[aadl]: : Question about error model events distribution

Wed Oct 22 11:32:53 EDT 2014

There have been discussions regarding the concept of exposure time in the context of failure probabilities.
Different operational contexts use different notions of exposure time and we are looking for a way of covering all of them.

From: sae-aadl-users-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu [mailto:sae-aadl-users-bounces+phf=sei.cmu.edu at lists.sei.cmu.edu] On Behalf Of stevevestal at comcast.net
Sent: Wednesday, October 22, 2014 9:14 AM
To: Viet Yen Nguyen
Cc: Sergey Zelenov; sae-aadl-users
Subject: Re: [aadl]: Question about error model events distribution

The time period used for analysis typically comes from the mission requirements.  For example, what may be desired is the probability that >= 1 fault events occur during a time period of 30 minutes for a space launch, during a time period of 10 hours for an aircraft flight, during a time period of 10 years for a satellite, etc.

________________________________
From: "Viet Yen Nguyen" <nguyenvietyen at gmail.com<mailto:nguyenvietyen at gmail.com>>
To: "Denis Buzdalov" <buzdalov at ispras.ru<mailto:buzdalov at ispras.ru>>
Cc: "Sergey Zelenov" <zelenov at ispras.ru<mailto:zelenov at ispras.ru>>, "sae-aadl-users" <sae-aadl-users at lists.sei.cmu.edu<mailto:sae-aadl-users at lists.sei.cmu.edu>>
Sent: Wednesday, October 22, 2014 7:25:18 AM
Subject: Re: [aadl]: Question about error model events distribution

Hi Denis,

1) Regarding time periods: the time period is implicit to the \lambda parameter. You of course have to make sure that all \lambda parameters in the model are based on the same time period. See also the definition of the Poisson distribution on Wikipedia.

2) Regarding the syntax and use of the distributions, I don't have a copy of the AADL Error Annex here at hand (the copy I used to have belonged to the my previous employer). I cannot therefore lookup and confirm for you whether the current text is formal enough on this. Perhaps somebody on the mailinglist who is more intimate with the AADL Error Annex can jump in here.

3) Theoretically, any probability distribution is oblivious towards its use. Its semantics are decoupled from the meaning of the random variable that is being probabilistically distributed. So far we've been taking about amount of occurrences, waiting times and decision answers as random variables. The choice of distribution for a random variable therefore depends on whether the distribution's characteristics match your intended semantics (i.e. the real world).

Viet Yen

On Wed, Oct 22, 2014 at 2:03 PM, Denis Buzdalov <buzdalov at ispras.ru<mailto:buzdalov at ispras.ru>> wrote:

Hi Viet Yen,

Thank you for your response. But, you know, I still have questions to
your answer.

> Let us translate that to practical terms. The sample 1 means that the
> error event occurs 1 time (within the timeframe according to the
> \lambda parameter of the Poisson distribution). The sample 100 means
> that the error event occurs 100 times.

The first question is what period of time event occurrence is
considered? This distribution shows the probability of n occurrences of
event during what period of time?

> Given the \lambda parameter,
> the Poisson distribution assigns a probability to that, e.g. the
> probability that the error event occurs 100 times.

The second question is am I right that you mean that \lambda parameter
can be set through the 'ProbabilityValue' record part of the
'EMV2::OccurrenceDistribution' property value?

If the answer is 'yes', then another question rises: how would you
set parameters for multiple-parameterized distributions (like the Normal
distribution)?

If the answer to the second question is 'no' then I would ask how would
you set the \lambda parameter?

> Another interesting distribution is the exponential one. It's
> continuous and spawns a probability distribution over the waiting
> time before the error event happened. For example, the probability
> that you're 100 time units in the OK state before the error event
> happens.

This part of your answer makes me messed up completely.

Am I right that you mean that the semantics of distribution setting
depends completely on the distribution type: you have
- the probability of occurrence in one case,
- expected count of occurrences in the other case and
- expected time on the third case?

Are you sure that it is formalized enough (e.g. in the standard text)
to be used by instruments or formal analysis?

--
Denis Buzdalov
Software Engineering Department, ISPRAS

-------------- next part --------------
HTML attachment scrubbed and removed