Formal Availability Analysis using Theorem Provingohasan.seecs.nust.edu.pk/talks/ICFEM_2016.pdf ·...

Formal Availability Analysis using Theorem Proving

Waqar Ahmed and Osman Hasan

System Analysis and Verification (SAVe Lab)National University of Sciences and Technology (NUST)

Islamabad, Pakistan

ICFEM 2016Tokyo, Japan

November 17, 2016

Outline

1 Introduction

2 Proposed Methodology

3 Formalization Details

4 Case Study: DFH-3 Satellite’s Solar Arrays

5 Conclusions

W. Ahmed and O. Hasan Formal Availability Analysis in HOL November 17, 2016 2 / 41

Your service is NOT Available!

Amazon.com suffered 30 minute downtime in 2013 resulting in a Lossof $66,240 per Minute

Recently a 20 minutes downtime

The impact of unavailability could be greater in safety-criticalengineering systems












Availability

The ability of a system to deliver services when required

Instantaneous Availability - Probability that the system is functioningat a given time instant tSteady-state Availability - Long-term availability as limt→∞

Availability Analysis

Identify and assess the causes and frequencies of system failuresGoal: To reduce the unavailability probability of the given system underthe given constraints

Component ReplacementRedundancy


Availability

The ability of a system to deliver services when required

Instantaneous Availability - Probability that the system is functioningat a given time instant tSteady-state Availability - Long-term availability as limt→∞

Availability Analysis

Identify and assess the causes and frequencies of system failuresGoal: To reduce the unavailability probability of the given system underthe given constraints

Component ReplacementRedundancy


System Availability Analysis

Selection of Availability Modeling Technique

Selection of Availability Analysis Technique

Availability Block Diagram (ABD) Unavailability Fault Tree (UFT) Markov Chains

Analytical Simulation Formal Methods

Component Level

System Level

Conceptual Behavioural Model of the System

Availability Calculation

Start







Component Level

System Level



Start







Component Level

System Level



Start


Availability of a Component

Modeled using a sequence of two random variables, i.e., Xi = Ti +Di

Ti : Working Time in the i th periodDi : RepairTime in the i th period

Availability = A0(t) = P(t < T0)

Availability = A1(t) = P(X0 ≤ t < X0 + T1)

Availability = Ak+1(t) = P(Sk ≤ t < Sk + Tk+1)

Overall Availability = A(t) =P(⋃k−1

i=0 (Si ≤ t < Si + Ti+1))





T0 D0 T1

X0

First Available PeriodX0 + T1

Sk <= t < Sk + Tk

kth Available Period

t

Working period

Repair period





i=0 (Si ≤ t < Si + Ti+1))





T0 D0 T1

X0


Sk <= t < Sk + Tk


t

Working period

Repair period





i=0 (Si ≤ t < Si + Ti+1))






T0 D0 T1

X0


Sk <= t < Sk + Tk


t

Working period

Repair period




i=0 (Si ≤ t < Si + Ti+1))







T0 D0 T1

X0


Sk <= t < Sk + Tk

k

k

ik XS0


t

Working period

Repair period



i=0 (Si ≤ t < Si + Ti+1))







T0 D0 T1

X0


Sk <= t < Sk + Tk

k

k

ik XS0


t

Working period

Repair period



i=0 (Si ≤ t < Si + Ti+1))








T0 D0 T1

X0


Sk <= t < Sk + Tk

k

k

ik XS0


t

Working period

Repair period


i=0 (Si ≤ t < Si + Ti+1))


Availability Modeling TechniquesAvailability Block Diagrams

Model the availability relationship of system components as adiagram of sub-blocks and connectors (ABD)

1 N

M

I O

System is unavailable if all the paths for successful execution fail

Add more parallelism to meet the availability goals


Availability Modeling TechniquesAvailability Block Diagrams

Model the availability relationship of system components as adiagram of sub-blocks and connectors (ABD)

1 N

M

I O

System is unavailable if all the paths for successful execution fail

Add more parallelism to meet the availability goals


Types of Availability Block Diagrams

ABDs Mathematical Expressions

1 N OI O limt→∞

Pr(N⋂i=1

Ainsti (t)) =N∏i=1

(µi

µi + λi)

1

M

I O limt→∞

Pr(N⋃i=1

Ainsti (t)) = 1−N∏i=1

(1− µiµi + λi

)

1 N

M

OI limt→∞

Pr(M⋃i=1

N⋂j=1

Aij(t)) = 1−M∏i=1

(1−N∏j=1

µijµij + λij

)

1 N

M

I O limt→∞

Pr(N⋂i=1

M⋃j=1

Ainstij (t)) =N∏i=1

(1−M∏j=1

(1−µij

µij + λij))


Availability Block DiagramsExample: Power Supply System

Main

User

Transformer

Generator

UPS

Waqar requires continuous supply of power for his Lab PC

The UPS can support the load during a switch from the main supply tothe generator

Wants to determine the availability of power supply system



Main

User

Transformer

Generator

UPS

Power Supply ABD

Transformer(T)

Main(M)

Generator(G)

UPS(U)

Step 1

Construct an ABD Model

pow sys abd = (M ∩ T) ∪ G ∪ U



Step 2

Determine the instantaneous and steady-state availability of eachcomponent

λ: Failure Rate

µ: Repair Rate

Ainst(t) =µ

µ+ λ+

λ

µ+ λe−(λ+µ)t

Asteady = limt→∞ Ainst(t) =µ

µ+ λ



Step 3

Evaluate the overall availability using the individual componentsavailability and the ABD relationship

A(pow sys abd) = limt→∞ P((M ∩ T) ∪ G ∪ U)(t)

= 1− (1− A(M) ∗ A(T)) ∗ (1− A(G)) ∗ (1− A(U))


Availability Modeling TechniquesUnavailability Fault Trees

A graphical method used to identify potential causes of systemunavailableA unavailability fault tree is constructed having

Events: describing the unavailability of system componentsLogic Gates: representing logical relationship between events

AND, OR, NOR, NAND, NOR etc.

TOP event

First Level Contributor

to TOP Event by Logic

Gates

First Level Events

Second-level

Contributors to TOP by

Logic Gates

Second-level

Contributors

Basic Failure Events


Availability Modeling TechniquesUnavailability Fault Trees

A graphical method used to identify potential causes of systemunavailableA unavailability fault tree is constructed having

Events: describing the unavailability of system componentsLogic Gates: representing logical relationship between events

AND, OR, NOR, NAND, NOR etc.

TOP event

First Level Contributor

to TOP Event by Logic

Gates

First Level Events

Second-level

Contributors to TOP by

Logic Gates

Second-level

Contributors

Basic Failure Events


Types of UFT Gates

UFT Gates Unavailability Expressions

limt→∞

AAND(t)) =N∏i=2

λiλi + µi

limt→∞

ANOR(t) = 1− limt→∞

AOR(t) =N∏i=2

(1− λiλi + µi

)

limt→∞


AOR(t) =N∏i=2

(1− λiλi + µi

)

limt→∞

ANAND(t) = limt→∞

Pr(k⋂

i=2

Ai (t) ∩N⋂j=k

Ai (t))

=k∏

i=2

(1− µiµi + λi

) ∗N∏j=k

λiµi + λi


Types of FT Gates

UFT Gates Unavailability Expressions

limt→∞

AXOR(t) = limt→∞

Pr(A(t)B(t) ∪ A(t)B(t))

= (1− λ1

λ1 + µ1) ∗ λ2

λ2 + µ2+

λ1

λ1 + µ1∗ (1− λ2

λ2 + µ2)

limt→∞

ANOT (t) = Pr(A(t)) = (1− λ

λ+ µ)


Unavailability Fault Trees

Example: Power Supply System

Determine the overall unavailability ?

Main

User

Transformer

Generator

UPS


Unavailability Fault TreesExample: Power Supply System

Step 1

Construct a UFT to represent the top event (unavailability of the wholesystem) in terms of the unavailability of individual components

Main

User

Transformer

Generator

UPS

F(PS)

M T G U

pow sys fail = (M ∪ T ) ∩ G ∩ U



Step 2

Determine the instantaneneous and steady-state unavailability of eachcomponent

Ainst(t) =λ

µ+ λ− λ

µ+ λe−(λ+µ)t

Asteady (t) =λ

µ+ λ



Step 3

Evaluate unavailability using the Probabilistic Inclusion-Exclusion principle

P(n⋃

i=1

Ai ) =∑

J 6={},J⊆{1,2,...,n}

(−1)|J|−1P(⋂j∈J

Aj)

limt→∞

A(pow sys unavail)(t) = A((M ∪ T ) ∩ G ∩ U)

= A(M ∩ G ∩ U) + A(T ∩ G ∩ U)

− A(M ∩ T ∩ G ∩ U)


Availability Analysis Techniques

Feature Paper-and-pencil Proof

SimulationTools

Model Checking Higher-order-LogicTheoremProving

Models Paper (Ran-dom Vari-ables)

Computer Pro-gram (PseudoRandom Num-bers)

State TransitionGraph (MarkovChains)

LogicalFunction

Analysis Analytically(probabilitydistributions,Expressionsfor ABD andUFTs, PIEand MI)

NumericalMethods

State Explo-ration

Formal Rea-soning

Expressiveness X (?) X X

Accuracy X (?) X X

Automation X X




SimulationTools





LogicalFunction


NumericalMethods

State Explo-ration

Formal Rea-soning

Expressiveness X (?)

X X

Accuracy X (?)

X X

Automation

X X




SimulationTools





LogicalFunction


NumericalMethods

State Explo-ration

Formal Rea-soning

Expressiveness X (?) X

X

Accuracy X (?)

X X

Automation X

X




SimulationTools





LogicalFunction


NumericalMethods

State Explo-ration

Formal Rea-soning

Expressiveness X (?) X

X

Accuracy X (?) X

X

Automation X X




SimulationTools





LogicalFunction


NumericalMethods

State Explo-ration

Formal Rea-soning

Expressiveness X (?) X X

Accuracy X (?) X X

Automation X X


Outline

1 Introduction




5 Conclusions


Methodology

System Descritption

System Availability Properties

Formal Model

Proof Goal

Theorem ProverFormally Verified

Availability Properties

HOL

Series

Parallel

Parallel-Series

Series-Parallel

Mathematical Expressions

)())(Pr(lim11

ttAN

i ii

i

N

i

instt i

N

i ii

iN

i

instt

tAPi

11

)1(1))((lim

)1(1))((lim1

111

M

i

N

kj ijij

ijN

j

ij

M

it

tAP

))1(1())((lim1 111

N

i

M

j ijij

ijM

j

inst

N

it

tAPij

Availability Block Diagrams

AND

OR

NAND

NOR

Failure ExpressionsUnavailabilityFault Tree Gates

N

i ii

iN

i

instt

tAi

21

))(Pr(lim

N

i ii

iN

i

instt

tAPi

21

)1(1))((lim

k

i

N

kj jj

j

ii

iNAND

ttA

2

*)1()(lim

N

i ii

iNOR

ttA

2

)1()(lim

)()1())((

{}},..,1{

1||

1

ti

i

tnI

tN

i

i APtAP

Probabilistic Inclusion-Exclusion


Methodology

System Descritption


Formal Model

Proof Goal



HOL

Series

Parallel

Parallel-Series

Series-Parallel


)())(Pr(lim11

ttAN

i ii

i

N

i

instt i

N

i ii

iN

i

instt

tAPi

11

)1(1))((lim

)1(1))((lim1

111

M

i

N

kj ijij

ijN

j

ij

M

it

tAP

))1(1())((lim1 111

N

i

M

j ijij

ijM

j

inst

N

it

tAPij


AND

OR

NAND

NOR


N

i ii

iN

i

instt

tAi

21

))(Pr(lim

N

i ii

iN

i

instt

tAPi

21

)1(1))((lim

k

i

N

kj jj

j

ii

iNAND

ttA

2

*)1()(lim

N

i ii

iNOR

ttA

2

)1()(lim

)()1())((

{}},..,1{

1||

1

ti

i

tnI

tN

i

i APtAP



Methodology

System Descritption


Formal Model

Proof Goal



HOL

Series

Parallel

Parallel-Series

Series-Parallel


)())(Pr(lim11

ttAN

i ii

i

N

i

instt i

N

i ii

iN

i

instt

tAPi

11

)1(1))((lim

)1(1))((lim1

111

M

i

N

kj ijij

ijN

j

ij

M

it

tAP

))1(1())((lim1 111

N

i

M

j ijij

ijM

j

inst

N

it

tAPij


AND

OR

NAND

NOR


N

i ii

iN

i

instt

tAi

21

))(Pr(lim

N

i ii

iN

i

instt

tAPi

21

)1(1))((lim

k

i

N

kj jj

j

ii

iNAND

ttA

2

*)1()(lim

N

i ii

iNOR

ttA

2

)1()(lim

)()1())((

{}},..,1{

1||

1

ti

i

tnI

tN

i

i APtAP



Outline

1 Introduction




5 Conclusions


Formalization of Availability

Availability Event at time period k (Sk ≤ t < Sk + Tk) where

Sk =∑k−1

i=1 Xi

` ∀ p L k t. avail event p L k t =

{x | SIGMA (λi. FST (EL a L) x + SND (EL a L) x) (count k) ≤ t∧t < SIGMA (λi. FST (EL a L) x + SND (EL a L) x) (count k) +

FST (EL k L) x} ∩ p space p

Overall Availability in all working intervals

` ∀ p L t. union avail events p L t =

BIGUNION (IMAGE (λn. avail event p L n t) (count (LENGTH L)))

Unavailability Events

`∀ p L t. union unavail events p L t =

p space p DIFF union avail events p L t




Sk =∑k−1

i=1 Xi













Sk =∑k−1

i=1 Xi











Series Availability Block Diagram

Available at time instant t only if all of its components are availableat time t

1 N OI O


` (∀ p. series struct p [] = p space p) ∧(∀ p h t. series struct p (h::t) = h ∩ series struct p t)



Available at time instant t only if all of its components are availableat time t

1 N OI O


` (∀ p. series struct p [] = p space p) ∧(∀ p h t. series struct p (h::t) = h ∩ series struct p t)


Formal Verification of Series ABD

1 N OI O

Series Availability Block Diagram:

limt→∞ Pr(⋂N

i=1 Ainsti (t)) =∏N

i=1(µi

µi + λi)

` ∀ p M L. prob space p ∧(∀z. MEM z M ⇒ 0 < FST z ∧ 0 < SND z) ∧(LENGTH L = LENGTH M) ∧(∀t’. ¬NULL (union avail event list p L (&t’)) ∧(∀z t’. MEM z (union avail event list p L (&t’)) ⇒

z ∈ events p) ∧(∀ t’.mutual indep p (union avail event list p L (&t’))) ∧inst avail exp list p L M ⇒(lim (λt.

prob p (series struct p (union avail event list p L (&t)))) =

list prod (steady state avail list M))


Formal Verification of Series ABD

1 N OI O

Series Availability Block Diagram:

limt→∞ Pr(⋂N

i=1 Ainsti (t)) =∏N

i=1(µi

µi + λi)

` ∀ p M L. prob space p ∧(∀z. MEM z M ⇒ 0 < FST z ∧ 0 < SND z) ∧(LENGTH L = LENGTH M) ∧(∀t’. ¬NULL (union avail event list p L (&t’)) ∧(∀z t’. MEM z (union avail event list p L (&t’)) ⇒

z ∈ events p) ∧(∀ t’.mutual indep p (union avail event list p L (&t’))) ∧inst avail exp list p L M ⇒(lim (λt.

prob p (series struct p (union avail event list p L (&t)))) =

list prod (steady state avail list M))


HOL Formalization of ABDs

ABDs HOL Definitions

1

M

I O

` (parallel struct [] = {}) ∧(∀ h t. parallel struct (h::t) =

h ∪ parallel struct t)

1 N

M

OI` ∀ p L. parallel series struct p L =

(parallel struct p of series struct) L

1 N

M

I O` ∀ p L. series parallel struct p L =

(series struct p of parallel struct) L


Formally Verified Expressions

Mathematical Expressions HOL Verification

Aparallel = limt→∞

Pr(N⋃i=1

Ainsti (t)) =

= 1−N∏i=1

(1− µiµi + λi

)

` ∀p L M.

(lim (λt. prob p (parallel struct p

(union avail event list p L (&t)))) =

1 - list prod

(one minus list (steady state avail list M))

Aparallel−series = limt→∞

Pr(M⋃i=1

N⋂j=1

Aij(t))

= 1−M∏i=1

(1−N∏j=1

µijµij + λij

)

` ∀p L M.

(lim (λt.

prob p (parallel series struct p

(list union avail event list p L (&t)))) =

1 - list prod (one minus list (MAP

(λa. steady state avail a) M)))

Aseries−parallel = limt→∞

Pr(N⋂i=1

M⋃j=1

Ainstij (t))

=N∏i=1

(1−M∏j=1

(1−µij

µij + λij))

` ∀p L M.

(lim (λt.

prob p (series parallel struct p

(list union avail event list p L (&t)))) =

list prod (one minus list (MAP

(λa. compl steady state avail a) M)))


Commonly used Unavailability Fault Tree Gates

Unavail.FT Gates HOL Formalization

` ∀ p L t. OR unavail FT gate p L t =

union list (union unavail event list p L t)

NAND

1

n

k ` ∀p L1 L2 t. NAND unavail FT gate p L1 L2 t =

inter list p (compl list p (union unavail event list p L1 t)) ∩inter list p (union unavail event list p L2 t)

NOR1

n` ∀ p L t. NOR unavail FT gate p L t =

p space p DIFF union list (union unavail event list p L t)

XOR1

2

` ∀ p A B. XOR FT unavail gate p A B =

((p space p DIFF A ∩ B) ∪ (A ∩ p space p DIFF B))

` ∀ p A. NOT unavail FT gate p A = (p space p DIFF A)


Formal Verification of UFT Gates

Unavailability FT Gates Conclusions of Theorems

limt→∞

AOR(t) = limt→∞

Pr(N⋃i=1

Ainsti (t))

= 1−N∏i=2

(1− λiλi + µi

)

lim (λt. prob p

(OR unavail FT gate p L &t) =

1 - list prod (one minus list

(steady state unavail list M)))

limt→∞


AOR(t)

=N∏i=2

(1− λiλi + µi

)

(lim (λt. prob p

(NOR unavail FT gate p L &t)) =

list prod (one minus list

(steady state unavail list M

limt→∞

ANAND(t) =

limt→∞

Pr(k⋂

i=2

Ai (t) ∩N⋂j=k

Ai (t)) =

k∏i=2

(1− µiµi + λi

) ∗N∏j=k

λiµi + λi

(lim (λt. prob p

(NAND unavail FT gate p L1 L2 t) =

list prod (steady state avail M1) *

list prod (steady state unavail list M2




limt→∞

AXOR(t)

= limt→∞

Pr(A(t)B(t) ∪ A(t)B(t)) =

(1− λ1

λ1 + µ1) ∗ λ2

λ2 + µ2+

λ1

λ1 + µ1∗

(1− λ2

λ2 + µ2)

(lim (λt. prob p

(XOR unavail FT gate p A B &t)) =

(1 - (steady state unavail M1))∗(steady state unavail M2) +

(steady state unavail M1)∗(1 - (steady state unavail M2))

limt→∞

ANOT (t) = Pr(A(t))

= (1− λ

λ+ µ)

lim (λt.

prob p (NOT FT gate p A &t) =

FST m / (FST m + SND m)

Formalization took about more than 9000 lines of code and 350 man-hours




limt→∞

AXOR(t)

= limt→∞

Pr(A(t)B(t) ∪ A(t)B(t)) =

(1− λ1

λ1 + µ1) ∗ λ2

λ2 + µ2+

λ1

λ1 + µ1∗

(1− λ2

λ2 + µ2)

(lim (λt. prob p

(XOR unavail FT gate p A B &t)) =

(1 - (steady state unavail M1))∗(steady state unavail M2) +

(steady state unavail M1)∗(1 - (steady state unavail M2))

limt→∞

ANOT (t) = Pr(A(t))

= (1− λ

λ+ µ)

lim (λt.

prob p (NOT FT gate p A &t) =

FST m / (FST m + SND m)

Formalization took about more than 9000 lines of code and 350 man-hours


Outline

1 Introduction




5 Conclusions


Case Study: DFH-3 Satellite’s Solar Arrays

Launched by the China on May 12, 1997

Solar arrays supply continuous source of power

Availability of the solar array is essential for success of the mission

(a) (b)


Availability Block Diagram of the DFH-3 Solar Array

the electric detonator

(ED)

the electric detonator

(ED)

the cutting knife (CK)

the starting spring (SS)

the starting spring (SS)

the hing bearing

(HB)

the hing bearing

(HB)

the hing of locking

mechanism (HL)

the hing of locking

mechanism (HL)

Availability Model of the DFH-3 Solar Array

` ∀p X ED X CK X SS X HB X HL t.

RO ABD p X ED X CK X SS X HB X HL t =

series parallel struct p

(list union avail event list ([[X ED;X ED];[X CK];

[X SS;X SS];[X HB];[X HB];[X HL;X HL]]) t)


Availability Analysis of the DFH-3 Solar Array

ASA = (1− (1− µEDµED + λED

)2 ∗ µCKµCK + λCK

∗ (1− (1− µSSµSS + λSS

)∗

((µHB

µHB + λHB)2) ∗ (1− (1− µHL

µHL + λHL)2)))

Steady State Availability of the DFH-3 Solar Array

` ∀p X ED X CK X SS X HB X HL.

(lim (λt. prob p ( SA ABD p X ED X CK X SS X HB X HL &t)) =

(1 - (1 - steady state avail ED) pow 2) * steady state avail CK *

(1 - (1 - steady state avail SS) pow 2) *

((steady state avail HB) pow 2) *

(1 - (1 - steady state avail HL) pow 2)


Unavailability Fault Tree for the DFH-3 Solar Array


Unavailability of the he DFH-3 Solar Array

Unavailability Fault Tree for the DFH-3 Solar Array

` ∀ p x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 t.

Solar unavail FT p x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14

t =

OR unavail FT gate

[OR unavail FT gate (union avail event list p

[x1; x2; x3; x4] t);

AND unavail FT gate p (union avail event list p [x5; x6] t);

OR unavail FT gate

(union avail event list p

[x7; x8; x9; x10; x11; x12; x13; x14] t)]


Unavailability of the DFH-3 Solar Array

ASA = 1− ((λc5

λc5 + µc5) ∗ (

λx6

λc6 + µc6)∗

(1− (1− λc1

λc1 + µc1) ∗ (1− λc2

λc2 + µc2) ∗ · · · ∗ (1− λc14

λc14 + µc14)))

Steady State Unavailability of the he DFH-3 Solar Array

` ∀ p x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14.

(lim(λt.Solar unavail FT p x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13

x14 &t)) =

1 - (list prod (steady state unavail list [c5;c6]) *

(1 - list prod (one minus list (steady state unavail list

[c1;c2;c3;c4;c6;c7;c8;c9;c10;c11;c12;c13;c14]))))

About 100 lines of code

A set of SML scripts have been developed to automatically evaluatethe availability/unavailability of the system for specific failure andrepair rates


Unavailability of the DFH-3 Solar Array

ASA = 1− ((λc5

λc5 + µc5) ∗ (

λx6

λc6 + µc6)∗

(1− (1− λc1

λc1 + µc1) ∗ (1− λc2

λc2 + µc2) ∗ · · · ∗ (1− λc14

λc14 + µc14)))

Steady State Unavailability of the he DFH-3 Solar Array

` ∀ p x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14.

(lim(λt.Solar unavail FT p x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13

x14 &t)) =

1 - (list prod (steady state unavail list [c5;c6]) *

(1 - list prod (one minus list (steady state unavail list

[c1;c2;c3;c4;c6;c7;c8;c9;c10;c11;c12;c13;c14]))))

About 100 lines of code

A set of SML scripts have been developed to automatically evaluatethe availability/unavailability of the system for specific failure andrepair rates


Outline

1 Introduction




5 Conclusions


Conclusions

Accuracy of availability analysis is very important while working withsafety-critical systems

The proposed method provides a considerably Sound and Completeavailability analysis results compared to the existing alternatives

Future Work

Formalize dynamic ABDs and UFT gatesEnhance the automation in the reasoning process by buildingspecialized tacticsDevelop a GUI based formal availability analysis tool that acceptsABDs and UFTs as input and uses formally verified theorems tocompute the overall availability of the system


Conclusions

Accuracy of availability analysis is very important while working withsafety-critical systems

The proposed method provides a considerably Sound and Completeavailability analysis results compared to the existing alternatives

Future Work

Formalize dynamic ABDs and UFT gatesEnhance the automation in the reasoning process by buildingspecialized tacticsDevelop a GUI based formal availability analysis tool that acceptsABDs and UFTs as input and uses formally verified theorems tocompute the overall availability of the system


Thanks!

More information: save.nust.seecs.edu.pk


Date post:	17-Aug-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Formal Availability Analysis using Theorem Provingohasan.seecs.nust.edu.pk/talks/ICFEM_2016.pdf ·...

Documents