Quantitative Safety Analysis of Non-Deterministic System Architectures

Similar documents
Universität Konstanz. Department of Computer and Information Science. Master Thesis. Quantitative Analysis of Concurrent System Architectures

Analysis of an Airport Surveillance Radar using the QuantUM approach

Probabilistic Model Checking and Strategy Synthesis for Robot Navigation

On the Synergy of Probabilistic Causality Computation and Causality Checking

Safety and Reliability of Embedded Systems. (Sicherheit und Zuverlässigkeit eingebetteter Systeme) Fault Tree Analysis Obscurities and Open Issues

A systematic strategy to perform quantitative safety assessment of Simulink diagrams using Prism - Technical Report

On the Synergy of Probabilistic Causality Computation and Causality Checking

Probabilistic verification and approximation schemes

PRISM An overview. automatic verification of systems with stochastic behaviour e.g. due to unreliability, uncertainty, randomisation,

An Indian Journal FULL PAPER ABSTRACT KEYWORDS. Trade Science Inc.

Plasma: A new SMC Checker. Axel Legay. In collaboration with L. Traonouez and S. Sedwards.

Joint work with Marie-Aude Esteve, Joost-Pieter Katoen, Bart Postma and Yuri Yushtein.

Model-Based Safety Assessment with AltaRica 3.0

Stochastic Petri Net. Ben, Yue (Cindy) 2013/05/08

Model Checking. Boris Feigin March 9, University College London

STOCHASTIC MODELS FOR RELIABILITY, AVAILABILITY, AND MAINTAINABILITY

RESISTing Reliability Degradation through Proactive Reconfiguration

Formal Analysis of Fault Tree using Probabilistic Model Checking: A Solar Array Case Study

Software Science: How Far Could Mathematics and Rigor Take Us?

Formal Verification via MCMAS & PRISM

Towards An Accurate Reliability, Availability and Maintainability Analysis Approach for Satellite Systems Based on Probabilistic Model Checking

Alan Bundy. Automated Reasoning LTL Model Checking

Autonomous Agent Behaviour Modelled in PRISM A Case Study

Reliability Analysis of Electronic Systems using Markov Models

ADVANCED ROBOTICS. PLAN REPRESENTATION Generalized Stochastic Petri nets and Markov Decision Processes

Evaluating the Reliability of Defect-Tolerant Architectures for Nanotechnology with Probabilistic Model Checking

Thermal Scheduling SImulator for Chip Multiprocessors

A Timed CTL Model Checker for Real-Time Maude

Logic Model Checking

Symbolic Semantics and Verification of Stochastic Process Algebras. Symbolische Semantik und Verifikation stochastischer Prozessalgebren

CONTROLLER DEPENDABILITY ANALYSIS BY PROBABILISTIC MODEL CHECKING. Marta Kwiatkowska, Gethin Norman and David Parker 1

POLYNOMIAL SPACE QSAT. Games. Polynomial space cont d

Safety Verification of Fault Tolerant Goal-based Control Programs with Estimation Uncertainty

Methods for Software Verification. Andrea Corradini Gian Luigi Ferrari. Second Semester 6 CFU

Dependability Analysis

On Model Checking Techniques for Randomized Distributed Systems. Christel Baier Technische Universität Dresden

Temporal Logic of Actions

Polynomial-Time Verification of PCTL Properties of MDPs with Convex Uncertainties and its Application to Cyber-Physical Systems

ONR MURI AIRFOILS: Animal Inspired Robust Flight with Outer and Inner Loop Strategies. Calin Belta

SFM-11:CONNECT Summer School, Bertinoro, June 2011

The State Explosion Problem

Safety analysis and standards Analyse de sécurité et normes Sicherheitsanalyse und Normen

Variations on Itai-Rodeh Leader Election for Anonymous Rings and their Analysis in PRISM

Controlling probabilistic systems under partial observation an automata and verification perspective

Stochastic Games with Time The value Min strategies Max strategies Determinacy Finite-state games Cont.-time Markov chains

Decision making, Markov decision processes

Fluid Petri Nets and hybrid model-checking: a comparative case study q

Probabilistic Model Checking: Advances and Applications

Lecture 2: From Classical to Quantum Model of Computation

Quality Management of Software and

ECS 120 Lesson 23 The Class P

Model Repair in Systems Design. Panagiotis Katsaros Aristotle University of Thessaloniki (GR)

Model Counting for Logical Theories

Monitoring the full range of ω-regular properties of Stochastic Systems

Dependability Engineering of Silent Self-Stabilizing Systems

Frontiers of Risk and Reliability Engineering Research

The Reinforcement Learning Problem

Ranking Verification Counterexamples: An Invariant guided approach

Timo Latvala. March 7, 2004

Probabilistic Model Checking of Security Protocols without Perfect Cryptography Assumption

Directed and Heuristic Counterexample Generation for Probabilistic Model Checking - A Comparative Evaluation

Evaluating the Reliability of NAND Multiplexing with PRISM

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39

An Automotive Case Study ERTSS 2016

Varieties of Stochastic Calculi

The Applications of Inductive Method in the Construction of Fault Trees MENG Qinghe 1,a, SUN Qin 2,b

Stochastic Decision Diagrams

Lecture 05: High-Level Design with SysML. An Introduction to SysML. Where are we? What is a model? The Unified Modeling Language (UML)

Automata-based Verification - III

Quantitative analysis with the probabilistic model checker PRISM 1

Transient behaviour in highly dependable Markovian systems: new regimes, many paths.

Test Statistique Structurel et Fonctionnel

A Brief Introduction to Model Checking

arxiv: v1 [cs.lo] 7 Dec Department of Electrical and Computer Engineering,

Reliability of Technical Systems

Proving Real-time Properties of Embedded Software Systems 0-0

Module 8. Lecture 5: Reliability analysis

Uncertainty modeling for robust verifiable design. Arnold Neumaier University of Vienna Vienna, Austria

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

CTL Model checking. 1. finite number of processes, each having a finite number of finite-valued variables. Model-Checking

Formal Methods in Software Engineering

Qualitative and Quantitative Analysis of a Bio-PEPA Model of the Gp130/JAK/STAT Signalling Pathway

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Automata-based Verification - III

Quantification of the safety level of a safety-critical control system K. Rástočný 1, J. Ilavský 1

Quantum Memory Hierarchies

Stochastic Petri Nets. Jonatan Lindén. Modelling SPN GSPN. Performance measures. Almost none of the theory. December 8, 2010

The Quasi-Synchronous Approach to Distributed Control Systems

Safety Verification and Failure Analysis of Goal-Based Hybrid Control Systems

LOGIC PROPOSITIONAL REASONING

Automatic Verification of Parameterized Data Structures

Probabilistic Model Checking for Biochemical Reaction Systems

Bayesian networks for multilevel system reliability

Optimization-based Modeling and Analysis Techniques for Safety-Critical Software Verification

Counterintuitive results from Bayesian belief network software reliability model

Safety Analysis of an Airbag System using Probabilistic FMEA and Probabilistic Counterexamples

Description Logics. Deduction in Propositional Logic. franconi. Enrico Franconi

Umans Complexity Theory Lectures

Model Checking: An Introduction

Transcription:

Quantitative Safety Analysis of Non-Deterministic System Architectures Adrian Beer University of Konstanz Department of Computer and Information Science Chair for Software Engineering Adrian.Beer@uni.kn

Motivation Safety critical systems are everywhere These systems have to be verified against safety goals to ensure safe working Safety analysis should be easily supported during the development! Best case: completely automatized 2

Outline 1. Motivation 2. Preliminaries 3. Safety Analysis of UML / SysML models The QuantUM approach 4. Case Studies 5. Conclusion 3

Preliminaries Quantitative Safety Analysis of Non-Deterministic System Architectures 4

Quantitative Safety Analysis of Non-Deterministic System Architectures Industrial Practice (some demanded by safety standards) Qualitative Methods identify Failures Quantitative Methods predict frequency of failures - Qualitative FMEA - Qualitative Fault Tree Analysis - Event Tree Analysis - Quantitative FMEA - Quantitative Fault Tree Analysis - Event Tree Analysis - Markov models - Reliability block diagrams Academia Model Checking Probabilistic Model Checking 5

Quantitative Safety Analysis of Non-Deterministic System Architectures How is non-determinism introduced in systems? Environmental behavior No probability for environmental factors Can happen non-deterministically at any point in time Concurrency Several processes / components run concurrently Scheduler resolves non-determinism by deciding which process is allowed to take the next step Abstraction Some unknown aspects during design / modeling phase Incompleteness of the design model Simplification / abstraction of certain aspects in the system 6

Quantitative Safety Analysis of Non-Deterministic System Architectures Model-based Engineering Models help to structure, develop, analyze complex systems Model-based Engineering promoted / demanded by modern standards ISO 26262 DO-178C ARP 4754A ESAAR4 Modeling languages UML / SysML Matlab Simulink AADL ASCET 7

Outline 1. Motivation 2. Preliminaries 3. Safety Analysis of UML / SysML models The QuantUM approach 4. Case Studies 5. Conclusion 8

The QuantUM Approach The Goal: Automatic verification of UML / SysML models easily applicable and consistent in industrial practice Safety related information is directly encoded in the model using stereotypes Normal + failure behavior Quantitative information, i.e. failure rates Safety requirements encoded in state configurations of the system Automatic translation into reachability properties 9

The QuantUM Approach The Goal: Automatic verification of UML / SysML models easily applicable and consistent in industrial practice 10

The QuantUM Approach QuantUM relies on the concept of model checking Automatic exploration of the state space of the model of a system PRISM model checker Probabilistic analysis SPIN model checker Functional analysis Systematic search for modeling flaws in the system 11

The QuantUM Approach The Problem: Model of computation until now: Continuous Time Markov Chains Only stochastic transitions Modeling trick: Non-determinism is approximated using pseudostochastic transitions Introduced error often very large 12

Example: CTMC: The QuantUM Approach pseudo-stochastic transition failure transition Probability of reaching state within 1h is 0.63 Expectation: reaching state within 1h should always give a probability of 1 Even when setting to a higher value this phenomenon has an impact along long paths 13

The QuantUM Approach Solution: Use Markov Decision Processes MDPs support non-determinism by definition MDPs have a discrete time-basis No continuous failure rates are supported by MDPs Discretization is possible: Approximation of continuous negative exponential distribution with a discrete geometric distribution Introduced error is computable and orders of magnitude smaller than the actual value Discretization step size has a significant effect on computation time 14

The QuantUM Approach How is the translation done? 15

Outline 1. Motivation 2. Preliminaries 3. Safety Analysis of UML / SysML models The QuantUM approach 4. Case Studies 5. Conclusion 16

Airbag System Case Studies Airport Surveillance Radar 17

UML Model of an Airbag System Example: Airbag System Computation of Probability of an inadvertent deployment within 100h 18

Statechart of the Microcontroller Example: Airbag System 19

PRISM Code Example: Airbag System module MicroController NormalOperation_active: [0..19] init 0; // initial state [](NormalOperation_active = 0) -> NormalOperation_active '= 1); [](NormalOperation_active = 6) & (MicroController_criticalCrashLevel >=3 ) -> ( NormalOperation_active '= 7) & ( MicroController_criticalCrash '=true); endmodule 20

C Code Example: Airbag System switch ( NormalOperation_active ) { // some code case EvaluationDone: { if(is_event_type_of(omnulleventid)) { //## transition 2 if(criticalcrash = false) { EvaluateCrash_exit(); NormalOperation_subState = Idle; rootstate_active = Idle; res = eventconsumed; } } if(res == eventnotconsumed) { res = EvaluateCrash_handleEvent(); } } break; // some code } 21

Evaluation Computation of failure probabilities for the inadvertent deployment Airbag (probability) CTMC λ = 1 CTMC λ = 100 MDP (non-det.) Airbag (time) Radar (probability) Radar (time) 0.1 sec. 258.1 sec. 3.94 sec. 22.57 min 68.88 min 277.27 min ASR: Probability of wrong information being displayed to the air traffic manager within 1h Model sizes: Airbag: 7000 states + 50.000 transitions ASR: 200 mio. states + 2 billion transitions 22

Conclusion Summary: QuantUM Approach Quantitative model-based safety analysis Automatic translation of UML / SysML models into model checking code Non-determinism + continuous failure rates can now be handled while maintaining the computation error Computation is adaptable to the purposes of the results Certification or just coarse evaluation of design Outlook Automatic Fault Tree generation for MDPs Automatic Failure Mode and Effect Analysis Result interpretation as UML sequence diagrams Further integration into certification and validation standards ISO26262, ARP 4754A 23

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback