Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration with Capella

123 visualizaciones

Publicado el

The importance of mission or safety-critical software systems in many application domains of embedded systems is continuously growing, and so is the effort and complexity for reliability and safety analysis. Model-based system engineering (MBSE) is currently one of the key approaches to cope with increasing system complexity.

With Component Fault Trees (CFTs) there is a model- and component-based methodology for safety analysis, which extends the advantages of model-based development to safety & reliability engineering. In this talk, we demonstrate how to ease the development of safety-critical systems by implementing a graphical modeling tool for Component Fault Trees using Sirius and integrate safety analysis capabilities in a model-based system engineering workflow in Capella.

Speaker :
Mark Zeller, Siemens CT
Marc Zeller works as a Senior Key Expert for model-based safety and reliability engineering at Siemens Corporate Technology. His research interests are focused on the efficient and effective development of dependability-relevant Cyber-physical Systems using model-based engineering techniques. Marc Zeller received a diploma in Computer Science from the Karlsruhe Institute of Technology (KIT) in 2007 and obtained a PhD in Computer Science from the University of Augsburg in 2013. With over 10-years' experience in different industrial domains, such as automotive, railway, avionics, or industry automations, he has been involved in various projects establishing model-based engineering techniques and is author of many publications in this area.

Publicado en: Software
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration with Capella

  1. 1. Realization of Model-based Safety Analysis and Integration with Capella Dr. Marc Zeller | SiriusCon 2020 siemens.com/innovationUnrestricted © Siemens 2020
  2. 2. Unrestricted © Siemens AG 2020 Corporate Technology Facts and figures on Research and Development – Siemens group and Siemens Corporate Technology 3,750 € € 8 350 University cooperation – Our knowledge edge Research and Development at Siemens Inventions and patents – Securing our future € 5.7 bn Expenditures for R&D1 45,200 R&D employees2 6,850 Inventions1 Patent applications1 CKI universities 3 17 Principal partner universities Patent experts2 2,550 Employees worldwide2 1,700 Researchers2 300 Cybersecurity experts2 1 In FY 2019; continuing operations | 2 As of September 30, 2019 | 3 Centers of Knowledge Interchange
  3. 3. Unrestricted © Siemens AG 2020 Introduction • Embedded systems are omnipresent in the daily life • Realize safety-relevant functions • Failure may lead to catastrophic accidents • Safety is the most important non-functional property • Increasing system complexity • Growing size and importance of software • Number of safety-relevant functions grows continuously • Need and effort for safety assurance is increasing drastically • Safety analyses are very complex and time-consuming tasks • Contrast to the industry’s aim to reduce development costs and time-to-market
  4. 4. Unrestricted © Siemens AG 2020 Background: Top-down Safety Analysis Fault Tree Analysis (FTA) FTA is systematic top-down approach for reliability and safety analysis • Fault trees trace back influences to a given hazard or failure • Graphically explain causal chains leading to the hazard • Find event combinations that are sufficient to cause hazard (qualitative analysis) • Calculate hazard probability from influence probabilities (quantitative analysis) Element of a Fault Tree: • Root: "Top-Event“ • Hazard or failed state (or the accident or failure event) • Leaves: "Basic Events“ • Causes that cannot or shall not be refined any further • Gates: AND, OR, M-out-of-N, etc. • Boolean logic
  5. 5. Unrestricted © Siemens AG 2020 • Often model-based (e.g. Capella) • Iterative, incremental or agile • Modifications in safety documents is a very time consuming task • Increased risk of inconsistency due to media breaks Developing Safety-critical Systems: State-of-practice Classic Safety Documentation Media Break State-of-practice in safety analysis System engineering
  6. 6. Unrestricted © Siemens AG 2020 • Modifications impact only a small part of the safety models • Automated safety/reliability analysis at early development stages • Consistency by seamlessly integrated models Developing Safety-critical Systems: Model-based safety analysis using Component Fault Trees (CFTs) Classic Safety Documentation Media Break Integrated model-based safety/reliability analysis Seamless integration State-of-practice in safety analysis System engineering • Often model-based (e.g. Capella) • Iterative, incremental or agile • Modifications in safety documents is a very time consuming task • Increased risk of inconsistency due to media breaks
  7. 7. Unrestricted © Siemens AG 2020 Component Fault Trees (CFTs)* Extend classic fault trees with a component concept Extension of classic fault trees with a component concept „ Focus on failure modes of an encapsulated system component „ Failures visible at the inport / outport of a component are modeled using Input / Output Failure Modes Divide-and-conquer strategy for systems „ Modular, hierarchical composition of system fault trees „ Systematic reuse of component CFTs Legend: *) Kaiser, B.; Liggesmeyer, P.; Mäckel, O. (2003). “A new component concept for fault trees”, SCS '03: Proceedings of the 8th Australian workshop on Safety critical systems and software Kaiser, B., Schneider, D., Adler, R., Domis, D., Möhrle, F., Berres, A., Zeller, M., Höfig, K., Rothfelder, M. (2018). „Advances in Component Fault Trees“, Proceedings of the 28th European Safety and Reliability Conference (ESREL)
  8. 8. Unrestricted © Siemens AG 2020 Component Fault Trees vs. Fault Trees Same Information, Different Model Concept Top Event Controller 1 : Controller Supply : Power Supply V24 E1 E1 E2 Controller 2 : Controller E1 Top Event Controller 1.E1 Controller 2.E1 Supply.E1 Supply.E2
  9. 9. Unrestricted © Siemens AG 2020 Component Fault Tree based Safety/Reliability Analysis Modeling & Analysis Workflow System description Component Fault Tree Fault Tree Analysis 1 3 4 CFT Elements2 Why model-based safety analysis using Sirius? • Allows graphical editing based on EMF ecore models (diagrams & tables) • Intuitive UI and easily extensible (e.g. for other analysis methods) • Sirius is also the foundation of Capella
  10. 10. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example (from AIR6110) Overview • Installed on the two main landing gears • Braking on the main gear wheels is used to provide safe retardation • During taxing and landing phases • Also prevents unintended aircraft motion when parked • May provide differential braking for aircraft directional control • Secondary function: Stop main gear wheel rotation upon gear retraction • Braking is commanded either • Manually • Via brake pedals • Automatically (autobrake) without the need for pedal application
  11. 11. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example Functional Hazard Analysis (FHA) • Function: “Decelerate the wheels on the ground” • Average flight length: 5 hours • Functional Hazard Analysis (FHA) results: • Loss of all wheel braking during landing or rejected take off (RTO) shall be less than 5E-7 per flight • Asymmetrical loss of wheel braking coupled with loss of rudder or nose wheel steering during landing or RTO shall be less than 5E-7 per flight • Inadvertent wheel braking with all wheels locked during takeoff roll before V1 shall be less than 5E-7 per flight • Inadvertent wheel braking of all wheels during takeoff roll after V1 shall be less than 5E-9 per flight • Undetected inadvertent wheel braking on one wheel w/o locking during takeoff shall be less than 5E-9 per flight à Top Events of the Fault Tree Analysis in the System Safety Assessment (SSA) of the Wheel Braking System V1 = Speed from which the aircraft cannot be safely stopped on remaining runway
  12. 12. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example CFT Example Top Event = Loss of all wheel braking Steps to perform a safety/reliability analysis using CFTs: 1. Identification of the system components and description of the system architecture (using Capella) 2. Specification of the CFT elements for each system component (using a viewpoint created with Sirius) 3. Semi-automated generation of the system-wide CFT and definition of the CFT’s top event 4. Fault Tree Analysis (qualitative or quantitative) using the Siemens-internal FTA calculation tool Zusim 1 2 3 4
  13. 13. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example Definition of the System Architecture (in Capella) 1
  14. 14. Unrestricted © Siemens AG 2020 1. Create a Physical Architecture diagram 2. Create all components of the architecture as “Node PC” 3. Interconnect components via “Physical Links” Aircraft Wheel Brake System Example Definition of the System Architecture (in Capella) 1
  15. 15. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example Specification of the CFT elements (Sirius-based viewpoint) 2
  16. 16. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example Specification of the CFT elements (Sirius-based viewpoint) 2 1. Enable the “Failure Logic Modeling” Viewpoint 2. Add a safety artifact (CFT element) to each physical component 3. Specify the failure behavior of the component using the modeling elements (Input & Output Failure Modes, Basic Events, Boolean Gates) 4. Map Input and Output Failure Modes to the ports using the “Port Mapping” relation
  17. 17. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example Semi-Automated generation of system-wide Component Fault Tree 3
  18. 18. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example Semi-Automated generation of system-wide Component Fault Tree 3 1. Automatically generate a CFT for a specific product based on the already specified information 2. Add system-wide top events within the CFT and interconnect them with the Output Failure Modes of the CFT elements using Boolean gates 3. Alternatively, a CFT can be specified manually by creating instances of CFT elements of the Node PC within the CFT by drag & drop
  19. 19. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example Fault Tree Analysis using Zusim 4
  20. 20. Unrestricted © Siemens AG 2020 Aircraft Wheel Brake System Example Fault Tree Analysis using Zusim 4
  21. 21. Unrestricted © Siemens AG 2020 Description: The goal of PANORAMA is to research model-based methods and tools to master development of heterogeneous embedded hardware/software systems in collaboration with diverse and heterogeneous parties by providing best practice, novel analysis approaches, and guidance for development. To that end, the main line of action is geared to extending the scope and interoperability of current system level analysis approaches, particularly by enhancing existing abstract performance meta-models. The enhanced meta- model and the related tool framework will be a common and open platform to support collaborative development. PANORAMA 24 partners 5 countries ITEA 3 Call 4 Smart engineering Apr 2019 – Mar 2022 ITEA3 - 17003
  22. 22. Unrestricted © Siemens AG 2020 Component Fault Trees analysis for Heterogeneous Embedded Systems • Component Fault Trees (CFTs) • Extension of classic fault trees with a component concept • One CFT per component contain more than one top event • Instead of one Fault Tree for each top event • Divide-and-conquer strategy for systems • Modular, hierarchical composition of CFTs • Systematic reuse of component CFTs • Extension of CFT methodology in PANORAMA w.r.t. heterogenous embedded systems • Coupling with the the ALMATHEA metamodel • Evaluation of possibilities to combine static CFT-based FTA and simulation ITEA3 - 17003
  23. 23. Unrestricted © Siemens AG 2020 Component Fault Trees (CFTs) Take Away Messages • Divide-and-conquer strategy for safety/reliability analysis of complex systems • Systematic reuse of CFT elements along with design artifacts • (Semi-)Automated composition of pre-existing CFT elements • Seamless Integration/Synchronization with any MBSE approach (e.g. Capella, SysMLv1/2, etc.) • Implementation using Sirius provides graphical modeling capabilities • Easy integration into any EMF-based modeling approach (e.g. ALMATHEA) CFT Elements System description Component Fault Tree Fault Tree Analysis
  24. 24. Unrestricted © Siemens AG 2020 Thank you for your attention ! Questions ? Dr. Marc Zeller Senior Key Expert Model-based Reliability & Safety Engineering marc.zeller@siemens.com Phone: +49 172 1036065 Thanks to Axel Richard from Obeo for the support during development of this PoC implementation! Interested in Model-based Safety ? Register under: http://easyconferences.eu/imbsa2020/
  25. 25. Unrestricted © Siemens AG 2020 If you want to keep talking with the speakers of actual talk, you will have to come back to this session by opening the SiriusCon agenda menu in the top left-hand corner Thanks for listening to Marc Zeller Any questions? Please wait a few seconds before we automatically bring you to the next session Next Talk: IRI Voracity & Workbench: A Total Data Management Environment Built on Eclipse & Sirius

×