1 / 48

Contents

AltaRica A Formal Language for Event Oriented Modeling A. Rauzy IML/CNRS & ARBoost Technologies Marseilles, France. Introductory Examples Motivations Formal Model Tools Examples of Use Perspectives. Contents. Introductory Examples Motivations Formal Model Tools Examples of Use

wren
Download Presentation

Contents

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AltaRicaA Formal Language for Event Oriented ModelingA. RauzyIML/CNRS & ARBoost TechnologiesMarseilles, France

  2. Introductory Examples Motivations Formal Model Tools Examples of Use Perspectives Contents

  3. Introductory Examples Motivations Formal Model Tools Examples of Use Perspectives Contents

  4. A repairable component node component state s: {working,failed,repair}; event failure, startRepair, endRepair; trans (s=working) |- failure -> s:=failed (s=failed) |- startRepair -> s:=repair; (s=repair) |- endRepair -> s:=working; init s:=working edon

  5. A Valve node valve state closed:bool; flow input:float:in; output:float:out; event open, close; trans closed |- open -> closed:=false; not closed |- close -> closed:=true; init closed := true; assert output = if closed then 0 else input; edon

  6. Two Valves in Series node twoValves flow input:float:in; output:float:out; subA:valve, B:valve; assert A.input = input, B.input = A.output, output = B.output; edon

  7. A repairable component and its repairer node repairableSystem event startRepair, endRepair; subC:component, R:repairer; sync startRepair = C.startRepair and R.startJob, endRepair = C.endRepair and R.endJob; edon

  8. Introductory Examples Motivations Formal Model Tools Examples of Use Perspectives Contents

  9. Motivations: Reliability Engineering • Target systems: • nuclear power plants, chemical plants, • avionic systems, … • Assess the risk and its consequences: • what can go wrong ? • what is the expectation that something goes wrong ? • what are the consequences ?

  10. Motivations: Reliability Enginering • Analyses: • Determination of failure scenarii • Assessment of failure probability • Ranking of components with respect to their • contribution to the risk

  11. Classical formalisms (Fault Trees, Markov Graphs, Petri Nets) Well defined semantics Easy to handle Textual and graphical Good tradeoffs expressivity/efficiency … but • Lack of structure (PN, MG) or • Lack of expressivity (FT) Þ Models are hard to design and to maintain Motivations: Reliability Engineering

  12. The AltaRica Project • AltaRica: a high level formal description language • based on the notion of mode automata • compilation into low level formalisms (efficiency) • synergy with formal methods (e.g. model checking)

  13. System Analysis Code generation: Data-Flow models e.g. State Charts, Lustre Dynamic Systems/Simulation: Differential Equations e.g. Modelica Reliability Engineering: Event driven models, non-determinism e.g. Fault Trees, Petri nets, AltaRica

  14. Introductory Examples Motivations Formal Model Tools Examples of Use Perspectives Contents

  15. I S O O = d(S,I) Mode Automata [Marininchi98, Rauzy02] • A = <S,I,O,E,q,d,a> • S: state variables • I: input variables • O: output variables • E: events • q: transitions • d: transfer function • a: initial state mode s=1 t=0 event s=1 t=0 s=0 t=1 q: g(S,I) |- e -> S:=f(S,I)

  16. Algebra of Mode Automata Operations on mode automata Synchronization of events Product Connection Synchronization G1 |- e1 -> S1:=f1 G2 |- e2 -> S2:=f2 G3 |- e3 -> S2:=f3 G1 and (G2 or G3) |- e -> S1 := if G1 then f1 else S1 S2 := if G2 then f2 else S2 S3 := if G3 then f3 else S3 e = e1 and (e2 or e3) fire the fireable local transitions

  17. Two Valves in Series node twoValves flow input:float:in; output:float:out; subA:valve, B:valve; assert A.input = input, B.input = A.output, output = B.output; edon

  18. A repairable component and its repairer node repairableSystem event startRepair, endRepair; subC:component, R:repairer; sync startRepair = C.startRepair and R.startJob, endRepair = C.endRepair and R.endJob; edon

  19. Mode Automata: External View View traces Time schedule mode

  20. … generalize fault trees, Markov graphs, Petri nets Mode Automata P1 T (P1>0) and (P2=0) |- T -> P1:=P1-1, P3:=P3+2; P3 2 P2 … generalize block-diagrams remote interactions … make it possible to define hierarchies, packages, …

  21. Categories of Events • Timed events: take a non null time • Stochastic events (default) • Probability distributions with parameters (exponential, Weibull, ...) • Dirac events • Instaneous events: take no time and may have a priority • Immediate events • Conditional events

  22. A Spare Unit

  23. A Periodically Tested Component

  24. The Extern Clause • The role of the extern clause is: • to give some interpretation to the model, e.g. priorities • to transitions, probability distributions to events, • to give tools a specific information, • to provide some mechanism to extend the language. In AltaRica Data-Flow, the syntax of the extern clause is normalized: node … extern law <event A.failure> = exponential(0.001) ; parameter lambda = 0.001; … edon type of the information specified element value

  25. Commutation of the syntax and the semantics node System sub A:Component, B.Component, R:RepairMen … edon reachability graphs synchronized product syntactic composition node S state A.s, B.s, R.s; … edond reachability graph

  26. Introductory Examples Motivations Formal Model Tools Examples of Use Perspectives Contents

  27. Tools • Workbenches • Powerful graphical user interfaces for the design of models • Graphical simulators • OCAS (Dassault Aviation), SimFia (EADS-APSYS), Saraa (Airbus) • Assessment tools • Compilers to Fault Trees • Compilers to Markov Graphs • Stochastic simulators • Generators of sequences • Compilers to formal languages (Lustre, SMV) • Model-Checkers • AltaTools, Mec V (LaBRI), Combava (ARBoost Technologies)

  28. Combava: an AltaRica Data-Flow Toolbox node Cmp state s: … edon AltaRica Data-Flow alta-sim Stepwise simulation alta-a2b Aralia Fault Trees alta-mrk Markov Graphs Mark-XPR alta-sto Monte-Carlo simulation alta-seq Generation of sequences, model checking

  29. Introductory Examples Motivations Tools Formal Model Examples of Use Perspectives Contents

  30. Models Designed So Far • 3 categories of models • Functional models • Mainly academic (Bordeaux) -> model checking • Simple and huge dysfunctional models (~ bloc diagrams), e.g. • Dassault F7X, … • Compilation into fault trees • Treatment chain validated by certification authorities • Complex but (relatively) small models, e.g. • Total, • Production availability, High integrity protection systems • Markov analyses, Monte-Carlo simulation

  31. 45% HPS-A 52% 65% DEH-A CMP-A 45% HPS-B 52% 65% DEH-B CMP-B 45% HPS-C 100% MUP l HPS 8.91 10 DEH 3.11 10 CMP 3.50 10 m 2.54 10 3.95 10 5.14 10 -5 -3 -5 -3 -5 -3 Production Availability well tank g MUP 0.001

  32. Markov Analyses AltaRica model alta-a2g Multi Phase Markov models with rewards Mark-XPR command file • Steady state probability • Transient probability • Mean sojourn time • Expectation of any quantity defined on states

  33. Generation of (relevant) sequences Sequence automaton AltaRica Automaton alta-seq sequences automaton mySequences s1: #l<3 |- * : #l := #l+1 -> not failed : s1; s1: #l<=3 |- * : #l := #l+1 -> failed : s2; init s1 : #l := 1; accept s2; end Model-checking: same automata with a Büchi acceptance criterion

  34. Introductory Examples Motivations Tools Formal Model Examples of Use Perspectives Contents

  35. Perspectives Find the “good” states/events formalism for reliability studies higher level modeling sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy hybrid systems algorithmic & complexity issues (tradeoff) connection with functional models

  36. Motivations Find the “good” states/events formalism for reliability studies higher level modeling sound mathematical basis graphical representation generalization of currently used formalisms These issues are well addressed by current version(s) of AltaRica looped systems hierarchy hybrid systems algorithmic & complexity issues (tradeoff) connection with functional models

  37. Motivations Find the “good” states/events formalism for reliability studies higher level modeling sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy hybrid systems algorithmic & complexity issues (tradeoff) connection with functional models

  38. Higher Level Modeling • Need for • Connection to external routines • Structured types • Parametric descriptions • High level operations • … and even object oriented modeling • Þ Extension of the language

  39. Motivations Find the “good” states/events formalism for reliability studies higher level modeling sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy hybrid systems algorithmic & complexity issues (tradeoff) connection with functional models

  40. Normalized Graphics Petri nets Simple mode automata Interaction diagrams Hierarchical descriptions

  41. Motivations Find the “good” states/events formalism for reliability studies higher level modeling sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy hybrid systems algorithmic & complexity issues (tradeoff) connection with functional models

  42. » » » » » » Electric Nets

  43. Motivations Find the “good” states/events formalism for reliability studies higher level modeling sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy hybrid systems algorithmic & complexity issues (tradeoff) connection with functional models

  44. Hybrid Systems Mixing discrete events and continuous variation, e.g. temperature controller

  45. Motivations Find the “good” states/events formalism for reliability studies higher level modeling sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy hybrid systems algorithmic & complexity issues (tradeoff) connection with functional models

  46. From functional to dysfunctional analyses Sensors Command automaton [e.g. state chart] • Sensors may be subject to different failure modes • How failures of sensors impact the command? • How to derive the dysfunctional model from the functional • model? • Don’t expect a silver bullet !

  47. Architecture

  48. Industrial Perspectives • Airbus (Rosas, A350) • Dassault Systems (Catia System) • ClearSy (Atelier B)

More Related