Leis como técnica de construção de sistemas críticos Aplicação em sistemas de controle de tráfego aéreo Rodrigo Paes [email protected] Outline • Descrição do Trabalho • Objetivos • Resultados Esperados • Bibliografia Preliminar © LES/PUC-Rio Scope • In many today’s distributed system, interaction can be very complex; • … and more: – Complex behavioral rules – Ex.: Notion of commitment, time-sensitive restrictions, context-based validations © LES/PUC-Rio Current scenario • Usually, those rules are hard-coded in the distributed entities themselves (lets call them agents) Hard-coded interaction-related rules © LES/PUC-Rio Some issues • How can we guarantee the behavioral rules are been followed? – In open systems, agents are developed by different teams, and they can have conflicting interests (one want to buy cheap, but the seller doesn’t) • How can those rules be documented in a way that designers can implement their agents in conformance with the rules? • What if the rules change? • How a bad “rule-follower” can be punished? © LES/PUC-Rio Architecture © LES/PUC-Rio XMLaw – The Law Meta-Model • A vocabulary to talk about interaction laws • One can think of laws as a DSL for programming the mediator © LES/PUC-Rio Exemplo XMLaw 01:updateProductInformation{ 02: msg1{senior,dbAgent,$productInfo1} 03: msg2{(senior|manager),dbAgent,$productInfo2} 04: s1{initial} 05: s3{success} 06: s6{failure} 07: s8{failure} 08: t1{s1->s2, msg1} 09: t2{s2->s3, msg2, [checkContent]} 10: t3{s1->s4, msg2} 11: t4{s4->s3, msg1, [checkContent]} 12: t5{s2->s5, timeout1} 13: t6{s5->s3, msg2, [checkContent]} 14: t7{s5->s6, timeout1} 15: t8{s4->s7, timeout2} 16: t9{s7->s3, msg1, [checkContent]} 17: t10{s7->s8, timeout2} // Clocks 18: timeout1{120000, periodic, (t1), (t2, t6)} 19: timeout2{120000, periodic, (t3), (t4, t9)} // Constraints 20: checkContent{br.pucrio.CheckContent} // Actions 21: keepContent{(t1,t3), br.pucrio.KeepContent} // Actions for fault handling 22: handleTimeout{(t7,t10), br.pucrio.TimeoutHandler} 23: handleDifferentContent{(checkContent), br.pucrio.DifContentHandler} 24: warnManagerBroadcast{(t5,t8), br.pucrio.Retry} 25:} © LES/PUC-Rio Objetivos • Aplicar as leis para especificar preocupações de dependability • Usar o middleware para “agir”, aumentando a dependability do sistema • Contexto: Controle de Tráfego Aéreo • Resultado esperado – Mostrar que o modelo de leis é flexível para especificar “questões” de dependability © LES/PUC-Rio Flight plan approval Approve plan (Flight Plan, Airplane information) Ground instructions Ground instructions © LES/PUC-Rio Take off (Ask permission to take-off) (permission) takeoff © LES/PUC-Rio En route intersections airways weather sector controller radar © LES/PUC-Rio Técnica para Construção de Sistemas Críticos • No período de 12 anos entre 1994 e 2005 36% das falhas apresentadas em infraestruturas consideradas críticas, dentre elas, transporte aéreo, fornecimento de água e transportes ferroviários, foram causadas por software • Falha Humana – com o avanço do conhecimento técnico, falhas nos aviões tem se tornado cada vez mais raras. Isto tem levado a exposição das falhas humanas. Em 2004, nos Estados Unidos, a falha de pilotos foi considerada como a principal causa de 78,6% dos acidentes fatais e 75,5% de todos os acidentes ocorridos na aviação civil © LES/PUC-Rio
Download
![How to acess the Micro-Horario. [Modo de Compatibilidade]](http://s1.livrozilla.com/store/data/001740170_1-81c3169586e4e5c7f3d759689b42b896-260x520.png)
