Compositional Dependability Evaluation for STATEMATE

Software and system dependability is getting ever more important in embedded system design. Current industrial practice of model-based analysis is supported by state-transition diagrammatic notations such as Statecharts. State-of-the-art modelling tools like STATEMATE support safety and failure-effect analysis at design time, but restricted to qualitative properties. This paper reports on a (plug-in) extension of STATEMATE enabling the evaluation of quantitative dependability properties at design time. The extension is compositional in the way the model is augmented with probabilistic timing information. This fact is exploited in the construction of the underlying mathematical model, a uniform continuous-time Markov decision process, on which we are able to check requirements of the form: "The probability to hit a safety-critical system configuration within a mission time of 3 hours is at most 0.01." We give a detailed explanation of the construction and evaluation steps making this possible, and report on a nontrivial case study of a high-speed train signalling system where the tool has been applied successfully.

[1]  Ren Asmussen,et al.  Fitting Phase-type Distributions via the EM Algorithm , 1996 .

[2]  Bernd Becker,et al.  Minimization of large state spaces using symbolic branching bisimulation , 2006, 2006 IEEE Design and Diagnostics of Electronic Circuits and systems.

[3]  Miklós Telek,et al.  PhFit: A General Phase-Type Fitting Tool , 2002, Computer Performance Evaluation / TOOLS.

[4]  Bernd Becker,et al.  Compositional Performability Evaluation for STATEMATE , 2006, Third International Conference on the Quantitative Evaluation of Systems - (QEST'06).

[5]  Simona Orzan,et al.  Distributed Branching Bisimulation Reduction of State Spaces , 2003, Electron. Notes Theor. Comput. Sci..

[6]  Bernd Becker,et al.  Optimization techniques for BDD-based bisimulation computation , 2007, GLSVLSI '07.

[7]  Salem Derisavi,et al.  A Symbolic Algorithm for Optimal Markov Chain Lumping , 2007, TACAS.

[8]  W. Whitt,et al.  Calculation of the GI/G/1 waiting-time distribution and its cumulants from Pollaczek's formulas , 1993 .

[9]  Andrew Hinton,et al.  PRISM: A Tool for Automatic Verification of Probabilistic Systems , 2006, TACAS.

[10]  David Harel,et al.  Modeling Reactive Systems With Statecharts : The Statemate Approach , 1998 .

[11]  Joost-Pieter Katoen,et al.  Automated compositional Markov chain generation for a plain-old telephone system , 2000, Sci. Comput. Program..

[12]  Amnon Naamad,et al.  The STATEMATE semantics of statecharts , 1996, TSEM.

[13]  Miklós Telek,et al.  PhFit: a general phase-type fitting tool , 2002, Proceedings International Conference on Dependable Systems and Networks.

[14]  Robert de Simone,et al.  Symbolic Bisimulation Minimisation , 1992, CAV.

[15]  Ramin Sadre,et al.  Fitting World Wide Web request traces with the EM-algorithim , 2001, SPIE ITCom.

[16]  Holger Hermanns,et al.  May we reach it? Or must we? In what time? With what probability? , 2011, Messung, Modellierung und Bewertung von Rechen- und Kommunikationssystemen.

[17]  Robert K. Brayton,et al.  On Computing the Transitive Closure of a State Transition Relation , 1993, 30th ACM/IEEE Design Automation Conference.

[18]  Rolf Drechsler,et al.  Binary Decision Diagrams - Theory and Implementation , 1998 .

[19]  Marco Ajmone Marsan,et al.  Modelling with Generalized Stochastic Petri Nets , 1995, PERV.

[20]  Holger Hermanns,et al.  Uniformity by Construction in the Analysis of Nondeterministic Stochastic Systems , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[21]  Peter Buchholz,et al.  A novel approach for fitting probability distributions to real trace data with the EM algorithm , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[22]  Amir Pnueli,et al.  A Compositional Real-Time Semantics of STATEMATE Designs , 1997, COMPOS.

[23]  Jane Hillston,et al.  A compositional approach to performance modelling , 1996 .

[24]  Christel Baier,et al.  Model-Checking Algorithms for Continuous-Time Markov Chains , 2002, IEEE Trans. Software Eng..

[25]  Marcel F. Neuts,et al.  Matrix-geometric solutions in stochastic models - an algorithmic approach , 1982 .

[26]  Sven Johr,et al.  Model checking compositional Markov systems , 2008 .

[27]  Nicolás Wolovick,et al.  A Characterization of Meaningful Schedulers for Continuous-Time Markov Decision Processes , 2006, FORMATS.

[28]  Christel Baier,et al.  Efficient Computation of Time-Bounded Reachability Probabilities in Uniform Continuous-Time Markov Decision Processes , 2005, TACAS.

[29]  Rob J. van Glabbeek,et al.  Branching time and abstraction in bisimulation semantics , 1996, JACM.

[30]  Joost-Pieter Katoen,et al.  A Markov reward model checker , 2005, Second International Conference on the Quantitative Evaluation of Systems (QEST'05).

[31]  Christel Baier,et al.  Efficient computation of time-bounded reachability probabilities in uniform continuous-time Markov decision processes , 2005, Theor. Comput. Sci..

[32]  Hans A. Hansson Time and probability in formal design of distributed systems , 1991, DoCS.

[33]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[34]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.

[35]  Bernd Becker,et al.  Sigref- A Symbolic Bisimulation Tool Box , 2006, ATVA.

[36]  B. Becker,et al.  Analysis of Large Safety-Critical Systems : A quantitative Approach ? , 2006 .

[37]  Christian Commault,et al.  On dual and minimal phase-type representations , 1993 .

[38]  Edmund M. Clarke,et al.  Sequential circuit verification using symbolic model checking , 1991, DAC '90.