Integrating Capella, SCADE and medini analyze, for MBSE, Embedded SW Development and Safety Analysis
Thierry Le Sergent, ANSYS
Thierry Le Sergent is Product Manager for ANSYS's SCADE Architect product. His focus is on model-based system & software engineering tools for the development of critical embedded systems.
[Capella Day 2019] Integrating Capella, SCADE and medini analyze, for MBSE, Embedded SW Development and Safety Analysis
1. Integrating Capella, SCADE
and medini analyze,
for MBSE, Embedded SW
Development and Safety Analysis
Thierry Le Sergent
SCADE Architect Product Manager
3. Model-Based Systems Engineering (MBSE)
• Objective
o Design the right Product/System from user needs
• Means
o Successive levels of abstraction to refine system requirements from user needs to real product
• Difficulties
o Management of complexity and ambiguity at each level
o Management of consistency between the levels of concerns
o Multiple languages for engineering disciplines & domains
• Models
o Help managing the complexity and ambiguity
o Not a single tool for everything !
Managing the refinement process is key
MBSE Workflows, Methods, Tools
Models Synchronization
Domain Specific Language
5. Models consistency between models : 2 ways
• “Traceability” or “allocation”
o Verification of “completion” can be automated (checker)
o Manual operation: creation of objects at both levels and manual links
• Models “Synchronization”
o = Model transformation + model diff-merge (allows incremental edition on both sides)
o Partial model transformation : each side has its own added value
‐ Only a subset of the models represent the same information.
o Automated transformation Consistent by construction
6. Models consistency between models
SW detailed design & code generation
SCADE Suite
SW components
interface
Sensors, HW,
actuators
abstractionsFunctions
System Safety analysis
medini analyze
SW behavior
System simulation
TwinBuilder
Systems design from User requirements
Capella
MBSE guided methodology
Malfunctions,
Failure modes, …
Sensors, HW,
actuators behavior,
Environment behavior
System & Software
detailed architecture
SCADE Architect
DSL, AADL,
FACE, AUTOSAR
7. SCADE capabilities for MBSE workflows
AUTOSAR subset
AADL Modeler
AADL
analysis tool
AUTOSAR
authoring tools
for integration
Customizable
generated
code
DSL
SysML
Qualified
C and Ada
code
FACE
wrapper
Import/Export
model elements, ICDs, …
FACE Modeler
SCADE SuiteSCADE Architect
FACE conformance
and integration
Qualified code
generator
AUTOSAR
wrapper
MBSE tools
Safety analysis
Models enrichment
& synchronization
8. Model-based Functional Safety Analysis and Design with medini
System/SW Architecture
Functional Safety
Analysis and
Design
Safety requirements
discovered and considered
early in the design process
Safety process seamlessly
integrated with system
development
Safety analysis results
always consistent
Iterative synchronization
System Architecture
Model
Extended with analysis
related properties
Hazard Analysis
& Risk Assessment
FMEA
FTA
HW Architectural
Metrics
Safety
Requirements HAZOP
SCADE Architect
medini Analyze Enterprise
9. Model-based Functional Safety Analysis and Design with medini
Synchronization of blocks diagram
SCADE Architect
medini Analyze Enterprise
10. Model-based Embedded Safety Critical SW with SCADE Suite
AdaC
SW Coding
Auto Auto
SCADE Suite Advanced Modeler
SW Design
Auto
SW Architecture
16. SCADE Architect Configuration for Capella
Definition of
- Object kinds Matching Capella
- Graphical styles & icons
SCADE Architect
for Capella
17. Models Synchronization
• Models synchronization
Import structural elements (packages, components, connections, allocations, types)
and graphical diagrams
• Graphical diagrams
o Capella can represent components from other context, and their connections
o SCADE Architect can represent these thanks to “references”, but not the “derived” connection
o Medini analyze and SCADE Suite can represent only components of the block diagram container
Diagrams are fully imported in SCADE Architect / medini analyze / SCADE Suite when drawn
with these constraints, otherwise partially imported.
Capability and limitation
SCADE Architect
18. Demonstration model
• Inspection drone
o Based on AIDA models developed by IRT Saint-Exupéry
o IRT forge : https://sahara.pf.irt-saintexupery.com
SCADE Suite
SCADE Architect
24. SCADE Architect – Capella models synchronization
• Capella model scopes
o Current importer imports the whole Capella model (Logical and Physical levels)
o Capella internal feature: definition of consistent scopes
o Import to SCADE Architect would allow simple selection of a defined scope
• Functional chains
o Capella allows for the definition of “functional chains”
o SCADE Architect allows for a similar feature: “data propagation”
o Synchronization should translate Capella functional chains to SCADE Architect
• Navigation between projects
o As done eg between SCADE Architect & SCADE Suite
• Productization
Future evolutions TBD with interested customers
25. Conclusion
• Best in class industrially deployed tools
o Capella
‐ Established method for Systems Engineering; well guided by IDE
‐ Very powerful graphical block diagrams
o Medini for system safety analysis
o SCADE for embedded SW architecture, design, code generation and V&V
• Synchronizer tool allows for consistent co-evolutions of models
o Share what’s make sense & value from each model
o Synchronize = model transformation + diff-merge for incremental use
o Guidelines to follow to synchronize nice diagrams between tools
27. Model-Based Systems Engineering
SCADE
Architect
Model-Based System
Safety Analysis
medini Analyze
ANSYS Digital Safety & System Simulation Capabilities
3D Physics Simulation
SPEOS
System Simulation & Digital Twins
Twin BuilderVRXPERIENCE
ROM
System Architecture
Model-Based Software Engineering
System/Software Architecture
SCADE
Suite
SCADE
Display
Notes de l'éditeur
SCADE Architect
Key Benefits: Consistency of the SW ArchitectureKey Features: Data Propagation & Allocations, Automatic ICD generation
SCADE Suite
Key Benefits: Correct SW components Design & Implementation
Key Features: Qualified Code Generation, Qualified Verification
SCADE Integrated Workflow
Key Benefits
Efficient design of complete smart systems with dedicated languages per domains
Teams building and learning curve reduced
Lower tool cost: shared module licenses
Key Features
Bi-directional models synchronization
Shared features: ALM gateway, Document generation
Model-based API
Generated C code follows C99 standard,
Generated A code follows Ada83 / SPARK 95 standards