Carregar apresentação
A apresentação está carregando. Por favor, espere
1
Leis como técnica de construção de sistemas críticos Aplicação em sistemas de controle de tráfego aéreo Rodrigo Paes rbp@les.inf.puc-rio.br
2
© LES/PUC-Rio Outline Descrição do Trabalho Objetivos Resultados Esperados Bibliografia Preliminar
3
© LES/PUC-Rio Scope In many todays distributed system, interaction can be very complex; … and more: –Complex behavioral rules –Ex.: Notion of commitment, time-sensitive restrictions, context-based validations
4
© LES/PUC-Rio Current scenario Usually, those rules are hard-coded in the distributed entities themselves (lets call them agents) Hard-coded interaction-related rules
5
© LES/PUC-Rio Some issues How can we guarantee the behavioral rules are been followed? –In open systems, agents are developed by different teams, and they can have conflicting interests (one want to buy cheap, but the seller doesnt) How can those rules be documented in a way that designers can implement their agents in conformance with the rules? What if the rules change? How a bad rule-follower can be punished?
6
© LES/PUC-Rio Architecture
7
© LES/PUC-Rio XMLaw – The Law Meta-Model A vocabulary to talk about interaction laws One can think of laws as a DSL for programming the mediator
8
© LES/PUC-Rio Exemplo XMLaw 01:updateProductInformation{ 02: msg1{senior,dbAgent,$productInfo1} 03: msg2{(senior|manager),dbAgent,$productInfo2} 04: s1{initial} 05: s3{success} 06: s6{failure} 07: s8{failure} 08: t1{s1->s2, msg1} 09: t2{s2->s3, msg2, [checkContent]} 10: t3{s1->s4, msg2} 11: t4{s4->s3, msg1, [checkContent]} 12: t5{s2->s5, timeout1} 13: t6{s5->s3, msg2, [checkContent]} 14: t7{s5->s6, timeout1} 15: t8{s4->s7, timeout2} 16: t9{s7->s3, msg1, [checkContent]} 17: t10{s7->s8, timeout2} // Clocks 18: timeout1{120000, periodic, (t1), (t2, t6)} 19: timeout2{120000, periodic, (t3), (t4, t9)} // Constraints 20: checkContent{br.pucrio.CheckContent} // Actions 21: keepContent{(t1,t3), br.pucrio.KeepContent} // Actions for fault handling 22: handleTimeout{(t7,t10), br.pucrio.TimeoutHandler} 23: handleDifferentContent{(checkContent), br.pucrio.DifContentHandler} 24: warnManagerBroadcast{(t5,t8), br.pucrio.Retry} 25:}
![© LES/PUC-Rio Exemplo XMLaw 01:updateProductInformation{ 02: msg1{senior,dbAgent,$productInfo1} 03: msg2{(senior|manager),dbAgent,$productInfo2} 04: s1{initial} 05: s3{success} 06: s6{failure} 07: s8{failure} 08: t1{s1->s2, msg1} 09: t2{s2->s3, msg2, [checkContent]} 10: t3{s1->s4, msg2} 11: t4{s4->s3, msg1, [checkContent]} 12: t5{s2->s5, timeout1} 13: t6{s5->s3, msg2, [checkContent]} 14: t7{s5->s6, timeout1} 15: t8{s4->s7, timeout2} 16: t9{s7->s3, msg1, [checkContent]} 17: t10{s7->s8, timeout2} // Clocks 18: timeout1{120000, periodic, (t1), (t2, t6)} 19: timeout2{120000, periodic, (t3), (t4, t9)} // Constraints 20: checkContent{br.pucrio.CheckContent} // Actions 21: keepContent{(t1,t3), br.pucrio.KeepContent} // Actions for fault handling 22: handleTimeout{(t7,t10), br.pucrio.TimeoutHandler} 23: handleDifferentContent{(checkContent), br.pucrio.DifContentHandler} 24: warnManagerBroadcast{(t5,t8), br.pucrio.Retry} 25:}](http://images.slideplayer.com.br/5/1637954/slides/slide_8.jpg "© LES/PUC-Rio Exemplo XMLaw 01:updateProductInformation{ 02: msg1{senior,dbAgent,$productInfo1} 03: msg2{(senior|manager),dbAgent,$productInfo2} 04: s1{initial} 05: s3{success} 06: s6{failure} 07: s8{failure} 08: t1{s1->s2, msg1} 09: t2{s2->s3, msg2, [checkContent]} 10: t3{s1->s4, msg2} 11: t4{s4->s3, msg1, [checkContent]} 12: t5{s2->s5, timeout1} 13: t6{s5->s3, msg2, [checkContent]} 14: t7{s5->s6, timeout1} 15: t8{s4->s7, timeout2} 16: t9{s7->s3, msg1, [checkContent]} 17: t10{s7->s8, timeout2} // Clocks 18: timeout1{120000, periodic, (t1), (t2, t6)} 19: timeout2{120000, periodic, (t3), (t4, t9)} // Constraints 20: checkContent{br.pucrio.CheckContent} // Actions 21: keepContent{(t1,t3), br.pucrio.KeepContent} // Actions for fault handling 22: handleTimeout{(t7,t10), br.pucrio.TimeoutHandler} 23: handleDifferentContent{(checkContent), br.pucrio.DifContentHandler} 24: warnManagerBroadcast{(t5,t8), br.pucrio.Retry} 25:}")
9
© LES/PUC-Rio Objetivos Aplicar as leis para especificar preocupações de dependability Usar o middleware para agir, aumentando a dependability do sistema Contexto: Controle de Tráfego Aéreo Resultado esperado –Mostrar que o modelo de leis é flexível para especificar questões de dependability
10
© LES/PUC-Rio Flight plan approval (Flight Plan, Airplane information) Approve plan Ground instructions
11
© LES/PUC-Rio Take off (Ask permission to take-off) (permission) takeoff
12
© LES/PUC-Rio En route intersections airways radar controller sector weather
13
© LES/PUC-Rio Técnica para Construção de Sistemas Críticos No período de 12 anos entre 1994 e 2005 36% das falhas apresentadas em infraestruturas consideradas críticas, dentre elas, transporte aéreo, fornecimento de água e transportes ferroviários, foram causadas por software Falha Humana – com o avanço do conhecimento técnico, falhas nos aviões tem se tornado cada vez mais raras. Isto tem levado a exposição das falhas humanas. Em 2004, nos Estados Unidos, a falha de pilotos foi considerada como a principal causa de 78,6% dos acidentes fatais e 75,5% de todos os acidentes ocorridos na aviação civil
Apresentações semelhantes
