Abstract
Abstract
Reliability is a fundamental property for critical systems. A thorough evaluation of the reliability is required by the certification procedures in various application domains, and it is important to support the exploration of the space of the design solutions. In this paper we propose a new, fully automated approach to the reliability analysis of complex redundant architectures. Given an abstract description of the architecture, the approach automatically extracts a fault tree and a symbolic reliability function, i.e. a program mapping the probability of fault of the basic components to the probability that the overall architecture deviates from the expected behavior. The proposed approach heavily relies on formal methods, by representing the architecture blocks as Uninterpreted Functions, and using the so-called miter construction to model the deviation from the nominal behavior. The extraction of all the deviation conditions is reduced to an AllSMT problem, and we extract the reliability function by traversing the Binary Decision Diagram corresponding to the quantified formula. Predicate abstraction is used to partition and speed up the computation. The approach has been implemented leveraging formal tools for model checking and safety assessment. A thorough experimental evaluation demonstrates its generality and effectiveness of the proposed techniques.
- ABB+06 Akerlund O, Bieber P, Bde E, Bozzano M, Bretschneider M, Castel C, Cavallo A, Cifaldi M, Gauthier J, Griffault A, Lisagor O, Ludtke A, Metge S, Papadopoulos C, Peikenkamp T, Sagaspe L, Seguin C, Trivedi H, Valacca L (2006) ISAAC, a framework for integrated safety analysis of functional, geometrical and human aspects. In: Proceedings of ERTS, TolouseGoogle Scholar
- AL81 Fault tolerance, principles and practice1981Upper Saddle RiverPrentice/Hall International0697.68010Google ScholarDigital Library
- AS74 An algorithm for the accurate reliability evaluation of triple modular redundancy networksIEEE Trans Comput197423768269210.1109/T-C.1974.2240160279.94024Google ScholarDigital Library
- BBC+05 MathSAT: tight integration of SAT and mathematical decision proceduresJ Autom Reason2005351-3265293227035710.1007/s10817-005-9004-z1109.68101Google ScholarDigital Library
- BBC+16 Bittner B, Bozzano M, Cavada R, Cimatti A, Gario M, Griggio A, Mattarei C, Micheli A, Zampedri G (2016) The xSAP safety analysis platform. In: Proceedings of TACAS, vol 9636 of LNCS, pp 533–539Google Scholar
- BCF+06 Bruttomesso R, Cimatti A, Franzén A, Griggio A, Santuari A, Sebastiani R (2006) To Ackermann-ize or not to ackermann-ize? On efficiently handling uninterpreted function symbols in SMT(EUF). In: Hermann M, Voronkov A (eds) Logic for programming, artificial intelligence, and reasoning, 13th international conference, LPAR 2006, Phnom Penh, Cambodia, November 13–17, 2006, Proceedings, vol 4246 of lecture notes in computer science, Springer, pp 557–571Google Scholar
- BCGM15 Bozzano M, Cimatti A, Griggio A, Mattarei C (2015) Efficient anytime techniques for model-based safety analysis. In: Kroening D, Pasareanu CS (eds) Computer aided verification—27th international conference, CAV 2015, San Francisco, CA, USA, July 18–24, 2015, Proceedings, Part I, vol 9206 of lecture notes in computer science, Springer, pp 603–621Google Scholar
- BCK+11 Safety, dependability and performance analysis of extended AADL modelsComput J201154575477510.1093/comjnl/bxq024Google ScholarDigital Library
- BCK+14 Spacecraft early design validation using formal methodsReliab Eng Syst Saf2014132203510.1016/j.ress.2014.07.003Google ScholarCross Ref
- BCL+11 Bozzano M, Cimatti A, Lisagor O, Mattarei C, Mover S, Roveri M, Tonetta S (2011) Symbolic model checking and safety assessment of altarica models. Electron Commun EASST 46Google Scholar
- BCP+15 Bozzano M, Cimatti A, Fernandes Pires A, Jones D, Kimberly G, Petri T, Robinson R, Tonetta S (2015) Formal Design and Safety Analysis of AIR6110 Wheel Brake System. In: Proc. CAV, volume 9206 of LNCS, pp 518–535Google Scholar
- BCT07 Bozzano M, Cimatti A, Tapparo F (2007) Symbolic fault tree analysis for reactive systems. In: Namjoshi KS, Yoneda T, Higashino T, Okamura Y (eds) Automated technology for verification and analysis, 5th international symposium, ATVA 2007, Tokyo, Japan, October 22–25, 2007, Proceedings, vol 4762 of lecture notes in computer science, Springer, pp 162–176Google Scholar
- BGL+00 Bensalem S, Ganesh V, Lakhnech Y, Munoz C, Owre S, Rueß H, Rushby J, Rusu V, Saıdi H, Shankar N et al (2000) An overview of SAL. In: Proceedings of the 5th NASA Langley formal methods workshopGoogle Scholar
- BLBM07 Flight control system architecture optimization for fly-by-wire airlinersJ Guid Control Dyn20073041023102910.2514/1.26311Google ScholarCross Ref
- Bra93 Brand D (1993) Verification of large synthesized designs. In: Proceedings of the 1993 IEEE/ACM international conference on computer-aided design, 1993, Santa Clara, California, USA, November 7–11, 1993, pp 534–537Google Scholar
- Bry86 Graph-based algorithms for boolean function manipulationIEEE Trans Comput198635867769110.1109/TC.1986.16768190593.94022Google ScholarDigital Library
- Bry92 Symbolic boolean manipulation with ordered binary-decision diagramsACM Comput Surv1992243293318120880210.1145/136035.136043Google ScholarDigital Library
- BS97 Bruns G, Sutherland I (1997) Model checking and fault tolerance. In: International conference on algebraic methodology and software technology, Springer, pp 45–59Google Scholar
- BSST09 Barrett CW, Sebastiani R, Seshia SA, Tinelli C (2009) Satisfiability modulo theories. In: Biere A, Heule M, van Maaren H, Walsh T (eds) Handbook of satisfiability, vol 185 of frontiers in artificial intelligence and applications, IOS Press, pp 825–885Google Scholar
- BV07 The FSAP/NuSMV-SA safety analysis platformSTTT20079152410.1007/s10009-006-0001-2Google Scholar
- BV10 Design and safety assessment of critical systems: an Auerbach book2010Boca RatonCRC Press10.1201/b10094Google ScholarDigital Library
- BVÅ+03 Bozzano M, Villafiorita A, Åkerlund O, Bieber P, Bougnol C, Böde E, Bretschneider M, Cavallo A et al (2003) ESACS: an integrated methodology for design and safety analysis of complex systems. In: Proceedings of ESREL 2003, Balkema Publisher, pp 237–245Google Scholar
- CCD+14 Cavada R, Cimatti A, Dorigatti M, Griggio A, Mariotti A, Micheli A, Mover S, Roveri M, Tonetta S (2014) The nuXmv symbolic model checker. In: Biere A, Bloem R (eds) Computer aided verification—26th international conference, CAV 2014, held as part of the Vienna summer of logic, VSL 2014, Vienna, Austria, July 18–22, 2014. Proceedings, vol 8559 of lecture notes in computer science, Springer, pp 334–342Google Scholar
- CCF+07 Cavada R, Cimatti A, Franzén A, Kalyanasundaram K, Roveri M, Shyamasundar RK (2007) Computing predicate abstractions by integrating BDDs and SMT solvers. In: Formal methods in computer-aided design, 7th international conference, FMCAD 2007, Austin, TX, USA, November 11–14, 2007, Proceedings, IEEE Computer Society, pp 69–76Google Scholar
- CDT13 Cimatti A, Dorigatti M, Tonetta S (2013) OCRA: a tool for checking the refinement of temporal contracts. In: Denney E, Bultan T, Zeller A (eds) 2013 28th IEEE/ACM international conference on automated software engineering, ASE 2013, Silicon Valley, CA, USA, November 11–15, 2013, IEEE, pp 702–705Google Scholar
- Čep11 Reliability block diagramAssessment of power system reliability.2011BerlinSpringer119123Google Scholar
- CGSS13 Cimatti A, Griggio A, Schaafsma BJ, Sebastiani R (2013) The MathSAT5 SMT solver. In: Piterman N, Smolka S (eds) Tools and algorithms for the construction and analysis of systems—19th international conference, TACAS 2013, held as part of the European joint conferences on theory and practice of software, ETAPS 2013, Rome, Italy, March 16–24, 2013. Proceedings, vol 7795 of lecture notes in computer science, Springer, pp 93–107Google Scholar
- CMT89 Ciardo G, Muppala JK, Trivedi KS (1989) SPNP: stochastic petri net package. In: Petri nets and performance models, the proceedings of the third international workshop, PNPM ’89, Kyoto, Japan, December 11–13, 1989, IEEE Computer Society, pp 142–151Google Scholar
- Cor64 International Business Machines Corporation (1964) SATURN V—launch vehicle digital computer: simplex models. Technical note NASA Part No. 50M35010, NASAGoogle Scholar
- DBL07 Formal methods in computer-aided design, FMCAD 2007, Austin, Texas, USA, November 11–14, 2007, Proceedings of IEEE Computer Society, 2007Google Scholar
- DBL09 Proceedings of 9th international conference on formal methods in computer-aided design, FMCAD 2009, 15–18 November 2009, Austin, TX, USA. IEEE, 2009Google Scholar
- DR01 New insights into the assessment of k-out-of-n and related systemsReliab Eng Syst Saf200172330331410.1016/S0951-8320(01)00024-2Google Scholar
- FHT+07 Efficient solving of large non-linear arithmetic constraint systems with complex boolean structureJSAT200713-42092361144.68371Google Scholar
- FM04 TMR voting in the presence of crosstalk faults at the voter inputsIEEE Trans Reliab200453334234810.1109/TR.2004.833308Google ScholarCross Ref
- GS97 Graf S, Saïdi H (1997) Construction of abstract state graphs with PVS. In: Grumberg O (ed) Computer aided verification, 9th international conference, CAV ’97, Haifa, Israel, June 22–25, 1997, Proceedings, vol 1254 of lecture notes in computer science, Springer, pp 72–83Google Scholar
- HKNP06 Hinton A, Kwiatkowska MZ, Norman G, Parker D (2006) PRISM: a tool for automatic verification of probabilistic systems. In: Holger H, Jens P (eds) Tools and algorithms for the construction and analysis of systems, 12th international conference, TACAS 2006 held as part of the joint European conferences on theory and practice of software, ETAPS 2006, Vienna, Austria, March 25–April 2, 2006, Proceedings, vol 3920 of lecture notes in computer science, Springer, pp 441–444Google Scholar
- Hol97 The model checker SPINIEEE Trans Softw Eng199723527929510.1109/32.588521Google ScholarDigital Library
- HTK10 Hamamatsu M, Tsuchiya T, Kikuno T (2010) On the reliability of cascaded TMR systems. In: Ishikawa Y, Tang D, Nakamura H (eds) 16th IEEE Pacific Rim international symposium on dependable computing, PRDC 2010, Tokyo, Japan, December 13–15, 2010, IEEE Computer Society, pp 184–190Google Scholar
- Jan97 Janowski T (1997) On bisimulation, fault-monotonicity and provable fault-tolerance. In: International conference on algebraic methodology and software technology, Springer, pp 292–306Google Scholar
- JH05 Joshi A, Heimdahl MPE (2005) Model-based safety analysis of simulink models using SCADE design verifier. In: Winther R, Gran BA, Dahll G (eds) Computer safety, reliability, and security, 24th international conference, SAFECOMP 2005, Fredrikstad, Norway, September 28–30, 2005, Proceedings, vol 3688 of lecture notes in computer science, Springer, pp 122–135Google Scholar
- JS91 Jones G, Sheeran M (1991) Relations and refinement in circuit design. In: Proceedings of the BCS FACS workshop on refinement, workshops in computing, Springer, pp 133–152Google Scholar
- JW10 Johnson JM, Wirthlin MJ (2010) Voter insertion algorithms for FPGA designs using Triple Modular Redundancy. In: Cheung PYK, Wawrzynek J (eds) Proceedings of the ACM/SIGDA 18th international symposium on field programmable gate arrays, FPGA 2010, Monterey, CA, USA, February 21–23, 2010, ACM, pp 249–258Google Scholar
- JHMW06 Joshi A, Heimdahl MPE, Miller SP, Whalen M (2006) Model-based safety analysis. NASA/CR-2006-213953Google Scholar
- KK07 Fault-tolerant systems2007BurlingtonMorgan-Kaufman1126.68015Google Scholar
- KKZ05 Katoen J-P, Khattri M, Zapreev IS (2005) A Markov reward model checker. In: Second international conference on the quantitative evaluaiton of systems (QEST 2005), 19–22 September 2005, Torino, Italy, IEEE Computer Society, pp 243–244Google Scholar
- lay LayerZero Power Systems, Inc. https://www.layerzero.com/innovations/Industry-Firsts/index.htmlGoogle Scholar
- LJL07 Voting structures for cascaded triple modular redundant modulesIEICE Electron Expr200742165766410.1587/elex.4.657Google ScholarCross Ref
- LNO06 Lahiri SK, Nieuwenhuis R, Oliveras A (2006) SMT techniques for fast predicate abstraction. In: Ball T, Jones RB (eds) Computer aided verification, 18th international conference, CAV 2006, Seattle, WA, USA, August 17–20, 2006, Proceedings, vol 4144 of lecture notes in computer science, Springer, pp 424–437Google Scholar
- LQJ Lanfang T, Qingping T, Jianli L (2011) Specification and verification of the triple-modular redundancy fault tolerant system using CSP. In: Proceedings of the fourth international conference on dependability (DEPEND), IARIA, pp 14–17Google Scholar
- LS04 Lahiri SK, Seshia SA (2004) The UCLID decision procedure. In: Alur R, Peled DA (eds) Computer aided verification, 16th international conference, CAV 2004, Boston, MA, USA, July 13–17, 2004, Proceedings, vol 3114 of lecture notes in computer science, Springer, pp 475–478Google Scholar
- Mat16 Mattarei C (2016) Scalable safety and reliability analysis via symbolic model checking: theory and applications. Ph.D. thesis, University of Trento, Trento, Italy, p 2Google Scholar
- MBBS15 Mavridou A, Baranov E, Bliudze S, Sifakis J (2015) Configuration logics: modelling architecture styles. In: Braga C, Csaba ÖP (eds) Formal aspects of component software—12th international conference, FACS 2015, Niterói, Brazil, October 14–16, 2015, Revised Selected Papers, vol 9539 of lecture notes in computer science, Springer, pp 256–274Google Scholar
- McM07 McMillan KL (2007) Interpolants and symbolic model checking. In: Cook B, Podelski A (eds) Verification, model checking, and abstract interpretation, 8th international conference, VMCAI 2007, Nice, France, January 14–16, 2007, Proceedings, vol 4349 of lecture notes in computer science, Springer, pp 89–90Google Scholar
- Mon93 Mongardi G (1993) Dependable computing for railway control systems. In: Landwehr CE, Randell B, Simoncini L (eds) Dependable computing for critical applications, vol 3. Springer, Vienna, pp 255–277Google Scholar
- RAB+95 Ranjan RK, Aziz A, Brayton RK, Pixley C, Plessier B (1995) Efficient bdd algorithms for synthesizing and verifying finite state machines. In: Proceedings of the IEEE/ACM international workshop on logic synthesis (IWLS95), Lake Tahoe (NV)Google Scholar
- Rau93 New algorithms for fault trees analysisReliab Eng Syst Saf199340320321110.1016/0951-8320(93)90060-CGoogle ScholarCross Ref
- Rau01 Mathematical foundations of minimal cutsetsIEEE Trans Reliab200150438939610.1109/24.983400Google ScholarCross Ref
- SIQW95 The UltraSAN modeling environmentPerform Eval1995241-28911510.1016/0166-5316(95)00012-M0875.68664Google ScholarDigital Library
- SLM09 Marques SJP, Lynce I, Malik S (2009) Conflict-driven clause learning SAT solvers. In: Biere A, Heule M, van Maaren H, Walsh T (eds) Handbook of satisfiability, vol 185 of frontiers in artificial intelligence and applications, IOS Press, pp 131–153Google Scholar
- Som98 Somenzi F (1998) CUDD: CU decision diagram package release 2.3.0. University of Colorado at BoulderGoogle Scholar
- TIC+05 Recursive TMR: scaling fault tolerance in the nanoscale eraIEEE Des Test Comput200522429830510.1109/MDT.2005.93Google ScholarDigital Library
- Tri02 Trivedi KS (2002) SHARPE 2002: symbolic hierarchical automated reliability and performance evaluator. In: 2002 International conference on dependable systems and networks (DSN 2002), 23–26 June 2002, Bethesda, MD, USA, Proceedings, IEEE Computer Society, p 544Google Scholar
- VGRH81 Vesely WE, Goldberg FF, Roberts NH, Haasl DF (1981) Fault tree handbook. Technical report NUREG-0492, Systems and Reliability Research Office of Nuclear Regulatory Research. U.S. Nuclear Regulatory CommissionGoogle Scholar
- VSD+02 Vesely WE, Stamatelatos M, Dugan J, Fragola J, Minarick III J, Railsback J (2002) Fault tree handbook with aerospace applications. Prepared for NASA Office of Safety and Mission Assurance, NASA Headquarters, Washington, DCGoogle Scholar
- Yeh96 Yeh YC (1996) Triple-triple redundant 777 primary flight computer. In: Aerospace applications conference, 1996. Proceedings, IEEE, vol 1, IEEE, pp 293–307Google Scholar
- ZLMR09 Zhang M, Liu Z, Morisset C, Ravn AP (2009) Design and verification of fault-tolerant components. In: Butler MJ, Jones CB, Romanovsky A, Troubitsyna E (eds) Methods, models and tools for fault tolerance, vol 5454 of lecture notes in computer science, Springer, pp 57–84Google Scholar
Recommendations
Efficient Verification of Sequential and Concurrent C Programs
There has been considerable progress in the domain of software verification over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques such as predicate abstraction. ...
Formal Verification for C Program
Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The ...
Reliability Measure of Hardware Redundancy Fault-Tolerant Digital Systems with Intermittent Faults
While significant results are available which allow estimation of reliability measure for systems with permanent faults, no generally applicable results are available for intermittent (transient) faults. Methods are presented here which allow ...
Comments