1. Wednesday, 24 September 2008 P. David, V. Idasiak & F. Kratz PRISME Institute Team-project MCDS Reliability in Design: FMEA Derived from UML/SysML models

2. 2 Outline 1. Background 2. UML and SysML for reliability analysis 3. Method for reliability study in design process 4. Automatic synthesis of FMEA 1.Previous works on FMEA synthesis 2.Crucial points for FMEA automatic synthesis 3.Exploiting UML/SysML Sequence diagrams 5. Case study 6. Next step with SysML 7. Conclusion

3. 3 Background Difficult to conduct Reliability studies during design: Time consuming process Complex formal methods Communication difficulties Mastering the complexity of multi-technological systems Unifying the processes around one modelling language

4. 4 Background Improving reliability study during Design: Creating tools and methods to support safety-critical system design: Integrating formal methods to the design process (GSPN, Markov Process) Developing tools and methods to efficiently conduct widespread industrial practices (FMEA, Requirements allocation) Proposing algorithms and analysis to be integrated in commercial tools ( UML, SysML tools ). Guiding the design towards reliable solutions: Insuring the traceability of Requirements (performance, reliability, safety)

5. 5 Using UML and SysML Object-oriented languages: Complex and multi technologic Systems Hierarchical, modular and incremental approach Graphical and accessible languages Modelling constructs for Architecture and Behaviour Functional behaviour and architecture analysis Dysfunctional behaviour modelling Various works on merging UML with formal methods (Markov Process, GSPN, Fault Trees)

6. 6 Method for reliability study Automatic FMEA synthesis Full FMEA Functional Hazard Analysis FHA Preliminary Hazard Identification PHI Functional Model Architecture Behaviour GSPN, Markov Process, AltaRica, Figaro Failure mode repository Formal languages

7. 7 Automatic synthesis of FMEA Importance of FMEA process: Performed at an early stage Systematic identification of risks Classify the risks Underline weak points of the system Weak points of FMEA Time consuming Error prone analysis Huge amount of information to produce Ambiguity of the quoted values

8. 8 Numerous existing works: Organisational practises (Bassetto 2005) Mastering simultaneous failures (Price and Taylor 2002) Computing the effects at overall system scale (Price and Taylor 2002), (Papadopoulos et al. 2004b) Enhancing classification and promoting the use of natural vocabulary (Bowles and Pelaez 1995) Weak points of previous works: Domain specific approach (electronic) No help for FMEA initialisation (component identification) No real use of lesson learnt databases Computation of failure effects only from a dysfunctional model Previous works on FMEA synthesis

9. 9 Essential points for automatic FMEA synthesis: The exploited model: Hierarchy between blocks Architecture of the system and its functionalities Data and flow transmissions A Dysfunctional Behaviour Database Contains lesson learnt on components failures References Failure modes name References Failure modes behaviour Crucial points for FMEA automatic synthesis

10. 10 Our ambitions: Studying functional models at early stages of design process Insuring exhaustiveness of component identification Use and construction of a lesson learnt database Identifying the primary Failure Modes Automatic synthesis of FMEA

11. 11 Sequence Diagram exploitation componentA:AcomponentB:B message:MessageType Sequence Diagram (SD) ClassA FailureMode :FailureMode[*] ClassB FailureMode :FailureMode[*] Dysfunctional behaviour database m2:m2type FMEA Table

12. 12 Case Study: Level Control System (LCS)

13. 13 LCS Sequence Diagram

14. 14 Preliminary FMEA report ComponentFailure ModePossible CausesPossible Effects S1No detectionInternal CauseInternal Effect From S1 by ActivationOn Ev1 by CommandEv On S1 by Activation False DetectionInternal CauseInternal Effect From S1 by ActivationOn Ev1 by CommandEv On S1 by Activation This table is a good help to build the final FMEA. Relation to consider are indicated. Known Failure Mode are already mentioned. The heavy phase of FMEA is automatically performed (Component census, Search in database).

15. 15 Next step with SysML 15 Requirements Traceability Failure Mode Repository Component Identification Control signals Flow transmission

16. 16 LCS in SysML

17. 17 New preliminary FMEA report ComponentFailure ModePossible CausesPossible Effects S1No detectionInternal CauseInternal Effect From S1 by ActivationOn Ev1 by CommandEv From Ps through PopS-PiS1 [PowerInput] On S1 by Activation On Ev1 through CiS1-CiEv1 [CommandInterface] False Detection Internal CauseInternal Effect From S1 by ActivationOn Ev1 by CommandEv From Ps through PopS-PiS1 [PowerInput] On S1 by Activation On Ev1 through CiS1-CiEv1 [CommandInterface]

18. 18 Conclusion A precious part of FMEA is automatically built. The preliminary report is a great guideline for analysts. It helps saving a lot of time while respecting the exhaustivity of the study. SysML shows huge possibilities to enhance this first solution. Effective solution to start the deployment of the presented method.

19. 19 Acknowledgements We specially want to thank all our partners involved in the CAPTHOM project. This work was realized with the financial help of the French Industry Ministry and local collectivities, within the framework of the CAPTHOM project of the Competitiveness Pole S 2 E 2, www.s2e2.fr.www.s2e2.fr