Upload
noah-hensley
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Interoperability between a dynamic reliability modeling and a Systems Engineering process – Principles and Case Study
Gilles Deleuze, Aurélie Leger, Pierre Yves PiriouElectricité de France R&D
Sylvain Chabroux, Joe MattaKnowledge Inside
ERTS 2014, Toulouse, 6 Feb 2014
‹N°› - 05/06/2012
Summary
Introduction
Definitions
Framework for RAMS/SE Interoperability
Meta model for interoperability
Case Study
Conclusion
‹N°› - 05/06/2012
Introduction
‹N°› - 05/06/2012
RAMS
=
Reliability, Availability, Maintainability and Safety assessments
‹N°› - 05/06/2012
INTRODUCTION
Feasibility demonstrated of interoperability between System Engineering frameworks and RAMS [David, 2010], [Aboutaleb, 2012]
Limitation: “static” dependability, invariant system structure
Large and complex industrial systems, requires “dynamic” dependability approaches
Idea:
develop a “hub automaton”, that supports the translation of dynamic models for specific dynamic dependability tools.
TEST CASESteam generator in a nuclear power plant
Vue des parties internes du GV
TEST CASE
Risk = Unavailability of Feed water control system
‹N°› - 05/06/2012
Feedwater Control System
Vue des parties internes du GV Schéma de principe du GV
Surface d’échange: 4746 m2Débit vapeur: 1820 t/hr
Hauteur: 20,60 mDiamètre: 4,50 m
Poids à vide: 300 t
plage de variation à surveiller.
‹N°› - 05/06/2012
Definitions
‹N°› - 05/06/2012
DEFINITIONS
Complexity = “interactive complexity” + “tight coupling” [Perrow, 85]
Interactive complexity : dynamic phenomena, occurrence of rare event sequences and non-linear effects.
Consequence: risk of incomplete knowledge of the system.
Tight coupling : strong interdependence between phenomena.
Consequence: risk of dependent failures, e.g. common-cause and cascade failures.
‹N°› - 05/06/2012
DEFINITIONS
Dynamic Dependability“…influence of time, process dynamics, and human actions, on system operations and failures, and accidental scenarios.“ [Brissaud, 2011]
Rely on Dynamic Fault Trees, Boolean Driven Markov Processes…
Hybrid SystemCombination of continuous physical processes, deterministic event sequences, random events [Aubry et al., 2012]
Hybrid dependabilityMathematical framework Kolmogorov-Chapman equations [Labeau, Smidts, 2000]
Modeling or simulation of Piecewise Deterministic Markov Processes (PDMP) [Dufour, 2002]
Dynamic reliability Continuous phenomena (for example, ageing) influenced by stochastic events or drifts: reliability characteristics influenced by the process.
‹N°› - 05/06/2012
Framework for RAMS/SE Interoperability
‹N°› - 05/06/2012
FRAMEWORK
Interoperability vs. Integration [Léger, 2009]
Activity A Activity B
Activity C
REAL SYSTEM
Activity A
Activity B
Activity C
AN INTEGRATED MODEL OF THE SYSTEM
Shared semantics
Real activities are in interaction and sometimes in integration
Integrated model of activities Interoperable model of activities
Activity A Activity B
Activity C
AN INTEROPERABLE MODEL OF THE SYSTEM
Neutral exchange formalism
‹N°› - 05/06/2012
FRAMEWORK
• Implementation of the metamodel
Choice of arKItect Designer :
Commercial Off-The-Shelf (COTS) by KNOWLEDGE INSIDE
Ready to use
Meta-Model Interpreter
Generation of customizable building block diagrams
Easy to use.
Completeness.
‹N°› - 05/06/2012
FRAMEWORK
• Dynamic Modelling
Two approachesStochastic Hybrid Automaton (SHA) [Babykina, 2011] [Castaneda, 2011].
Quantitative analysis with Monte Carlo Simulations, to make dependability assessments
Quantitative analysis with exploration of minimal sequences
Open source tool EDF R&D : Pycatshoo, based on SHA [Chraïbi, 2013].
State Charts and a dedicated COTS (Matlab/Simulink) [Zhang, 2012] Quantitative analysis with Monte Carlo simulations
Both require:
Combination of engineering activities,
Computational power
Large volume of data (e.g; reliability data, state graphs…)
Models at component level
Interoperability between various tools (Matlab, Scilab, Pycatshoo …).
Choice for this study: Interoperability between SE process and a dynamic modeling based on SHA.
‹N°› - 05/06/2012
FRAMEWORK
RAMS/SE interoperability
Stages of the SE process
System Specifications (SS)
Analysis of requirements
Functional Architecture
System Design (SD).
System Architecture (SA)
Refinement Feedback.
‹N°› - 05/06/2012
FRAMEWORK
RAMS/SE interoperability
Stages of the RAMS process
Preliminary Risk Analysis (PRA)
System state definition
System risk event identification
Undesired Customer Event (UCE) identification
System Risk Analysis (SRA)
Static” analysis such as Failure Modes and Effects Analysis (FMEA)
Fault Tree Analysis (FTA).
Dynamic modeling
‹N°› - 05/06/2012
FRAMEWORK
Interoperable System Engineering and RAMS processes developed for the test case
RAMS process - Implementation in arKItect
‹N°› - 05/06/2012
FRAMEWORK
RAMS/SE interoperability
Relations between the processes implemented through the SE platform
Python scripting to interface SE platform and RAMS tools
Documentation
Traceability maintained throughout all levels of system model, incl. requirements, evolutions..
Allocation of System Requirements to hardware, software, or manual actions.
Allocation of functional and performance requirements or design constraints.
‹N°› - 05/06/2012
Metamodel for Interoperability
‹N°› - 05/06/2012
METAMODEL FOR INTEROPERABILITY
Existing Meta-model [Pfister, 2012] extended to represent Dynamic Dependability into SE processes [Piriou, 2013] [Piriou, 2014]
Semantics for phased mission systems with repairable multistate components.
Represented by an UML class diagram
‹N°› - 05/06/2012
METAMODEL FOR INTEROPERABILITY
Specific items for dynamic RAMS modeling
Phased missions Structure, failure and recovery processes, success criteria are phase-specific
Component States Each component can be activated and can fail according to several operation
Effects of component states on function achievement
Important for components having non discrete capacities (pumps, heaters…)
Redundancy policies
Component States - Implementation in arKItect
Achievement rates - Implementation in arKItect
‹N°› - 05/06/2012
METAMODEL FOR INTEROPERABILITY
Algorithm for a dynamic model
Based on an instance of the meta-model,Formalism: Stochastic Guarded Transition System (SGTS) [Rauzy, 2008]
Algorithm
Defining and initializing variables
Defining the transitions
3 mission phase transition
7 stochastic transitions
4 priority transitions (redundancy policy)
Defining assertions
compute if the function is satisfied and if the redundancy policies must be called.
Instance of the meta-model
Example of priority transition
Example of stochastic transition
‹N°› - 05/06/2012
Case Study
‹N°› - 05/06/2012
THE CASE STUDY
Availability of a feed-water control system used in a power plant steam generator
Classical problem of hybrid dependability with dynamic reliability issue.
[Aubry et al., 2012], [Zhang, 2012], [Deleuze et al., 2011] [NUREG 6942].
In the article, only the sub-system composed of the two feeding turbo pumps is considered.
‹N°› - 05/06/2012
THE CASE STUDY
‹N°› - 05/06/2012
THE CASE STUDY
‹N°› - 05/06/2012
THE CASE STUDYSGTS implemented with PyCATSHOO [Chraïbi, 2013]
PythoniC AuTomates Stochastiques Hybrides Orientés Objet
Expert knowledge integrated to the model to compensate lack of knowledge due to the semantic used for interoperability.
Availability is assessed with a Monte Carlo simulation
Output: unavailaibility of the two pumpsSequence : 12 identical missions
For each mission: 1st phase lasts 1 day, 2nd phase 28 days, 3rd phase 1 day.
Average unavailability is equal to 0.62%.
Unavailability of the pumps(x-axis : time in hours, y-axis : unavailability)
‹N°› - 05/06/2012
Conclusion
‹N°› - 05/06/2012
CONCLUSION
First step towards interoperability of SE and dynamic RAMS
A sound SE process, supported by a tool like arKItect Designer , can support the RAMS engineer to manage data and models
A “hub automaton” based on Stochastic Guarded Transition System support the translation of the dynamic dependability model into dynamic RAMS tools
Given a SE Meta-model [Piriou, 2013], a RAMS engineer can model realistic failure/repair scenarios, redundancy policies and dynamical allocation of functions… and manage traceability and data
Complementary studies : more hybrid aspects, dynamic reliability modeling aspects.