SAE AADL Error Model Annex: Discussion Items
|
|
- Arlene Adams
- 5 years ago
- Views:
Transcription
1 SAE AADL Error Model Annex: Discussion Items Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Peter Feiler April 2012 Sponsored by the U.S. Department of Defense 2011 by Carnegie Mellon University
2 Outline Recent changes Error annex name Observable error propagations Detection and recovery Transient errors Composite and abstracted error models Error type sets as conditions Unified transitions, outgoing propagations, detections, composite states Mappings and transformations Stochastic error flows Error type ontology Additional discussion items Three Examples in Document 2
3 Annex Name The annex is identified by a name in annex library and subclause declarations Annex EMV2 {** error model V1 syntax **}; Allows the original and EM V2 to co-exist 3
4 Error Propagation Paths Observable Error Propagations Example scenario: Co-located processors Without propagation path in core model: no connection or binding relationship Heat dissipation as observable error propagation Component A Component B Overheating Error Processor 1 Processor 2 Observable Error Propagation Path Observable error propagation points and paths Observable Error Propagation Point Observable propagation points and paths added via annex subclause observable_propagation ::= defining_observable_error_propagation_point_identifier : ( in out ) observable propagation error_type_set ; observable_propagation_connection ::= defining_observable_error_propagation_connection_identifier : observable source_qualified_observable_error_propagation_point -> target_qualified_observable_error_propagation_point ; 4
5 Error Source Specification Error Source of outgoing propagation Indication of intrinsic error types without explicitly declaring error events Es1: error source outp1{itemomission} when {ValueError} Alternative: Error event declaration as part of propagations view Es2: error source outp1{itemomission} when ErrEv1{ValueError} Component A Component B 5
6 Error Detection and Error Recovery Error detection and reporting Example: novalue as detectable persistent fault Self detection and reporting (internal to component) Detection of error propagation by recipient component Error recovery with probability of success and failure Branch transitions Recover Success Recover Failure Operational BadValueEvent PersistentFaultState out propagation NoValue ErrorOutport RecoverEvent BadValueState On Branch Transition BadValueState [RecoverEvent]-> ( Operational with 0.99, PersistentFaultState with 0.01); Component internal detection and reporting detections PersistentFaultState-[]-> ErrorOutPort {NoValue} ; out propagation BadValue Outport2 Inport1 ErrorOutport External detection and reporting detections all -[Inport1{NoValue}]-> ErrorOutPort {NoValue} ; 6
7 Transient Errors In error behavior state machine Probability that error event results in transient error behavior Branching transition with branch probability Error state with transition triggered by recover event Recover event has property to indicate time (range) and distribution over time (range) Distribution over single value vs. range Need for explicit characterization of propagation as transient? Transient nature of propagation in impact analysis Inferred from state machine vs. specification w/o state machine as part of error source specification 7
8 Composite Error Behavior Specification Composite error behavior specification for a component abstracted error behavior model in terms of the subcomponent error models composite error behavior use behavior qualified_error_state_machine_reference composite states [2 ormore (gps1{operational}, gps2.operational, gps3.operational) ]-> Working ; [1 ormore (gps1.failed{critical}, gps2.failed{critical}, gps3.failed{critical})]-> CriticalFailure ; [2 orless (gps1.failed{critical}, gps2.failed{critical}, gps3.failed{critical}) ]-> NonCriticalFailure ; end composite; Incoming and outgoing propagations in terms of the subcomponents Events in abstracted model : relation to composite model Transitions in abstracted model: relation to composite model Diagnosis of subcomponent failures or masked failures GPS gps1 sub1 sub2 sub3 gps2 gps3 Availability in critical and non-critical mode 8
9 Hierarchies of Independent Error Types Independent error type hierarchies Below are some canonical error type hierarchies Error types from different hierarchies can occur simultaneously Additional error type hierarchies Concurrency (Race Condition, Deadlock, Starvation) Parameters to types Range property for OutOfRange Rate for Rate related Bound (k) for Bounded Item Sequence Omission and Bounded Item Omission Interval 9
10 Error Type Sets Specification of error type (sets) on events, states, propagations Error types ValueError: type; TimingError: type; NoValue: type extends ValueError; BadValue: type extends ValueError; EarlyValue: type extends TimingError; LateValue: type extends TimingError; ETS1: type set {ValueError, TimingError}; E1: error event {ETS1}; S: state {ValueError, TimingError}; Trans1: S [E1]-> S1; Trans2: S{ValueError, EarlyValue} [ETS1]->S2; TS Two independent type hierarchies Error type set: Powerset of types from two type hierarchies Reference to named error type set Declaration of equivalent error type set constructor Transition triggered by E1 Error Type Set as Constraint {T1, T2} power set of two error type hierarchies {T1} error type set of one type {T1+T2} product type (one error type from each error type hierarchy) {T1,*} error type set with at least one element from type (hierarchy) T1 {NoError} represents the empty set Constrain transition to {EarlyValue} {BadValue} {NoValue} or {EarlyValue+BadValue} {EarlyValue+NoValue} tuples of S 10
11 Common Syntax Transitions S-[Inp1{BadValue}]-> S2 S-[Inp1{BadValue}]-> mask Component specific transition: Incoming propagation can trigger transition Explicit specification that an event (or incoming propagation) is ignored/masked in a given state Could be expressed as transition to itself all-[inbinding{nopower}]-> Failed Transition from any state to Failed state for given incoming propagation (or event) Outgoing propagations S{BadValue}-[]-> OutP1{BadValue} S{BadValue} [InP1{LateValue}]-> OutP1{BadValue,LateValue} S-[InP1{LateValue}]-> mask all [InP1{LateValue}]-> OutP1{BadValue,LateValue} Detections S{BadValue}-[]-> OutErrorPort1{BadValue} S{BadValue}-[]-> self.event_identifier{badvalue} Composite state State is reflected in outgoing propagation Incoming propagation is masked in a given state [2 ormore (gps1{operational}, gps2.operational, gps3.operational) ]-> Working ; Outgoing propagation determined by incoming propagation in a specific state Outgoing propagation of incoming propagation independent of any state 11
12 Completeness of Error Behavior Specification Handling of error events in Failure state Unspecified incomplete model Explicitly specify that event is ignored in a given state Option: Specify loopback transition Trans2: Failed [Fault ]-> Failed; Default resulting state type is value of last error event Specify type transformation with result type same as source type Component transition condition with result type (contributor) Need for Mask? Mask has no alternative for propagation declarations. Masking of incoming propagations and outgoing still affected by current state vs. outgoing propagation being NoError Failed [ Fault or Inport1]-> mask; Need for others keyword? Transition branch allows others to add up to 1 As transition condition to complement all others Catchall outgoing transition condition (used in original large example) As composite state specification meaning: Not in any other state 12
13 {NoError} aka {} NoError as error type constraint: {TimingError} means other error types in error type set are expected to be NoError No need to explicitly specify Noerror for all other error types in same typeset Expected presence of multiple types in tuple via product type declaration NoError as incoming propagation constraint Error Type Set as Constraint {T1, T2} power set of two error type hierarchies {T1} error type set of one type {T1+T2} product type (one error type from each error type hierarchy) {T1,*} error type set with at least one element from type (hierarchy) T1 {NoError} represents the empty set Inport1{LateValue}: don t care or no error on other incoming? Inport1{LateValue} and inport2{earlyvalue}: error on both Inport1{LateValue} and inport2{noerror}: Typed error state without a type token Can error state represent an empty type, i.e., {NoError}? 13
14 Type Mappings and Transformations Element type mapping and transformation Separate rules for each element type Mapping/transformation within the same type hierarchy BadValue -> NoValue BadValue -[NoValue]-> NoValue Type tuple mapping and transformation The left hand type set constraint must match Mapping/transformation to any result tuple {BadValue} -> {NoValue} {ValueError,TimingError} -[{NoValue}]-> {NoValue} Handling of corner cases Source is {NoError}: default is target = contributor Contributor is {NoError}: default is target = source Target becomes {NoError}: Target as Mask: target is unaffected by contributor Overlap in mapping or transformation rules Only if same result type We do not assume ordering and overriding rules (as was done in York FPTC) 14
15 Result Type Determination Default result rule for error type sets Contributor overrides source for common element type hierarchy Union of error types for non-overlapping element types Multiple contributors applied in order Inp1 and Inp2 By transformation rules Explicit result tuple s{novalue} [inp1{valueerror}]-> OutP{NoValue} all -[inp1{badvalue}]-> ErrorPort{NoValue} 15
16 Occurrence Properties on Error Flows Occurrence probability on flows On flow sources to represent probability of an error event of a given type within the component resulting in a propagation Occurrence probability can be specified for each error type On flow sinks to represent the probability of an incoming propagation being masked The same incoming propagation can also participate in a flow path for the same type or different types On flow path to represent probability of an incoming propagation of a specific type (or all types) following a given path Occurrence probability of outgoing/incoming propagation Determined from flows to same propagation point Explicitly specified:?? NoData Component A BadData NoData NoData Component A BadData P1 P2 LateData BadData P1 P2 Processor Memory Bus NoResource Processor Memory Bus NoResource 16
17 Discussion Items -1 Simultaneous error event occurrences Separate (untyped) error events representing value and timing errors Occurrence of timing and value error simultaneously: and condition on error events Error event with type set {ValueError, TimingError} Error event occurrence with tuple: single element or pair according to probability for each error type Separate error event declaration => separate events Simultaneous occurrence: arbitrary order Transition in new state handles second event Error events in separate components Concurrent state machine behavior Fanout & multi-step error propagation Propagation by discrete data communication Multiple component EBSM affected by error propagation 17
18 Discussion Items - 2 Outgoing propagation probability Probability that the error state or incoming propagation is getting propagated Propagation delay: Time (range) & distribution as property? Inherently absent error events or propagations Occurrence probability of 0 for event => prevention/absence Inherent absence: no replication error because no replication Prevention/elimination: via testing => low to zero probability Occurrence probability of 0 for propagation => masking Error source declaration referring to Contained Error 18
19 Three Examples Dual Redundant FGS Application with operational modes Application level redundancy Composite error model Link to behavior specification Network Protocols Network protocol layering Separation of logical protocol and physical network Link to behavior specification Triple peer voting in quad redundant system (large V1 example) Detection and decision making Assumption in fault management architecture 19
20 Error Model Definitions The terms fault, error, failure, and latency of a fault or error are those of [IFIP WG ]. (this reference is 20 years old) The above terms have been revisited, when the SAE adopted SAE ARP 4754A ( ). It would make sense to define error, fault, fault condition, and other terms per SAE ARP4754A; Note that SAE ARP 4761 provides other definitions; however it is old and is being revised by the SAE. RTCA DO-178C provides additional definitions and is current. 20
21 21
22 22
23 23
24 24
25 25
SAE AADL Error Model Annex: An Overview
SAE AADL Error Model Annex: An Overview Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Peter Feiler phf@sei.cmu.edu Sponsored by the U.S. Department of Defense 2011 by Carnegie
More informationError Model Annex Revision
Error Model Annex Revision Peter H Feiler phf@sei.cmu.edu Jan 2011 Goal A core set of reliability concepts and error types Interaction of systems with nominal behavior and threats in the form of defects,
More informationCIS 890: High-Assurance Systems
CIS 890: High-Assurance Systems Hazard Analysis Lecture: Error Modeling Annex Version 2 - Introduction Copyright 2016, John Hatcliff, Hariharan Thiagarajan. The syllabus and all lectures for this course
More informationAEROSPACE STANDARD. SAE Architecture Analysis and Design Language (AADL) Annex Volume 3: Annex E: Error Model Annex RATIONALE
AEROSPACE STANDARD Issued AS5506/3 2011-04 Draft SAE Architecture Analysis and Design Language (AADL) Annex Volume 3: Annex E: Error Model Annex RATIONALE The purpose of the Error Model Annex in this document
More informationAnalytical Architecture Fault Models
Analytical Architecture Fault Models Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Peter H. Feiler Dec 4, 2012 Copyright 2012 Carnegie Mellon University and IEEE This material
More informationAADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment
AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment Julien Delange Peter Feiler David P. Gluch John Hudak October 2014 TECHNICAL REPORT CMU/SEI-2014-TR-020 Software Solutions Division
More informationOSATE Analysis Support
OSATE Analysis Support Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Julien Delange/Peter Feiler 07/08/2013 Overview of OSATE2 Eclipse-based AADL editor Support for AADLv2.1,
More informationAEROSPACE STANDARD. SAE Architecture Analysis and Design Language (AADL) Annex Volume 3: Annex E: Error Model Annex RATIONALE
AEROSPACE STANDARD Draft AS5506/3 2013-01-23 Draft SAE Architecture Analysis and Design Language (AADL) Annex Volume 3: Annex E: Error Model Annex RATIONALE The purpose of the Error Model Annex in this
More informationAADL v2.1 errata AADL meeting Sept 2014
AADL v2.1 errata AADL meeting Sept 2014 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 V2.1 Errata Additional applies to allowances Inconsistency in reference/applies to
More informationInvestigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models
Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models Peter Feiler Software Engineering Institute phf@sei.cmu.edu 412-268-7790 2004 by Carnegie Mellon University
More informationModeling the Implementation of Stated-Based System Architectures
Modeling the Implementation of Stated-Based System Architectures Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Peter H Feiler June 2009 Are Everywhere What is a state-based
More informationPattern-Based Analysis of an Embedded Real-Time System Architecture
Pattern-Based Analysis of an Embedded Real-Time System Architecture Peter Feiler Software Engineering Institute phf@sei.cmu.edu 412-268-7790 Outline Introduction to SAE AADL Standard The case study Towards
More informationError Model Meta Model and Plug-in
Error Model Meta Model and Plug-in Peter Feiler phf@sei.cmu.edu May 28, 2007 The error model plug-in implements the Error Model Annex language extension. It provides all the front-end components, i.e.,
More informationDependability Modeling Based on AADL Description (Architecture Analysis and Design Language)
Dependability Modeling Based on AADL Description (Architecture Analysis and Design Language) Ana Rugina, Karama Kanoun and Mohamed Kaâniche {rugina, kanoun, kaaniche}@laas.fr European Integrated Project
More informationModel-based Architectural Verification & Validation
Model-based Architectural Verification & Validation Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Peter H Feiler Feb. 2009 2006 Carnegie Mellon University Outline Architecture-Centric
More informationSchedulability Analysis of AADL Models
Schedulability Analysis of AADL Models Oleg Sokolsky Insup Lee University of Pennsylvania Duncan Clarke Fremont Associates Overview AADL modeling language Why is it useful and what it has Formal schedulability
More informationFailure Models. Fault Tolerance. Failure Masking by Redundancy. Agreement in Faulty Systems
Fault Tolerance Fault cause of an error that might lead to failure; could be transient, intermittent, or permanent Fault tolerance a system can provide its services even in the presence of faults Requirements
More informationDistributed Systems COMP 212. Lecture 19 Othon Michail
Distributed Systems COMP 212 Lecture 19 Othon Michail Fault Tolerance 2/31 What is a Distributed System? 3/31 Distributed vs Single-machine Systems A key difference: partial failures One component fails
More information02 - Distributed Systems
02 - Distributed Systems Definition Coulouris 1 (Dis)advantages Coulouris 2 Challenges Saltzer_84.pdf Models Physical Architectural Fundamental 2/58 Definition Distributed Systems Distributed System is
More information02 - Distributed Systems
02 - Distributed Systems Definition Coulouris 1 (Dis)advantages Coulouris 2 Challenges Saltzer_84.pdf Models Physical Architectural Fundamental 2/60 Definition Distributed Systems Distributed System is
More informationA System Dependability Modeling Framework Using AADL and GSPNs
A System Dependability Modeling Framework Using AADL and GSPNs Ana-Elena Rugina, Karama Kanoun, and Mohamed Kaâniche LAAS-CNRS, University of Toulouse 7 avenue Colonel Roche 31077 Toulouse Cedex 4, France
More informationFlow Latency Analysis with the Architecture Analysis and Design Language (AADL)
Flow Latency Analysis with the Architecture Analysis and Design Language (AADL) Peter Feiler Jőrgen Hansson December 2007 TECHNICAL NOTE CMU/SEI-2007-TN-010 Performance-Critical Systems Initiative Unlimited
More informationTSW Reliability and Fault Tolerance
TSW Reliability and Fault Tolerance Alexandre David 1.2.05 Credits: some slides by Alan Burns & Andy Wellings. Aims Understand the factors which affect the reliability of a system. Introduce how software
More informationAnalysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling
Application of the Architectural Analysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling Chris Vogl, Myron Hecht, and Alex Lam Presented to System and Software
More informationArchitecture-led Diagnosis and Verification of a Stepper Motor Controller
Architecture-led Diagnosis and Verification of a Stepper Motor Controller Peter Feiler, Chuck Weinstock, John B. Goodenough, Julien Delange, Ari Klein, Neil Ernst To cite this version: Peter Feiler, Chuck
More informationChapter 8 Fault Tolerance
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 8 Fault Tolerance 1 Fault Tolerance Basic Concepts Being fault tolerant is strongly related to
More informationImpact of Runtime Architectures on Control System Stability
Impact of Runtime Architectures on Control System Stability P. Feiler, J. Hansson Software Engineering Institute, Pittsburgh, PA Abstract: Control systems are sensitive to the endto-end latency and age
More informationFault Tolerance. Distributed Systems. September 2002
Fault Tolerance Distributed Systems September 2002 Basics A component provides services to clients. To provide services, the component may require the services from other components a component may depend
More informationConfiguring Banyan VINES
Configuring Banyan VINES This chapter describes how to configure Banyan VINES and provides configuration examples. For a complete description of the VINES commands in this chapter, refer to the Banyan
More informationDependability tree 1
Dependability tree 1 Means for achieving dependability A combined use of methods can be applied as means for achieving dependability. These means can be classified into: 1. Fault Prevention techniques
More informationModule 8 Fault Tolerance CS655! 8-1!
Module 8 Fault Tolerance CS655! 8-1! Module 8 - Fault Tolerance CS655! 8-2! Dependability Reliability! A measure of success with which a system conforms to some authoritative specification of its behavior.!
More informationCS 347: Distributed Databases and Transaction Processing Notes07: Reliable Distributed Database Management
CS 347: Distributed Databases and Transaction Processing Notes07: Reliable Distributed Database Management Hector Garcia-Molina CS 347 Notes07 1 Reliable distributed database management Reliability Failure
More informationFault Tolerance. The Three universe model
Fault Tolerance High performance systems must be fault-tolerant: they must be able to continue operating despite the failure of a limited subset of their hardware or software. They must also allow graceful
More informationFault Tolerance. Distributed Systems IT332
Fault Tolerance Distributed Systems IT332 2 Outline Introduction to fault tolerance Reliable Client Server Communication Distributed commit Failure recovery 3 Failures, Due to What? A system is said to
More informationAutomatic Generation of Static Fault Trees from AADL Models
Automatic Generation of Static Fault Trees from AADL Models Anjali Joshi, Steve Vestal, Pam Binns University of Minnesota and Honeywell Laboratories June 27, 2007 1 Traditional Safety Analysis Safety Analyst
More informationRedundancy in fault tolerant computing. D. P. Siewiorek R.S. Swarz, Reliable Computer Systems, Prentice Hall, 1992
Redundancy in fault tolerant computing D. P. Siewiorek R.S. Swarz, Reliable Computer Systems, Prentice Hall, 1992 1 Redundancy Fault tolerance computing is based on redundancy HARDWARE REDUNDANCY Physical
More informationSafety and Reliability of Software-Controlled Systems Part 14: Fault mitigation
Safety and Reliability of Software-Controlled Systems Part 14: Fault mitigation Prof. Dr.-Ing. Stefan Kowalewski Chair Informatik 11, Embedded Software Laboratory RWTH Aachen University Summer Semester
More informationDep. Systems Requirements
Dependable Systems Dep. Systems Requirements Availability the system is ready to be used immediately. A(t) = probability system is available for use at time t MTTF/(MTTF+MTTR) If MTTR can be kept small
More informationModule 8 - Fault Tolerance
Module 8 - Fault Tolerance Dependability Reliability A measure of success with which a system conforms to some authoritative specification of its behavior. Probability that the system has not experienced
More informationToday: Fault Tolerance
Today: Fault Tolerance Agreement in presence of faults Two army problem Byzantine generals problem Reliable communication Distributed commit Two phase commit Three phase commit Paxos Failure recovery Checkpointing
More informationCh. 21: Object Oriented Databases
Ch. 21: Object Oriented Databases Learning Goals: * Learn about object data model * Learn about o.o. query languages, transactions Topics: * 21.1 * 21.2 * 21.3 * 21.4 * 21.5 Source: Ch#21, Bertino93, Kim
More informationIntroduction to AADL analysis and modeling with FACE Units of Conformance
Introduction to AADL analysis and modeling with FACE Units of Conformance AMRDEC Aviation Applied Technology Directorate Contract Number W911W6-17- D-0003 Delivery Order 3 This material is based upon work
More informationFault Tolerance Part I. CS403/534 Distributed Systems Erkay Savas Sabanci University
Fault Tolerance Part I CS403/534 Distributed Systems Erkay Savas Sabanci University 1 Overview Basic concepts Process resilience Reliable client-server communication Reliable group communication Distributed
More informationIllustrating the AADL Error Modeling Annex (v. 2) Using a Simple Safety-Critical Medical Device
Illustrating the AADL Error Modeling Annex (v. 2) Using a Simple Safety-Critical Medical Device Brian Larson, John Hatcliff, Kim Fowler Kansas State University {brl,hatcliff,kimrfowler}@ksu.edu Julien
More informationExercise Unit 2: Modeling Paradigms - RT-UML. UML: The Unified Modeling Language. Statecharts. RT-UML in AnyLogic
Exercise Unit 2: Modeling Paradigms - RT-UML UML: The Unified Modeling Language Statecharts RT-UML in AnyLogic Simulation and Modeling I Modeling with RT-UML 1 RT-UML: UML Unified Modeling Language a mix
More informationFault Tolerance. Chapter 7
Fault Tolerance Chapter 7 Basic Concepts Dependability Includes Availability Reliability Safety Maintainability Failure Models Type of failure Crash failure Omission failure Receive omission Send omission
More informationDistributed Systems
15-440 Distributed Systems 11 - Fault Tolerance, Logging and Recovery Tuesday, Oct 2 nd, 2018 Logistics Updates P1 Part A checkpoint Part A due: Saturday 10/6 (6-week drop deadline 10/8) *Please WORK hard
More informationLast Class:Consistency Semantics. Today: More on Consistency
Last Class:Consistency Semantics Consistency models Data-centric consistency models Client-centric consistency models Eventual Consistency and epidemic protocols Lecture 16, page 1 Today: More on Consistency
More informationAn Information Model for High-Integrity Real Time Systems
An Information Model for High-Integrity Real Time Systems Alek Radjenovic, Richard Paige, Philippa Conmy, Malcolm Wallace, and John McDermid High-Integrity Systems Group, Department of Computer Science,
More informationFailure Tolerance. Distributed Systems Santa Clara University
Failure Tolerance Distributed Systems Santa Clara University Distributed Checkpointing Distributed Checkpointing Capture the global state of a distributed system Chandy and Lamport: Distributed snapshot
More informationDistributed Systems Fault Tolerance
Distributed Systems Fault Tolerance [] Fault Tolerance. Basic concepts - terminology. Process resilience groups and failure masking 3. Reliable communication reliable client-server communication reliable
More informationPriya Narasimhan. Assistant Professor of ECE and CS Carnegie Mellon University Pittsburgh, PA
OMG Real-Time and Distributed Object Computing Workshop, July 2002, Arlington, VA Providing Real-Time and Fault Tolerance for CORBA Applications Priya Narasimhan Assistant Professor of ECE and CS Carnegie
More informationComplexity-Reducing Design Patterns for Cyber-Physical Systems. DARPA META Project. AADL Standards Meeting January 2011 Steven P.
Complexity-Reducing Design Patterns for Cyber-Physical Systems DARPA META Project AADL Standards Meeting 24-27 January 2011 Steven P. Miller Delivered to the Government in Accordance with Contract FA8650-10-C-7081
More informationIssues in Programming Language Design for Embedded RT Systems
CSE 237B Fall 2009 Issues in Programming Language Design for Embedded RT Systems Reliability and Fault Tolerance Exceptions and Exception Handling Rajesh Gupta University of California, San Diego ES Characteristics
More informationDiagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets)
Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cédric Favre(1,2), Hagen Völzer(1), Peter Müller(2) (1) IBM Research - Zurich (2) ETH Zurich 1 Outline
More informationToday: Fault Tolerance. Fault Tolerance
Today: Fault Tolerance Agreement in presence of faults Two army problem Byzantine generals problem Reliable communication Distributed commit Two phase commit Three phase commit Paxos Failure recovery Checkpointing
More informationAn Implementation of the Behavior Annex in the AADL-toolset Osate2
2011 16th IEEE International Conference on Engineering of Complex Computer Systems An Implementation of the Behavior Annex in the AADL-toolset Osate2 Gilles Lasnier, Laurent Pautet Inst. TELECOM - TELECOM
More informationImproving Quality Using Architecture Fault Analysis with Confidence Arguments
Improving Quality Using Architecture Fault Analysis with Confidence Arguments Peter H. Feiler Charles B. Weinstock John B. Goodenough Julien Delange Ari Z. Klein Neil Ernst March 2015 TECHNICAL REPORT
More informationCS 347 Parallel and Distributed Data Processing
CS 347 Parallel and Distributed Data Processing Spring 2016 Notes 6: Reliability Reliable Distributed DB Management Reliability Failure models Scenarios CS 347 Notes 6 2 Reliability Correctness Serializability
More informationMethods and Tools for Embedded Distributed System Timing and Safety Analysis. Steve Vestal Honeywell Labs
Methods and Tools for Embedded Distributed System Timing and Safety Analysis Steve Vestal Honeywell Labs Steve.Vestal@Honeywell.com 5 April 2006 Outline Preliminary Comments Timing and Resource Utilization
More informationIntroduction to Software Fault Tolerance Techniques and Implementation. Presented By : Hoda Banki
Introduction to Software Fault Tolerance Techniques and Implementation Presented By : Hoda Banki 1 Contents : Introduction Types of faults Dependability concept classification Error recovery Types of redundancy
More informationMyron Hecht, Alex Lam, Chris Vogl, Presented to 2011 UML/AADL Workshop Las Vegas, NV. April, 2011
A Tool Set for Integrated Software and Hardware Dependability Analysis Using the Architecture Analysis and Design Language (AADL) and Error Model Annex Myron Hecht, Alex Lam, Chris Vogl, Presented to 2011
More informationCprE Fault Tolerance. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University
Fault Tolerance Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Basic Concepts Process Resilience Reliable
More informationOverloading, Type Classes, and Algebraic Datatypes
Overloading, Type Classes, and Algebraic Datatypes Delivered by Michael Pellauer Arvind Computer Science and Artificial Intelligence Laboratory M.I.T. September 28, 2006 September 28, 2006 http://www.csg.csail.mit.edu/6.827
More informationImplementation Issues. Remote-Write Protocols
Implementation Issues Two techniques to implement consistency models Primary-based protocols Assume a primary replica for each data item Primary responsible for coordinating all writes Replicated write
More informationMotivation State Machines
Motivation State Machines Generating test cases for complex behaviour Textbook Reading: Chapter 7 We are interested in testing the behaviour of object-oriented software systems Behaviour: Interactions
More informationFault Tolerance. Basic Concepts
COP 6611 Advanced Operating System Fault Tolerance Chi Zhang czhang@cs.fiu.edu Dependability Includes Availability Run time / total time Basic Concepts Reliability The length of uninterrupted run time
More informationDistributed Systems (ICE 601) Fault Tolerance
Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Introduction Failure Model Fault Tolerance Models state machine primary-backup Class Overview Introduction Dependability availability reliability
More informationFault Propagation and Transformation: A Safety Analysis. Malcolm Wallace
Fault Propagation and Transformation: A Safety Analysis Malcolm Wallace Software Safety Safety is not the same as correctness. Correctness = theorem-proving, model-checking, abstract interpretation, etc.
More informationA System Performance in Presence of Faults Modeling Framework Using AADL and GSPNs
A System Performance in Presence of Faults Modeling Framework Using AADL and GSPNs Belhassen MAZIGH 1 and Kais BEN FADHEL 1 Department of Computer Science, Faculty of Science of Monastir, Avenue of the
More informationResilience Design Patterns: A Structured Approach to Resilience at Extreme Scale
Resilience Design Patterns: A Structured Approach to Resilience at Extreme Scale Saurabh Hukerikar Christian Engelmann Computer Science Research Group Computer Science & Mathematics Division Oak Ridge
More informationINTERNATIONAL TELECOMMUNICATION UNION
INTERNATIONAL TELECOMMUNICATION UNION )454 1 TELECOMMUNICATION (02/95) STANDARDIZATION SECTOR OF ITU ")3$.!00,)#!4)/. 02/4/#/,3 &/2!##%33 3)'.!,,).' "2/!$"!.$ ).4%'2!4%$ 3%26)#%3 $)')4!,.%47/2+ ")3$. $)')4!,
More informationTranslating AADL into BIP Application to the Verification of Real time Systems
Toulouse, France (in conjunction with MODELS 2008) 1st International Workshop on Model Based Architecting and Construction of Embedded Systems (ACESMB 2008) Translating AADL into BIP Application to the
More informationChapter 11 - Data Replication Middleware
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 11 - Data Replication Middleware Motivation Replication: controlled
More informationHierarchical FSMs with Multiple CMs
Hierarchical FSMs with Multiple CMs Manaloor Govindarajan Balasubramanian Manikantan Bharathwaj Muthuswamy (aka Bharath) Reference: Hierarchical FSMs with Multiple Concurrency Models. Alain Girault, Bilung
More informationEventual Consistency. Eventual Consistency
Eventual Consistency Many systems: one or few processes perform updates How frequently should these updates be made available to other read-only processes? Examples: DNS: single naming authority per domain
More informationUpdate on AADL Requirements Annex
Open-PEOPLE Open Power and Energy Optimization PLatform and Estimator Update on AADL Requirements Annex Dominique BLOUIN* *Lab-STICC, Université de Bretagne Sud, Lorient, FRANCE AADL Standards Meeting,
More informationState-Based Testing Part B Error Identification. Generating test cases for complex behaviour
State-Based Testing Part B Error Identification Generating test cases for complex behaviour Reference: Robert V. Binder Testing Object-Oriented Systems: Models, Patterns, and Tools Addison-Wesley, 2000,
More informationUnified Modeling Language 2
Unified Modeling Language 2 State machines 109 History and predecessors 1950 s: Finite State Machines Huffmann, Mealy, Moore 1987: Harel Statecharts conditions hierarchical (and/or) states history states
More informationBasic concepts in fault tolerance Masking failure by redundancy Process resilience Reliable communication. Distributed commit.
Basic concepts in fault tolerance Masking failure by redundancy Process resilience Reliable communication One-one communication One-many communication Distributed commit Two phase commit Failure recovery
More informationINTERNATIONAL TELECOMMUNICATION UNION
INTERNATIONAL TELECOMMUNICATION UNION )454 X.227 TELECOMMUNICATION (04/95) STANDARDIZATION SECTOR OF ITU $!4!.%47/2+3!.$ /0%. 3934%- #/--5.)#!4)/.3 /0%. 3934%-3 ).4%2#/..%#4)/. #/..%#4)/.-/$% 02/4/#/,
More informationTime-Triggered Ethernet
Time-Triggered Ethernet Chapters 42 in the Textbook Professor: HONGWEI ZHANG CSC8260 Winter 2016 Presented By: Priyank Baxi (fr0630) fr0630@wayne.edu Outline History Overview TTEthernet Traffic Classes
More informationAADL Webinar. Carnegie Mellon University Notices Architecture Analysis with AADL The Speed Regulation Case-Study... 4
AADL Webinar Table of Contents Carnegie Mellon University Notices... 4 Architecture Analysis with AADL The... 4 What this talk is about?... 7 Agenda... 8 Agenda... 9 Polling Question 1... 10 Safety-Critical
More informationARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013
ARINC653 AADL Annex Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Julien Delange 07/08/2013 Context, Rationale ARINC653 Avionics standard Standardized API (called APEX
More informationSystem Models for Distributed Systems
System Models for Distributed Systems INF5040/9040 Autumn 2015 Lecturer: Amir Taherkordi (ifi/uio) August 31, 2015 Outline 1. Introduction 2. Physical Models 4. Fundamental Models 2 INF5040 1 System Models
More informationAADL Graphical Editor Design
AADL Graphical Editor Design Peter Feiler Software Engineering Institute phf@sei.cmu.edu Introduction An AADL specification is a set of component type and implementation declarations. They are organized
More informatione-issn: p-issn:
Available online at www.ijiere.com International Journal of Innovative and Emerging Research in Engineering e-issn: 2394-3343 p-issn: 2394-5494 PCIe CHECKER LIBRARY GENERATION OF SEQUENCES & DRIVER COMPONENT
More informationChapter 1: Distributed Systems: What is a distributed system? Fall 2013
Chapter 1: Distributed Systems: What is a distributed system? Fall 2013 Course Goals and Content n Distributed systems and their: n Basic concepts n Main issues, problems, and solutions n Structured and
More informationChapter 5: Distributed Systems: Fault Tolerance. Fall 2013 Jussi Kangasharju
Chapter 5: Distributed Systems: Fault Tolerance Fall 2013 Jussi Kangasharju Chapter Outline n Fault tolerance n Process resilience n Reliable group communication n Distributed commit n Recovery 2 Basic
More informationThe Montana Toolset: OSATE Plugins for Analysis and Code Generation
Fremont Associates Process Project QA The Montana Toolset: OSATE Plugins for Analysis and Code Generation Oleg Sokolsky University of Pennsylvania AADL Workshop 005 Paris, France October 17-18, 18, 005
More informationEnhancing The Fault-Tolerance of Nonmasking Programs
Enhancing The Fault-Tolerance of Nonmasking Programs Sandeep S Kulkarni Ali Ebnenasir Department of Computer Science and Engineering Michigan State University East Lansing MI 48824 USA Abstract In this
More informationARTIST-Relevant Research from Linköping
ARTIST-Relevant Research from Linköping Department of Computer and Information Science (IDA) Linköping University http://www.ida.liu.se/~eslab/ 1 Outline Communication-Intensive Real-Time Systems Timing
More informationArchitecture Description Languages. Peter H. Feiler 1, Bruce Lewis 2, Steve Vestal 3 and Ed Colbert 4
Architecture Description Languages An Overview of the SAE Architecture Analysis & Design Language (AADL) Standard: A Basis for Model-Based Architecture-Driven Embedded Systems Engineering Peter H. Feiler
More informationCSE 5306 Distributed Systems
CSE 5306 Distributed Systems Fault Tolerance Jia Rao http://ranger.uta.edu/~jrao/ 1 Failure in Distributed Systems Partial failure Happens when one component of a distributed system fails Often leaves
More informationCSE 5306 Distributed Systems. Fault Tolerance
CSE 5306 Distributed Systems Fault Tolerance 1 Failure in Distributed Systems Partial failure happens when one component of a distributed system fails often leaves other components unaffected A failure
More informationDiagnosis in the Time-Triggered Architecture
TU Wien 1 Diagnosis in the Time-Triggered Architecture H. Kopetz June 2010 Embedded Systems 2 An Embedded System is a Cyber-Physical System (CPS) that consists of two subsystems: A physical subsystem the
More informationChapter 11 Object and Object- Relational Databases
Chapter 11 Object and Object- Relational Databases Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 11 Outline Overview of Object Database Concepts Object-Relational
More informationAADL Meta Model & XML/XMI
AADL Meta Model & XML/XMI Peter Feiler Software Engineering Institute phf@sei.cmu.edu Meta Modeling Approach Declarative AADL Model AADL Instance Model Outline 2 XMI/XML Based Tool Interoperability Textual
More informationTSP Secure. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA September 2009
TSP Secure Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Noopur Davis, Philip L. Miller, William R. Nichols, and Robert C. Seacord 23 September 2009 2008 Carnegie Mellon
More informationModel-Based Embedded System Engineering & Analysis of Performance-Critical Systems
Sponsored by the U.S. Department of Defense 2005, 2006 by Carnegie Mellon University Model-Based Embedded System Engineering & Analysis of Performance-Critical Systems Peter H. Feiler Jan 2007 1 page 1
More information