openETCS / validation

WP4: Validation and verification strategy
8 stars 22 forks source link

Safety Requirements (Identification, Verification and Validation) #70

Open janWelte opened 11 years ago

janWelte commented 11 years ago

Task: Development of Safety Requirements and Properties for Model VnV

Related to the following overall tasks:

6

Workscope:

Tasks to be done

System structure breackdown:

System functional breakdown:

Requirements for Functional Decomposition according to safety analysis

This shall be done for the following examples:

Examples of Kernel Hazards (from Subset-88 Part 3) a. KERNEL-6 Manage communication session failure (Related to model of Subset 26 §3.5.3 Establishing a communication session)

Detailed tasks in #44 and #50

b. KERNEL-9 Speed calculation underestimates train speed (Related to model of Subset 26 §3.13 Braking curves)

Detailed tasks in #45 and #49

c. KERNEL-19 Failure of train trip supervision in OS, LS and FS (Related to model of Subset 26 §5.9 Procedure On-Sight)

Detailed tasks in #46 and #51

Additional task to be done:

For the functional components:

@MerlinPokam @cyrilcornu @janwelte

janWelte commented 10 years ago

Meeting at the 26.08.2014

Safety Tool Use Case Coordination

Participants: @vallee @jensgerlach @UweSteinkeFromSiemens @vgontier @MariellePetitDoche @janWelte

Objective: The meeting shall serve to identify use cases for provided safety analysis tools analyzing the SysML and SCADE models of openETCS. The resulting task shall be combined to a consistent work plan to analyze hazardous events, derive resulting safety properties and check models with respect to these safety properties.

Agenda:

  1. Introduction of current and planned safety related activities
    • Systerel:
    • Safety analysis on SysML model for "Train Position Calculation" Safety analysis of the function "Train Position Calculation" has been made in a classical way
    • Inputs :
      1. Function informal description (Subset 26)
      2. Hazardous Events from Subset 88
      3. SysML model (from WP 3)
    • Output: set of safety requirements (informal)
    • Status Work Steps:
      • [X] Analysis finished
      • [ ] Document internal reviewed at Systerel and uploaded to github @MariellePetitDoche (planned for 02.09. to be uploaded at github)
      • [ ] Document external review by project partners @vgontier @janWelte
    • Formal proof of safety properties on SCADE model for "Train Position Calculation" Use of Systerel Smart Solver (S3) to prove the safety properties issued of the safety analysis on the Scade model (SAT technologies)
    • Inputs :
      1. Safety requirements (from SysML model safety analysis)
      2. SCADE model (from WP 3)
    • Output: Validation report for checked safety properties
    • Status Work Steps:
      • [x] Imported SCADE model in S3 Solver
      • [ ] formalized safety properties for solver (in Lustre?)
      • [ ] performed model checks
      • [ ] Validation report generated, internally reviewed and uploaded to github
      • [ ] Document external reviewed by project partners
    • Second formal approach with B method (Depending on the other partners, generation and validation of a B model to have an open source alternative) Ongoing work
    • All4Tec:
    • FMEA on the Sysml model with Safety Architect Use of Safety Architect to perform an FMEA analysis on the SysML model of a function
    • Inputs :
      1. SysML Model (from WP 3)
      2. Hazardous/ feared events (based on Subset 88)
      3. design rules and additional safety barriers not shown in the model
    • Output: Risk analysis report with recommendations (some will be mandatory!)
    • Status Work Steps:
    • [ ] new version of Safety Architect to be compatible with openETCS SysML models
    • [ ] proposal which SysML model (function) and which Hazardous/ feared events shall be used for first analysis @vallee @vgontier
    • [ ] perform analysis
    • [ ] Risk analysis report generated, internally reviewed and uploaded to github
    • CCR and coding rules verification (for critical handmade code) Critical code review with All4Tec tool Safety Code Reviewer to support the manual code review for handmade code
    • Inputs :
      1. Handmade code (use Siemens bit walker code for first evaluation)
      2. Design, Code, Coding rules (not available for the provide work)
      3. Results of FMEA (not available for current work)
    • Output: CCR report
    • Next Step:
      • [ ] Compare work and potential results for bit walker code to D 4.2.2 @vallee
      • [ ] Provide proposal for use of enhancement of CR and coding rules verification in openETCS
    • RT RT models

This is not a specific All4tec activity. Contributions from all partners are organized in the global testing work scheduled managed by @MarcBehrens and @cecilebraun

Further coordination in WP 4 Wednesday meetings, when Cecile is back (End of September)

Goal is to derive safety properties by an FMEA analysis with Safety Architect, which afterwards can be checked in the SCADE model by S3.

Next Steps

  1. Systerel finishes and presents the first safety analysis
  2. All4Tec will evaluate potential function and feared events for the use of Safety Architect (new version)
  3. Follow-Up meeting to discuss results and coordinate next steps Doodle Questionnaire for next Telco. Please indicate at which time slots you would be available for a follow-up meeting

Further steps (planned to be performed after the follow-up meeting)

janWelte commented 10 years ago

The meeting to propose and coordinate use case for safety analysis tools will be held Mo 15.09.2014 14:00 – 15:00 on go2meeting

Agenda:

  1. Status of current safety related activities a. Systerel: Safety analysis on SysML model for "Train Position Calculation" very difficult in current state, few links between different design documents
  2. result noch sufficient (for required analysis),
  3. different unformal documents, (what is the reference, how to link to the SRS) b. Systerel: Systerel Smart Solver (S3) c. All4Tec: FMEA on the Sysml model with Safety Architect d. All4Tec: CCR and coding rules verification (for critical handmade code)
  4. Coordinate further tasks a. Which results can be reviewed and used b. Which task are planned next
    • Traceability for SCADE "Train Position Calaucaltion" needed determine safety properties
MarcBehrens commented 9 years ago

a list of safety relevant requirements is needed for the design

relates to openETCS/product-backlog#31

grooming needed here @janwelte @fvallee @abdelnasirmohamed

MarcBehrens commented 9 years ago

a new SUBSET-091 has been released, see http://www.era.europa.eu/Document-Register/Pages/Set-2-Safety-Requirements-fo-the-Technical-Interoperability-of-ETCS-in-Levels-1-2.aspx

MarcBehrens commented 9 years ago

put on hold until October to focus on functional verification