EDCC2, Taormina, Italy, Springer-Verlag, 1996.

Dependability Modelling and Analysis of Complex Control Systems: an Application to Railway Interlocking

Manuela Nelli1, Andrea Bondavalli2 and Luca Simoncini3

1 Consorzio Pisa Ricerche, P.zza Ancona, 56126 Pisa, Italy

2 CNUCE Istituto del CNR, Via S. Maria 36, 56126 Pisa, Italy

3 Dept. Information Engineering, University of Pisa, Via Diotisalvi, 2 56126 Pisa, Italy

Abstract

This paper describes the dependability modelling and evaluation of a real complex system, made of redundant replicated hardware and redundant diverse software. It takes into account all aspects of their interactions (including correlation between the diverse software variants) and of the criticality of the several components. Our approach has been to realise the system model in a structured way. This allows to cope with complexity and to focus, where interesting, on specific behaviour for a more detailed analysis. Furthermore each level may be modelled using different methodologies and its evaluation performed with different tools without the need of modifying the general structure of the model. In order to validate the most complex sub-models, we built alternatives using different tools and methodologies; this proved to be very useful since it allowed to find small bugs and imperfections and to gain more confidence that the models represented the real system behaviour. With respect to the real system taken as the example, our analyses, which could not be reported here, allowed to establish the dependability bottlenecks of the current version and to state targets for the several subcomponents such that the system targets could be reached, thus providing hints for next releases or modifications of the system and information to assign targets to the various components of the system.

References

 [1] J. Arlat, K. Kanoun and J. C. Laprie, "Dependability Modelling and Evaluation of Software Fault-Tolerant Systems," IEEE Transaction on Computer, Vol. 39, pp. 504-513, 1990.

[2] A. Avizienis and J. P. J. Kelly, "Fault Tolerance by Design Diversity: Concepts and Experiments," IEEE Computer, Vol. pp. 1984.

[3] J.B. Balliet and J.R. Hoelscher, "Microprocessor based Interlocking Control - Concept to Application," in Proc. APTA Rail Transit Conf., Miami, Fl., 1986, pp. 13.

[4] A. Bondavalli, S. Chiaradonna, F. Di Giandomenico and S. La Torre, "Dependability of Iterative Software: a Model for Evaluating the Effects of Input Correlation," in Proc. accepted at SAFECOMP '95, Belgirate, Italy, 1995, pp.

[5] S. Chiaradonna, A. Bondavalli and L. Strigini, "On Performability Modeling and Evaluation of Software Fault Tolerance Structures," in Proc. EDCC1, Berlin, Germany, 1994, pp. 97-114.

[6] A. Costes, C. Landrault and J. C. Laprie, "Reliability and Availability Models for Maintained Systems featuring Hardware Failures and Design Faults," IEEE Trans. on Computers, Vol. C-27, pp. 548-60, 1978.

[7] A.H. Cribbens, M.J. Furniss and H.A. Ryland, "The Solid State Interlocking Project," in Proc. IRSE Symposium "Railway in the Electronic Age", London, UK, 1981, pp. 1-5.

[8] F. Di Giandomenico, A. Bondavalli and J. Xu, "Hardware and Software Fault Tolerance: Adaptive Architectures in Distributed Computing Environments," Esprit BRA 6362 PDCS2 Technical Report, june 26 1995.

[9] J. B. Dugan and M. Lyu, "System-level Reliability and Sensivity Analysis for Three Fault-Tolerant Architectures," in Proc. 4th IFIP Int. Conference on Dependable Computing for Critical Applications, San Diego, 1994, pp. 295-307.

[10] E. K. Holt, "The Application of Microprocessors to Interlocking Logic," in Proc. APTA Rail Transit Conf., Miami, Fl., 1986, pp. 13.

[11] K. Kanoun, M. Borrel, T. Morteveille and A. Peytavin, "Modelling the Dependability of CAUTRA, a Subset of the French Air Traffic Control System," LAAS Report, December 1995.

[12] J. C. Laprie, C. Beounes, M. Kaaniche and K. Kanoun, "The Transformation Approach to Modeling and Evaluation of Reliability and Availability Growth of Systems," in Proc. 20th IEEE Int. Symposium on fault Tolerant Computing, Newcastle, UK, 1990, pp. 364-71.

[13] J.C. Laprie and K. Kanoun, "X-ware Reliability and Availability modelling," IEEE Trans. on Software Engineering, Vol. SE-18, pp. 130-147, 1992.

[14] G. Mongardi, "A.C.C Specifiche Tecniche e Funzionali," Ansaldo Trasporti [15] G. Mongardi, "Dependable Computing for Railway Control Systems," in Proc. DCCA-3, Mondello, Italy, 1993, pp. 255-277.

[16] M. Nelli, "Modellamento e valutazione di attributi della dependability di un sistema critico per l'interlocking ferroviario", Tesi di Laurea, Facolta' di Ingegneria, University of Pisa, Pisa, 1995.

[17] D. Nordenfors and A. Sjoeberg, "Computer Controlled Electronic Interlocking System, ERILOCK 850," ERICSSON Review, Vol. 1, pp. 1-12, 1986.

[18] I. Okumura, "Electronic Interlocking to be tried in Japan," Railway Gazette International, Vol. 12, pp. 1043-1046, 1980.

[19] H. Strelow and H. Uebel, "Das Sichere Mikrocomputersystem SIMIS," Signal und Draht, Vol. 4, pp. 82-86, 1978.

[20] A. T. Tai, A. Avizienis and J. F. Meyer, "Evaluation of fault tolerant software: a performability modeling approach," in "Dependable Computing for Critical Applications 3", C. E. Landwher, B. Randell and L. Simoncini Ed., Springer-Verlag, 1992, pp. 113-135.

[21] K. S. Trivedi, "Probability and Statistics with Reliability, Queuing, and Computer Science Applications," Durham, North Carolina, Prentice-Hall, Inc., Englewood Cliffs, 1982.

[22] G. Wirthumer, "VOTRICS - Fault Tolerant realised in software," in Proc. SAFECOMP, Vienna, Austria, 1989, pp. 135-140.

You can download a PDF version of the paper.