unified systems engeneering with goedelworks
DESCRIPTION
Describes a unified metamodel for systems engineering and a supporting internet based platform.TRANSCRIPT
From Deep Space To Deep Sea
R&D project of Open License Society:
Metamodel for systems engineering: “systems grammar”
OpenSpecs and OpenCookBook prototype web portal
Input:
EVOLVE ITEA project
Evolutionary Validation, Verification and Certification
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 2
Evolutionary Validation, Verification and Certification
FP7 OPENCOSS project:Open Platform for EvolutioNary Certification Of Safety-critical Systems (automotive, railway, avionics)
ASIL: Flanders Drive project on developing a common safety engineering methodology for automotive and related domains
Currently commercialised and redeveloped as GoedelWorks by Altreonic
Refinement by adding structure and properties
Avoids overlapping in concepts
Domain Metamodel Model
d d d1
Instance
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 3
E1
E2
d1
d2
d3
d1
d2
d3
Entities Entities and
Interactions
Structure &
Architecture
d1
d2
d3
System /
Process
User levels
M4:
Mathematician
Abstract meta-levels
M4: element (of set)meta-meta-type
RTOS domain
M4: Interacting Entities
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 4
Mathematician
M3: Expert
M2: Engineer
M1: User
meta-meta-type
M3: Metatypes declarations (inheritance of the M4 element meta-meta-type)
M2: types declarations (inheritance of M3 meta-types with domain specific attributes)
M1: Instances of M2 types with concrete values of attributes
M4: Interacting Entities
M3: Virtual machine executing M2 functions for
M1 data
M2: domain specific declarations
(types, grammar, functions)
M1: Data
View 1:
System = Processes + Architecture
or: the ”right” System = “how” + “what”
View 2:
A process is a meta-system
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 5
A process is a meta-system
Has to be developed as well
In practice different views correspond to complementary domains:
Process, Engineering, Modeling, Simulation, Testing, Software, Hardware, Safety, …
System Sub-entities
Project Sub-Project
Process Sub-Process
Reference
Requirement Sub-Requirement
Specification Sub-Specification
Resource
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 6
Resource
Work Package Development, Verification, Test, Validation Task
Work Package Flow Work Package
Work Product Process type (“Evidence”) or development (“Model”)
Model Sub-Models
Entity Sub-Entities
Change Request
Issue
SYSTEM
PROCESS
Development
WPT-
template
WP
Tasks SPC RES
Organ-
isation
Supporti
ng
Plan-
ning
PROJECT
System under Development
MODEL
ENTITY
WP
WPT-
Process
WP Flow
WP
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 7
Tasks
DEV
VER
TST
VAT
SPC
REQ
REF
RES WP
Tasks
DEV
VER
TST
VAT
SPEC
REQ
REF
RES
WP
Tasks
DEV
VER
TST
VAT
SPC
REQ
REF
RES
GoedelWorks
Meta-Meta-concept
Association links:
Dependency links:
E.g. a SPC depends on REQ (n)
Precedence links:
A Verification Task preceeds a Test Task
Structural links:
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 8
Structural links:
A WP is composed of Tasks (n)
A Model is composed of Entities (n)
Navigation links:
Navigation tree for easy access
Flow links (next-previous) for defining flows
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 9
During the life-time of a Project/Process entities go through states:
Defined => In Work => Frozen For Approval => Approved
Dependency and structural relationships create a partial order for Approval
REF=>REQ=>SPC // RES // Tasks =>WP=>WPT (MOD)
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 10
A Project is a collection of Processes producing Work Products. Not a single V-model but 100’s.
Overall Process follows from respecting states
WorkProducts morph:
Resource at input is always result of previous Project
Work Product template => Work Product specific Project
System in Project A => component in Project B
PROCESSES
Development
WPT_Process
(out)_
template.
WP
DV-VE-TE-VAT (ᴝ)
SPC (in) REQ (in) REF
RES (in)Organisation
Supporting
Planning
ASIL developed template flow +
template WorkProducts + guidelines To be defined or
completed by
each organisation
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 11
SE system
PROJECTS
System Domain
MOD ENT WP
DV-VE-TEt-TAT (ᴝ)
SPC (in) REQ (in)
RES
WPT -Process (out)
(Project specific)WP_flow WP
DVT-VE-TET-VAT
(ᴝ)
SPC (in) REQ (in)
RES (in)
Specific domain
The template is a RES (input) –
hence a link to it or make copy.
When selecting ASIL as process
Explicit difference between Requirements and Specifications
Distinction Process (how) and Project (what)
Verification = verifying the work done
Testing = verifying the system meets specifications
Validation = verifying it meets requirements (includes
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 12
Validation = verifying it meets requirements (includes integration)
Process/Project is not seen as flow but as a collection of actions producing WorkProducts (+/- 100!)
System = Implementation model
Safety case is seen as Specification-Fault case
Domain agnostic
Trustworthy system
Safety Security Usability Privacy
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 13
no physical fault can
cause harm
no injected fault can
cause harm
no interface fault can
cause harm
no personal data loss
can cause harm
Specification has subtypes:
Normal Case, Test Case, Fault Case
Safety and Security case are subtypes of Fault Case
Input: ASIL project of Flanders Drive
Automotive Safety Integrity Level
Goal: develop common safety engineering process based on existing standards:
Automotive: off-highway, on-highway
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 14
Automotive: off-highway, on-highway
Machinery
IEC 61508, IEC 62061, ISO DIS 26262, ISO 13849, ISO DIS 25119 and ISO 15998
Partners:
Altreonic, DANA, EIA, Flanders Drive, Punch Powertrain, Triphase, TüV Nord
DO-178C, DO-254, ARP4761: Altreonic
Acquiring general understanding of Safety and Systems Engineering standards.
Development of ASIL process flow:
Dissecting standards in semi-atomic statements
Tagging according to activity domain
Development of ASIL V-model with 3 Process domains:
Organisational Processes ("safety culture")
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 15
Organisational Processes ("safety culture")
Supporting Processes
Safety and Engineering Development Processes.
Completion
Identification of Work Products and RACI Roles
Development of templates for Work Products (.doc or .xls)
Development of Guidelines (e.g. HARA)
Development of Glossary
Organisational
Safety and Engineering/
Development
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 16
Supporting
Effort: approx. 21000 personhours (over 3 years.)
Semi-atomic process requirements extracted: ~3800
Work products defined: 98 => templates
Types of roles identified: 17 => HR responsibility
Guidelines developed: 34 => templates
ASIL process flow has 355 steps
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 17
ASIL process flow has 355 steps
Organisational processes identified:19
Supporting processes identified: 75
Safety and Engineering processes identified: 261
Work is not finished! (validation using use cases + organisation specific mapping) + templates + iterative!
GoedelWorks ASIL
Process Process
Flow Flow
Work Package Step with descriptive text
Tasks (DEV, VET, TST, VAT) Not defined
Project Not defined
Model/Entity Not defined
Reference Standards’ requirements attached to Step
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 18
Reference Standards’ requirements attached to Step
Requirement Not defined, merged in Step description
Specification Not defined
Resource Roles, Work Product template, Guidelines
Work Product Work Product (input and output of Step)
Change Request Not defined, but Change Management Step
Issue Not defined, but Change Management Step
State Not defined
Relationships Net defined, except as WPT input and Roles
V-model respected by following order:
Steps become Work Packages
Default WP Tasks, missing REQ and SPC created
Dependencies and structural relationships inserted but left empty
State: most often “In Work” upon creation
Guidelines and templates attached
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 19
Guidelines and templates attached
Benefits from import:
All Process (and Project) Entities user-editable
Project entities and Process entities can be linked
Organisation specific instance of Processes can be created and new processes added
Dependency analysis and reporting
Main lessons learned:
Bridging different domains: semantic differences
Safety engineering standards are subsets of systems engineering
Certification requires “evidence” (artifacts)
Major problems:
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 20
Major problems:
Find a common language
Find a clean language: orthogonality
Usability aspects prime requirement for tool
Difficult in a web based environment
Standards’ license terms!
ASIL imported reference
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 21
Example of state verification (Approval)
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 22
Dependency graph (Process)
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 23
Example: shift-by-wire example
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 24
Generated precedence graph
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 25
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 26
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 27
Roles and permissions at entity level
Locking during edit
Version management + transaction log
Comments per entity
Importing or creating in bulk
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 28
Importing or creating in bulk
Import/export subset
Precedence and dependency tree graphs
Doc generation (html, pdf)
Project schedule, Gannt chart (in work)
….
Portal based HARA (vs. xls template)
Fault Tree Analysis
Templates doc on-line
Linking/integration with software development environments
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 29
environments
Conclusion
Systems engineering process can be formalised using a common metamodel
Booklet available from Altreonic website
Challenges
Integration of different domains
Concepts, Architectural design, WorkFlow
System Engineering processes (“standards”) are heuristic
Progress through formalisation
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 30
Progress through formalisation
Reduction of design space give reliability
Modular architecture and unified semantics essential for incremental/evolutionary verification/validation/certification
Automated support is feasible
• Work will continue in OPENCOSS FP7 project
• (cover avionics, railway, automotive)
• DO-178C and DO-254
• Focus on re-use
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 31
www.altreonic.com
Set-up fee: 1500 euro (SSL, Firewall, …)
Standard process support: 1500 euro/mo/first 3 users
ASIL process support: 1500 euro/mo/first 3 users
(license of standard needed)
Minimum period: 12 months, up to 12 projects
Additional users: 100 euro/month/module
Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 32
Additional users: 100 euro/month/module
Recommended:
Hands-on training
Completing flow with Organisation’s procedures
Organisation specific customisation
Optional:In-house hosting (open technology license only).
Encryption of data on disk, dedicated VM, …