Architecture Modeling - SPES 2020

More documents

Recommendations

Info

Architecture Modeling provided interfaces on the ECUs and the required interfaces on the sensors limit the solution space. This data can be transformed automatically to be used by solving algorithms for finding a solution. This solution is transferred back into the model itself to generate architecture out of requirements and physical constraints. In Addition to architecture generation this technique can also be used for design space exploration. For different existing alternatives the minimal existing cable length can be calculated and compared. This approach differs from the typical design space exploration techniques since the metric for comparing designs is not based on the design that has been created until the run of the test, but on the quality of the solution that is possible to be designed in the future, based on the design decisions already made. This use case demonstrated that the geometrical perspective can be used as a valuable input for architecture generation and design space exploration. Furthermore the close relations between perspectives were demonstrated. 3.2.5.2 Identification of particular risks On the geometric perspective a particular risk analysis (PRA) can be performed in order to identify safety impacts of geometric installation decisions for a technical system under design. In the PRA failures that are external to the technical system are identified and analyzed in the geometric context of the system. The SAE-ARP 4761 defines particular risks as “events which are outside the system(s) concerned but which may violate event independence claims because they ’may influence several zones at the same time”’ According to EASA CS25 Book 2 subpart F particular risks are “those events or influences, which are outside the systems concerned. [...] Each risk should be the subject of a specific study to examine and document the simultaneous or cascading effects or influences, which may violate independence.” Therefore, these events are failures in the geometric perspective that implicate safety risks for the technical system under design. Technical components that are verified in a functional hazard analysis (FHA) to be functionally independent can fail together because all of them are involved into the effects of failures on the geometric perspective. Thus, functional hazards can be reached because of the geometric installation of components which are located in a way that they are impacted together by a particular risk. The PRA allows the identification and classification of such risks. Based on the results of a PRA the geometric installation of a system under design can be optimized in order to prevent functional hazards. Particular risks on the geometric perspective Relevant Particular risks for a system under design depend on the geometric context in which the system operates. Common particular risks are explosions, fire, heat, lightning, hits by foreign parts or leakage leading to evacuation of gas or liquids. For an individual system the particular risks are specific. I.e. for a space vehicle the effects of radiation or the impact of space debris have to be regarded. Tire burst, bird strike or engine burst are particular risks that can lead to the evacuation and the impact of fragments that damage or even destroy installed technical components of an airplane. According to EASA AMC20-128A when analyzing the burst of an airplane engine there can be different fragments which are single one third disc fragment, intermediate fragment, small fragment and fan blade. Performing a particular risk analysis on a geometric model In order to perform a PRA a model of the system under design in the geometric perspective must exist. Components of a technical perspective are allocated to geometric components of this model. The geometric components have geometric locations within the system under design. Therefore, the effect 32/ 156
Architecture Modeling of particular risks in the geometric perspective can be traced to the respective installed technical components. A particular risk is a failure condition for a geometric component which has a description of the sphere of effect in its geometric context. Such a description can be a shape which has a position and orientation relative to the component to which the particular risk belongs. I.e. the particular risk of a released airplane engine fragment has a description of a trajectory which describes its possible flight. This trajectory provides information about locations which may be impacted by the released fragment. Since the relative speed of an airplane engine fragment is very high the fragment will probably break though the skin of the airplane. Thus the trajectory can be considered to be the complete sphere of effect for the airplane. For other particular risks the spheres of effect can vary regarding parameters like mass, speed or orientation. An interference analysis provides information between the sphere of effect of particular risks, like the trajectory of a fragment, and parts of a geometric system under design. The result of such an analysis is a hitlist. Such a hitlist specifies geometric component parts of the geometric system under design that can take damage being affected by a paricular risk. Impacted installations of technical components which host essential safety functions can be determined that way. Furthermore the effect of particular risks can be other failures of components on the geometric perspective such as leaks which again effect involvement of liquids. Relationship of particular risks to the technical perspective Particular risks can have several effects on the safety of technical components in a system under design. I.e. a hit by an airplane engine fragment can lead to leakage of a fuel tank or damage of electric cables which results in lost of thrust. Such safety impacts can be identified based the results of a PRA. The destruction or damage of geometric components are again failure conditions. Using the allocation relationship from technical components to geometric components these failure conditions can be mapped to failure conditions of technical components. These failure conditions can be analyzed in an FHA to identify safety hazards which result from particular risks. Thus, the violation of functional independence on a technical perspective can be determined based on related failure conditions of a geometrical perspective which result from a PRA. Safety risks can be calculated to estimate the probability for a failure condition on the technical perspective based on the probability of a particular risk on the geometric perspective. Furthermore the installation of technical components can be optimized to improve the safety. Target of such an optimization can be the installation of technical components in a way that they are not impacted together by the same particular risk. Such an analysis and optimization can be embedded in a Common Cause Analysis (CCA) as defined in ARP 4761. Exemplary Particular Risk Analysis In an example the airbag system of a car is enhanced by an emergency call system. Considerable particular risks can be water intrusion due to leaks and a crash with an obstacle or another car. Loss of airbag and emergency call functionality is a failure which shall not be reached. Function loss due to intruding water can be prevented by improving covering materials. Thus, for this particular risk a safety analysis to optimize the component installation is not important. But in a crash an ECU can be completely destroyed by the forces that take effect from the crash. We consider the in time reaction of the airbag system to release the airbag during a crash to be verified. An emergency call system shall be hosted on the same ECU as the airbag system to ensure direct call of emergency services in case of a crash. Therefore, the ECU that hosts the airbag controller still has to work correctly after having released the airbag. This implicates additional requirements on the installation of the ECUs to positions in the car. As depicted in figure 3.22 an installation decision for the redundant airbag system with emergency call function can be analyzed in a PRA on the effects 33/ 156
Page 1 and 2: Architecture Modeling ∗ Andreas B
Page 3 and 4: Contents 1 Introduction 1 2 Quick-T
Page 5 and 6: 1 Introduction This document propos
Page 7 and 8: Architecture Modeling allowing to m
Page 9 and 10: Architecture Modeling creating a vi
Page 11 and 12: Architecture Modeling the design it
Page 13 and 14: Architecture Modeling of the logica
Page 15 and 16: Architecture Modeling realization o
Page 17 and 18: Architecture Modeling can usually o
Page 19 and 20: 3 The Architecture Meta-Model In Se
Page 21 and 22: Abstraction-Levels (detail increase
Page 23 and 24: 3.2.2 Functional Perspective Archit
Page 25 and 26: Architecture Modeling The semantics
Page 27 and 28: Architecture Modeling expressed by
Page 29 and 30: Architecture Modeling computing cap
Page 31 and 32: 3.2.5 Geometrical Perspective Archi
Page 33 and 34: ShapeCompositionOperator intersecti
Page 35: Architecture Modeling The constrain
Page 39 and 40: Architecture Modeling Shape that de
Page 41 and 42: Architecture Modeling Conjugation o
Page 43 and 44: RichComponent Architecture Modeling
Page 45 and 46: MultiplicityElement +part 0..* Rich
Page 47 and 48: ComponentC Architecture Modeling pa
Page 49 and 50: 4 Steps in Component-Based Design T
Page 51 and 52: Architecture Modeling Assume/guaran
Page 53 and 54: Architecture Modeling When specifyi
Page 55 and 56: Architecture Modeling next selectio
Page 57 and 58: Architecture Modeling ports must ha
Page 59 and 60: established if (and only if): Archi
Page 61 and 62: 12°C < tempSelect < 35°C actTemp
Page 63 and 64: Architecture Modeling The component
Page 65 and 66: Architecture Modeling 4.3.2 Establi
Page 67 and 68: Architecture Modeling a mapping is
Page 69 and 70: Architecture Modeling Another impor
Page 71 and 72: 5 Using the Architecture Meta-Model
Page 73 and 74: Architecture Modeling Design proces
Page 75 and 76: Architecture Modeling abstraction l
Page 77 and 78: Pwr1 Pedal_Pos1 Pwr2 Pedal_Pos2 CMD
Page 79 and 80: Architecture Modeling Figure 5.4: O
Page 81 and 82: Architecture Modeling Figure 5.7: L
Page 83 and 84: Architecture Modeling Figure 5.9: T
Page 85 and 86: Architecture Modeling Figure 5.12:
Page 87 and 88:
Architecture Modeling Figure 5.14:
Page 89 and 90:
Architecture Modeling However this
Page 91 and 92:
Architecture Modeling The considera
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Architecture Modeling tasks Command
Page 99 and 100:
Architecture Modeling of the V, suc
Page 101 and 102:
Architecture Modeling thus decorate
Page 103 and 104:
Architecture Modeling In summary, P
Page 105 and 106:
Architecture Modeling OEMs are incr
Page 107 and 108:
Architecture Modeling provide effec
Page 109 and 110:
Page 111 and 112:
Architecture Modeling patterns, cap
Page 113 and 114:
Architecture Modeling 6.1 Syntax an
Page 115 and 116:
6.1.1.1.1 Attribuute Definit tion a
Page 117 and 118:
Constrrain Eventts with Co ondition
Page 119 and 120:
These events used in the “and the
Page 121 and 122:
Formalization: whenever StartButton
Page 123 and 124:
Architecture Modeling Basic bloock
Page 125 and 126:
6.1.1.1.1.3 Conditions Conditions c
Page 127 and 128:
6.1.1.1.2.2 Seammless Con ncatenati
Page 129 and 130:
e3 && (clk==0) e1 idle pre e1 idle
Page 131 and 132:
Pattern whenever event occurs condi
Page 133 and 134:
If the brake force is above 80% for
Page 135 and 136:
Pattern S3: Failure shall not be ca
Page 137 and 138:
Pattern S9: failureCondition failur
Page 139 and 140:
Pattern R2: Event occurs each perio
Page 141 and 142:
idle e1 |clk:=0 e2 && (l
Page 143 and 144:
The function : allocates a singl
Page 145 and 146:
Examplees of clocks: • Run: {c=0@
Page 147 and 148:
Architecture Modeling 1. For σ ∈
Page 149 and 150:
Architecture Modeling Traces accord
Page 151 and 152:
Architecture Modeling Definition 6.
Page 153 and 154:
Architecture Modeling the one given
Page 155 and 156:
Architecture Modeling Decomposition
Page 157 and 158:
Bibliography [1] ARINC 653 - Avioni
Page 159 and 160:
Architecture Modeling [26] Holger G
show all

Architecture Modeling - SPES 2020

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?