1 / 35

Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains

Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains. Hichem Boudali, Pepijn Crouzen, and Mari ë lle Stoelinga . Formal Methods and Tools group CS, University of Twente, NL. Motivation (and setting). Systems do fail. -- Reliability Engineering --

yan
Download Presentation

Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dynamic Fault Treeanalysis usingInput/Output Interactive Markov Chains Hichem Boudali, Pepijn Crouzen, and Mariëlle Stoelinga. Formal Methods and Tools group CS, University of Twente, NL.

  2. Motivation (and setting) Systems do fail -- Reliability Engineering -- Goal: Reduce system failure probability. Methodology: Identify/analyze failure modes and their effects. Example methodology: Dynamic Fault Trees (DFT) But: DFTs have drawbacks 

  3. Outline • Dynamic fault trees (DFT). • Definition, Example, Solution, Drawbacks. • Input/Output interactive Markov chains (I/O-IMC). • DFT semantics in terms of I/O-IMCs. • DFT compositional analysis. • Translation, || Composition, Abstraction, Aggregation. • Case studies. • Summary.

  4. Outline • Dynamic fault trees (DFT). • Definition, Example, Solution, Drawbacks. • Input/Output interactive Markov chains (I/O-IMC). • DFT semantics in terms of I/O-IMCs. • DFT compositional analysis. • Translation, || Composition, Abstraction, Aggregation. • Case studies. • Summary.

  5. Dynamic Fault Trees (DFT) • Extend standard fault trees with dynamic gates. • Enable modelling complex behaviours and interactions between components. • combination & order of failures matter. Unreliability = Prob[System fails within T time units]

  6. Upside-down tree (graph) Leaves: Basic events (BE) Nodes: Gates (complex events) BEs + Gates: Elements Arrows: Causal relations One top-node: the “root” node The top-node models system failure Failure propagation: From leaves to root (dynamic) Fault trees

  7. DFTs: Static gates (combination)

  8. DFTs: Dynamic gates (order)

  9. DFTs: Basic events (BE) BE maps to a Basic Physical component Temperature of a BE: Relevant when used as a spare

  10. DFT solution Unreliability = Prob[Being in state ] Convert the DFT into a Continuous-time Markov chain. Analyze CTMC using standard solution techniques. For (partially) static DFT, binary decision diagrams can be used! A has failed B is operational C Starting state: A is operational B is operational AND-gate 0.4 0.2 A has failed B has failed 0.2 Failure rate: 0.4 f/h Failure rate: 0.2 f/h 0.4 A B A is operational B has failed Pr(A fails in T hours) = 1 – e-0.2•T A’s Mean time to failure = 1/0.2 = 5 hours

  11. DFT example Road trip fails if mobile phone fails BEFORE the car fails Although distinct modules, CTMC generation in One shot State-Space Explosion! One of the drawbacks Spare tire is cold: It cannot fail when not in use

  12. DFT drawbacks • State-space explosion. • No formal syntax and semantics. • Lack of modularity: • Dynamic modules (e.g. ‘Tires’ subsystem in the example) can not be reused. • Restrictions on certain inputs to gates (e.g. spare gate). • DFT-to-MC* conversion algorithm is hard to extend and/or modify. Compositional Aggregation DAG I/O-IMC Compositionality Lift restrictions Extension: At the element level *: DIFTree algorithm

  13. Outline • Dynamic fault trees (DFT). • Definition, Example, Solution, Drawbacks. • Input/Output interactive Markov chains (I/O-IMC). • DFT semantics in terms of I/O-IMCs. • DFT compositional analysis. • Translation, || Composition, Abstraction, Aggregation. • Case studies. • Summary.

  14. Input/Output Interactive Markov Chains (I/O-IMC) Immediate • Combination of I/O automata and CTMC • Discrete state space • Markovian transitions • Interactive transitions • Action signature • ? - Input actions • ! - Output actions • ; - Internal actions • Input-enabled λ failed!

  15. Outline • Dynamic fault trees (DFT). • Definition, Example, Solution, Drawbacks. • Input/Output interactive Markov chains (I/O-IMC). • DFT semantics in terms of I/O-IMCs. • DFT compositional analysis. • Translation, || Composition, Abstraction, Aggregation. • Case studies. • Summary.

  16. DFT semantics (DFT element to I/O-IMC) f(A)? f(A)? f(A)? f(B)? f(A)? f(C)! f(B)? f(A)? f(B)? f(B)? f(B)? f(A)? f(A)? f(A)? f(B)? f(A)? f(C)! f(A)? f(B)? f(B)? f(B)? f(B)?

  17. DFT semantics (DFT element to I/O-IMC)

  18. Outline • Dynamic fault trees (DFT). • Definition, Example, Solution, Drawbacks. • Input/Output interactive Markov chains (I/O-IMC). • DFT semantics in terms of I/O-IMCs. • DFT compositional analysis. • Translation, || Composition, Abstraction, Aggregation. • Case studies. • Summary.

  19. Compositional AnalysisTranslation f(B)? f(A)? f(C)! f(A)? f(B)? C A B f(A)! f(B)! 0.4 0.2

  20. Compositional AnalysisParallel Composition f(B)? f(A)? f(C)! f(A)? f(B)? f(A)! 0.2

  21. Compositional AnalysisParallel Composition 2||3 f(A)! 1||2 f(C)! f(B)? Inputs: f(A)? and f(B)? Outputs: f(C)! f(A)! 0.2 1||1 4||3 5||3 f(B)? 0.2 Synchronize on f(A) 3||2 f(B)? Inputs: none Outputs: f(A)! 3||1 C 2 f(B)? f(A)? 5 4 1 f(C)! 3 f(A)? f(B)? C||A A 3 1 2 f(A)! 0.2

  22. Compositional AnalysisAbstraction (hiding) C 2||3 f(A)! f(A); 1||2 f(C)! f(B)? f(A)! f(A); 0.2 1||1 A B 4||3 5||3 f(B)? 0.2 3||2 f(B)? Abstraction (hiding): Makes signal internal 3||1

  23. Compositional AnalysisAggregation (weak bisimulation) Aggregation: Finding a smaller model equivalent (behaviorally) to the original 2||3 f(A); 1||2 f(C)! f(B)? f(A); 0.2 1||1 4||3 5||3 f(B)? 0.2 Weak bisimulation: Disregard internal steps 3||2 f(B)? 3||1

  24. Compositional-Aggregation Overview Translation Composition + Hiding Repeat Aggregation (minimization) Result: System failure probability Aggregatedsystem CTMC

  25. Outline • Dynamic fault trees (DFT). • Definition, Example, Solution, Drawbacks. • Input/Output interactive Markov chains (I/O-IMC). • DFT semantics in terms of I/O-IMCs. • DFT compositional analysis. • Translation, || Composition, Abstraction, Aggregation. • Case studies. • Summary.

  26. Case studies

  27. Outline • Dynamic fault trees (DFT). • Definition, Example, Solution, Drawbacks. • Input/Output interactive Markov chains (I/O-IMC). • DFT semantics in terms of I/O-IMCs. • DFT compositional analysis. • Translation, || Composition, Abstraction, Aggregation. • Case studies. • Summary.

  28. Summary • Alleviate state-space explosion problem. • Formal syntax & semantics. • Enhanced DFT modularity: • Dynamic module reuse. • Lifting restrictions on allowed inputs. • Readily extensible framework (extensions at the element level); e.g. repair. • Works well for highly-modular dynamic FTs. Compositional semantics for DFTs Gain at the modeling & analysis levels

  29. References • H. Boudali, P. Crouzen, M. Stoelinga. “Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains”, to appear, DSN 2007 proceedings. • H. Boudali, P. Crouzen, M. Stoelinga. “A compositional semantics for Dynamic Fault Trees in terms of Interactive Markov Chains”, Technical report, to appear. • More info: hboudali@cs.utwente.nl The END!

  30. Extra slides

  31. Future work • Weaker bisimulation relation (i.e. more aggressive state reduction) • Extension to non-exponential distributions (e.g. use of phase-type distributions) • Further extensions to DFT modeling capabilities (i.e. definition of new gates and corresponding I/O-IMC) • Fully automated tool (at this point, the tool is only partially automated)

  32. Parallel Composition and Hiding

  33. Aggregation (Weak Bisimulation)

  34. Preservation Theorem (WB is a congruence)

  35. Compositional-Aggregation Overview • Step 1: Translation • Step 2a: Parallel Composition • Step 2b: Abstraction • Step 3: Aggregation • Step 4: Repetition • Step 2a: (C||A) || B • Step 2b: Hide f(B) • Step 3: Aggregate (C||A)||B • Step 5: CTMC Analysis DFT C A B IOIMC CTMC f(C) C f(C) f(C) f(C) 0.4 0.2 C||A||B C||A f(B) f(C)! f(A) f(A) 0.2 f(B) f(B) IOIMC model can be reused! A B 0.4 Steps 2–4: Compositional Aggregation

More Related