Challenges for MBSE and PLE - CSD&M Paris 2016 · PLE: No Spec example ~2700 Req. NSR ~6000 Req. BDK . 10 OPEN Reverse engineered static s-s. Ref number- date Name of the company

www.thalesgroup.com OPEN

Challenges for MBSE and PLE

for Legacy Product-Based System Environments…

2 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date

Name of the company/ Template : 87204467-DOC-GRP-EN-002

General Conditions…

▌ …or why do Legacy Systems exist?

▌ …or what are the architectural drivers?

▌ Architecture is influenced

By the History of Railways

By different Architectural approaches

3 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Railway signalling history (1)

▌ Collisions between trains

▌ Derailment because of

„Over speed“

Over speed often

means trains have a speed greater zero, if it should have stopped….

Example: Paris Gare Montparnasse 1895

▌ Why railway signalling?

For safe train movement

Trains can not break on sight!

▌ Major Risks:

Two trains „want to use“ same track

Example: Zoufftgen, Moselle, 2006

4 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Railway signalling history (2)

▌ Collision protection

Feature: Provide safe running path

Technique: Interlocking

Since: 1860ies

Technology changes, but

Principles remain

▌ Over speed protection

Feature: stop train if to fast or does not stop

Technique: Train control, balises…

Since: 1870ies

Technology evolves

up to continuous supervision

Interconnection

Between all types Legacy…

5 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Two types of Architectural approaches

▌ Type 1: Turn-Key customers

Revolutionary approach

Renew complete Signalling system…

… in a defined time period

Examples:

▌ Type 2: Common architecture

Evolutionary approach

Renew step-by-step

… in an indefinite time period

Examples:

Jernbaneverket

6 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Resulting Constraints

▌ System Engineering needs to be flexible to

Cover variants in systems

(for collision protection as well as over speed)

- Legacy

- Newly developed

Cover variants in architecture

- Turn-key

- Common architecture

7 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Previous approaches of System Engineering

▌ Problems of approaches used in the past

▌ Requirements Management

DOORS (and no end…)

- Architecture in Requirements?

- Customer dependent?

▌ Modelling in UML

A picture is worth a thousand words

8 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Requirements Engineering (1)

▌ First approach, started in 1990ies

Transfer and allocate

customer requirements to System requirements

▌ Advantages

Traceability

Manageability

▌ Problems

Non-homogenous

Architecture already in requirements

Customer dependent

9 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Requirements Engineering (2)

▌ Different types of Product Portfolio

„Mass“ Products

- like Signal, Axle Counter in the field equipment area

Software based products

- like interlocking (IXL) or radio block centre (RBC)

- Ensuring safe train movements

Large scale solutions

- Combining products up to a country wide solution

- Examples: Saudi-Arabia NSR, Denmark F-Bane (BDK)

▌ Result: Requirements get too complex to manage

PLE:

Spec example ~600 Req. AzLM

PLE: ?

Spec example

~5000 Req. RBC in total

PLE: No Spec example ~2700 Req. NSR ~6000 Req. BDK

10 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Modelling in UML(/Sys-ML)

▌ Reverse engineered static

architecture

Mapping to functionality only in DOORS

Project driven, so

No common

- Methodology

- Tool Environment

No reuse

- Actor vs. component depends

on project

▌ Result: Approach in this way

not applicable

Playback server process Playback Client process

Playback clientPlayback server

Playback Meldebild Display system

Playback visualization

- Meldebild

1

1

- Display system

1

1

SBS

MA

RIES database

- _Playback server

MOS-SW

«reside» «reside»«reside»

«reside»

11 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Model-based System Engineering…

▌ ARCADIA as method…

..and Capella as tool

▌ Concept of Reference System

Architecture…

Applied to Legacy Environments

12 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


ARCADIA/ Capella (..in a nutshell)

▌ Supplier-oriented

▌ Targets of methodology

Focus on functionality not only structure

Separating need & Solution

Supports collaboration

Handling of complexity

▌ Capella

Open-Source Tool

Based on Eclipse-Framework

Implementing ARCADIA

13 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Reference System Architecture (1)

▌ Focus

Standard Architecture of Signalling System

▌ Breakdown of Functions over Views

System Need

Logical Architecture

▌ Result

Logical Architecture independent from concrete Solution

Basis:

- Legacy uses same functions

- Extension of functionality from generation to generation

- Often functionality moved from human actor into technical component

14 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date



▌ Product Line Engineering

Use Feature model for handling variants

▌ Differentiate between

Domain layer: Reference System Architecture

Application layer: concrete Project

▌ Introduction of Feature Model to manage

Architecture

In Capella

▌ Coupling via tool

Pure::variants is used

Pure::

Variants Architecture

Domain: Reference System Architecture

Feature Model:

Feature 1

Feature 2

Application: Concrete Project A

Variant Model:

Feature 1

Feature 2

Concrete Project B

Variant Model:

Feature 1

Feature 2

Item 1

Item 2

Item 3

Item 1

Item 2

Item 1

Item 3

15 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date



▌ Variants in physical realisation

No variant in logical realisation

Physical realisation variants possible

▌ Complexity of feature models

Keep separated

- High-Level (Allocation) Variants

- Low-level functional differences

- E.g. conditions for calculation of signal aspect

16 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


A look into future…

▌ Model-based safety analysis

Reuse of model for safety design

Reuse of model for calculations (e.g. Fault Tree Analysis)

- Transformation and enrichment to into formal model

- Model checking possible

▌ Automated Test Design

Reuse of model for test design and automation

Three layers

- Data Abstraction, test cases are data independent

- System behaviour, based on Architecture models

- Product Line

17 OPEN

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Ref number- date


Conclusions

▌ Classical System Engineering

Well known…

…but difficult for managing complex systems

▌ MBSE & PLE for Railway Signalling

Extension of classical system engineering

Unique approach based on ARCADIA

Helps to put functionality on right abstraction

level

Usable for new and Legacy Environments

Extensible for safety and testing

Documents

Challenges for MBSE and PLE - CSD&M Paris 2016 · PLE: No Spec example ~2700 Req. NSR ~6000 Req. BDK . 10 OPEN Reverse engineered static s-s. Ref number- date Name of the company