Enhancing the RAMSAS method for Systems Reliability Analysis through Modelica

Size: px

Start display at page:

Download "Enhancing the RAMSAS method for Systems Reliability Analysis through Modelica"

Ralf Quinn
5 years ago
Views:

1 7th MODPROD Workshop on Model-Based Product Development February 05-06, 2013 Linköping University, Sweden Enhancing the RAMSAS method for Systems Reliability Analysis through Modelica Alfredo Garro and Andrea Tundis Systems Engineering and Integration (SEI) Research Group Department of Computer Engineering, Modeling, Electronics, and Systems Science (DIMES) ITALY

2 Outline PART I Introduction to the RAMSAS Method (Alfredo Garro) System Reliability Analysis RAMSAS: A Model-Based method for System Reliability Analysis Exploiting RAMSAS for the Reliability Analysis of an Attitude Determination and Control System (ADCS) live DEMO PART II From RAMSAS to RAMSAS4Modelica (Andrea Tundis) From SysML to ModelicaML & From Simulink to OpenModelica Supporting Model Verification through Modelica Extensions Conclusions and future works 2

3 PART I Introduction to the RAMSAS Method (Alfredo Garro) 3

4 System Dependability and RAMS Analysis Dependability: the collective term used to describe the availability performance and its influencing factors: reliability performance, maintainability performance and maintenance support performance (IEC - International Electrotechnical Commission) RAMS (Reliability, Availability, Maintainability and Safety): the engineering discipline which aims at providing an integrated and methodological approach to deal with system dependability 4

5 System Dependability and RAMS Analysis Quantitative Analysis Qualitative Analysis Suitable for Software Intensive Systems Series-Parallel x - - (RBD) Markov Chains x - - FMEA/FMECA - x x (S-FMEA/S-FMECA) FTA - x x (S-FTA) HAZOP - x x HSIA - x x SCCFA - x x PSH - x x 5

6 Reliability Analysis: from LRUs (Lowest Replaceable Unit) to SoS (System of Systems) System of Systems (SoS) complexity large-scale system system equipment LRU/component 6

7 RAMSAS: A Model-Based method for System Reliability Analysis through Simulation The RAMSAS method is centered on a classical iterative process which consists of four main phases. 7

8 When and where to exploit our method in a typical System Development Process The proposed method is not intended to be an alternative to other RAMS techniques (FMECA, FTA, RDB, etc.) but rather a complement able to provide additional analysis capabilities 8

9 RAMSAS: A Model-Based method for System Reliability Analysis 9

10 Exploiting the RAMSAS method for System Reliability Analysis RAMSAS has been experimented: In the satellite domain for the reliability analysis of an Attitude Determination and Control System [1]; in the avionics domain for the reliability analysis of: a Landing Gear System [4]; a Flight Management System [3]; in the automotive domain for the reliability analysis of an Anti-lock Brake System (ABS) [2]; [1] A. Garro, A. Tundis, J. Groß, and M. Riestenpatt Gen. Richter, Experimenting the RAMSAS method in the reliability analysis of an Attitude Determination and Control System (ADCS), in Proc. of the Int. Workshop on Applied Modeling and Simulation (WAMS), jointly held with the NATO CAX FORUM, Rome, Italy, September [2] A. Garro and A. Tundis, Enhancing the RAMSAS method for System Reliability Analysis: an exploitation in the automotive domain, Proc. of the 2nd Int. Conf. on Simulation and Modeling Methodologies, Technologies and Applications (SIMULTECH), Rome (Italy), July [3] A. Garro and A. Tundis, A Model-Based method for System Reliability Analysis, Proc. of the Symposium On Theory of Modeling and Simulation (TMS) at SpringSim 2012, Orlando, FL (USA), March [4] A. Garro, A. Tundis, and N. Chirillo, System reliability analysis: a Model-Based approach and a case study in the avionics industry, Proc. of the 3rd Air and Space International Conference (CEAS), Venice (Italy), October

11 The reference experiment: Reliability Analysis of an Attitude Determination and Control System of a Satellite FireSat mission: to detect, analyze and monitor forest fires; The satellite is orbiting the earth at an altitude of ~700 km over ground, which is called a low-earth orbit (LEO); Resulting from its altitude, the satellite has to turn with a constant angular velocity once it is aligned to nadir pointing. 11

12 RAMSAS: The System Modeling phase In the System Modeling phase the structure and both the intended and dysfunctional behavior of the System under consideration are modeled by using a SysML based notation. 12

13 RAMSAS: The System Modeling phase System Structure Modeling In this phase the System is decomposed in component entities by applying in-out zooming mechanisms. Behavior Modeling Structure Modeling 13

14 RAMSAS: The System Modeling phase System Structure Modeling 14

15 RAMSAS: The System Modeling phase System Structure Modeling 15

16 RAMSAS: The System Modeling phase Intended Behavior Modeling An example of behavioral modeling: the specification of a task of the ThrustersControl, a key component of the Actuators subsystem of an ADCS: 16

17 RAMSAS: The System Modeling phase Intended Behavior Modeling An example of behavioral modeling: the specification of a task of the ComputeBodyForces, a key component of the Actuators subsystem of an ADCS: 17

18 RAMSAS: The System Modeling phase Intended Behavior Modeling An example of behavioral modeling: the specification of the intended behavior of the Actuators subsystem of an ADCS: 18

19 RAMSAS: The System Modeling phase Intended Behavior Modeling The modeling of the intended behavior can be straightforward if during the system design similar structural and behavioral reference models have been adopted along with a UML based modeling notation 19

20 RAMSAS: The System Modeling phase Dysfunctional Behavior Modeling In the Dysfunctional Behavior Modeling activity, the focus is on the modeling of faults (a defect in a block) and failures (an observable deviation from the intended behavior at the system boundary) 20

21 RAMSAS: The System Modeling phase Dysfunctional Behavior Modeling A basic dysfunctional pattern is associated to a couple (dysfunctional task type; fault/failure type) Six templates of dysfunctional tasks have been individuated: dtt1. Fault Generation, dtt2. Failure Generation, dtt3. Failure Management, dtt4. Fault Management dtt5. Failure Propagation dtt6. Failure Transformation Five fault/failure types have been individuated: fft1. reaction too late; fft2. reaction too early; fft3. value failure; fft4. commission; fft5. omission. By combining the individuated six dysfunctional task types with these five fault/failure types, thirty different basic SysML-based fault/failure behavioral patterns have been individuated 21

22 RAMSAS: The System Modeling phase Dysfunctional Behavior Modeling An example of dysfuctional behavioral modeling: the specification of the dysfunctional behavior of the FlightSoftware Subsystem of the ADCS: 22

23 RAMSAS: The System Modeling phase Behavior Integration intended behaviors + dysfunctional behaviors an overall behavioral model of the system and its component entities This activity closes the System Modeling phase by delivering the System Model for Reliability Analysis (SMRA) work-product 23

24 RAMSAS: The System Modeling phase Behavior Integration Behavior Integration for the FlighSoftware subsystem 24

25 RAMSAS: The System Simulation phase The objective of the System Simulation phase is to evaluate through simulation the reliability performance of the system and, possibly, compare different design alternatives and parameters settings 25

26 RAMSAS: The System Simulation phase 26

27 RAMSAS: a brief live DEMO DEMO 27

28 PART II From RAMSAS to RAMSAS4Modelica (Andrea Tundis) 28

29 Integrating Modeling and Simulation in a Modelica based framework 29

30 System Modeling phase: From SysML to ModelicaML 30

31 RAMSAS: The System Modeling phase Andrea Tundis-PELAB (U. of Linköping) & SEI Research Group (U. of Calabria) 31

32 System Modeling: From SysML to ModelicaML System Structure Modeling activity Entity From SysML To ModelicaML System/Subsyste m/ Equipment/Compon ent and structural relationships Block, Part Block Definition diagram Internal Block diagram Connection FlowPort, Interface ModelicaClass, ModelicaFunction, ModelicaModel, ModelicaBlock, ModelicaRecord Modelica Class diagram Modelica Internal Class Diagram ModelicaConnector 32

33 Using the Modelica Internal Class Diagram 33

34 RAMSAS: The System Modeling phase 34

35 Modeling: From SysML to ModelicaML Intended Behavior Modeling activity GOAL: to represent physical equation-based systems. From a Task-based behavior to an Equation-based behavior. Equation Diagram; Sequence Diagram to represent interactions among physical components with a different semantic of message passing; Activity Diagram to represent algorithms or actions; Statechart. Entity From SysML To ModelicaML Behavior/Constraint Activity Diagram, Sequence Diagram Parametric Diagram Statechart Activity Diagram, Sequence Diagram, Equation Diagram Statechart 35

36 Using Activity and Statechart diagrams... 36

37 RAMSAS: The System Modeling phase 37

38 Supporting Verification Modeling Lack COTS, libraries or functions for faults and failures analysis Necessary extensions assertion : a system property to validate the Physical Model fulfill : express the relationships between Physical Component and Assertion and among Assertions 38

39 Supporting Verification Modeling An example of scenario 39

40 Supporting Verification Modeling Modelica OpenModelica ModelicaML assertion* fulfill* Assertion component Fulfill relationship ModelicaAssertion ModelicaFulfill connect Connect relationship ModelicaConnect *prototype extensions 40

41 System Modeling phase Modeling scenarios activity ModelicaML introduces a new diagram type, called Simulation Diagram, used for simulation modeling. The Simulation Diagram can be used to: to define different scenarios; to set parameters for each scenario and select the variable to be verified; to store simulation experiments and their results. 41

42 Activity System Structure Modeling Matching tables RAMSAS4Modelica System Modeling phase ModelicaML ModelicaClass, ModelicaFunction, ModelicaModel,ModelicaBlock, ModelicaRecord Modelica Class diagram Activity Intended Behavior Modeling ModelicaML Activity Diagram, Sequence Diagram, Statechart Diagram Equation Diagram Modelica Internal Class Diagram Connection ModelicaConnector Activity Dysfunctional Behavioral Modeling & Model checking Validation & Verification ModelicaML ModelicaAssertion* ModelicaFulfill* ModelicaConnect *Extensions Proposal 42

43 Simulation: From Simulink to OpenModelica Andrea Tundis-PELAB (U. of Linköping) & SEI Research Group (U. of Calabria) 43

44 Simulation: From Simulink to OpenModelica System Simulation phase: tools The RAMSAS Method: Simulink: a Commercial block diagram environment for multi-domain simulation and Model-Based Design. The RAMSAS4Modelica method: OpenModelica: It is an Open-Source Modelica-based modeling and simulation environment intended for industrial and academic usage. Its long-term development is supported by a non-profit organization the Open Source Modelica Consortium (OSMC). 44

45 Simulation: From Simulink to OpenModelica System Simulation phase Model Transformation activity Many gaps to transform SysML models into Simulink models Good news!!! Direct transformation from ModelicaML models to OpenModelica No Gaps 45

46 Simulation: From Simulink to OpenModelica System Simulation phase Parameters Setting activity We can set the parameters for each scenario (Simulation diagrams) defined in the System Modeling phase to configure them before simulation. 46

47 Simulation: From Simulink to OpenModelica System Simulation phase Simulation Execution activity The simulation is performed using OpenModelica. The status of the Assertions can be used to determine: Which assertion has/hasn t been satisfied; When an assertion has/hasn t been satisfied; How many times an assertion hasn t been satisfied;.. 47

48 Results Assessment phase Analysis of Results The information about WHEN, WHICH and HOW MANY TIMES... an assertion has/hasn t been satisfied... can be used to generate and evaluate the Reliability/Safety performance of the system (e.g. the Mean Time To Failure) currently by an external tool. 48

49 RAMSAS4Modelica: Conclusions and Contribution: Future perspectives 1. All steps of the method involve the use of a common language: Modelica; 2. The Modeling phase is performed by ModelicaML; 3. The Simulation phase is based on the OpenModelica; 4. The transformation between the design model and the simulation model is direct and without gaps; 5. New concepts, assertion and fulfill, have been introduced for supporting model verification. Ongoing and future works: 6. Implementation of Modelica extensions for model verification and modeling dysfunctional behavior; 7. Enable the Results Assessment phase in OpenModelica. 49

50 Acknowledgments Peter Fritzson, Lena Rogovchenko-Buffoni (PELAB, Linköping University) Johannes Groß, Marius Riestenpatt gen. Richter (Institute for Statics and Dynamics of Aerospace Structures University of Stuttgart) Henry Broodney, Michael Masin (IBM Haifa Research Center) Daniele Gianni (ESA-ESTEC) The Simulation Team ( Gabriele Luceri, Nicola Chirillo (Z-Lab Engineering) 50

51 Thank you! Any Questions? 51

EXPRESSING REQUIREMENTS IN MODELICA

EXPRESSING REQUIREMENTS IN MODELICA Lena Buffoni and Peter Fritzson Linköping University SE-581 83 Linköping Sweden ABSTRACT As cyber-physical systems grow increasingly complex, the need for methodologies