02.09.2019

LieberLieber SoftwareDr. Konrad Wieland

Agile Modeling in Safety-Critical Environments

LieberLieber Software2

Vienna, Austria

OUR EXPERTISE

• Model-based Systems Engineering

• Configuration Management for Models

• Integration Enterprise Architect with otherTools

LieberLieber Software3

My Background

• Business Informatics, TU Vienna (2003-2009)

• PhD: Model Versioning, TU Vienna (2009-2012)

• Trainer & Consultant for MBE (2012-2015)

• LieberLieber Head of Product Management (2015)

Agile Method’s World

Leeway in decision-making

Intermediate results, to check the direction

Planned solution at project begin

Uncertainty of project objectives

The uncertainty decrease during the project

Real solution at the project end

Project Start ← Iterations → Project End

But what if you have to change one of your previous decisions?

Leeway in decision-making

Intermediate results, to check the direction

Planned solution at project begin

New real solution at the project end

Project Start Project End

LieberLieber Software6

Agile practices for safety-critical development

• Safety-critical systems development has special needs beyond those of most projects. In such projects, additional practices to address those needs are included, such as:

• Safety analysis and assessment

• Continuous traceability

• Change management

• Requirements-based verification

Source: „Adopting agile methods for safety-critical systems development”Bruce Powel Douglass, Leslie Ekas, IBM, Oct. 2012.

LieberLieber Software7

Agile practices for safety-critical development

• Safety-critical systems development has special needs beyond those of most projects. In such projects, additional practices to address those needs are included, such as:

• Safety analysis and assessment

• Continuous traceability

• Change management

• Requirements-based verification

Source: „Adopting agile methods for safety-critical systems development”Bruce Powel Douglass, Leslie Ekas, IBM, Oct. 2012.

Models play a crucial role!

LieberLieber Software8

Solution Strategies

Manage Complexity

Model Based System

Engineering

Configuration and Change

Management

Agile Development

ASPICE vs Agile

Therefore ASPICE and Agile methods cannot, by definition,

contradict each other

The only valid question is – do concrete process implementations

satisfy ASPICE principles

ASPICE

• ASPICE describes process principals (WHAT level) but it does not predefine any concrete lifecycle models, methods, tools, templates, metrics, proceedings, etc.

Agile

• The Agile methods are defining the HOW level (lifecycle models, methods, etc.)

ASPICE Structure

Details of Mappings

HOW DO AGILE PRACTICES SUPPORT AUTOMOTIVE SPICE COMPLIANCE?© Fraunhofer IESE Philipp Diebold, Thomas Zehler, Dominik Richter

Project Management

(MAN.3)

Requirements Elicitation

(SYS.1)

Configuration Management

(SYS.1)

Scrum

XP

Base Practices

Base Practices

Base Practices

Work Products

Work Products

Work Products

Practice

Practice

Practice

Practice

ASPICE Structure

Mapping

Agile Methods are ASPICE compliant

HOW DO AGILE PRACTICES SUPPORT AUTOMOTIVE SPICE COMPLIANCE?© Fraunhofer IESE Philipp Diebold, Thomas Zehler, Dominik Richter

93%173 of 185 Automotive SPICE requirements are supported

63%97 of 155 agile practices

are used

760Mappings

96% Automotive SPICE Base Practices are supported

86% Automotive SPICE Work products are supported

87% (33 of 38) Srum and XP practices are used

LieberLieber Software12

Solution Strategies

Manage Complexity

Model Based System

Engineering

Configuration and Change

Management

Agile Development

LieberLieber Software13

From Concept to Solution as required by ISO 26262 Requirement Analysis Architecture & Design Testing

Component Responsibility

Normally Tier-1 Supplier

System Responsibility

normally OEM

3-7safety goals

3-8functional safety

requirements

4-6technical safety requirements

6-6 software safetyarchitectural level

requirements

6-6 software safetyunit level

requirements

4-9system safety

validation

4-8 vehicle integration

testing

4-8 systemintegration

testing

6-9software unit

testing

6-10 softwareintegration

testing

6-10 softwaresafety

verification

3-8 preliminaryarchitectural assumptions

4-7system design

6-7 softwarearchitectural

design

6-8software unit

design

3-5item definition

3-8functional safety concept

4-6/7technicalsafety concept How to Manage it without

Modeling Approach?

“Safety needs models”

LieberLieber Software14

Value of Modeling

Modeling as a tool for finding solutions

Model ascommunicationmedium

Model asknowledgedatabase

Model is your Knowledge Base

Component

Requirement

Requirement

realize

realize

Traceability = Model IntelligenceIt allows to generate as many views as necessary

One ModelMany Users Many Views

RequirementAnalysis

SystemArchitecture

Design

Implementation

ModuleTests

IntegrationTests

SystemTests

Test Cases

Validation

Test Cases

Verification

Test Cases

C: +23%T: +18%

C: +10%T: +6%

C: +37%T: +25%

C: -46%T: -45%

C: -9%T: -12%

Source: Summary of the dissertation “Model Based Development of Embedded Software Systems in the Automotive – Costs and Benefits” Author: Sascha Kirstan; TU München, 2011.

Impact of Model Based Systems Engineering

-27%

-36%

-40%

-35%

-30%

-25%

-20%

-15%

-10%

-5%

0%

CostsTime

Reduction of time effort for whole project

C : Costs

T : Time

Solution Strategies

Manage Complexity

Model Based System

Engineering

Configuration and Change

Management

Agile Development

LieberLieber Software18

Goals of Configuration and Change Management

Systematically tracking of changes during development and maintenance

Preserving the integrity of the system after changes

Preventing unwanted and unpredictable effects

Standardizing the process of making changes

Source Code

Your Memory of Project Progress and Project Decisions

Customer Branch B

Customer Branch A

Release Branch

Trunk

Develop Branch

V1.0 V1.1 V2.0

Version Tag

Possible Conflict

Architecture / Design

Wiki Expert Minds

Documents

Source Code

Your Memory of Progress and Decisions

Customer Branch B

Customer Branch A

Release Branch

Trunk

Develop Branch

V1.0 V1.1 V2.0

Version Tag

Possible Conflict

Model

Customer Branch B

Customer Branch A

Release Branch

Trunk

Develop Branch

V1.0 V1.1 V2.0

Version Tag

Possible Conflict

LieberLieber Software21

Continuous Integration – also for models?

• CI: integrate non-breakable changes to always have a executable software

… and for models?

• After each iteration (ideally after each change) an executable software a valuable model must be created.

What is a valuable model?

LieberLieber Software22

How to get a valuable model?

Models that help each other to understand

• over models that only experts understand

Evaluable and consistent models

• over an extensive diagram dump

Fulfilling the stakeholder needs

• over fulfilling the standards

Models that help to manage complexity

• over models that create complexity

Models that evolve through change

• over models that are treasured by change.

02.09.2019

LieberLieber SoftwareDr. Konrad Wieland

Thank you!

konrad.wieland@lieberlieber.com

Additional Infos

LieberLieber Software25

Established Processes for MBSEusing Git and Enterprise Architect

Source: https://de.atlassian.com/git

Version Control Systems - Examples

Continuous Engineering is the high-end Agile Modeling

Analyze Dependencies

ValidatePackage

Publish

Package Repository

Consume valid Model Packages with valid dependencies

Provide valid Model Packages with valid dependencies

Model

Model

Model