research deploy train evaluate
play

research . deploy . Train . evaluate Outline - PowerPoint PPT Presentation

Nov 02, 2023 •196 likes •577 views

On the Importance of Systematic Testing of Safety Critical Systems Anneliese Andrews Department of Computer Science University of Denver Denver, CO, USA research . deploy . Train . evaluate Outline

  1. On the Importance of Systematic Testing of Safety Critical Systems Anneliese Andrews Department of Computer Science University of Denver Denver, CO, USA research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ ¡

  2. Outline Ø Introduction Ø Background & Related Work Ø Approach ü Test Generation Process ü Phase 1: Generate Failures and Failure Applicability ü Construction of the Applicability Matrix ü Phase2: Generate Safety Mitigation Tests Ø Validation ü Case Study: Railroad Crossing Control System (RCCS) ü Multiple case study comparison ü Scalability ü Effectiveness Ø Conclusion and Future Work research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ ¡

  3. Introduction • Safety Critical Systems • Examples (medical devices, aircraft flight control, weapons and nuclear systems) • Problem: • Test regular behavior. • Test proper mitigation of failures. • Need for certification. • Model-Based Testing • Focuses on testing the system behavior. • MBT techniques do not systematically model fault behavior • Aim: An end-to-end test generation process: 1. Functional Testing 2. Generating feasible failures for behavioral states. 3. Generating tests for proper mitigation of failures. research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ ¡

  4. • Certification • “Procedure by which a third party gives written assurance that a product, process or service conforms to specified requirements” • Often related to • Standards or guidance document (e. g. automotive ISO 26262, civil aviation DO-178B, DO-254) • Verification tool requires assessment that tool capable of performing particular verification at acceptable level of confidence • Kornecki et al.: • “lack of research investment in certification technologies will have significant impact on levels of autonomous control approaches that can be properly certified” • “could lead to limiting capability of future autonomous systems” research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ ¡

  5. • Focus of testing activities (V-model of ISO 26262): • Safety requirements verification • System level black box testing • Test case execution from Cause Consequence diagrams • Prototyping/Animation • Boundar value analysis • Equivalence classes, inpu partitioning • Process simulation research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ ¡

  6. Background Ø Model Based Testing (MBT) ü Communicating EFSM (CEFSM) ü CEFSM = (S, s0, E, P, T,A, M, V, C) ü CEFSMs communicate by exchanging messages through communication channels ü Test Case Generation from CEFSM Model ü Hesse et al., 2007 and Bourhfir et al., 1998. use reachability analysis to generate TCs ü Kovas et al., 2002. use mutation to enable the automation of test selection in a CEFSM model Ø Fault Modeling and Analysis ü Tribble et al., 2004. Introduce FTA (technique used to detect the specific causes of possible hazards) Ø Integration of Safety Analysis Techniques and Behavior Models ü Ariss et al., 2011, Analysis only (Not Testing) ü Kim et al., 2010 ¡ ü Sánchez et al., 2003 Introduce approach for generating test cases Ø Mitigation Modeling ü Avizienis et al., 2004 ( A Taxonomy of error handling & fault tolerance techs) ü Lerner et al., 2010 ( Identify several patterns) research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ ¡

  7. The approach Ø Test Generation Process Ø Phase 1: Generate Failures and Failure Applicability ü Uses a CEFSM as BM & FT as a FM. ü Make FT compatible with BM ü Transform FT into CEFSM notations & integrate it with the BM. ü Generate tests from the integrated model Ø Construction of the Applicability Matrix Ø Phase 2: Generate Safety Mitigation Tests ü Testing proper mitigation where it is required. ü Construct BT from BM using BC ü Generate (p, e) pairs from applicability matrix ü Select (p, e) using CC(c1-c4) ü Construct a MM For each e ü Construct MT & woven into the BT at point of failure. ü Construct SMT to test SCSs. research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ ¡

  8. CEFSM • CEFSM =(S,s 0 ,E,P,T,M,V,C), such that: a /x S 1 – S is a finite set of states, b /x S 0 b /c a/e – s 0 is the initial state, a /y C 1 ¡ b /x S 2 – E is a set of events, – P is a set of boolean predicates, – T is a set of transition functions such that T: R 1 S × P × E → S × A × M, c/a R 0 a /y – M is a set of communicating messages, d /z b/z – V is a set of variables, and R 2 C 2 ¡ – C is the set of input/output communication c/f channel used in this CEFSM T(s i , p i , get(m i ))/(s j , send(m j1 ,..., m jk ), A) f/x e / c m i = (mId, e j , mDestination) 2 u u 0 C 3 ¡ e j = (eId, eOccurrence, eStatus) e/y research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 8 ¡ ¡

  9. Fault Tree • Why use FT? • Model-like not procedural. • Visual. • Quantitative and Qualitative analysis. • Explicitly describes how events combine to result in a hazard or failure. research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 9 ¡ ¡

  10. Fault Tree cont’ A fault tree evaluates the combinations of failures that can lead to the top event of interest. research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 10 ¡ ¡

  11. Compatibility Transformation FT = ( ∨ ,( ∨ ,ACInit fail, NitroPurge fail) ,( ∨ ,(Instrument fail, CryoTesting fail, Chilldown fail))) FT’= ( ∨ ,( ∨ ,BFACInitiation.BFCond, BFNitrogenPurge.BFCond) ,( ∨ ,(BFInstrument.BFCond, BFCryoTesting.BFCond, BFChilldown.BFCond))) research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 11 ¡ ¡

  12. Transformation Rules • Fault model Transformation. • Transform FT gates to equivalent GCEFSMs. • GCEFSM performs the same boolean function. research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 12 ¡ ¡

  13. Transformation rules cont’ AND Gate ¡ GateNotOccurred T 1 T 1 T 2 T 2 M i (e 1 (e 1 .eOccurrence=t,e 1 .eStatus=t)) ¡ M i (e 1 (e 1 .eOccurrence=t,e 1 .eStatus=t)) ¡ M j (e 2 (e 2 .eOccurrence=t,e 2 .eStatus=t)) ¡ M i (e 1 (e 1 .eOccurrence=t,e 1 .eStatus=f)) ¡ M i (e 1 (e 1 .eOccurrence=t,e 1 .eStatus=f)) ¡ GateOccurred NOP NOP NOP S 0 ¡ S 1 ¡ T 0 T 0 T 0 T 3 TotalNoOfEvents NoOfPositiveEvents 2 1 0 1 2 0 1 research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 13 ¡ ¡

  14. Transformation Procedure EX . Event name Event ID Gate ID B E B1 G 1 C E B2 G 1 A E B3 G 2 research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 14 ¡ ¡

  15. Transformation Procedure cont’ Procedure FTA_TO_GCEFSM (T : Tree) { if (tree is null) then return, for each child C of T from left to right do FTA_TO_GCEFSM(C), Construct GCEFSM gate,// Create a gate and configure its // variables, output messages, // and its ID. if (leaf node) then insert event name, event ID & Gate ID into Event-Gate table. } research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 15 ¡ ¡

  16. Integration Procedure Event-Gate table for Leaf nodes research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 16 ¡ ¡

  17. Integration Procedure cont’ Procedure ModelsIntegration(BM,Event-Gate Table) { For every m Bk Do For every Event-Gate entries Do If ( m Bk . EventNameAndAttribute == Event-Gate.EventNameAndAttribute ) then m Bk .EventID = Event-Gate.e i m Bk .mDestination = Event-Gate.G i } research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 17 ¡ ¡

  18. Test Generation From CEFSM • Hessel et al. • Use reachability analysis, • Prune the branches that will not contribute to the coverage. • Bourhfir et al. • Use reachability analysis techniques to produce test cases for the global system. • CEFTG Generates test cases for each CEFSM individually. • Compute partial product of the system. • The algorithm terminates when the coverage achieved. • Li et al. • Create flow diagram of the model, • calculate a weight of each node, weight is mapped to the CEFSM branch for behavior and extension of events with variables to model data. • Dominator: node A dominates node B if covering B implies node A. • Priority: additional coverage, higher priority. • Weight: depth of the node in the tree. • Each node is a branch and each edge is possible execution. • Tests provide additional coverage that have a higher priority. research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ 18 ¡ ¡

  19. Construction of the Applicability Matrix • Failure Types research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ ¡

  20. Phase2: Generate Safety Mitigation Tests Ø Construct a BT from the BM, using behavior test criteria BC. Ø Determine failure scenarios based on coverage criteria. Ø Construct MT from MM, using MC. Ø Construct a SMT using the BT, failure scenarios and MT according to WR. research ¡ . ¡ deploy ¡ . ¡Train ¡ . ¡ evaluate ¡ ¡

Recommend

23 Advanced Topics 5: Multi-lingual Models Up until now, we have assumed that in the case of

23 Advanced Topics 5: Multi-lingual Models Up until now, we have assumed that in the case of

(c) Model Pivoting (a) Result Pivoting (b) Data Pivoting src pivot pivot trg src pivot pivot trg src pivot pivot trg train train train train train train train train train train train train src src-pivot pivot-trg

179 views • 5 slides
Deploy Early, Deploy Often, Deploy Safely Andy Lowe From User Story to Production Feature

Deploy Early, Deploy Often, Deploy Safely Andy Lowe From User Story to Production Feature

Deploy Early, Deploy Often, Deploy Safely Andy Lowe From User Story to Production Feature Basic Process Commit Automated UAT Deploy Write Some Acceptance Prod Tests Code Deploy Then Theres All The Other Stuff Staging Code

815 views • 33 slides
Summary Overfitting arises when we evaluate and train on the same data. We can bound error

Summary Overfitting arises when we evaluate and train on the same data. We can bound error

Summary Overfitting arises when we evaluate and train on the same data. We can bound error of a fixed function with Hoeffdings inequality. Next lecture well get a version sensitive to function class size. 41 / 61 Part 3. . .

1.08k views • 77 slides
Dual Deploy Recovery Why do dual deploy? What you need Mandatory

Dual Deploy Recovery Why do dual deploy? What you need Mandatory

Dual Deploy Recovery Why do dual deploy? What you need Mandatory Optional/Configuration-dependent Altimeter Redundant systems Wiring Charge wells Battery and holder Shear pins Switch Parachute management

599 views • 37 slides
Antwerp 50 by train Ghent 40 by

Antwerp 50 by train Ghent 40 by

Antwerp 50 by train Ghent 40 by train Bruges 1h by train Lige 1h by train Belgian coast 1h30 by train

703 views • 23 slides
TOS Arno Puder 1 Objectives Introduce the train simulator Using the model train

TOS Arno Puder 1 Objectives Introduce the train simulator Using the model train

TOS Arno Puder 1 Objectives Introduce the train simulator Using the model train Hints for writing the train application 2 Train Setup Train app. TOS com1 PC Train application runs on top of TOS TOS implements various

262 views • 14 slides
2020-07-29_SHPWG_Issue1-Themes Address Calibrate, dynamics of Review the Evaluate Evaluate

2020-07-29_SHPWG_Issue1-Themes Address Calibrate, dynamics of Review the Evaluate Evaluate

2020-07-29_SHPWG_Issue1-Themes Address Calibrate, dynamics of Review the Evaluate Evaluate the Evaluate Evaluate evaluate, and habitat, outcomes of sediments Consider Evaluate flow path and COIs for the temperatures validate the

665 views • 43 slides
Deploy Like A Boss Oliver Nicholas DEPLOY LIKE A BOSS THE JOURNEY FROM 2 SERVERS TO 20,000 THE

Deploy Like A Boss Oliver Nicholas DEPLOY LIKE A BOSS THE JOURNEY FROM 2 SERVERS TO 20,000 THE

Deploy Like A Boss Oliver Nicholas DEPLOY LIKE A BOSS THE JOURNEY FROM 2 SERVERS TO 20,000 THE DEPLOYMENT PIPELINE SECTION LOREM IPSUM DOLOR MARCH 1, 2015 3 UBER KEYNOTE TEMPLATE UBER TECHNOLOGIES, INC BUSINESS METRICS 311 Cities

1.11k views • 32 slides
NAT66 draft-mrw-behave-nat-02.txt Margaret Wasserman mrw@sandstorm.net 1 Why Do People Deploy

NAT66 draft-mrw-behave-nat-02.txt Margaret Wasserman mrw@sandstorm.net 1 Why Do People Deploy

NAT66 draft-mrw-behave-nat-02.txt Margaret Wasserman mrw@sandstorm.net 1 Why Do People Deploy NAT? Many home/small business users deploy NAT to amplify limited IPv4 address space Wont be needed with IPv6 Some deploy NAT as a

457 views • 20 slides
deploy Automating Cloud Testing and Deployment with Deploy Monday 9/16/2013 5:10pm Room

deploy Automating Cloud Testing and Deployment with Deploy Monday 9/16/2013 5:10pm Room

deploy Automating Cloud Testing and Deployment with Deploy Monday 9/16/2013 5:10pm Room Strand 12A Kay Williams - Project Lead Background Software Deployment Platform System and Application Started in 2004 Community

405 views • 13 slides
Bethesda Big Train Partnership Presentation What is Big Train? Bethesda Big Train is a summer

Bethesda Big Train Partnership Presentation What is Big Train? Bethesda Big Train is a summer

Bethesda Big Train Partnership Presentation What is Big Train? Bethesda Big Train is a summer collegiate baseball team and non profit organization that plays in the Cal Ripken Summer Collegiate Baseball League. Bruce Adams and John Ourisman

613 views • 14 slides
Can bibliometrics be used to evaluate research in the social sciences and humanities? Professor

Can bibliometrics be used to evaluate research in the social sciences and humanities? Professor

Can bibliometrics be used to evaluate research in the social sciences and humanities? Professor Ben R. Martin SPRU Science and Technology Policy Research, The Freeman Centre, University of Sussex Brighton, BN1 9QE, UK

366 views • 22 slides
& Reduce Costs What Is Service Design? The Double Diamond Discover Define Design Deploy

& Reduce Costs What Is Service Design? The Double Diamond Discover Define Design Deploy

How Service Design Can Improve Experiences & Reduce Costs What Is Service Design? The Double Diamond Discover Define Design Deploy Research Insight Develop Prototype Undertake research to Synthesise research Design personas,

509 views • 15 slides
Paris light train Paris light train Something to learn for Urban transportation? Rmy

Paris light train Paris light train Something to learn for Urban transportation? Rmy

8th Conference on Applied Infrastructure Research 8th Conference on Applied Infrastructure Research 9-10 October, 2009 Berlin Berlin Paris light train Paris light train Something to learn for Urban transportation? Rmy Prudhomme, Martin

338 views • 22 slides
A-train Commuter Rail Updated July 31, 2018 Presentation Overview DCTA A-train Commuter Rail

A-train Commuter Rail Updated July 31, 2018 Presentation Overview DCTA A-train Commuter Rail

Positive Train Control (PTC) Implementation on A-train Commuter Rail Updated July 31, 2018 Presentation Overview DCTA A-train Commuter Rail Facts DCTAs A -train Safety Record What is Positive Train Control? ETA-C Technology

359 views • 14 slides
TRAIN Demonstration TRAIN is a paperless Web based system designed to assist OSHPD employees

TRAIN Demonstration TRAIN is a paperless Web based system designed to assist OSHPD employees

ITSS Information Technology Services Section Changing the Face of Technology TRAIN Demonstration TRAIN is a paperless Web based system designed to assist OSHPD employees with online training requests. TRAIN allows managers/supervisors and

648 views • 13 slides
Digital Health for Allied Health professionals with Katrina Otto, Train IT Medical

Digital Health for Allied Health professionals with Katrina Otto, Train IT Medical

Digital Health for Allied Health professionals with Katrina Otto, Train IT Medical www.trainitmedical.com.au www.trainitmedical.com.au Our Plan: 1.Identify software criteria and education needs of practitioners 2.Evaluate software and

473 views • 31 slides
TRISTAN 2016, Aruba, June 2016 1 Real-time train rescheduling Train scheduling : routing and

TRISTAN 2016, Aruba, June 2016 1 Real-time train rescheduling Train scheduling : routing and

TRISTAN 2016, Aruba, June 2016 1 Real-time train rescheduling Train scheduling : routing and scheduling a set of trains on a railway network (including stations) at planning level nominal timetable Train rescheduling : nominal train

250 views • 13 slides
What is it? The Harlem Renaissance was a flowering of African American social thought which

What is it? The Harlem Renaissance was a flowering of African American social thought which

The Harlem Renaissance of the 1920s Take The A Train Bill lly y Strayh yhorn rn for the Duke Ellin ingto ton Orchestra stra You must take the A train To go to Sugar Hill way up in Harlem If you miss the A train You'll find you

639 views • 24 slides
COS 495 Precept 2 Machine Learning in Practice Misha Precept Objectives Review how to train

COS 495 Precept 2 Machine Learning in Practice Misha Precept Objectives Review how to train

COS 495 Precept 2 Machine Learning in Practice Misha Precept Objectives Review how to train and evaluate machine learning algorithms in practice. Make sure everyone knows the basic jargon. Develop basic tools that you will use when

416 views • 19 slides
Research Plan to Evaluate Efficiency and Emissions in Cookstoves for Lesoit, Tanzania By: James

Research Plan to Evaluate Efficiency and Emissions in Cookstoves for Lesoit, Tanzania By: James

Research Plan to Evaluate Efficiency and Emissions in Cookstoves for Lesoit, Tanzania By: James Babers, Mohammed Alnaseem, Fahad Alboaijan, Ibrahim Yousef, And Rawan Farman EGR 476C Students, Spring 2016 Instructor: Professor Dianne McDonnell

424 views • 29 slides
Fatal derailment: Is Amtraks reputation riding on its response to the wreck of Train 188? The

Fatal derailment: Is Amtraks reputation riding on its response to the wreck of Train 188? The

Fatal derailment: Is Amtraks reputation riding on its response to the wreck of Train 188? The crisis On May 12, 2015, an Amtrak train was traveling the busy Northeast Corridor. In a 50 mph zone, train number 188 hit a speed of 106 mph

495 views • 15 slides
Should we use bibliometric indices to evaluate research? Denis Bouyssou CNRSLAMSADE LINA

Should we use bibliometric indices to evaluate research? Denis Bouyssou CNRSLAMSADE LINA

Should we use bibliometric indices to evaluate research? Denis Bouyssou CNRSLAMSADE LINA February (based on joint work with Thierry Marchant, Ghent University, Belgium) If you do not know Thierry. . . Outline 1 Bibliometrics 2

792 views • 78 slides
Train Smarter 1 The days of just training harder are over, you need to train smarter.

Train Smarter 1 The days of just training harder are over, you need to train smarter.

Train Smarter 1 The days of just training harder are over, you need to train smarter. Just Training Harder has Limitations Limited Personalized Feedback Limited Data Collection Limited Athlete Motivation So Train Smarter with

302 views • 14 slides

More recommend