[aadl-modeling]: Undetected Error Probability
Peter Feiler
phf at sei.cmu.edu
Mon Jul 16 13:16:25 EDT 2018
Hi David,
The fault tree generator currently does not interpret the when <mode reference>. This needs to get fixed. I will put a issue report into the system.
What you can do until that time is to add an out propagation condition for the FailTransient state (FailTransient –[]-> MVB1{BTCU_Error}
Peter
PS. I need to make sure my pull request for the branch probability will get accepted soon.
PPS. In your example you need to rename your transitions t0: to failtransition for it to override the original transition definition (as discussed in an earlier post).
From: aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu [mailto:aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu] On Behalf Of David K
Sent: Monday, July 16, 2018 3:40 AM
To: AADL Modeling <aadl-modeling at lists.sei.cmu.edu>
Subject: Re: [aadl-modeling]: Undetected Error Probability
Independent to the bug in OSATE I modelled the whole system. Now the error probability isn't propagated any more. The error path works fine, as you can see in the screenshot. Is this another bug in OSATE or have I done something wrong in my modelling process?
If I change
properties
emv2::occurrencedistribution => [ probabilityValue => 0.05e-6 ;] applies to Failure;
to
properties
emv2::occurrencedistribution => [ probabilityValue => 0.05e-6 ;] applies to ef0;
in the EMV2-Annex of CCUS.i and BTCU.i
the probability displays the correct value. But in this way the error is propagated regardless of the state if I understand it corectly. I want the error only propagated when the system is in the state "FailedTransient".
Kind regards
David
Am Mi., 11. Juli 2018 um 15:03 Uhr schrieb Peter Feiler <phf at sei.cmu.edu<mailto:phf at sei.cmu.edu>>:
One more point.
In your example you make use of a predefined error state machine.
It already includes branching transitions. You added another transition with a different name. This means that both will be included in the analysis.
You can override the predefined one by giving yours the same name and assign your branching probability.
Alternatively, the original transition interprets an EMV2 property called TransientFailureRatio, so you can set its value.
Peter
From: aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu<mailto:sei.cmu.edu at lists.sei.cmu.edu> [mailto:aadl-modeling-bounces+phf<mailto:aadl-modeling-bounces%2Bphf>=sei.cmu.edu at lists.sei.cmu.edu<mailto:sei.cmu.edu at lists.sei.cmu.edu>] On Behalf Of Peter Feiler
Sent: Tuesday, July 10, 2018 4:50 PM
To: AADL Modeling <aadl-modeling at lists.sei.cmu.edu<mailto:aadl-modeling at lists.sei.cmu.edu>>
Subject: Re: [aadl-modeling]: Undetected Error Probability
David,
Thanks for sending the example. The example uncovered a bug in dealing with branching transitions.
See https://github.com/osate/osate2/issues/1380
I have a correction that will go out with the nightly build once my pull request has been approved.
Peter
From: aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu<mailto:aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu> [mailto:aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu] On Behalf Of David K
Sent: Tuesday, July 10, 2018 5:19 AM
To: AADL Modeling <aadl-modeling at lists.sei.cmu.edu<mailto:aadl-modeling at lists.sei.cmu.edu>>
Subject: Re: [aadl-modeling]: Undetected Error Probability
Thank you for your answer. I tried to implement it into my model but the outcome doesn't change at all. The OSATE editor indicates no errors so I don't know why.
As reference for the implementation I used Figure 37 in this essay: https://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_464390.pdf
The very basic model I created for this purpose is in the attachment as well as the resulting fault tree. Is there any reason why the error probability of the "BTCU_Error_Root"-device the doesn't change?
Am Mo., 9. Juli 2018 um 15:47 Uhr schrieb Peter Feiler <phf at sei.cmu.edu<mailto:phf at sei.cmu.edu>>:
EMV2 has branching transitions. This allows you to model an error event triggering a transition. This transition then takes one of several branches according to a fixed probability, e.g., your 90%.
One branch goes to a state that gets propagated – the other to a state that does not get propagated.
This capability is handy for modeling error events occurring with a given probability that result in persistent or transient error states with a specified fixed distribution.
Peter
From: aadl-modeling-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu<mailto:sei.cmu.edu at lists.sei.cmu.edu> [mailto:aadl-modeling-bounces+phf<mailto:aadl-modeling-bounces%2Bphf>=sei.cmu.edu at lists.sei.cmu.edu<mailto:sei.cmu.edu at lists.sei.cmu.edu>] On Behalf Of David K
Sent: Friday, July 6, 2018 5:14 AM
To: AADL Modeling <aadl-modeling at lists.sei.cmu.edu<mailto:aadl-modeling at lists.sei.cmu.edu>>
Subject: [aadl-modeling]: Undetected Error Probability
Good morning,
I have a short question about detected and undetected errors in a FTA:
The occurrencedistribution attribute of the EMV2-Annex displays the detected errors in a FTA if I understand it correctly. Now I additionally want to model the probability of undetected erors, e.g. an error has a probability of 1e-6 but is forwarded only in 90% of the cases. Is there any possibility for this. I searched in several documents for it but just found the possibility that an error isn't forwarded at all.
Greetings
David
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the aadl-modeling
mailing list