Embed Size (px)
Citation preview
Intégration MBSE-MBSA
Toulouse, le 22 janvier 2015
Faïda MHENNI, enseignant-chercheur à Supméca Jean-Yves CHOLEY, directeur du LISMMA
Le LISMMA: 3 équipes de recherche
Ingénierie numérique, Les systèmes industriels : Modélisation, conception et optimisation ; Les systèmes mécatroniques : Ingénierie système, modélisation multi-physique,
métriques, safety… Les systèmes géométriques : Modélisation déclarative ; Les produits : Ecoconception et optimisation ;
Tribologie et matériaux ; La fatigue des matériaux; La micro-géométrie et la physique du contact ; Le comportement thermomécanique des matériaux ;
Vibroacoustique et dynamique des structures (VAST) ; La dynamique des structures et systèmes non-linéaires ; L’amortissement des vibrations structurelles ; Les matériaux pour la vibroacoustique (isolation et absorption) ;
2
LISMMA laboratory LISMMA (Laboratoire en Ingénierie des Systèmes Mécaniques
et des MAtériaux): • 40 Pr. and Ass. Pr., 55 PhD students • 3 research teams
– Digital Engineering; – Tribology & Materials; – Vibroacoustics & structures;
A new “large” laboratory (LISMMA + ECS + LARIS) for “IPGP” (Institut Polytechnique du Grand Paris: Supméca, ENSEA, EISTI) :
• 70 Pr. & Ass. Pr., 80 PhD students; • LISMMA research teams plus:
– LARIS: embedded control, cloud computing, system engineering
– ECS: control system, electronics
3
Activités de recherche en mécatronique au LISMMA
Mechatronics Integration – Functional, Multi-domains, Physical (3D) – Interfaces (Physical, Compatibility…)
Design Process – Modeling, Simulation, Verification, Validation, Qualification – System Engineering (Consistency, Continuity, Tracability…) – Safety Analysis
Multi-domains: – Collaborative design, Interoperability and Integration
Multi-physics : – Compact models (analytic), Reduction of models
Mathematics – Algebraic Topology – Categories – Metrics…
4
Le contexte en ingénierie système au LISMMA
5
Model-Based Safety Assessment (MBSA)
Model-Based System Engineering (MBSE)
Black Box & White Box Analyses and Modeling
Safety Analysis FMEA, FTA, Model
Checking…
Multi-physics Multi-domain
Modeling & Simulation
Fault Detection Isolation and Recovery
(FDIR)
Safety Analysis Integration in a Systems
Engineering Approach for Mechatronic
Systems Design
PhD Dissertation presented by
Faïda Mhenni
Supervisors:
Alain Rivière (SUPMECA)
Hubert Kadima (EISTI)
Nga Nguyen (EISTI)
Jean-Yves Choley (SUPMECA)
Committee:
Antoine Rauzy (Ecole Centrale Paris)
Hamid Demmou (INSA Toulouse)
Omar Hammami (ENSTA Paritech)
Stanislao Patalano (Frederico II Naples)
Wassim Abida (UTC-AS)
PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse 22/01/2015
Agenda
� Introduction
� Related Work
� Model-Based Systems Engineering Methodology with SysML
� SysML Semantics Extension
� Safety Profile
� Mechatronics Extended Modeling Profile
� SafeSysE
� FMEA Generation
� FTA generation
� Model Checking
� Conclusion and Future Works
222/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Introduction
� Complex systems
� More functions
� Compact
� Multi-disciplinary
� Competitiveness
� Shortening time to market
� Cost reduction
Need for new design approaches/tools
� System approach
� Multi-team collaboration
� Capitalization and reuse
3
Model-Based Systems Engineering (MBSE) Approach with SysML
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Introduction
� Safety critical systems
� More rigorous safety requirements
� System Safety Analysis:
� Usually occurs very late in the design process
� Highly dependent on the skill of the analyst
� Time consuming
� Error prone
System
model
422/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Introduction
� Weak consistency between safety analysis and system model
� System specifications continue to evolve during safety analyses
� Safety models do not reflect system architecture ���� hard to build and update
� No traceability
� Need for:
� Rigorous safety analyses
� Efficiently integrated in the design process
� Since early design stages
522/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Objectives
� Integrate safety assessment within systems
engineering process
� From early design stages
� Allow safety analysis results to be accounted for in design choices
� Reduce the work load on safety expert and error proneness by
automatically generating safety artifacts
� Enrich the system model to include safety relevant information
� Share safety information and analysis results between the systems
engineer and safety analyst.
622/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
SysML
Graphical language for systems specification
☺ Ability to model different aspects of the system: behavior (message-based, state machines, use-case, EFFBD), structure, requirements.
☺ Graphical language � facilitates communication
☺ Flexible � extension mechanisms
☺ Traceability links among different viewpoints � consistency
☺ Reuse and capitalization
SysML Diagram
Behavior
Diagram
Structure
Diagram
Requirement
Diagram
Activity
Diagram
Block
Definition
Diagram
Internal
Block
Diagram
Parametric
Diagram
Package
Diagram
Sequence
Diagram
State
Machine
Diagram
Use Case
Diagram
7
� Lack of adapted methodology to SE
� Poor simulation capacity (tool dependent)
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Safety Analysis
� Aims at assuring that engineered systems provide acceptable
levels of safety. It consists in identifying risks, their causes and
effects in order to eliminate or mitigate them.
� Qualitative safety analysis: identify possible system failures, their rate of
occurrence and their effects in order to perform corrective actions
� Quantitative safety analysis: evaluate the reliability using statistical techniques
and methods
822/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Traditional Safety Analysis Methods
� Compositional safety analysis
� FMEA: Failure Mode Effects Analysis
� FTA: Fault Tree Analysis
� RBD: Reliability Block Diagram
� Markov Chains
� Petri Nets
� …
� Behavioral safety analysis
� Model checking
� Fault injection simulation
� …
922/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Agenda
� Introduction
� Related Work
� Model-Based Systems Engineering Methodology with SysML
� SysML Semantics Extension
� Safety Profile
� Mechatronics Extended Modeling Profile
� SafeSysE
� FMEA Generation
� FTA generation
� Model Checking
� Conclusion and Future Works
1022/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Related Work
� MBSA:
� Papadopoulos (1999): HiP-HOPS
� Point (2000): AltaRica: guarded transition system
� Bozzano (2003): FSAP/NuSMV-SA
� Etc.
� MBSE-MBSA
� Guillerm R. (2011): safety requirements management and declination.
� Yakymets N. (2012): MBSE and SA
� David P. (2009): MéDISIS
� European Project COMPASS
� Etc.
1122/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Related Work - MéDISIS
P. David 2009
� Automatic generation of
preliminary FMEA based on system
functional behaviors in SysML
� A database of dysfunctional
behaviors is kept updated in order
to rapidly identify failure modes in
different analysis phases
� Construction of dysfunctional
models by mapping SysML models
to AltaRica language in order to
compute reliability indicators
1222/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Related Work – COMPASS for SoS
� Fault Analysis
� Fault Analysis Architectural Framework
� SysML Fault Analysis Profile
� Use of external tool HiP-HOPS for fault
analysis
� Run the analysis from within SysML tool
� Fault Tolerance Verification
� Formal verification of recovery
mechanisms with CML
1322/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Related Work Synthesis
Method System Type Safety Analysis
Techniques
Strong Points Weak Points
MéDISIS - Complex systems - Functional FMEA - Link with AltaRica and
Simulink
- Dysfunctional
data base update
COMPASS +
Hip-Hops
- Systems of Systems - Fault Tree (via Hip-
Hops)
- FMEA (via Hip-Hops)
- Formal verification
- SysML extension
- Run from SysML
- Tool dependent
SafeSysE - Complex systems
- Mechatronic
system
- Functional FMEA
- Component FMEA
- FTA
- Model checking
- SysML-based MBSE
- SysML extension (Safety
Profile and Mechatronic
Extended Modeling)
- Direct generation of
safety artifacts from
SysML model
1422/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Our Approach
� SysML based-MBSE � MBSA
� FMEA, FTA
� Model Checking
15
SafeSysE: Safety Integration in Systems Engineering Process
Integrated SE-SA approach for early safety integration in the design process
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Agenda
� Introduction
� Related Work
� Model-Based Systems Engineering Methodology with SysML
� SysML Semantics Extension
� Safety Profile
� Mechatronics Extended Modeling Profile
� SafeSysE
� FMEA Generation
� FTA generation
� Model Checking
� Conclusion and Future Works
1622/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
MBSE Design Approach with SysML
17
Systems Engineering Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Systems Engineering Process
RequirementsDefinition and
Analysis
FunctionalArchitecture(s)
Definition
LogicalArchitecture(s)
Definition
Physical Architecture(s)
Definition
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
MBSE Design Approach with SysML
18
req [Package] Requirements
«requirement»Initial Requirements & Mission
L-C phase 1
L-C phase 2 L-C phase 3
Lifecycle
L-C phase 1
L-C phase 2 L-C phase 3
T0/
T12/T21/
T23/
Tf/
«requirement»LifeCycle Requirements
«requirement»Exernal Constraints and Interactions
«requirement»External Interfaces
«requirement»Functional Requirements
1 1
11
11
bdd [Package] Context
«block»System
«block»External System 1
Actor1
Actor2
1 1
role1
11
role ex-s
11
role 2
ibd [block] System
«block»
System
Flow1 :
Flow2 :
Flow3 : Flow1 :
Flow2 :
Flow3 :
: ExternalSystem 1
Actor1
Actor2
System
Specification
RequirementsDefinition and
Analysis
Initial
Requirements
System
Actor1
Actor2
UseCase2
UseCase1
UCD Use Case Diagram1
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
MBSE Design Approach with SysML
19
req [Package] Requirements
«requirement»Functional Requirements
«activity»
System sub-function2«activity»
System sub-function1
Functional
Architecture(s)
FunctionalArchitecture(s)
Definition
Functional
Requirements
Functional Breakdown
& Flow transformation
Traceability with requirementsFunctional Hierarchy
bdd [Package] Functional Architecture
«activity»
System Function
«activity»
System sub-function1
«activity»
System sub-function2
I1F12
: System sub-function1
I2
F12
O
: System sub-function2
input1
input2output
System Function
I1F12
: System sub-function1
I1F12
I2
F12
O
: System sub-function2
I2
F12
O
input1
input2output
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
MBSE Design Approach with SysML
20
Logical
Architecture(s)
LogicalArchitecture(s)
Definition
Functional
Architecture
ibd [block] System [Logical Arch]
«block»
System
Flow1 :
Flow2 : Flow3 :
: Comp2 :
:
: Comp1 : :
:
Flow1 :
Flow2 : Flow3 :
: Comp2 :
:
:
:
: Comp1 : :
:
: :
:
1
1
1
1
bdd [Package] Structure
«block»System
«block»
allocatedFromSystem sub-function1
Comp1«block»
allocatedFromSystem sub-function2
Comp2
1
1
1
1
System composition and functional allocation
System internal structure
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Agenda
� Introduction
� Related Work
� Model-Based Systems Engineering Methodology with SysML
� SysML Semantics Extension
� Safety Profile
� Mechatronics Extended Modeling Profile
� SafeSysE
� FMEA Generation
� FTA generation
� Model Checking
� Conclusion and Future Works
2122/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
SafeSysE Process
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
Systems Engineering Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
Initial_RqtsSafety_Rqts «Data Store»
Requirements Diagram,Context BDD, Stm
(operating modes), UseCase Diagram, Sequence
Diagram: Functional Architecture(s)
Definition«Data Store»
Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety Analysis Process
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
Safety_Rqts
: Component Level RiskAssessment
Safety_Rqts
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
� Step 1: Requirements
Definition and Analysis
� Step 2: Functional
Architecture Definition
� Step 3: Functional Risk
Assessment
� Step 4: Logical Architecture(s)
Definition
� Step 5: Component Level Risk
Assessment
� Step 6: Fault Propagation and
Reliability Assessment
SafeSysE Methodology
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse 22
SafeSysE Tool
23
XMI XMI XMI XMI
FileFileFileFile
MagicDraw
TopcasedRational
Rhapsody
SysML Model
SafeSysESafeSysESafeSysESafeSysEToolToolToolTool
Functional/Comp
onent FMEA1
2
1 Input: Activity Diagram, BDD, Allocations
Output: Functional/component FMEA
2 Input: Functional/component FMEA + Old XMI file
Output: New XMI file with updated safety artifacts
SysML Extended Model
Artisan Studio
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
System Model Extension for Safety Analysis
� Safety Profile to enrich SysML
semantics with safety
concepts
� Add safety data into the system
model to be integrated in the
automatically generated artifacts
� Update the system model with
safety analysis results
� Mechatronic Extended
Modeling Profile
� Enable modeling mechatronic
(multi-disciplinary) aspects: multi-
physical flows and connection
components
� Integrate these aspects into safety
analysis
2422/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
SysML Safety Profile
� A failure mode :
� is caused by "CausalFactor "
� generates "ImmediateEffect"
and "SystemEffect"
� implies
"RecommendedAction"
� is detected by
"DetectionMethod"
� …
25
Relationships between the different safety concepts
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
SysML Safety Profile
� Adding new stereotypes to introduce safety relevant concepts:
� Function
� Component
� Failure mode
� Redundant
� …
2622/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
SysML Safety Profile
27
Failure modes added by systems engineer
With available information
Automatically included in the generated FMEA
Both at functional and component
levels
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Mechatronic Extended Modeling Profile
� Connection Block
� Not allocated to functions
� Multi-physical Port
� Different types of components
� Define generic failure modes for
each type of components
28
Contribute to make safety analysis more complete
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Agenda
� Introduction
� Related Work
� Model-Based Systems Engineering Methodology with SysML
� SysML Semantics Extension
� Safety Profile
� Mechatronics Extended Modeling Profile
� SafeSysE
� FMEA Generation
� FTA generation
� Model Checking
� Conclusion and Future Works
2922/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Case Study : Electromechanical Actuator (EMA)
The use of an electromechanical actuator
(EMA) to actuate ailerons (primary flight control):
• Better environmental respect with suppression
of hydraulic power and oil leak risks;
• Weight saving on aircraft;
• Maintenance cost reduction;
• Performance increase and better accuracy due
to electric actuators.
3022/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
SafeSysE Process
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
Systems Engineering Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
Initial_RqtsSafety_Rqts «Data Store»
Requirements Diagram,Context BDD, Stm
(operating modes), UseCase Diagram, Sequence
Diagram: Functional Architecture(s)
Definition«Data Store»
Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety Analysis Process
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
Safety_Rqts
: Component Level RiskAssessment
Safety_Rqts
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
� Step 1: Requirements Definition
and Analysis
� Step 2: Functional Architecture
Definition
� Step 3: Functional Risk
Assessment
� Step 4: Logical Architecture(s)
Definition
� Step 5: Component Level Risk
Assessment
� Step 6: Fault Propagation and
Reliability Assessment
SafeSysE Methodology
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse 31
Functional Architecture Definition
32
ElecPwr
MotorSupplyPowerA_Incidence F_Back_to_CtrlU
PilotInstructions
: Control and Command
MotorSupplyPower
ElecPwrMechPower
A_Incidence
: Actuate Aileron
ElecPwr
PilotInstructions
MechPwr
F_Back_to_CtrlU
ControlAileronIncidence-V1
ElecPwr
MotorSupplyPowerA_Incidence F_Back_to_CtrlU
PilotInstructions
: Control and CommandElecPwr
MotorSupplyPowerA_Incidence F_Back_to_CtrlU
PilotInstructions
MotorSupplyPower
ElecPwrMechPower
A_Incidence
: Actuate AileronMotorSupplyPower
ElecPwrMechPower
A_Incidence
ElecPwr
PilotInstructions
MechPwr
F_Back_to_CtrlU
ModulationRatio
MotorSupplyPowerElecPwr
: Regulate ElectricalEnergy
ModulationRatio A_Incidence
ElecPwr
F_Back_To_CtrlU
PilotInstructions
: Translate Pilot Instructions
ElecPwr
MotorSupplyPower A_Incidence
F_Back_to_CtrlU
PilotInstructionsControl and Command
ModulationRatio
MotorSupplyPowerElecPwr
: Regulate ElectricalEnergy
ModulationRatio
MotorSupplyPowerElecPwr
ModulationRatio A_Incidence
ElecPwr
F_Back_To_CtrlU
PilotInstructions
: Translate Pilot Instructions
ModulationRatio A_Incidence
ElecPwr
F_Back_To_CtrlU
PilotInstructions
ElecPwr
MotorSupplyPower A_Incidence
F_Back_to_CtrlU
PilotInstructions
MechPwr
MotorSupplyPwr
AngPosition
: Transform Electrical/Mechanical Energy
AdaptedMechPwr
MechPwrAileron
: Transmit MechanicalEnergy
AdaptedMechPwr
MechPwr
: Adapt Mechanical Energy
AileronIncidence
AngPosition
ElecPwr
: Measure Incidence
A_Incidence MechPower
MotorSupplyPower
ElecPwr
Actuate Aileron
MechPwr
MotorSupplyPwr
AngPosition
: Transform Electrical/Mechanical Energy
MechPwr
MotorSupplyPwr
AngPosition
AdaptedMechPwr
MechPwrAileron
: Transmit MechanicalEnergy
AdaptedMechPwr
MechPwrAileron
AdaptedMechPwr
MechPwr
: Adapt Mechanical Energy
AdaptedMechPwr
MechPwr
AileronIncidence
AngPosition
ElecPwr
: Measure Incidence
AileronIncidence
AngPosition
ElecPwr
A_Incidence MechPower
MotorSupplyPower
ElecPwr
� Progressive hierarchical
decomposition of system functions
into different levels
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Functional Architecture Definition
33
bdd [Package] Activity[ControlAileronIncidence-V1]
«activity»
ControlAileronIncidence-V1
«activity»
Control and Command
«activity»
Regulate Electrical Energy
«activity»
Translate Pilot Instructions
«activity»
Actuate Aileron
«activity»
Adapt Mechanical Energy
«activity»
Measure Incidence«activity»
Transform Electrical/Mechanical Energy
«activity»
Transmit Mechanical Energy
Functional Tree
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
SafeSysE Process
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
Systems Engineering Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
Initial_RqtsSafety_Rqts «Data Store»
Requirements Diagram,Context BDD, Stm
(operating modes), UseCase Diagram, Sequence
Diagram: Functional Architecture(s)
Definition«Data Store»
Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety Analysis Process
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
Safety_Rqts
: Component Level RiskAssessment
Safety_Rqts
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
� Step 1: Requirements Definition
and Analysis
� Step 2: Functional Architecture
Definition
� Step 3: Functional Risk
Assessment
� Step 4: Logical Architecture(s)
Definition
� Step 5: Component Level Risk
Assessment
� Step 6: Fault Propagation and
Reliability Assessment
SafeSysE Methodology
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse 34
SafeSysE Tool
35
XMI XMI XMI XMI
FileFileFileFile
MagicDraw
TopcasedRational
Rhapsody
SafeSysESafeSysESafeSysESafeSysEToolToolToolTool
Functional/Comp
onent FMEA1
2
1Input: Activity Diagram, BDD, Allocations
Output: Functional/component FMEA
2Input: Functional/component FMEA + Old XMI file
Output: New XMI file with updated safety artifacts
SysML Extended Model
Artisan Studio
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Automatically Generated Functional FMEA
36
� Automatically generated
FMEA including the list of
all leaf functions and for
each function:
� Generic failure
� Input and output flows
� Upstream and
downstream functions
Function Function failure mode Causal factors Immediate EffectsSystem Effects
Recom-mended actions
Severity
Fails to performinput : AngPosition
output : A_Incidenceupstream : Transform Electrical/Mechanical Energy
downstream : Translate Pilot InstructionsPerforms incorrectly
(degraded performance)
input : AngPositionoutput : A_Incidence
upstream : Transform Electrical/Mechanical Energydownstream : Translate Pilot Instructions
Operates inadvertentlyinput : AngPosition
output : A_Incidenceupstream : Transform Electrical/Mechanical Energy
downstream : Translate Pilot Instructions
Operates at incorrect time (early, late)
input : AngPositionoutput : A_Incidence
upstream : Transform Electrical/Mechanical Energydownstream : Translate Pilot Instructions
Unable to stop operation
input : AngPositionoutput : A_Incidence
upstream : Transform Electrical/Mechanical Energydownstream : Translate Pilot Instructions
Receives erroneous data
input : AngPositionoutput : A_Incidence
upstream : Transform Electrical/Mechanical Energydownstream : Translate Pilot Instructions
Sends erroneous datainput : AngPosition
output : A_Incidenceupstream : Transform Electrical/Mechanical Energy
downstream : Translate Pilot Instructions
Fails to perform
input : PilotInstructions, A_Incidence, ElecPwr
output : SupplyPwr, F_Back_to_CtrlU
upstream : Measure Incidencedownstream : Regulate Electrical Energy
Performs incorrectly (degraded
performance)
input : PilotInstructions, A_Incidence, ElecPwr
output : SupplyPwr, F_Back_to_CtrlU
upstream : Measure Incidencedownstream : Regulate Electrical Energy
Operates inadvertently
input : PilotInstructions, A_Incidence, ElecPwr
output : SupplyPwr, F_Back_to_CtrlU
upstream : Measure Incidencedownstream : Regulate Electrical Energy
Operates at incorrect time (early, late)
input : PilotInstructions, A_Incidence, ElecPwr
output : SupplyPwr, F_Back_to_CtrlU
upstream : Measure Incidencedownstream : Regulate Electrical Energy
Unable to stop operation
input : PilotInstructions, A_Incidence, ElecPwr
output : SupplyPwr, F_Back_to_CtrlU
upstream : Measure Incidencedownstream : Regulate Electrical Energy
Receives erroneous data
input : PilotInstructions, A_Incidence, ElecPwr
output : SupplyPwr, F_Back_to_CtrlU
upstream : Measure Incidencedownstream : Regulate Electrical Energy
Sends erroneous data
input : PilotInstructions, A_Incidence, ElecPwr
output : SupplyPwr, F_Back_to_CtrlU
upstream : Measure Incidencedownstream : Regulate Electrical Energy
Mea
sure
Inci
denc
eT
rans
late
Pilo
t Ins
truc
tions
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Extract of Completed Functional FMEA
37
Derived safety requirements
«requirement»
txtThe System shall be able to detect failure
S_DetectFailure
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Modified Functional Architecture
38
diag_data
A_Incidence
PilotInstructions
MotorSupplyPower
F_Back_to_CtrlU
Diag_Measures
ElecPwr
: Control and Command-V2
A_Incidence
diag_data
Diag_Measures
: InternalDiagnosis
MotorSupplyPower
MechPower
A_Incidence
MechAction
Diag_Measures
ElecPwr : Actuate Aileron-V2
ElecPwr
PilotInstructions
MechPwrAileron
F_Back_to_CtrlU
MechActionAile
ControlAileronIncidence -V2
diag_data
A_Incidence
PilotInstructions
MotorSupplyPower
F_Back_to_CtrlU
Diag_Measures
ElecPwr
: Control and Command-V2 diag_data
A_Incidence
PilotInstructions
MotorSupplyPower
F_Back_to_CtrlU
Diag_Measures
ElecPwr
A_Incidence
diag_data
Diag_Measures
: InternalDiagnosis
A_Incidence
diag_data
Diag_Measures
MotorSupplyPower
MechPower
A_Incidence
MechAction
Diag_Measures
ElecPwr : Actuate Aileron-V2MotorSupplyPower
MechPower
A_Incidence
MechAction
Diag_Measures
ElecPwr
ElecPwr
PilotInstructions
MechPwrAileron
F_Back_to_CtrlU
MechActionAile
ModulationRatio
MotorSupplyPower
HighVoltElecPwr
Diag_Measures
: Regulate ElectricalEnergy-V2
diag_data
ModulationRatio
A_Incidence
ElecPwr
F_Back_To_CtrlU PilotInstructions
Diag_Measures
: Translate Pilot Instructions-V2
MotorSupplyPower
A_Incidence
F_Back_to_CtrlU PilotInstructionsdiag_data
ElecPwr
Diag_Measures
Control and Command-V2
ModulationRatio
MotorSupplyPower
HighVoltElecPwr
Diag_Measures
: Regulate ElectricalEnergy-V2
ModulationRatio
MotorSupplyPower
HighVoltElecPwr
Diag_Measures
diag_data
ModulationRatio
A_Incidence
ElecPwr
F_Back_To_CtrlU PilotInstructions
Diag_Measures
: Translate Pilot Instructions-V2
diag_data
ModulationRatio
A_Incidence
ElecPwr
F_Back_To_CtrlU PilotInstructions
Diag_Measures
MotorSupplyPower
A_Incidence
F_Back_to_CtrlU PilotInstructionsdiag_data
ElecPwr
Diag_Measures
MotorSupplyPwr
MechPwrAngPosition Diag_Measures
: Transform Electrical/Mechanical Energy-V2
MechPwr
AdaptedMechPwr
Diag_Measures: Adapt Mechanical
Energy-V2
MechPwrAileron
AdaptedMechPwr
Diag_Measures
: Transmit MechanicalEnergy-V2
AileronIncidence
AngPosition
ElecPwr
Diag_Measures
: Measure Incidence-V2
MechPowerA_Incidence
MotorSupplyPower
ElecPwr
Diag_MeasuresActuate Aileron-V2
MotorSupplyPwr
MechPwrAngPosition Diag_Measures
: Transform Electrical/Mechanical Energy-V2MotorSupplyPwr
MechPwrAngPosition Diag_Measures
MechPwr
AdaptedMechPwr
Diag_Measures: Adapt Mechanical
Energy-V2
MechPwr
AdaptedMechPwr
Diag_Measures
MechPwrAileron
AdaptedMechPwr
Diag_Measures
: Transmit MechanicalEnergy-V2
MechPwrAileron
AdaptedMechPwr
Diag_Measures
AileronIncidence
AngPosition
ElecPwr
Diag_Measures
: Measure Incidence-V2
AileronIncidence
AngPosition
ElecPwr
Diag_Measures
MechPowerA_Incidence
MotorSupplyPower
ElecPwr
Diag_Measures
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Modified Functional Architecture
39
bdd [Package] Activity[ControlAileronIncidence -V2]
«activity»
ControlAileronIncidence -V2
«activity»
Actuate Aileron-V2
«activity»
Control and Command-V2
«activity»
Internal Diagnosis
«activity»
Adapt Mechanical Energy-V2
«activity»
Measure Incidence-V2
«activity»
Transform Electrical/Mechanical Energy-V2
«activity»
Transmit Mechanical Energy-V2
«activity»
Regulate Electrical Energy-V2
«activity»
Translate Pilot Instructions-V2
«requirement»
txtThe System shall be able to detect failure
S_DetectFailure
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
« satisfy »
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
SafeSysE Process
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
Systems Engineering Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
Initial_RqtsSafety_Rqts «Data Store»
Requirements Diagram,Context BDD, Stm
(operating modes), UseCase Diagram, Sequence
Diagram: Functional Architecture(s)
Definition«Data Store»
Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety Analysis Process
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
Safety_Rqts
: Component Level RiskAssessment
Safety_Rqts
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
� Step 1: Requirements Definition
and Analysis
� Step 2: Functional Architecture
Definition
� Step 3: Functional Risk
Assessment
� Step 4: Logical Architecture(s)
Definition
� Step 5: Component Level Risk
Assessment
� Step 6: Fault Propagation and
Reliability Assessment
SafeSysE Methodology
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse 40
Logical Architecture Definition
41
«requirement»
txtThe System shall be able to detect failure
S_DetectFailure
«requirement»S_CurrentMonitoring
«refine»
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
System Logical Components
Mechatronic Extended Modeling
4222/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Connection Components
Multi-physical Flows
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
SafeSysE Process
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
Systems Engineering Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
Initial_RqtsSafety_Rqts «Data Store»
Requirements Diagram,Context BDD, Stm
(operating modes), UseCase Diagram, Sequence
Diagram: Functional Architecture(s)
Definition«Data Store»
Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety Analysis Process
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
Safety_Rqts
: Component Level RiskAssessment
Safety_Rqts
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
� Step 1: Requirements Definition
and Analysis
� Step 2: Functional Architecture
Definition
� Step 3: Functional Risk
Assessment
� Step 4: Logical Architecture(s)
Definition
� Step 5: Component Level Risk
Assessment
� Step 6: Fault Propagation and
Reliability Assessment
SafeSysE Methodology
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse 43
FMEA Generated from Extended Modeling
44
Connection
components
Multi-physical flows
in causal factors
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Design changes in accordance to FMEA results
Alternative Fault Tolerant Solutions
4522/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
SafeSysE Process
Systems Engineering Process Safety Analysis Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
«Data Store»Requirements Diagram,
Context BDD, Stm(operating modes), Use
Case Diagram, SequenceDiagram
: Functional Architecture(s)Definition
«Data Store»Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
: Component Level RiskAssessment
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
Systems Engineering Process
Initial_RqtsSafety_Rqts
: Requirements Definitionand Analysis
Initial_RqtsSafety_Rqts «Data Store»
Requirements Diagram,Context BDD, Stm
(operating modes), UseCase Diagram, Sequence
Diagram: Functional Architecture(s)
Definition«Data Store»
Activity Digrams, BDD(Functional hierarchy),Requirements update
: Logical Architecture(s)Definition
«Data Store»BDD logical composition,IBD logical architecture,
Allocation
: Physical Architecture(s)Definition
Safety Analysis Process
Safety_Rqts
: Functional RiskAssessment
Safety_Rqts
Safety_Rqts
: Component Level RiskAssessment
Safety_Rqts
«Data Store»Functional FMEA,
derived safetyrequirements
«Data Store»Preliminary
Component FMEA
: Fault Propagation andreliability assessment
«Data Store»Fault Tree
� Step 1: Requirements Definition
and Analysis
� Step 2: Functional Architecture
Definition
� Step 3: Functional Risk
Assessment
� Step 4: Logical Architecture(s)
Definition
� Step 5: Component Level Risk
Assessment
� Step 6: Fault Propagation and
Reliability Assessment
SafeSysE Methodology
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse 46
SafeSysE Tool: Fault Tree Generation
47
XMI XMI XMI XMI
FileFileFileFile
MagicDraw
TopcasedRational
Rhapsody
SafeSysESafeSysESafeSysESafeSysEToolToolToolTool
Functional/Comp
onent FMEA
Fault Tree
1
2
3
1Input: Activity Diagram, BDD, Allocations
Output: Functional/component FMEA
2Input: Functional/component FMEA + Old XMI file
Output: New XMI file with updated safety artifacts
3Input: IBD
Output: Fault Tree Image or Open PSA Model exchange Format
SysML Extended Model
Artisan Studio
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Fault Tree Generation
� M2M transformation
� Graph traversal
� Pattern identification
� Entry
� Redundant
� Feed back
� Exit
� Automatic generation of partial
fault tree for each pattern
4822/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Fault Tree Generation
� Exit Pattern : a part with at least
one output port sending item
flow out of the system under
study.
� For each output, build a partial fault
tree
4922/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Fault Tree Generation
� Feedback pattern : when we
encounter a node that has already
been visited, then we have a loop
or a feedback.
5022/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Fault Tree Generation
� Redundant pattern : part in an IBD
receives item flows coming from
redundant blocks that carry out the
same system function.
5122/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Fault Tree Generation
� Entry Pattern : part with at least
one input port receiving item flow
from outside the system under
study
5222/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Generic (Topological) Fault Tree
5322/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Relevant Components Failure Modes Extraction
Automatic extraction of the
relevant failure modes
(leading to the undesired
event "Aileron locked") from
the component FMEA
5422/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Specific Fault Tree
� Automatic generation of the specific fault tree
5522/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
SafeSysE Tool: Fault Tree Generation
56
XMI XMI XMI XMI
FileFileFileFile
MagicDraw
TopcasedRational
Rhapsody
SafeSysESafeSysESafeSysESafeSysEToolToolToolTool
Functional/Comp
onent FMEA
Fault Tree
1
2
3
1Input: Activity Diagram, BDD, Allocations
Output: Functional/component FMEA
2Input: Functional/component FMEA + Old XMI file
Output: New XMI file with updated safety artifacts
3Input: IBD
Output: Fault Tree Image or Open PSA Model exchange Format
SysML Extended Model
Artisan Studio
22/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
NuSMV
Program
4
4Input: State Machine + IBD
Output: NuSMV Program
Behavioral Safety Analysis
� Modeling
� System abstraction
� Specification
� Requirements expressed in temporal logic
(first order logic with temporal operators).
� Verification
� Exhaustive enumeration of all reachable
states
5722/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Case Study : Wheel Brake System (WBS)
5822/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
SysML to NuSMV Mapping
� M2T transformation
� One module in the NuSMV program for each component in the system IBD
5922/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
SysML to NuSMV Mapping
� Main Module and specifications
6022/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Agenda
� Introduction
� Related Work
� Model-Based Systems Engineering Methodology with SysML
� SysML Semantics Extension
� Safety Profile
� Mechatronics Extended Modeling Profile
� SafeSysE
� FMEA Generation
� FTA generation
� Model Checking
� Conclusion and Future Works
6122/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Conclusion & Future Works
� Safey analysis integration within an MBSE process since early design phases
� Reduce error proneness and development time of safety analyses
� Avoid late and very costly design changes
� Improve consistency between SE and SA
� SysML extension
� Safety profile
� Mechatronics Extended Modeling Profile
� Compositional and behavioral safety analysis
6222/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Conclusion & Future Works
� Validate & Enhance SafeSysE
� Consider different types of case studies
� Define more links between SE/SA models (operating phases, use cases, etc)
� Scalability proof
� Solve some technical bugs
� Extend with other safety related aspects
� More focus on software
� Human factors
6322/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
Thank you for your attention.
6422/01/2015PhD Dissertation by: Faïda MHENNI - ONERA - Toulouse
