C O R P O R A T E T E C H N O L O G Y Approaches to Improve System Dependability – From Formal Verification to Model-Based Testing Andreas Ulrich, Peter Amthor, Marlon Vieira Siemens AG, Corporate Technology, CT SE/SCR [email protected]C O R P O R A T E T E C H N O L O G Y 2 Approaches to Improve System Dependability 7. Bieleschweig Workshop, 4./5. Mai 2006 >300 >2000 >200 Research & Development Intellectual Property & Functions others >1900 >500 (Distribution of employees by functions) Munich Erlangen Berlin St. Petersburg Moscow Romsey (RMR) Princeton Bangalore Shanghai Beijing Tokyo Berkeley Siemens Corporate Technology Present in all leading markets and technology hot spots
11
Embed
Approaches to Improve System Dependability – From Formal …ifev.rz.tu-bs.de/Bieleschweig/B7/Bieleschweig7/Siemens... · 2006-05-12 · C O R P O R A T E T E C H N O L O G Y Approaches
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
C O
R P
O R
A T
E
T E
C H
N O
L O
G Y
Approaches to Improve System Dependability – From Formal Verification to Model-Based Testing
Andreas Ulrich, Peter Amthor, Marlon VieiraSiemens AG, Corporate Technology, CT SE/[email protected]
C O
R P
OR
A T
E
T E
C H
N O
L O
G Y
2Approaches to Improve System Dependability 7. Bieleschweig Workshop, 4./5. Mai 2006
>300
>2000
>200
Research &Development
IntellectualProperty & Functions
others
>1900 >500
(Distribution of employees by functions)
Munich ErlangenBerlin
St. Petersburg MoscowRomsey (RMR)Princeton
Bangalore
Shanghai
Beijing
Tokyo
Berkeley
Siemens Corporate TechnologyPresent in all leading markets and technology hot spots
C O
R P
O R
A T
E
T E
C H
N O
L O
G Y
DiscreteOptimization
SE 6
DiscreteOptimization
SE 6
SystemsEngineering
SE 5
SystemsEngineering
SE 5
ProjectManagement
SE 4
ProjectManagement
SE 4 Software Initiative
Software Initiative
Software Processes
SE 3
Software Processes
SE 3
ArchitectureSE 2
ArchitectureSE 2
Information Broker
Information Broker
Software &Engineering
DevelopmentTechniques
SE 1
DevelopmentTechniques
SE 1
System and Software Processes
Software Architecture for Distributed,
Mobile und Embedded Systems
Siemens Software InitiativeProject Management and Innovation
Information Brokers and Technical Liaison Managers
Quality and Efficiency inSoftware Development
Optimization of Planning, Decision, and Production Processes
Analysis and Engineering of Complex Systems
Corporate Technology, Software & EngineeringC
O R
P O
R A
T E
T
E C
H N
O L
O G
Y
4Approaches to Improve System Dependability 7. Bieleschweig Workshop, 4./5. Mai 2006
Our focus
Dependability CompetenceTeam at Siemens CT SE
Focus of Work in Dependability Engineering
Dependability
Attributes
Means
Threats
Availability
Reliability
Safety
Confidentiality
Integrity
Maintainability
Fault prevention
Fault tolerance
Fault removal
Fault forecasting
Faults
Errors
Failures
[source: J.-C. Laprie et al., 2000]
C O
R P
OR
A T
E
T E
C H
N O
L O
G Y
5Approaches to Improve System Dependability 7. Bieleschweig Workshop, 4./5. Mai 2006
Fault Prevention by Model Driven Designand Formal Verification
Application Domain
Requirements
FormalVerification
Formal Model(refined)
formalize
Propertiesto be checked
Results
Informal
Design Model
Correct Model
refine
C O
R P
OR
A T
E
T E
C H
N O
L O
G Y
6Approaches to Improve System Dependability 7. Bieleschweig Workshop, 4./5. Mai 2006
Formal Verification
Formal model
Typically extracted manually from an informal model and requirements
But possible reuse of models from model-driven design
• Matlab/Simulink
• Lustre, Esterel (Scade)
• Statecharts, UML models (Rhapsody etc.)
Requires transformation to the input language of a model-checker
Set of properties
What properties to be checked?
• Structural properties, reachability
• Derived from requirements
Requires in-depth system knowledge and knowledge in formal languages(e.g. LTL) hard!
C O
R P
OR
A T
E
T E
C H
N O
L O
G Y
7Approaches to Improve System Dependability 7. Bieleschweig Workshop, 4./5. Mai 2006
Example: Verification of the PROFIsafe Protocol
Profibus DP
Standard-Host/PLC
Repeater
Standard-I/O
Master-SlaveAssignment
Engineering Tool
PG/ES withsecure accesse.g. Firewall
TCP/IP
F = Failsafe
F-Gate-way
otherSafety-
BusF-Sensor F-Field-
Device
DP/PA
F-Actuator
Peer Slave F Communication
F-Actuator
Coexistence of standard and failsafe communication
F-Host/FPLC
Standard-I/O
F-I/O
Emergencypush buttons
C O
R P
OR
A T
E
T E
C H
N O
L O
G Y
8Approaches to Improve System Dependability 7. Bieleschweig Workshop, 4./5. Mai 2006
PROFIsafe Protocol Architecture
F-HostF-Host F-InputSlave
F-InputSlave
Host Application
Process
Host Application
Process
Slave Application
Process
Slave Application
Process
Grey Channel
FailsafeCommunication
C O
R P
OR
A T
E
T E
C H
N O
L O
G Y
9Approaches to Improve System Dependability 7. Bieleschweig Workshop, 4./5. Mai 2006
PROFIsafe Modeling Approach
3 await slave ack
4 slave ack check
2 message prepare
5 message prepare
6 await slave ack
ifhost CRCor slave timeoutor slave CRC/cons.Nr.or not operator ack.thenstore faults,x=x+1, use FV
if ack. received with cons.Nr.=0 and not hosttimeoutthenrestart host- timer
7 slave ack check
if ack. received with old cons.Nr. and not host timeout
if messagepreparedthen send
10 slave ack check
9 await slave ack
8 message prepare
if host timeoutthenstore fault,x=x+1, use FV,restart host- timer
if not faults and operator ack.then reset stored faults,old cons.Nr. = x, x=x+1, if slave FV activated or ipar then use FV else use PV
if host CRC or host cons.Nr. or slave timeout or slave CRC/cons.Nr.then store faults, x=x+1, use FV