[ Capella Day 2019 ] Augmenting requirements with models to improve the articulation between system engineering levels and optimize V&V practices

1. www.thalesgroup.com THALES GROUP OPEN Arcadia and Capella: As much as I can tell and demonstrate in a bit less than one hour, from core concepts to advanced practices and perspectives Stéphane Bonnet THALES CAPELLA DAY, MUNICH, SEPT. 16TH 2019

2. 2 THALES GROUP OPEN A focused journey in a Capella model Extremely quick and simple example to introduce both the method and the tool

3. 3 THALES GROUP OPEN Methodology and high level concepts and viewpoints Purpose-built to provide the notation and diagrams fitting the Arcadia approach Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2015Allrightsreserved.

4. 4 THALES GROUP OPEN Understand the customer/user need Define and share the solution among stakeholders Secure SYS/SW/HW engineering, prepare subcontracting Early evaluate and justify architectural design Prepare and master V&V

5. 5 THALES GROUP OPEN Arcadia : A “Simple” Engineering Language NEED SOLUTION

6. 6 THALES GROUP OPEN Capability Interface Mode State Function Functional exchange involves Functional Chain Scenario Is described by implements Actors, Components Component exchange involves

7. 7 THALES GROUP OPEN Bird eye view of the approach

8. 8 THALES GROUP OPEN A1 A3 A2 Operational Analysis WHAT THE USERS/STAKEHOLDERS NEED TO ACCOMPLISH Support of discussions with the customer, objectives, activities and processes, pains, gains, etc.

9. 9 THALES GROUP OPEN Not relevant here The exact boundary of our system/product

10. 10 THALES GROUP OPEN F2 F1 F3 F4 F5 A1 A3 A2 System Need Analysis WHAT IS EXPECTED FROM THE SYSTEM Capability trade-off analysis, system boundaries, external interfaces, actors

11. 11 THALES GROUP OPEN Not relevant here Anything solution-related: how things work, which technologies, etc.

12. 12 THALES GROUP OPEN F2 F1 F3 F4 F5 A1 A3 A2 ViewPoints C1 C2 C3 F21 F1 F6 F3 F22 Conceptual solution HOW THE SYSTEM WILL WORK SO AS TO FULFIL EXPECTATIONS High-level architecture description, functional refinement, architectural drivers, functional allocation, first trade-offs, modes and states analysis

13. 13 THALES GROUP OPEN Not relevant here Which specific sensors, which command device, communication media between the drone and the base station, detailed interfaces

14. 14 THALES GROUP OPEN F2 F1 F3 F4 F5 A1 A3 A2 HOW THE SYSTEM WILL BE DEVELOPED AND BUILT Implementation constraints, reuse, refined trade-offs, M/T/B strategy, finalized detailed interfaces ViewPoints C1 C2 C3 F21 F1 F6 F3 F22 ViewPoints C11 C12 C1’ C2 C3 C4 F21 F1 F6 F7 F22 e.g. Processors e.g. Buses e.g. SW, HW components Finalized Architecture HOW THE SYSTEM WILL BE DEVELOPED AND BUILT Implementation constraints, reuse, refined trade-offs, M/T/B strategy, finalized detailed interfaces

15. 15 THALES GROUP OPEN Not relevant here Internal detailed design of each system constituent

16. 16 THALES GROUP OPEN Allocation Allocation Allocation Allocation Deployment Involvement Involvement Involvement Involvement Realization OA SA LA PA Realization Realization Réalisation CAPABILITIES FUNCTIONS STRUCTURE Description Description Description Description NEEDSOLUTION Realization Realization Realization Realization Realization Realization Realization Realization Realization Realization Realization Exploitation

17. 17 THALES GROUP OPEN Focus on (some) key features

18. 18 THALES GROUP OPEN 1. Functional chains 4. Property Values Management Tool (add-on) 2. Replication of elements 3. Filtering (add-on)

19. 19 THALES GROUP OPEN 1. Functional chains What? Creation and composition of functional chains Why? To capture system usage examples, to enforce design completeness and consistence, to drive engineering activities (e.g., V&V or development strategy)

20. 20 THALES GROUP OPEN 2. Replication of elements What? Automated synchronization of model parts, automated reconnections Why? Enabler for instance-level modeling (cloning of a prototype instance), enabler for reuse of building blocks

21. 21 THALES GROUP OPEN U U UU D P Prototype pattern the « type » is also an instance Definition and usages « types » are defined separately

22. 22 THALES GROUP OPEN 3. Filtering (add-on) What? Definition of criteria on model elements, automated preview and derivation of filtered models Why? Master system increments, master the data exchanged with customer or sub-contractors, etc.

23. 23 THALES GROUP OPEN V1 V2 V3 Internal SubA Sub B Overall need solution model

24. 24 THALES GROUP OPEN V1 V2 V3 Internal SubA Sub B V1 and V2 for Sub A

25. 25 THALES GROUP OPEN 4. Property Values Management Tool (add-on) What? Easy creation of model extensions and customization of diagram graphical rendering Why? Charactization of models with meaningful, domain-specific information, instant perception of added-value for models

26. 26 THALES GROUP OPEN Augmenting requirements with models to improve the articulation between engineering levels and optimize verification and validation activities

27. 27 1. Model elements ARE requirements

28. 28 Textual requirements are at the heart of the current engineering practices Solution model helps validate feasibility, elicit/justify new requirements for the system/subsystems Need model helps formalize and consolidate customer and system requirements

29. 29 Capability Interface Mode State Function Functional exchange involves Functional Chain Scenario Is described by implements Actors, Components Component exchange involves

30. 30 Visualize data in live during flight Display acquired HD video in live Display multi-spectral image in live Display thermal image in live Visualize all collected mission data Visualize substance level in live

31. 31 Models add rigor to need expression / solution description Models enable automated processing

32. 32 R R Requirements Model elements R

33. 33 Textual Requirements Model elements Requirements R R R

34. 34 A model requirement can formalize a textual requirement and explicit its effects and ramifications

35. 35 Some expectations (environmental, regulations, etc. ) are easier to express with textual descriptions.

36. 36 Some expectations on a model element at a given engineering level do not require a formal modeling (which is left to subsystem design)

37. 37 2. Contracts between engineering levels: workflow

38. 38 Solution NeedSolution Textual Requirements Direct allocation LevelN

39. 39 Solution Textual Requirements NeedSolution Direct allocation 1 1. Elicitation of model and textual requirements on the system LevelN

40. 40 Solution Textual Requirements Direct allocation 1 2 2. Architecture description specifies with the adequate level of detail how the system works and what is expected from each constituent The goal here is to prepare the contracts for all subsystems and guarantee their proper integration. LevelN NeedSolution

41. 41 Solution NeedSolution Textual Requirements Direct allocation LevelN 1 2 C11 F21 F1 F6 Textual Requirements 3 4 Need LevelN+1 4. Textual requirements are created when needed, in addition to the model requirements: legal, non- functional, additional specification of internal expected behaviour 3. The context of a given system constituent is entirely computed (anything contributing to the definition of this constituent including allocated Functions, interfacing Components, etc.)

42. 42 Tablet is a constituent of a drone-based system Tablet is the (sub)system of interest 3

43. 43 Model-based workflow favors co-engineering over the traditional differentiation between “customer” requirements and “system” requirements

44. 44 3. (Happy) consequences on V&V and incremental development strategy

45. 45 Textual Requirements Model Requirements R R R (Derived, reconstructed link) IVV Version (RV/DV) Verification and validation

46. 46 System-level V&V procedures Visualize data in live during flight Display acquired HD videoin live Display multi-spectral image in live Display thermal image in live Visualize all collected mission data Visualize substance level in live Subsystems, software, etc. System architectural design R R Vertical slices of architectural design across need and solution models Definition of increments with expected functional chains (user stories) INC 1 INC 2

47. 47 Instanciated workflow Two years, 30 persons

48. 48 THALES GROUP INTERNAL Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved. System Engineering data package SYSTEM BLACK BOX SYSTEM GLASS BOX Sub-System Engineering data package SUB-SYSTEM BLACK BOX SUB-SYSTEM GLASS BOX System delivery Sub-System delivery SUB-SYSTEM COMPONENTS SYSTEM VERIFIED SYSTEM INTEGRATED SUB-SYSTEM VERIFIED SUB-SYSTEM INTEGRATED x8 Classical scheme, rolled out by increments

49. 49 THALES GROUP INTERNAL Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved. IVV procedure Functional chain RequirementsFunctional Chains list Functional Chains release definition IVV Test Suite Repository

50. 50 THALES GROUP INTERNAL Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved. Requirements SA functional chains SA Functions & exchanges System Context SYSTEM BLACK BOX System Context SYSTEM GLASS BOX satisfies LA functional chains LA functions & exchanges 15 leaf components 402 leaf-functions 1856 funct. exchanges 1676 requirements Domain knowledge Logical (LA) components Requirements Interface & Data 6 capabilities 198 funct. Chains 24 leaf-functions 458 funct. exchanges 641 requirements

51. 51 THALES GROUP INTERNAL Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved. SUB-SYSTEM BLACK BOX SYSTEM GLASS BOX System Logical Architecture LA functional chains System Internal Data Sub-system Context Requirements Requirements SA functional chains External Data READ ONLY input contract

52. 52 THALES GROUP INTERNAL Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved. VERIFICATION ACTIVITIES SYSTEM BLACK BOX Defects System FC status Requirements SA functional chains SA Functions & exchanges System Context SYSTEM BLACK BOX Test results Enhanced monitoring of progress and verification

53. 53 THALES GROUP INTERNAL Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved. SYSTEM BLACK BOX Test suites SA functional chains Impact analysis Requirements LA functions & exchanges Check of consistency with specification Specification Defects Component Defects Component Evolution Test results, model facilitates analysis

54. 54 THALES GROUP OPEN Updates and perspectives Sneek peak on 2 evolutions, global orientations

55. 55 THALES GROUP OPEN Refactoring of the modeling of actors

56. 56 THALES GROUP OPEN Assets & Threats Modeling for supporting cyber security risk management Describe the threats, threat sources, primary assets being threatened Identify the critical data and the functions and components manipulating this data Identify the trust boundaries Visualize the security levels of the solution (Confidentiality, Integrity, Availability and Traceability security levels

59. 59 THALES GROUP OPEN A place to share open source prototypes, experiments, small non-industrialized developments. Coming soon… (hopefully by the end of 2019)

60. 60 Resources

61. 61 THALES GROUP OPEN https://polarsys.org/fo rums/index.php/f/10/ https://www.youtube.com/pl aylist?list=PLfrEYVpSGVLxEFR ODSWUTP8N5i3NTG4o-

62. 62 THALES GROUP OPEN https://polarsys.org/capella/index.html

63. 63 THALES GROUP OPEN September 19th , 2019 4 PM - 5 PM (Paris / Berlin local time) http://bit.ly/Registration_CapellaWebinar19_5

64. www.thalesgroup.com THALES GROUP INTERNAL Thank You! Questions? Capella website: http://www.polarsys.org/capella/ LinkedIn https://www.linkedin.com/groups/8605600 Twitter https://twitter.com/capella_arcadia Arcadia forum: https://polarsys.org/forums/index.php/f/12/ Capella forum: https://polarsys.org/forums/index.php/f/13/ IFE model & doc.: http://www.polarsys.org/capella/start.html

[ Capella Day 2019 ] Augmenting requirements with models to improve the articulation between system engineering levels and optimize V&V practices

Obeo

[ Capella Day 2019 ] Augmenting requirements with models to improve the articulation between system engineering levels and optimize V&V practices