Embed Size (px)
DESCRIPTION
Reliability in Design: FMEA Derived from UML/SysML models. P. David, V. Idasiak & F. Kratz PRISME Institute Team-project MCDS. Outline. Background UML and SysML for reliability analysis Method for reliability study in design process Automatic synthesis of FMEA - PowerPoint PPT Presentation
Citation preview
Wednesday, 24 September 2008
P. David, V. Idasiak & F. Kratz
PRISME Institute
Team-project MCDS
Reliability in Design: FMEA Derived from UML/SysML models
2
Outline
1. Background2. UML and SysML for reliability analysis3. Method for reliability study in design process4. Automatic synthesis of FMEA
1. Previous works on FMEA synthesis2. Crucial points for FMEA automatic synthesis3. Exploiting UML/SysML Sequence diagrams
5. Case study6. Next step with SysML7. Conclusion
3
Background
• Difficult to conduct Reliability studies during design:Time consuming processComplex formal methodsCommunication difficultiesMastering the complexity of multi-technological
systems
• Unifying the processes around one modelling language
4
Background
• Improving reliability study during Design:Creating tools and methods to support safety-critical
system design:• Integrating formal methods to the design process (GSPN,
Markov Process)• Developing tools and methods to efficiently conduct
widespread industrial practices (FMEA, Requirements allocation)
Proposing algorithms and analysis to be integrated in commercial tools (UML, SysML tools).
• Guiding the design towards reliable solutions: Insuring the traceability of Requirements
(performance, reliability, safety)
5
Using UML and SysML
• Object-oriented languages:Complex and multi technologic SystemsHierarchical, modular and incremental approach
• Graphical and accessible languages• Modelling constructs for Architecture and
BehaviourFunctional behaviour and architecture analysisDysfunctional behaviour modelling
• Various works on merging UML with formal methods (Markov Process, GSPN, Fault Trees)
6
Method for reliability study
AutomaticFMEA
synthesisFull FMEA
Functional Hazard Analysis FHAPreliminary Hazard Identification PHI
Functional Model
Architecture
bdd [Package] SADStructure
«block»
flow portsinout admission : FluxEauinout evacuation : FluxEau
valuescap : Contenancedbe : DébitEntrantdbs : DébitSortantvol : VolumeContenu
Cuve
«block»
flow portsinout entrée1 : FluxEauinout entrée2 : FluxEauinout sortie1 : FluxEauinout sortie2 : FluxEau
SysDeContrôle
«block»
flow portsinout alim : FluxEau
valuesdbs : DébitSortant
CircuitAlimentation«block»
flow portsinout conso : FluxEau
valuesdbe : DébitEntrant
RéseauDistribution
«block»
operationsActivation ()RetourEtatNominal ()
flow portsin alim : AlimElecout CommandeVanne : Commande
valuesestActivé : Boolean
Capteur«block»
flow portsinout entréeVa : FluxEauinout sortieVa : FluxEau
valuesdbe : DébitEntrantdbs : DébitSortantestOuvert : Boolean
operationsInversionEtat ()
Vanne«block»
operationsInversionEtatSonnerie ()CommandeAlarme ()ValidationAlarme ()
flow portsin alim : AlimElecin CommandeCapteur : Commande
standardPortsenceinte
valuesestActivée : Boolean
Alarme
«block»
operationsInversionEtat ()
flow portsinout entréeVa : FluxEauinout sortieVa : FluxEau
valuesdbe : DébitEntrantdbs : DébitSortantestOuvert : Boolean
standardPortsvolantVanne
VanneManuelle«block»
operationsCommandeVanne ()InversionEtat ()
flow portsin alim : AlimElecinout entréeVa : FluxEauin inCommandeCapteur : Commandeinout sortieVa : FluxEau
valuesdbe : DébitEntrantdbs : DébitSortantestOuvert : Boolean
ElectroVanne
«block»SAD
«block»
flow portsinout admission : FluxEau
valuesdbe : DébitEntrant
Déversoir
«block»
flow portsout alim : AlimElec
AlimentationElectrique
alimentation : Eau«ItemFlow»
**
source stockage
consommation : Eau«ItemFlow»
**
source consommateur
1 al
2cpt
1..* cu
* ca * rd
1..*
sdc
1..* dv
1
ae
2va32 va2
Behaviour
GSPN, Markov Process, AltaRica, Figaro
bdd [Package] SADStructure
«block»
flow portsinout admission : FluxEauinout evacuation : FluxEau
valuescap : Contenancedbe : DébitEntrantdbs : DébitSortantvol : VolumeContenu
Cuve
«block»
flow portsinout entrée1 : FluxEauinout entrée2 : FluxEauinout sortie1 : FluxEauinout sortie2 : FluxEau
SysDeContrôle
«block»
flow portsinout alim : FluxEau
valuesdbs : DébitSortant
CircuitAlimentation«block»
flow portsinout conso : FluxEau
valuesdbe : DébitEntrant
RéseauDistribution
«block»
operationsActivation ()RetourEtatNominal ()
flow portsin alim : AlimElecout CommandeVanne : Commande
valuesestActivé : Boolean
Capteur«block»
flow portsinout entréeVa : FluxEauinout sortieVa : FluxEau
valuesdbe : DébitEntrantdbs : DébitSortantestOuvert : Boolean
operationsInversionEtat ()
Vanne«block»
operationsInversionEtatSonnerie ()CommandeAlarme ()ValidationAlarme ()
flow portsin alim : AlimElecin CommandeCapteur : Commande
standardPortsenceinte
valuesestActivée : Boolean
Alarme
«block»
operationsInversionEtat ()
flow portsinout entréeVa : FluxEauinout sortieVa : FluxEau
valuesdbe : DébitEntrantdbs : DébitSortantestOuvert : Boolean
standardPortsvolantVanne
VanneManuelle«block»
operationsCommandeVanne ()InversionEtat ()
flow portsin alim : AlimElecinout entréeVa : FluxEauin inCommandeCapteur : Commandeinout sortieVa : FluxEau
valuesdbe : DébitEntrantdbs : DébitSortantestOuvert : Boolean
ElectroVanne
«block»SAD
«block»
flow portsinout admission : FluxEau
valuesdbe : DébitEntrant
Déversoir
«block»
flow portsout alim : AlimElec
AlimentationElectrique
alimentation : Eau«ItemFlow»
**
source stockage
consommation : Eau«ItemFlow»
**
source consommateur
1 al
2cpt
1..* cu
* ca * rd
1..*
sdc
1..* dv
1
ae
2va32 va2
Failure mode repository
Formal languages
7
Automatic synthesis of FMEA
• Importance of FMEA process:Performed at an early stageSystematic identification of risksClassify the risksUnderline weak points of the system
• Weak points of FMEATime consumingError prone analysisHuge amount of information to produceAmbiguity of the quoted values
8
• Numerous existing works:Organisational practises (Bassetto 2005)
Mastering simultaneous failures (Price and Taylor 2002)
Computing the effects at overall system scale (Price and Taylor 2002), (Papadopoulos et al. 2004b)
Enhancing classification and promoting the use of natural vocabulary (Bowles and Pelaez 1995)
• Weak points of previous works:Domain specific approach (electronic)No help for FMEA initialisation (component identification)No real use of lesson learnt databasesComputation of failure effects only from a dysfunctional
model
Previous works on FMEA synthesis
9
• Essential points for automatic FMEA synthesis:The exploited model:
• Hierarchy between blocks• Architecture of the system and its functionalities• Data and flow transmissions
A Dysfunctional Behaviour Database• Contains lesson learnt on components failures• References Failure modes name• References Failure modes behaviour
Crucial points for FMEA automatic synthesis
10
• Our ambitions:Studying functional models at early stages of
design processInsuring exhaustiveness of component
identificationUse and construction of a lesson learnt
databaseIdentifying the primary Failure Modes
Automatic synthesis of FMEA
11
Sequence Diagram exploitation
componentA:A componentB:B
message:MessageType
Sequence Diagram (SD)
ClassA
FailureMode :FailureMode[*]
ClassB
FailureMode :FailureMode[*]
Dysfunctional behaviour database
m2:m2type
FMEA Table
12
Case Study: Level Control System (LCS)
13
LCS Sequence Diagram
14
Preliminary FMEA reportComponent Failure Mode Possible Causes Possible Effects
S1 No detection Internal Cause Internal Effect
From S1 by Activation On Ev1 by CommandEv
On S1 by Activation
False Detection Internal Cause Internal Effect
From S1 by Activation On Ev1 by CommandEv
On S1 by Activation
• This table is a good help to build the final FMEA.• Relation to consider are indicated.• Known Failure Mode are already mentioned.• The heavy phase of FMEA is automatically performed
(Component census, Search in database).
15
Next step with SysML
15
Requirements Traceability
Failure Mode Repository
Component Identification
Control signals
Flow transmission
16
LCS in SysML
17
New preliminary FMEA report
Component Failure Mode Possible Causes Possible Effects
S1 No detection Internal Cause Internal Effect
From S1 by Activation On Ev1 by CommandEv
From Ps through PopS-PiS1 [PowerInput]
On S1 by Activation
On Ev1 through CiS1-CiEv1 [CommandInterface]
False Detection
Internal Cause Internal Effect
From S1 by Activation On Ev1 by CommandEv
From Ps through PopS-PiS1 [PowerInput]
On S1 by Activation
On Ev1 through CiS1-CiEv1 [CommandInterface]
18
Conclusion
• A precious part of FMEA is automatically built.
• The preliminary report is a great guideline for analysts.
• It helps saving a lot of time while respecting the exhaustivity of the study.
• SysML shows huge possibilities to enhance this first solution.
• Effective solution to start the deployment of the presented method.
19
Acknowledgements
We specially want to thank all our partners involved in the CAPTHOM project. This work was realized with the financial help of the French Industry Ministry and local collectivities, within the framework of the CAPTHOM project of the Competitiveness Pole S2E2, www.s2e2.fr.
