Formal Dependability Engineering with MIOA

In this paper, we introduce MIOA, a stochastic process algebra-like specification language with datatypes, as well as a logic intSPDL, and its model checking algorithms. MIOA, which stands for Markovian input/output automata language, is an extension of Lynch's input/automata with Markovian timed transitions.MIOA can serve both as a fully fledged ``stand-alone'' specification language and the semantic model for the architectural dependability modelling and evaluation language Arcade. The logic intSPDL is an extension of the stochastic logic SPDL, to deal with the specialties of MIOA. intSPDL in the context of Arcade can be seen as the semantic model of abstract and complex dependability measures that can be defined in the Arcade framework. We define syntax and semantics of both MIOA and intSPDL, and show examples of applying MIOA and intSPDL in the realm of dependability modelling with Arcade

Rich Interfaces for Dependability: Compositional Methods for Dynamic Fault Trees and Arcade models

This paper discusses two behavioural interfaces for reliability analysis: dynamic fault trees, which model the system reliability in terms of the reliability of its components and Arcade, which models the system reliability at an architectural level. For both formalisms, the reliability is analyzed by transforming the DFT or Arcade model to a set of input-output Markov Chains. By using compositional aggregation techniques based on weak bisimilarity, significant reductions in the state space can be obtained

Dependability and Survivability Evaluation of a Water Distribution Process with Arcade

Among others, drinking water belongs to the socalled critical infrastructures. To ensure that the water production meets current and future societal needs, a systematic and rigorous analysis is needed. In this paper, we report our first experience with dependability analysis of the last phase of a water treatment facility, namely the water distribution. We use the architectural language Arcade to model this facility and use the Arcade toolset to compute three relevant dependability measures: the availability of the water distribution, the reliability, i.e., the probability that the water distribution fails, and the survivability, that is, the ability to recover from disasters. Since survivability is not directly expressible in the Arcade formalism, we show how one can modify the toolchain for the analysis of survivability.\u

QuantUM: Quantitative Safety Analysis of UML Models

When developing a safety-critical system it is essential to obtain an assessment of different design alternatives. In particular, an early safety assessment of the architectural design of a system is desirable. In spite of the plethora of available formal quantitative analysis methods it is still difficult for software and system architects to integrate these techniques into their every day work. This is mainly due to the lack of methods that can be directly applied to architecture level models, for instance given as UML diagrams. Also, it is necessary that the description methods used do not require a profound knowledge of formal methods. Our approach bridges this gap and improves the integration of quantitative safety analysis methods into the development process. All inputs of the analysis are specified at the level of a UML model. This model is then automatically translated into the analysis model, and the results of the analysis are consequently represented on the level of the UML model. Thus the analysis model and the formal methods used during the analysis are hidden from the user. We illustrate the usefulness of our approach using an industrial strength case study.Comment: In Proceedings QAPL 2011, arXiv:1107.074

Confluence reduction for Markov automata

Markov automata are a novel formalism for specifying systems exhibiting nondeterminism, probabilistic choices and Markovian rates. Recently, the process algebra MAPA was introduced to efficiently model such systems. As always, the state space explosion threatens the analysability of the models generated by such specifications. We therefore introduce confluence reduction for Markov automata, a powerful reduction technique to keep these models small. We define the notion of confluence directly on Markov automata, and discuss how to syntactically detect confluence on the MAPA language as well. That way, Markov automata generated by MAPA specifications can be reduced on-the-fly while preserving divergence-sensitive branching bisimulation. Three case studies demonstrate the significance of our approach, with reductions in analysis time up to an order of magnitude

A Reasoning Framework for Dependability in Software Architectures

The degree to which a software system possesses specified levels of software quality attributes, such as performance and modifiability, often have more influence on the success and failure of those systems than the functional requirements. One method of improving the level of a software quality that a product possesses is to reason about the structure of the software architecture in terms of how well the structure supports the quality. This is accomplished by reasoning through software quality attribute scenarios while designing the software architecture of the system. As society relies more heavily on software systems, the dependability of those systems becomes critical. In this study, a framework for reasoning about the dependability of a software system is presented. Dependability is a multi-faceted software quality attribute that encompasses reliability, availability, confidentiality, integrity, maintainability and safety. This makes dependability more complex to reason about than other quality attributes. The goal of this reasoning framework is to help software architects build dependable software systems by using quantitative and qualitative techniques to reason about dependability in software architectures

Characterizing the Identity of Model-based Safety Assessment: A Systematic Analysis

Model-based safety assessment has been one of the leading research thrusts of the System Safety Engineering community for over two decades. However, there is still a lack of consensus on what MBSA is. The ambiguity in the identity of MBSA impedes the advancement of MBSA as an active research area. For this reason, this paper aims to investigate the identity of MBSA to help achieve a consensus across the community. Towards this end, we first reason about the core activities that an MBSA approach must conduct. Second, we characterize the core patterns in which the core activities must be conducted for an approach to be considered MBSA. Finally, a recently published MBSA paper is reviewed to test the effectiveness of our characterization of MBSA

Availability analysis of software architecture decomposition alternatives for local recovery

We present an efficient and easy-to-use methodology to predict—at design time—the availability of systems that support local recovery. Our analysis techniques work at the architectural level, where the software designer simply inputs the software modules’ decomposition annotated with failure and repair rates. From this decomposition, we automatically generate an analytical model (a continuous-time Markov chain), from which an availability measure is then computed, in a completely automated way. A crucial step is the use of intermediate models in the input/output interactive Markov chain formalism, which makes our techniques efficient, mathematically rigorous, and easy to adapt. In particular, we use aggressive minimization techniques to keep the size of the generated state spaces small. We have applied our methodology on a realistic case study, namely the MPlayer open-source software. We have investigated four different decomposition alternatives and compared our analytical results with the measured availability on a running MPlayer. We found that our predicted results closely match the measured ones

On What Kind of Applications Can Clustering Be Used for Inferring MVC Architectural Layers?

Mobile applications are one of the most used pieces of software nowadays, as they continue to expand, the architecture of those software systems becomes more important. In the fast-paced domain of the mobile world, the applications need to be developed rapidly and they need to work on a wide range of devices. Moreover, those applications need to be maintained for long periods and they need to be flexible enough to work and interact with new hardware. Model View Controller (MVC) is one of the most widely used architectural patterns for building those kinds of applications. In this paper, we are analysing how an ML technique, in fact clustering, can be used for detecting autonomously the conformance of various mobile codebases to the MVC pattern. With our method CARL, we pave the way for creating a tool that automatically validates a mobile codebase from an architectural point of view. We have analyzed CARL’s performance on 8 iOS codebases distributed into 3 different classes based on their size (small, medium, large) and it has an accuracy of 81%, an average Mean Silhouette coefficient of 0.81, and an average Precision computed for each layer of 83%

Verification of Open Interactive Markov Chains

Interactive Markov chains (IMC) are compositional behavioral models extending both labeled transition systems and continuous-time Markov chains. IMC pair modeling convenience - owed to compositionality properties - with effective verification algorithms and tools - owed to Markov properties. Thus far however, IMC verification did not consider compositionality properties, but considered closed systems. This paper discusses the evaluation of IMC in an open and thus compositional interpretation. For this we embed the IMC into a game that is played with the environment. We devise algorithms that enable us to derive bounds on reachability probabilities that are assured to hold in any composition context