View
14
Download
2
Category
Preview:
Citation preview
02.09.2019
LieberLieber SoftwareDr. Konrad Wieland
Agile Modeling in Safety-Critical Environments
LieberLieber Software2
Vienna, Austria
OUR EXPERTISE
• Model-based Systems Engineering
• Configuration Management for Models
• Integration Enterprise Architect with otherTools
LieberLieber Software3
My Background
• Business Informatics, TU Vienna (2003-2009)
• PhD: Model Versioning, TU Vienna (2009-2012)
• Trainer & Consultant for MBE (2012-2015)
• LieberLieber Head of Product Management (2015)
Agile Method’s World
Leeway in decision-making
Intermediate results, to check the direction
Planned solution at project begin
Uncertainty of project objectives
The uncertainty decrease during the project
Real solution at the project end
Project Start ← Iterations → Project End
But what if you have to change one of your previous decisions?
Leeway in decision-making
Intermediate results, to check the direction
Planned solution at project begin
New real solution at the project end
Project Start Project End
LieberLieber Software6
Agile practices for safety-critical development
• Safety-critical systems development has special needs beyond those of most projects. In such projects, additional practices to address those needs are included, such as:
• Safety analysis and assessment
• Continuous traceability
• Change management
• Requirements-based verification
Source: „Adopting agile methods for safety-critical systems development”Bruce Powel Douglass, Leslie Ekas, IBM, Oct. 2012.
LieberLieber Software7
Agile practices for safety-critical development
• Safety-critical systems development has special needs beyond those of most projects. In such projects, additional practices to address those needs are included, such as:
• Safety analysis and assessment
• Continuous traceability
• Change management
• Requirements-based verification
Source: „Adopting agile methods for safety-critical systems development”Bruce Powel Douglass, Leslie Ekas, IBM, Oct. 2012.
Models play a crucial role!
LieberLieber Software8
Solution Strategies
Manage Complexity
Model Based System
Engineering
Configuration and Change
Management
Agile Development
ASPICE vs Agile
Therefore ASPICE and Agile methods cannot, by definition,
contradict each other
The only valid question is – do concrete process implementations
satisfy ASPICE principles
ASPICE
• ASPICE describes process principals (WHAT level) but it does not predefine any concrete lifecycle models, methods, tools, templates, metrics, proceedings, etc.
Agile
• The Agile methods are defining the HOW level (lifecycle models, methods, etc.)
ASPICE Structure
Details of Mappings
HOW DO AGILE PRACTICES SUPPORT AUTOMOTIVE SPICE COMPLIANCE?© Fraunhofer IESE Philipp Diebold, Thomas Zehler, Dominik Richter
Project Management
(MAN.3)
Requirements Elicitation
(SYS.1)
Configuration Management
(SYS.1)
Scrum
XP
Base Practices
Base Practices
Base Practices
Work Products
Work Products
Work Products
Practice
Practice
Practice
Practice
ASPICE Structure
Mapping
Agile Methods are ASPICE compliant
HOW DO AGILE PRACTICES SUPPORT AUTOMOTIVE SPICE COMPLIANCE?© Fraunhofer IESE Philipp Diebold, Thomas Zehler, Dominik Richter
93%173 of 185 Automotive SPICE requirements are supported
63%97 of 155 agile practices
are used
760Mappings
96% Automotive SPICE Base Practices are supported
86% Automotive SPICE Work products are supported
87% (33 of 38) Srum and XP practices are used
LieberLieber Software12
Solution Strategies
Manage Complexity
Model Based System
Engineering
Configuration and Change
Management
Agile Development
LieberLieber Software13
From Concept to Solution as required by ISO 26262 Requirement Analysis Architecture & Design Testing
Component Responsibility
Normally Tier-1 Supplier
System Responsibility
normally OEM
3-7safety goals
3-8functional safety
requirements
4-6technical safety requirements
6-6 software safetyarchitectural level
requirements
6-6 software safetyunit level
requirements
4-9system safety
validation
4-8 vehicle integration
testing
4-8 systemintegration
testing
6-9software unit
testing
6-10 softwareintegration
testing
6-10 softwaresafety
verification
3-8 preliminaryarchitectural assumptions
4-7system design
6-7 softwarearchitectural
design
6-8software unit
design
3-5item definition
3-8functional safety concept
4-6/7technicalsafety concept How to Manage it without
Modeling Approach?
“Safety needs models”
LieberLieber Software14
Value of Modeling
Modeling as a tool for finding solutions
Model ascommunicationmedium
Model asknowledgedatabase
Model is your Knowledge Base
Component
Requirement
Requirement
realize
realize
Traceability = Model IntelligenceIt allows to generate as many views as necessary
One ModelMany Users Many Views
RequirementAnalysis
SystemArchitecture
Design
Implementation
ModuleTests
IntegrationTests
SystemTests
Test Cases
Validation
Test Cases
Verification
Test Cases
C: +23%T: +18%
C: +10%T: +6%
C: +37%T: +25%
C: -46%T: -45%
C: -9%T: -12%
Source: Summary of the dissertation “Model Based Development of Embedded Software Systems in the Automotive – Costs and Benefits” Author: Sascha Kirstan; TU München, 2011.
Impact of Model Based Systems Engineering
-27%
-36%
-40%
-35%
-30%
-25%
-20%
-15%
-10%
-5%
0%
CostsTime
Reduction of time effort for whole project
C : Costs
T : Time
Solution Strategies
Manage Complexity
Model Based System
Engineering
Configuration and Change
Management
Agile Development
LieberLieber Software18
Goals of Configuration and Change Management
Systematically tracking of changes during development and maintenance
Preserving the integrity of the system after changes
Preventing unwanted and unpredictable effects
Standardizing the process of making changes
Source Code
Your Memory of Project Progress and Project Decisions
Customer Branch B
Customer Branch A
Release Branch
Trunk
Develop Branch
V1.0 V1.1 V2.0
Version Tag
Possible Conflict
Architecture / Design
Wiki Expert Minds
Documents
Source Code
Your Memory of Progress and Decisions
Customer Branch B
Customer Branch A
Release Branch
Trunk
Develop Branch
V1.0 V1.1 V2.0
Version Tag
Possible Conflict
Model
Customer Branch B
Customer Branch A
Release Branch
Trunk
Develop Branch
V1.0 V1.1 V2.0
Version Tag
Possible Conflict
LieberLieber Software21
Continuous Integration – also for models?
• CI: integrate non-breakable changes to always have a executable software
… and for models?
• After each iteration (ideally after each change) an executable software a valuable model must be created.
What is a valuable model?
LieberLieber Software22
How to get a valuable model?
Models that help each other to understand
• over models that only experts understand
Evaluable and consistent models
• over an extensive diagram dump
Fulfilling the stakeholder needs
• over fulfilling the standards
Models that help to manage complexity
• over models that create complexity
Models that evolve through change
• over models that are treasured by change.
02.09.2019
LieberLieber SoftwareDr. Konrad Wieland
Thank you!
konrad.wieland@lieberlieber.com
Additional Infos
LieberLieber Software25
Established Processes for MBSEusing Git and Enterprise Architect
Source: https://de.atlassian.com/git
Version Control Systems - Examples
Continuous Engineering is the high-end Agile Modeling
Analyze Dependencies
ValidatePackage
Publish
Package Repository
Consume valid Model Packages with valid dependencies
Provide valid Model Packages with valid dependencies
Model
Model
Model
Recommended