towards generating ecss-compliant fault tree analysis
TRANSCRIPT
Towards generating ECSS-compliant fault tree analysis results via
ConcertoFLA
Barbara Gallina, Zulqarnain Haider, Anna Carlsson{barbara.gallina, zulqarnain.haider}@mdh.se
This work is supported by the EU and VINNOVA via the ECSEL project AMASShttps://www.amass-ecsel.eu/
Certifiable Evidences & Justification Engineering (Research Group)
16th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Context and motivation
2
Space Systems
ECSS Standards
Compliance
Tool Supported analysis and generation of fault tree
analysis results
Dependability, Safetyand Security Requirements…
Complexity Reduction Compliance to ECSS
6th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Talk outline
• Background– European Cooperation For Space Standardization (ECSS)– Tool Supported CHESS Methodology
• ConcertoFLA
• Generation of ECSS-compliant Fault Tree analysis results approach
• Attitude Control System (ACS) Example– Modeling of ACS and Dependability– Failure Logic Analysis (FLA)– FLA Results and Fault Tree (FT) Generation
• Summary
36th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Dependability ECSS-Q-ST-30C
46th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
SafetyECSS-Q-ST-40C
523rd International Conference on Reliable Software TechnologiesJune 20-22 2018,
6
Software Product AssuranceECSS-Q-ST-80C
23rd International Conference on Reliable Software TechnologiesJune 20-22 2018,
• IEC 61025– A fault tree is an organized representation of the
conditions or other factors causing or contributing to the occurrence of a defined outcome, referred to as the “top event”
– Fault tree analysis is a deductive (top down) method of analysis aimed at pinpointing the causes or combination of causes that can lead to the defined top event
ECSS-Q-ST-40-12C, Fault Tree Analysis
76th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
• CHESS is an open-source methodology and toolset available from Eclipse/Polarsys– Model Driven Methodology– Component Based Approach– Seperation of Concerns– Dependability Profile
Tool Supported CHESS Methodology
8
https://www.polarsys.org/projects/polarsys.chess
6th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
ConcertoFLA
• ConcertoFLA is a failure logic analysis tool to qualitatively evaluate failure behavior of a component based system, given the failure behavior of individual components.
CHESS Toolset
ConcertoFLA
96th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Overview of ConcertoFLA approach
• Failure Propagation Transform Calculus (FPTC)
FPTC Expressions
Input ports{failures}
output ports{failures}
– Component behavior • Sink• Source• Transform • Propagate
– Failure types • Value [Coarse, Subtle]• Timing [Early, Late]• Provision [Omission,
Commission]
10
Inputport.failuretype -> Outputport.failuretype
6th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Generation of ECSS-compliant Fault Treeanalysis results approach
Architectural elements modelling Failure logic modellingComponent level
Analysisinvocation
Failure logic modellingSystem level
Is restructuring needed?
NoYes
ResultsInterpretation
Causality pathsexploitation for FT
generation
116th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Attitude Control System (ACS)
• ACS controls the orientation of the satellite relative to a reference object.
• Attitude Control Functions– Process units data – Estimate the state – Compute the control torque to be applied on satellite for
maintaining desired attitude
ACS ActuatorSensormeasurement command
126th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
• Sun Acquisition and Survival mode (SASM)
ACS Operational modes
ACS Propulsion Thrusters
Sun Sensor measurement command
Gyro Sensor
• Different operational modes– Depending upon missions– Involves different units – sensors and actuators
136th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
• Functional Requirements for computing the torque in SASM mode
SASM Mode FunctionalRequirements
146th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
ACS Architecture in CHESS
156th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
• Components behave as propagator in the prelimnary design, before introducingdependability means
Failure Behaviour of Components
ValueSubtleValueCoarse
ValueSubtleValueCoarse
166th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
• The value of the state estimatesis invalid
Fault Injection
176th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Backpropagation of Results
186th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
FLA:sunEstVec.valueCoarse, specTorque.wildcard,propTorque.wildcard,feedforwardTorque.wildcard
ctrlTorque.valueCoarse;
Failure Propagation Paths
• Failure Propagation Path Browser– Output Ports– Failure Type– Previous Failures
196th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Failure Propagation Paths
206th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Generation of Fault Tree
216th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
Summary and Future Work
226th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
• CHESS toolset is used to – Model the ACS– Model dependability information– Perform failure logic analysis
• Generation of FTA-results in the context ofECSS and IEC 61025
• Provision of tool-support.
Thank you for your attention!
Discussion time…
236th Scandinavian Conference on System & Software SafetyMay 21-22 2018,
http://www.es.mdh.se/safecomp2018/fast-abstracts-call.php
Call For Fast Abstracts – Deadline: 02 July 2018 – Notification: 09 July 2018