model-based specification of safety-critical rail systems · model-based specification of...
TRANSCRIPT
![Page 1: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/1.jpg)
Model-based Specification of
safety-critical Rail Systems
Randolf Berglehner, DB Netze AG
Andreas Korff, Atego Systems
![Page 2: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/2.jpg)
Agenda
Project Introduction: CCS Strategy Neupro
History: Document-based Approach
Next Step: Requirements Management
Model-based Approach to formalize
SysML
Validation Rules / Artisan Studio Reviewer
State-based Simulation with Automatic Code Synchronization
SysML-based Simulation (Artisan Studio SySim)
Future: From Interface models to whole system models
![Page 3: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/3.jpg)
Modular target architecture for electronic interlockings: standard interfaces
Status of the works:
Open specification of interfaces
(=without supplier IPR) developed
Unified communication protocol
(RaSTA) for all interfaces defined
Reference implementation of
SCI-RBC, SCI-LX and SCI-ILS
under contract
Supplier under contract will deliver
interface and test specifications,
the other suppliers will validate
CCS Strategy
Neupro
3 DB Netz AG | Randolf Berglehner | 02.05.2013
ABG (Anschaltbaugruppe): Object Controller
ILS: Interlocking System
LX: Level Crossing
RaSTA: Railway Standard Transport Application
SCI: Standard Communication Interface
ZL (Zuglenkung): train path assignment
ZN (Zugnummernmeldeanlage): train number relay system
Bedienung Anzeige
ESTW sicheres
Rechnersystem
Point machine Optical signal
ZN, ZL Dok
Etc.
Disposition
ESTW
RBC
Operation MMI
ESTW Safe computer
system
Balise
LX
ZN, ZL Dok
Etc.
Disposition
ESTW
RBC
4 – wire standard
SCI-LEU SCI-LS SCI-PM SCI-AC
Axle counter
ABG ABG ABG AC
Cu-interface
DB
Block
SCI-CC
SCI-ILS
SCI-RBC SCI-LX
✔
✔
✔
✔
1st tranche 2nd tranche
3rd tranche
Legend:
![Page 4: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/4.jpg)
Before: Document-based Approach
Experts specify in documents, how a new system or version of a
system should
Comply with standards
Behave
Interface to other systems
Structured internally
Side effects:
Huge number of document references
Acceptance against these documents
![Page 5: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/5.jpg)
Challenges
Amount of information and references
Levels of abstraction often mixed
Inconsistencies possible
Implicit knowledge in the head of the experts
Aging of documents
propagation of changes
No formal interface definition leads to missing interchangeability
![Page 6: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/6.jpg)
Improvements using
Requirement Management
Specifications in an RM Tool
Atomic requirements
Traceable references
Possibily annotated with diagrams
=> Still not formalized, but textual information
![Page 7: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/7.jpg)
Introduction of Model-based views
Incremental use of SysML:
First textual information is annotated with diagrams
Then diagrams are leading
–In case of discrepancies, the model information „wins“
More and more the model leads: Visual Modeling to clarify the
requirements
![Page 8: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/8.jpg)
8
What is OMG SysML™?
A graphical modeling language in response to the UML for
Systems Engineering RFP developed by the OMG,
INCOSE, and AP233
a UML Profile that represents a subset of UML 2 with
extensions
Supports the specification, analysis, design, verification and
validation of systems that include hardware, software, data,
personnel, procedures, and facilities
Provides model and data interchange via XMI and the
AP233 standard
![Page 9: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/9.jpg)
Nine SysML Diagram Types
![Page 10: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/10.jpg)
SysML explained by its four Pillars (INCOSE)
![Page 11: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/11.jpg)
Views used in NeuPro
3 of 4 Pillars of SysML, according to INCOSE:
System Structure (BDD, IBD)
System Behavior (UC, SEQ, SM, ACT)
System Requirements (REQ)
Parametric View currently not needed
As Focus is logical behavior and interface structure
![Page 12: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/12.jpg)
Static Model Analysis
Artisan Studio Reviewer
Web-site Style Output
VBS-based Reviews
Checks against SysML
Language Rules
Checks against best Practice
Custom Checks against
NeuPro rules
![Page 13: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/13.jpg)
Model Validation Step 1
Hierarchy of State Machines
Simulation Executable generated
with C++ as Action Language on
Windows
Multi-threaded to simulate
communication partners
Sequence Diagrams define Test
Scenarios
Execution of Scenarios against
Simulation with State Machine
Animation
![Page 14: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/14.jpg)
Model Validation Step 2
Simulation Setup using standardized
I/O and defined in Simulation IBDs
Connector-based communication
Execution Generation via VB.NET
Atego Structured Action Language
(ASAL) and VB as Action Language
Windows Executable with Domain-
specific Front-End
Domain Experts can validate without
analyzing complicated State Machines
Simulation Logging
into MS Excel
![Page 15: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/15.jpg)
Next Steps
From Interface modelling to modelling the complete Interlocking
System
![Page 16: Model-based Specification of safety-critical Rail Systems · Model-based Specification of safety-critical Rail Systems Randolf Berglehner, DB Netze AG Andreas Korff, Atego Systems](https://reader030.vdocument.in/reader030/viewer/2022040722/5e3164ee5d8bea491e449d98/html5/thumbnails/16.jpg)
Q&A