[sae-aadl] 2013-01-23 Error annex questions
Steve Vestal
stevevestal at comcast.net
Thu Feb 7 16:31:21 EST 2013
I think the reliability folks distinguish between failure rate (hazard rate); mean time to failure; and the probability that a failure will occur in a given interval of time.
The failure occurrence probability is a single real number. This can be computed from a mission (or exposure) time plus a given distribution and its parameters. So you could just specify an occurrence probability, which would be a single real number (no knowledge of the original distribution etc. is needed anymore).
Alternatively, you could specify the kind of distribution and the parameters for that distribution and an exposure time. The parameters would be different for different distributions, e.g. the Poisson parameter is a time-invariant fault rate, Weibull has two parameters (its fault rate is time-varying). Occurrence probabilities would be computed from that during analysis.
Sometimes you need multiple sets of these because an analysis may be done for a mission and things are different in different mission phases. A canonical example is space missions, where fault rates are much higher during launch but much more benign on orbit. You might be able to use modes to specify mission profiles.
From: Myron Hecht
To: 'Peter Feiler' ; 'Bruce Lewis External'
Cc: 'Don Ward' ; 'Emilio Insfran' ; 'Hall Brendan \(MN65\' ; 'Mike Whalen' ; 'Silvia Abrahao' ; nbrock at draper.com ; 'Boydston Alex K AMRDEC' ; sae-aadl at lists.sei.cmu.edu ; 'Jean-Pierre Talpin' ; 'May Michael J Dr OSD ATL' ; 'Preston John CIV (US' ; 'John Hatcliff'
Sent: Tuesday, February 05, 2013 7:51 AM
Subject: Re: [sae-aadl] 2013-01-23 Error annex questions
Hello Peter, Brian
>1) An occurrence probability property indicates the probability with which the entity occurs, with which the property is associated. For example, as a property associated with an error source and optionally an error type token it indicates the probability with which a component is an error source.
Perhaps I'm having problems with the term "occurrence probability". In section E.8;1, note 12 on page 46. It does speak about an occurrence probability, but I thought of this is the probability of going to one state or the other when there is a branch (fixed_probability). I didn't think of it as a "distribution", i.e., Poisson, Weibull, etc.
>e.g., as AADL model or as a Petrinet
This leads to the question about the token. The time it stays in any one place (whether a success or failure) is determined by the distribution. There is a duration which seems to apply but not
------------------------------------------------------------------------------
From: Peter Feiler [mailto:phf at sei.cmu.edu]
Sent: Tuesday, February 05, 2013 1:03 AM
To: Myron Hecht; Bruce Lewis External
Cc: sae-aadl at lists.sei.cmu.edu; 'Don Ward'; 'Boydston Alex K AMRDEC'; 'Hall Brendan \(MN65\'; 'Mike Whalen'; 'Silvia Abrahao'; 'Jean-Pierre Talpin'; 'Emilio Insfran'; 'John Hatcliff'; 'May Michael J Dr OSD ATL'; 'Preston John CIV (US'; nbrock at draper.com
Subject: RE: 2013-01-23 Error annex questions
Hi Myron,
Regarding E8 occurrence:
I have defined a property to express this probability distribution using a record.
(1) An occurrence probability property indicates the probability with which the entity occurs, with which the property is associated. For example, as a property associated with an error source and optionally an error type token it indicates the probability with which a component is an error source.
OccurrenceProbability : record ( ProbabilityValue : aadlreal; Distribution : EMV2::Distribution; ) Distribution : type enumeration (Poisson,Fixed);
I could have done it as Occurrence: aadlreal units (poisson, fixed => poisson *1) applies to (all);
Using poisson or fixed as units literals requires a conversion factor as shown.
The concept of a type token is useful in the context of an instance model, e.g., as AADL model or as a Petrinet. In the context of AADL a type token represents an error event instance or an error propagation instance.
In the context of a representation such as Petrinet, the type token would represent a (colored) token.
Peter
From: Myron Hecht [mailto:myron.hecht at sbcglobal.net]
Sent: Tuesday, February 05, 2013 8:44 AM
To: Peter Feiler; Bruce Lewis External
Cc: sae-aadl at lists.sei.cmu.edu; 'Don Ward'; 'Boydston Alex K AMRDEC'; 'Hall Brendan \(MN65\'; 'Mike Whalen'; 'Silvia Abrahao'; 'Jean-Pierre Talpin'; 'Emilio Insfran'; 'John Hatcliff'; 'May Michael J Dr OSD ATL'; 'Preston John CIV (US'; nbrock at draper.com
Subject: 2013-01-23 Error annex questions
Hello Peter, Bruce, et. al.
Good morning all
First of all, thanks for the continuing improvment on the error annex. I hope to be successful in making contact via Skype and LIve Meeting at 2:30 Valencia time (5:30 AM Pacifc Time). However, in the interim, I have four questions (which could be interpreted as comments):
Section E.5: Error type tokens: The text says it is a token is an instance of a type, but it's not clear to me how they are used or why they are necessary. An example might help.
Section E.8:
1. I couldn't find the concept of stochastic distributions for as occurrence properties for error events in state machines (e.g.,
Fail: error event {Occurrence => poisson lambda }; This concept is extremely important for quantitative modeling (note that it is related to but distinct from the notion of a duration and branch probability). Did I miss something?
2. Error states can be working or non-working. Can more properties be specified (e.g., "hazardous", etc.)?
3. As was the case in section E.5, I'm afraid I don't understand the role of tokens and how they are to be used in state machine model definitions (as opposed to how the models are analyzed).
I apologize for the lateness of these remarks, but I hope they are correct and useful nonetheless.
Regards
Myron Hecht
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the Sae-aadl
mailing list