Systems Modeling and Analysis Using Colored Petri Nets Vijay Gehlot Center of Excellence in Enterprise Technology Department of Computing Sciences
Dec 19, 2015
Systems Modeling and Analysis Using Colored Petri Nets
Vijay GehlotCenter of Excellence in Enterprise Technology
Department of Computing Sciences
CEET Conference 2007 2Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 2
OutlineOutline
•Introduction
•CPN Overview
•CPN Model of WMDNs
•SOA in Defense
•Presence/Discovery Model
CEET Conference 2007 3Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 3
Ariane 5 FailureAriane 5 Failure
•Ariane 5, ESA
•Maiden Flight, 6/4/1996
•37 sec later self-destructs
•Root cause: uncaught overflow exception
CEET Conference 2007 4Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 4
Mars Climate Orbiter FailureMars Climate Orbiter Failure
• Mars Climate Orbiter, NASA
• Launched, 12/11/1998
• Lost, 9/23/1999
• Root cause: failed translation of English units into metric units in a segment of ground-based, navigation-related mission software
CEET Conference 2007 5Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 5
London Ambulance Service FailureLondon Ambulance Service Failure
• Computer Aided Dispatch
• Introduced 10/26/1992
• Within days major system failure
Vehicle positions incorrectly recorded
Multiple vehicles dispatched to same location
Severe delays
Lives lost
CEET Conference 2007 6Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 6
Airbus A320 FailureAirbus A320 Failure
CEET Conference 2007 7Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 7
Why Does This Matter?Why Does This Matter?
• Computer systems perform many critical tasks
• Safety-critical systems will dominate
• Already complex nature of software
• SOAs and Net-centricity add dimensions of concurrent and distributed computations
• Systems for defense applications have very high dependability requirements
• Complex interactions that are hard to predict
• Consequences of failure Injury, loss of life, environmental damage, financial loss, … E.g, system downtime cost to brokerage operations: $7 Million/Hour Cost of software defects: $200 Billion/Year
CEET Conference 2007 8Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 8
Current StateCurrent State
From a recent report The Challenges of Complex IT Projects (Royal Academy of Engineering and British Computer Society):
“The pace of technological change and the ferociously competitive nature of the industry . . . . . . lead to the triumph of speed over thoughtfulness, of the maverick shortcut over discipline, and the focus on the short term.”
CEET Conference 2007 9Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 9
HopeHope
Robin Milner, a prominent computer scientist, in a lecture of January 2007:
“The software industry [and the report] focuses on managing software production [process], not on understanding software itself [science of software]. …Grand Challenge: Establish modeling as the basis of informatics.”
CEET Conference 2007 10Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 10
DesireDesire
Keynote Address by Mark Schaeffer, Director, Systems & Software Engineering, Office of Under Secretary of Defense, Acquisition & Technology, IEEE Systems Conference, Honolulu, Hawaii, April 2007:
“...System assurance is still a challenge … Use modeling and simulation to help refine warfighter concept of operations, system requirements, evaluate design alternative and identify constraints...”
CEET Conference 2007 11Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 11
An Example-Wireless Medical Device NetworksAn Example-Wireless Medical Device Networks
• Similar situations in defense and other settings too
• Modeled patient scenario with
Heart alarms
Pulse oxymeters alarms
Low battery alarms
• Used Colored Petri Nets
CEET Conference 2007 12Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 12
Colored Petri NetsColored Petri Nets
• Graphical modelling language
• Combination of Petri Nets and Programming Language
• Module support for hierarchical construction
• Support for both timed and untimed models
Petri Nets: concurrency control structures synchronisation communication resource sharingCPN ML:
data and manipulationcompact modelling
CEET Conference 2007 13Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 13
AnalysisAnalysis
•CPN Tools software for model construction and analysis
• Interactive- and automatic simulation
•Application domain visualization
•Simulation-based performance analysis
•State space construction, analysis, and verification
•External process communication
CEET Conference 2007 14Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 14
CPN Model of WMDNCPN Model of WMDN
Alarms
Alarms
Nurses
Nurses
Network
Network
ResetQS
1`[]
ALIST
AlarmQR
1`[]
ALIST
ResetQR
1`[]
ALIST
AlarmQS
1`[]
ALIST
Network NursesAlarms
DataGen
DataGen
Patient10
Patient10
Patient9
Patient9
Patient8
Patient8
Patient7
Patient7
Patient6
Patient6
Patient5
Patient5
Patient4
Patient4
Patient3
Patient3
Patient2
Patient2
Patient1
Patient1
AlarmQSOut
1`[]
ALIST
ResetQRIn
1`[]
ALISTIn
Out
Patient1Patient2Patient3Patient4Patient5Patient6Patient7Patient8Patient9Patient10DataGen
e @+ delD()e
numD`D(1)
a
a @+ delA(a)
q
a1::q
(a, t)
(a, getCurrTime())
a
SendWaveData
ConnectToAP
ConnectToAP
ResetAlarm
[a=a1]
GenAlarm
WaveDataFusion 2
E_T
AlarmAndData
ALARM_T
StatusNOk
ALARMxTIME
StatusOKFusion 1
ALARM_T
ResetQR
InALIST
AlarmQSOut ALISTOut
In
Fusion 1
Fusion 2
ConnectToAP
CEET Conference 2007 15Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 15
Results and ImplicationsResults and Implications
Heart Alarm Max Delay
0
5000
10000
15000
20000
25000
30000
35000
1 2 3 4 5 6 7 8
Number of Patients Monitored
Sim
ulat
ion
Tim
e U
nits
Non QoS Max Delay
QoS Max Delay
• Need for QoS requirement for medical applications
• Similar situation in other application domains
CEET Conference 2007 16Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 16
Net-Centricity in DoD ContextNet-Centricity in DoD Context
Service A
Service B
Service C
Node A
GIG Transport
Service Z
Service XUser 1
User 2
User 3Node
Infrastructure
User 1
User 2
User 3
Node B
Node C
Service D
Service D
Node Infrastructure
User 4
UA UA
SMTA
IMTA IMTA
ROOTDSA
GlobalDSA
RegionalDSA
MFI BMTA
MLA
BMTA
MLA
Node Infrastructure
User 1
User 2 User 3
ServiceDiscovery
Mediation Services
ESMServices
DataDiscovery
Security Services
Etc.
Core Enterprise Services
Service A
Service B
Service C
Node A
GIG Transport
Service Z
Service XUser 1
User 2
User 3Node
Infrastructure
User 1
User 2
User 3
Node B
Node C
Service D
Service D
Node Infrastructure
User 4
UA UA
SMTA
IMTA IMTA
ROOTDSA
GlobalDSA
RegionalDSA
MFI BMTA
MLA
BMTA
MLA
UA UA
SMTA
IMTA IMTA
ROOTDSA
GlobalDSA
RegionalDSA
MFI BMTA
MLA
BMTA
MLA
UA UA
SMTA
IMTA IMTA
ROOTDSA
GlobalDSA
RegionalDSA
MFI BMTA
MLA
BMTA
MLA
Node Infrastructure
User 1
User 2 User 3
ServiceDiscovery
Mediation Services
ESMServices
DataDiscovery
Security Services
Etc.
Core Enterprise Services
CEET Conference 2007 17Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 17
SOA for DoD ApplicationsSOA for DoD Applications
• Application characteristics include:Presence/Availability awareness Dynamic service discoveryInteroperable multiple connection typesLoad balancing…
• One implementation: SIP-based internal communications and information management
• Adds brokering, presence management and discovery capabilities to basic SOA
CEET Conference 2007 18Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 18
Example ESB Software InternalsExample ESB Software Internals
CEET Conference 2007 19Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 19
CPN Model of a Key Presence/Discovery ComponentCPN Model of a Key Presence/Discovery Component
~Non-INVITE Client Transaction (RFC 3261, Page 133)~
if isFinalResp(code4)then 1`SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)else empty
empty
t
SIPReq(cid1,fr1,to1,m1,b1,s1,exp1)
SIPReq(cid,fr,to,m,b,s,exp)
SIPResp(cid3,fr3,to3,code3,b3,s3,exp3)
cid2 @+ getTimerK() if isFinalResp(code5)then 1`SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)else empty
SIPResp(cid5,fr5,to5,code5,b5,s5,exp5)
emptySIPReq(cid1,fr1,to1,m1,b1,s1,exp1)
(t,d1) @+ d1
(t,d)SIPReq(cid1,fr1,to1,m1,b1,s1,exp1)SIPReq(cid3,fr3,to3,m3,b3,s3,exp3)t
SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)
SIPResp(cid5,fr5,to5,code5,b5,s5,exp5)
if isProvisionalResp(code5)then 1`SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)else empty
empty
if isFinalResp(code4)then 1`cid2else empty@+ getTimerK()
if isProvisionalResp(code4)then 1`SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)else empty
SIPResp(cid4,fr4,to4,code4,b4,s4,exp4) SIPResp(cid4,fr4,to4,code4,b4,s4,exp4)
SIPReq(cid1,fr1,to1,m1,b1,s1,exp1)
t
SIPReq(cid3,fr3,to3,m3,b3, s3,exp3)
(t,d1) @+ d1(t,d)
SIPReq(cid1,fr1,to1,m1,b1,s1,exp1)
SIPReq(cid2,fr2,to2,m2,b2,s2,exp2)
(cid, getTimerT1()) @+ getTimerT1()
cid @+ getTimerF()
SIPReq(cid,fr,to,m,b,s,exp)
SIPReq(cid,fr,to,m,b,s,exp)SIPReq(cid,fr,to,m,b,s,exp)
ClearRetransmittedResp
[cid=cid3]
FireK
[t=cid1]
FireF2 [t=cid3]FireE2
[t=cid1]input (d);output (d1);actiongetNewEVal(d);
RecResp2
[cid2=cid5]
FireE1
[t=cid1]input (d);output (d1);actiongetNewEVal(d);
RecResp1
[cid2=cid4]FireF1
[t=cid3]
SendReq
[m<>INV,m<>ACK]
Completed1
Fusion 19
SIPMsg_T
Terminated3Fusion 16
SIPMsg_T
TimerK2Fusion 18
TimerType_T
Completed2Fusion 19
SIPMsg_T
Terminated2
Fusion 16SIPMsg_T
Terminated1
Fusion 16SIPMsg_T
TimerF2
Fusion 17
TimerType_T
TimerE2
Fusion 15
TimerxDel_T
Proceeding
SIPMsg_T
TimerK1
Fusion 18
TimerType_T
TimerE1
Fusion 15
TimerxDel_T
TimerF1
Fusion 17
TimerType_T
Trying
SIPMsg_T
FromTU
In SIPMsg_T
ToTransport
Out SIPMsg_T
FromTransport
In
SIPMsg_T
ToTU
OutSIPMsg_T
Out In
OutIn
Fusion 17 Fusion 15
Fusion 18 Fusion 15Fusion 17
Fusion 16
Fusion 16
Fusion 19Fusion 18
Fusion 16
Fusion 19
CEET Conference 2007 20Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 20
ResultsResults
Runtime Lab Output – Use case 1 Model Output – Use case1
CEET Conference 2007 21Net-Centric Validation Conference 2007Net-Centric Validation Conference 2007 21
Related Modeling EffortsRelated Modeling Efforts
•SOA Security
•SOA Compression
•SOA Governance
•SOA Granularity
•XMPP
•CPN as well as OPNET