Download presentation
Presentation is loading. Please wait.
Published byKatherine McNamara Modified over 10 years ago
1
Dependability analysis and evolutionary design optimisation with HiP-HOPS Dr Yiannis Papadopoulos Department of Computer Science University of Hull, U.K. Fraunhofer IESE May 4 th 2011
2
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Motivation of work on System Dependability Analysis Increasing safety concerns: Computer controlled safety critical systems emerge in areas such as automotive, shipping, medical applications, industrial processes, etc. Reliability & availability concern a broader class of systems Increasing complexity of systems & reduced product development times & budgets cause difficulties in classical manual analyses p 2
3
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Why is automation needed? System Design Model If a component fault develops here On the outputs? What effect does the fault have? 3 p 3
4
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos In the University of Hull we develop: A method and tool that simplify dependability analysis and architecture optimisation by partly automating the process Known as Hierachically Performed - Hazard Origin and Propagation Studies (HiP-HOPS) p 4
5
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos HiP-HOPS p 5 Global view of failure: Failure annotations = of components System Model + Fault Tree Synthesis Algorithm System failures Component failures
6
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Valve Malfunctions Failure mode Description Failure rate Blocked e.g. by debris 1e - 6 partiallyBlocked e.g. by debris 5e - 5 stuckClosed Mechanically stuck 1.5e - 6 stuckOpen Mechanically stuck 1.5e - 5 Deviations of Flow at Valve Output Output Deviation Description Causes Omission - b Omission of flow Blocked or stuckClosed or Omission - a or Low - control Commission - b Commission of flow stuckOpen or Commission - a or High-control Low - b L ow flow partiallyBlocked or Low - a High-b High flow High-a Early - b Early flow Early - a or Early - control Late - b Late flow Late - a or Late - control a b b Component Failure Annotations p 6
7
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Hierarchical analysis Assessment of conditions that affect whole architectures, e.g. of common cause failures / combined HW-SW analysis p 7 System / Hardware Components / Allocated Software Analysis of conditions that affect whole system / effects of Hardware failure Local Safety Analyses of Components/ Propagation of failure through software
8
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Notions of Failure Classes (user defined), Input/Output Ports & Parameters Failure Logic: Boolean logic, recently enhanced with new temporal operators and a temporal logic. Concept for state-sensitive analysis Includes generalisation operators and iterators: e.g. any input failure propagates to all outputs Can be used for specification of reusable, inheritable, composable, failure patterns Language for Error Modelling p 8
9
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Tool Interface p 9
10
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Tool support (Example Steer-by-Wire) Simulink model: steer-by-wire system Synthesised Fault Trees Synthesised FMEA p 10
11
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Tool Maturity Tool has public interfaces (XML, DLL) which enable linking to modelling or drawing tools Has advanced capabilities for qualitative/probabilistic analysis (common causes, zonal analysis, supports a variety of probabilistic models) ITI GmbH has used the public interface to link its Simulation X modelling tool to the HiP-HOPS tool. Others (ALL4TEC, VECTOR) also interface Commercial launch of HiP-HOPS extension to Simulation X in 2011 p 11
12
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Further difficulties in dependability engineering and tool extension to support architecture optimisation How can system dependability be improved? Substitute components & sub-systems, increase frequency of maintenance, replicate Which solution achieves minimal cost? People evaluate a few options. This leads to unnecessary design iterations and sub- optimal solutions. p 12
13
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Work on Multi-objective Design Optimisation Hard optimisation problem that can only be addressed effectively with automation Objectives Dependability, Cost, Weight, … Objectives are conflicting (e.g. dependability and cost) p 13
14
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Multi-objective optimisation problem Find a solution x (element of solution space X), which satisfies a set of constrains and optimizes a vector of objective functions f(x)= [f 1 (x),f 2 (x),f 3 (x),…,f n (x)]. Search for Pareto Optimal (i.e. Non-dominated) Solutions A solution x 1 dominates another solution x 2 if x 1 matches or exceeds x 2 in all objectives. p 14
15
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Pareto Optimality Cost Reliability 3 1 3 1 1 1 1 1 3 2 4 5 9 5 Pareto Front p 15
16
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Optimisation concept Genetic Algorithm HiP-HOPS Modelling Tool Model, Variants Failure data parser analysis pareto front Set of Models representing optimal tradeoffs p 16
17
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos 12Primary Standby Genetic Algorithm: Making design variations p 17 1 1 Cost: 2 Reliability: 5 Cost: 3 Reliability: 7 Cost: 4 Reliability: 9 Cost: 3 Reliability: 8
18
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Fuel System Example p 18 Provide model, variants, failure data Cost: 511 Unavailability: 0.108366
19
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Fuel System Example p 19 Let tool find optimal solutions
20
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Fuel System Example p 20 Choose and get optimised design Cost: 834 Unavailability: 0.044986
21
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Optimisation in Action p 21
22
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Work on Temporal Safety Analysis Cutsets of a Classical fault tree I + A.B.C + A.S1 + A.B.S2 + D 1. No input at I 2. Failure of all of A, B, and C 3. Failure of A and S1 4. Failure of A, B, and S2 5. Failure of D I p 22
23
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos PAND-ORA: Hour or time (ORA [ώρα] in Greek) of PAND gates Uses Priority-AND (<, or before), Priority-OR (|) and Simultaneous-AND (&, or at the same time) operators to express temporal ordering of events Relative temporal relations between events can be expressed: X<Y, X&Y, and Y<X Minimal Cut-sequences New Temporal Laws can be used to simplify fault trees and calculate Minimal Cut-sequences The PANDORA Logic p 23
24
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Sequence Values A number indicating the order in which an event becomes true Events with the same sequence value are simultaneous Temporal Truth Tables (TTT) –Like Boolean truth tables but extended to use Sequence Values –Can be used to prove temporal laws –e.g. X.Y = X<Y + X&Y + Y<X Temporal Truth Tables p 24
25
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Minimal Cut-sequences I D [S1<A] [S1&A] [B<A] [B&A] [A<B].C A.[S2&B] A.[S2<B] Show that the triply redundant system is not triply redundant. Give a more refined and correct view of failure I D A.S1 A.B.C A.B.S2 I p 25
26
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Current Work ADLs:ADLs: Input to EAST-ADL automotive ADL in MAENAD FP7 project. Work towards harmonisation with AADL Dynamic Analysis:Dynamic Analysis: Synthesis of Temporal Fault Trees from State Machines Separation of Concerns:Separation of Concerns: Multi-perspective HiP-HOPS. Analysis of diagrams (SW-HW) linked with allocations Automatic allocation of safety requirements:Automatic allocation of safety requirements: E.g. in the form of SILs (Safety Integrity levels) OptimisationOptimisation: More objectives, More model transformations Link to Model-CheckersLink to Model-Checkers p 26
27
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Relation to the state-of-the-art compositional safety analysesOne of more advanced compositional safety analyses formal safety analyses &Less automated than formal safety analyses & does not do formal verification. simple algorithmsscales upHowever, uses simple algorithms and scales up well. Deductive analysis & good performance have enabled : Multiple failure mode FMEAs Architecture optimisation with greedy meta-heuristics Top-down allocation of safety requirements (SILs) Can complement other formal techniques Synthesis of State-Machines –> Input for Model Checker Additional functionalities (optimisation, SIL allocation, advanced probabilistic analyses) p 27
28
Fraunhofer IESE May 4 th 2011 Yiannis Papadopoulos Summary Shorter life-cycles, economic pressures, increasing complexity demand cost effective dependability engineering. HiP-HOPS simplifies aspects of this process. Can complement formal techniques. Can be used in conjunction with emerging ADLs. Supported by mature commercially available tool. Strong interest in automotive & shipping. Growing interest in aerospace. Applications by Germanischer Lloyd, Volvo, VW, Delphi, Fiat, Continental, Toyota/Denso, et al p 28
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.