Automatic Generation of Static Fault Trees from AADL Models

Similar documents
Error Model Meta Model and Plug-in

Methods and Tools for Embedded Distributed System Timing and Safety Analysis. Steve Vestal Honeywell Labs

Analytical Architecture Fault Models

Dependability Modeling Based on AADL Description (Architecture Analysis and Design Language)

SAE AADL Error Model Annex: An Overview

CIS 890: High-Assurance Systems

Architecture Description Languages. Peter H. Feiler 1, Bruce Lewis 2, Steve Vestal 3 and Ed Colbert 4

SAE AADL Error Model Annex: Discussion Items

Myron Hecht, Alex Lam, Chris Vogl, Presented to 2011 UML/AADL Workshop Las Vegas, NV. April, 2011

AEROSPACE STANDARD. SAE Architecture Analysis and Design Language (AADL) Annex Volume 3: Annex E: Error Model Annex RATIONALE

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

Analysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling

A System Dependability Modeling Framework Using AADL and GSPNs

Platform modeling and allocation

An Information Model for High-Integrity Real Time Systems

AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment

Hierarchical Composition and Abstraction In Architecture Models

Involved subjects in this presentation Security and safety in real-time embedded systems Architectural description, AADL Partitioned architectures

Error Model Annex Revision

Dependability Modelling using AADL and the AADL Error Model Annex

AADS+: AADL Simulation including the Behavioral Annex

OSATE Analysis Support

AEROSPACE STANDARD. SAE Architecture Analysis and Design Language (AADL) Annex Volume 3: Annex E: Error Model Annex RATIONALE

Plug-in Development for the Open Source AADL Tool Environment Part 4: OSATE Infrastructure & Language Extensions

AADL Simulation and Performance Analysis in SystemC

Tools for Formally Reasoning about Systems. June Prepared by Lucas Wagner

Complexity-Reducing Design Patterns for Cyber-Physical Systems. DARPA META Project. AADL Standards Meeting January 2011 Steven P.

COMPASS GRAPHICAL MODELLER

AADL v2.1 errata AADL meeting Sept 2014

The Montana Toolset: OSATE Plugins for Analysis and Code Generation

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

TigerPrints. Clemson University. Hung Vo Clemson University,

AADL Inspector Tutorial. ACVI Workshop, Valencia September 29th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

Analysis of AADL Models Using Real-Time Calculus With Applications to Wireless Architectures

UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2

Workshop 1: Specification for SystemC-AADL interoperability

Reducing Uncertainty in Architectural Decisions with AADL

Introduction to AADL analysis and modeling with FACE Units of Conformance

AADL Application modeling with MARTE Madeleine Faugère, Timothée Bourdeau THALES Research and Technology Robert de Simone INRIA Sébastien Gérard CEA

Copyright 2018 Adventium Labs. 1

Using AADL in Model Driven Development. Katholieke Universiteit Leuven Belgium

The AADL Behavioural annex 1

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

Modelling of PnP Weapon Systems with AADL Protocol Behaviour

Pattern-Based Analysis of an Embedded Real-Time System Architecture

The SAE Architecture Analysis and Description Language (AADL) Standard: A Basis for Architecture- Driven Embedded Systems Engineering

COMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING

ICS 252 Introduction to Computer Design

Schedulability Analysis of AADL Models

Chapter 8 Fault Tolerance

An Implementation of the Behavior Annex in the AADL-toolset Osate2

CSE 123: Computer Networks Alex C. Snoeren. HW 2 due Thursday 10/21!

FPGAs: : Quality through Model Based Design and Implementation

SAE Architecture Analysis and Design Language. AS-2C AADL Subcommittee Meeting Feb 3-6, 2014 Toulouse, France

Redundancy in fault tolerant computing. D. P. Siewiorek R.S. Swarz, Reliable Computer Systems, Prentice Hall, 1992

Distributed Systems (ICE 601) Fault Tolerance

Lab-STICC : Dominique BLOUIN Skander Turki Eric SENN Saâdia Dhouib 11/06/2009

Model-Based Embedded System Engineering & Analysis of Performance-Critical Systems

Update on AADL Requirements Annex

Page 1 SPACEWIRE SEMINAR 4/5 NOVEMBER 2003 JF COLDEFY / C HONVAULT

Architecture Modeling in embedded systems

Institut Supérieur de l Aéronautique et de l Espace Constraints Annex Implementation Approach

A Comparison and Evaluation of Real-Time Software Systems Modeling Languages

Requirements Analysis of a Quad-Redundant Flight Control System

AADL Graphical Editor Design

Query Language for AADLv2, Jérôme Hugues, ISAE Serban Gheorghe, Edgewater

Translating AADL into BIP Application to the Verification of Real time Systems

Modeling the Implementation of Stated-Based System Architectures

0. Overview of this standard Design entities and configurations... 5

Failure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010

Presentation of the AADL: Architecture Analysis and Design Language

Copyright 2007 Ramez Elmasri and Shamkant B. Navathe. Slide 27-1

COMPASS. COMPASS Tutorial. Correctness, Modeling, and Performance of Aerospace Systems. Version 3.0

RAMSES. Refinement of AADL Models for the Synthesis of Embedded Systems. Etienne Borde

Architecture Analysis and Design Language (AADL) Part 2

An implementation of the AADL-BA Behavior Annex front-end: an OSATE2 Eclipse plug-in

Presentation of the AADL: Architecture Analysis and Design Language

Fault Propagation and Transformation: A Safety Analysis. Malcolm Wallace

Illustrating the AADL Error Modeling Annex (v. 2) Using a Simple Safety-Critical Medical Device

Fast Synchronization Mechanism for 1000BASE-T1

1. INTRODUCTION. four years and by 2014 the cost of 27M SLOC of software is estimated to exceed $10B (see Figure 1).

Performability Modeling & Analysis in UML

VDE Testing and Certification Institute

Modeling Wireless Sensor Network Architectures using AADL

SAE Architecture Analysis and Design Language. AS-2C ADL Subcommittee Meeting June 6-9, 2011 Paris, France

A Modelling and Analysis Environment for LARES

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

Model Editing & Processing Tools. AADL Committee, San Diego February 4th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

Module 5. Function-Oriented Software Design. Version 2 CSE IIT, Kharagpur

Introduction to AADL 1

Model-based Architectural Verification & Validation

THE UNIVERSITY OF HULL

Part I: Preliminaries 24

Prototyping of Distributed Embedded Systems Using AADL

The Architecture Analysis and Design Language and the Behavior Annex: A Denotational Semantics

Plug-in Development for the Open Source AADL Tool Environment Part 3: Generation & External Models

AADL Webinar. Carnegie Mellon University Notices Architecture Analysis with AADL The Speed Regulation Case-Study... 4

Redundancy in fault tolerant computing. D. P. Siewiorek R.S. Swarz, Reliable Computer Systems, Prentice Hall, 1992

Lecture 9: Bridging & Switching"

Transcription:

Automatic Generation of Static Fault Trees from AADL Models Anjali Joshi, Steve Vestal, Pam Binns University of Minnesota and Honeywell Laboratories June 27, 2007 1

Traditional Safety Analysis Safety Analyst A Requirements and Design Documents Safety Analyst B System Safety Analysis is - Based on Informal Specifications - Highly Dependent on Skill of the Analyst Incorrect Guidance Error Internal to AP Incorrect Guidance Values Received From FGS Error Internal to FD Active FGS Sends Incorrect Guidance Values Inactive FGS Sends Incorrect Guidance Values Error in FCL Selection Logic FCL Generates Incorrect Guidance Values Not Shown Error in FGS Inputs Error in FCL Algorithm June 27, 2007 2

Model-Based Safety Analysis June 27, 2007 3

Architecture Analysis & Design Language (AADL) Overview Component Type features (interaction points), properties, etc. Implementation subcomponents, connections, properties, etc. Component Categories software, execution platform, composite OSATE toolset Parsing, semantic checking System Instance Model generation Binding properties June 27, 2007 4

Simple Dual Redundant System in AADL HW system Duplex end Duplex; system implementation Duplex.Basic subcomponents P1: processor Proc.Basic; P2: processor Proc.Basic; Data_Bus: bus PCI.Basic; connections bus access Data_Bus -> P1.Data_Bus; bus access Data_Bus -> P2.Data_Bus; end Duplex.Basic; June 27, 2007 5

Example Error Model Specification Type error model Basic features error_free: initial error state; loss_of_availability, loss_of_integrity: error state; fail_stop, fail_babble: error event; loss_of_data, corrupted_data: in out error propagation; end Basic; initial error state error_free fail_stop in loss_of_data loss_of_ availability fail_babble in loss_of_data out loss_of_data error model implementation Basic.Hardware fail_babble in corrupted_data transitions loss_of_ integrity error_free -[fail_stop, in loss_of_data]-> loss_of_availability; error_free -[fail_babble, in corrupted_data]-> loss_of_integrity; in corrupted_data loss_of_availability -[fail_babble]-> loss_of_integrity; out corrupted_data loss_of_availability -[in loss_of_data, out loss_of_data]-> loss_of_availability; loss_of_integrity -[in corrupted_data, out corrupted_data]-> loss_of_integrity; end Basic.Hardware; June 27, 2007 6

Error Model Association via Annex Clause & Properties DualSystem.Basic HW Abstract SW Derived June 27, 2007 7

Error Propagation Rules DualSystem.Basic HW P2 SW P1 Connection to In Ports of a Component Bus to all Connections bound to it Processor to required bus June 27, 2007 8

CAFTA Fault Tree Generation from AADL Models June 27, 2007 9

System Instance Error Model Extraction Directed Graph Representation Via Input_ 1 Component Node SW.P1 Basic.Software ErrorModelProperties... ErrorPropSrcs: SW.C21, SW.C21_2, HW.P1 DualSystem.Basic HW HW.Data_Bus P2 P1 HW.P1 Connection Node SW.C21 Basic.Software ErrorModelProperties... ErrorPropSrcs: SW.P2, HW.Data_Bus Component Node HW.P1 Basic.Hardware ErrorModelProperties... ErrorPropSrcs: HW.Data_Bus SW C21 SW.P1 Component Node HW.Data_Bus Basic.Hardware ErrorModelProperties... ErrorPropSrcs: HW.P1, HW.P2 June 27, 2007 10

High-level Fault Tree Generation Approach Identify all the Report properties defined For each Error State or Out Error Propagation defined in the Report property Generate fault tree by traversing the DG based on Error model (hierarchy, guard, etc.) properties Error propagation sources Break cycles where necessary Share sub-trees where possible Optimizations Removing redundant gates and fault tree nodes Sharing sub-trees June 27, 2007 11

Generate Output CAFTA Fault Tree June 27, 2007 12

Summary Automatic generation of CAFTA fault trees Advantages Consistent Mapping between fault trees & architecture Identify common modes of failure Challenges Aggressive Optimizations needed Sharing of sub-trees Pruning of redundant fault trees Guard against missing out error annotations June 27, 2007 13

Contact Information Anjali Joshi University of Minnesota, Minneapolis ajoshi@cs.umn.edu Steve Vestal, Pam Binns Honeywell Laboratories, Minneapolis {Steve.Vestal, Pam.Binns}@honeywell.com June 27, 2007 14

System Instance Error Model Extraction Directed Graph Representation Via Input_1 Component Node SW.P1 Basic.Software ErrorModelProperties... ErrorPropSrcs: SW.C21, SW.C21_2, HW.P1 DualSystem.Basic HW HW.Data_Bus P2 P1 HW.P1 Connection Node SW.C21 Basic.Software ErrorModelProperties... ErrorPropSrcs: SW.P2, HW.Data_Bus Component Node HW.P1 Basic.Hardware ErrorModelProperties... ErrorPropSrcs: HW.Data_Bus SW C21 SW.P1 Component Node HW.Data_Bus Basic.Hardware ErrorModelProperties... ErrorPropSrcs: HW.P1, HW.P2 June 27, 2007 15

AADL Error Model Annex Overview Error Model Annex Specification of error models and their association to AADL components via AADL annex sub-clause Defines Error Model properties Filtering and masking of error propagations Guard_In, Guard_Out properties Hierarchical composition of sub-component error models Model_Hierarchy, Derived_State_Mapping properties Occurrence properties Defines error propagation rules Error propagation path from bus to connected processor Error propagation paths between components sharing a port connection June 27, 2007 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback