a model-based method for system reliability analysis
Post on 20-Jan-2015
663 Views
Preview:
DESCRIPTION
TRANSCRIPT
2nd International Workshop on
Model-driven Approaches for Simulation Engineering
held within the
SCS/IEEE Symposium on Theory of Modeling and Simulation
part of SpringSim 2012, March 26-29, 2012, Orlando, FL (USA)
A Model-Based Method for System Reliability Analysis
Alfredo Garro, Andrea Tundis{garro, atundis}@deis.unical.it
Department of Electronics, Computer and System Sciences (D.E.I.S.)University of Calabria – ITALY
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 2
� Introduction and Proposal
� A Model-Based method for System Reliability Analysis
� Exploiting the proposed approach: Reliability Analysis of a Flight Management System (FMS)
� Conclusions and future works
Outline
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 3
Aim of the proposal
� Define a model-based approach for the Reliability Analysis of systems which � combines in a unified framework the benefits of
popular OMG modeling languages (UML, SysML) with wide adopted simulation and analysis environments (Mathworks Matlab, Simulink)
� can be easily integrated into modern System Engineering methodologies
� Why another approach for reliability analysis?
� What is the relationship between the proposed approach and the already available reliability analysis techniques?
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 4
System Dependability and RAMS Analysis
� Dependability : “ the collective term used to describe the availability performance and its influencing factors: reliability performance, maintainability performance and maintenance support performance” (IEC - International Electrotechnical Commission)
� RAMS (Reliability, Availability, Maintainability and Safety): the engineering discipline which aims at providing an integrated and methodological approach to deal with system dependability
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 5
System Dependability and RAMS Analysis
� The main objective od RAMS analyses is to identify causes and consequences of system failures
� RAMS analyses are typically carried out using a layered approach and through both quantitative and qualitative analysis techniques as:� series-parallel system reliability analysis � Markov Chain models� FMECA (Failure Modes Effects and Critical Analysis)� FTA (Fault Tree Analysis)� ….
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 6
System Dependability and RAMS Analysis
Quantitative Analysis
Qualitative Analysis
Suitable for Software Intensive Systems
Series-Parallel (RBD)
x - -
Markov Chains x - -
FMEA/FMECA - x x(S-FMEA/S-FMECA)
FTA - x x(S-FTA)
HAZOP - x xHSIA - x x
SCCFA - x xPSH - x x
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 7
Limitations of the traditional approach and new perspectives
� The increase in both system complexity and accuracy required in the reliability analysis often makes inadequate the above mentioned techniques which are mainly based on:� statistical and probabilistic tools;� a hierarchical decomposition of the system in terms of
its components
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 8
Limitations of the traditional approach and new perspectives
there is a strong demand for new, more powerful and flexibleanalysis tools and techniques …
centered on model-based approaches so to benefit from the available modeling practices and …
which should incorporate the use of simulation to flexibly evaluate the system reliability indicesand compare different design choices
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 9
Reliability and other non-functional requirements… a brief reflection
� great attention has been devoted to functional requirements analysis and traceability BUT
� there is still a lack of methods which specifically address these issues for non-functional requirement s� the analysis concerning if and how non-functional
requirements are met by the system under development is not typically executed contextually to the design o f the system but still postponed to the last stages of th e development process (e.g. system verification)
� a high risk of having to revise even basic design choices and with a consequent increase in both completion time and development cost
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 10
Limitations of the traditional approach and new perspectives
� Despite a general consensus on the advantages that could derive from the exploitation of model-based approaches for system reliability analysis
� … the use of these techniques has been traditionally unusual and has not been recommended by international standards until recently (see IEC 61508, 2010)
This delay in the adoption is mainly due to the lack of methods able to integrate available modeling languag es,
tools and techniques in a consistent modeling frame work .
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 11
Our Proposal
A Model-Based approach for System Reliability Analy sis:� centered on a popular UML-based language for system
modeling (SysML)� exploiting a de facto standard platform for the simulation of
multi-domain dynamic and embedded systems (MathworksSimulink)
� fully specified as a method (in terms of phases, input and output workproducts, etc.) and thus “pluggable” in a complete System Development Process (e.g. based on a V-Model)
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 12
Our ProposalRAMSAS: A Model-Based method for
System Reliability Analysis
The RAMSAS method is centered on a classical iterative process which consists of four main phases: � Reliability Requirements Analysis� System Modeling� System Simulation� Results Assessment
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 13
When and where to exploit our method in a typical System Development Process
� According to Method Engineering, the proposed method can be integrated in various phases of a typical System Development Process, e.g. in a V-Cycle process:
� In the verification phase to support the evaluation of system reliability
� In the design phases to support the valuation and evaluation of configuration scenarios and settings of system parameters so to guide and suggest design choices
The proposed method is not intended to be an alternative to other RAMS techniques (FMECA, FTA, RDB, etc.) but rather
a complement able to provide additional analysis capabilities
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 14
RAMSAS: The Reliability Requirements Analysis phase
� In the Reliability Requirements Analysis phase, the objectives of the system reliability analysis are specified.
� INPUT work-products: System Design, System Requirements (functional and non-functional)
� OUTPUT work-products: Reliability Analysis Objectives � The functions that the system has to perform, the related
operative conditions , and the reference time horizons must be clearly individuate along with the main systemfailures and their local and global effects
� The reliability functions and indicators , to be derived from the analysis of the simulation results, must be identified along with the main analysis techniques to be applied to the data gathered from simulation
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 15
RAMSAS: The System Modeling phase
� In the System Modeling phase the structure and behavior of the System are modeled by using a SysMLbased notation.
� In this phase the System is decomposed in component entities by applying in-out zooming mechanisms.
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 16
RAMSAS: The System Modeling phase
� Each component entity is modeled as a SysML Block:� Block structure is defined by both a SysML
Block Definition Diagram (BDD) and an Internal Block Diagram (IBD)
� Block behavior is defined by SysML Activity, Sequence, State Machine, and Parametric Diagrams
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 17
RAMSAS: The System Modeling phase
� Block Structure :� the BDD describes the Block with its port
interfaces , internal attributes , operations , constraints , parts and relationships with other blocks
� the IBD provides a description of the Blockinternal structure , the organization of its component blocks, the type of composition and the topology of internal communication
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 18
RAMSAS: The System Modeling phase
� Block Behavior :� specified trough a set of Tasks whose
execution is characterized by pre and postconditions and can be periodically scheduledor triggered by events
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 19
RAMSAS: The System Modeling phase
� Block Behavior :Each Task is modeled using different types of SysMLDiagrams: (i) an Activity Diagram which allows modeling the Task as a flow of actions; (ii) a set of Sequence Diagrams which allows modeling specific scenarios, each of which corresponds to a given sequence of actions in the Activity Diagram of the Task
� special T asks, which model the onset, propagation and management of Block failures, are also introduced
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 20
RAMSAS: The System Modeling phase
� Block Behavior :For each Block a State Machine Diagram can be derived by combining the Activity and Sequence Diagrams associated with the Tasks in which the Block is involved so to obtain a state-based representation of the Behavior of the Block
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 21
RAMSAS: The System Modeling phase
SysML Parametric Diagrams are also introduced for supporting specific analysis…
…by defining constraint blocks which express mathematical equations and their parameters that may correspond to block properties
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 22
RAMSAS: The System Simulation phase
� In the System Simulation phase, the previously obtained Models of the System are represented in terms of the constructs offered by Mathworks Simulink
� The model transformation is enabled by IBM Rational Rhapsody
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 23
RAMSAS: The System Simulation phase
� Transformation between models is based on a mapping between the basic SysML and Simulink constructs :
Moreover, the Mealy Machines which model the behavior of a Simulink Block is obtained by the corresponding SysML Behavioral Diagrams
Entity SysML SimulinkSystem/Subsystem/
Equipment/ComponentBlock, Part Block, Subsystem
BlockBehavior/Constraint Activity diagram,
Sequence diagram, Parametric diagram
S-Function, State Flow diagram
Input/Output Interface Flow Port Input/Output Simulink Block
Association/Binding Connection Line
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 24
RAMSAS: The System Simulation phase
� The resulting Simulink System is a network of blocks which is executed according to a synchronous reactive model of computation : � at each step, Simulink computes, for each
block, the set of outputs as a function of the current inputs and the block state, then it updates the block state
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 25
RAMSAS: The Results Assessment phase
� In the Results Assessment phase, the data gathered from the simulations are analyzed with reference to the objectives of the reliability analysis identified i n the initial phase of the process:� directly in Simulink� by using useful add-on like SIMLOG� by external analysis tools
� As for any iterative process, new (partial or complete) iterations can be executed for achieving new or mis sed analysis objectives
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 26
Exploiting the RAMSAS methodfor System Reliability Analysis
� Reliability analysis of a Flight Management System (FMS)� Integrated Modular Avionics (IMA):the high level of integration of an IMA makes its reliability analysis a challenging task due to the difficulty in identifying the occurrences and propagation of faults and then the consequent system failures
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 27
The Reliability Requirements Analysis phase
� a qualitative analysis of the System reliability requires accurately identifying the weaknesses of the system, its critical components, how they can break down, the way in which faults propagate and the impacts of each failure on the entire system
� moving from qualitative to quantitative reliability evaluations , the Reliability Function of the System should be evaluated along with main reliability indices (e.g. Mission Capable Rate (MCR) = (MTTCF+MTTR)/(MTTCF+2MTTR))
� By combining qualitative and quantitative results, a clear picture of the reliability performances of the system can be obtained and alternative design solutions to effectively address the design and maintenance of the system can be compared
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 28
The System Modeling phase
� The system is decomposed according to the following four-stage hierarchy: system, subsystems, equipment, and components
� By applying the well-known zooming-in mechanisms, the internal structure of each subsystem is represented in details by an IBD which shows its constituting equipment;
� in turn, each equipment is further specified in terms of its components by a related IDB diagram
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 29
The System Modeling phase
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 30
The System Modeling phase
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 31
The System Modeling phase
� Beside the System structure, the behavior of the System is also specified following the same layered approach but in a bottom-up fashion : from the component level to the equipment, subsystem, and system level…
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 32
The System Modeling phase
� An example of behavioral modeling: the specification of the behavior of the Inertial Reference Unit , a key component of the IRS equipment
Tasks of the of the Inertial Reference Unit compone ntTask Pre conditions Post conditions Execution
Schedule
Alignment Operation Mode and Initial Position values
available
Component state changed
Triggered
Attitude Calculation
flight status and parameters
Attitude parameters calculated
Triggered
… … … …Failure
ManagementComponent failure Safety state reached Triggered
Fault Generation
Component is working
(Possible) fault generation
Periodical
Fault Evaluation
Fault generated (Possible) component failure
Triggered
Failure Propagation
Component failure (Possible) failure propagation
Triggered
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 33
The System Simulation phase
� The System Simulation is a semi-automatic process that starts by transforming the SysML diagrams into Simulink models
� After obtaining the Simulation Model, the setting of the simulation parameters are performed according to the analysis objectives, then simulation are executed and data gathered for the analysis phase
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 34
The System Simulation phase
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 35
The Results Assessment phase
� Several simulations have been executed for analyzing the behavior of the System in different scenarios and evaluating its reliability functions and indicators
� Usually, an analytic definition of these reliability characteristics is very difficult due to the complexity of the System in terms both of its structure and behavior.
� The scalability and flexibility of the proposed modeling and simulation approach allowed the evaluation of the main reliability functions and indices in an inductive fashion as well as the observation of macro-level phenomena which are hardly captured by classical analytical/deductive models
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 36
The Results Assessment phase
� The analysis of the simulation data provided useful indications which allowed obtaining a more descriptive and predictive reliability system model and suggested some design choices which could improve the system reliability indicators
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 37
The Results Assessment phase
� As an example, the analysis of the simulation data of different and extreme operative scenarios have shown that the MCR of the considered System significantly varies (from 63,9% to 75,6% in the carried out experiments) on the basis not only of the system organization and behavior but also of its configuration and parameter settings
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 38
Conclusions and Future Work
� The proposed a model-based method for the Reliability Analysis of systems combines in a unified framework the strengths of:� powerful visual languages (as OMG SysML), suitable
to flexibly model the architectural and behavioral aspects of complex, dynamics, and heterogeneous systems
� mature and popular tools (as Mathworks Simulink), suitable for the simulation and analysis of multi-domain systems
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 39
Conclusions and Future Work
� The proposed method is not intended to be an alternative to other RAMS techniques (FMECA, FTA, RDB, etc.) but rather a complementable to provide additional analysis capabilities
� The method can be integrated in various phases of a typical System Development Process (e.g. in the Verification and/or Design phases of a V-Cycle)
� This allows supporting the satisfaction and traceability of an important non-functional requirement, such as relia bility, in the early stages of a development process with considerable time and cost reductions respect to more traditional reliability analyses techniques which are often carried on in the last stages of the development with the risk of having to revise even basic design choices.
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 40
Conclusions and Future Work
The concrete exploitation of the proposed has allowed appreciating:� its flexibility and scalability in complex
system modeling � its effectiveness in valuating and evaluating
through simulation the system reliability performances
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 41
Conclusions and Future Work
Ongoing research efforts are devoted to:� enrich and improve RAMSAS � extensively experiment RAMSAS in the analysis
of mission-critical systems in different application domains
� integrate RAMSAS in the IBM Rational Harmony for Systems Engineering process
� support other environments for carrying out the Simulation Phase (e.g. OpenModelica)
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 42
Acknowledgments
� IBM Haifa Research Center (Henry Broodney, Michael Masin)
� ESA-ESTEC (Daniele Gianni)
� Z-Lab Engineering (Gabriele Luceri, Nicola Chirillo)
Mod4Sim'12 - Alfredo Garro - DEIS - University of Calabria 43
garro@deis.unical.it
Thank you
top related