1 / 28

Dependability analysis and evolutionary design optimisation with HiP-HOPS

Dependability analysis and evolutionary design optimisation with HiP-HOPS. Dr Yiannis Papadopoulos Department of Computer Science University of Hull, U.K. Fraunhofer IESE May 4 th 2011. Motivation of work on System Dependability Analysis. Increasing safety concerns:

drake
Download Presentation

Dependability analysis and evolutionary design optimisation with HiP-HOPS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dependability analysis and evolutionary design optimisation with HiP-HOPS Dr Yiannis Papadopoulos Department of Computer Science University of Hull, U.K. Fraunhofer IESE May 4th 2011

  2. Motivation of work on System Dependability Analysis • Increasing safety concerns: Computer controlled safety critical systems emerge in areas such as automotive, shipping, medical applications, industrial processes, etc. • Reliability & availability concern a broader class of systems • Increasing complexity of systems & reduced product development times & budgets cause difficulties in classical manual analyses

  3. 3 Why is automation needed? What effect does the fault have? If a component fault develops here On the outputs? System Design Model

  4. In the University of Hull we develop: • A method and tool that simplify dependability analysis and architecture optimisation by partly automating the process • Known as Hierachically Performed -Hazard Origin and Propagation Studies (HiP-HOPS)

  5. Fault Tree Synthesis Algorithm HiP-HOPS Failure annotations = of components System Model + Global view of failure: System failures Component failures

  6. a b b control Valve Malfunctions Failure mode Description Failure rate - 6 Blocked e.g. by debris 1e - 5 partiallyBlocked e.g. by debris 5e - 6 stuckClosed Mechanically stuck 1.5e - 5 stuckOpen Mechanically stuck 1.5e Deviations of Flow at Valve Output Output Description Causes Deviation - b Omission of flow Omission Blocked or stuckClosed or - - Omission a or Low control - b - a Commission Commission of flow stuckOpen or Commission High-control or - b L - a Low ow flow or Low partiallyBlocked High-b High-a High flow - b - - Early Early flow Early a or Early control - b - - Late Late flow Late a or Late control Component Failure Annotations

  7. Analysis of conditions that affect whole system / effects of Hardware failure System / Hardware Local Safety Analyses of Components/ Propagation of failure through software Components / Allocated Software Hierarchical analysis Assessment of conditions that affect whole architectures, e.g. of common cause failures / combined HW-SW analysis

  8. Language for Error Modelling • Notions of Failure Classes (user defined), Input/Output Ports & Parameters • Failure Logic: Boolean logic, recently enhanced with new temporal operators and a temporal logic. Concept for state-sensitive analysis • Includes generalisation operators and iterators: e.g. any input failure propagates to all outputs • Can be used for specification of reusable, inheritable, composable, failure patterns

  9. Tool Interface

  10. Tool support (Example Steer-by-Wire) Simulink model: steer-by-wire system Synthesised Fault Trees Synthesised FMEA p 10

  11. Tool Maturity • Tool has public interfaces (XML, DLL) which enable linking to modelling or drawing tools • Has advanced capabilities for qualitative/probabilistic analysis (common causes, zonal analysis, supports a variety of probabilistic models) • ITI GmbH has used the public interface to link its “Simulation X” modelling tool to the HiP-HOPS tool. Others (ALL4TEC, VECTOR) also interface • Commercial launch of HiP-HOPS extension to Simulation X in 2011

  12. Further difficulties in dependability engineering and tool extension to support architecture optimisation • How can system dependability be improved? Substitute components & sub-systems, increase frequency of maintenance, replicate • Which solution achieves minimal cost? • People evaluate a few options. This leads to unnecessary design iterations and sub-optimal solutions.

  13. Work on Multi-objective Design Optimisation • Hard optimisation problem that can only be addressed effectively with automation • Objectives • Dependability, Cost, Weight, … • Objectives are conflicting • (e.g. dependability and cost)

  14. Multi-objective optimisation problem • Find a solution x (element of solution space X), which satisfies a set of constrains and optimizes a vector of objective functions f(x)= [f1(x),f2(x),f3(x),…,fn(x)]. • Search for Pareto Optimal (i.e. Non-dominated) Solutions A solution x1 dominates another solution x2 if x1 matches or exceeds x2 in all objectives.

  15. Pareto Optimality Cost 5 1 9 3 3 1 4 1 5 1 3 1 2 Pareto Front 1 Reliability

  16. Modelling Tool HiP-HOPS Model, Variants Failure data parser Genetic Algorithm analysis Set of Models representing optimal tradeoffs pareto front Optimisation concept

  17. Genetic Algorithm: Making design variations 1 Primary Standby 1 2 1 Cost: 2 Reliability: 5 Cost: 3 Reliability: 7 Cost: 4 Reliability: 9 Cost: 3 Reliability: 8

  18. Fuel System Example • Provide model, variants, failure data Cost: 511 Unavailability: 0.108366

  19. Fuel System Example • Let tool find optimal solutions

  20. Fuel System Example • Choose and get optimised design Cost: 834 Unavailability: 0.044986

  21. Optimisation in Action

  22. I Work on Temporal Safety Analysis Cutsets of a Classical fault tree I + A.B.C + A.S1 + A.B.S2 + D 1. No input at I 2. Failure of all of A, B, and C 3. Failure of A and S1 4. Failure of A, B, and S2 5. Failure of D

  23. The PANDORA Logic • PAND-ORA: Hour or “time” (ORA [ώρα] in Greek) of PAND gates • Uses Priority-AND (<, or “before”), Priority-OR (|) and Simultaneous-AND (&, or “at the same time”) operators to express temporal ordering of events • Relative temporal relations between events can be expressed: X<Y, X&Y, and Y<X • New Temporal Laws can be used to simplify fault trees and calculate Minimal Cut-sequences

  24. Temporal Truth Tables • Sequence Values • A number indicating the order in which an event becomes true • Events with the same sequence value are simultaneous • Temporal Truth Tables (TTT) • Like Boolean truth tables but extended to use Sequence Values • Can be used to prove temporal laws • e.g. X.Y= X<Y + X&Y + Y<X

  25. I Minimal Cut-sequences I D A.S1 A.B.C A.B.S2 • I • D • [S1<A] • [S1&A] • [B<A] • [B&A] • [A<B].C • A.[S2&B] • A.[S2<B] • Show that the “triply redundant” system is not triply redundant. • Give a more refined and correct view of failure

  26. Current Work • ADLs: Input to EAST-ADL automotive ADL in MAENAD FP7 project. Work towards harmonisation with AADL • Dynamic Analysis: Synthesis of Temporal Fault Trees from State Machines • Separation of Concerns: Multi-perspective HiP-HOPS. Analysis of diagrams (SW-HW) linked with allocations • Automatic allocation of safety requirements: E.g. in the form of SILs (Safety Integrity levels) • Optimisation: More objectives, More model transformations • Link to Model-Checkers

  27. Relation to the state-of-the-art • One of more advanced compositional safety analyses • Less automated than formal safety analyses & does not do formal verification. • However, uses simple algorithms and scales up well. • Deductive analysis & good performance have enabled : • Multiple failure mode FMEAs • Architecture optimisation with greedy meta-heuristics • Top-down allocation of safety requirements (SILs) • Can complement other formal techniques • Synthesis of State-Machines –> Input for Model Checker • Additional functionalities (optimisation, SIL allocation, advanced probabilistic analyses)

  28. Summary • Shorter life-cycles, economic pressures, increasing complexity demand cost effective dependability engineering. • HiP-HOPS simplifies aspects of this process. • Can complement formal techniques. Can be used in conjunction with emerging ADLs. • Supported by mature commercially available tool. • Strong interest in automotive & shipping. Growing interest in aerospace. Applications by Germanischer Lloyd, Volvo, VW, Delphi, Fiat, Continental, Toyota/Denso, et al

More Related