ESA PetriNet: Petri net Based Tool for Reliability Analysis

International audienceThis paper describes the critical (feared) scenarios derivation tool ESA PetriNet (Extraction Scenarios Algorithm from Petri Net) available from : http://www.laas.fr/ESA. ESA PetriNet allows to derive scenarios leading to critical (feared) situation in embedded systems. The system model is given by a Petri net. To derive critical scenarios and to avoid the state space explosion, the solution is to use directly the Petri net model. Linear logic (which does not appears in this paper)offers a theoretical framework to interpret the Petri net model and to extract the scenarios. ESA PetriNet provides all minimal scenarios which contain strictly necessary and sufficient events to reach a specified state. ESA PetriNet can be used with classical Petri net modelling or in its objects oriented version

Aide à la conception des systèmes embarqués sûrs de fonctionnement

Embedded systems run the computing devices hidden inside another larger system or product. Embedded systems have the charge of controlling various types of sub-systems; they are also in charge of the monitoring of the whole system and coordination with other systems. This means that when some event affecting the safety of the system occurs, a reconfiguration action is executed in order to maintain the system in a safe degraded state. If the reconfiguration fails then the system will reach a feared (dangerous) state with dramatic consequences for users. So it is important to understand how the system reaches such feared states to set up the reconfiguration actions. In our approach for safety analysis of dynamic systems, feared scenarios are derived from Petri net model. Based on linear logic as new representation (using the causality relations) of the Petri net model, a qualitative analysis allows to determine a partial order of transition firings and thus, to extract feared scenarios. The analysis is focalized on the parts of the model that are interesting for the reliability analysis, avoiding exploration of the global system and the problem of the state space explosion. The final objective is to determine all minimal scenarios. Indeed, one scenario can lead to a feared state and contain events which are not strictly necessary to reach the final feared state. By analogy with the concept of minimal cutsets for the fault trees, we define the concept of minimal scenario in Petri net model. To take into account the hybrid nature of systems, we developed a hybrid simulator which combines the deriving feared scenarios algorithm and differential equations solver. The algorithm is in the charge of the discrete part modelled by Petri net and the solver of the continuous part modelled by a set of differential equations. In order to have a system approach for dependability analysis, we propose an approach which allows taking into account the safety requirements in the require ment engineering process. It makes possible the establishment of the traceability in order to make sure of taking into account of the safety requirements throughout the life cycle of the system. The approach is based on EIA-632 engineering system standard.L'avancée technologique que les systèmes embarqués ont connue lors de ces dernières années les rend de plus en plus complexes. Ils sont non seulement responsables de la commande des différents composants mais aussi de leur surveillance. A l'occurrence d'événement pouvant mettre en danger la vie des utilisateurs, une certaine configuration du système est exécutée afin de maintenir le système dans un état dégradé mais sûr. Il est possible que la configuration échoue conduisant le système dans un état appelé " état redouté " avec des conséquences dramatiques pour le système et l'utilisateur. La description des scénarios qui mènent le système vers l'état redouté à partir d'un état de fonctionnement 'normal' permet de comprendre les raisons de la dérive afin de prévoir les configurations nécessaires qui permettent de les éviter Dans notre approche d'analyse de sûreté de fonctionnement des systèmes dynamiques, les scénarios sont générés à partir d'un modèle réseau de Petri. En s'appuyant sur la logique linéaire comme nouvelle représentation (basée sur les causalités) du modèle réseau de Petri, une analyse qualitative permet de déterminer un ordre partiel de franchissement des transitions et ainsi extraire les scénarios redoutés. La démarche est focalisée sur les parties du modèle intéressantes pour l'analyse de fiabilité évitant ainsi l'exploration de toutes les parties du système et le problème de l'explosion combinatoire. L'objectif final consiste en la détermination de scénarios minimaux. En effet, un scénario peut bien mener vers l'état redouté sans qu'il soit minimal. Il contient des événements qui ne sont pas strictement nécessaires à l'obtention finale de l'état critique redouté. De même que la notion de coupe minimale a été définie dans le cadre des arbres de défaillance, nous proposons une définition de ce qu'est un scénario minimal dans le cas des réseaux de Petri. Pour prendre en compte La nature hybride des systèmes, nous avons développé un simulateur hybride basé sur le couplage de l'algorithme de génération de scénarios redoutés avec un solveur d'équations différentielles. L'algorithme se charge de la partie discrète modélisée par le réseau de Petri et le solveur d'équations de la partie continue modélisée par un ensemble d'équations différentielles. Afin d'avoir une approche système pour l'analyse de la sûreté de fonctionnement, nous proposons une approche qui permet de prendre en compte les exigences de sûreté dans le processus d'ingénierie des exigences qui permet d'établir un modèle de traçabilité afin de s'assurer de la prise en compte de ces exigences tout au long du cycle de vie du système. L'approche est basée sur une norme de l'ingénierie système, en l'occurrence l'EIA-632

Reliability analysis of discrete event dynamic systems with Petri nets

International audienceThe purpose of this paper is to illustrate a method for addressing dynamic reliability of embedded systems using the Petri net model. The approach is based on the search of feared scenarios (which might lead the system to a critical situation) by proving some linear logic sequents that correspond to the ¯ring of a list of transitions of a Petri net. To avoid state space explosion, Petri net reachability is translated into provability of linear logic sequents. The method produces a number of scenarios, which may be redundant. To give relevant information to designers the scenarios must be minimal which means that only necessary events are included in a scenario. The concept of minimality of a scenario is de¯ned and introduced on the ESA-PetriNet tool that we have developed to implement the algorithm for the search of feared scenarios

BASE DE CONNAISSANCES SYSML POUR LA CONCEPTION DE SYSTEMES COMPLEXES SURS DE FONCTIONNEMENT

National audienceThe work presented in this paper is part of a proposed framework as complete and rigorous as possible for the design of complex systems. The methodological framework used is System Engineering, which is a methodological approach to control the design of complex systems. The practices of this approach are transcribed in standards, realized by methods and supported by tools. In our case, the standard EIA-632 was adopted. Specifically, to deal with the dependability of these complex systems and to improve the processes dealing with dependability, we have defined a global approach. This approach incorporates the consideration of dependability in system engineering processes. The work presented in this paper supports and complements the overall approach: it is the proposal of an information model based on the SysML language, allowing the requirements management, including safety requirement

ESA Petri net: Dynamic reliability analysis Tool

International audienceThis paper presents a new version of critical (feared) scenarios derivation tool ESA PetriNet (extraction scenarios algorithm from Petri net) available from: http://www.laas.fr/ESA. ESA PetriNet allows to derive scenarios leading to critical (feared) situation. In the past version of the tool hybrid aspect (both discrete and continuous dynamic) of system is tacked into account by temporal abstraction. In the version presented in this paper, the system model is given by a hybrid Petri net (differential predicate-transition Petri net) and the hybrid model is directly considered (without temporal abstraction). The algorithm implemented deals with both continuous and discrete dynamics. Furthermore, generated scenarios are minimal (only necessary events). Only necessary information is provided to designer

Information model for model driven safety requirements management of complex systems

International audienceThe aim of this paper is to propose a rigorous and complete design framework for complex system based on system engineering (SE) principles. The SE standard EIA-632 is used to guide the approach. Within this framework, two aspects are presented. The first one concerns the integration of safety requirements and management in system engineering process. The objective is to help designers and engineers in managing safety of complex systems. The second aspect concerns model driven design through the definition of an information model. This model is based on SysML (System Modeling Language) to address requirements definition and their traceability towards the solution and the Verification and Validation (V&V) elements

ESA PetriNet version Hybride : Outil d'Analyse de Fiabilité des Systèmes Hybrides

Ce papier pr'esente une nouvelle version d'ESA PetriNet (http ://www.laas.fr/ESA), un outil de g'en'eration de scénarii redout'es. L'outil permet toujours de dériver les scénarii qui conduisent le système dans un état redouté ou critique, en considérant, cette fois, directement le modèle hybride du système (Réseaux de Petri Prédicat-Transitions Différentiels (RdP PTD)). Ainsi, l'abstraction temporelle faite pour les versions précédentes d'ESA PetriNet n'est plus nécessaire, puisque l'algorithme implémenté traite directement le modèle hybride (association des réseaux de Petri avec des équations différentielles). De plus, l'outil délivre les scénarii minimaux, c'est-à-dire qu'il fournit l'information strictement nécessaire pour le concepteur.

BASE DE CONNAISSANCES SYSML POUR LA CONCEPTION DE SYSTEMES COMPLEXES SURS DE FONCTIONNEMENT

National audienceThe work presented in this paper is part of a proposed framework as complete and rigorous as possible for the design of complex systems. The methodological framework used is System Engineering, which is a methodological approach to control the design of complex systems. The practices of this approach are transcribed in standards, realized by methods and supported by tools. In our case, the standard EIA-632 was adopted. Specifically, to deal with the dependability of these complex systems and to improve the processes dealing with dependability, we have defined a global approach. This approach incorporates the consideration of dependability in system engineering processes. The work presented in this paper supports and complements the overall approach: it is the proposal of an information model based on the SysML language, allowing the requirements management, including safety requirement

Safety Evaluation of complex system Integration in system engineering process

International audienceThis paper presents an approach for safety management of complex system. System engineering (SE), which is an interdisciplinary field for engineering, constitutes the framework of the approach. The approach aims to help and to support designers in the different phases of system conception to achieve the safety management task. To guide the approach the SE standard EIA-632 is used