Stochastic Activity Networks Templates: Supporting Variability in Performability Models

Model-based evaluation is extensively used to estimate performance and reliability of dependable systems. Traditionally, those systems were small and self-contained, and the main challenge for model-based evaluation has been the efficiency of the solution process. Recently, the problem of specifying and maintaining complex models has increasingly gained attention, as modern systems are characterized by many components and complex interactions. Components share similarities, but also exhibit variations in their behavior due to different configurations or roles in the system. From the modeling perspective, variations lead to replicating and altering a small set of base models multiple times. Variability is taken into account only informally, by defining a sample model and explaining its possible variations. In this paper we address the problem of including variability in performability models, focusing on Stochastic Activity Networks (SANs). We introduce the formal definition of Stochastic Activity Networks Templates (SAN-T), a formalism based on SANs with the addition of variability aspects. Differently from other approaches, parameters can also affect the structure of the model, like the number of cases of activities. We apply the SAN-T formalism to the modeling of the backbone network of an environmental monitoring infrastructure. In particular, we show how existing SAN models from the literature can be generalized using the newly introduced formalism

New safety evaluation methodology; A gold mining application

Several safety assessment methods have been used to evaluate and improve safety in the process industries. Different methods have various approaches and may consider safety from different aspects and at different levels of the process design. Some methods may evaluate chemical and physical safety in the processes while some other methods analyse the failure risk associated with the processes. According to the importance of both aspects of safety, a method that can evaluate them concurrently and intervene in the early design phases would be of great importance. This paper presents a method with mentioned ability which is developed based on the inherent safety assessment and probabilistic risk analysis methods. This method is implemented on an industrial case using the Petri net modelling and safety assessment tool introduced by the authors in their previous work

A template-based methodology for the specification and automated composition of performability models

Dependability and performance analysis of modern systems is facing great challenges: their scale is growing, they are becoming massively distributed, interconnected, and evolving. Such complexity makes model-based assessment a difficult and time-consuming task. For the evaluation of large systems, reusable submodels are typically adopted as an effective way to address the complexity and to improve the maintainability of models. When using state-based models, a common approach is to define libraries of generic submodels, and then compose concrete instances by state sharing, following predefined “patterns” that depend on the class of systems being modeled. However, such composition patterns are rarely formalized, or not even documented at all. In this paper, we address this problem using a model-driven approach, which combines a language to specify reusable submodels and composition patterns, and an automated composition algorithm. Clearly defining libraries of reusable submodels, together with patterns for their composition, allows complex models to be automatically assembled, based on a high-level description of the scenario to be evaluated. This paper provides a solution to this problem focusing on: formally defining the concept of model templates, defining a specification language for model templates, defining an automated instantiation and composition algorithm, and applying the approach to a case study of a large-scale distributed system69129330

Performability evaluation of the ERTMS/ETCS - Level 3

Abstract Level 3 of the ERTMS/ETCS improves the capacity of railways by replacing fixed-block signalling, which prevents a train to enter a block occupied by another train, with moving block signalling, which allows a train to proceed as long as it receives radio messages ensuring that the track ahead is clear of other trains. If messages are lost, a train must stop for safety reasons within a given deadline, even though the track ahead is clear, making the availability of the communication link crucial for successful operation. We combine analytic evaluation of failures due to burst noise and connection losses with numerical solution of a non-Markovian model representing also failures due to handovers between radio stations. In so doing, we show that handovers experienced by a pair of chasing trains periodically affect the availability of the radio link, making behavior of the overall communication system recurrent over the hyper-period of periodic message releases and periodic arrivals at cell borders. As a notable aspect, non-Markovian transient analysis within two hyper-periods is sufficient to derive an upper bound on the first-passage time distribution to an emergency brake, permitting to achieve a trade-off between railway throughput and stop probability. A sensitivity analysis is performed with respect to train speed and headway distance, permitting to gain insight into the consequences of system-level design choices