Breaking the Limits of Redundancy Systems Analysis

Dubslaff, Clemens; Ding, Kai; Morozov, Andrey; Baier, Christel; Janschek, Klaus

doi:10.3850/978-981-11-2724-3_0618-cd

Cited by 8 publications

(5 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For quantitative properties, we generated effect sets from configurable system analysis results as illustrated in Section 3.1 for three classes of systems. First, we considered configurable systems modeled for the variability-aware probabilistic model checker Pro-Feat [19], comprising a body sensor network (BSN) model [73] and a velocity control loop (VCL) model of an aircraft [32,35]. In both systems, the reliability (R) of the system is analyzed in terms of the probability of failure of sensors and control components, respectively.…”

Section: Subject Systemsmentioning

confidence: 99%

“…While it is known how to determine protection configurations with optimal reliability-cost tradeoff [32], reasons for why a protection configuration is optimal or why a component was selected for protection are typically unclear. We address this issue exploiting our causal analysis methods.…”

Section: Causality-guided Configuration (Rq 3 )mentioning

confidence: 99%

“…A common principle to increase the reliability of a system is by triple modular redundancy (TMR) where system components are triplicated and their output are combined via a majority vote. Dubslaff et al [32] suggested to model and analyze systems with such protection mechanisms using family-based methods from configurable systems' analysis. To each component they assign a protection feature that specifies whether a component is triplicated or not.…”

Section: Causality-guided Configuration (Rq 3 )mentioning

confidence: 99%

See 2 more Smart Citations

Causality in Configurable Software Systems

Dubslaff,

Weis,

Baier

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Detecting and understanding reasons for defects and inadvertent behavior in software is challenging due to their increasing complexity. In configurable software systems, the combinatorics that arises from the multitude of features a user might select from adds a further layer of complexity. We introduce the notion of feature causality, which is based on counterfactual reasoning and inspired by the seminal definition of actual causality by Halpern and Pearl. Feature causality operates at the level of system configurations and is capable of identifying features and their interactions that are the reason for emerging functional and non-functional properties. We present various methods to explicate these reasons, in particular well-established notions of responsibility and blame that we extend to the feature-oriented setting. Establishing a close connection of feature causality to prime implicants, we provide algorithms to effectively compute feature causes and causal explications. By means of an evaluation on a wide range of configurable software systems, including community benchmarks and real-world systems, we demonstrate the feasibility of our approach: We illustrate how our notion of causality facilitates to identify root causes, estimate the effects of features, and detect feature interactions.

show abstract

Section: Subject Systemsmentioning

confidence: 99%

Section: Causality-guided Configuration (Rq 3 )mentioning

confidence: 99%

Section: Causality-guided Configuration (Rq 3 )mentioning

confidence: 99%

See 1 more Smart Citation

Causality in Configurable Software Systems

Dubslaff,

Weis,

Baier

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Our approach, by contrast, only considers possibility but not probability of fault scenarios. Probabilistic analysis of fault-tolerant redundant systems was also considered in [35], [36]. In particular, work [35] focuses on overcoming the combinatorial explosion caused by multiple system components protected with redundancies.…”

Section: Related Workmentioning

confidence: 99%

“…Probabilistic analysis of fault-tolerant redundant systems was also considered in [35], [36]. In particular, work [35] focuses on overcoming the combinatorial explosion caused by multiple system components protected with redundancies. Our work is motivated by a similar idea but applied to the explosion of the number of verification configurations.…”

Section: Related Workmentioning

confidence: 99%

Symmetry Breaking in Model Checking of Fault-Tolerant Nuclear Instrumentation and Control Systems

Buzhinsky

Pakonen

2020

IEEE Access

View full text Add to dashboard Cite

One of the approaches to assure reliability of nuclear instrumentation and control (I&C) systems is model checking, a formal verification technique. Model checking is computationally demanding, but nuclear I&C systems have certain properties that simplify the verification problem. The most notable of these properties are redundancy (duplication of certain system parts in several divisions) and symmetry, which are the means of ensuring failure tolerance. In this work, we extend our previous method of model checking failure tolerance of nuclear I&C systems by proposing an automated symmetry breaking approach that utilizes these properties to simplify the verification problem. As a result, fewer failure combinations need to be checked. We evaluate this approach on a case study that encompasses three safety functions allocated to four I&C systems in the same I&C model. INDEX TERMSFormal verification, model checking, symmetry breaking, nuclear I&C systems, fault tolerance.

show abstract

Efficient Analysis of Cyclic Redundancy Architectures via Boolean Fault Propagation

Bozzano

Cimatti

Griggio

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Many safety critical systems guarantee fault-tolerance by using several redundant copies of their components. When designing such redundancy architectures, it is crucial to analyze their fault trees, which describe combinations of faults of individual components that may cause malfunction of the system. State-of-the-art techniques for fault tree computation use first-order formulas with uninterpreted functions to model the transformations of signals performed by the redundancy system and an AllSMT query for computation of the fault tree from this encoding. Scalability of the analysis can be further improved by techniques such as predicate abstraction, which reduces the problem to Boolean case.In this paper, we show that as far as fault trees of redundancy architectures are concerned, signal transformation can be equivalently viewed in a purely Boolean way as fault propagation. This alternative view has important practical consequences. First, it applies also to general redundancy architectures with cyclic dependencies among components, to which the current state-of-the-art methods based on AllSMT are not applicable, and which currently require expensive sequential reasoning. Second, it allows for a simpler encoding of the problem and usage of efficient algorithms for analysis of fault propagation, which can significantly improve the runtime of the analyses. A thorough experimental evaluation demonstrates the superiority of the proposed techniques.

show abstract

Breaking the Limits of Redundancy Systems Analysis

Cited by 8 publications

References 16 publications

Causality in Configurable Software Systems

Causality in Configurable Software Systems

Symmetry Breaking in Model Checking of Fault-Tolerant Nuclear Instrumentation and Control Systems

Efficient Analysis of Cyclic Redundancy Architectures via Boolean Fault Propagation

Contact Info

Product

Resources

About