1 / 65

11. FSAP and the Model Checking Approach to FT Extraction.

11. FSAP and the Model Checking Approach to FT Extraction. An overview of the algorithms for fault tree generation available in FSAP. Algorithms based on model checking techniques. In this tutorial: focus on BDD-based routines. SAT-based routines exist as well. Model Checking.

becky
Download Presentation

11. FSAP and the Model Checking Approach to FT Extraction.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 11. FSAP and the Model Checking Approachto FT Extraction. • An overview of the algorithms for fault tree generation available in FSAP. • Algorithms based on model checking techniques. • In this tutorial: focus on BDD-based routines. • SAT-based routines exist as well.

  2. Model Checking • Automated technique to verify a formal system model against a formal specification. • Systems typically modeled as state transition systems. • Specifications provided as temporal logic formulae. • Model checking provides a formal guarantee that a specification is obeyed. • (A counterexample trace is produced if the specification does not hold) • Exhaustive technique compared to testing and simulation. • Major breakthrough with the introduction of symbolic model checking: • Idea: manipulate sets of states and transitions. • Efficient symbolic representations for the characteristic functions of such sets. • In the rest of this chapter: model checking techniques applied to FT generation.

  3. Binary Diagrams BDD = Binary Decision Diagram. OBDD = Ordered BDD. (Built with a specific variable order) ROBDD = Reduced OBDD. (Canonical form: elimination of redundancies) (RO)BDDS are an efficient and compact representation for Boolean formulas. Size of the BDD depend on variable order. Set-theoretic operations as logical operators. A BDD for the formula (a1 ↔ a2) /\ (b1 ↔ b2) . Dashed = false, solid = true

  4. BDD-based Algorithms for FTA • Different algorithms available: • •Forward (FWD). • •Backward (BWD). • Optimizations: • •Dynamic cone of influence (DCOI). • •Dynamic pruning (PRUN).

  5. Cut Sets Top Level Event Tle fired Tle State variables Execution Trace S1 S2 S3 History variables remember past failure events (Oi is true if and only if Fi is true at some point in the past) Oi →next(Oi) ¬ Oi →(next(Oi) ↔next(Fi)) Failure Mode variables F1 fails Permanent fault F1 F2 fails Sporadic fault F2 F3 No fault Once F1 Dual concept in the future: prophecy variables O1 History variables Once F2 O2 Once F3 O3 F1 ∧ F2 CUT SET Ro

  6. Forward Algorithm

  7. Forward Algorithm

  8. Forward Algorithm

  9. Forward Algorithm Init

  10. Forward Algorithm Init

  11. Forward Algorithm Init

  12. Forward Algorithm Init

  13. Forward Algorithm Init

  14. Forward Algorithm Fixpoint Init

  15. Forward Algorithm Fixpoint Init

  16. Forward Algorithm Fixpoint TLE Init

  17. Forward Algorithm Fixpoint TLE Init

  18. Forward Algorithm • • • • • S1 • S2 • S3 • S4 S5 • F1 • F2 F3 O1 O2 O3

  19. Forward Algorithm • • • • • S1 • S2 • S3 • S4 S5 • F1 • F2 F3 O1 O2 O3

  20. Forward Algorithm • • • • • S1 • S2 • S3 • S4 S5 • F1 • F2 F3 O1 O2 O3

  21. Forward Algorithm • • • • • S1 • S2 • S3 • S4 S5 • F1 • F2 F3 O1 O2 O3

  22. Forward Algorithm • • • • • S1 • S2 • S3 • S4 S5 • F1 • F2 F3 O1 O2 O3

  23. Forward Algorithm • • • • • S1 • S2 • S3 • S4 S5 • F1 • F2 F3 O1 O2 O3

  24. Forward Algorithm • • • • • S1 • S2 • S3 • S4 S5 • F1 • F2 F3 MCS 2 O1 MCS 1 O2 O3

  25. Backward Algorithm

  26. Backward Algorithm

  27. Backward Algorithm

  28. Backward Algorithm Tle

  29. Backward Algorithm Tle

  30. Backward Algorithm Tle

  31. Backward Algorithm Tle

  32. Backward Algorithm Tle

  33. Backward Algorithm Tle Fixpoint

  34. Backward Algorithm Tle Fixpoint

  35. Backward Algorithm Init Tle Fixpoint

  36. Backward Algorithm Init Tle Fixpoint

  37. Backward Algorithm Init And so on … Tle Fixpoint

  38. Dynamic Cone of Influence Tle

  39. Dynamic Cone of Influence • Compute pre-images & restricted Kripke structures, • based on dependency withTle • M0 ≤ M1 ≤ … ≤ Mn-1 ≤ Mn • defer construction of the Kripke structure • hopefully Mn is smaller than the global M Tle

  40. Dynamic Cone of Influence M0 • Compute pre-images & restricted Kripke structures, • based on dependency withTle • M0 ≤ M1 ≤ … ≤ Mn-1 ≤ Mn • defer construction of the Kripke structure • hopefully Mn is smaller than the global M Tle

  41. Dynamic Cone of Influence M0 M1 • Compute pre-images & restricted Kripke structures, • based on dependency withTle • M0 ≤ M1 ≤ … ≤ Mn-1 ≤ Mn • defer construction of the Kripke structure • hopefully Mn is smaller than the global M Tle

  42. Dynamic Cone of Influence M0 M1 Mn-1 • Compute pre-images & restricted Kripke structures, • based on dependency withTle • M0 ≤ M1 ≤ … ≤ Mn-1 ≤ Mn • defer construction of the Kripke structure • hopefully Mn is smaller than the global M Tle

  43. Dynamic Cone of Influence M0 M1 Mn-1 Mn Fixpoint • Compute pre-images & restricted Kripke structures, • based on dependency withTle • M0 ≤ M1 ≤ … ≤ Mn-1 ≤ Mn • defer construction of the Kripke structure • hopefully Mn is smaller than the global M Tle

  44. Dynamic Pruning TLE Init

  45. Dynamic Pruning TLE Init At each iteration, compute a partial set of cut sets Use the partial set to prune non-minimal config. in the search space

  46. Dynamic Pruning TLE Init At each iteration, compute a partial set of cut sets Use the partial set to prune non-minimal config. in the search space

  47. Dynamic Pruning TLE Init At each iteration, compute a partial set of cut sets Use the partial set to prune non-minimal config. in the search space

  48. Dynamic Pruning TLE Init At each iteration, compute a partial set of cut sets Use the partial set to prune non-minimal config. in the search space

  49. Dynamic Pruning TLE Init At each iteration, compute a partial set of cut sets Use the partial set to prune non-minimal config. in the search space • •

  50. Dynamic Pruning TLE Init At each iteration, compute a partial set of cut sets Use the partial set to prune non-minimal config. in the search space • •

More Related