System to Software Engineering in SysML Neptune 2015 to Software Engineering in SysML Neptune 2015...
Transcript of System to Software Engineering in SysML Neptune 2015 to Software Engineering in SysML Neptune 2015...
This
doc
umen
t an
d its
con
tent
is th
e pr
oper
ty o
f Ast
rium
[Ltd
/SA
S/G
mbH
] an
d is
stri
ctly
con
fiden
tial.
It sh
all n
ot b
e co
mm
unic
ated
to
any
third
par
ty w
ithou
t th
e w
ritte
n co
nsen
t of
Ast
rium
[Ltd
/SA
S/G
mbH
].
Presented by Dr David LESENS Thursday, May 28, 2015
MBSE for Space Launchers System to Software Engineering in SysML Neptune 2015
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 2
Dr David LESENS
NASA's Climate Orbiter was lost
September 23, 1999, due to a software
bug
One engineering team used metric units while another used English units
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 3
Dr David LESENS
Committed Life-cycle against Time
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 4
Dr David LESENS
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 5
Dr David LESENS
Overview Airbus Defence & Space – Space Systems • Introduction • Why MBSE? • Automatic documentation generation • Automatic code generation
AFIS – French chapter of the INCOSE Conclusion
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 6
Dr David LESENS
Employees*: ~ 73,500 Revenues*: ~ € 39 bn
Fabrice Brégier
Employees*: ~ 22,400 Revenues*: ~ € 6.3 bn
Guillaume Faury
Employees**: ~ 40,000 Revenues**: ~ € 14 bn
Bernhard Gerwert
Employees*: ~ 140,000 Revenues*: ~ € 56 bn
Tom Enders
* in 2012 ** estimate for 2014
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 7
Dr David LESENS
Airbus Defence and Space: 4 Business Lines
Military Aircraft • A400M, A330 MRTT,
CN235, C212, Orlik
• Eurofighter, Tornado
• Barracuda, Atlante, Harfang, Euro Hawk, Future European Male, Tracker, Tanan, Survey Copter
Electronics • Radars and Identification
Friend or Foe (IFF) Systems, Electronic Warfare, Mission Avionics, Space Platform Electronics, Space Payload Electronics
Space Systems • Ariane 5, Automated Transfer
Vehicle, Eurostar E3000, Pléiades, Gaia, Skynet, oberservation satellites (Spot, TanDEM-X, TerraSAR-X), MetOp, Swarm, M51, International Space Station ISS, interplanetary probes (Herschel, Mars Express, Solar Orbiter), Lunar Lander
Communication, Intelligence & Security (CIS) • Surveillance and Security
Solutions, Secure Communications Solutions, Cyber Security, Coastal Surveillance Systems, NATO SATCOM Post-2000, Wireless Intranet Solutions in Theatre, Farmstar Expert, Tetra Systems
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 8
Dr David LESENS
Launchers and spacecraft
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 9
Dr David LESENS
Overview Airbus Defence & Space – Space Systems • Introduction • Why MBSE? • Automatic documentation generation • Automatic code generation
AFIS – French chapter of the INCOSE Conclusion
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 10
Dr David LESENS
Space launcher systems
Motors ignition Lift-off Stages release Flight Control Attitude control GNC
MVM Mission and Vehicle Management
Guidance, Navigation and Control
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 11
Dr David LESENS
Code
Code
GNC SW DD
SW detailed design
Architectural & RT design
GNC DF ICD MVM DF
Unit tests
Unit numerical tests
GNC SW TS
Integration tests
GNC proto
SW TS
Development process
Validation Software numerical validation
System qualification
Several teams / several skills MVM GNC Software
Numerical validation Qualification
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 12
Dr David LESENS
Code
Code
GNC SW DD
SW detailed design
Architectural & RT design
GNC DF ICD MVM DF
Unit tests
Unit numerical tests
GNC SW TS
Integration tests
GNC proto
SW TS Validation Software numerical validation
System qualification
Development process
A lot of documents Costly to write With redundant information With risks of inconsistencies
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 13
Dr David LESENS
Mission and Vehicle Management GNC …
Modelling & Auto-coding
System needs
Avionics Communication
Network
Data processing Architecture
Customer
Supplier
Flight software
Flight software
“Auto-coding” Coding by the people
Defining the need
Generic framework
Auto coding
“Classical” coding
Algorithmic code Algorithms skeleton Mission & vehicle management Software architectural design
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 14
Dr David LESENS
Overview Airbus Defence & Space – Space Systems • Introduction • Why MBSE? • Automatic documentation generation • Automatic code generation
AFIS – French chapter of the INCOSE Conclusion
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 15
Dr David LESENS
SysML modelling
Software Technical
Specification
Functional Files
Numerical Interface Control
Documents
SysML model
Power Thermal Control
Flight Control …
Solar wings Battery
Tank …
Mission Data
Algorithm Reference Document
Part of the flight code
Functional needs expressed by functional chain responsibles Avionics equipment design constraints (I/O, real-time…) by
equipment providers
Part of the
flight code
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 16
Dr David LESENS
• The model is developed by the system team • The documentation contains almost all the diagrams
• The model is developed by a dedicated team • The Word document is manually written by the system team • Some parts of the documentation is generated from the model • 80% of Internal block Diagrams (IBD) in the model • No IBD in the generated documentation, replaced by tables
Documentation generation
Java API DocGen 2
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 17
Dr David LESENS
NICD
HW2:ICD X
Y
A1
B1
A2
B2
(Numerical) Interface Control Document
ICD X
Y
Equipment provider
ICD
Modelling team
HW1:
NICD
System model
Consistency ICD NICD Consistency NICD System design
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 18
Dr David LESENS
Overview Airbus Defence & Space – Space Systems • Introduction • Why MBSE? • Automatic documentation generation • Automatic code generation
AFIS – French chapter of the INCOSE Conclusion
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 19
Dr David LESENS
Modelling in SysML of The finite state machines The architecture with
Description of the sequences in a textual formal language
Generic system architecture
On Board Control
Procedure engine
On
Pre-stop
Stop
Lower stage
Pressurization
Off
Pre-On
On
Upper stage
Pressurization
Upper Ctrl
Lower Ctrl
Stabilizing
Nominal
Control
Ctrl lower stage
Ctrl upper stage Stabilize
Internal command
Vehicle command
• Activation conditions • Inputs / outputs
End of thrust Mission
event
FUM commands
FUM command
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 20
Dr David LESENS
Mission and Vehicle Management Graphical modelling and textual modelling
Tooling • Modelling tool: COTS • Automatic code generator: In-House
plan The_Mission is wait event End_Of_Thrust; Prepare_Separation; wait 30; To_Upper_State; end;
Upper Ctrl
Lower Ctrl
Stabilizing
Nominal
In-house
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 21
Dr David LESENS
Modelling versus coding
R : Int32 := 3; Y : Float64 := 5.6; X1 : Int32 := R + Y; X2 : Float32 := R + Y;
More difficult development Need of a mathematical library “Niche” language
Used for studies
r = int32(3); y = double (5.6) x = r + y;
invalid operand types for operator "+" left operand has type "T_Int32" right operand has type "T_Float64"
x = 9
Very quick development Development environment
Difficulty of validation Proprietary language
Safer code Standard
Used for embedded software
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 22
Dr David LESENS
Guidance, Navigation and Control Prototypes Design • Interfaces • Activation conditions • Software threads
Coding • Algorithm description
Navigation Guidance
Control
Skeleton Skeleton Skeleton
thread T2 is period (20ms); functions (C; D; E); end;
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 23
Dr David LESENS
Overview Airbus Defence & Space – Space Systems • Introduction • Why MBSE? • Automatic documentation generation • Automatic code generation
AFIS – French chapter of the INCOSE Conclusion
Association Française d’IngénierieSystème
Understanding system modelling
MBSE Model-Based Systems Engineering
Association Française d’IngénierieSystème
25
Overview
Chapter 1 – Why MBSE? Model Based System Engineering in a nutshell The benefits of MBSE
Chapter 2 – What is MBSE? The details of MBSE Introduction Collaboration between domains and levels Modelling Languages Implementation approaches Specifying Model? MBSE and Simulation Reuse of models
Chapter 3 – Success stories Chapter 4 – Lessons learned Chapter 5 – Acronyms and Glossary
Association Française d’IngénierieSystème
26
Success stories
AIRBUS DEFENCE AND SPACE Communication, Intelligence and Security Space Systems
ALSTOM Transport AREVA MBDA SCHNEIDER-ELECTRIC THALES
Arcadia Avionics
Association Française d’IngénierieSystème
27
Lessons learned How to put MBSE in practice?
Management of cultural changes Promote MBSE inside the company (managers and system
engineers) Fund and schedule the MBSE activity Put in place the resources (staffing) to support MBSE deployment Commit people from the beginning of the project
Training Deploy a set of trainings
MBSE awareness training for the managers MBSE training for the modellers …
Put in place a pole of experts with coaching
© 2
013
Airb
us D
efen
ce a
nd S
Pace
– A
ll rig
hts
rese
rved
. The
repr
oduc
tion,
dis
trib
utio
n an
d ut
iliza
tion
of th
is d
ocum
ent a
s w
ell a
s th
e co
mm
unic
atio
n of
its
cont
ents
to o
ther
s w
ithou
t exp
ress
au
thor
izat
ion
is p
rohi
bite
d. O
ffend
ers
will
be
held
liab
le fo
r the
pay
men
t of d
amag
es. A
ll rig
hts
rese
rved
in th
e ev
ent o
f the
gra
nt o
f a p
aten
t, ut
ility
mod
el o
r des
ign.
Association Française d’IngénierieSystème
28
Lessons learned How to put MBSE in practice?
Tools Put in place a set of customised tools (COTS are not sufficient)
Check tools Documentation generator Code generator …
Define the traceability process taking into MBSE Put in place a rigorous configuration management process Standardize the tools and the interfaces between tools Take into account the multi-user aspect of the modelling tools Generate automatically a set of focused (limited in size) documents
from model Ensure the long term availability of the customized toolset
© 2
013
Airb
us D
efen
ce a
nd S
Pace
– A
ll rig
hts
rese
rved
. The
repr
oduc
tion,
dis
trib
utio
n an
d ut
iliza
tion
of th
is d
ocum
ent a
s w
ell a
s th
e co
mm
unic
atio
n of
its
cont
ents
to o
ther
s w
ithou
t exp
ress
au
thor
izat
ion
is p
rohi
bite
d. O
ffend
ers
will
be
held
liab
le fo
r the
pay
men
t of d
amag
es. A
ll rig
hts
rese
rved
in th
e ev
ent o
f the
gra
nt o
f a p
aten
t, ut
ility
mod
el o
r des
ign.
Association Française d’IngénierieSystème
29
Lessons learned How to put MBSE in practice?
Modelling guidelines (1/2) Define adapted detailed guidelines and practical golden rules
List of stakeholders u Input providers, modelling experts, model master, modellers, reviewers,
users… Structure of the model
u In sub-models, in hierarchical packages… Modelling rules consistent with the process
u Naming rules, semantics rules, links between the modelling artefacts and the requirements…
Ideally embedded them in the modelling tool …
© 2
013
Airb
us D
efen
ce a
nd S
Pace
– A
ll rig
hts
rese
rved
. The
repr
oduc
tion,
dis
trib
utio
n an
d ut
iliza
tion
of th
is d
ocum
ent a
s w
ell a
s th
e co
mm
unic
atio
n of
its
cont
ents
to o
ther
s w
ithou
t exp
ress
au
thor
izat
ion
is p
rohi
bite
d. O
ffend
ers
will
be
held
liab
le fo
r the
pay
men
t of d
amag
es. A
ll rig
hts
rese
rved
in th
e ev
ent o
f the
gra
nt o
f a p
aten
t, ut
ility
mod
el o
r des
ign.
Association Française d’IngénierieSystème
30
Lessons learned How to put MBSE in practice?
Modelling guidelines (2/2) Define the right level of abstraction
Do not model anything if you don’t know for what purpose u Build models according to the way you will exploit them u Design only what has decisive influence on the architecture u Design with the level of detail which is enough to start the next step of
design Do not model in details if you are not able to keep the model up to date
u Adjust stopping criteria accordingly If you want quick return on investment, keep focussed on your major
problems / challenges first Favour modelling for several usages - “Model once, use many”
u In order to maximise ROI and motivate for maintenance
© 2
013
Airb
us D
efen
ce a
nd S
Pace
– A
ll rig
hts
rese
rved
. The
repr
oduc
tion,
dis
trib
utio
n an
d ut
iliza
tion
of th
is d
ocum
ent a
s w
ell a
s th
e co
mm
unic
atio
n of
its
cont
ents
to o
ther
s w
ithou
t exp
ress
au
thor
izat
ion
is p
rohi
bite
d. O
ffend
ers
will
be
held
liab
le fo
r the
pay
men
t of d
amag
es. A
ll rig
hts
rese
rved
in th
e ev
ent o
f the
gra
nt o
f a p
aten
t, ut
ility
mod
el o
r des
ign.
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 31
Dr David LESENS
Overview Airbus Defence & Space – Space Systems • Introduction • Why MBSE? • Automatic documentation generation • Automatic code generation
AFIS – French chapter of the INCOSE Conclusion
Confidential Th
is d
ocum
ent
and
its c
onte
nt is
the
prop
erty
of A
striu
m [L
td/S
AS
/Gm
bH]
and
is s
trict
ly c
onfid
entia
l. It
shal
l not
be
com
mun
icat
ed t
o an
y th
ird p
arty
with
out
the
writ
ten
cons
ent
of A
striu
m [L
td/S
AS
/Gm
bH].
28/05/2015 32
Dr David LESENS
Conclusion MBSE in the space domain • Is operationally used • Improves the architecting and engineering of complex systems • Improves the system to software engineering
Modelling may be graphical or textual But needs • Clear objectives • Precise guidelines and processes • Trained teams • Adapted tools
And will be in the future • Used in a larger perimeter • With a long term availability