coral: a tool for compositional reliability and availability analysis † hichem boudali 1, pepijn...
TRANSCRIPT
Coral: a tool for CompositionalReliability and Availability analysis†
Hichem Boudali1, Pepijn Crouzen2, and Mariëlle Stoelinga1.
1Formal Methods and Tools groupCS, University of Twente, NL.
2Dependable Systems and Software group,CS, Saarland University, Germany
Context & Motivation
Systems do fail Reliability Engineering:
- Analyze system reliability Many formalisms: Petri nets, RBDs, DFTs, AADL, DFTs:
- Graphical, popular formalism - Unreliabilty = P[failure during mission time]
Dynamic Fault trees
Graphical, intuitive formalism Specify system failures in terms
of component failure Tree/DAG
leaves: basic events = component failures
gates: failure propagation CORAL methodology
formal semantics using IOIMCs Compositional modeling +
verification state space reduction techniques
phone
engine
road trip
car
tire 1 tire 2 tire 3 tire 4 spare
Tool Chain
DFT
SVL bcg_labels
DFTrepository
dft2bcg
SVL
IOIMCmodel
dft2bcg dft_evalIOIMCmodels
CTMC +goal state
bcg_trans
mission
time
Unrealiability
C O R A L
= P[failure during mission time]
What is deep compositionality?
Failure
2/3
S
CBA
Semantics of a DFT arises naturally ascomposition of the semantics of its building blocks
But: This may lead to huge models.
f(G1)
f(NE1) f(NE4)…
f(G1)
Translation
each gate gets IOIMCComposition
Prototype tool chainCoral – DFT analysis
dft2bcg:
Translationcomposer:
Composition
composer:
minimization
composer:
Repeat
CTMC
Result:
unreliability
dft_eval:
Analysis
dft_eval:
MC generation
User-given
ordering
1325 states
instead of
32757 states
Composition
order
matters
Tool Chain
DFT
SVL bcg_labels
DFTrepository
dft2bcg
SVL
IOIMCmodel
dft2bcg dft_evalIOIMCmodels
CTMC +goal state
bcg_trans
composition
script
mission
time
Unrealiability
C O R A L
Case studies
Analysis
method
Max number of
states
Max number of transitions
Unreliability
MDCS Monolithic 253 1383 2.00 · 10-9
Compositional 190 723 2.00 · 10-9
HCPS Monolithic 4113 24608 1.35 · 10-3
Compositional 133 465 1.35 · 10-3
CAS Monolithic 8 10 0.657
Compositional 32 116 0.657
FTPP Monolithic 32757 426826 2.55479 · 10-8
Compositional 1325 14153 2.55479 · 10-8
CORAL: lifting previous drawbacks of DFTs
Lack of formal semantics semantics in terms of IOIMCs Each gate & BE has corresp. IOIMC DFT semantics = composition of gate
semantics Lack of modularity
severe restrictions on reuse of sub-models in larger models
CORAL is much more liberal State space explosion problem
use bisimulation to combate state space explosion
phone
engine
road trip
car
tire 1 tire 2 tire 3 tire 4 spare
Future work
Fully automated tool Get rid of composition script Order of composition matters heuristics
More aggressive state reduction Weaker equivalence, interface constraints, Phase-type
minimization Further extensions to DFT modeling capabilities
Extension to non-exponential distributions New DFT building blocks
Simulation for DFTs Apply deep compositionality to other engineering
formalisms! E.g. Architectural description languages like AADL
References
H. Boudali, P. Crouzen, M. Stoelinga. “Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains”, DSN 2007 proceedings.
H. Boudali, P. Crouzen, M. Stoelinga. “A compositional semantics for Dynamic Fault Trees in terms of Interactive Markov Chains”, ATVA 2007.
More info: [email protected] [email protected] [email protected]