Presentation is loading. Please wait.

Presentation is loading. Please wait.

May 9, 2008IPA Lentedagen, Rhenen1 Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains Hichem Boudali 1, Pepijn Crouzen 2, and Mariëlle.

Published byDuane Williams Modified over 9 years ago

Similar presentations

Presentation on theme: "May 9, 2008IPA Lentedagen, Rhenen1 Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains Hichem Boudali 1, Pepijn Crouzen 2, and Mariëlle."— Presentation transcript:

1 May 9, 2008IPA Lentedagen, Rhenen1 Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains Hichem Boudali 1, Pepijn Crouzen 2, and Mariëlle Stoelinga 1. 1 Formal Methods and Tools group CS, University of Twente, NL. 2 Dependable Systems and Software group, CS, Saarland University, Germany

2 May 9, 2008IPA Lentedagen, Rhenen2 Introduction: Dependability Dependability: The trustworthiness of a computer system such that reliance can justifiably be placed upon the service it delivers. Reliability: The probability that a computer system does not fail within a given time bound.

3 May 9, 2008IPA Lentedagen, Rhenen3 Introduction: Formal dependability  Continuous-time Markov chains (CTMC)  States and Markovian transitions  Probability of traversing a λ- transition within t time-units is: 1-e -λt  Tools: Reachability analysis (among others) λ μ μ λ

4 May 9, 2008IPA Lentedagen, Rhenen4 Introduction: CTMC characteristics  CTMCs describe probability distributions (phase-type distributions)  Phase-type distributions can approximate any arbitrary distribution arbitrarily closely  Goal: Find a CTMC which describes the probability of system failure within t time- units (i.e. the unreliability of the system)  Problem: Difficult to find the CTMC that models a large system λ μ μ λ

5 May 9, 2008IPA Lentedagen, Rhenen5 Introduction: Engineering dependability  Fault Trees (1960’s)  Graphical  Easy to use  Syntax:  Basic events  Gates  Semantics: logical formula  Problem: Not expressive enough Mem1 fails CPU fails Workstation fails OR AND Mem1 fails

6 May 9, 2008IPA Lentedagen, Rhenen6 Introduction: Engineering dependability  Dynamic Fault Trees (1992)  Extension of classic fault trees  Additions:  Use of spares  Dependencies  Order-based failure  Tools:  Convert to CTMC P2P2 System failure P1P1 SPARE OR S

7 May 9, 2008IPA Lentedagen, Rhenen7 But… DFT Drawbacks  Scalability  Ambiguous syntax and semantics  Lack of modularity:  Dynamic modules can not be reused  Restrictions on spares and dependencies  Existing analysis technique is hard to extend or modify

8 May 9, 2008IPA Lentedagen, Rhenen8 Outline  Case study: FTPP system  DFT approach  Formalizing DFTs  DFT semantics in I/O-IMCs  Deep compositionality  Extending the DFT formalism  Conclusion  Future work

9 May 9, 2008IPA Lentedagen, Rhenen9 Case study: FTPP A D C B A D C B ADCB ADCB NE1 NE3 NE2NE2 NE4NE4  16 processors divided into 4 groups  4 network elements connect the processors  Per group 2 processors must be operational  Different configurations are possible

10 May 9, 2008IPA Lentedagen, Rhenen10 D D D D S S S S C B AA C B A B C C A B NE1 NE3 NE2NE2 NE4NE4 Case study: FTPP  16 processors divided into 4 groups  4 network elements connect the processors  Per group 2 processors must be operational  Different configurations are possible  Dynamic redundancy management is possible How reliable is each configuration?

11 May 9, 2008IPA Lentedagen, Rhenen11 FTPP DFT S S S S C B AA C B A B C C A B NE1 NE3 NE2NE2 NE4NE4

12 May 9, 2008IPA Lentedagen, Rhenen12 C AB 0.2 0.4 Failure rate: 0.2 f/h Failure rate: 0.4 f/h AND-gate Starting state: A is operational B is operational A has failed B is operational Pr(A fails in T hours) = 1 – e -0.2T A’s Mean time to failure = 1/0.2 = 5 hours A is operational B has failed A has failed B has failed  For static fault trees binary decision diagrams can be used!  Otherwise: Convert the DFT into a CTMC.  Analyze CTMC using standard solution techniques. Existing DFT analysis [Dugan et al. 1992] Unreliability = Prob[Reaching in time T] But…  State space explosion: CTMC grows exponentially  FTPP difficult to analyze

13 May 9, 2008IPA Lentedagen, Rhenen13 FTPP Results Group 1 Failure 2/3 S CBA Group 2 Failure 2/3 S CBA Group 3 Failure 2/3 S CBA Group 4 Failure 2/3 S CBA System Failure FDEP NE1 AAAA FDEP NE2 BBBB FDEP NE3 CCCC FDEP NE4 SSSS Analysis method Max number of states Max number of transitions Unreliability (T=10) Standard327574268262.55479 · 10 -8 Compositional1325141532.55479 · 10 -8 S S S S C B AA C B A B C C A B NE1 NE3 NE2NE2 NE4NE4

14 May 9, 2008IPA Lentedagen, Rhenen14 What’s behind it?  Model local behavior  We need compositional Markov chains  Combination of LTS and CTMC, with I/O automata features  Markovian transitions (CTMC)  Interactive transitions (LTS)  Action signature (IOA)  ? - Input actions  ! - Output actions  ; - Internal actions λ failed! I/O-IMC for Basic event Input/Output Interactive Markov Chains (I/O-IMC)

15 May 9, 2008IPA Lentedagen, Rhenen15  Properties of IMCs:  Combines stochastic behavior and interactive behavior orthogonally  CSP-style synchronization + interleaving semantics  Maximal progress for internal transitions  Properties of IOIMCs:  Unique outputs  Input enabledness  Outputs cannot be blocked!  Maximal progress for output transitions Input/Output Interactive Markov Chains λ τ

16 May 9, 2008IPA Lentedagen, Rhenen16 f(C)! f(A)? f(B)? f(A)? f(C)! f(A)? f(B)? DFT semantics DFT gate to I/O-IMC

17 May 9, 2008IPA Lentedagen, Rhenen17 What is deep compositionality? Group 1 Failure 2/3 S CBA  Semantics of a DFT arises naturally as composition of the semantics of its building blocks  But: This may lead to huge models. f(G1) f(NE1)f(NE4)… f(NE1)f(NE4) f(G1) f(NE2)f(NE3)

18 May 9, 2008IPA Lentedagen, Rhenen18 Why use deep compositionality?  Formally define semantics  Many useful techniques  Combining models: Composition  Refining models: Hiding  Minimizing models: Bisimulation  Reusing models: Renaming  Well supported by CADP toolset (VASY/INRIA) Combat State-space explosion

19 May 9, 2008IPA Lentedagen, Rhenen19 Compositional Aggregation Translation Composition + Abstraction Aggregation (minimization) Repeat Aggregated system CTMC (CTMDP) Result: System failure probability Analysis

20 May 9, 2008IPA Lentedagen, Rhenen20 Compositional Aggregation Example f(C)! f(A)? f(B)? f(A)? Failure rate: 0.2 f/h Failure rate: 0.4 f/h f(A)! 0.2 f(B)! 0.4

21 May 9, 2008IPA Lentedagen, Rhenen21 Compositional Aggregation Parallel Composition 1 2 3 1 2 3 4 5 1||1 0.2 f(A)! f(A)? f(B)? f(C)! 0.2 f(B)? f(A)! f(C)! 1||2 2||3 3||1 f(B)? 0.2 f(A)! 3||2 4||35||3 Inputs: f(A)? and f(B)? Outputs: f(C)! Inputs: none Outputs: f(A)! C A C||A Synchronize on f(A)

22 May 9, 2008IPA Lentedagen, Rhenen22 f(A); f(A)! Compositional Aggregation Abstraction (hiding) 1||1 0.2 f(B)? 0.2 f(C)! 1||2 2||3 3||1 3||2 4||35||3 C AB Abstraction (hiding): Makes signal internal

23 May 9, 2008IPA Lentedagen, Rhenen23 f(A); Compositional Aggregation Aggregation (weak bisimulation) 1||1 0.2 f(B)? 0.2 f(C)! 1||2 2||3 3||1 3||2 4||35||3 Weak bisimulation: Disregard internal steps Aggregation: Finding a smaller model equivalent (behaviorally) to the original

24 May 9, 2008IPA Lentedagen, Rhenen24 Compositional Aggregation Example (continued) 1 2 3 1 2 3 4 5 1||1 0.2 f(B)! 0.2 f(B)? f(C)! 0.2 0.4 2||1 1||2 0.4 0.2 2||2 C||A B C||A||B f(B)! 4||3 3||3 0.2 f(C)! 5||3

25 May 9, 2008IPA Lentedagen, Rhenen25 Compositional Aggregation Example (continued) 0.2 0.4 0.2 C||A||B f(C)!

26 May 9, 2008IPA Lentedagen, Rhenen26 DFT extensions  Extensions:  Inhibition  Repair-policies  Complex spares  Complex dependencies ……  Adding extensions in the compositional framework is easy:  Modify translation of DFT building blocks  Compositional aggregation algorithm is unaltered Free! DSN07

27 May 9, 2008IPA Lentedagen, Rhenen27 Extension: Repair f(C)! f(A)? f(B)? f(A)? r(C)! r(A)? r(B)? r(C)! r(A)? r(B)? r(A)? λ f(A)! µ r(A)! AND-gate C Basic event A

28 May 9, 2008IPA Lentedagen, Rhenen28 Conclusion: How we tackled drawbacks  State-space explosion.  Ambiguous syntax and semantics.  Lack of modularity:  Dynamic modules can not be reused.  Restrictions on spares and dependencies.  Existing analysis technique is hard to extend and/or modify. Compositional Aggregation DAG Extensions at the lowest level I/O-IMC Formal translation Renaming! Lifted!

29 May 9, 2008IPA Lentedagen, Rhenen29 Future work  Fully automated tool (CORAL)  More aggressive state reduction  Recent work: specialized acyclic algorithm  Apply deep compositionality to more advanced engineering formalisms! (see Boudali et al., DSN08)  Extend DFT formalism  Repair  Failure modes  Non-exponential failure distributions  Sophisticated dependencies

30 May 9, 2008IPA Lentedagen, Rhenen30 The end! Questions?

Download ppt "May 9, 2008IPA Lentedagen, Rhenen1 Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains Hichem Boudali 1, Pepijn Crouzen 2, and Mariëlle."

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
March 8, 20071 Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains Hichem Boudali, Pepijn Crouzen, and Mariëlle Stoelinga. Formal.

March 8, Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains Hichem Boudali, Pepijn Crouzen, and Mariëlle Stoelinga. Formal.
Performance Model Checking Scenario-Aware Dataflow Bart Theelen, Marc Geilen, Jeroen Voeten.

Performance Model Checking Scenario-Aware Dataflow Bart Theelen, Marc Geilen, Jeroen Voeten.
Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.

Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
1 Fault-Tolerant Computing Systems #6 Network Reliability Pattara Leelaprute Computer Engineering Department Kasetsart University

1 Fault-Tolerant Computing Systems #6 Network Reliability Pattara Leelaprute Computer Engineering Department Kasetsart University
COE 444 – Internetwork Design & Management Dr. Marwan Abu-Amara Computer Engineering Department King Fahd University of Petroleum and Minerals.

COE 444 – Internetwork Design & Management Dr. Marwan Abu-Amara Computer Engineering Department King Fahd University of Petroleum and Minerals.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Anna Philippou Department of Computer Science University of Cyprus Joint work with Mauricio Toro Department of Comp. Sc. EAFIT University Christina Kassara.

Anna Philippou Department of Computer Science University of Cyprus Joint work with Mauricio Toro Department of Comp. Sc. EAFIT University Christina Kassara.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Coral: a tool for Compositional Reliability and Availability analysis † Hichem Boudali 1, Pepijn Crouzen 2, and Mari ë lle Stoelinga 1. 1 Formal Methods.

Coral: a tool for Compositional Reliability and Availability analysis † Hichem Boudali 1, Pepijn Crouzen 2, and Mari ë lle Stoelinga 1. 1 Formal Methods.
Markov Reward Models By H. Momeni Supervisor: Dr. Abdollahi Azgomi.

Markov Reward Models By H. Momeni Supervisor: Dr. Abdollahi Azgomi.
Gossiping with IOIMCs Pepijn Crouzen Saarland University.

Gossiping with IOIMCs Pepijn Crouzen Saarland University.
Model checking dynamic states in GROOVE Arend Rensink Formal Methods and Tools University of Twente.

Model checking dynamic states in GROOVE Arend Rensink Formal Methods and Tools University of Twente.
1 Ivan Lanese Computer Science Department University of Bologna Roberto Bruni Computer Science Department University of Pisa A mobile calculus with parametric.

1 Ivan Lanese Computer Science Department University of Bologna Roberto Bruni Computer Science Department University of Pisa A mobile calculus with parametric.
21-February-2003cse403-14-Architecture © 2003 University of Washington1 Architecture CSE 403, Winter 2003 Software Engineering

21-February-2003cse Architecture © 2003 University of Washington1 Architecture CSE 403, Winter 2003 Software Engineering
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Models of Computation for Embedded System Design Alvise Bonivento.

Models of Computation for Embedded System Design Alvise Bonivento.
1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang.

1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang.

Similar presentations

Ads by Google