Dependability Modelling using AADL and the AADL Error Model Annex
Size: px
Start display at page:

Download "Dependability Modelling using AADL and the AADL Error Model Annex"

Transcription

1 Dependability Modelling using AADL and the AADL Error Model Annex Ana Rugina October 2005 Copyright ASSERT Project 1

2 Context Dependability evaluation for embedded real-time systems IST FP6 European Integrated Project ASSERT Means: Analytical Modelling Petri nets, Markov chains Industrial practice: UML, AADL models Objectives: Dependability Measures October 2005 Copyright ASSERT Project 2

3 Outline General approach Case study Conclusion October 2005 Copyright ASSERT Project 3

4 Approach AADL Dependability Model AADL System Architecture Model + AADL System Error Model Model transformation Dependability Model Model processing Dependability Measures October 2005 Copyright ASSERT Project 4

5 Dependability Measures Reliability measure of continuous delivery of correct service probability of occurrence of a failure before a given instant of time MTTF (mean time to failure) Availability measure of the readiness for correct service the proportion of correct service deliverance time over a time interval Maintainability ability to undergo modifications and repairs probability of service restoration before a given instant of time MTTR (mean time to restoration) October 2005 Copyright ASSERT Project 5

6 Duplex system architecture duplex_system System1:sub_system.basic_primary System2:sub_system.basic_backup SW1:software.basic_primary SW2:software.basic_backup Primary Backup Primary Backup LAN HW:computer.basic HW:computer.basic October 2005 Copyright ASSERT Project 6

7 AADL Dependability Model SW1:software.basic_primary SW2: software.basic_backup Primary Backup Error model SW.HWSW_SWSWdep Primary Backup Error model SW.HWSW_SWSWdep SW-SW dependency SW-SW dependency HW-SW dependency HW-SW dependency HW:computer.basic Error model HW.HWSW_HWHWdep HW-SW dependency HW-HW dependency Repairman: repairman.basic Error model Repairman.Simple HW:computer.basic Error model HW.HWSW_HWHWdep HW-SW dependency HW-HW dependency HW-HW dependency October 2005 Copyright ASSERT Project 7

8 Dependability Model SW1:software.basic_primary SW2: software.basic_backup Primary Backup Primary Backup Error model SW.HWSW_SWSWdep Error model SW.HWSW_SWSWdep HW:computer.basic SW-SW dependency HW-SW dependency HW:computer.basic SW-SW dependency HW-SW dependency M.SW_SWdep Error model HW.HWSW_HWHWdep HW-SW dependency HW-HW dependency Repairman: repairman.basic Error model HW.HWSW_HWHWdep HW-SW dependency HW-HW dependency M.SW M.SW Error model Repairman.Simple HW-HW dependency M.HW_SWdep M.HW_SWdep M.HW M.HW M.HW_HWdep M.HW_HWdep M.Repairman October 2005 Copyright ASSERT Project 8

9 Error Model Type error model SW features SW_Error_Free: initial error state; SW_Activation_Fault,SW_End_of_Error_Detection_Action, SW_Error_Non_Detected, SW_Error_Detected, SW_End_of_Exception_Handling, SW_In_Restart: error state; SW_Fault, SW_Detection_Action, SW_Detected, SW_Non_Detected,SW_Non_Detected_Disappear, SW_Non_Detected_Perceived,SW_Error_Detected_Handling, SW_Error_Temp, SW_Error_Perm, SW_Restart, Tempo: error event; end SW; October 2005 Copyright ASSERT Project 9

10 Type Transformation error model SW features SW_Error_Free: initial error state; SW_Activation_Fault, SW_End_of_Error_Detection_Action, SW_Error_Non_Detected, SW_Error_Detected, SW_End_of_Exception_Handling, SW_In_Restart: error state; SW_Fault, SW_Detection_Action, SW_Detected, SW_Non_Detected,SW_Non_Detected_Disappear, SW_Non_Detected_Perceived, SW_Error_Detected_Handling, SW_Error_Temp, SW_Error_Perm, SW_Restart: error event; end SW; SW_Non_D etected_pe rceived SW_Non_ Detected_ Disappear SW_Non_ Detected SW_Error_Non _Detected SW_Error _Detected _Handling SW_Error_Free SW_Fault SW_Activation_Fault SW_Detection _Action SW_End_of_ Error_Detection _Action SW_Error _Perm SW_ Detected SW_Error_ Detected SW_Restart SW_Error_ Temp SW_End_of _Exception_ Handling SW_In_Restart October 2005 Copyright ASSERT Project 10

11 Error Model Implementation error model implementation SW.Isolated transitions SW_Error_Free-[SW_Fault] -> SW_Activation_Fault; [ ] SW_In_Restart-[SW_Restart] -> SW_Error_Free; properties -- a fault occurs following a poisson distribution Occurrence => poisson 0,05 applies to SW_Fault; [ ] -- The restart takes some time Occurrence => poisson 60 applies to SW_Restart; end SW.Isolated; October 2005 Copyright ASSERT Project 11

12 Implementation Transformation error model implementation SW.Isolated transitions SW_Error_Free-[SW_Fault] -> SW_Activation_Fault; [ ] SW_In_Restart-[SW_Restart] -> SW_Error_Free; properties -- a fault occurs following a poisson distribution Occurrence => poisson 0,05 applies to SW_Fault; [ ] -- The restart takes some time Occurrence => poisson 60 applies to SW_Restart; end SW.Isolated; SW_Non_ Detected_ Disappear SW_Non_ Detected SW_Error_Free SW_Fault SW_Activation_Fault SW_Detection _Action SW_End_of_ Error_Detection _Action SW_ Detected SW_Restart SW_Non_D etected_pe rceived SW_Error_Non _Detected SW_Error _Detected _Handling SW_Error _Perm SW_Error_ Detected SW_Error_ Temp SW_End_of _Exception_ Handling SW_In_Restart October 2005 Copyright ASSERT Project 12

13 (Type +Impl.) Transformation error model implementation SW.Isolated transitions error model implementation SW.Isolated transitions SW_Error_Free-[SW_Fault] -> SW_Activation_Fault; [ ] properties SW_In_Restart-[SW_Restart] -> SW_Error_Free; -- a fault occurs following a poisson distribution Occurrence => poisson 0,05 applies to SW_Fault; [ ] properties SW_Error_Free-[SW_Fault] -> SW_Activation_Fault; SW_Activation_Fault-[SW_Detection_Action] -> SW_End_of_Error_Detection_Action; SW_End_of_Error_Detection_Action-[SW_Detected] -> SW_Error_Detected; SW_End_of_Error_Detection_Action-[SW_Non_Detected] -> SW_Error_Non_Detected; SW_Error_Detected-[SW_Error_Detected_Handling] -> SW_End_of_Exception_Handling; SW_Error_Non_Detected-[SW_Non_Detected_Disappear] -> SW_Error_Free; SW_Error_Non_Detected-[SW_Non_Detected_Perceived] -> SW_In_Restart; SW_End_of_Exception_Handling-[SW_Error_Temp] -> SW_Error_Free; SW_End_of_Exception_Handling-[SW_Error_Perm] -> SW_In_Restart; -- The restart takes some time SW_In_Restart-[SW_Restart] -> SW_Error_Free; Occurrence => poisson 60 applies to SW_Restart; end SW.Isolated; Occurrence => poisson 0,05 applies to SW_Fault; SW_Non_ Detected_ Disappear SW_Non_ Detected SW_Error_Free SW_Fault SW_Activation_Fault SW_Detection _Action SW_End_of_ Error_Detection _Action SW_ Detected SW_Restart Occurrence => poisson 10e+2 applies to SW_Detection_Action; Occurrence => fixed 0.7 applies to SW_Detected; Occurrence => fixed 0.3 applies to SW_Non_Detected; Occurrence => poisson 10e+10 applies to SW_Non_Detected_Disappear; Occurrence => poisson 10e+6 applies to SW_Non_Detected_Perceived; Occurrence => poisson 10e+2 applies to SW_Error_Detected_Handling; Occurrence => fixed 0.98 applies to SW_Error_Temp; Occurrence => fixed 0.02 applies to SW_Error_Perm; Occurrence => poisson 60 applies to SW_Restart; Occurrence => poisson applies to Tempo; end SW.Isolated; SW_Non_D etected_pe rceived SW_Error_Non _Detected SW_Error _Detected _Handling SW_Error _Perm SW_Error_ Detected SW_Error_ Temp SW_End_of _Exception_ Handling SW_In_Restart October 2005 Copyright ASSERT Project 13

14 Dependency in Error Model error model SW features [ ] SW_KO: in out error propagation; Both_SW_Dead: in error propagation; end SW; error model implementation SW.SWSWdep features SW_Needs_Restart, SW_Now_Restart, SW_Both_Dead: error state refines SW_In_Restart; transitions [ ] SW_Needs_Restart-[out SW_KO] -> SW_Needs_Restart; SW_Needs_Restart-[Tempo] -> SW_Now_Restart; SW_Needs_Restart-[in Both_SW_Dead] -> SW_Both_Dead; properties [ ] Occurrence => fixed 1 applies to SW_KO; end SW.SWSWdep; October 2005 Copyright ASSERT Project 14

15 Component implementation system implementation software.primary modes primary: initial mode; backup: mode; primary-[inp] -> backup; backup-[notification] -> primary; annex Error_Model {** Model => Mymodels::SW. SWSWdep; Vote_In => SW_Both_Dead when inp[sw_ko] and notification[sw_ko] applies to inp, notification; Vote_Transition => inp[sw_ko] applies to inp; Vote_Transition => notification[sw_ko] applies to notification; **}; end software.primary; October 2005 Copyright ASSERT Project 15

16 Transformation / Composition SW_KO Software Replica 1 Primary Backup SW_KO Software Replica 1 SW_KO Software Replica 2 SW_Now_Restart Primary Software Replica 2 Backup SW_Now_Restart tempo SW_Both_Dead SW_Needs_ Restart SW_KO SW_Needs _Restart tempo SW_Both_Dead SW_KO SW_KO Vote_In Both_SW_Dead Both_SW_Dead Vote_In October 2005 Copyright ASSERT Project 16

17 Error Model Annex Evolution Occurrence properties parametric Link between the mode model and the error model mode-dependent behaviour in presence of faults Vote_In and Vote_Out properties evaluate Boolean error expressions when needed Inheritance and refinements similarly to the core standard mechanisms October 2005 Copyright ASSERT Project 17

18 Summary AADL system error model Stepwise construction Building error models as if components were isolated Adding dependencies progressively Error Model Annex assessment Model transformation: manual automatic October 2005 Copyright ASSERT Project 18

19 Dependability Modelling using AADL and the AADL Error Model Annex Ana Rugina October 2005 Copyright ASSERT Project 19

Similar documents

Dependability Modeling Based on AADL Description (Architecture Analysis and Design Language)

Dependability Modeling Based on AADL Description (Architecture Analysis and Design Language) Dependability Modeling Based on AADL Description (Architecture Analysis and Design Language) Ana Rugina, Karama Kanoun and Mohamed Kaâniche {rugina, kanoun, kaaniche}@laas.fr European Integrated Project

More information

A System Dependability Modeling Framework Using AADL and GSPNs

A System Dependability Modeling Framework Using AADL and GSPNs A System Dependability Modeling Framework Using AADL and GSPNs Ana-Elena Rugina, Karama Kanoun, and Mohamed Kaâniche LAAS-CNRS, University of Toulouse 7 avenue Colonel Roche 31077 Toulouse Cedex 4, France

More information

Reliability and Dependability in Computer Networks. CS 552 Computer Networks Side Credits: A. Tjang, W. Sanders

Reliability and Dependability in Computer Networks. CS 552 Computer Networks Side Credits: A. Tjang, W. Sanders Reliability and Dependability in Computer Networks CS 552 Computer Networks Side Credits: A. Tjang, W. Sanders Outline Overall dependability definitions and concepts Measuring Site dependability Stochastic

More information

Stochastic Petri nets

Stochastic Petri nets Stochastic Petri nets 1 Stochastic Petri nets Markov Chain grows very fast with the dimension of the system Petri nets: High-level specification formalism Markovian Stochastic Petri nets adding temporal

More information

Fault tolerance and Reliability

Fault tolerance and Reliability Fault tolerance and Reliability Reliability measures Fault tolerance in a switching system Modeling of fault tolerance and reliability Rka -k2002 Telecommunication Switching Technology 14-1 Summary of

More information

Analysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling

Analysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling Application of the Architectural Analysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling Chris Vogl, Myron Hecht, and Alex Lam Presented to System and Software

More information

Basic Concepts of Reliability

Basic Concepts of Reliability Basic Concepts of Reliability Reliability is a broad concept. It is applied whenever we expect something to behave in a certain way. Reliability is one of the metrics that are used to measure quality.

More information

AADS+: AADL Simulation including the Behavioral Annex

AADS+: AADL Simulation including the Behavioral Annex AADS+: AADL Simulation including the Behavioral Annex Fifth IEEE International workshop UML and AADL 24th March 2010, Oxford, UK Roberto Varona Gómez Eugenio Villar {roberto, evillar}@teisa.unican.es University

More information

A System Performance in Presence of Faults Modeling Framework Using AADL and GSPNs

A System Performance in Presence of Faults Modeling Framework Using AADL and GSPNs A System Performance in Presence of Faults Modeling Framework Using AADL and GSPNs Belhassen MAZIGH 1 and Kais BEN FADHEL 1 Department of Computer Science, Faculty of Science of Monastir, Avenue of the

More information

Course: Advanced Software Engineering. academic year: Lecture 14: Software Dependability

Course: Advanced Software Engineering. academic year: Lecture 14: Software Dependability Course: Advanced Software Engineering academic year: 2011-2012 Lecture 14: Software Dependability Lecturer: Vittorio Cortellessa Computer Science Department University of L'Aquila - Italy vittorio.cortellessa@di.univaq.it

More information

Dependability tree 1

Dependability tree 1 Dependability tree 1 Means for achieving dependability A combined use of methods can be applied as means for achieving dependability. These means can be classified into: 1. Fault Prevention techniques

More information

COMPASS GRAPHICAL MODELLER

COMPASS GRAPHICAL MODELLER COMPASS GRAPHICAL MODELLER Viet Yen Nguyen Software Modelling and Verification Group RWTH Aachen University Final Presentation Days, April 2012, ESTEC Christian Dehnert, Joost-Pieter Katoen, Thomas Noll

More information

Performability Modeling & Analysis in UML

Performability Modeling & Analysis in UML Performability Modeling & Analysis in UML March 2-3, 2010: PaCo second mid-term meeting (L'Aquila, Italy) Luca Berardinelli luca.berardinelli@univaq.it Dipartimento di Informatica Università dell Aquila

More information

COMPASS. COMPASS Tutorial. Correctness, Modeling, and Performance of Aerospace Systems. Version 3.0

COMPASS. COMPASS Tutorial. Correctness, Modeling, and Performance of Aerospace Systems. Version 3.0 COMPASS Correctness, Modeling, and Performance of Aerospace Systems COMPASS Tutorial Version 3.0 Prepared by Fondazione Bruno Kessler RWTH Aachen University Contents 1 Introduction 3 2 Terminology 4 3

More information

Myron Hecht, Alex Lam, Chris Vogl, Presented to 2011 UML/AADL Workshop Las Vegas, NV. April, 2011

Myron Hecht, Alex Lam, Chris Vogl, Presented to 2011 UML/AADL Workshop Las Vegas, NV. April, 2011 A Tool Set for Integrated Software and Hardware Dependability Analysis Using the Architecture Analysis and Design Language (AADL) and Error Model Annex Myron Hecht, Alex Lam, Chris Vogl, Presented to 2011

More information

CIS 890: High-Assurance Systems

CIS 890: High-Assurance Systems CIS 890: High-Assurance Systems Hazard Analysis Lecture: Error Modeling Annex Version 2 - Introduction Copyright 2016, John Hatcliff, Hariharan Thiagarajan. The syllabus and all lectures for this course

More information

Aerospace Software Engineering

Aerospace Software Engineering 16.35 Aerospace Software Engineering Reliability, Availability, and Maintainability Software Fault Tolerance Prof. Kristina Lundqvist Dept. of Aero/Astro, MIT Definitions Software reliability The probability

More information

New Logic Modeling Paradigms for Complex System Reliability and Risk Analysis

New Logic Modeling Paradigms for Complex System Reliability and Risk Analysis New Logic Modeling Paradigms for Complex System Reliability and Risk Analysis Antoine Rauzy Chair Blériot-Fabre* - Ecole Centrale de Paris Ecole Polytechnique FRANCE Antoine.Rauzy@ecp.fr http://www.lgi.ecp.fr/pmwiki.php/pagesperso/arauzy

More information

Module 4: Stochastic Activity Networks

Module 4: Stochastic Activity Networks Module 4: Stochastic Activity Networks Module 4, Slide 1 Stochastic Petri nets Session Outline Places, tokens, input / output arcs, transitions Readers / Writers example Stochastic activity networks Input

More information

Automatic Generation of Static Fault Trees from AADL Models

Automatic Generation of Static Fault Trees from AADL Models Automatic Generation of Static Fault Trees from AADL Models Anjali Joshi, Steve Vestal, Pam Binns University of Minnesota and Honeywell Laboratories June 27, 2007 1 Traditional Safety Analysis Safety Analyst

More information

Error Model Annex Revision

Error Model Annex Revision Error Model Annex Revision Peter H Feiler phf@sei.cmu.edu Jan 2011 Goal A core set of reliability concepts and error types Interaction of systems with nominal behavior and threats in the form of defects,

More information

Activity Nets: A UML profile for modeling workflow and business processes

Activity Nets: A UML profile for modeling workflow and business processes Activity Nets: A UML profile for modeling workflow and business processes Author: Gregor v. Bochmann, SITE, University of Ottawa (August 27, 2000) 1. Introduction 1.1. Purpose of this document Workflow

More information

Development of Integrated Hard- and Software Systems: Tasks and Processes

Development of Integrated Hard- and Software Systems: Tasks and Processes TECHNISCHE UNIVERSITÄT ILMENAU Development of Integrated Hard- and Software Systems: Tasks and Processes Integrated Communication Systems http://www.tu-ilmenau.de/iks General Development Tasks Analysis

More information

Development of Integrated Hard- and Software Systems: Tasks and Processes

Development of Integrated Hard- and Software Systems: Tasks and Processes TECHNISCHE UNIVERSITÄT ILMENAU Development of Integrated Hard- and Software Systems: Tasks and Processes Integrated Hard- and Software Systems http://www.tu-ilmenau.de/ihs System Development Poor Process

More information

A unified model. Henrik I Christensen & Lars Petersson Centre for Autonomous Systems Royal Institute of Technology Stockholm, Sweden

A unified model. Henrik I Christensen & Lars Petersson Centre for Autonomous Systems Royal Institute of Technology Stockholm, Sweden A unified model Henrik I Christensen & Lars Petersson Royal Institute of Technology Stockholm, Sweden hic@nada.kth.se Outline Dimensions of Systems & Programmers What are the common parts? What must be

More information

Markov Chains and Multiaccess Protocols: An. Introduction

Markov Chains and Multiaccess Protocols: An. Introduction Markov Chains and Multiaccess Protocols: An Introduction Laila Daniel and Krishnan Narayanan April 8, 2012 Outline of the talk Introduction to Markov Chain applications in Communication and Computer Science

More information

UML-AADL 09: Towards a Model- Driven Approach for Mapping Requirements on AADL Mathieu DELEHAYE Christophe PONSARD

UML-AADL 09: Towards a Model- Driven Approach for Mapping Requirements on AADL Mathieu DELEHAYE Christophe PONSARD Potsdam, Germany 02/06/2009 UML-AADL 09: Towards a Model- Driven Approach for Mapping Requirements on AADL Mathieu DELEHAYE Christophe PONSARD Outline 1. Motivation 2. NFR and tools survey 3. Goal-oriented

More information

Software reliability is defined as the probability of failure-free operation of a software system for a specified time in a specified environment.

Software reliability is defined as the probability of failure-free operation of a software system for a specified time in a specified environment. SOFTWARE ENGINEERING SOFTWARE RELIABILITY Software reliability is defined as the probability of failure-free operation of a software system for a specified time in a specified environment. LEARNING OBJECTIVES

More information

Module 8 - Fault Tolerance

Module 8 - Fault Tolerance Module 8 - Fault Tolerance Dependability Reliability A measure of success with which a system conforms to some authoritative specification of its behavior. Probability that the system has not experienced

More information

COMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING

COMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING COMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING Viet Yen Nguyen Lehrstuhl für Informatik 2, RWTH Aachen University nguyen@cs.rwth-aachen.de Technology Innovation Days, ESA/ESTEC, 2011 ABOUT

More information

The AADL Behavioural annex 1

The AADL Behavioural annex 1 1 IRIT-CNRS ; Université de Toulouse, France Ellidis Software France-UK SEI CMU USA Wednesday March 24 th 2010 OXFORD UML-AADL 2010 Panel 1 This work was partly supported by the French AESE project Topcased

More information

SAE AADL Error Model Annex: Discussion Items

SAE AADL Error Model Annex: Discussion Items SAE AADL Error Model Annex: Discussion Items Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Peter Feiler phf@sei.cmu.edu April 2012 Sponsored by the U.S. Department of Defense

More information

Fault Tolerance. The Three universe model

Fault Tolerance. The Three universe model Fault Tolerance High performance systems must be fault-tolerant: they must be able to continue operating despite the failure of a limited subset of their hardware or software. They must also allow graceful

More information

Key Features. Defect Rates. Traditional Unit testing: 25 faults / KLOC System testing: 25 / KLOC Inspections: / KLOC

Key Features. Defect Rates. Traditional Unit testing: 25 faults / KLOC System testing: 25 / KLOC Inspections: / KLOC Cleanroom attempt to mathematically-based, scientific engineering process of software development Cleanroom software engineering yields software that is correct by mathematically sound design, and software

More information

Dependable and Secure Systems Dependability

Dependable and Secure Systems Dependability Dependable and Secure Systems Dependability Master of Science in Embedded Computing Systems Quantitative Dependability Analysis with Stochastic Activity Networks: the Möbius Tool Andrea Domenici DII, Università

More information

Reliability Considerations in Cyber-Power Dependent Systems

Reliability Considerations in Cyber-Power Dependent Systems Reliability Considerations in Cyber-Power Dependent Systems Visvakumar Aravinthan Wichita State University (visvakumar.aravinthan@wichita.edu) PSERC Webinar April 17, 2018 1 Acknowledgement This work was

More information

HART Temperature Transmitter for up to SIL 2 applications

HART Temperature Transmitter for up to SIL 2 applications HART Temperature Transmitter for up to SIL 2 applications Inor Process AB 04/2010 86B520S001 R1.0 1 Introduction... 3 1.1 Field of application... 3 1.2 User benefits... 3 1.3 Manufacturer s safety instructions...

More information

An Information Model for High-Integrity Real Time Systems

An Information Model for High-Integrity Real Time Systems An Information Model for High-Integrity Real Time Systems Alek Radjenovic, Richard Paige, Philippa Conmy, Malcolm Wallace, and John McDermid High-Integrity Systems Group, Department of Computer Science,

More information

Knowledge-based Systems for Industrial Applications

Knowledge-based Systems for Industrial Applications Knowledge-based Systems for Industrial Applications 1 The Topic 2 Tasks Goal: Overview of different tasks Systematic and formal characterization as a requirement for theory and implementation Script: Chap.

More information

SoS Dependability Assessment: Modelling and Measurement

SoS Dependability Assessment: Modelling and Measurement DSoS IST-1999-11585 Dependable Systems of Systems SoS Dependability Assessment: Modelling and Measurement Report Version: Deliverable CSDA3 Report Preparation Date: October 2002 Classification: Public

More information

Appendix D: Storage Systems (Cont)

Appendix D: Storage Systems (Cont) Appendix D: Storage Systems (Cont) Instructor: Josep Torrellas CS433 Copyright Josep Torrellas 1999, 2001, 2002, 2013 1 Reliability, Availability, Dependability Dependability: deliver service such that

More information

Business Process Modelling

Business Process Modelling CS565 - Business Process & Workflow Management Systems Business Process Modelling CS 565 - Lecture 2 20/2/17 1 Business Process Lifecycle Enactment: Operation Monitoring Maintenance Evaluation: Process

More information

Contract-based design, model checking, and model-based safety assessment

Contract-based design, model checking, and model-based safety assessment Contract-based design, model checking, and model-based safety assessment An integrated view Alessandro Cimatti Fondazione Bruno Kessler, Trento, Italy Take away message Beyond model checking: new generation

More information

Exercise Unit 2: Modeling Paradigms - RT-UML. UML: The Unified Modeling Language. Statecharts. RT-UML in AnyLogic

Exercise Unit 2: Modeling Paradigms - RT-UML. UML: The Unified Modeling Language. Statecharts. RT-UML in AnyLogic Exercise Unit 2: Modeling Paradigms - RT-UML UML: The Unified Modeling Language Statecharts RT-UML in AnyLogic Simulation and Modeling I Modeling with RT-UML 1 RT-UML: UML Unified Modeling Language a mix

More information

Dependable and Secure Systems Dependability Master of Science in Embedded Computing Systems

Dependable and Secure Systems Dependability Master of Science in Embedded Computing Systems Dependable and Secure Systems Dependability Master of Science in Embedded Computing Systems Quantitative Dependability Analysis with Stochastic Activity Networks: the Möbius Tool April 2016 Andrea Domenici

More information

From MDD back to basic: Building DRE systems

From MDD back to basic: Building DRE systems From MDD back to basic: Building DRE systems, ENST MDx in software engineering Models are everywhere in engineering, and now in software engineering MD[A, D, E] aims at easing the construction of systems

More information

HART Temperature Transmitter for up to SIL 2 applications

HART Temperature Transmitter for up to SIL 2 applications HART Temperature Transmitter for up to SIL 2 applications Inor Process AB 05/2014 86B520S001 R1.3 1 Introduction... 3 1.1 Field of application... 3 1.2 User benefits... 3 1.3 Manufacturer s safety instructions...

More information

Automated Development of Markovian Chains for Fault- Tolerant Computer-Based Systems with Version- Structure Redundancy

Automated Development of Markovian Chains for Fault- Tolerant Computer-Based Systems with Version- Structure Redundancy Automated Development of Markovian Chains for Fault- Tolerant Computer-Based Systems with Version- Structure Redundancy BogdanVolochiy 1, Oleksandr Mulyak 2, Vyacheslav Kharchenko 3 1 National University

More information

Upgrading From a Successful Emergency Control System to a Complete WAMPAC System for Georgian State Energy System

Upgrading From a Successful Emergency Control System to a Complete WAMPAC System for Georgian State Energy System Upgrading From a Successful Emergency Control System to a Complete WAMPAC System for Georgian State Energy System Dave Dolezilek International Technical Director Schweitzer Engineering Laboratories SEL

More information

Introduction to Service Availability Forum

Introduction to Service Availability Forum Introduction to Service Availability Forum Sasu Tarkoma (sasu.tarkoma@cs.helsinki.fi) Seminar on High Availability and Timeliness in Linux University of Helsinki, Department of Computer Science Spring

More information

OPTISWITCH 5300C. Safety Manual. Vibrating Level Switch. Relay (2 x SPDT) With SIL qualification

OPTISWITCH 5300C. Safety Manual. Vibrating Level Switch. Relay (2 x SPDT) With SIL qualification OPTISWITCH 5300C Safety Manual Vibrating Level Switch Relay (2 x SPDT) With SIL qualification Contents Contents 1 Document language 2 Scope 2.1 Instrument version... 4 2.2 Area of application... 4 2.3

More information

Complexity-Reducing Design Patterns for Cyber-Physical Systems. DARPA META Project. AADL Standards Meeting January 2011 Steven P.

Complexity-Reducing Design Patterns for Cyber-Physical Systems. DARPA META Project. AADL Standards Meeting January 2011 Steven P. Complexity-Reducing Design Patterns for Cyber-Physical Systems DARPA META Project AADL Standards Meeting 24-27 January 2011 Steven P. Miller Delivered to the Government in Accordance with Contract FA8650-10-C-7081

More information

A Reusable Modular Toolchain for Automated Dependability Evaluation

A Reusable Modular Toolchain for Automated Dependability Evaluation A Reusable Modular Toolchain for Automated Dependability Evaluation Leonardo Montecchi, Paolo Lollini, Andrea Bondavalli Dipartimento di Matematica e Informatica University of Firenze I-50134 Firenze,

More information

A queueing network model to study Proxy Cache Servers

A queueing network model to study Proxy Cache Servers Proceedings of the 7 th International Conference on Applied Informatics Eger, Hungary, January 28 31, 2007. Vol. 1. pp. 203 210. A queueing network model to study Proxy Cache Servers Tamás Bérczes, János

More information

System-Level Modeling (KJH, with slides removed from RASSP Module 9, vhdl_m.ppt) Fall 2000

System-Level Modeling (KJH, with slides removed from RASSP Module 9, vhdl_m.ppt) Fall 2000 System-Level Modeling (KJH, with slides removed from Module 9, vhdl_m.ppt) Fall 2000 Education & Facilitation Version D 0.2 Roadmap DESIGN LIBRARIES AND DATABASE Primarily software VIRTUAL PROTOTYPE Primarily

More information

SOFTWARE QUALITY. MADE IN GERMANY.

SOFTWARE QUALITY. MADE IN GERMANY. UPCOMING IMPACT OF THE SECOND EDITION OF THE ISO 26262 MGIGroup, 11.07.2017 SOFTWARE QUALITY. MADE IN GERMANY. SOLUTIONS FOR INTEGRATED QUALITY ASSURANCE OF EMBEDDED SOFTWARE MOTIVATION Release ISO 26262:2011

More information

Safety Manual VEGASWING 61, 63. Relay (DPDT) With SIL qualification. Document ID: 52082

Safety Manual VEGASWING 61, 63. Relay (DPDT) With SIL qualification. Document ID: 52082 Safety Manual VEGASWING 61, 63 Relay (DPDT) With SIL qualification Document ID: 52082 Contents Contents 1 Document language 2 Scope 2.1 Instrument version... 4 2.2 Area of application... 4 2.3 SIL conformity...

More information

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated

More information

Workshop 1: Specification for SystemC-AADL interoperability

Workshop 1: Specification for SystemC-AADL interoperability Workshop 1: System Design in Avionics & Space Specification for -AADL interoperability Eugenio Villar Eduardo de las Heras Microelectronic Engineering Group University of Cantabria Outline Motivations

More information

Safety Manual. VEGABAR series ma/hart - two-wire and slave sensors With SIL qualification. Document ID: 48369

Safety Manual. VEGABAR series ma/hart - two-wire and slave sensors With SIL qualification. Document ID: 48369 Safety Manual VEGABAR series 80 4 20 ma/hart - two-wire and slave sensors With SIL qualification Document ID: 48369 Contents Contents 1 Document language... 3 2 Scope... 4 2.1 Instrument version... 4 2.2

More information

SAE AADL Error Model Annex: An Overview

SAE AADL Error Model Annex: An Overview SAE AADL Error Model Annex: An Overview Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Peter Feiler phf@sei.cmu.edu Sponsored by the U.S. Department of Defense 2011 by Carnegie

More information

Techniques, and Tools

Techniques, and Tools SDN Dependability: Assessment, Techniques, and Tools SDN RG Stenio Fernandes (sflf@cin.ufpe.br) Marcelo Santos (mabs@cin.ufpe.br) Federal University of Pernambuco, Recife, Brazil Motivation Dependability

More information

Requirements Engineering process

Requirements Engineering process Requirements Engineering process Used to discover, analyze, validate and manage requirements Varies depending on the application domain, the people involved and the organization developing the requirements

More information

AADL to build DRE systems, experiments with Ocarina. Jérôme Hugues, ENST

AADL to build DRE systems, experiments with Ocarina. Jérôme Hugues, ENST AADL to build DRE systems, experiments with Ocarina Jérôme Hugues, ENST ENST Research topic: Methods for DRE Building a DRE is still a complex issue: RT-CORBA, DDS are only partial solutions Still difficult

More information

Automated Reliability Prediction & Analysis of SwAs

Automated Reliability Prediction & Analysis of SwAs Automated Reliability Prediction & Analysis of SwAs jmfranco [at] dei.uc.pt Postgraduate Colloquium Series 2012 Outline Motivation Main Goal Background Proposed Approach Experiments & Validation Conclusions

More information

Methods and Tools for Embedded Distributed System Timing and Safety Analysis. Steve Vestal Honeywell Labs

Methods and Tools for Embedded Distributed System Timing and Safety Analysis. Steve Vestal Honeywell Labs Methods and Tools for Embedded Distributed System Timing and Safety Analysis Steve Vestal Honeywell Labs Steve.Vestal@Honeywell.com 5 April 2006 Outline Preliminary Comments Timing and Resource Utilization

More information

Software Metrics. Kristian Sandahl

Software Metrics. Kristian Sandahl Software Metrics Kristian Sandahl 2 Maintenance Requirements Validate Requirements, Verify Specification Acceptance Test (Release testing) System Design (Architecture, High-level Design) Verify System

More information

Module 8 Fault Tolerance CS655! 8-1!

Module 8 Fault Tolerance CS655! 8-1! Module 8 Fault Tolerance CS655! 8-1! Module 8 - Fault Tolerance CS655! 8-2! Dependability Reliability! A measure of success with which a system conforms to some authoritative specification of its behavior.!

More information

Failure Models. Fault Tolerance. Failure Masking by Redundancy. Agreement in Faulty Systems

Failure Models. Fault Tolerance. Failure Masking by Redundancy. Agreement in Faulty Systems Fault Tolerance Fault cause of an error that might lead to failure; could be transient, intermittent, or permanent Fault tolerance a system can provide its services even in the presence of faults Requirements

More information

Middleware and Distributed Systems. Fault Tolerance. Peter Tröger

Middleware and Distributed Systems. Fault Tolerance. Peter Tröger Middleware and Distributed Systems Fault Tolerance Peter Tröger Fault Tolerance Another cross-cutting concern in middleware systems Fault Tolerance Middleware and Distributed Systems 2 Fault - Error -

More information

Foundations of a New Software Engineering Method for Real-time Systems

Foundations of a New Software Engineering Method for Real-time Systems -1- Main issues -8- Approach -2- Co-modeling -9- Abstraction -15- Algorithms -3- DRES Modeling -10- Implementation -16- xuml -4- DRES Modeling -11- RC phase -17- Action Language -5- DRES Modeling -12-

More information

DENETS HIDENETS DENETS. Highly Dependable IP-based Networks and Services (FP6 STREP, Jan Dec 2008)

DENETS HIDENETS DENETS. Highly Dependable IP-based Networks and Services (FP6 STREP, Jan Dec 2008) HI Highly Dependable IP-based Networks and Services (FP6 STREP, Jan. 2006-Dec 2008) End-to-end resilience solutions for vehicular scenarios 1 HI Partners 2 Overview The HI project: goals and challenges

More information

Monitoring Choreographed Services

Monitoring Choreographed Services Monitoring Choreographed Services L. Ardissono and R. Furnari and A. Goy and G. Petrone and M. Segnan Dipartimento di Informatica, Università di Torino Corso Svizzera 185, 10149 Torino, Italy Abstract.

More information

Packet Switching on L2 (LAN Level)

Packet Switching on L2 (LAN Level) Packet Switching on L2 (LAN Level) Transparent Bridging (TB), Spanning Tree Protocol (STP), Rapid STP, L2 Bridging versus L3 Routing Agenda Introduction Transparent Bridging Basics Spanning Tree Protocol

More information

AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment

AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment Julien Delange Peter Feiler David P. Gluch John Hudak October 2014 TECHNICAL REPORT CMU/SEI-2014-TR-020 Software Solutions Division

More information

From Analysis to Design. LTOOD/OOAD Verified Software Systems

From Analysis to Design. LTOOD/OOAD Verified Software Systems From Analysis to Design 1 Use Cases: Notation Overview Actor Use case System X System boundary UCBase «extend» UCExt Actor A UCVar1 UCVar2 Extending case Generalization «include» Actor B UCIncl Included

More information

Model-Based Engineering for the Development of ARINC653 Architectures

Model-Based Engineering for the Development of ARINC653 Architectures Model-Based Engineering for the Development of ARINC653 Architectures SAE 2009 AeroTech Congress and Exhibition Julien Delange Olivier Gilles Jérôme Hugues Laurent Pautet Context ARINC653 systems Time

More information

Presented by: David Martin (SRI)

Presented by: David Martin (SRI) OWL-S Issues DAML Web Services Coalition Presented by: David Martin (SRI) http://www.daml.org/services/ Top-level Outline Language status (25 min.) OWL-S Status & Evolution (David Martin) New features

More information

Complex systems modelling and optimization

Complex systems modelling and optimization Complex systems modelling and optimization Julien FAURE French pace Agency (CNE) - 18 avenue Edouard Belin - 31401 Toulouse - France André CABARBAYE French pace Agency (CNE) - 18 avenue Edouard Belin -

More information

Configuring MST Using Cisco NX-OS

Configuring MST Using Cisco NX-OS This chapter describes how to configure Multiple Spanning Tree (MST) on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information About MST, page

More information

A Comprehensive Exploration of Challenges in Architecture-Based Reliability Estimation

A Comprehensive Exploration of Challenges in Architecture-Based Reliability Estimation A Comprehensive Exploration of Challenges in Architecture-Based Reliability Estimation Ivo Krka, George Edwards, Leslie Cheung, Leana Golubchik, and Nenad Medvidovic Computer Science Department University

More information

Evaluation and lessons learnt from scenario on Real-time monitoring, reporting and response to security incidents related to a CSP

Evaluation and lessons learnt from scenario on Real-time monitoring, reporting and response to security incidents related to a CSP Secure Provisioning of Cloud Services based on SLA Management SPECS Project - Deliverable 5.2.1 Evaluation and lessons learnt from scenario on Real-time monitoring, reporting and response to security incidents

More information

HPE Aruba Airwave Installation and Startup Service

HPE Aruba Airwave Installation and Startup Service Data sheet HPE Aruba Airwave Installation and Startup Service Support Services HPE Installation and Startup Service for select Aruba Airwave products coordinates installation, configuration, and verification

More information

UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2

UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2 UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2 Jérôme Hugues Gilles Lasnier Laurent Pautet Lutz Wrage jerome.hugues@isae.fr gilles.lasnier@telecom-paristech.fr laurent.pautet@telecom-paristech.fr

More information

Practical Operation Seminar. First Edition

Practical Operation Seminar. First Edition Practical Operation Seminar First Edition 1. What is vstandby? New concept design of Virtual Standby Availability Solution Standby Availability Solution to configure standby virtual machine originated

More information

High Availability in EtherNet/IP Systems using Parallel Redundancy Protocol (PRP)

High Availability in EtherNet/IP Systems using Parallel Redundancy Protocol (PRP) High Availability in EtherNet/IP Systems using Parallel Redundancy Protocol (PRP) www.odva.org Technical Track Introduction High Availability Initialization PRP Solution And Applications Operation Installation

More information

Flight Systems are Cyber-Physical Systems

Flight Systems are Cyber-Physical Systems Flight Systems are Cyber-Physical Systems Dr. Christopher Landauer Software Systems Analysis Department The Aerospace Corporation Computer Science Division / Software Engineering Subdivision 08 November

More information

A Multi-Modal Composability Framework for Cyber-Physical Systems

A Multi-Modal Composability Framework for Cyber-Physical Systems S5 Symposium June 12, 2012 A Multi-Modal Composability Framework for Cyber-Physical Systems Linh Thi Xuan Phan Insup Lee PRECISE Center University of Pennsylvania Avionics, Automotive Medical Devices Cyber-physical

More information

Basic vs. Reliable Multicast

Basic vs. Reliable Multicast Basic vs. Reliable Multicast Basic multicast does not consider process crashes. Reliable multicast does. So far, we considered the basic versions of ordered multicasts. What about the reliable versions?

More information

i-dialogue Modeling Agent Conversation by Streams and Lazy Evaluation Clement Jonquet & Stefano A. Cerri

i-dialogue Modeling Agent Conversation by Streams and Lazy Evaluation Clement Jonquet & Stefano A. Cerri i-dialogue Modeling Agent Conversation by Streams and Lazy Evaluation Clement Jonquet & Stefano A. Cerri Context Interaction modeling In DAI and MAS communities: interacting entities interaction + autonomy

More information

Outline. Availability Analysis of Span- Restorable Mesh Networks. Motivation. Definition

Outline. Availability Analysis of Span- Restorable Mesh Networks. Motivation. Definition Outline Availability Analysis of Span- Restorable Mesh Networks Partly adapted from slides originally presented attrlabstech Forum by, Matthieu Clouqueur and Wayne D. Grover Natthapol Pongthaipat Motivation

More information

The multiple spanning-tree (MST) implementation is based on the IEEE 802.1s standard.

The multiple spanning-tree (MST) implementation is based on the IEEE 802.1s standard. CHAPTER 18 This chapter describes how to configure the Cisco implementation of the IEEE 802.1s Multiple STP (MSTP) on the IE 3010 switch. Note The multiple spanning-tree (MST) implementation is based on

More information

Table of Contents 1 MSTP Configuration 1-1

Table of Contents 1 MSTP Configuration 1-1 Table of Contents 1 MSTP Configuration 1-1 Overview 1-1 Introduction to STP 1-1 Why STP 1-1 Protocol Packets of STP 1-1 Basic Concepts in STP 1-2 How STP works 1-3 Introduction to RSTP 1-9 Introduction

More information

ETSI TS V ( ) Technical Specification

ETSI TS V ( ) Technical Specification TS 132 321 V10.0.0 (2011-04) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Telecommunication management; Test management

More information

Methods of Technical Risk Assessment in a Regional Context

Methods of Technical Risk Assessment in a Regional Context Methods of Technical Risk Assessment in a Regional Context Wolfgang Kröger, Professor and Head of former Laboratory for Safety Analysis (www.lsa.ethz.ch) Founding Rector of International Risk Governance

More information

Integrating Fault-Tolerant Techniques into the Design of Critical Systems

Integrating Fault-Tolerant Techniques into the Design of Critical Systems Integrating Fault-Tolerant Techniques into the Design of Critical Systems Ricardo J. Rodríguez and José Merseguer {rjrodriguez, jmerse}@unizar.es Universidad de Zaragoza Zaragoza, Spain 23rd June 2010

More information

AADL Simulation and Performance Analysis in SystemC

AADL Simulation and Performance Analysis in SystemC Fourth IEEE International workshop UML and AADL 2nd June 2009 Potsdam, Germany Roberto Varona Gómez Eugenio Villar {roberto, evillar}@teisa.unican.es University of Cantabria, Santander, Spain. This work

More information

On Dependability in Distributed Databases

On Dependability in Distributed Databases CITI Technical Report 92-9 On Dependability in Distributed Databases Toby J. Teorey teorey@citi.umich.edu ABSTRACT Distributed database availability, reliability, and mean transaction completion time are

More information

Final Project Report. Abstract. Document information

Final Project Report. Abstract. Document information Final Project Report Document information Project Title ATM Security Project Number 16.02._ Project Manager EUROCONTROL Deliverable Name Final Project Report Deliverable ID D04-011 Edition 00.01.00 Template

More information

CprE 458/558: Real-Time Systems. Lecture 17 Fault-tolerant design techniques

CprE 458/558: Real-Time Systems. Lecture 17 Fault-tolerant design techniques : Real-Time Systems Lecture 17 Fault-tolerant design techniques Fault Tolerant Strategies Fault tolerance in computer system is achieved through redundancy in hardware, software, information, and/or computations.

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback