UML and Dependability Analysis

Original slides prepared by Simona BernardiPresented by Jeremy Sproston

PaCo kick-off meeting, 23/10/08

2

UML and dependability analysis

Two tasks:– Development of a UML profile for dependability

analysis – Use of formal models for dependability assessment

3

A UML profile for dependability analysis

Recently completed work:– S.Bernardi, J. Merseguer, D.C. Petriu, Adding Dependability

Analysis capabilities to the MARTE profile.MODELS08, October 2008.

– S. Bernardi, J. Merseguer, D.C. Petriu, An UML profile for dependability analysis and modeling of software systems, Tech.Rep. no. RR-08-05, DIIS, Universidad de Zaragoza, Spain, May, 2008.

4

Motivation and objectives

The current standard UML profiles (SPT, QoS&FT, MARTE) do not provide concrete capabilities for dependability analysis in a light-weight fashionSeveral proposals on deriving dependability models from UML-based modelsThe main objective is to propose a UML profile for quantitative dependability analysis of sw systems modeled with UML– With focus on availability, reliability and safety properties

5

Profile requirements

Reuse best-practices reported in the literatureUnify the terminology and concepts for different dependability aspects under a common dependability domain modelMARTE compliance

6

Methodological approach overviewLiterature review: UML profiles Dependability literature Survey on UML dep.analysis

Definition of DAM conceptual model

Reqschecklist

Assessment of the DAM

conceptual model

Complete?

Definition of the DAM profile

no

yes

DAM profileassessment with

the checklistAll reqs

satisfied?

no

yes DAM extensions(stereotypes, tags)

DAM library

7

Mapping approach

The mapping process from the conceptual model elements to the DAM profile has been an iterative one Approach– General guidelines from Selic to extend UML metamodel– Patterns from Lagarde et al. that enable a consistent mapping – Best practice of MARTE to trace the mapping– Specialization of MARTE-GQAM stereotypes to reuse already

defined concepts

8

Mapping of conceptual classes

Conceptual classes are good candidates to become stereotypes, but eventually only a subset of them have been mapped to a stereotype Objective: provide a “small” set of stereotypes– Abstract classes: not considered– Threat/Maintenance concepts: complex dependability types of

the DAM Library– E/F/H Step classes become enumeration type values

(“subsuming taxonomic concept” pattern)

9

Current activity/open issues

MODELS08 paper: proposed an “open” profile to support the dependability quantitative analysis of UML design– MARTE compliant– Considers the current standards in dependability

Current activity– DAM profile assessment

• Application of the DAM profile to examples from literature and to case studies

• Both quantitative and qualitative assessment of dependability

10

Current activity/open issues

Open issues – New requirements regarding other dependability attributes

(i.e., integrity, confidentiality, maintainability)– Relationship between dependability and performance NFP

(possible collaboration with UNIAQ)– Fault tolerance domain: specification of QoS metrics as

functions of dependability NFP and performance NFP

11

Use of formal models for dependability assessment (I)

Current activity– Literature review on deriving dependability models from

UML system specifications

Future work– Definition of criteria for the selection of a set of

formalisms for dependability• Qualitative assessment (e.g., HAZOP,FFA)• Quantitative assessment (e.g., Stochastic Petri Nets, Fault

Trees, CSL, Performance Trees)

12

Use of formal models for dependability assessment (II)

– Dependability model derivation techniques from UML-DAM annotated models

• Customization of techniques in the literature• Definition of new transformation techniques

– Definition of a methodology for the synergetic use of the aforementioned techniques within the sw development process.