A Markov modeling tool called CARMS
Fault tolerant system design requires a special class of engineering methods and tools. Although not well known to system designers who do not deal directly with fault tolerance issues, the methods have proven useful for a variety of applications. As one example in particular, the technique of Markov modeling has played a significant role in system reliability analysis since the advent of fault tolerant applications during the 1960's. More recently, Markov modeling and computer aided techniques have been combined to assist the engineer in model construction and automatic evaluation. Along these lines, we have developed a Markov modeling tool called CARMS (computer aided rate modeling and simulation) to provide extensive fault tolerant design support. CARMS is implemented in Ada for the Microsoft (MS) Windows operating environment.
Approach to development
A personal computer running MS Windows has become one of the most popular platforms for computer aided design and engineering (CAD/CAE) applications. Commercial tool developers target Windows to achieve the largest sales impact. However, it also has developed a reputation as an unwieldy, difficult to program interface. Both program reliability and complexity are stumbling blocks to the first time Windows developer. As Ada has excellent constructs for managing complexity and improving robustness of software, it seemed only natural to select an Ada development environment to create the reliability evaluation tool CARMS. We thus have a reliable language for handling reliability evaluation.
As the design tools are considered only one part of a set of tools at the disposal of the user, we were concerned about the role of tool interaction and integration. Our overall goals were to apply integration techniques to system level performance and reliability tools and use:
- A graphical and interactive PC environment.
- Port oriented data exchange and dynamic linking between tools.
- Multiple language application interfaces.
- Expert system (ES) tool command and control.
To achieve these goals, we used MS Windows, Ada, a portable ES interpreter, and automatic code generation. For improving abstraction, maintenance, and reliability on such a large project, Ada constructs such as packages, generics, tasking, type checking, and exception handling all proved useful. Above all, the key was to adapt to a Windows environment perspective while using sound Ada software engineering fundamentals as a guide.
CARMS is an integrated Markov modeling and evaluation tool designed to solve a wide range of stochastic time dependent, prediction oriented problems. In particular, it excels as a general purpose tool suitable for reliability, maintainability, and availability prediction.
To give an idea of a Markov modeling application area, consider the historical example of the reliability analysis for the Voyager spacecraft project. The Voyager design relied on redundant components to achieve high reliability and fault tolerance for a long term space mission. The analysis used some of the fundamental concepts of Markov modeling, but before the interactive tools were available. Obviously, a detailed analysis and good decisions on where to place redundancy eventually paid off. Voyager is still running!
Nowadays, the same requirements apply but we have better tool support for analyzing mission critical systems. For instance, some of the interactive features we have incorporated in CARMS include:
- Vector based graphics for constructing transition diagrams.
- Spreadsheet like data input screen.
- Expert system front end which automates model construction.
- Symbolic algebra for simplifying reliability, maintainability, and availability problems.
- Graphical display of results as a function of time.
- Generation of reports to printer, plotter, or file.
- Choice of numerical routines for solving a range of problems.
We have found it surprising that Ada is rarely used for Windows applications, even though many of the features of Ada lend themselves well to creating robust programs. For example, Ada packages, generics, and tasking can be put to good use for reducing complexity of the Windows interface itself. For our application, nearly 100% of the program is coded in Ada. This included a portable front end interpretive expert system (AES–Ada Expert System) that served to automate some of the input tasks. The portions not coded in Ada depend on resource script files to generate dialog boxes for inputting data, etc. However, even here, a unique automated code generation technique is used to create an interface to the dialog box from a corresponding Ada package specification.
A dynamic link library (DLL) approach was used to create a framework for tool communication. Underneath the DLL layer, Windows dynamic data exchange (DDE) was used as a message based protocol for tool communication. This is a port oriented interface design, with Ada specifications mapping to the interface ports (the bodies could be automatically generated if the input/output was well structured). In addition, we have used Ada tasking to wait on events at input ports.
With this combination of DDE and DLL, an executable acts both as a stand alone program and a wrapper for object programmability. The DLL in particular allows a programmatic interface to be applied to the tool. This allows other programs to talk to it and retains the reusable component approach that is at the heart of modern Ada software engineering practices. Ultimately, a universal format such as DLL allows Ada code to communicate effectively with commercial off the shelf applications written in other languages (C/C++, etc.).
Several other Windows features are all being used to advantage in the Ada code, these include:
- Universal graphics and printer support.
- Mouse and pointing device.
- Export graphics to clipboard.
- Standard help with context sensitivity.
For future considerations, we foresee little difficulty in porting CARMS to Windows NT, both to enable handling of larger systems and to make the program network aware.
Ada constructs can offer a competitive advantage to Windows software developers. In fact, anyone who has worked with the relatively structure-free Windows interface (consisting of a flat hierarchy, function side effects, weak typing), would appreciate how Ada can solve many of the development problems. Overall, we have used many of the Ada constructs to abstract away the complexities of Windows development, in particular via:
- Packages - Interface to dialog boxes.
- Types - Mapping to control constructs.
- Generics - Reusable components, function passing.
- Tasking - Client/server DDE.
- Exceptions - Escape handling.
Presently, both system designers and reliability analysts have successfully used CARMS. Two out of the big three domestic auto makers and several aerospace companies are using the tool.
As a sidenote, several of the Windows Ada support tools developed (TrAda, SpecPars, BrAda) are available in the public domain (via AdaNET or ASSET); these were developed with partial funding provided by a NASA Langley Research Center and U.S. Army CECOM contract. Descriptions of the tools can be found in Ada Letters, vol.14, 1994, p.30.
Produced in cooperation with Ada Information Clearinghouse, Ada Software Alliance, and ACM SIGAda.