[PPT] - Vrification probabiliste de proprits de modles AltaRica 3.0 PowerPoint Presentation

SLIDE 1

Vérification probabiliste de propriétés de modèles AltaRica 3.0

Benjamin Aupetit OpenAltaRica, IRT SystemX Laboratoire de Génie Industriel, CentraleSupélec

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

1

SLIDE 2

Introduction

Encadrement de thèse :

Antoine Rauzy (Pr) (IPK, NTNU)
Jean-Marc Roussel (MCF HDR) (LURPA, ENS Cachan)

Projet OpenAltaRica, IRT SystemX

Michel Batteux (Dr) (IRT SystemX)

Projet OpenAltaRica :

Partenaires Premium
Partenaires Adhérent

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

2

SLIDE 3

Introduction

Thèse

Débutée en Octobre 2014
Fin prévue en Septembre 2017

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

3

Vérification probabiliste de propriétés de modèles AltaRica 3.0

SLIDE 4

Introduction

Safety Assessment
Predictive analysis

– Probabilistic – On models of a system

Dynamic behavior
Modeling formalism: AltaRica 3.0

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

4

SLIDE 5

OpenAltaRica Project

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

Systems Specifications Models

class HydraulicPump Boolean working (init = false); event failure (delay = exponential(lambda)); transition failure: working -> working := false; end

AltaRica 3.0

5

SLIDE 6

Objectives : Develop the ecosystem around the AltaRica 3.0 modeling language for the safety analysis of critical systems

OpenAltaRica Project

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

Federate a community of users.

Forum

The Platform OpenAltaRica
The reference Implementation;
Software tools the more accurate.
Integration with other

engineering disciplines

Comply with certification processes

6

SLIDE 7

OpenAltaRica Project

AltaRica 3.0 Workshop

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

AltaRica 3.0 Editor

Fault Trees compiler Stepwise simulator Markov Chains generator Stochastic simulator Model Checker Sequences generator Specifications AltaRica 3.0 Descriptions

block Plane_HydraulicSystem block HydraulicLine1 Pump P1, P2; Valve V1, V2,V3; …. assertion V1.inFlow := P1.outFlow; …. end …. end

class NRC Boolean working (init = true); parameter Real lambda = 0.00001; event failure (delay = exponential(lambda)); transitions failure: working -> working := false; end class Pump extends NRC; Boolean inFlow, outFlow (reset = false); assertion if working then outflow := inFlow; end class Valve extends NRC; Boolean inFlow, outFlow (reset = false); assertion if working then outflow := inFlow; end

7

SLIDE 8

Pilot Interface Physical Computing Modules

Stochastic Simulation

Landing System:

AltaRica 3.0 modeling:

– 129 components, ~1000 variables – State-space size: 2.6 × 10105

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

Landing System example

Handle Lights Analogical Switch ElectroValves Cylinders Sensors Computing Module A Computing Module B x3 x5 x6 x36

The Landing Gear System Case Study, F. Boniol, V. Wiels (ONERA), ABZ 2015

8

SLIDE 9

Stochastic Simulation

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

State-space exploration

9

SLIDE 10

Stochastic Simulation

Stochastic simulation problems:

Correctness

– Quality assurance

Performance

– Significant results

Usefulness

– Exploiting the tool to obtain useful informations

n the system

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

10

SLIDE 11

Stochastic Simulation

Standards
DO-178C/ED-12C : Software Considerations in Airborne Systems and Equipment Certification
DO-330/ED-215 : Tool Qualification

– The user has to qualify the tool used

Evaluation kit

– To allow the user to evaluate the correctness, performances and pertinence of a stochastic simulation tool

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

Vers la définition d’un kit d’évaluation pour les simulateurs stochastiques, B. Aupetit, M. Batteux, A. Rauzy, J.-M. Roussel, Lambda-Mu 20 (2016)

A C B D A C B D A C B D

11

SLIDE 12

Stochastic Simulation

Performances improvement

Compilation techniques
Use of the Evaluation Kit and profilage

Landing System example

Simulation of 2 × 109 landing/take-off
Original : 3 years (estimated)
Improved : 17 hours
1500 times faster

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

AltaRica 3.0 Stochastic Simulation Evaluation kit AltaRica 3.0 Stochastic Simulator Execution results (profilage) Tool Improvement

Improving performances of the AltaRica 3.0 stochastic simulator, B. Aupetit, M. Batteux, A. Rauzy, J.-M. Roussel, ESREL (2015) 12

SLIDE 13

Stochastic Simulation

Properties

Classical safety properties and indicators

– MTBF : Mean Time Between Failures – MTTF : Mean Time To Failures – MTTR : Mean Time To Repair

Classical performances properties and indicators

– Availability, …

Complex properties

– Probability to not detect a failure when in a critical state – Mean time to perform a specific action when in a critical state – Probability to recover from a critical state

Landing System example:

– Gears are indicated out but are not – Gears are moving when the doors are not open – Gears are not locked out more than 15s after the order without alarm

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

13

SLIDE 14

Stochastic Simulation

Stochastic simulation problems :

Correctness

– Quality assurance –  Solution : Evaluation Kit

Performance

– Significant results –  Solution : Profilage and Optimizations

Usefulness

– Exploiting the tool to obtain useful information on the system –  Solution : Stochastic Model-Checking

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

14

SLIDE 15

Stochastic Model-Checking

Stochastic Model-Checking :

Interaction between

– Stochastic simulation – Properties checking

To obtain statistical results
Landing System example
Safety properties

– 11 False occurrence out of 𝟑 × 𝟐𝟏𝟘 operations

Probability: 𝟔. 𝟔 × 𝟐𝟏−𝟘
Margin of error (95%): 𝟖. 𝟓 × 𝟐𝟏−𝟐𝟓

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

Stochastic Simulation Properties checking Stochastic Model-Checking Results  Req 1 : 100 % ± 0.01  Req 2 : 100 % ± 0.01  Req 3 : 42 % ± 0.01 Not OK

15

SLIDE 16

Conclusion

Tools must be evaluated before being used
Complex safety properties can be checked using stochastic

simulation Continuation

Property expression language
Stochastic model-checking tool

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

16

SLIDE 17

Vérification probabiliste de propriétés de modèles AltaRica 3.0

Benjamin Aupetit OpenAltaRica, IRT SystemX Laboratoire de Génie Industriel, CentraleSupélec

16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"

17