Analysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling

Similar documents
Myron Hecht, Alex Lam, Chris Vogl, Presented to 2011 UML/AADL Workshop Las Vegas, NV. April, 2011

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

Dependability Modeling Based on AADL Description (Architecture Analysis and Design Language)

TOPCASED. Toolkit In OPen source for Critical Applications & SystEms Development

A System Dependability Modeling Framework Using AADL and GSPNs

AADL Graphical Editor Design

Architecture Description Languages. Peter H. Feiler 1, Bruce Lewis 2, Steve Vestal 3 and Ed Colbert 4

Pattern-Based Analysis of an Embedded Real-Time System Architecture

AADL Meta Model & XML/XMI

Eclipse Automotive Working Group

Introduction to AADL analysis and modeling with FACE Units of Conformance

AADL Requirements Annex Review

A System Performance in Presence of Faults Modeling Framework Using AADL and GSPNs

Query Language for AADLv2, Jérôme Hugues, ISAE Serban Gheorghe, Edgewater

Comparing graphical DSL editors

ENABLING AND (IN MY HUMBLE OPINION) ESSENTIAL TECHNOLOGIES FOR DEPENDABILITY BENCHMARKING. William H. Sanders

Error Model Meta Model and Plug-in

UML&AADL 11 An Implementation of the Behavior Annex in the AADL-toolset OSATE2

An Implementation of the Behavior Annex in the AADL-toolset Osate2

Schedulability Analysis of AADL Models

Dependability Modelling using AADL and the AADL Error Model Annex

AADS+: AADL Simulation including the Behavioral Annex

An Extensible Open Source AADL Tool Environment (OSATE)

The Architecture Analysis and Design Language and the Behavior Annex: A Denotational Semantics

On the link between Architectural Description Models and Modelica Analyses Models

SAE AADL Error Model Annex: Discussion Items

Flight Systems are Cyber-Physical Systems

Introduction to AADL 1

An Information Model for High-Integrity Real Time Systems

A Comparison and Evaluation of Real-Time Software Systems Modeling Languages

An Extensible Open Source AADL Tool Environment (OSATE)

AADL Simulation and Performance Analysis in SystemC

A Modelling and Analysis Environment for LARES

MDD with OMG Standards MOF, OCL, QVT & Graph Transformations

Papyrus: Advent of an Open Source IME at Eclipse (Redux)

Language engineering and Domain Specific Languages

Complexity-Reducing Design Patterns for Cyber-Physical Systems. DARPA META Project. AADL Standards Meeting January 2011 Steven P.

The AADL Behavioural annex 1

On Modeling Data Dissemination for LCCIs

The Eclipse Modeling Framework and MDA Status and Opportunities

Plan. Language engineering and Domain Specific Languages. Language designer defines syntax. How to define language

Model-Driven Engineering Approach for Simulating Virtual Devices in the OSATE 2 Environment

Reducing Uncertainty in Architectural Decisions with AADL

Impact of Runtime Architectures on Control System Stability

CSSE 490 Model-Based Software Engineering: Architecture Description Languages (ADL)

Plug-in Development for the Open Source AADL Tool Environment Part 4: OSATE Infrastructure & Language Extensions

Christian Doppler Laboratory

TOPCASED. Current status

GMF Tooling 3.0 Vision, Architecture, Roadmap

Horváth Ákos Bergmann Gábor Dániel Varró István Ráth

AADL Application modeling with MARTE Madeleine Faugère, Timothée Bourdeau THALES Research and Technology Robert de Simone INRIA Sébastien Gérard CEA

COMPASS GRAPHICAL MODELLER

SAE Architecture Analysis and Design Language. AS-2C ADL Subcommittee Meeting June 6-9, 2011 Paris, France

A Reusable Modular Toolchain for Automated Dependability Evaluation

Presentation of the AADL: Architecture Analysis and Design Language

Unified Modeling Language (UML)

FUSED Framework for System Engineering Hands-on Tutorial SAE AADL 19 April 2012

Plug-in Development for the Open Source AADL Tool Environment Part 3: Generation & External Models

MDA Driven xuml Plug-in for JAVA

Update on AADL Requirements Annex

Modeling GAMs with SysML. Automatic GAMs code generation with Model-2-Text tools

Reliability Analysis with Dynamic Reliability Block Diagrams in the Möbius Modeling Tool

Error Model Annex Revision

The etrice Eclipse Project Proposal

Model-based System Engineering for Fault Tree Generation and Analysis

Dependability Analysis of Web Service-based Business Processes by Model Transformations

Methods and Tools for Embedded Distributed System Timing and Safety Analysis. Steve Vestal Honeywell Labs

Presentation of the AADL: Architecture Analysis and Design Language

Using the AADL for mission critical software development paper presented at the ERTS conference, Toulouse, 21 January 2004

Metamodeling. Janos Sztipanovits ISIS, Vanderbilt University

Introducing Simulation and Model Animation in the MDE Topcased 1 Toolkit

Ingegneria del Software Corso di Laurea in Informatica per il Management. Introduction to UML

Taming Multi-Paradigm Integration in a Software Architecture Description Language

Platform modeling and allocation

The FUSED Meta-Language & Tools for Complex System Engineering

ECLIPSE MODELING PROJECT

A Comparison of Ecore and GOPPRR through an Information System Meta Modeling Approach

Towards Generating Domain-Specific Model Editors with Complex Editing Commands

AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment

Automatic Generation of Static Fault Trees from AADL Models

Architecture Modeling in embedded systems

A Framework for Managing Assumptions made by Software Components in Real-time Systems

5.2 Reo2MC: description and implementation

Modelling in Enterprise Architecture. MSc Business Information Systems

Raising the Level of Development: Models, Architectures, Programs

OSATE Analysis Support

Model Driven Engineering (MDE)

Experiences in the Use of MDA and UML in Developing NATO Standards

The Montana Toolset: OSATE Plugins for Analysis and Code Generation

The Galilean Moons of Eclipse

Using AADL in Model Driven Development. Katholieke Universiteit Leuven Belgium

BLU AGE 2009 Edition Agile Model Transformation

Model Editing & Processing Tools. AADL Committee, San Diego February 4th, Pierre Dissaux. Ellidiss. Technologies w w w. e l l i d i s s.

Proceedings of the 6th Educators Symposium: Software Modeling in Education at MODELS 2010 (EduSymp 2010)

Stochastic Petri nets

Introduction to MDE and Model Transformation

Kermeta tutorial. How to create a metamodel. François Tanguy, Didier Vojtisek. Abstract

From MDD back to basic: Building DRE systems

A Formal Analysis Framework for AADL

Software Architecture in Action. Flavio Oquendo, Jair C Leite, Thais Batista

Transcription:

Application of the Architectural Analysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling Chris Vogl, Myron Hecht, and Alex Lam Presented to System and Software Technology Conference Salt Lake City, UT April, 2009 The Aerospace Corporation 2009

Outline Motivation Introducing AADL AADL Error Annex AADL Modeling Environment AADL transformation tool Sample Application Future Plans 2

Motivation Need: Support to make better decisions on system architectures Target systems: Space vehicle and other constrained computing environments Development phase: Architectural decisions made during the early design impact Decisions supported: Extent and type of redundancy Tradeoffs of reliability vs. Weight, power, and functional capability Failure rate and recovery time requirements Strategies for recovering from control and payload computing disruptions Handling failure propagation and common mode failures 3

Introducing the Architecture Analysis & Design Language (AADL) Society of Automotive Engineers (SAE) Aerospace Standard AS5506 (2004) Preceded by more than a decade of development under the DARPA Meta- H program Includes representations of software, computational hardware, and system components for specifying and analyzing real-time embedded systems, mapping of software onto computational hardware elements. Effective for model-based d analysis and specification Evolved from DARPA Meta H project Highly structured, defined semantics allows for modeling and analysis Annex libraries define extensions to the core language concepts and syntax Error Annex of particular interest 4

AADL/UML/SysML Relationship Software and System Engineering SysML AADL SysML UML Profile Error Annex Behavioral Annex AADL UML Profile UML 2.0 MARTE Performance 5

AADL Components (graphical representation) text and xml representations also defined 6

AADL Hardware/Software Architecture Representation Bus Control Software Bus Control Software Payload Control Software data data data Vehicle Network BCP BCP PCP PCP Inter-BCP Bus Inter-PCP Bus 7

Major Features Provides a standardized textual and graphical notation for describing software and hardware system architectures and their functional interfaces Components have interactions, flows, and subcomponents Component interactions: ti Consists of directional flow throughh data ports for unqueued state data event data ports for queued message data event ports for asynchronous events synchronous subprogram calls explicit access to data components Different system configurations and topologies can be represented using the AADL mode concept 8

AADL Error Annex AADL annex that supports reliability analysis Defines error model State transition diagram that represents normal and failed states Error models can be associated with hardware components, software components, connections, and system (composite) components Error model consists of State definitions Propagations from and to other components Probability distribution and parameter definitions Allowed state transitions and probabilities 9

AADL Error Model Example Failvisible (in) error model example features ErrorFree: initial error state; Failed: error state; Fail: error event {Occurrence => poisson lambda}; Repair: error event {Occurrence => poisson mu}; Failvisible: in out error propagation {Occurrence => fixed p}; end example; error model implementation example.general transitions ErrorFree-[Fail]->Failed; Failed-[Repair]->ErrorFree; ErrorFree-[in Failvisible]->Failed; Failed-[out Failvisible]->Failed; end example.general; Failvisib le (out), pro b p 10 More information: Feiler (2007)

AADL Modeling Environment Error Models TopCASED Graphical Editor OSATE modeling environment (meta- model, text editor, parser) AADL File Eclipse Graphical Modeling Framework (GMF) Eclipse Graphical Editing Framework (GEF) Eclipe Modeling Framework (EMF) Technology ogy (EMFT) (Object Constraint Language (OCL), Query, Transaction, and Validation features, EMF Service Data Objects (SDO), XML Schema Definition (XSD) Infoset Model) Eclipse Interactive Development Environment Eclipse Modeling Tools 11

AADL transformation ADAPT Tool (Ana Rugina, LAAS-CNRS) Packaged as an eclipse plug-in Takes in AADL architecture and error behavior information Converts to a general stochastic petri net Outputs GSPN information to an XML file ADAPT-MOBIUS Converter Takes in the ADAPT XML file. Converts a GSPN to a Mobius Stochastic Activity Network Outputs SAN information to an XML format. 12

Open Source AADL Tool Environment (OSATE) Based on Eclipse Release 3 Parsing & semantic checking of approved AADL AADL (Text) to AAXL (XML) and back Syntax-sensitive text editor Syntax-Sensitive AADL Object Editor AADL property viewer AADL to MetaH translator Online help Graphical layout editor Multi-file XML support First analysis plug-ins More information: www.osate.org 13

MOBIUS Modeling Tool Developed by the University of Illinois at Urbana Champaign System-level l performance and dependability d modeling Based on stochastic analysis network representation More information: www.mobius.uiuc.edu 14

More on Stochastic Activity Networks Input Gate Activity Place Output Gate Can handle recoverable redundant systems with multiple states Adaptation of Petri Nets Evaluated using Mobius Software Developed by University of Illinois at Urbana-Champaign Advantages: Simulation-based solution; does not require assumption of exponential distribution Allows for higher fidelity modeling of spacecraft recovery models Possible alternatives: Stochastic ti Petri Nets Markov models 15

TOPCASED Graphical Editor Open-Source Meta-modeling toolset A model type or a language can be described using a meta model or a meta language The Open Modeling Group (OMG) defined a 4-layer model M3-Meta modeling language (ECORE modification of MOF used by TOPCASED) M2-Meta-model (schemas, AADL definition) M1 Model (AADL, finite state machine) M0 Real Object AADL representation in ECORE TOPCASED can graphically represent ECORE More information: www.topcased.org 16

Example: Low Earth Orbit Space System (LSS) Description of System The system contains one Bus Control Unit (BCU) and on Payload Control Unit (PCU). Each Control Unit contains two Control Channels comprised of one piece of Control Software (BCS, PCS) and one Control Processor (BCP, PCP). The BCU is in hot backup with imperfect switching assumed. The PCU is in cold backup with perfect switching assumed (thus it is modeled as having only one Control Channel). The Payload relies on the Bus, thus whenever the Bus is in Standby, the Payload goes to Standby. 17

System Representation (1/2) Static Architecture Spacecraft Bus Spacecraft Payload BCU PCU BCP Primary channel BCS SI BCP Standby (Backup) channel BCS SI PCP Primary channel PCS SI PCP Standby (Backup) channel PCS SI 18

AADL Representation (using TOPCASED) 19

AADL Representation (using TOPCASED, continued) S (next hierarchical level) 20

AADL Representation (using TOPCASED, continued) (both Primary and Backup) 21

Error Model Editor 22

Error Model Implementation for BCU Backup Processor error model implementation BCS.impl transitions Active -[Failing]-> >ReportDown; Active -[in Sleep]-> Standby; ReportDown -[out BCSFail]-> Down; Active -[in Terminate]-> Terminated; Down -[Fail_case_Minor]-> >DownMinor; Down -[Fail_case_Major]-> DownMajor; DownMinor -[MinorRepair]-> ReportStandby; DownMajor -[MajorRepair]-> ReportStandby; ReportStandby -[out BCSStandby]-> Standby; Standby -[in Wake]-> Active; Standby -[ in SwitchFail ]-> Down; Standby -[ in Terminate]-> Terminated; Active -[in CPUFail]> ]-> ReportTerminated; ReportTerminated -[out BCSTerminate]-> Terminated; end BCS.impl; 23

Stochastic Analysis Representation (product of ADAPT-M conversion) 24

LSS Results of MoBIUS processing Performance Variable Simulated Mean Value Mission i Duration 95038 hours Space Vehicle Online Time Payload Online Time Payload Down Time Bus Online Time 67291 hours 67291 hours 26026 hours 71069 hours 25

Future Plans TOPCASED robustness improvements Addition of Graphical Error Model Generator Support for additional back end model evaluators Application to more systems 26

Conclusions A tool set using a common language between system engineering and dependability engineering Can enable better decision support Enables tradeoffs and analyses during the early design phases, but can be used during other phases AADL currently offers the best semantics Failure rate and failure mode definition Inclusion of probability distributions but progress is being made in other OMG-sponsored efforts Tool set is based on public domain software Enables cooperative development Less dependence on commercial vendor viability challenging in a dynamic and small market place 27

Acronyms ADAPT: AADL Architectural models to stochastic Petri nets through model Transformation, AADL: Architecture Analysis & Design Language BCP: Bus Control Processor BCS: Bus Control Software BCU: Bus Control Unit EMF: Eclipse Modeling Framework (part of Eclipse) GEF: Graphical Editing Framework (part of Eclipse) GMF: Graphical Modeling Framework (part of Eclipse) GSPN: Generalized Stochastic Petri Net LSS: Low Orbit Space System MOBIUS: Model-Based Environment for Validation of System Reliability, Availability, Security, and Performance OSATE: Open Source AADL Tool Environment (Software tool integrated into Eclipse) PCP: Payload Control Processor PCS: Payload Control Software PCU: Payload Control Unit SAN: Stochastic Analysis Network TOPCASED: Toolkit In OPen source for Critical Applications & SystEms Development 28

References Society of Automotive Engineers (SAE) Aerospace Standard AS5506 (2004) A. Rugina, K. Kanoun, M Kaaniche, The ADAPT Tool: From AADL Architectural Models to Stochastic Petri Nets through Model Transformation, 7th European Dependable Computing Conference (EDCC), Kaunas : Lituanie (2008) Peter Feiler and Anna Rugina, Dependability Modeling with the Architecture Analysis & Design Language (AADL), Software Engineering Institute report CMU/SEI-2007-TN-043, July 2007, available from www.sei.cmu.edu D. D. Deavours, G. Clark, T. Courtney, D. Daly, S. Derisavi, J. M. Doyle, W. H. Sanders, and P. G. Webster, The Mobius framework and its implementation, IEEE Trans. on Soft. Eng., vol. 28, no. 10, pp. 956 969, 969, October 2002. 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback