130 likes | 273 Views
Self-Adaptive Systems: Hazard Analysis. Matthias Tichy Software Engineering Group University of Paderborn, Germany. SFB 614: Self-optimizing concepts and structures in mechanical engineering.
E N D
Self-Adaptive Systems: Hazard Analysis Matthias Tichy Software Engineering Group University of Paderborn, Germany
SFB 614: Self-optimizing concepts and structures in mechanical engineering • 5+ years of a multi-disciplinary research project with about 50 researchers at the University of Paderborn • Subproject B1 “Design Techniques” • Modeling and formal verification of distributed self-optimizing systems (see Holger’s talk) • Real-time behavior • Integration of continuous and hybrid behavior • Safety-critical • Architectural reconfiguration • My talk: Hazard analysis for systems with architectural reconfigurations • Random faults • no systematic faults (→ formal verification, testing, …)
Example: Railcab A system of autonomous shuttles that build convoysto optimize their energy consumption: safety-critical maneuvers • But, how to ensure the safety for the coordination via software? • Which system states exhibit the highest hazard probability?
Failure Propagation • Boolean logic with quantifiers Failure Propagation Software and Hardware Components (UML 2.0) Connectors Hazard: Combination of failures r2:Railcab or r1:Railcab Incoming Failures f3 f4 f5 f2 f6 Deployment f1 d:DS1103 d:DS1103 Internal Events (with probability) Outgoing Failures e Holger Giese, Matthias Tichy, and Daniela Schilling, 'Compositional Hazard Analysis of UML Components and Deployment Models', in Proc. of the 23rd International Conference on Computer Safety, Reliability and Security (SAFECOMP), Potsdam, Germany, vol. 3219 of Lecture Notes in Computer Science (LNCS), Springer Verlag, September 2004.
Failure Propagation • Boolean logic with quantifiers • Create a binary decision diagram (BDD) from the formulas • Remove failure variables (only used for propagation) • Compute the probability of the hazard on the BDD Failure Propagation Software and Hardware Components (UML 2.0) Connectors Hazard: Combination of failures r2:Railcab or r1:Railcab Incoming Failures f3 f4 f5 f2 f6 Deployment f1 d:DS1103 d:DS1103 Internal Events (with probability) Outgoing Failures e
Self-adaptiveness • Railcab: states with different structure • Boolean variables to denote different states in the failure propagation • Compute worst state w.r.t. the probability (or the risk) a1 = false a2 = false a1 = true a1 = false a2 = true Holger Giese and Matthias Tichy, 'Component-Based Hazard Analysis: Optimal Designs, Product Lines, and Online-Reconfiguration', in Proc. of the 25th International Conference on Computer Safety, Security and Reliability (SAFECOMP), Gdansk, Poland, Lecture Notes in Computer Science (LNCS), pp. 156--169, Springer Verlag, September 2006.
State Combinations • Systems with 2+ RailCabs • State combinations determine hazard probability and risk • Current approach: all combinations are analyzed • Current work: Consider behavioral models, too
State Combinations • Idea: • Utilize compositional modeling approach to compute reachable state combinations • Compute reachable states for components and patterns • Use refinement notion to compute reachable state combinations of C||D
Outlook • Systems models with hierarchical structural transformation rules • We need to consider traces not only state combinations • Adaptation of the structural transformation rules Matthias Tichy and Stefan Henkler, 'Towards a Transformation Language for Component Structures', in Proc. of the 4th Workshop on Object-oriented Modeling of Embedded Real-Time Systems (OMER 4), Paderborn, Germany, October 2007.
Outlook • Structural transformation of the Statechart itself Wilhelm Schäfer and Heike Wehrheim, 'The Challenges of Building Advanced Mechatronic Systems', in FOSE '07: 2007 Future of Software Engineering, pp. 72--84, IEEE Computer Society, 2007.