SLIDE 44

CEGAR with Predicate abstraction

slide-45
SLIDE 45

Computing Abstractions

  • Given concrete model CI(X), CR(X, X')
  • Given set of predicates Ψi(X)

each associated to abstract variable Pi

  • Obtain the corresponding abstract model
  • AR(P, P') is defined by

∃ X X'.(CR(X, X') ⋀ ⋀i Pi ↔ Ψi(X) ⋀ ⋀i Pi' ↔ Ψi(X') )

  • Existential quantification as AllSMT
  • SMT solver extended to generate all satisfying

assignment

slide-46
SLIDE 46

Modular Abstraction for Safety Assessment

  • Compose the whole system using the abstraction of

each single module

  • Preserve the cut-set generation i.e. provide the

same results by means of modular abstract state space

  • Generate a pure Boolean model, and abstract SMT

formulas

  • Compute the results via BDD based engine with

known variable ordering

slide-47
SLIDE 47

Combinatorial System: Generic Component

slide-48
SLIDE 48

Combinatorial System: Abstractor and Concretizer

slide-49
SLIDE 49

Combinatorial System: Sequential composition

slide-50
SLIDE 50

Combinatorial System: Parallel Composition

slide-51
SLIDE 51

Combinatorial System: Reduction and Parallel Equivalence

slide-52
SLIDE 52

Combinatorial System: Modular Abstraction Equivalence

slide-53
SLIDE 53

Modular Abstraction

Boolean Data

68

slide-54
SLIDE 54

… …

Modular Abstraction

69

… = = … … … V = =

slide-55
SLIDE 55

Modular Abstraction

70

slide-56
SLIDE 56

Experimental Evaluation: Concrete vs Abstraction

  • Redundant network description:
  • Linear TMR structures with 1, 2 and 3 voters. Single

(triplicated) input and output ports

  • Tree and DAG like structures randomly generated with 1,

2 and 3 voters; 1, 2 and 3 (triplicated) input ports; single (Tree) or double (DAG) output ports

  • Fault Tree Analysis with equivalence check:

perfect vs redundant (and faulty) circuit

  • Engines detail
  • MathSAT5 (EUF) for concrete case
  • NuSMV3 with BDD-based engine for modular

abstraction

slide-57
SLIDE 57

DAG like example with 60 modules

72

slide-58
SLIDE 58

Concrete vs Abstraction: linear

slide-59
SLIDE 59

Concrete vs Abstraction: Tree and DAG (< 15 modules)

slide-60
SLIDE 60

Abstraction: Tree and DAG

slide-61
SLIDE 61

Outline

  • Architectural Design in Critical Systems
  • Redundant Systems
  • Reliability Analysis
  • Manual Reliability techniques
  • Automated Approaches
  • EUF modeling and Fault Tree Analysis
  • Efficient Analysis via Predicate Abstraction
  • Conclusion

76

slide-62
SLIDE 62

Conclusion

  • Automated technique for the analysis of reliability

architectures

  • Management of linear, Tree and DAG like structures
  • Efficient analysis of large systems (> 140 modules)

via predicate abstraction

  • Take-away
  • SMT view crucial to devise novel solutions!
  • Efficiency does not come for free…

77

slide-63
SLIDE 63

Thanks for your attention!