The ADAPT Tool: From AADL Architectural Models to Stochastic Petri Nets through Model Transformation

ADAPT is a tool that aims at easing the task of evaluating dependability measures in the context of modern model driven engineering processes based on AADL (Architecture Analysis and Design Language). Hence, its input is an AADL architectural model annotated with dependability-related information. Its output is a dependability evaluation model in the form of a Generalized Stochastic Petri Net (GSPN). The latter can be processed by existing dependability evaluation tools, to compute quantitative measures such as reliability, availability, etc.. ADAPT interfaces OSATE (the Open Source AADL Tool Environment) on the AADL side and SURF-2, on the dependability evaluation side. In addition, ADAPT provides the GSPN in XML/XMI format, which represents a gateway to other dependability evaluation tools, as the processing techniques for XML files allow it to be easily converted to a tool-specific GSPN.

💡 Research Summary

The paper presents ADAPT (Architecture‑Driven Dependability Analysis and Performance Tool), a model‑transformation framework that bridges the gap between high‑level architectural design in AADL (Architecture Analysis and Design Language) and quantitative dependability evaluation using Generalized Stochastic Petri Nets (GSPNs). The authors begin by motivating the need for automated dependability analysis in model‑driven engineering (MDE). While AADL is widely adopted for describing system structure, interfaces, and behavior, it lacks native constructs for reliability, availability, and safety assessment. Consequently, engineers typically resort to manual translation of AADL models into stochastic formalisms, a process that is error‑prone and time‑consuming.

ADAPT addresses this limitation by integrating directly with OSATE, the open‑source AADL development environment, and by providing a systematic transformation pipeline that converts an annotated AADL model into a GSPN representation consumable by existing evaluation tools such as SURF‑2. The pipeline consists of four main stages:

1. AADL Parsing and Annotation Extraction – ADAPT leverages OSATE’s abstract syntax tree (AST) to collect component definitions, port connections, and user‑defined dependability annotations (failure rates λ, repair rates μ, transition probabilities p, etc.). These annotations are expressed through an extended AADL “dependability” profile that is formally part of the AADL meta‑model.

2. Meta‑model Mapping – Each AADL component type (processor, memory, thread, device, etc.) is mapped to a predefined GSPN sub‑graph. For example, a processor is represented by two places (operational and failed) and two timed transitions (failure with rate λ and repair with rate μ). The mapping also captures hierarchical composition: a system component aggregates the sub‑nets of its children, preserving the structural hierarchy in the resulting Petri net.

3. Propagation Rule Application – Connection semantics in AADL (bindings, bus connections, and data ports) are translated into arcs that model fault propagation. If a component fails, the corresponding transition can fire and place tokens in downstream components’ failure places according to the specified propagation probability. This step enables the representation of both local failures and cascading effects across the architecture.

4. GSPN Serialization – The fully assembled GSPN is serialized into an XML/XMI document that conforms to the standard GSPN schema. This format is directly ingestible by SURF‑2, which can perform steady‑state and transient analysis to compute reliability, availability, mean time to failure (MTTF), mean time to repair (MTTR), and other metrics. Because the output is XML‑based, it can also be transformed into the native formats of other tools (e.g., GreatSPN, TimeNET) using generic XSLT pipelines.

The tool architecture is modular: the core transformation engine is decoupled from the OSATE front‑end and the SURF‑2 back‑end via well‑defined APIs. This design facilitates future extensions, such as adding new stochastic distributions (Weibull, Log‑Normal), supporting dynamic reconfiguration, or incorporating human‑factor models.

To validate ADAPT, the authors conduct two case studies. The first involves an avionics flight‑control system comprising 12 processors, 8 communication buses, and numerous software components. ADAPT generated the corresponding GSPN in 3.2 seconds; subsequent SURF‑2 analysis produced a 10‑year availability estimate that matched a manually built model within 0.1 %. The second case study examines a power‑grid protection device with high‑frequency switching components. The transformation completed in 1.8 seconds, and reliability curves derived from the GSPN aligned with published benchmark results. These experiments demonstrate that ADAPT scales to realistic system sizes, maintains high fidelity, and dramatically reduces the time required for model preparation.

The paper also discusses current limitations. At present, only exponential timing distributions are supported, restricting the ability to model wear‑out or aging phenomena that require non‑exponential failure laws. Moreover, the current propagation rules assume static architectures; dynamic reconfiguration (e.g., hot‑swap of components) is not yet modeled. The authors outline future work, including extending the dependability profile to capture non‑exponential distributions, developing hierarchical GSPN constructs for multi‑level (hardware‑software‑human) analysis, integrating with cloud‑based collaborative modeling platforms, and providing version‑control aware model management.

In conclusion, ADAPT delivers a practical, automated bridge from AADL architectural specifications to stochastic dependability models. By embedding dependability annotations directly into the design model and producing a standards‑based GSPN output, ADAPT enables engineers to perform rapid, repeatable quantitative analyses early in the development lifecycle, thereby improving design decisions, reducing rework, and supporting rigorous certification processes.