Galileo User S Manual & Design Overview (Version 2.11-Alpha)

______

Galileo User’s Manual &
Design Overview
(Version 2.11-Alpha)

University of Virginia
Kevin Sullivan, Computer Science
Joanne Bechta Dugan, Electrical Engineering

Contributors: Tom Sabanosh, Sara Jane Curwen, Michael Taylor, Steven J. Miller

______

Table of Contents

I. Introduction to Galileo......

Overview......

System Requirements......

Hardware Requirements......

Software Requirements......

Installation......

II. Technical Overview and Design Rationale of Galileo......

Package-Oriented Programming for Large-Scale Reuse......

The DIFtree Approach to Modular Dynamic Fault Tree Analysis......

III. Basic Operation of Galileo......

Running Galileo......

Creating a New Fault Tree......

Opening an Existing Fault Tree......

Saving a Fault Tree......

Printing a Fault Tree......

Exiting from Galileo......

IV. Editing Fault Trees in Galileo......

Selecting a View to Edit......

Editing in the Textual View......

Gates......

Basic Events......

An Example Fault Tree......

Editing with Visio......

Switching Between Editing Modes......

V. Analyzing a Fault Tree Using Galileo......

VI. Galileo’s Web-Based Help System......

VII. Known Bugs and Troubleshooting......

Sometimes when I open an *.ftd file the Visio view is blank!......

I accidentally closed the Visio Stencil. What should I do?......

How do I import fault trees from Galileo version 1.4?......

When I try to render my textual fault tree to Visio or to analyze the tree, I get a syntax error on line n. How can I find that line without having to count each individual line of code?

Sometimes when I start Galileo and create a new fault tree, the Word and Visio applications open externally. What should I do?

I receive the error message "Basic Logic Gates is part of the workspace but cannot be opened. File not Found.".

Sometimes, when I try File/New or File/Open, Galileo crashes......

The Visio view and Stencil lock up. What should I do?......

Galileo prompts me to save my fault tree when it is unnecessary. Why does this occur?......

The Internet Explorer window is not resizing properly. What can I do to fix this problem?......

______

I. Introduction to Galileo

Overview

Galileo is an easy-to-use research prototype software tool for dynamic fault tree analysis on personal computers, namely PC machines running Microsoft’s Windows 95, 98 or NT operating system. Fault tree analysis is one of several important approaches to probabilistic risk assessment for engineered systems. We selected the name Galileo for our tool because Galileo was the first person to study the failure of engineered systems systematically.

Galileo is distinguished in two key dimensions. First, it supports the DIFtreemodular dynamic fault tree analysis approach of Professor Joanne Bechta Dugan, of the Electrical Engineering Department at the University of Virginia. Second, it provides this capability to engineers in a tool based on the Package-Oriented Programming (POP) design approach of Professor Kevin Sullivan, of the Department of Computer Science also at the University of Virginia.

In particular, Galileo hosts DIFtree in a tightly integrated and easy-to-use package that integrates Microsoft's Word and Visio's Visio Technical drawing program within an overall interface based on Microsoft Windows user interface technology. The POP approach enables engineers to edit and display fault trees in either textual and graphical form, using a tool based on standard, widely used, commercially supported components that are easy to integrate into real engineering practice. Our POP software development approach has given us (and you) a tool that appears to be far richer, easier to use and more easily changed than would otherwise possible.

In a nutshell, Galileo allows you to enter and manipulate dynamic fault trees in either textual form, using a little language for fault trees, or in Visio graphical form. It allows you to map these representations back and forth, e.g., to automatically generate a drawing of a tree from a textual specification. And it allows you to submit a specified tree to the underlying analysis engine. Galileo also has an embedded World-Wide-Web help and support function.

NOTE WELL: Despite our advances, Galileo remains a research prototype. Read the known bugs list at the end of this document. Galileo 2.11-Alpha cannot be relied upon for the analysis of critical systems, e.g., nuclear, medical.

System Requirements

Hardware Requirements

Minimum / Recommended
CPU: / P90 / P166
Memory: / 16MB / 32MB
HD space: / 35MB (including 30 at runtime) / 50MB

Software Requirements

In order to run Galileo, you must have Microsoft Windows 95, 98 or NT and Microsoft Internet Explorer 4.0 and at least one of Microsoft Word 97 or Visio Technical 5.0 installed on your computer.

Installation

Whether you downloaded the tool from the Web or received it on diskette, you need to unzip the Galileo archive. If you received the disks, insert the first disk into the appropriate drive. The easiest way to unzip the archive is to use Nico Mak Computing's WinZip utility, available at Select the archive in WinZip and click the install button. WinZip will extract the files and run Setup.exe for you. If you extracted the files manually, run Setup.exe from the directory in which you unzipped the archive.
Galileo has to install its Visio stencil in your Visio program's stencils directory (if you have one). If Visio is installed on your hard drive, the Galileo setup program will automatically locate its directory. If setup cannot find the Visio folder for some reason, you will be asked to supply the path name. Do so, or click on the Next button if Visio is not installed.
Run Galileo by clicking on the icon located on the Programs sub-menu of the Windows 95/98/NT Start menu.

II. Technical Overview and Design Rationale of Galileo

We now describe Sullivan’s Package-Oriented Programming approach and Dugan’s DIFtree analyzer in detail.

Package-Oriented Programming for Large-Scale Reuse

From a software engineering research perspective our work represents an attempt to evaluate Professor David Garlan’s (CMU) thesis that architectural mismatchmakes large-scale reuse hard or infeasible. The idea that has driven our work is that with a suitable component integration architecture and conformant components, large-scale reuse is possible and profitable. We agree with the implicit claim that lack of such an architecture makes large-scale reuse hard. We claim (with Garlan’s work as evidence) that integration architectures are necessary for large-scale reuse. The question we address is: do integration architectures exist that are sufficient to enable large-scale reuse?

In order to answer this question, we have adopted the informal hypothesis that the reuse and integration of massive components conforming to an effective integration architecture enables the rapid and inexpensive production of industrially viable software systems. To test this hypothesis, we negated it and restricted it to software tools for engineering analysis, with fault tree analysis as a convenient (and useful) example. The null hypothesis was thus that the reuse and integration of massive components conforming to an integration architecture could not enable rapid and inexpensive production of industrially viable software tools for engineering modeling and analysis. Galileo is the result of our attempt to test this claim. We adopted Microsoft’s integration architecture (comprising elements including OLE Automation and the Active Document Architecture) with Microsoft Office application components as perhaps the best known, most promising integration architecture for our purposes. Galileo is the result. To the extent that Galileo has clear potential as an industrially viable tool, we have to reject the null hypothesis.

From a component package integration perspective, Galileo is distinguished in several dimensions.

Tight Integration of Multiple Packages
Galileo is based on the tight integration of multiple shrink-wrapped commercial-off-the-shelf (COTS) packages. It is not built on a single package, but instead integrates multiple packages as co-equal components.
Package-Based Views of Engineering Models
Galileo uses packages as user-friendly and richly functional views of an engineering model (i.e., of a fault tree). Microsoft Word presents the tree being edited in a textual form based on the Galileo fault tree language. Visio presents the tree as a structured technical drawing using Galileo shapes and behaviors programmed for Visio.
Compiler-Based Consistency Model
Galileo keeps views consistent in a manner based on an analogy with a compiler. A compiler is tool used in computer programming, in which a program is first edited using one tool, a text editor, and when that is done it is submitted to a compiler to be translated into executable code, a form that can run on computer hardware. The source code form is convenient for people; and the object code, for the computer. In Galileo, you edit a fault tree in either textual or graphical form, and, when you are ready, you ask Galileo to “compile” it into the other form. Unlike a traditional compiler, however, Galileo can translate in both directions. You can thus use a form most appropriate for your needs, e.g., text for editing and graphics for presenting to engineering management.
Tight Integration of Component User Interfaces
Whereas in earlier versions of Galileo, component packages appeared as disconnected windows on the screen, in version 2.11-Alpha, there is just one Galileo window. The package windows are integrated as children of the Galileo window. We use Microsoft’s active document architecture to achieve very tight integration at the user interface level. In particular, there is only one set of menus visible (rather than several, one set presented by each tool window). As you select one or another view to edit, the application menus appropriate for that view are integrated with the Galileo menus. What you see at the top of the Galileo window is therefore a set of menus which is the sum of the Galileo-specific menus and the menus for the package that you have selected.

The DIFtree Approach to Modular Dynamic Fault Tree Analysis

Fault trees are mathematical models of how component-level failures in an engineered system combine to produce system level failures. Fault trees have a convenient pictorial representations that are accepted as making it easier for reliability engineers to build, reason about, and validate such models. For more, read: Dugan, Venkataraman, and Gulati, "DIFtree: A software package for the analysis of dynamic fault tree models,"Proceedings of the 1997 Reliability and Maintainability Symposium, January 1997.

A fault tree (a graph in general) has nodes called basic event nodes that model components of an engineered system. The assignment of a probability distribution to a basic event models how that component fails over time. A fault tree has other nodes called gates that model subsystems composed from basic components. Gates show how failures of components combine to produce susbsystem failures. The top-level gate in a fault tree corresponds to the overeall system. Combinatorial gates, such as and and or gates, indicate that the failures of the inputs lead to a failure of the subsystem if, respectively, all or one of the input components or subsystems has failed.

Probabilistic reliability assessment using fault trees requires the assignment of probability distributions to the basic events of a fault tree. One such distributions are assigned, calculations are performed to compute a distribution for the tree as a whole. When a tree contains only standard combinatorial gates, it is called a static tree, and well-known methods can be used to compute its overall failure probability (to solve the tree). DIFtree permits dynamic gates to appear in a tree, as well. A tree with one or more dynamic gates is called a dynamic tree. The outputs of dynamic gates are sensitive the order in which inputs fail.

In particular, DIFtree decomposes a complex fault tree into subtrees that are independent in that they do not share any basic event nodes, and that are either static or dynamic. The idea is to handle as much of the solution problem as possible using techniques for static trees, and to handle the rest using techniques for dynamic trees. Static trees can be analyzed efficiently using combinatorial techniques. DIFtree solves static trees using an algorithm based on Binary Decision Diagrams (BDD). For dynamic trees, Markov solution methods are employed. Markov methods can be used to solve any tree, but the computational complexity of this approach makes it infeasible for use on large or complex trees. The idea behind DIFtree is to split trees into independent parts (modular subtrees) and to solve them using the most efficient techniques. Thus a given tree is split into parts and either a BDD or Markov approach is used to solve the subtrees depending on their types. DIFtree thus first calls a routine called SplitTree, a fast and efficient algorithm to break up a given tree into smaller independent subtrees, followed by calls to routines called DREDD and Dynasolver, respectively, to solve the independent static and dynamic subtrees. SplitTree combines the solutions for the subtrees into a solution for the overall fault tree. In a nutshell, that is how DIFtree works.

III. Basic Operation of Galileo

This section describes the basic operation of Galileo. Editing and analyzing trees are complicated enough to have their own sections, which follow.

Running Galileo

To run Galileo go to the Start Menu and find Galileo under the Programs folder. Galileo will open with a splash screen and a blank main window. This window will serve as a container for the Word and Visio views of the current fault tree as well as for online help and web-based support through Internet Explorer.

Creating a New Fault Tree

To create a new fault tree, select the New option from the File menu. This will cause the Word and Visio windows to appear with blank documents in the main window. Note well: Galileo can only have one tree open at a time. You must close any opened file before creating a new tree or opening another existing one.

Opening an Existing Fault Tree

To open a previously created fault tree, select the Open option from the File menu. A window will appear allowing you to open files Fault Tree files of type ".ftd". Choose the file that corresponds to the tree you wish to open and the Fault Tree tool will open the appropriate files for Visio and/or Word. As with creating a new tree, only one tree may be active at a time, so you must close any opened file before opening another tree. Note well: we regret that it is not possible to open fault trees created with Galileo version 1.4 or earlier. However, there is a work-around that permits you to convert trees created in Visio 1.4. Please see Troubleshooting for more information.

Saving a Fault Tree

To save a fault tree when editing is complete, choose the Save or SaveAs option from the File menu. This will save the tree and each of its components for Word and Visio. Galileo will ask you for a file name as necessary.

Printing a Fault Tree

Galileo provides the user with two printing options. The first prints only the current active document. This is done by selecting Print from the File menu. The second option prints both the Word and Visio documents. This is done by choosing Print All from the File menu.

Exiting from Galileo

To exit Galileo, choose the Exit option in the File menu of the main Galileo window. This will close the Word and Visio windows as well.

IV. Editing Fault Trees in Galileo

In this section, we describe how to edit fault trees in Galileo. One of Galileo’s strengths is its support for editing fault trees in textual or graphical form (provided that you have the required packages installed on your machine) and to generate one form from the other automatically on demand. Suppose that you prefer to edit tree as text but you need graphics for engineering presentations. Create the tree in Word then have Galileo generate the drawing.

Selecting a View to Edit

You select a view to edit using the Application View menu. Choose to make the desired view writable. Galileo updates the newly writable view from the current view if necessary. Note Well: NEVER EDIT A VIEW THAT’S NOT SELECTED. YOUR CHANGES WILL BE LOST. GALILEO OUTLINES READ-ONLY VIEWS IN RED.

Editing in the Textual View

The editor for fault trees in text form is Microsoft Word. We assume that you know how to use Microsoft Word. Fault trees are written in the Galileo fault tree language. A fault tree specification must begin with the line

toplevel <name>;

<name> is the name of the top level node. A <name> begins with a letter and use only letters, underscores and dashes. spare, trigger, and primary are reserved words that you cannot use as names. Every line in a fault tree ends with a semicolon. Comments can be included: text after "/*" and before "*/" is ignored. Note Well: Comments are not well supported; they are lost in the translation from textual to graphical form and back.