Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.
Model-based system engineering (MBSE) is nowadays more and more considered as essential to help defining complex systems. As underlined in the document “SYSTEMS ENGINEERING VISION 2020” edited by the INCOSE , it is a part of the recommended approaches for implementing system engineering processes. Moreover, complex systems often involve safety analysis to ensure that they behave properly even on failure. Safety engineers must thus be able to work closer with system engineers and adapt their process to the MBSE approach.
Working directly on the system models can drastically improve the communication between the safety and system engineers and ease the integration of the safety tasks in the system design cycle. Even if the work of the safety analyst consists mainly of its understanding of the system and its experience, the need of an adapted tool for model-based safety analysis (MBSA) is growing. Moreover, SysML is now the de facto standard for enabling MBSE, and industry players request a suitable open source solution for fostering both SysML-based system and safety engineers.
The Eclipse Safety Framework (ESF) project provides a set of tools that enable both modelling and analysis of safety concerns in the context of modelling standards such as SysML and MARTE.
ESF allows a first-class interactivity between design and safety assessment activities. A dysfunctional model is built from the system model denoted using SysML. It is used to specify possible failure-modes, mitigation barriers, and propagation behaviour at components level. This is the manual local analysis. From the specification of feared events (expressed in safety requirements), an automatic global analysis can then produce propagation paths and corresponding fault trees. The dysfunctional model can be improved in an iterative way, until the safety requirements are fully satisfied. Finally, reports can be exported in different formats (e.g., HTML and PDF) to document the analyses hypothesis and results.
Moreover, as this approach is based on models, each time the system model evolves, a new safety analysis can be done on the modified parts, and keeps the previous analysis on each unchanged component. This represents an important time-saving.
As systems are becoming more complex, their safety assessment needs powerful tools. Most of the existing tools are poorly connected to the system design process and cannot be associated at early stages of the development cycle.
Model-Based Safety Analysis relies on the idea that safety analysis activities can follow the design process in a parallel flow using the system functional and physical architectures as a common basis. The system model is used to capture the overall architectures and the interactions between their components. This abstract view of the system may be enriched with safety information using dedicated annotations in order to describe possible dysfunctional behaviours.
The Eclipse Safety Framework provides a set of tools for integrating safety techniques within a model driven engineering process based on both modeling standards, SysML and MARTE.
ESF is built on top of Papyrus and uses also other Eclipse projects as for example BIRT. ESF will be designed in a generic manner complying to the ISO standard IEC 61508, but it could be adapted to specific domains or industries to cope with specific safety concerns such as for example automotive (complying to standard ISO 26262) or rail way (complying to CENELEC EN 50126, EN 50128 et EN 50129). PolarSys has already identified the need of a tool to manage the safety analysis on the complex systems modelled. Safety Architect seems to match those expectations and we think that PolarSys is the right place to host this project.
By releasing ESF as an Open Source project, we are also pursuing the following objectives:
- Build a vibrant community around the model-based safety analysis including end-users, partners, suppliers and academics.
- Unleash the collaborations with other partners and projects.
ALL4TEC and CEA are offering respectively some of the main components of Safety Architect 3.0 and SOPHIA* as initial code base. It includes following features:
- Modelling feature: the modeller, designed as Papyrus customizations, will enable creation of a functional or physical model of the system to analyse.
- Import feature: this feature will enable the import of system models authored with Papyrus or Scade System. Other import options may be also provided later.
- Local analysis graphical editor feature: based on Papyrus, it allows defining the local effects of each elementary block of the system.
- Global safety analysis feature: the analysis engine underlying this feature is based it is based on a spread algorithm.
Safety report generation feature: it consists in generating a report including generation of critical paths and fault trees.* Yakymets, N.; Jaber, H.; Lanusse, A, “Model-Based System Engineering for Fault Tree Generation and Analysis,” International Conference on Model-Driven Engineering and Software Development, MODELSWARD’2013, February 19-21, Barcelona, Spain, 2013.
All contributions will be distributed under the Eclipse Public License.
The code for the initial contribution is already available. A first release of ESF is planned with Mars (but not as part of the release train).
- The graphical visualisation of the critical paths on the models, defined by the safety analysis results.
- Add a requirements management facilities adapted to the safety context.
- Enable the quantitative aspect in the safety analysis to add the probability management, and for example be able to generate FMECA (Failure Mode, Effects, and Criticality Analysis) or perform quantitative FTA (Fault Tree Analysis) including probabilistic analysis of minimal cut sets, importance and sensitivity analysis.
- Manage the dynamic aspects by modelling not only the static failure propagation but the dynamic behaviour of each component, the relations within a operational context, the time problematics, etc.
- EclipseCon Talks (to be continued)
- Blog of the development team, Twitter, Web site dedicated to the project, including videos to advertise and communicate around the project, tutorials, etc.