Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making...
Transcript of Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making...
![Page 1: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/1.jpg)
02.09.2019
LieberLieber SoftwareDr. Konrad Wieland
Agile Modeling in Safety-Critical Environments
![Page 2: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/2.jpg)
LieberLieber Software2
Vienna, Austria
OUR EXPERTISE
• Model-based Systems Engineering
• Configuration Management for Models
• Integration Enterprise Architect with otherTools
![Page 3: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/3.jpg)
LieberLieber Software3
My Background
• Business Informatics, TU Vienna (2003-2009)
• PhD: Model Versioning, TU Vienna (2009-2012)
• Trainer & Consultant for MBE (2012-2015)
• LieberLieber Head of Product Management (2015)
![Page 4: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/4.jpg)
Agile Method’s World
Leeway in decision-making
Intermediate results, to check the direction
Planned solution at project begin
Uncertainty of project objectives
The uncertainty decrease during the project
Real solution at the project end
Project Start ← Iterations → Project End
![Page 5: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/5.jpg)
But what if you have to change one of your previous decisions?
Leeway in decision-making
Intermediate results, to check the direction
Planned solution at project begin
New real solution at the project end
Project Start Project End
![Page 6: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/6.jpg)
LieberLieber Software6
Agile practices for safety-critical development
• Safety-critical systems development has special needs beyond those of most projects. In such projects, additional practices to address those needs are included, such as:
• Safety analysis and assessment
• Continuous traceability
• Change management
• Requirements-based verification
Source: „Adopting agile methods for safety-critical systems development”Bruce Powel Douglass, Leslie Ekas, IBM, Oct. 2012.
![Page 7: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/7.jpg)
LieberLieber Software7
Agile practices for safety-critical development
• Safety-critical systems development has special needs beyond those of most projects. In such projects, additional practices to address those needs are included, such as:
• Safety analysis and assessment
• Continuous traceability
• Change management
• Requirements-based verification
Source: „Adopting agile methods for safety-critical systems development”Bruce Powel Douglass, Leslie Ekas, IBM, Oct. 2012.
Models play a crucial role!
![Page 8: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/8.jpg)
LieberLieber Software8
Solution Strategies
Manage Complexity
Model Based System
Engineering
Configuration and Change
Management
Agile Development
![Page 9: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/9.jpg)
ASPICE vs Agile
Therefore ASPICE and Agile methods cannot, by definition,
contradict each other
The only valid question is – do concrete process implementations
satisfy ASPICE principles
ASPICE
• ASPICE describes process principals (WHAT level) but it does not predefine any concrete lifecycle models, methods, tools, templates, metrics, proceedings, etc.
Agile
• The Agile methods are defining the HOW level (lifecycle models, methods, etc.)
![Page 10: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/10.jpg)
ASPICE Structure
Details of Mappings
HOW DO AGILE PRACTICES SUPPORT AUTOMOTIVE SPICE COMPLIANCE?© Fraunhofer IESE Philipp Diebold, Thomas Zehler, Dominik Richter
Project Management
(MAN.3)
Requirements Elicitation
(SYS.1)
Configuration Management
(SYS.1)
Scrum
XP
Base Practices
Base Practices
Base Practices
Work Products
Work Products
Work Products
Practice
Practice
Practice
Practice
ASPICE Structure
Mapping
![Page 11: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/11.jpg)
Agile Methods are ASPICE compliant
HOW DO AGILE PRACTICES SUPPORT AUTOMOTIVE SPICE COMPLIANCE?© Fraunhofer IESE Philipp Diebold, Thomas Zehler, Dominik Richter
93%173 of 185 Automotive SPICE requirements are supported
63%97 of 155 agile practices
are used
760Mappings
96% Automotive SPICE Base Practices are supported
86% Automotive SPICE Work products are supported
87% (33 of 38) Srum and XP practices are used
![Page 12: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/12.jpg)
LieberLieber Software12
Solution Strategies
Manage Complexity
Model Based System
Engineering
Configuration and Change
Management
Agile Development
![Page 13: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/13.jpg)
LieberLieber Software13
From Concept to Solution as required by ISO 26262 Requirement Analysis Architecture & Design Testing
Component Responsibility
Normally Tier-1 Supplier
System Responsibility
normally OEM
3-7safety goals
3-8functional safety
requirements
4-6technical safety requirements
6-6 software safetyarchitectural level
requirements
6-6 software safetyunit level
requirements
4-9system safety
validation
4-8 vehicle integration
testing
4-8 systemintegration
testing
6-9software unit
testing
6-10 softwareintegration
testing
6-10 softwaresafety
verification
3-8 preliminaryarchitectural assumptions
4-7system design
6-7 softwarearchitectural
design
6-8software unit
design
3-5item definition
3-8functional safety concept
4-6/7technicalsafety concept How to Manage it without
Modeling Approach?
“Safety needs models”
![Page 14: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/14.jpg)
LieberLieber Software14
Value of Modeling
Modeling as a tool for finding solutions
Model ascommunicationmedium
Model asknowledgedatabase
![Page 15: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/15.jpg)
Model is your Knowledge Base
Component
Requirement
Requirement
realize
realize
Traceability = Model IntelligenceIt allows to generate as many views as necessary
One ModelMany Users Many Views
![Page 16: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/16.jpg)
RequirementAnalysis
SystemArchitecture
Design
Implementation
ModuleTests
IntegrationTests
SystemTests
Test Cases
Validation
Test Cases
Verification
Test Cases
C: +23%T: +18%
C: +10%T: +6%
C: +37%T: +25%
C: -46%T: -45%
C: -9%T: -12%
Source: Summary of the dissertation “Model Based Development of Embedded Software Systems in the Automotive – Costs and Benefits” Author: Sascha Kirstan; TU München, 2011.
Impact of Model Based Systems Engineering
-27%
-36%
-40%
-35%
-30%
-25%
-20%
-15%
-10%
-5%
0%
CostsTime
Reduction of time effort for whole project
C : Costs
T : Time
![Page 17: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/17.jpg)
Solution Strategies
Manage Complexity
Model Based System
Engineering
Configuration and Change
Management
Agile Development
![Page 18: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/18.jpg)
LieberLieber Software18
Goals of Configuration and Change Management
Systematically tracking of changes during development and maintenance
Preserving the integrity of the system after changes
Preventing unwanted and unpredictable effects
Standardizing the process of making changes
![Page 19: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/19.jpg)
Source Code
Your Memory of Project Progress and Project Decisions
Customer Branch B
Customer Branch A
Release Branch
Trunk
Develop Branch
V1.0 V1.1 V2.0
Version Tag
Possible Conflict
Architecture / Design
Wiki Expert Minds
Documents
![Page 20: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/20.jpg)
Source Code
Your Memory of Progress and Decisions
Customer Branch B
Customer Branch A
Release Branch
Trunk
Develop Branch
V1.0 V1.1 V2.0
Version Tag
Possible Conflict
Model
Customer Branch B
Customer Branch A
Release Branch
Trunk
Develop Branch
V1.0 V1.1 V2.0
Version Tag
Possible Conflict
![Page 21: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/21.jpg)
LieberLieber Software21
Continuous Integration – also for models?
• CI: integrate non-breakable changes to always have a executable software
… and for models?
• After each iteration (ideally after each change) an executable software a valuable model must be created.
What is a valuable model?
![Page 22: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/22.jpg)
LieberLieber Software22
How to get a valuable model?
Models that help each other to understand
• over models that only experts understand
Evaluable and consistent models
• over an extensive diagram dump
Fulfilling the stakeholder needs
• over fulfilling the standards
Models that help to manage complexity
• over models that create complexity
Models that evolve through change
• over models that are treasured by change.
![Page 24: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/24.jpg)
Additional Infos
![Page 25: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/25.jpg)
LieberLieber Software25
Established Processes for MBSEusing Git and Enterprise Architect
Source: https://de.atlassian.com/git
Version Control Systems - Examples
![Page 26: Agile Modeling in Safety-Critical Environments · Agile Method’s World Leeway in decision-making Intermediate results, to check the direction Planned solution at project begin Uncertainty](https://reader036.fdocuments.us/reader036/viewer/2022071510/612e814d1ecc51586942db15/html5/thumbnails/26.jpg)
Continuous Engineering is the high-end Agile Modeling
Analyze Dependencies
ValidatePackage
Publish
Package Repository
Consume valid Model Packages with valid dependencies
Provide valid Model Packages with valid dependencies
Model
Model
Model