Model synchronization: a formal framework for the management of heterogeneous models

International audienceIn this article, we present the conceptual foundations and implementation principles of model synchronization, a formal framework for the management of heterogeneous models. The proposed approach relies on S2ML (System Structure Modeling Language) as a pivot language. We show, by means of a case study, that model synchronization can be used to ensure the consistency between system architecture models designed with Capella and safety models written in AltaRica 3.0

Handling consistency between safety and system models

Safety analyses are of paramount importance for the development of embedded systems. In order to perform these analyses, safety engineers use different modeling techniques, such as, for instance, Fault Trees or Reliability Block Diagrams. One of the industrial development process challenges today is to ensure the consistency between safety models and system architectures. Model Based Safety Analysis (MBSA) is one of the newest modeling methods, which promises to ease the exchange of information between safety engineers and system designers. The aim of this article is to discuss an approach to manage the consistency between MBSA models and system architectures.NOur study is based on the experimentation of the co-design of an RPAS (Remotely Piloted Aircraft System) involving system design and safety teams during the early conception phases of an industrial development process. We simulate the process of exchange between the system design and the safety assessment with the constraint of creating safety models close to system architecture. We identify significant exchange points between these two activities. We also discuss the encountered problems and perspectives on the possibility to ensure the consistency between safety and system models

Performing Safety Analyses with AADL and AltaRica

AADL and AltaRica languages can be used to support the safety assessments of system architectures. These languages were defined with different concerns and this paper aims at presenting their principles and how they can be related. A translator from AADL to AltaRica is proposed and its prototype is applied to a simplified flight control system of a UAV. The resulting AltaRica model has been analyzed with the AltaRica safety tools and the experimental results are discussed

AltaRica 3.0 : une appoche orientée modèles pour la Sûreté de Fonctionnement

The Model-Based approach for safety and reliability analysis is gradually wining the trust of engineers but is still an active domain of research. Safety engineers master "traditional'' risk modeling formalisms, such as Fault Trees and Event Trees. Efficient algorithms and tools are available.However, despite of their qualities, these formalisms share a major drawback: models are far from the specifications of the systems under study. As a consequence, models are hard to design and to maintain throughout the life cycle of systems. A small change in the specifications may require a complete revisiting of the safety models, which is both resource consuming and error prone. The high level modeling language AltaRica Data-Flow has been created to tackle this problem. AltaRica Data-Flow models are made of hierarchies of reusable components. Graphical representations are associated with components, making models visually very close to Process and Instrumentation Diagrams. AltaRica Data-Flow is at the core of several Integrated Modeling and Simulation Environments used in industry.AltaRica 3.0 is an entirely new version of the language. It improves AltaRica Data-Flow into two directions: its semantics is based on the new underlying mathematical model, Guarded Transition Systems (GTS), which makes it possible to handle systems with instant loops and to define acausal components, i.e. components for which the input and output flows are decided at run time; it provides new constructs to structure models, coming from prototype-oriented modeling languages. The thesis includes a formal part describing in detail the new structural constructs and the semantics of the language, an algorithmic part explaining the compilation of AltaRica 3.0 models into Fault Trees and an implementation of the algorithms in a prototype.La sûreté de fonctionnement des systèmes est un domaine en plein essor. Les ingénieurs fiabilistes ont mis au point diverses méthodes d’analyse du risque qui sont aujourd’hui bien maîtrisées: les Arbres de Défaillance ou les Arbres d’Evénements. Des algorithmes efficaces et des outils performants sont disponibles pour évaluer les modèles.Ces formalismes ont cependant comme inconvénient majeur d’être éloignés des descriptions fonctionnelles des systèmes. Il en résulte un décalage, toujours dangereux, entre les spécifications techniques du système étudié et les modèles utilisés par les fiabilistes. Maintenir ces derniers tout au long du cycle de vie des produits est donc une tâche difficile, coûteuse et susceptible de comporter des erreurs.Le langage AltaRica Data-Flow a été créé pour pallier ce problème. AltaRica Data-Flow est un langage de modélisation de haut niveau permettant de décrire des composants sous forme d’automates d’états finis, de créer des bibliothèques de modèles de composants et d’assembler ces modèles en des hiérarchies. Le langage AltaRica Data-Flow a été choisi comme langage support de plusieurs ateliers logiciels utilisés dans l’industrie.La thèse porte sur la nouvelle version du langage AltaRica 3.0. Elle améliore AltaRica Data-Flow selon deux axes: son modèle d'exécution est basé sur les Systèmes de Transitions Gardées, ce qui permet de modéliser les systèmes bouclés et les composants avec les flux bidirectionnels; nouvelles constructions pour structurer les modèles, qui proviennent des langages orientés prototype, sont introduits.La thèse comporte une partie formelle décrivant les nouvelles constructions structurelles et précisant la sémantique du langage, une partie algorithmique expliquant la compilation des modèles AltaRica 3.0 vers les arbres de défaillance et la mise en œuvre des algorithmes dans un prototype

Performance assessment of an offshore windmill farm with AltaRica 3.0

International audienceIn this publication, we present how the AltaRica 3.0 modelling language can be used to efficiently design a model of an offshore windmill farm and evaluate its performance. The system we consider is composed of combinations of series-parallel components, combining different states for components and different modes for parts of the system and implements complex reconfiguration strategies.Knowing the syntax and semantics of languages such as AltaRica 3.0 is however not sufficient to efficiently design models. First, models should make it possible to efficiently calculate performance indicators. Second, individual models should be designed quickly (and without bugs!) and modelling knowledge should be capitalized from models to models. With both respects, architectural and behavioural modelling patterns are of great help. The AltaRica 3.0 model we propose in this article for the assessment of an offshore windmill farm achieves both goals. We show that the design of the model is very efficient thanks to the advanced structural constructs of the AltaRica 3.0 modelling language. Finally, we use assessment tools available for AltaRica 3.0, e.g. the stochastic simulator, to evaluate the model of the system

Modélisation de combinaisons de maintenances en AltaRica 3.0

International audienceOperational condition strategies of complex systems is one of the major actual challenges. An appropriated maintenance strategy ensures a high availability of the system, while minimizing costs due to interventions. Modeling and simulation of such systems, with their strategies of maintenances, enables the study of their performance indicators, such as availability, costs, etc. This publication presents an AltaRica 3.0 modeling pattern for the combination of several maintenance policies.Le maintien en condition opérationnelle de systèmes industriels est un facteur de compétitivité important ; et une bonne stratégie de maintenance du système assure une disponibilité élevée des équipements, tout en minimisant les coûts liés aux interventions. La modélisation et la simulation de tels systèmes, incluant leurs stratégies associées de maintenances, permet d'en étudier les indicateurs de performance sous-jacents (disponibilité, coûts, etc.). Dans cette communication, nous présentons un schéma de modélisation AltaRica 3.0 de combinaison de différentes politiques de maintenance de différents composants d'un système

From Models of Structures to Structures of Models

International audienceThe complexity of industrial systems is steadily increasing. To face this complexity, the different engineering disciplines are designing models. These models are complex as they reflect the complexity of systems under study. Therefore, they need to be structured. In this article we study structural constructs of modeling languages used in systems engineering. We introduce for that purpose a small domain specific language, the so-called S2ML for System Structure Modeling Language. We show that a large class of actual modeling languages can be (re)constructed by plugging their underlying mathematical framework into S2ML

Performance assessment of an offshore windmill farm with AltaRica 3.0

International audienceIn this publication, we present how the AltaRica 3.0 modelling language can be used to efficiently design a model of an offshore windmill farm and evaluate its performance. The system we consider is composed of combinations of series-parallel components, combining different states for components and different modes for parts of the system and implements complex reconfiguration strategies.Knowing the syntax and semantics of languages such as AltaRica 3.0 is however not sufficient to efficiently design models. First, models should make it possible to efficiently calculate performance indicators. Second, individual models should be designed quickly (and without bugs!) and modelling knowledge should be capitalized from models to models. With both respects, architectural and behavioural modelling patterns are of great help. The AltaRica 3.0 model we propose in this article for the assessment of an offshore windmill farm achieves both goals. We show that the design of the model is very efficient thanks to the advanced structural constructs of the AltaRica 3.0 modelling language. Finally, we use assessment tools available for AltaRica 3.0, e.g. the stochastic simulator, to evaluate the model of the system

Modeling patterns for the assessment of maintenance policies with AltaRica 3.0

International audienceIn this article, we present modeling patterns dedicated to the assessment of maintenance policies with AltaRica 3.0. From the analyst's perspective, these modeling patterns make models easier to design, to understand by stakeholders and to maintain. From a technical point of view, their design involves advanced features of AltaRica 3.0 that are worth presenting