QuantUM: Safety Analysis of Complex System and Software Architectures

The last few months I had not much time to blog, but today I want to write about a current research project
I’m involved in.

The QuantUM Approach

When developing a safety-critical system it is essential to obtain an assessment of different design alternatives. In particular, an early safety assessment of the architectural design of a system is desirable. In spite of the plethora of available formal quantitative analysis methods it is still difficult for software and system architects to integrate these techniques into their every day work. This is mainly due to the lack of methods that can be directly applied to architecture level models, for instance given as UML diagrams. Also, it is necessary that the description methods used do not require a profound knowledge of formal methods. Our approach bridges this gap and improves the integration of quantitative safety analysis methods into the development process. All inputs of the analysis are specified at the level of a UML model. This model is then automatically translated into the analysis model, and the results of the analysis are consequently represented on the level of the UML model. Thus the analysis model and the formal methods used during the analysis are hidden from the user.

The QuantUM Approach

Our approach depicted in the Figure above can be summarized by identifying the following steps:

  • Our UML extension is used to annotate the UML model with all information that is needed to perform a dependability analysis.
  • The annotated UML model is then exported in the XML Metadata Interchange (XMI) format which is the standard format for exchanging UML models.
  • Subsequently, our QuantUM Tool parses the generated XMI file and generates the analysis model in the input language of the probabilistic model checker PRISM as well the properties to be verified.
  • For the analysis we use the probabilistic model checker PRISM together with DiPro in order to compute probabilistic counterexamples representing paths leading to a hazard state.
  • The resulting counterexamples can then be transformed into a fault tree that can be interpreted at the level of the UML model. Alternatively, they can be mapped onto a UML sequence diagram which can be displayed in the UML modeling tool containing the original UML model.

Key Features of QuantUM

  • QuantUM Profile for UML and SysML
    Extension of the UML and SysML with stereotypes. Specification of safety requirements, dependability characteristics (failure modes, …), failure propagation, component dependencies, safety mechanisms (repair management, redundancy structures) directly in the architectural model with your existing UML / SysML CASE tool.
  • Probabilistic Analsysis / pFMEA
    The annotated UML Model is automatically translated into the input language of a probabilistic model checker, which computes the probability of  safety requirements of hazards. In addition a probabilistic FMEA can be performed automatically.
  • Automated Fault Tree Generation
    (Quantitative) Fault Trees identifying the events causing the violation of a safety requirement or a hazard are automatically generated the analysis.
  • Result Representation in UML / SysML
    System executions violating safety requirements or causing a hazard can be displayed as UML sequence diagrams.

Industrial Usage

The QuantUM approach was applied in several industrial case studies and can be used with all major UML / SysML case tools (e.g. IBM Rational Rhapsody, IBM Rational Software Architect, Sparxsystem Enterprise Architect, …)

More Information

More Information on the theory and methods behind QuantUM can be found on the publications site. As soon as the first prototype is available
it will be announced here! Stay tuned!

Quantitative Safety Analysis of UML Models

My master’s thesis is now available online here.

Abstract

When developing a safety-critical system it is essential to obtain an assessment of different design alternatives. In particular, an early safety assessment of the architectural design of a system is desirable. In spite of the plethora of available formal quantitative analysis methods it is still difficult for software and system architects to integrate these techniques into their every day work. This is mainly due to the lack of methods that can be directly applied to architecture level models, for instance given as UML diagrams. Another obstacle is, that the methods often require a profound knowledge of formal methods, which can rarely be found in industrial practice. Our approach bridges this gap and improves the integration of quantitative safety analysis methods into the development process. We propose a UML profile that allows for the specification of all inputs needed for the analysis at the level of a UML model. The QuantUM tool which we have developed, automatically translates an UML model into an analysis model. Furthermore, the results gained from the analysis are lifted to the level of the UML specification or other high-level formalism to further facilitate the process. Thus the analysis model and the formal methods used during the analysis are hidden from the user.

Programmer Competency Matrix

I just found this Matrix which helps in assessing the competency of a programmer in different fields such as computer science, software engineering, programming,  experience and knowledge. While the programming part is pretty detailed, in my opinion the computer science and software engineering part fall short.

Software Engineering is not just source control and automated build and testing, important things like process knowledge, knowledge about requirements engineering and the knowledge about architecting a complex software system are missing. I agree that a programmer is not the software architect, but s/he should at least have a rough idea of what the software architect does. (This holds also the other way round).

But if you want to asses your programming skills, or those of a prospective knew hire, the matrix is a good start.