Vérification probabiliste de propriétés de modèles AltaRica 3.0 Benjamin Aupetit OpenAltaRica, IRT SystemX Laboratoire de Génie Industriel, CentraleSupélec 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs" 1
Introduction Encadrement de thèse : • Antoine Rauzy (Pr) (IPK, NTNU) • Jean-Marc Roussel (MCF HDR) (LURPA, ENS Cachan) Projet OpenAltaRica, IRT SystemX • Michel Batteux (Dr) (IRT SystemX) Projet OpenAltaRica : • Partenaires Premium • Partenaires Adhérent 2 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Introduction Thèse • Débutée en Octobre 2014 • Fin prévue en Septembre 2017 Vérification probabiliste de propriétés de modèles AltaRica 3.0 3 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Introduction • Safety Assessment • Predictive analysis – Probabilistic – On models of a system • Dynamic behavior • Modeling formalism: AltaRica 3.0 4 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
OpenAltaRica Project Models class HydraulicPump Systems Specifications Boolean working ( init = false ); event failure ( delay = exponential(lambda)); transition failure: working -> working := false; end AltaRica 3.0 5 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
OpenAltaRica Project Objectives : Develop the ecosystem around the AltaRica 3.0 modeling language for the safety analysis of critical systems The Platform OpenAltaRica Integration with other Federate a community of users. o engineering disciplines The reference Implementation; Comply with certification processes o Software tools the more accurate. Forum 6 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
OpenAltaRica Project AltaRica 3.0 Workshop AltaRica 3.0 Descriptions block Plane_HydraulicSystem class NRC block HydraulicLine1 Boolean working ( init = true ); Pump P1, P2; parameter Real lambda = 0.00001; class Pump Valve V1, V2,V3; event failure ( delay = exponential (lambda)); extends NRC; class Valve …. transitions Boolean inFlow, outFlow ( reset = false ); extends NRC; assertion failure: working -> working := false ; assertion Boolean inFlow, outFlow ( reset = false ); V1.inFlow := P1.outFlow; end if working then outflow := inFlow; assertion AltaRica 3.0 …. end if working then outflow := inFlow; end end Editor Specifications …. end Stepwise Sequences Fault Trees Markov Chains Stochastic Model Checker simulator generator compiler generator simulator 7 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Stochastic Simulation Landing System example Pilot Interface Physical Computing Modules Computing Analogical Handle Module A Switch Computing Lights ElectroValves Module B x3 x5 Landing System: Cylinders x6 • AltaRica 3.0 modeling: – 129 components, ~1000 variables – State-space size: 2.6 × 10 105 Sensors x36 The Landing Gear System Case Study, F. Boniol, V. Wiels (ONERA), ABZ 2015 8 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Stochastic Simulation State-space exploration 9 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Stochastic Simulation Stochastic simulation problems: • Correctness – Quality assurance • Performance – Significant results • Usefulness – Exploiting the tool to obtain useful informations on the system 10 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Stochastic Simulation • Standards • DO-178C/ED-12C : Software Considerations in Airborne Systems and Equipment Certification • DO-330/ED-215 : Tool Qualification – The user has to qualify the tool used • Evaluation kit – To allow the user to evaluate the correctness, performances and pertinence of a stochastic simulation tool A B A B A B C D C D C D Vers la définition d’un kit d’évaluation pour les simulateurs stochastiques, B. Aupetit, M. Batteux, A. Rauzy, J.-M. Roussel, Lambda-Mu 20 (2016) 11 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Stochastic Simulation Performances improvement AltaRica 3.0 • Compilation techniques Stochastic Simulation Evaluation kit • Use of the Evaluation Kit and profilage AltaRica 3.0 Tool Improvement Stochastic Simulator Landing System example Simulation of 2 × 10 9 landing/take-off • • Original : 3 years (estimated) Execution results (profilage) • Improved : 17 hours • 1500 times faster Improving performances of the AltaRica 3.0 stochastic simulator, B. Aupetit, M. Batteux, A. Rauzy, J.-M. Roussel, ESREL (2015) 12 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Stochastic Simulation Properties • Classical safety properties and indicators – MTBF : Mean Time Between Failures – MTTF : Mean Time To Failures – MTTR : Mean Time To Repair • Classical performances properties and indicators – Availability , … • Complex properties – Probability to not detect a failure when in a critical state – Mean time to perform a specific action when in a critical state – Probability to recover from a critical state Landing System example: – Gears are indicated out but are not – Gears are moving when the doors are not open – Gears are not locked out more than 15s after the order without alarm 13 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Stochastic Simulation Stochastic simulation problems : • Correctness – Quality assurance – Solution : Evaluation Kit • Performance – Significant results – Solution : Profilage and Optimizations • Usefulness – Exploiting the tool to obtain useful information on the system – Solution : Stochastic Model-Checking 14 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Stochastic Model-Checking Stochastic Model-Checking : Stochastic Model-Checking • Interaction between – Stochastic simulation Stochastic Simulation – Properties checking • To obtain statistical results Properties checking • Landing System example • Safety properties – 11 False occurrence out of 𝟑 × 𝟐𝟏 𝟘 operations Results Req 1 : 100 % ± 0.01 Probability: 𝟔. 𝟔 × 𝟐𝟏 −𝟘 • Req 2 : 100 % ± 0.01 Margin of error (95%): 𝟖. 𝟓 × 𝟐𝟏 −𝟐𝟓 • Req 3 : 42 % ± 0.01 Not OK 15 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Conclusion • Tools must be evaluated before being used • Complex safety properties can be checked using stochastic simulation Continuation • Property expression language • Stochastic model-checking tool 16 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs"
Vérification probabiliste de propriétés de modèles AltaRica 3.0 Benjamin Aupetit OpenAltaRica, IRT SystemX Laboratoire de Génie Industriel, CentraleSupélec 16 Mars 2017 Journée "Jeunes Ingénieurs Jeunes Chercheurs" 17
Recommend
More recommend