system to software engineering in sysml neptune 2015 to software engineering in sysml neptune 2015...

This

doc

umen

t an

d its

con

tent

is th

e pr

oper

ty o

f Ast

rium

[Ltd

/SA

S/G

mbH

] an

d is

stri

ctly

con

fiden

tial.

It sh

all n

ot b

e co

mm

unic

ated

to

any

third

par

ty w

ithou

t th

e w

ritte

n co

nsen

t of

Ast

rium

[Ltd

/SA

S/G

mbH

].

Presented by Dr David LESENS Thursday, May 28, 2015

MBSE for Space Launchers System to Software Engineering in SysML Neptune 2015

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 2

Dr David LESENS

NASA's Climate Orbiter was lost

September 23, 1999, due to a software

bug

One engineering team used metric units while another used English units

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 3

Dr David LESENS

Committed Life-cycle against Time

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 4

Dr David LESENS

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 5

Dr David LESENS

Overview Airbus Defence & Space – Space Systems • Introduction • Why MBSE? • Automatic documentation generation • Automatic code generation

AFIS – French chapter of the INCOSE Conclusion

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 6

Dr David LESENS

Employees*: ~ 73,500 Revenues*: ~ € 39 bn

Fabrice Brégier

Employees*: ~ 22,400 Revenues*: ~ € 6.3 bn

Guillaume Faury

Employees**: ~ 40,000 Revenues**: ~ € 14 bn

Bernhard Gerwert

Employees*: ~ 140,000 Revenues*: ~ € 56 bn

Tom Enders

* in 2012 ** estimate for 2014

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 7

Dr David LESENS

Airbus Defence and Space: 4 Business Lines

Military Aircraft • A400M, A330 MRTT,

CN235, C212, Orlik

• Eurofighter, Tornado

• Barracuda, Atlante, Harfang, Euro Hawk, Future European Male, Tracker, Tanan, Survey Copter

Electronics • Radars and Identification

Friend or Foe (IFF) Systems, Electronic Warfare, Mission Avionics, Space Platform Electronics, Space Payload Electronics

Space Systems • Ariane 5, Automated Transfer

Vehicle, Eurostar E3000, Pléiades, Gaia, Skynet, oberservation satellites (Spot, TanDEM-X, TerraSAR-X), MetOp, Swarm, M51, International Space Station ISS, interplanetary probes (Herschel, Mars Express, Solar Orbiter), Lunar Lander

Communication, Intelligence & Security (CIS) • Surveillance and Security

Solutions, Secure Communications Solutions, Cyber Security, Coastal Surveillance Systems, NATO SATCOM Post-2000, Wireless Intranet Solutions in Theatre, Farmstar Expert, Tetra Systems

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 8

Dr David LESENS

Launchers and spacecraft

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 9

Dr David LESENS



Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 10

Dr David LESENS

Space launcher systems

Motors ignition Lift-off Stages release Flight Control Attitude control GNC

MVM Mission and Vehicle Management

Guidance, Navigation and Control

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 11

Dr David LESENS

Code

Code

GNC SW DD

SW detailed design

Architectural & RT design

GNC DF ICD MVM DF

Unit tests

Unit numerical tests

GNC SW TS

Integration tests

GNC proto

SW TS

Development process

Validation Software numerical validation

System qualification

Several teams / several skills MVM GNC Software

Numerical validation Qualification

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 12

Dr David LESENS

Code

Code

GNC SW DD

SW detailed design

Architectural & RT design

GNC DF ICD MVM DF

Unit tests

Unit numerical tests

GNC SW TS

Integration tests

GNC proto

SW TS Validation Software numerical validation

System qualification

Development process

A lot of documents Costly to write With redundant information With risks of inconsistencies

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 13

Dr David LESENS

Mission and Vehicle Management GNC …

Modelling & Auto-coding

System needs

Avionics Communication

Network

Data processing Architecture

Customer

Supplier

Flight software

Flight software

“Auto-coding” Coding by the people

Defining the need

Generic framework

Auto coding

“Classical” coding

Algorithmic code Algorithms skeleton Mission & vehicle management Software architectural design

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 14

Dr David LESENS



Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 15

Dr David LESENS

SysML modelling

Software Technical

Specification

Functional Files

Numerical Interface Control

Documents

SysML model

Power Thermal Control

Flight Control …

Solar wings Battery

Tank …

Mission Data

Algorithm Reference Document

Part of the flight code

Functional needs expressed by functional chain responsibles Avionics equipment design constraints (I/O, real-time…) by

equipment providers

Part of the

flight code

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 16

Dr David LESENS

• The model is developed by the system team • The documentation contains almost all the diagrams

• The model is developed by a dedicated team • The Word document is manually written by the system team • Some parts of the documentation is generated from the model • 80% of Internal block Diagrams (IBD) in the model • No IBD in the generated documentation, replaced by tables

Documentation generation

Java API DocGen 2

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 17

Dr David LESENS

NICD

HW2:ICD X

Y

A1

B1

A2

B2

(Numerical) Interface Control Document

ICD X

Y

Equipment provider

ICD

Modelling team

HW1:

NICD

System model

Consistency ICD NICD Consistency NICD System design

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 18

Dr David LESENS



Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 19

Dr David LESENS

Modelling in SysML of The finite state machines The architecture with

Description of the sequences in a textual formal language

Generic system architecture

On Board Control

Procedure engine

On

Pre-stop

Stop

Lower stage

Pressurization

Off

Pre-On

On

Upper stage

Pressurization

Upper Ctrl

Lower Ctrl

Stabilizing

Nominal

Control

Ctrl lower stage

Ctrl upper stage Stabilize

Internal command

Vehicle command

• Activation conditions • Inputs / outputs

End of thrust Mission

event

FUM commands

FUM command

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 20

Dr David LESENS

Mission and Vehicle Management Graphical modelling and textual modelling

Tooling • Modelling tool: COTS • Automatic code generator: In-House

plan The_Mission is wait event End_Of_Thrust; Prepare_Separation; wait 30; To_Upper_State; end;

Upper Ctrl

Lower Ctrl

Stabilizing

Nominal

In-house

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 21

Dr David LESENS

Modelling versus coding

R : Int32 := 3; Y : Float64 := 5.6; X1 : Int32 := R + Y; X2 : Float32 := R + Y;

More difficult development Need of a mathematical library “Niche” language

Used for studies

r = int32(3); y = double (5.6) x = r + y;

invalid operand types for operator "+" left operand has type "T_Int32" right operand has type "T_Float64"

x = 9

Very quick development Development environment

Difficulty of validation Proprietary language

Safer code Standard

Used for embedded software

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 22

Dr David LESENS

Guidance, Navigation and Control Prototypes Design • Interfaces • Activation conditions • Software threads

Coding • Algorithm description

Navigation Guidance

Control

Skeleton Skeleton Skeleton

thread T2 is period (20ms); functions (C; D; E); end;

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 23

Dr David LESENS



Association Française d’IngénierieSystème

Understanding system modelling

MBSE Model-Based Systems Engineering


25

Overview

Chapter 1 – Why MBSE? Model Based System Engineering in a nutshell The benefits of MBSE

Chapter 2 – What is MBSE? The details of MBSE Introduction Collaboration between domains and levels Modelling Languages Implementation approaches Specifying Model? MBSE and Simulation Reuse of models

Chapter 3 – Success stories Chapter 4 – Lessons learned Chapter 5 – Acronyms and Glossary


26

Success stories

AIRBUS DEFENCE AND SPACE Communication, Intelligence and Security Space Systems

ALSTOM Transport AREVA MBDA SCHNEIDER-ELECTRIC THALES

Arcadia Avionics


27

Lessons learned How to put MBSE in practice?

Management of cultural changes Promote MBSE inside the company (managers and system

engineers) Fund and schedule the MBSE activity Put in place the resources (staffing) to support MBSE deployment Commit people from the beginning of the project

Training Deploy a set of trainings

MBSE awareness training for the managers MBSE training for the modellers …

Put in place a pole of experts with coaching

© 2

013

Airb

us D

efen

ce a

nd S

Pace

– A

ll rig

hts

rese

rved

. The

repr

oduc

tion,

dis

trib

utio

n an

d ut

iliza

tion

of th

is d

ocum

ent a

s w

ell a

s th

e co

mm

unic

atio

n of

its

cont

ents

to o

ther

s w

ithou

t exp

ress

au

thor

izat

ion

is p

rohi

bite

d. O

ffend

ers

will

be

held

liab

le fo

r the

pay

men

t of d

amag

es. A

ll rig

hts

rese

rved

in th

e ev

ent o

f the

gra

nt o

f a p

aten

t, ut

ility

mod

el o

r des

ign.


28


Tools Put in place a set of customised tools (COTS are not sufficient)

Check tools Documentation generator Code generator …

Define the traceability process taking into MBSE Put in place a rigorous configuration management process Standardize the tools and the interfaces between tools Take into account the multi-user aspect of the modelling tools Generate automatically a set of focused (limited in size) documents

from model Ensure the long term availability of the customized toolset

© 2

013

Airb

us D

efen

ce a

nd S

Pace

– A

ll rig

hts

rese

rved

. The

repr

oduc

tion,

dis

trib

utio

n an

d ut

iliza

tion

of th

is d

ocum

ent a

s w

ell a

s th

e co

mm

unic

atio

n of

its

cont

ents

to o

ther

s w

ithou

t exp

ress

au

thor

izat

ion

is p

rohi

bite

d. O

ffend

ers

will

be

held

liab

le fo

r the

pay

men

t of d

amag

es. A

ll rig

hts

rese

rved

in th

e ev

ent o

f the

gra

nt o

f a p

aten

t, ut

ility

mod

el o

r des

ign.


29


Modelling guidelines (1/2) Define adapted detailed guidelines and practical golden rules

List of stakeholders u Input providers, modelling experts, model master, modellers, reviewers,

users… Structure of the model

u In sub-models, in hierarchical packages… Modelling rules consistent with the process

u Naming rules, semantics rules, links between the modelling artefacts and the requirements…

Ideally embedded them in the modelling tool …

© 2

013

Airb

us D

efen

ce a

nd S

Pace

– A

ll rig

hts

rese

rved

. The

repr

oduc

tion,

dis

trib

utio

n an

d ut

iliza

tion

of th

is d

ocum

ent a

s w

ell a

s th

e co

mm

unic

atio

n of

its

cont

ents

to o

ther

s w

ithou

t exp

ress

au

thor

izat

ion

is p

rohi

bite

d. O

ffend

ers

will

be

held

liab

le fo

r the

pay

men

t of d

amag

es. A

ll rig

hts

rese

rved

in th

e ev

ent o

f the

gra

nt o

f a p

aten

t, ut

ility

mod

el o

r des

ign.


30


Modelling guidelines (2/2) Define the right level of abstraction

Do not model anything if you don’t know for what purpose u Build models according to the way you will exploit them u Design only what has decisive influence on the architecture u Design with the level of detail which is enough to start the next step of

design Do not model in details if you are not able to keep the model up to date

u Adjust stopping criteria accordingly If you want quick return on investment, keep focussed on your major

problems / challenges first Favour modelling for several usages - “Model once, use many”

u In order to maximise ROI and motivate for maintenance

© 2

013

Airb

us D

efen

ce a

nd S

Pace

– A

ll rig

hts

rese

rved

. The

repr

oduc

tion,

dis

trib

utio

n an

d ut

iliza

tion

of th

is d

ocum

ent a

s w

ell a

s th

e co

mm

unic

atio

n of

its

cont

ents

to o

ther

s w

ithou

t exp

ress

au

thor

izat

ion

is p

rohi

bite

d. O

ffend

ers

will

be

held

liab

le fo

r the

pay

men

t of d

amag

es. A

ll rig

hts

rese

rved

in th

e ev

ent o

f the

gra

nt o

f a p

aten

t, ut

ility

mod

el o

r des

ign.

Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 31

Dr David LESENS



Confidential Th

is d

ocum

ent

and

its c

onte

nt is

the

prop

erty

of A

striu

m [L

td/S

AS

/Gm

bH]

and

is s

trict

ly c

onfid

entia

l. It

shal

l not

be

com

mun

icat

ed t

o an

y th

ird p

arty

with

out

the

writ

ten

cons

ent

of A

striu

m [L

td/S

AS

/Gm

bH].

28/05/2015 32

Dr David LESENS

Conclusion MBSE in the space domain • Is operationally used • Improves the architecting and engineering of complex systems • Improves the system to software engineering

Modelling may be graphical or textual But needs • Clear objectives • Precise guidelines and processes • Trained teams • Adapted tools

And will be in the future • Used in a larger perimeter • With a long term availability