stochastic modeling techniques for the safety and dependability analysis of des
DESCRIPTION
Stochastic modeling techniques for the safety and dependability analysis of DES. Andrea Bobbio Dipartimento Informatica, Università del Piemonte Orientale, Alessandria (Italy) [email protected]. Dependability and DES. - PowerPoint PPT PresentationTRANSCRIPT
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 1
Stochastic modeling techniques for the safety and dependability analysis of DES
Andrea Bobbio
Dipartimento Informatica,
Università del Piemonte Orientale,
Alessandria (Italy)[email protected]
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 2
Dependability and DES
Technological objects (as well as natural and biological beings) age in time reducing their ability to perform their functions until, eventually, a final catastrophic breakdown occurs.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 3
Dependability and DES
We adopt the term dependability to identify the ability of a system to deliver service that can justifiably be trusted.
Dependability is an integrating concept that encompasses various attributes:
Reliability: continuity of correct service. Availability: readiness for correct service. Maintainability: ability to undergo modifications
and repairs. Safety: absence of catastrophic consequences.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 4
What dependability theory and practicewants to avoid
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 5
Are these connections reliable ?
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 6
Dependability and DES
The obvious statement that any object ages, implies that any model of any technological system, to be realistic, should include the dependability aspects.
However, this inclusion has two undesirable effects:
it increases the model complexity;
it introduces time scales spread over various orders of magnitude.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 7
Dependability and DES
The separation in time scales can be invoked to theoretically justify the decomposition of the functional model with respect to the dependability model and to consider each one in isolation.
P.J. Courtois - Decomposability: Queueing and Computer System Applications, Academic Press, 1977
A. Bobbio and K.S. Trivedi. An aggregation technique for the transient analysis of stiff Markov chains. IEEE Transactions on Computers, C-35:803-814, 1986.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 8
Safety and DESEven if safety is considered to be an attribute of the dependability, it often requires autonomous andspecific modeling techniques.
Safety problems usually requires to account for some critical continuous variables that exceed acceptable limits.
Safety (and dependability) analysis of DES leadsto the need to combine into a single modellingframework continuous and discrete variables.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 9
A discrete event system is an event-driven system, that is, its state evolution depends entirely on the occurrence of discrete events over time. The admissible time instances are taken from a continuous or discrete set
Lothar Thiele Computer Engineering and Networks LaboratoryDiscrete Event Systems - Introduction
Dependability and DES
Since dependability related phenomena are event driven, models and method for DES are very similar to models and method for dependability.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 10
OutlineOutline
Correctness verification vs stochastic analysis
Heterogeneous dependability modeling of DES:
Fault tree and Bayesian networks;
Example of safety analysis: Fluid models;
Draw-net tool.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 11
Modelling Methods for DESModelling Methods for DES
To deal with the modeling and analysis of dependable and time critical DES two main methodologies can be envisaged:
functional models - whose aim is to ascertain for conformity to specification and reachability properties.
stochastic models - whose aim is to provide performance and dependability measures;
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 12
Modeling paradigmsModeling paradigms
For what concerns the timing:
stochastic vs non stochastic;
discrete vs continuous
For what concerns the state space:
discrete vs continuous (or hybrid).
Various classifications are possible.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 13
Timed ModelsTimed Models
In Timed (or non-stochastic) models the timing of events is represented by constant values or (non-deterministic) intervals.
Typical fields of application:
Scheduling
Real time
Validation and Verification
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 14
The Model Checking Problem
Model checking: Automated verification technique that checks whether a given finite-state model satisfies a given requirement, by:
systematic exhaustive state-space exploration
Simulation: Checks whether specification holds on some executions.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 15
Functional vs stochastic models
Stochastic models explore the area of what is probable.
Functional models explore the area of what is possible.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 16
OutlineOutline
Correctness verification vs stochastic analysis
Heterogeneous dependability modeling of DES:
Fault tree and Bayesian networks;
Example of safety analysis: Fluid models;
Draw-net tool.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 17
Stochastic ModelsStochastic ModelsIn Stochastic Models the timing of events is represented by random variables.
Typical fields of application:
Performance evaluation (stochastic attributes are: inter-arrival times of jobs, duration of service …)
Dependability analysis (stochastic attributes are: failure times, recovery and repair times….)
The obtainable measures are mean values, moments and distributions.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 18
Models propertiesModels properties
Several modeling paradigms are available. The usability of a model can be classified according to two main properties:
The Modeling Power - Refers to the ability of the model to allow an accurate and faithful representation of the system;
The Decision Power - Refers to the ability of the model to be analytically tractable and to provide results with a low space and time complexity.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 19
Model Types in DependabilityModel Types in Dependability
Combinatorial models assume that components are statistically independent: poor modeling power coupled with high analytical tractability.
Reliability Block Diagrams, FT, Network Reliability ….
State-space models rely on the specification of the whole set of the possible system states and of the possible transitions among them.
CTMC, Petri nets, ….
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 20
Combinatorial Models:Combinatorial Models:Network ReliabilityNetwork Reliability
Random Network Scale Free Network
Poisson Distribution Power-law Distribution
Random Network Scale Free Network
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 22
State-Space ModelsState-Space ModelsA system state encodes a complete description of the state of each component, the stochastic behaviour of each component may depend on the state of all the other components.
This extreme flexibility is very seldom exploited in practice since it is very rare to encounter applications in which each component changes its stochastic behavior according to the state of all the other components.
The state space description appears overspecified with respect to the real modeling needs.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 23
New Model Types in New Model Types in DependabilityDependability
Local dependencies: Between combinatorial and state space models, research is currently carried on to include localized dependencies.
Dynamic FT (DFT)
Bayesian Networks (BN)
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 24
Heterogeneous ModelsHeterogeneous Models
Modeling power and decision power are in competition.
A single modeling paradigm is not sufficient in any practical situation and we need to resort to a combination of Heterogeneous Models.
SHARPE, Möbius, Galileo, Drawnet are examples of tools based on heterogeneous modeling.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 25
From FT
to Bayesian Networks (BN)
to Dynamic FT (DFT) Solved by CTMC or PN
Converted into a Bayesian Network BN
Multiformalism Models
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 26
Events are binary events (working/non-working);
Events are statistically independent;
Relationships between events and causes are logical AND and OR (Boolean) gates;
The root of the FT is the catastrophic undesired event called the Top Event (TE).
Fundamental assumptions for FT
Widespread diffusion; simple to manipulate;
powerful software tools (combinatorial solutions, BDD)
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 27
Case study: a PLC architecture
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 28
PLC architecture: FTA
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 29
Bayesian NetworksBayesian Networks Bayesian Networks have become a widely used
formalism for representing uncertain knowledge in probabilistic systems and have been applied to a variety of real-world problems.
BN are defined by a directed acyclic graph in which discrete random variables are assigned to nodes, together with the conditional dependence on the parent nodes.
Root nodes are nodes with no parents, and marginal prior probabilities are assigned to them.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 30
References
L. Portinale and A. Bobbio. Bayesian networks for dependability analysis: an application to digital control reliability. In: 15-th Conf Uncertainty in Artificial Intelligence, UAI-99, July, 551-558, 1999.
A. Bobbio and L. Portinale and M. Minichino and E. Ciancamerla. Improving the Analysis of Dependable Systems by Mapping Fault Trees into Bayesian Networks. Reliability Engineering and System Safety, 71:249-260, 2001.
A. Bobbio, D. Codetta-Raiteri, S. Montani, L. Portinale. Reliability analysis of Systems with Dynamic Dependencies. In: Bayesian Networks: A Practical Guide to Applications, O. Pourret, P. Naim and B.G. Marcot Eds., pages 225-238, John Wiley & Sons, March 2008
S. Montani, L. Portinale, A. Bobbio, D. Codetta-Raiteri. Radyban: A tool for reliability analysis of dynamic fault trees through conversion into dynamic Bayesian networks. Reliability Engineering and System Safety, 93:922-932, 2008
This work has been done with my collegues: L. Portinale, S. Montani, and D. Codetta-Raiteri
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 31
BN versus FTABN versus FTABNs may improve both the modeling and the analysis power wrt FT:
Modeling Issues:
Local conditional dependencies, probabilistic gates, multi-state variables, dependent failures, uncertainty in model parameters.
Analysis Issues:
A forward (or predictive) analysis A backward (diagnostic) analysis, the posterior probability of any set of variables is computed.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 32
FTA OR Gate vs BN NodeFTA OR Gate vs BN Node
}cpt
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 33
FTA AND Gate vs BN NodeFTA AND Gate vs BN Node
cpt}
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 34
FTA k:n Gate vs BN NodeFTA k:n Gate vs BN Node
cpt
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 35
The BN model of the PLCThe BN model of the PLC
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 36
Advanced BN modeling featuresAdvanced BN modeling features
BN can also improve the modeling power wrt FT:
Probabilistic Gates;
Multi-state Variables;
Sequentially dependent failures;
Parameter uncertainty.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 37
Probabilistic Gates: Probabilistic Gates: Common Cause FailuresCommon Cause Failures
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 38
Multi-state VariablesMulti-state Variables
cpt
prior
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 39
Multi-state nodes and Multi-state nodes and sequentially dependent failuressequentially dependent failures
cpt
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 40
Parameter uncertainty in Parameter uncertainty in BN modelsBN models
Node PS becomes a non-root node but a child of a new root node where the multi-variable PS is defined.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 41
Diagnostic inference on BNDiagnostic inference on BN
Any probabilistic computation that can be performed in FT can also be performed in BN (using only prior information).
Standard BN inference deals with posterior probability computation of any set of variables Q given the evidence set E (i.e. P(Q|E) ).
By considering the evidence E as the occurrence of a failure, posterior information can be very relevant for criticality and diagnostic (fault localization) aspects.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 42
Local dependencies: Dynamic Local dependencies: Dynamic Fault Trees Fault Trees
As proposed by Joan Dugan et al. local dependencies can be included into a FT by defining a new class of gates, called Dynamic gates
This extension has been called
Dynamic Fault Tree (DFT)J. Bechta Dugan, S.J. Bavuso, and M.A. Boyd. Dynamic fault-tree models forfault-tolerant computer systems. IEEE Trans Reliability, 41:363.377, 1992.
J. Bechta Dugan, K.J. Sullivan, and D. Coppit. Developing a low-cost high qualitysoftware tool for dynamic fault-tree analysis. IEEE Trans Reliability, 49:49-59, 2000.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 43Functional Dependency Gate
Sequence Enforcing Gate
Warm Spare Gate
Dynamic Gates(Dugan et al.)
They allow to model local dependencies among basic components or among their failure events.
Priority And
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 44
HSS Sprinkler System
L. Meshkat and J.B. Dugan. Dependability analysis of systems with on demandand active failure modes using Dynamic Fault Trees. IEEE Transactionson Reliability, 51(2):240-251, 2002.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 45
DFT Representation
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 46
DFT Solution via CTMC or GSPN
Separation into dynamic modules
Generation of the corresponding CTMC for dynamic modules
Translation of the DFT in GSPN.
It can be done through graph transformation rules.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 47
Transformation technique
Basic Event is isolated and transformed in GSPN.
Each gate with its input events and its output event, is isolated and transformed in a GSPN.
All the GSPNs are merged together by superposition over the common places.
The resulting GSPN corresponds to the DFT.
D. Codetta Raiteri, "The Conversion of Dynamic Fault Trees to Stochastic Petri Nets, as a case of Graph Transformation", In Electronic Notes on Theoretical Computer Science vol. 127(2), pages 45-60, Elsevier, March 2005.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 48
WSP gate transformationM is the main componentS is the spare component.
S replaces M if M fails. S is initially dormant (stand-by)S has two failure rates:• when dormant (0<<1)• when working
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 49
FDEP gate transformationInput events: • one trigger event (T)• a set of dependent events (D1, D2, …)If T fails, D1, D2, … are forced to fail.Output event: Y=T
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 50
PAND gate transformation
Y fails if• X1, … Xn are all failed (AND condition)• X1, …, Xn failed in the specified order (priority condition)
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 51
DFT model
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 52
Dynamic Module
State Space Solutionvia conversion into GSPN
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 53
Conversion into GSPN
,
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 54
Conversion into GSPN
Pr{#PumpFault=1}
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 55
DFTFTBDD
Pr{PumpFault, t=1000h} = = 1.14275598e-04
Pr = 1.14275598e-04
Pr{SystemFault, t=1000h}= = Pr{DigCon, t=1000h}Pr{F1, t=1000} + + (1-Pr{DigCon, t=1000h})Pr{F0, t=1000h}==0.0265295
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 56
Bayesian Networks to solve DFTThe use of BNs is an alternative way to analyze FTs:
Bayesian Networks
• Remove the assumption on binary events
• Remove the assumption on statistical independence
• Remove the assumption on Boolean gates (AND, OR)• Noisy OR, noisy AND
• Provide a more flexible forward and backward analysis• Forward (predictive) analysis: Pr(TE), Pr(Sub)
• Backward (diagnostic) analysis: Pr(A|TE), Pr(TE|A), …
• Avoid the state space generation
• Avoid the representation of the global state model
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 57
Dynamic Bayesian Networks (DBN)
• DBN is a discrete model– The system is represented at several time slices– Conditional dependencies among variables at
different slices, are introduced to capture the temporal evolution.
• 2TBN: – Markovian assumption– 2 time slices: t, t+
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 58
DFT conversion into DBN
Modular approach:• First, every single gate is converted into DBN• Then, the resulting DBNs are connected together in
correspondance to the nodes they share. • An adjustment to the CPT of a node is required when
new arcs enter the node, due to the connection of two DBNs.
• The connection of all the DBNs corresponding to the single gates, provides the DBN expressing the DFT model.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 59
Warm Spare gate• A is the main component
• failure rate: • S1, S2 are the warm spare components
• stand by is the dormancy factor (0<<1) • working
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 60
Functional Dependency gate
Pr{T(t+Δ)=1|T(t)=1}=1Pr{T(t+Δ)=1|T(t)=0}=1-e-
T t
Pr{A(t+Δ)=1|A(t)=1}=1Pr{A(t+Δ)=1|A(t)=0,T(t+Δ)=0}=1-e-
A t
Pr{A(t+Δ)=1|A(t)=0,T(t+Δ)=1}=pdep(=1)
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 61
Priority AND gate
Pr{A(t+Δ)=1|A(t)=1}=1Pr{A(t+Δ)=1|A(t)=0}=1-e-
A t
Pr{B(t+Δ)=1|B(t)=1}=1Pr{B(t+Δ)=1|B(t)=0}=1-e-
B t
Pr{PF(t+Δ)=1|*,PF(t)=1}=0Pr{PF(t+Δ)=1| A(t)=0, B(t)=0,PF(t)=0}=0Pr{PF(t+Δ)=1| A(t)=1, B(t)=0,PF(t)=0}=1Pr{PF(t+Δ)=1| A(t)=0, B(t)=1,PF(t)=0}=0Pr{PF(t+Δ)=1| A(t)=1, B(t)=1,PF(t)=0}=1
t t+1
0
010
0
0
0
110 oper
111 fail101
000
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 62
RADYBAN tool DBNet allows the analysis of a DBN (DBN solver) and is a Drawnet module.
The DBN can be manually drawn or obtained from the conversion of a DFT model (DFT2DBN).
The DFT or the DBN can be drawn by means of the DrawNet graphical interface
The DFT or the DBN are saved in XML files.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 63
HSS – DBN representation
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 64
OutlineOutline
Correctness verification vs stochastic analysis
Hyerachical dependability modeling of DES:
Fault tree and Bayesian networks;
Example of safety analysis: Fluid models
Draw-net tool.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 65
Hybrid models for Safety problems
Safety problems usually requires to account for some critical continuous variables that exceed acceptable limits.
Example of application of a hybrid model to a safety problem.
Modeling a Car Safety Control in a road tunnel using Fluid Stochastic Petri Nets
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 66
Hybrid ModelsHybrid Models
Hybrid models contain discrete as well as continuous variables in the same model.
Typical examples are discrete controllers that control continuous variables.
Recent modelling and analysis techniques:
Hybrid Automata
Fluid Petri Nets.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 67
The Fluid Petri Net ModelThe Fluid Petri Net ModelFPN's are an extension of PN able to model
the coexistence of discrete and continuous variables.
The primitives of FPN (places, transitions and arcs) are partitioned in two groups:
discrete primitives that handle discrete tokens (as in standard PN);
continuous (or fluid) primitives that handle continuous (fluid) quantities.
FPN is suitable for modeling and analyzing hybrid systems.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 68
FSPN PrimitivesFSPN Primitives
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 69
Fluid Petri NetsFluid Petri Nets
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 70
Hybrid models: an example
Bobbio and M. Gribaudo and A. Horvàth. Modeling a car safety controller using fluid stochastic Petri nets. In: Proceedings 6-th International Workshop on Performability Modeling of Computer and Communication Systems (PMCCS6), pp 27-30, September, 2003.
Bobbio and M. Gribaudo and A. Horvàth. Modelling a Car Safety Controller in Road Tunnels using Hybrid Petri Nets. In: 9th International IEEE Conference on Intelligent Transportation Systems, Toronto, September 2006
Modeling a Car Safety Control Using Fluid Stochastic Petri NetsThis work has been done with my collegues: A. Horvath and M. Gribaudo
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 71
Road Tunnel safety: Motivation
• Major Road tunnel accidents in the last years• EU project Safetunnel: ”to reduce the number of
accident inside road tunnels through preventive safety measures”
• Safety measures should not compromise the road system, slowing down the traffic and creating long queues.
• It has usually been modeled using hybrid systems.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 72
The model
Controlled variables are position, speed and distance. Fluid places to describe the speed, position and distances.Different configurations of driver behaviors and installed safety equipments. The traffic is modelled by a target car and the one in front of it.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 73
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 74
Model of the truck
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 75
Model of the car
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 76
Model of the distance
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 77
Completely random (I)
• Both the truck and car ignore each other and the speed limits!
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 78
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 79
Completely random (II)
• Simulation trace
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 80
Completely random (III)
• Car will crash!
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 81
Speed Control
• The reasonable drivers try to keep a fixed maximum speed.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 82
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 83
Safety distance
• Car may still crash due to human reaction time, if safety distances are not respected!
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 84
Alarm (I)
• Add an alarm that sounds when the distance becomes smaller than a given threshold…
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 85
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 86
Alarm (II)
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 87
Alarm (III)
• The alarm prevents short distances among vehicles that may cause car-crashes.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 88
Sudden Stop (I)
• We may also experience what happens if the car in front has a sudden stop.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 89
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 90
Sudden Stop (II)
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 91
Sudden Stop (III)
• The alarm should be able to prevent a car accident.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 92
OutlineOutline
Correctness verification vs stochastic analysis
Hyerachical dependability modeling of DES:
Fault tree and Bayesian networks;
Example of safety analysis: Fluid models
Draw-net tool.
The DrawNET Modelling System
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 94
DMS goals• The Draw-Net Modeling Systems (DMS) is a
framework supporting the design and the solution of models expressed in any graph-based formalism:– Building models by composition of submodels
• Submodels can be conforming to different formalisms (multi-formalism)
– Defining and executing solution procedures based on• A single solver• A set of solvers (multi-solution)
– Models or submodels can be conforming to • existing available formalisms• formalisms defined by the user
– Integration of existing solution tools– Use of the Data Definition Language (DDL), a common
formal language to express formalisms and models
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 95
DMS architecture
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 96
DNForGe: Editor
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 97
Draw-Net tool: model editor(GSPN model)
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 98
DrawNET: the main GUI
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 99
References about DMS• G. Franceschinis, M. Gribaudo, M. Iacono, V. Vittorini, C. Bertoncello, "DrawNet++: a flexible
framework for building dependability models", Proc. of the Int. Conf. on Dependable Systems and Networks, Washington DC, USA, June 2002.
• M. Gribaudo, D. Codetta-Raiteri, G. Franceschinis, "Draw-Net, a customizable multi-formalism multi-solution tool for the quantitative evaluation of systems”, Proceedings of the 2nd International Conference on Quantitative Evaluation of Systems, pages 257-258, Turin, Italy, September 2005.
• M. Gribaudo, D. Codetta-Raiteri, G. Franceschinis, “The Draw-Net modeling system: a framework for the design and the solution of single-formalism and multi-formalism models”, Tech. Rep. TR-INF-2006-01-01-UNIPMN, Dipartimento di Informatica, Università del Piemonte Orientale, Jan. 2006.
• M. Gribaudo, “FSPNEdit: A fluid stochastic Petri net modeling and analysis tool", Tools of Aachen 2001, Int Multiconfernce on Measurements Modelling and Evaluation of computer Communication Systems, pages 24-28, University of Dortmund, Bericht No. 760/2001, 2001.
• A. Bobbio, D. Codetta-Raiteri, “Parametric Fault-trees with dynamic gates and repair boxes", Proc. Reliability Maintainability Symp, 459-465, Los Angeles, CA USA, January 2004.
• S. Montani, L. Portinale, A. Bobbio, M. Varesio, D. Codetta-Raiteri, “A tool for automatically translating Dynamic Fault Trees into Dynamic Bayesian Networks”, Proceedings of the Annual Reliability and Maintainability Symposium, pages 434-441, Newport Beach, CA USA, January 2006.
Andrea Bobbio MED-08, Ajaccio, June 26, 2008 100
ConclusionsConclusions
Stress the need for multi-formalism multi-solution techniques
New data structures
Non exponential models
Safety critical systems
Systems of systems and interdependencies of critical infrastructures.