A synthesis of logic and bio-inspired techniques in the design of dependable systems

https://doi.org/10.1016/j.arcontrol.2016.04.008Get rights and content

Abstract

Much of the development of model-based design and dependability analysis in the design of dependable systems, including software intensive systems, can be attributed to the application of advances in formal logic and its application to fault forecasting and verification of systems. In parallel, work on bio-inspired technologies has shown potential for the evolutionary design of engineering systems via automated exploration of potentially large design spaces. We have not yet seen the emergence of a design paradigm that effectively combines these two techniques, schematically founded on the two pillars of formal logic and biology, from the early stages of, and throughout, the design lifecycle. Such a design paradigm would apply these techniques synergistically and systematically to enable optimal refinement of new designs which can be driven effectively by dependability requirements. The paper sketches such a model-centric paradigm for the design of dependable systems, presented in the scope of the HiP-HOPS tool and technique, that brings these technologies together to realise their combined potential benefits. The paper begins by identifying current challenges in model-based safety assessment and then overviews the use of meta-heuristics at various stages of the design lifecycle covering topics that span from allocation of dependability requirements, through dependability analysis, to multi-objective optimisation of system architectures and maintenance schedules.

Introduction

Dependability is an umbrella term that covers safety, reliability, availability, maintainability and security. Integrated and effective dependability assessment has become increasingly important as modern safety-critical systems become more heterogeneous and complex. Dependability assessment should begin early in the design so that potential problems can be identified and rectified early to avoid expensive changes later in the system lifecycle. Traditional dependability analysis techniques like fault tree analysis (FTA) and Failure Modes and Effects Analysis (FMEA) are well-established and widely used during the design phase of safety-critical systems. However, these techniques are manual processes and often performed on informal system models which may rapidly become out of date as the system design evolves. This presents challenges in maintaining the consistency and completeness of the assessment process.

Over the past 20 years, new developments in the field of dependability engineering have led to a body of work on model-based assessment and prediction of dependability which has come to be known as Model-Based Safety Assessment (MBSA). MBSA focuses on safety but extends to other attributes of dependability including reliability, availability, and even assessment of implications of security on safety. Model-based techniques offer significant advantages over traditional approaches as they utilise software automation and integration with design models to simplify the analysis of complex safety-critical systems.

The various MBSA techniques generally fall into two leading paradigms. The first focuses on the automatic construction of predictive system failure analyses, such as fault trees or FMEAs, from local failure logic stored in the architectural model of the system, or a parallel error model. This approach is typically compositional, meaning that system-level failure analyses can be generated from component-level failure logic and the topology of the system. This compositionality lends itself well to automation and reuse of component failure logic across applications, and this is beneficial to dependability analysis in ways similar to those introduced by reuse of trusted software components in software engineering. Techniques which are based upon this paradigm include the Failure Propagation and Transformation Notation (Fenelon & McDermid, 1993) and Calculus (Wallace, 2005), Hierarchically Performed Hazard Origin and Propagation Studies (HiP-HOPS) (Papadopoulos & McDermid, 1999), Component Fault Trees (Kaiser, Liggesmeyer, & Mäckel, 2003) and State-Event Fault Trees (Grunske, Kaiser, & Papadopoulos, 2005).

The second prominent MBSA paradigm focuses on automatically analysing potential failures in a system model, typically represented as a state machine, using formal verification techniques such as model-checking. This generally works by injecting possible faults into an executable formal specification of a system and studying the effects of faults on the system behaviour. The results are then used by model checking tools to verify whether system dependability requirements are being satisfied or whether violations of the requirements exist in normal or faulty conditions. Techniques in this category include Altarica (Arnold, Griffault, Point, & Rauzy, 2000), FSAP-NuSMV (Bozzano & Villafiorita, 2007), SAML (Ortmeier, Güdemann, & Lipaczewski, 2012) and PRISM (Kwiatkowska, Norman, & Parker, 2009)

Much of this recent work on dependability analysis has a natural synergy with a wider trend towards model-based design, particularly domain-specific languages. In many industries, particularly transport and aerospace, designers are increasingly adopting Architecture Description Languages (ADLs) to capture architectural and behavioural information about the system. Such ADLs may not only represent the architecture of the system, but also its functional and non-functional requirements; they may also provide facilities for the refinement of the system throughout the design lifecycle, showing how the requirements are being met at each stage. One important goal of such ADLs is to represent safety requirements and the failure logic of the system, and this has naturally led to integration with MBSA techniques.

Some of this work has been transferred to the context of model-based design. For instance, ADLs have incorporated error modelling semantics that enable dependability analysis. Recent work has demonstrated that dependability analysis of EAST-ADL models (Chen et al., 2011) and SysML models (Andrews, Fitzgerald, Payne, & Romanovsky, 2013) is possible via HiP-HOPS while dependability analysis of AADL models is possible via conversion to combinatorial (Joshi, Vestal, & Binns, 2007) and temporal/ dynamic fault trees (Mahmud et al., 2012, Merle et al., 2014) or Generalised Stochastic Petri Nets (GSPN) (Feiler & Rugina, 2007).

This work is very much ongoing and there are specific challenges to be addressed within individual techniques and the field as a whole.

In this paper, we firstly discuss a set of challenges that in our view cannot be addressed by MBSA in its current state. These challenges mainly refer to design problems where there are many potential design options to be considered. Secondly, we argue that a synthesis of these techniques with modern metaheuristics for search and optimisation can potentially address these challenges. Finally, we describe our work towards this goal within the HiP-HOPS method and tool, and we show how this work can support cost-optimal, dependability-directed design refinement and optimisation of system architectures.

The paper is an extension of Papadopoulos’ plenary DCDS 2015 paper (Papadopoulos, 2015) and is structured as follows: in Section 2, we discuss challenges; in Section 3, we present an extension of MBSA with metaheuristics; in Section 4, we discuss some of the technical challenges and limitations of the work; in Section 5, we discuss related work elsewhere in the literature, and in Section 6 we conclude by discussing how this work could inform the evolution of MBSA.

Section snippets

Challenges

MBSA techniques can answer important questions regarding the quality of individual design proposals, and in that sense they can enrich a model-driven development process. However, MBSA is neither a panacea in its various forms nor is it a static field of research. Rather it is a set of techniques which are continuously evolving to address current and new challenges. Below we identify four such challenges which MBSA techniques cannot fully address at present.

Synthesis of MBSA with metaheuristics

The above challenges go beyond the capabilities of current MBSA techniques. We believe one step towards addressing them is to achieve a synthesis of MBSA and contemporary metaheuristics, i.e., moving into an area where formal logic can meet biology and nature-inspired techniques.

In recent years, we have been working in this direction in the context of HiP-HOPS, an MBSA technique which has been developed since the late 90s (Papadopoulos & McDermid, 1999). While HiP-HOPS started as a technique

Technical discussion

Key to all of the approaches presented in Section 3 is the underlying system model in HiP-HOPS. At its core this is a architectural model that shows system elements and possible data, material, or energy flows between them. In the HiP-HOPS tool, this model can be exported from widely-used system modelling packages including Matlab Simulink (Mathworks, 2016), SimulationX (ITI, 2016), and various Eclipse-based UML modelling platforms such as Papyrus (Eclipse Foundation, 2016). As described in

Relevant work

There is very little work reported in linking MBSA to metaheuristics. In (Konak, Coit, & Smith, 2007) systems are represented as Reliability Block Diagrams (RBDs) which are subsequently optimised using meta-heuristics. HiP-HOPS enables optimisation of models which may have a networked architecture, i.e. they are not necessarily in parallel or series configurations as RBDs, and overcome the traditional assumption made in RBDs that a component or system either works or fails in a single failure

Conclusions

The technologies of model-based design, dependability analysis and the application of heuristics to the design of dependable systems, including software intensive systems, have advanced in recent years. However, we have not yet seen the emergence of a design paradigm that employs these techniques synergistically and systematically from the early stages of design to enable cost-effective, dependability-driven optimal design refinement.

In this paper, we have outlined four challenges that remain

Acknowledgements

Aspects of this work were supported by EU Projects ATESST2 (Grant 224442), and MAENAD (Grant 260057).

Professor Yiannis Papadopoulos is leader of the Dependable Systems research group at the University of Hull. He pioneered the HiP-HOPS model-based dependability analysis and optimization method and contributed to the EAST-ADL automotive design language, working with Volvo, Honda, Continental, Honeywell and DNV-GL, among others. He is actively involved in two technical committees of IFAC (TC 1.3 & 5.1).

References (61)

  • M. Walker et al.

    Automatic optimisation of system architectures using EAST-ADL

    Journal of Systems & Software

    (2013)
  • M. Wallace

    Modular architectural representation and analysis of fault propagation and transformation

    Electronic Notes Theoretical Computer Science

    (2005)
  • M. Adachi et al.

    An approach to optimization of fault tolerant architectures using HiP-HOPS

    Software Practice and Experience

    (2011)
  • A. Aleti et al.

    ArcheOpterix: an extendable tool for architecture optimization of AADL models

  • J.D. Andrews

    To not or not to not

  • Z. Andrews et al.

    Fault modelling for systems of systems

  • A. Arnold et al.

    The AltaRica formalism for describing concurrent systems

    (2000)
  • L.S. Azevedo et al.

    Automatic decomposition of safety integrity levels: optimization by Tabu search

  • L.S. Azevedo et al.

    Assisted assignment of automotive safety requirements

    IEEE Software

    (2014)
  • L.S. Azevedo et al.

    Exploring the impact of different cost heuristics in the allocation of safety integrity levels

    Model-based safety and assessment

    (2014)
  • P. Bieber et al.

    DALculus: Theory and tool for development assurance level allocation

    (2011)
  • M. Bozzano et al.

    The FSAP/NuSMV-SA safety analysis platform

    International Journal on Software Tools for Technology Transfer

    (2007)
  • D. Chen et al.

    Integrated fault modelling for safety-critical automotive embedded systems

    E&I Elektrotechnik und Informationstechnik

    (2011)
  • M.S. Dhouibi et al.

    Automatic decomposition and allocation of safety integrity level using system of linear equations

  • J.B. Dugan et al.

    Dynamic fault-tree models for fault-tolerant computer systems

    IEEE Transactions on Reliability

    (1992)
  • Eclipse Foundation

    Papyrus modelling environment

  • E. Edifor et al.

    Quantification of priority-OR gates in temporal fault trees

    (2012)
  • E. Edifor et al.

    Quantification of simultaneous-AND gates in temporal fault trees. DepCos-RELCOMEX’13

    Advances in Intelligent Systems and Computing

    (2013)
  • Feiler, P.H., & Rugina, A.E. (2007). Dependability modelling with the architecture analysis and design language (AADL)....
  • L. Grunske et al.

    Model-driven safety evaluation with state-event-based component failure annotations. CBSE'05

    Lecture Notes in Computer Science

    (2005)
  • Cited by (27)

    • Vulnerabilities and safety assurance methods in Cyber-Physical Systems: A comprehensive review

      2019, Reliability Engineering and System Safety
      Citation Excerpt :

      HRA methods require a different spectrum of information and can be applied from the beginning of the system development by constantly incorporating the new information generated during the design, leading in this way to a safer system design [51]. Fault injection can be applied to different models of the system [40, 69] or to an actual system [106]. Model checking is also applicable to the detailed system design or developed software structure [31, 94, 121].

    • A review of applications of fuzzy sets to safety and reliability engineering

      2018, International Journal of Approximate Reasoning
      Citation Excerpt :

      The application of fuzzy set theory in safety and reliability engineering has been extended to FMEA, ETA, Bayesian networks, and Petri nets. The last two decades have seen the development of new techniques for model-based safety and reliability analysis, including HiP-HOPS [168,169], ALTARICA [9], and xSAP [17,23] which in various ways automate the production of analysis artefacts like fault trees and FMEAs. The issue of both aleatoric and epistemic uncertainties have not been addressed adequately in these new techniques.

    • Supporting group maintenance through prognostics-enhanced dynamic dependability prediction

      2017, Reliability Engineering and System Safety
      Citation Excerpt :

      Dynamic dependability models enable the modelling and probabilistic analysis of dynamic failure logic systems with stochastic and temporal dependencies (e.g., reconfigurable and fault-tolerant systems [42]). There is a range of dynamic dependability models that address these dependencies: Boolean Driven Markov Processes [43], Dynamic Fault Trees (DFT) [44], Dynamic Bayesian networks [45], Dynamic Reliability Block Diagrams [46], State-Event Fault Trees [47], Temporal Fault Trees [48], or hybrid DFT models [49] (see [31] for a comprehensive overview). Apart from the analytic approaches displayed in Table 1, there has been work focused on the use of stochastic graphical models [45] and simulation methods for maintenance planning.

    View all citing articles on Scopus

    Professor Yiannis Papadopoulos is leader of the Dependable Systems research group at the University of Hull. He pioneered the HiP-HOPS model-based dependability analysis and optimization method and contributed to the EAST-ADL automotive design language, working with Volvo, Honda, Continental, Honeywell and DNV-GL, among others. He is actively involved in two technical committees of IFAC (TC 1.3 & 5.1).

    Dr Martin Walker is a lecturer in Computer Science at the University of Hull. His research interests focus on software engineering to support model-based safety analysis techniques and tools, particularly as they apply to dynamic systems. He has worked in EU projects on safety including SAFEDOR (maritime industry), ATESST2 (automotive), and MAENAD (also automotive) and is one of the creators of the HiP-HOPS analysis tool.

    Dr David Parker is a member of the Dependable Systems research group at the University of Hull. He has played a key role in the development of HiP-HOPS for over a decade and his particular research interests are optimisation techniques, particularly meta-heuristics, and how they can be applied to real problems in the dependability domain.

    Dr Septavera Sharvia is a lecturer and a member of the Dependable Systems research group at the University of Hull. She works closely with HiP-HOPS, and her research interests include model checking, EAST-ADL integration and Complex Event Processing. Prior to this, she was a Research Associate at the University of York, working on the safety analysis of Air Traffic Management project.

    Dr Leonardo Bottaci is a Senior Lecturer in the Department of Computer Science at the University of Hull where he is a member of the Dependable Systems Research Group. He gained a mathematics degree from the University of Essex and a PhD in computer science from Brunel University. He worked for a short time for Prime Computer (UK) Ltd before becoming a lecturer in the Computer Science department at the University of Hull. He has published research in software testing and model-based dependability analysis. More generally, his interests include the application of heuristic techniques to problems in software engineering and quality assurance.

    Dr Sohag Kabir received his PhD in Computer Science from the University of Hull, UK in 2016. He received the MSc degree in Embedded Systems from the University of Hull in 2012 and BSc degree in Computer Science and Engineering from Military Institute of Science and Technology (MIST), Bangladesh in 2010. His research interests include model-based safety assessment, probabilistic risk and safety analysis, dynamic safety and reliability analysis, stochastic modelling and analysis, and information encoding.

    Dr Luis Silva Azevedo recently received his PhD in the Dependable Systems research group at the University of Hull. His research focuses on the optimization of requirements allocation in safety-critical systems. Azevedo was actively involved in the European FP7 Project MAENAD for model-based analysis of dependable electric vehicle architectures.

    Ioannis Sorokos is a PhD student studying at the University of Hull's Department of Computer Science, in the Dependable Systems Group. He received his BSc in Computer Science at the Athens University of Economics and Business and his MSc in Games Programming at the University of Hull.

    View full text