Presentation is loading. Please wait.

Presentation is loading. Please wait.

AltaRica A Formal Language for Event Oriented Modeling A. Rauzy IML/CNRS & ARBoost Technologies Marseilles, France.

Published byEarl Elbon Modified over 9 years ago

Similar presentations

Presentation on theme: "AltaRica A Formal Language for Event Oriented Modeling A. Rauzy IML/CNRS & ARBoost Technologies Marseilles, France."— Presentation transcript:

1 AltaRica A Formal Language for Event Oriented Modeling A. Rauzy IML/CNRS & ARBoost Technologies Marseilles, France

2 Contents I.Introductory Examples II.Motivations III.Formal Model IV.Tools V.Examples of Use VI.Perspectives

3 Contents I.Introductory Examples II.Motivations III.Formal Model IV.Tools V.Examples of Use VI.Perspectives

4 A repairable component node component state s: {working,failed,repair}; event failure, startRepair, endRepair; trans (s=working) |- failure -> s:=failed (s=failed) |- startRepair -> s:=repair; (s=repair) |- endRepair -> s:=working; init s:=working edon

5 A Valve node valve state closed:bool; flow input:float:in; output:float:out; event open, close; trans closed |- open -> closed:=false; not closed |- close -> closed:=true; init closed := true; assert output = if closed then 0 else input; edon

6 Two Valves in Series node twoValves flow input:float:in; output:float:out; sub A:valve, B:valve; assert A.input = input, B.input = A.output, output = B.output; edon

7 A repairable component and its repairer node repairableSystem event startRepair, endRepair; sub C:component, R:repairer; sync startRepair = C.startRepair and R.startJob, endRepair = C.endRepair and R.endJob; edon

8 Contents I.Introductory Examples II.Motivations III.Formal Model IV.Tools V.Examples of Use VI.Perspectives

9 Motivations: Reliability Engineering Target systems: nuclear power plants, chemical plants, avionic systems, … Assess the risk and its consequences: what can go wrong ? what is the expectation that something goes wrong ? what are the consequences ?

10 Motivations: Reliability Enginering Analyses: Determination of failure scenarii Assessment of failure probability Ranking of components with respect to their contribution to the risk

11 Motivations: Reliability Engineering Classical formalisms (Fault Trees, Markov Graphs, Petri Nets) –Well defined semantics –Easy to handle –Textual and graphical –Good tradeoffs expressivity/efficiency … but Lack of structure (PN, MG) or Lack of expressivity (FT)  Models are hard to design and to maintain

12 The AltaRica Project AltaRica: a high level formal description language based on the notion of mode automata compilation into low level formalisms (efficiency) synergy with formal methods (e.g. model checking)

13 System Analysis Dynamic Systems/Simulation: Differential Equations e.g. Modelica Code generation: Data-Flow models e.g. State Charts, Lustre Reliability Engineering: Event driven models, non-determinism e.g. Fault Trees, Petri nets, AltaRica

14 Contents I.Introductory Examples II.Motivations III.Formal Model IV.Tools V.Examples of Use VI.Perspectives

15 Mode Automata s=1 t=0 s=1 t=0 s=0 t=1 mode event  : g(S,I) |- e -> S:=f(S,I) [Marininchi98, Rauzy02] A = S: state variables I: input variables O: output variables E: events  : transitions  : transfer function  : initial state O =  (S,I) IOS

16 Algebra of Mode Automata ProductConnection Synchronization of events Operations on mode automata Synchronization G1 |- e1 -> S1:=f1 G2 |- e2 -> S2:=f2 G3 |- e3 -> S2:=f3 e = e1 and (e2 or e3) G1 and (G2 or G3) |- e -> S1 := if G1 then f1 else S1 S2 := if G2 then f2 else S2 S3 := if G3 then f3 else S3 fire the fireable local transitions

17 Two Valves in Series node twoValves flow input:float:in; output:float:out; sub A:valve, B:valve; assert A.input = input, B.input = A.output, output = B.output; edon

18 A repairable component and its repairer node repairableSystem event startRepair, endRepair; sub C:component, R:repairer; sync startRepair = C.startRepair and R.startJob, endRepair = C.endRepair and R.endJob; edon

19 Mode Automata: External View View Time schedule traces mode

20 Mode Automata … generalize fault trees, Markov graphs, Petri nets (P1>0) and (P2=0) |- T -> P1:=P1-1, P3:=P3+2; P3 P1 P2 T 2 remote interactions … generalize block-diagrams … make it possible to define hierarchies, packages, …

21 Categories of Events Timed events: take a non null time Stochastic events (default) Probability distributions with parameters (exponential, Weibull,...) Dirac events Instaneous events: take no time and may have a priority Immediate events Conditional events

22 A Spare Unit

23 A Periodically Tested Component

24 The Extern Clause The role of the extern clause is: to give some interpretation to the model, e.g. priorities to transitions, probability distributions to events, to give tools a specific information, to provide some mechanism to extend the language. In AltaRica Data-Flow, the syntax of the extern clause is normalized: node … extern law = exponential(0.001) ; parameter lambda = 0.001; … edon type of the information specified element value

25 Commutation of the syntax and the semantics node System sub A:Component, B.Component, R:RepairMen … edon node S state A.s, B.s, R.s; … edond syntactic composition reachability graphs reachability graph synchronized product

26 Contents I.Introductory Examples II.Motivations III.Formal Model IV.Tools V.Examples of Use VI.Perspectives

27 Tools Workbenches Powerful graphical user interfaces for the design of models Graphical simulators OCAS (Dassault Aviation), SimFia (EADS-APSYS), Saraa (Airbus) Assessment tools Compilers to Fault Trees Compilers to Markov Graphs Stochastic simulators Generators of sequences Compilers to formal languages (Lustre, SMV) Model-Checkers AltaTools, Mec V (LaBRI), Combava (ARBoost Technologies)

28 Combava: an AltaRica Data-Flow Toolbox node Cmp state s: … edon AltaRica Data-Flow Fault Trees alta-a2b Aralia Markov Graphs alta-mrk Mark-XPR Monte-Carlo simulation alta-sto Generation of sequences, model checking alta-seq Stepwise simulation alta-sim

29 Contents I.Introductory Examples II.Motivations III.Tools IV.Formal Model V.Examples of Use VI.Perspectives

30 Models Designed So Far 3 categories of models Functional models Mainly academic (Bordeaux) -> model checking Simple and huge dysfunctional models (~ bloc diagrams), e.g. Dassault F7X, … Compilation into fault trees Treatment chain validated by certification authorities Complex but (relatively) small models, e.g. Total, Production availability, High integrity protection systems Markov analyses, Monte-Carlo simulation

31 Production Availability HPS-A HPS-B HPS-C DEH-A DEH-B CMP-A CMP-B MUP 45% 65% 52% 100% HPS8.91 10 DEH3.11 10 CMP3.50 10  2.54 10 3.95 10 5.14 10 -5 -3  MUP0.001 well tank

32 Markov Analyses AltaRica model alta-a2g Multi Phase Markov models with rewards command fileMark-XPR Steady state probability Transient probability Mean sojourn time  Expectation of any quantity defined on states

33 Generation of (relevant) sequences AltaRica Automaton Sequence automaton alta-seqsequences automaton mySequences s1: #l not failed : s1; s1: #l failed : s2; init s1 : #l := 1; accept s2; end Model-checking: same automata with a Büchi acceptance criterion

34 Contents I.Introductory Examples II.Motivations III.Tools IV.Formal Model V.Examples of Use VI.Perspectives

35 Perspectives Find the “good” states/events formalism for reliability studies sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy algorithmic & complexity issues (tradeoff) connection with functional models hybrid systems higher level modeling

36 Motivations Find the “good” states/events formalism for reliability studies sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy algorithmic & complexity issues (tradeoff) connection with functional models hybrid systems higher level modeling These issues are well addressed by current version(s) of AltaRica

37 Motivations sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy algorithmic & complexity issues (tradeoff) connection with functional models hybrid systems higher level modeling Find the “good” states/events formalism for reliability studies

38 Higher Level Modeling Need for Connection to external routines Structured types Parametric descriptions High level operations … and even object oriented modeling  Extension of the language

39 Motivations Find the “good” states/events formalism for reliability studies sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy algorithmic & complexity issues (tradeoff) connection with functional models hybrid systems higher level modeling

40 Normalized Graphics Simple mode automata Petri nets Hierarchical descriptions Interaction diagrams

41 Motivations Find the “good” states/events formalism for reliability studies sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy algorithmic & complexity issues (tradeoff) connection with functional models hybrid systems higher level modeling

42 Electric Nets

43 Motivations Find the “good” states/events formalism for reliability studies sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy algorithmic & complexity issues (tradeoff) connection with functional models hybrid systems higher level modeling

44 Hybrid Systems Mixing discrete events and continuous variation, e.g. temperature controller

45 Motivations sound mathematical basis graphical representation generalization of currently used formalisms looped systems hierarchy algorithmic & complexity issues (tradeoff) hybrid systems higher level modeling connection with functional models Find the “good” states/events formalism for reliability studies

46 From functional to dysfunctional analyses Sensors Command automaton [e.g. state chart] Sensors may be subject to different failure modes How failures of sensors impact the command? How to derive the dysfunctional model from the functional model? Don’t expect a silver bullet !

47 Architecture

48 Industrial Perspectives Airbus (Rosas, A350) Dassault Systems (Catia System) ClearSy (Atelier B)

Download ppt "AltaRica A Formal Language for Event Oriented Modeling A. Rauzy IML/CNRS & ARBoost Technologies Marseilles, France."

Similar presentations

Integration of MBSE and Virtual Engineering for Detailed Design

Integration of MBSE and Virtual Engineering for Detailed Design
MDI 2010, Oslo, Norway Behavioural Interoperability to Support Model-Driven Systems Integration Alek Radjenovic, Richard Paige The University of York,

MDI 2010, Oslo, Norway Behavioural Interoperability to Support Model-Driven Systems Integration Alek Radjenovic, Richard Paige The University of York,
27.9.04H.G.Essel: Go4 - J. Adamczewski, M. Al-Turany, D. Bertini, H.G.Essel, S.Linev CHEP 2004 Go4 v2.8 Analysis Design.

H.G.Essel: Go4 - J. Adamczewski, M. Al-Turany, D. Bertini, H.G.Essel, S.Linev CHEP 2004 Go4 v2.8 Analysis Design.
Based on: Petri Nets and Industrial Applications: A Tutorial

Based on: Petri Nets and Industrial Applications: A Tutorial
STATEMATE A Working Environment for the Development of Complex Reactive Systems.

STATEMATE A Working Environment for the Development of Complex Reactive Systems.
Introduction to Graph “theory”

Introduction to Graph “theory”
CS 367: Model-Based Reasoning Lecture 2 (01/15/2002)

CS 367: Model-Based Reasoning Lecture 2 (01/15/2002)
Timed Automata.

Timed Automata.
May 9, 2008IPA Lentedagen, Rhenen1 Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains Hichem Boudali 1, Pepijn Crouzen 2, and Mariëlle.

May 9, 2008IPA Lentedagen, Rhenen1 Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains Hichem Boudali 1, Pepijn Crouzen 2, and Mariëlle.
Petri net modeling of biological networks Claudine Chaouiya.

Petri net modeling of biological networks Claudine Chaouiya.
Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University.

Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University.
NeSSI AND ANALYZERS NeSSI AND ANALYZERS ISSUES AND DISCUSSION REGARDING THE SAM CONCEPT FROM THE ANALYZER SUPPLIERS PERSPECTIVE.

NeSSI AND ANALYZERS NeSSI AND ANALYZERS ISSUES AND DISCUSSION REGARDING THE SAM CONCEPT FROM THE ANALYZER SUPPLIERS PERSPECTIVE.
Effective Software Engineering Pedagogy By Evelyn Stiller and Cathie LeBlanc Plymouth State College.

Effective Software Engineering Pedagogy By Evelyn Stiller and Cathie LeBlanc Plymouth State College.
CS189A/172 - Winter 2008 Lecture 7: Software Specification, Architecture Specification.

CS189A/172 - Winter 2008 Lecture 7: Software Specification, Architecture Specification.
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Towards a HOL Framework for the Deductive Analysis of Hybrid Control Systems ADPM’2000 Norbert Völker University of Essex, England.

Towards a HOL Framework for the Deductive Analysis of Hybrid Control Systems ADPM’2000 Norbert Völker University of Essex, England.
© Copyright Eliyahu Brutman Programming Techniques Course.

© Copyright Eliyahu Brutman Programming Techniques Course.
A Library for Synchronous Control Systems in Modelica Martin Otter Bernhard Thiele Hilding Elmqvist DLR Dassault Systèmes Institute of System Dynamics.

A Library for Synchronous Control Systems in Modelica Martin Otter Bernhard Thiele Hilding Elmqvist DLR Dassault Systèmes Institute of System Dynamics.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 13 Slide 1 Application architectures.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 13 Slide 1 Application architectures.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Similar presentations

Ads by Google