[aadl-modeling]: Undetected Error Probability
David K
fux1235 at googlemail.com
Mon Jul 16 03:39:54 EDT 2018
Independent to the bug in OSATE I modelled the whole system. Now the error
probability isn't propagated any more. The error path works fine, as you
can see in the screenshot. Is this another bug in OSATE or have I done
something wrong in my modelling process?
If I change
*properties*
* emv2::occurrencedistribution => [ probabilityValue => 0.05e-6 ;]
applies to Failure;*
to
*properties*
* emv2::occurrencedistribution => [ probabilityValue => 0.05e-6 ;]
applies to ef0;*
in the EMV2-Annex of CCUS.i and BTCU.i
the probability displays the correct value. But in this way the error is
propagated regardless of the state if I understand it corectly. I want the
error only propagated when the system is in the state "FailedTransient".
Kind regards
David
Am Mi., 11. Juli 2018 um 15:03 Uhr schrieb Peter Feiler <phf at sei.cmu.edu>:
> One more point.
>
> In your example you make use of a predefined error state machine.
>
> It already includes branching transitions. You added another transition
> with a different name. This means that both will be included in the
> analysis.
>
> You can override the predefined one by giving yours the same name and
> assign your branching probability.
>
> Alternatively, the original transition interprets an EMV2 property called
> TransientFailureRatio, so you can set its value.
>
>
>
> Peter
>
> *From:* aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu [mailto:
> aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu] *On Behalf Of *Peter
> Feiler
> *Sent:* Tuesday, July 10, 2018 4:50 PM
> *To:* AADL Modeling <aadl-modeling at lists.sei.cmu.edu>
> *Subject:* Re: [aadl-modeling]: Undetected Error Probability
>
>
>
> David,
>
>
>
> Thanks for sending the example. The example uncovered a bug in dealing
> with branching transitions.
>
> See https://github.com/osate/osate2/issues/1380
>
> I have a correction that will go out with the nightly build once my pull
> request has been approved.
>
>
>
> Peter
>
>
>
> *From:* aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu [
> mailto:aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu
> <aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu>] *On Behalf Of *David
> K
> *Sent:* Tuesday, July 10, 2018 5:19 AM
> *To:* AADL Modeling <aadl-modeling at lists.sei.cmu.edu>
> *Subject:* Re: [aadl-modeling]: Undetected Error Probability
>
>
>
> Thank you for your answer. I tried to implement it into my model but the
> outcome doesn't change at all. The OSATE editor indicates no errors so I
> don't know why.
>
> As reference for the implementation I used Figure 37 in this essay:
> https://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_464390.pdf
>
> The very basic model I created for this purpose is in the attachment as
> well as the resulting fault tree. Is there any reason why the error
> probability of the "BTCU_Error_Root"-device the doesn't change?
>
>
>
>
>
>
>
>
>
>
>
> Am Mo., 9. Juli 2018 um 15:47 Uhr schrieb Peter Feiler <phf at sei.cmu.edu>:
>
> EMV2 has branching transitions. This allows you to model an error event
> triggering a transition. This transition then takes one of several branches
> according to a fixed probability, e.g., your 90%.
>
> One branch goes to a state that gets propagated – the other to a state
> that does not get propagated.
>
>
>
> This capability is handy for modeling error events occurring with a given
> probability that result in persistent or transient error states with a
> specified fixed distribution.
>
>
>
> Peter
>
>
>
> *From:* aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu [mailto:
> aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu] *On Behalf Of *David
> K
> *Sent:* Friday, July 6, 2018 5:14 AM
> *To:* AADL Modeling <aadl-modeling at lists.sei.cmu.edu>
> *Subject:* [aadl-modeling]: Undetected Error Probability
>
>
>
> Good morning,
>
>
>
> I have a short question about detected and undetected errors in a FTA:
>
> The occurrencedistribution attribute of the EMV2-Annex displays the
> detected errors in a FTA if I understand it correctly. Now I additionally
> want to model the probability of undetected erors, e.g. an error has a
> probability of 1e-6 but is forwarded only in 90% of the cases. Is there any
> possibility for this. I searched in several documents for it but just found
> the possibility that an error isn't forwarded at all.
>
>
>
>
>
> Greetings
>
> David
>
>
-------------- next part --------------
HTML attachment scrubbed and removed
-------------- next part --------------
package modeling_file
public
--including packages
with busses;
with devices_generated;
--with VCU_C;
with VCU_S2;
with HMI411;
--system
system sys
end sys;
---------------------------------------------------------------------------------------------------------------------------------------------------
system BTCU
features
MVB1 : in out event port;
flows
f0 : flow source MVB1;
f1 : flow sink MVB1;
f2 : flow path MVB1 -> MVB1;
end BTCU;
system implementation BTCU.i
annex EMV2{**
use types emv2_errortype_definition, ErrorLibrary;
use behavior ErrorLibrary::PermanentTransientFailure;
error propagations
MVB1 : out propagation{BTCU_Error};
flows
ef0 : error source MVB1{BTCU_Error} when FailedTransient;
end propagations;
component error behavior
events
Reset : recover event;
transitions
t0 : Operational-[Failure]->(FailedTransient with 0.9, FailedPermanent with others);
t1 : FailedTransient-[Recovery]->Operational;
end component;
properties
emv2::occurrencedistribution => [ probabilityValue => 0.05e-6 ;] applies to Failure;
**};
end BTCU.i;
-------------------------------------------------------------------------------------------------------------------------------------------
system CCUS1 extends devices_generated::CCUS1
flows
f6 : flow path MVB1 -> ETH1;
f7 : flow path ETH1 -> MVB1;
end CCUS1;
system implementation CCUS1.i
annex EMV2{**
use types emv2_errortype_definition, ErrorLibrary;
use behavior ErrorLibrary::PermanentTransientFailure;
error propagations
MVB1 : in propagation{BTCU_Error};
ETH1 : out propagation{CCUS_Error, BTCU_Error};
flows
ef0 : error source ETH1{CCUS_Error} when FailedTransient;
ef1 : error path MVB1{BTCU_Error} -> ETH1{BTCU_Error};
end propagations;
component error behavior
events
Reset : recover event;
transitions
t0 : Operational-[Failure]->(FailedTransient with 0.9, FailedPermanent with others);
t1 : FailedTransient-[Recovery]->Operational;
end component;
properties
emv2::occurrencedistribution => [ probabilityValue => 0.05e-6 ;] applies to Failure;
**};
end CCUS1.i;
-------------------------------------------------------------------------------------------------------------------------------------------
device user
features
p_out : out event port;
annex EMV2{**
use types emv2_errortype_definition, ErrorLibrary;
use behavior ErrorLibrary::PermanentTransientFailure;
error propagations
p_out : out propagation {User_Error};
flows
ef0 : error source p_out{User_Error};
end propagations;
component error behavior
events
Reset : recover event;
transitions
t0 : Operational-[Failure]->(FailedTransient with 0.9, FailedPermanent with others);
t1 : FailedTransient-[Recovery]->Operational;
end component;
properties
emv2::occurrencedistribution => [ probabilityValue => 0.05e-6 ;] applies to Failure;
**};
end user;
process UGBT
features
p_in : in event port;
annex EMV2{**
use types emv2_errortype_definition, ErrorLibrary;
use behavior ErrorLibrary::PermanentTransientFailure;
error propagations
p_in : in propagation{BTCU_Error, CCUS_Error, User_Error};
flows
ef0 : error sink p_in{BTCU_Error, CCUS_Error, User_Error};
end propagations;
component error behavior
events
Reset : recover event;
transitions
t0 : Operational-[p_in{BTCU_Error, CCUS_Error, User_Error}]->(FailedTransient with 0.9, FailedPermanent with others);
t1 : FailedTransient-[Recovery]->Operational;
end component;
properties
emv2::occurrencedistribution => [ probabilityValue => 0.05e-6 ;] applies to Failure;
**};
end UGBT;
system TDD1 extends devices_generated::TDD1
end TDD1;
system implementation TDD1.i extends devices_generated::TDD1.i
subcomponents
ugbt : process ugbt;
user : device user;
connections
c4 : port ETH1 -> ugbt.p_in;
c5 : port user.p_out -> ugbt.p_in;
annex EMV2{**
use types emv2_errortype_definition, ErrorLibrary;
use behavior ErrorLibrary::FailStop;
error propagations
ETH1 : in propagation{CCUS_Error, BTCU_Error};
flows
ef0 : error sink ETH1{CCUS_Error, BTCU_Error};
end propagations;
composite error behavior
states
[ugbt.FailedTransient]-> FailStop;
end composite;
properties
emv2::occurrencedistribution => [ probabilityValue => 0.05e-6 ;] applies to Failure;
**};
end TDD1.i;
-------------------------------------------------------------------------------------------------------------------------------------------
--implementation of system
system implementation sys.i
subcomponents
BTCU : system BTCU.i;
CCUS1 : system CCUS1.i;
TDD1 : system TDD1.i;
MVB1 : bus busses::mvb;
ETH1 : bus busses::eth;
connections
c0 : port BTCU.MVB1 <-> CCUS1.MVB1;
c1 : port CCUS1.ETH1 <-> TDD1.ETH1;
c2 : port CCUS1.MVB1 -> BTCU.MVB1;
c3 : port TDD1.ETH1 -> CCUS1.ETH1;
flows
f0: end to end flow BTCU.f0 -> c0 -> CCUS1.f6 -> c1 -> TDD1.f1;
properties
Actual_Connection_Binding => (reference(MVB1)) applies to c0;
Actual_Connection_Binding => (reference(ETH1)) applies to c1;
annex EMV2{**
use types emv2_errortype_definition, ErrorLibrary;
use behavior ErrorLibrary::FailStop;
composite error behavior
states
[BTCU.FailedTransient]-> FailStop;
[CCUS1.FailedTransient]-> FailStop;
[TDD1.FailStop]-> FailStop;
end composite;
**};
end sys.i;
end modeling_file;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: modeling_file_sys_i-failstop_trace IconicFaultTree.png
Type: image/png
Size: 539822 bytes
Desc: not available
URL: <http://lists.sei.cmu.edu/pipermail/aadl-modeling/attachments/20180716/5b531f85/attachment.png>
More information about the aadl-modeling
mailing list