Arcade: A formal, extensible, modelbased dependability evaluation framework

1
ArcadeA formal, extensible, model-based
dependability evaluation framework

• Hichem Boudali1, Pepijn Crouzen1,2, Boudewijn R.
  Haverkort1, Matthias Kuntz1, Mariëlle Stoelinga1

1CS, Twente University, The Netherlands 2CS,
Saarland University, Germany
2
Motivation/Goals

• Approaches to dependability evaluation
• Low level (CTMC, SPN, SPA)
• Dependability specific (fault trees)
• Architecture-based (AADL, UML)
• None is perfect, in terms of
• Modeling effort
• Hierarchy modularity
• Expressiveness
• (formal) Clear semantics
• Effective solution techniques

Our objective To devise a formalism that scores
high on all these aspects
3
Our solution Arcade methodology

• Architectural approach (system design)
• Expressive and extensible
• Modular modeling
• Formal semantics (based on I/O-IMC)
• Efficient state-space generation
  (compositional-aggregation technique)

4
Whats an I/O-IMC?

• Combination of I/O automata and CTMC
• Discrete state space
• Markovian transitions
• Interactive transitions
• Action signature
• ? - Input actions
• ! - Output actions
• - Internal actions
• Behavior of the system results from the
  composition of its elements.
• Well-defined composition operator bisimulation
  equivalence (state minimization)

?
failed!
5
Sketch of the proposal
6
Arcade Current status

• Use I/O-IMCs as the underlying formal semantics
• At an architectural level, we have
  identified/defined
• (1) Basic (physical/logical) components (BC)
• (2) Repair units (RU)
• (3) Spare management units (SMU)
• All kinds of behaviors/interactions/dependencies,
  e.g.
• Operational/failure modes
• Repair and spare management policies
• Functional dependencies
• Textual syntax (ultimately graphical and
  integrate to an ADL)
• To each component/unit corresponds a pre-defined
  basic I/O-IMC
• Use I/O-IMCs machinery to carry out state-space
  generation (compositional-aggregation technique)
  and analysis

7
Example Results
of states 98,056 of transitions
411,688 Unavailability (50 hours) 6.52100
10-10 Unreliability (50 hours) 52.92420 10-10
8
Arcade Tool chain
9
Arcade A summary
Architectural Dependability Evaluation with
Arcade. Dependable Systems Networks (DSN 2008),
Anchorage, Alaska, USA.

• Low modeling effort
• High level Graphical
• Standard features (BC, RU, SMU)
• Tight to an ADL (alternative to AADL error annex)
• Expressive/Extensible
• Standard features, but also (well-structured)
  user-defined features
• Formal semantics (I/O-IMCs)
• Compositional efficient SS generation
• Hierarchical modeling

10
Extra slides
11
Arcade Example 2
12
The State-Space Battle

• Defined and used the I/O-IMC formalism to
  describe the semantics of each DFT element.
• I/O-IMCs CTMC I/O transitions.
• Semantics of the entire DFT arises naturally as
  the composition of its elements semantics.
• Used the compositional-aggregation approach to
  combat the state-space explosion problem.
• Lifted the restrictions ? extended DFT formalism.

13
The State-Space Battle
CORAL