11/19/2007 CIS Dept., UMass Dartmouth 1 DRBD: Dynamic Reliability Block Diagram for System Reliability Modeling Prof. Haiping Xu Concurrent Software Systems.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Eugene Syriani and Huseyin Ergin University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Based on: Petri Nets and Industrial Applications: A Tutorial

Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.

UPPAAL Introduction Chien-Liang Chen.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

Formal verification of safety communication protocol for ETCS Chen Lijie  Introduction  Safety communication protocol in ETCS  CPN model.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Petri net modeling of biological networks Claudine Chaouiya.

Banker’s Algorithm Implementation in CPN Tools Michal Žarnay Department of Transportation Networks University of Žilina, Slovakia.

VERTAF: An Application Framework for Design and Verification of Embedded Real-Time Software Pao-Ann Hsiung, Shang-Wei Lin, Chih-Hao Tseng, Trong-Yen Lee,

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

10/09/2006CIS Dept., UMass Dartmouth1 A Petri Net Based XML Firewall Security Model for Web Services Invocation Prof. Haiping Xu Concurrent Software Systems.

1 Petri Nets H Plan: –Introduce basics of Petri Net models –Define notation and terminology used –Show examples of Petri Net models u Calaway Park model.

FunState – An Internal Design Representation for Codesign A model that enables representations of different types of system components. Mixture of functional.

12/07/2007Jiacun Wang1 SE-561 Math Foundations Petri Nets - II Dr. Jiacun Wang Department of Software Engineering Monmouth University.

09/28/2007 CIS Dept., UMass Dartmouth 1 Trustworthy Agent-Based Online Auction Systems Prof. Haiping Xu Concurrent Software Systems Laboratory Computer.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.

Modelling with Coloured Petri Nets Søren Christensen Department of Computer Science University of Aarhus.

Modeling State-Dependent Objects Using Colored Petri Nets

Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.

History-Dependent Petri Nets Kees van Hee, Alexander Serebrenik, Natalia Sidorova, Wil van der Aalst ?

5/26/2005CIS Dept., UMass Dartmouth1 A Methodology for Role- Based Modeling of Open Multi-Agent Software Systems Prof. Haiping Xu Concurrent Software Systems.

Chapter 3 : Software Process and Other Models Juthawut Chantharamalee Curriculum of Computer Science Faculty of Science and Technology, Suan Dusit University.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

PETRINETS Nipun Devlekar Zauja Lahtau. PETRINETS DEFINITION : DEFINITION :  PETRINET (place/ transition net): a formal, graphical, executable technique.

程建群博士(Dr. Jason Cheng) 年03月

An Introduction to Programming and Object-Oriented Design Using Java By Jaime Niño and Fred Hosch Slides by Darwin Baines and Robert Burton.

A Novel Method for Formally Detecting RFID Event Using Petri Nets SEKE 2011.

Introduction to Formal Methods Based on Jeannette M. Wing. A Specifier's Introduction to Formal Methods. IEEE Computer, 23(9):8-24, September,

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

CEFRIEL Consorzio per la Formazione e la Ricerca in Ingegneria dell’Informazione Politecnico di Milano Model Checking UML Specifications of Real Time Software.

Software Engineering Research paper presentation Ali Ahmad Formal Approaches to Software Testing Hierarchal GUI Test Case Generation Using Automated Planning.

Foundations of Software Testing Chapter 1: Preliminaries Last update: September 3, 2007 These slides are copyrighted. They are for use with the Foundations.

CY2003 Computer Systems Lecture 7 Petri net. © LJMU, 2004CY2003- Week 72 Overview Petri net –concepts –Petri net representation –Firing a transition –Marks.

Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 15 More Advanced Program Properties: Temporal logic and jSpin John Gurd,

University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes.

Stochastic Activity Networks ( SAN ) Sharif University of Technology,Computer Engineer Department, Winter 2013 Verification of Reactive Systems Mohammad.

Integrating UML and Petri Nets Problem with Current Software Engineering Methodology Stochastic Petri nets and their useful properties Translating UML.

1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.

3 June Paris Seminar Modelling and Analysis of TCP’s Connection Management Procedures Jonathan Billington and Bing Han Computer Systems Engineering.

Petri Nets Lecturer: Roohollah Abdipour. Agenda Introduction Petri Net Modelling with Petri Net Analysis of Petri net 2.

Modelling by Petri nets

Modeling Mobile-Agent-based Collaborative Processing in Sensor Networks Using Generalized Stochastic Petri Nets Hongtao Du, Hairong Qi, Gregory Peterson.

School of Computer Science, The University of Adelaide© The University of Adelaide, Control Data Flow Graphs An experiment using Design/CPN Sue Tyerman.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

CSCI1600: Embedded and Real Time Software Lecture 11: Modeling IV: Concurrency Steven Reiss, Fall 2015.

School of Computer Science & Software Engineering

CAP 4800/CAP 5805: Computer Simulation Concepts

Requirements Engineering Methods for Requirements Engineering Lecture-31.

Requirement Analysis SOFTWARE ENGINEERING. What are Requirements? Expression of desired behavior Deals with objects or entities, the states they can be.

Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

A SUPPORT TOOL FOR THE REACHABILITY AND OTHER PETRI NETS- RELATED PROBLEMS AND FORMAL DESIGN AND ANALYSIS OF DISCRETE SYSTEMS Department of Computers and.

Requirements Techniques, cont.

2. Specification and Modeling

Introduction to Agents

Workflow Management Systems

CSCI1600: Embedded and Real Time Software

CSCI1600: Embedded and Real Time Software

CSCI1600: Embedded and Real Time Software

Department of Computer Science Abdul Wali Khan University Mardan

An Introduction to Petri Nets

CSCI1600: Embedded and Real Time Software

Presentation transcript:

11/19/2007 CIS Dept., UMass Dartmouth 1 DRBD: Dynamic Reliability Block Diagram for System Reliability Modeling Prof. Haiping Xu Concurrent Software Systems Laboratory Computer and Information Science Department University of Massachusetts Dartmouth

11/19/2007CIS Dept., UMass Dartmouth2 Acknowledgement Dr. Liudong Xing, Assistant Professor Electrical and Computer Engineering Department University of Massachusetts Dartmouth Ryan Robidoux, Graduate Student Concurrent Software Systems Laboratory Computer and Information Science Department University of Massachusetts Dartmouth

11/19/2007CIS Dept., UMass Dartmouth3 Outline DRBD controller component blocks Development of DRBD models (example) Formal specifications of DRBD constructs Formal verification of DRBD models Conversion of DRBD models into colored Petri nets (CPN) Case study: modeling, verification Conclusions and future work

11/19/2007CIS Dept., UMass Dartmouth4 A Motivating Example When the primary cluster head fails, the secondary cluster head will be automatically activated. Sensor nodes in S1 can be put into a sleeping mode, and sensor nodes in S2 will be activated. How to model the state dependency between S1 and S2: Deactivation -> Activation dependency? Initially, sensor nodes in S1 are operational; sensor nodes in S2 are in a sleeping mode

11/19/2007CIS Dept., UMass Dartmouth5 The State of the Art Most of the existing reliability modeling state tools (e.g., RBD) cannot capture the state dependency dependency between components. DFT Other tools, such as Dynamic Fault Tree (DFT), may support modeling a functional dependency The failure of a component causes some other dependent components to become inaccessible or unusable However, it still cannot capture the Deactivation -> Activation state dependency between components. DRB D We propose a set of new Dynamic Reliability Block Diagram (DRBD) constructs as an extension to the existing RBD modeling tool.

11/19/2007CIS Dept., UMass Dartmouth6 DRBD Controller Component Blocks A A stands for an activation event occurred on a component that leads to an Active state of that component, D D stands for a deactivation event occurred on a component that leads to a Standby state of that component, and F F stands for a failure event occurred on a component that leads to a Failed state of that component.

11/19/2007CIS Dept., UMass Dartmouth7 DRBD Model of the WSN Example The failure of the primary cluster head will automatically activate the secondary cluster head. The components labeled S1 and S2 represent the two sets of sensor nodes that may work alternatively. The deactivation of S1 (S2) will automatically activate S2 (S1). A A: Activation D D: Deactivation F F: Failure

11/19/2007CIS Dept., UMass Dartmouth8 Formal Specifications To support formal verification and validation of our proposed DRBD model, it is necessary to formally define the DRBD modeling constructs. Provide the denotational semantics for the development of DRBD models in a precise manner. Help to eliminate ambiguity in a constructed DRBD model. Question 1: Question 1: When component C1 fails, will C4 be in a state of Active or Standby, or will the result be nondeterministic? DRBD Model

11/19/2007CIS Dept., UMass Dartmouth9 Object-Z Specification The target events do not occur simultaneously, but with some random time delay  c for target component c. The failure of C2 and deactivation of C3 will not happen immediately after the failure of C1. Which state C4 will be in (Active or Standby) is nondeterministic. Question 2: Question 2: How can we be confident that the model is an accurate representation of the actual system?

11/19/2007CIS Dept., UMass Dartmouth10 Formal Verification Approach Testing or simulations are not suitable for verifying DRBD models because it is almost impossible to cover all cases. Use formal methods (e.g., model checking techniques) to verify the behavioral properties of a DRBD model before the evaluation process starts. Use temporal logic to specify system properties Property P: Property P: “If component A fails, component B and C will also fail, which leads to the failure of the whole system S.” [](  A  (  B  C)  <>  S) The temporal formula in LTL (Linear Temporal Logic) can be written as [](  A  (  B  C)  <>  S) When a DRBD model is proved to be incorrect Any quantitative evaluation results might be unusable. The DRBD model needs to be fixed.

11/19/2007CIS Dept., UMass Dartmouth11 Formal Verification Models DRBD models are not formally defined & executable. Object-Z specifications of DRBD constructs are formal specifications, however Are not feasible for verification of behavioral properties. Have no effective analysis and verification tool support. Convert a DRBD model into a formal executable model such as a state machine or a Petri net model. We adopt Colored Petri Net (CPN) model because Is user friendly based on its graphical notations. Has powerful, but intuitive rules for defining structure and dynamic behaviors. Has many existing analysis and verification tools. CPN

11/19/2007CIS Dept., UMass Dartmouth12 “ Three-in-one ” capability of Petri net models [Murata 1989] Graphical representation Mathematical description Simulation tool Definition: A Petri net is a 4-tuple, PN = (P, T, F, M 0 ) where P = {P1, P2, …, Pm} is a finite set of places; T = {t1, t2, …, tn} is a finite set of transitions; F  (P x T)  (T x P) is a set of arcs (flow relation); M 0 : P --> {0, 1, 2, 3, … } is the initial marking. Introduction to Petri Net

11/19/2007CIS Dept., UMass Dartmouth13 P4 P2 P5 t1 t5 t3 t4 t2 P1 P3 An Ordinary Petri Net In an ordinary Petri net, tokens are all of color black. In a Colored Petri net (CPN or CP-net), Colors of tokens can represent values. A transition may have a guard and executable code.

11/19/2007CIS Dept., UMass Dartmouth14 Convert DBBD into CPN Models Define three different colors/states: Active, Standby and Failed. A transition is associated with a guard and executable code [x=Failed, y=Active] Can fire only if the guard [x=Failed, y=Active] evaluates to true. output(z);action(Standby) Code output(z);action(Standby) deposits a Standby token in C2.

11/19/2007CIS Dept., UMass Dartmouth15 A Case Study Router R1 is connected to two server computers C1 and C2. Server computers C1 and C2 are load sharing servers. When router R1 fails, the computers C1 and C2 will be deactivated. To make the system more reliable, we introduce a cold spare (CSP) for router R1, which is represented by component R2.

11/19/2007CIS Dept., UMass Dartmouth16 Colored Petri Net Model

11/19/2007CIS Dept., UMass Dartmouth17 Analysis Results Result-1Result-2 Statistics State Space Nodes: 33 Arcs: 69 Secs: 0 Status: Full Scc Graph Nodes: 33 Arcs: 62 Secs: 0 Liveness Properties Dead Markings [32] Dead Transition Instances Router'SDEP_R2_C1 1 Router'SDEP_R2_C2 1 Live Transition Instances None DeadMarking(32) val it = true : bool print(NodeDescriptor 32) : C1 1: 1`Standby C2 1: 1`Standby R1 1: empty R2 1: empty R1_or_R2 1: 1`Active Syn_1 1: empty Syn_2 1: empty System_down 1: empty System_up 1: empty val it = () : unit Reachable'(1, 32) A path from node 1 to 32: [1, 3, 11, 25, 30, 32] val it = true : bool

11/19/2007CIS Dept., UMass Dartmouth18 Deadlock in CPN

11/19/2007CIS Dept., UMass Dartmouth19 Revised DRBD Model SDEP AA A A

11/19/2007CIS Dept., UMass Dartmouth20 Analysis Results (after revision) Result-3 Statistics State Space Nodes: 67 Arcs: 162 Secs: 0 Status: Full Scc Graph Nodes: 67 Arcs: 141 Secs: 0 Liveness Properties Dead Markings None Dead Transition Instances None Live Transition Instances None Fix the colored Petri net model by adding New transition SDEP_R2_C12 New synchronization place Syn_3 And arcs and guards The analysis results show no deadlock markings. Question 3: Question 3: How to verify additional properties?

11/19/2007CIS Dept., UMass Dartmouth21 Model Checking Results FormulasASK-CTL in ML After Rev Before Rev Formula_1 val myASKCTLformula = EXIST_UNTIL(TT,NOT(MODAL(TT))); eval_node myASKCTLformula InitNode; falsetrue Functions fun R1_Failed n = (Mark.R1 1 n = 1`Failed); fun R2_Failed n = (Mark.R2 1 n = 1`Failed); fun SystemFailed n = (Mark.System_down 1 n = 1`true); -- Formula_2 val isFailed = FORALL_UNTIL(TT, NF("",SystemFailed)); val system = OR(NOT(NF("", R2_Failed)), isFailed); val myASKCTLformula = INV(system); eval_node myASKCTLformula InitNode true Formula_3 val isFailed = FORALL_UNTIL(TT, NF("",SystemFailed)); val system = OR(NOT(NF("", R1_Failed)), isFailed); val myASKCTLformula = INV(system); eval_node myASKCTLformula InitNode; falsetrue

11/19/2007CIS Dept., UMass Dartmouth22 Conclusions and Future Work D RBD Proposed a new modeling approach called Dynamic Reliability Block Diagrams (DRBD) Resolves the shortcomings of the existing work. Provides a powerful but easy-to-use reliability modeling tool for complex and large computer-based systems. Supports automated verification of DRBD models. Develop a software tool that can automatically translate DRBD models into colored Petri nets. Study efficient evaluation methods for DRBD models. Develop a comprehensive system reliability modeling tool that supports editing, formal verification, and evaluation of DRBD models.

11/19/2007CIS Dept., UMass Dartmouth23 Related Publications R. Robidoux, H. Xu, and L. Xing Towards Automated Verification of Dynamic Reliability Block Diagrams. To be submitted to journal, Computer and Information Science Dept., UMass Dartmouth, November L. Xing, H. Xu, S. V. Amari, and W. Wang A New Framework for Complex System Reliability Analysis: Modeling, Verification, and Evaluation. Submitted to Journal of Autonomic and Trusted Computing (JoATC), September H. Xu, L. Xing, and R. Robidoux DRBD: Dynamic Reliability Block Diagrams for System Reliability Modeling. Submitted to International Journal of Computers and Applications (IJCA), August H. Xu and L. Xing Formal Semantics and Verification of Dynamic Reliability Block Diagrams for System Reliability Modeling. In Proceedings of the 11th International Conference on Software Engineering and Applications (SEA 2007), November 19-21, 2007, Cambridge, Massachusetts, USA. Contact Information Haiping Xu, Assistant Professor Computer and Information Science (CIS) Department, College of Engineering University of Massachusetts Dartmouth Phone : (508) Liudong Xing, Assistant Professor Electrical and Computer Engineering (ECE) Department, College of Engineering University of Massachusetts Dartmouth Phone : (508)

11/19/2007 CIS Dept., UMass Dartmouth 24 Questions? The slides for this talk can be downloaded from