Architecture Modeling - SPES 2020

More documents

Recommendations

Info

Architecture Modeling 5.2.2 Coping with the Complexity of the Supply Chain To ensure coherent product development across complex supply chains, the following key trends can be observed in the market: 1. Standardization of design entities 2. Harmonization/standardization of processes 5.2.2.1 Standardization of Design Entities By agreeing on (domain specific) standard representations of design entities, different industrial domains have created their own lingua franca, thus enabling a domain wide shared usage of design entities based on their standardized representation. Examples of these standards in the automotive sector include the recently approved requirement interchange format standard ReqIF [28], the AUTOSAR de-facto standard, the OSEK operating system standard, standardized bus-systems such as CAN and Flexray, standards for car2X communication, and standardized representations of test supported by ASAM. Examples in the aerospace domain include ARINC standards such as the avionics applications standard interface, integrated modular avionics, and RTCA communication standards. In the automation domain, standards for interconnection of automation devices such as Profibus are complemented by standardized design languages for application development such as Structured Text. As standardization moves from hardware to operating system to applications, and thus crosses multiple design layers, the challenge increases to incorporate all facets of design entities required to optimize the overall product, while at the same time enabling distributed development in complex supply chains. As an example, AUTOSAR extended in transitioning from release 3.1 to 4 its capability to capture timing characteristics of design entities, a key prerequisite for assessing alternate deployments with respect to their impact on timing. In general, the need for overall system optimization then calls for the standardization of all non-functional characteristics of design entities in order to allow cross-layer optimization. Within the EDA domain, such richness of design interface specifications is industrial practice. Within the systems domain, the rich component model introduced in the Integrated Projects SPEEDS tackles this key objective: in covering multiple design layers (from product requirements to deployment on target architectures) and in providing means of associating multiple viewpoints with each design entity, it is expressive enough to allow for cross-supply-chain optimization of product developments. This approach is further elaborated and driven towards standardization in the Artemis flagship project CESAR. 5.2.2.2 Standardization/harmonization of processes Harmonizing or even standardizing key processes (development processes, safety processes, etc.) provides for a further level of optimization in interactions across the supply chain. As an example, Airbus Directives and Procedures (ADBs) provide requirements for design processes of equipment manufactures. Often, harmonized processes across the supply chain build on agreed maturity gates with incremental acceptance testing to monitor progress of supplier development towards final acceptance, often building on incremental prototypes. Shared usage of PLM databases across the supply chain offers further potentials for cross-supply chain optimization of development processes. There are multiple challenges in defining such interfaces between OEM and suppliers. Specifications used for procurement should be precise, unambiguous, and complete. To this end, 100/ 156
Architecture Modeling OEMs are increasingly using models within procurement processes, typically safeguarding themselves against potential liability issues by requiring suppliers to validate such models against textual requirement specifications. A re-appearing reason for failures causing deep iterations across supply chain boundaries rests in incomplete characterizations of the environment of the system to be developed by the supplier, such as missing information about failure modes and failure rates, missing information on possible sources for interferences through shared resources, missing boundary conditions, etc. This highlights the need to explicate assumptions on the design context in OEM-supplier contracts. This key need was one of the major motivations for introducing the contract-based design methodology for embedded systems, as initially developed in the Integrated Project SPEEDS. In enforcing the analysis of the key characteristics of the environment required to enforce the system specification up front, responsibilities between what has to be guaranteed by the OEM (that the system provided by the supplier will be embedded in an overall design meeting the assumptions on the environment specified in the contract) and the supplier (in providing an implementation to the system specification provided that the system is used in a context meeting the specified environment characteristics) are clearly defined. In the light of an increased sharing of hardware resources by applications developed by multiple suppliers, such a contract-based approach seems indispensable for resolving liability issues and allowing co-existence of applications with different criticality levels (such as ASIL levels in automotive). In domains developing safety related systems, domain specific standards clearly define the responsibilities and duties of companies across the supply chain to demonstrate functional safety, such as in the ISO 26262 for the automotive domain, IEC 61508 for automation, its derivatives Cenelec EN 50128 and 50126 for rail, and Do 178 B for civil avionics. The challenge in defining standards rests in balancing the need for stability with the need of not blocking process innovations seen as indispensible to cope with the exponential growth in systems complexity and the overarching need of optimization techniques for cost reduction. As an example, means for compositional construction of safety cases thus allowing modular certification are seen as mandatory to reduce certification costs in the aerospace and rail domains. Similarly, the potential of using formal verification techniques to cope with increasing system complexity will lead to an adaptation of the current DO 178 B standard, establishing the role of these techniques within the construction of safety cases. In general, this calls for a closed feedback loop between design and safety processes, assessment the potential impact and benefit of such design representations and enabled process optimizations on safety standards, and identifying techniques with strong optimization potential and high industrial relevance early enough for adaptation of standards enabling their usage in safety-critical system design. 5.2.3 Getting Initial Requirements Right Depending on application domains, up to 50% of all errors result from imprecise, incomplete, or inconsistent requirements. Out of the many approaches taken in industry for getting requirements right, we focus here on those for initial systems requirements, relying on ISO 26262 compliant approaches such as discussed in the context of virtual system integration to systematically reduce system contracts to contracts on subsystems which are jointly powerful enough to establish the total set of system contracts. To cope with the inherently unstructured problem of (in-)completeness of requirements, industry has set up domain- and application-class specific methodologies striving towards completeness of requirement analysis. As particular examples, we mention learning process, such as employed by Airbus to incorporate the knowledge base of what is called external hazards from 101/ 156
Page 1 and 2:
Architecture Modeling ∗ Andreas B
Page 3 and 4:
Contents 1 Introduction 1 2 Quick-T
Page 5 and 6:
1 Introduction This document propos
Page 7 and 8:
Architecture Modeling allowing to m
Page 9 and 10:
Architecture Modeling creating a vi
Page 11 and 12:
Architecture Modeling the design it
Page 13 and 14:
Architecture Modeling of the logica
Page 15 and 16:
Architecture Modeling realization o
Page 17 and 18:
Architecture Modeling can usually o
Page 19 and 20:
3 The Architecture Meta-Model In Se
Page 21 and 22:
Abstraction-Levels (detail increase
Page 23 and 24:
3.2.2 Functional Perspective Archit
Page 25 and 26:
Architecture Modeling The semantics
Page 27 and 28:
Architecture Modeling expressed by
Page 29 and 30:
Architecture Modeling computing cap
Page 31 and 32:
3.2.5 Geometrical Perspective Archi
Page 33 and 34:
ShapeCompositionOperator intersecti
Page 35 and 36:
Architecture Modeling The constrain
Page 37 and 38:
Architecture Modeling of particular
Page 39 and 40:
Architecture Modeling Shape that de
Page 41 and 42:
Architecture Modeling Conjugation o
Page 43 and 44:
RichComponent Architecture Modeling
Page 45 and 46:
MultiplicityElement +part 0..* Rich
Page 47 and 48:
ComponentC Architecture Modeling pa
Page 49 and 50:
4 Steps in Component-Based Design T
Page 51 and 52:
Architecture Modeling Assume/guaran
Page 53 and 54: Architecture Modeling When specifyi
Page 55 and 56: Architecture Modeling next selectio
Page 57 and 58: Architecture Modeling ports must ha
Page 59 and 60: established if (and only if): Archi
Page 61 and 62: 12°C < tempSelect < 35°C actTemp
Page 63 and 64: Architecture Modeling The component
Page 65 and 66: Architecture Modeling 4.3.2 Establi
Page 67 and 68: Architecture Modeling a mapping is
Page 69 and 70: Architecture Modeling Another impor
Page 71 and 72: 5 Using the Architecture Meta-Model
Page 73 and 74: Architecture Modeling Design proces
Page 75 and 76: Architecture Modeling abstraction l
Page 77 and 78: Pwr1 Pedal_Pos1 Pwr2 Pedal_Pos2 CMD
Page 79 and 80: Architecture Modeling Figure 5.4: O
Page 81 and 82: Architecture Modeling Figure 5.7: L
Page 83 and 84: Architecture Modeling Figure 5.9: T
Page 85 and 86: Architecture Modeling Figure 5.12:
Page 89 and 90: Architecture Modeling However this
Page 91 and 92: Architecture Modeling The considera
Page 97 and 98: Architecture Modeling tasks Command
Page 99 and 100: Architecture Modeling of the V, suc
Page 101 and 102: Architecture Modeling thus decorate
Page 103: Architecture Modeling In summary, P
Page 107 and 108: Architecture Modeling provide effec
Page 111 and 112: Architecture Modeling patterns, cap
Page 113 and 114: Architecture Modeling 6.1 Syntax an
Page 115 and 116: 6.1.1.1.1 Attribuute Definit tion a
Page 117 and 118: Constrrain Eventts with Co ondition
Page 119 and 120: These events used in the “and the
Page 121 and 122: Formalization: whenever StartButton
Page 123 and 124: Architecture Modeling Basic bloock
Page 125 and 126: 6.1.1.1.1.3 Conditions Conditions c
Page 127 and 128: 6.1.1.1.2.2 Seammless Con ncatenati
Page 129 and 130: e3 && (clk==0) e1 idle pre e1 idle
Page 131 and 132: Pattern whenever event occurs condi
Page 133 and 134: If the brake force is above 80% for
Page 135 and 136: Pattern S3: Failure shall not be ca
Page 137 and 138: Pattern S9: failureCondition failur
Page 139 and 140: Pattern R2: Event occurs each perio
Page 141 and 142: idle e1 |clk:=0 e2 && (l
Page 143 and 144: The function : allocates a singl
Page 145 and 146: Examplees of clocks: • Run: {c=0@
Page 147 and 148: Architecture Modeling 1. For σ ∈
Page 149 and 150: Architecture Modeling Traces accord
Page 151 and 152: Architecture Modeling Definition 6.
Page 153 and 154: Architecture Modeling the one given
Page 155 and 156:
Architecture Modeling Decomposition
Page 157 and 158:
Bibliography [1] ARINC 653 - Avioni
Page 159 and 160:
Architecture Modeling [26] Holger G
show all

Architecture Modeling - SPES 2020

Create successful ePaper yourself

Delete template?

Save as template?