Page 1

Towards an integrated SE-dependability meta-model Aalto U. – 2010 CRECOS seminar, Espoo, 19.11.10

S. DENIAUD

É. BONJOUR

J.-P. MICAËLLI

D. LOISE

M3M-INCIS

FEMTO-AS2M

ITUS – EVS

PSA

UTBM

UFC

Univ. Lyon, INSA Lyon


Towards an integrated SE-dependability metamodel

Agenda Š Context and motivation Š Systems Engineering (SE) meta-model Š Dependability meta-model Š Integrated SE-dependability meta-model Š Conclusion

11.11.10


Towards an integrated SE-dependability metamodel

Context and motivation Š Context • Functional design of powertrain at PSA Peugeot-Citroën • Hybrid powertrain • Application of Systems Engineering processes • Functional safety concept

Š Motivation • Better integrate the dependability analyses into the functional architecture design • Road vehicles – Functional safety standard (ISO 26262) • Define the necessary set of key concepts related to SE and dependability • BB / WB approach

11.11.10


Towards an integrated SE-dependability metamodel

SE meta-model

Source: Wikipedia about systems engineering


takes place in

realizes operates in

System

Operational situation

has

Sollicitation

generates

MEI flow

receives delivers

Interface

External scenario

Operating mode activates

transforms

triggers

Control flow

Environment

constrains

is a sequence of delivered by

delivers services satisfies

TowardsMission an integrated SE-dependability metamodel

activates, controls, triggers

generates

Constraint Performance

is quantified by

is quantified by

Service

has

is expressed as is expressed as

is activated in

Requirement

Š Description of mission profiles and operating modes • A system provides different services in different operational situations • A mission profile is usually modelled by means of a sequence of operating modes that correspond to stationary states of the system-of-interest • Within a specific operating mode, different (functions of) services are being activated in order to carry out the mission. Transitions from one mode to another are triggered by control flows

11.11.10


takes place in

realizes operates in

System

Operational situation

has

Sollicitation

generates

MEI flow

receives delivers

Interface

External scenario

Operating mode activates

transforms

triggers

Control flow

Environment

constrains

is a sequence of delivered by

delivers services satisfies

TowardsMission an integrated SE-dependability metamodel

activates, controls, triggers

generates

Constraint Performance

is quantified by

is quantified by

Service

has

is expressed as is expressed as

is activated in

Requirement

Š Description of external scenarios • External scenarios (or use scenarios, exchange scenarios) represent the answers that the system (black box) provides to sollicitations that are generated by (the entities of) the environment • These scenarios trigger control flows of the operation of the system • External scenarios are usually modelled in the form of a sequence of flows between the system and its environment according to the operational conditions • External scenarios describe the nominal operation and the degraded operation, within the phases of system lifecycle: startup, use, maintenance, etc.

11.11.10


takes place in

realizes operates in

System

Operational situation

has

Sollicitation

generates

MEI flow

receives delivers

Interface

External scenario

Operating mode activates

transforms

triggers

Control flow

Environment

constrains

is a sequence of delivered by

delivers services satisfies

TowardsMission an integrated SE-dependability metamodel

activates, controls, triggers

generates

Constraint Performance

is quantified by

is quantified by

Service

has

is expressed as is expressed as

is activated in

Requirement

Š External functional analysis • Services correspond to transformations of MEI flows (Material, Energy, Information). They are activated, controlled or triggered by control flows. They have interfaces with the environment which will be characterized by requirements of functional interfaces. • A system is scoped by defining its boundary and its interfaces; this means choosing which entities are inside the system and which are outside - part of the environment.

11.11.10


takes place in

realizes operates in

System

Operational situation

has

Sollicitation

generates

MEI flow

receives delivers

Interface

External scenario

Operating mode activates

transforms

triggers

Control flow

Environment

constrains

is a sequence of delivered by

delivers services satisfies

TowardsMission an integrated SE-dependability metamodel

activates, controls, triggers

generates

Constraint Performance

is quantified by

is quantified by

Service

has

is expressed as is expressed as

is activated in

Requirement

Š Definition of system requirements (or technical requirments) • The initial specifications of the system gradually are supplemented and/or translated into technical requirements. The analysis of the expected services provides functional requirements • The study of both the missions and the sollicitations also provides functional requirements (including interfaces) and nonfunctional requirements (e.g operational requirements, of physical interfaces, constraints) • In each operating mode, services are characterized by performance requirements

11.11.10


Š Internal functional analysis

Towards an integrated SE-dependability metamodel • The internal functional analysis breaks up each service (or function of service) into a tree structure of internal functions and control functions

External scenario

Operating mode

Service

is allocated to

Requirement

is decomposed in is activated in an

Internal function

Operating mode

Control function operates in

is grouped in

Internal scenario

refine

refine

triggers

Function

activates, controls, triggers

Control flow activates

transforms

is a

has

describes the behaviour

11.11.10

receives, delivers is allocated to

/s-system

is a

MEI flow

has

Interface


Š Functional architecture

Towards an integrated SE-dependability metamodel • Functional architecture represents the logical and temporal sequence of the internal functions that are activated/triggered/controlled by control flows. These control flows are either external (flows exchanged with external entities by considering that the system is encompassed in a larger system) or internal (flows within the system) • Each internal function transforms MEI flows and has interfaces, either with other internal functions, or with the environment • The analysis of the interfaces of the internal functions results in gathering them in subsystems. The interfaces of the subsystems are then identified

External scenario

Operating mode

Service

is allocated to

Requirement

is decomposed in is activated in an

Internal function

Operating mode

Control function operates in

is grouped in

Internal scenario

refine

refine

triggers

Function

activates, controls, triggers

Control flow activates

transforms

is a

has

describes the behaviour

11.11.10

receives, delivers is allocated to

/s-system

is a

MEI flow

has

Interface


Š Internal scenarios

Towards an integrated SE-dependability metamodel • Internal scenarios refine external scenarios while revealing the answers which the subsystems provide to the sollicitations generated by (the entities of) the environment and the other subsystems. These sollicitations trigger control flows of the operation of the subsystems • Internal scenarios are modelled in the form of a sequence of flow (MEI, control) between the subsystems and with the environment according to the operational conditions • Each subsystem presents various operating modes which come at the same time from a refinement of the operating modes of the system and from an enrichment that comes from the investigation of functional architectures • An ideal functional architecture then is obtained

External scenario

Operating mode

Service

is allocated to

Requirement

is decomposed in is activated in an

Internal function

Operating mode

Control function operates in

is grouped in

Internal scenario

refine

refine

triggers

Function

activates, controls, triggers

Control flow activates

transforms

is a

has

describes the behaviour

11.11.10

receives, delivers is allocated to

/s-system

is a

MEI flow

has

Interface


Š Design architecture

Towards an integrated SE-dependability metamodel • The granularity of the internal functions should make it possible to allocate them with one and only one component • The whole of the internal functions is analyzed and organized to highlight the operation of various components (physical resources). The physical choices may result either in defining new functions induced - or in breaking up some functions • Functional architecture is then refined and enables to design an allocated functional architecture. Each subsystem is then regarded as a dynamic fitting of internal functions and components, and is seen in its turn like a black box • All the design results obtained are used as a basis for the drafting of the specifications of each subsystem

External scenario

Operating mode

Service

Requirement

is allocated to

is decomposed in is activated in an

Internal function

Operating mode

Control function operates in

is a is a

is grouped in

is allocated to

Internal scenario

refine

refine

triggers

MEI flow

Function

activates, controls, triggers

Control flow activates

transforms

has

receives, delivers is allocated to

/s-system

has

Interface

is materialized by

describes the behaviour

Component 11.11.10

has

Port

connects

Link


TowardsMission an integrated SE-dependability metamodel

takes place in

realizes operates in

System

Operational situation

delivers services satisfies

has generates

Sollicitation

MEI flow

receives delivers

Interface

constrains

is a sequence of

activates

transforms

triggers

activates, controls, triggers

Control flow

generates

Constraint

delivered by

External scenario

Operating mode

Performance

is quantified by

is quantified by has

Service

is expressed as is expressed as is allocated to

refine

refine

is activated in is decomposed in

is activated in an

transforms

triggers

activates

Internal function

Operating mode

Control function operates in

is allocated to

Internal scenario is a is a

has

Requirement

MEI flow

Function

activates, controls, triggers is grouped in

Control flow

Environment

receives, delivers is allocated to

/s-system

has

Interface

is materialized by

describes the behaviour

Component 11.11.10

has

Port

connects

Link


Towards an integrated SE-dependability metamodel

Dependability meta-model based on ISO 26262


Towards an integrated SE-dependability metamodel

Dependability concepts Dependability Safety

Availability

requirements

Maintainability

Reliability

Diagnosticability Reparability ‌

Durability ‌

Functional architecture

Design architecture

functional safety concept

Systems Engineering

11.11.10


Towards an integrated SE-dependability metamodel

ISO 26262-2 process: safety lifecycle • Quantitative demonstration of the safety goals • Traceability of the safety requirements • Safety requirements V&V by modeling and testing

[ISO 26262-2] 11.11.10


Towards an integrated SE-dependability metamodel

Failure propagation Î Recursivity System (S)

Sub-System 1 (SS1)

F1

SS2

F2 SS4 SS3

fault

(latent error)

in F1

(effective)

error in F1

F1 failure Î interface error between F1 in F2 Î error in SS1

(latent then effective)

SS1 failure Î interface error between SS1 and SS2 Î error in SS2

oil seal

oil leakage

failure

in the turbo 11.11.10

S failure

overload


Towards an integrated SE-dependability metamodel

Conclusion


Towards an integrated SE-dependability metamodel

Conclusion

Systems Engineering

Product Process Integrated SE-Dependability (b)

(a) SysML Model-based Dependability SE

Dependability

Nonfunctional approach

Ontology

(c) SysML-based dependability 11.11.10

Object-based Modeling

integrated SE-dependability meta-model  

Towards an integrated SE-dependability meta-model

Read more
Read more
Similar to
Popular now
Just for you