Model-Driven Development of Integrated Support Architectures

Transcription

1 Model-Driven Development of Integrated Support Architectures Stan Ofsthun Associate Technical Fellow The Boeing Company (314) October 13, 2004

2 Agenda Introduction Health Management Framework rocess Frameworks Model-Based Design/Analysis Frameworks Model-Based Software Frameworks Model-Based Reasoning Frameworks Case Study Engineering Models (Boeing ADVISE) Run Time Diagnostic Models (ISIS GME/TFG) ractical Experiences and Issues Summary

3 The Need for Managing Complexity Built In Test Component Module Subsystem Integrated Diagnostics rognostics Vehicle Health Management Integrated SoS Health Management Given marginal historical diagnostic performance and increasing vehicle complexity/integration requirements, how do we produce a state of the art Health Management (HM) capability within the target support system?

4 Diagnostic Development Evolution System Engineering Software Engineering ID Orgs R&M Safety Vehicle Mission Design gms Traditional barriers have hindered the development of cost effective and robust Health Management (HM) applications

5 Diagnostic Development Evolution System Engineering CMMI SEI Software Engineering which can be addressed by having a more integrated approach to Health Management (HM) processes and tools.

6 MBHM rocess Frameworks ROCESS INUTS Requirements Analysis Requirements Baseline Requirements Validation Validated Baseline Functional Analysis Functional Architecture Functional Verification Verified Functional Architecture Synthesis hysical Architecture SEI / CMMI Requirement Trades & Impacts Requirement & Constraint Conflicts Decomposition/Allocation Trades & Impacts Decomposition & Requirement Allocation Alternatives Design Solution Trades & Impacts Design Solution Requirements & Alternative Architecture Concepts Verification/Validation Verified hysical Architecture System Best Value Design Architecture Derived Item Requirements for the Next Level of Decomposition D (IEEE-1220) Requirements Trade Studies and Assessments Systems Analysis (Modeling and Simulation) Functional Trade Studies and Assessments Design Trade Studies And Assessments Systems Integration & Control rocess Artifacts Because the HM function inherently touches every aspect of a system, decisions regarding HM requirements and design must be integral to the overall Systems Engineering (SE) process.

7 MBHM Design/Analysis Frameworks Top Down Decomposition ayload Design Influence Crew Station Fault Coverage (BIT) Analysis Failure ropagation Analysis Mission Reliability, FMEA/FMECA A/G Comm Test Avionics Comm Airframe ropulsion Specification Compliance ATE Compatibility Analysis Maturation Model Wrap Test UHF Flight Control Fuel Delivery Redundancy Xmit Cost Weight U42 L3 C1 ower Reliability Diagnostics Bottom Up Design f 1 f 2 f 3 Reconfiguration Model-Based design/analysis tools support the integration of HM and SE processes by providing an integrated assessment of many traditionally disparate aspects of failure propagation.

8 MBHM Software Frameworks System Failure ropagation Models ISIS Timed Failure ropagation Graphs Localized erformance Models Electronics Built In Test Motor Efficiency Monitors Valve Transition Time Monitors Etc. Open System Architecture for Condition Based Maintenance rognostic Algorithms (rediction & Trending) Interface Standards Diagnostic Algorithms (Data Fusion & Failure Fault Isolation) Interface Standards State Detector Algorithms (Fault Detection (Tests & Tests Monitors) & Monitors) Interface Standards Signal rocessing Algorithms (Feature Extraction) Interface Standards Data Acquisition (Sampling, Scaling, Smoothing) Interface Standards Sensor (Hardware Control) State of the art software frameworks support the integration of modelbased diagnostics and prognostics into aerospace vehicles by providing a layered, unbundled architecture.

9 MBHM Reasoning Frameworks Supervisory Controller Regulator Transient Manager lant Models Fault Adaptive Control Unit Reconfiguration Manager Active State Model Discrete Diagn. Controller Selector lant (Aircraft Subsystem) Hybrid Observer Fault Detector Hybrid Diagn. aram. Estim. Fusion redicted vs. Measured output Symbolic Failure Modes Updated hysical arameters Fault Magnitude arameters Off the shelf reasoning tools provide standardized run time engines for executing failure propagation models and/or performance models within an aerospace platform.

10 Case Study Generic Fuel System LWTank LXTank RXTank M a n i f o l d T V V LFTank V RFTank T T V V V FM FM LEngine REngine RWTank A generic fuel system (GFS) was chosen as a representative aerospace subsystem because it requires vehicle power, electronic controls, and mechanical pumps, valves, etc.

11 MBHM Case Study - Notional Architecture Reported Health resentation Layer Filtered Health FI/FA Rule Based Reasoner XXX Failed, YYY Degraded History System Health FI ISIS TFG Reasoner (HA) (Fuel Subsystem) XXX Failed, YYY Degraded, ZZZ failed Local Health Fail Gray Scale FD IVHM Algorithms (ump/valve Response, etc.) Vehicle Contingency Mgmt Subsystem Built In Test Metrics Maturation Raw Data Subsystem Data Acquisition (Fuel Subsystem) Vehicle Data Acquisition (States, Modes, Commands, etc.) Robust GFS health assessment requires the assimilation of data from existing vehicle/subsystem monitors (e.g., BIT) as well as the outputs of dedicated IVHM algorithms.

12 Case Study ADVISE Model Test Function Component Failure During the HW design, an ADVISE model is built to identify the sensors/tests/monitors and fault reporting logic necessary to provide the required levels of fault detection and isolation.

13 Case Study TFG Development Model Model Test Cases During the SW design, the ADVISE model is translated into a TFG model using ISIS GME/FACT tools and ADVISE outputs are used for engineering desktop validation of proper diagnosis.

14 Case Study TFG Run Time Model Model TFG Domain Model (C++ Code) v Fixed TFG Engine (C++ Code) Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Test Cases During the SW design, the OSA-CBM compliant TFG run time code is automatically generated and the test cases are reused for SW desktop validation of proper run time diagnosis.

15 ractical Experiences & Issues Case Study Statistics 244 unique ambiguity groups identified by ADVISE Static diagnosis using all defined tests, single fault assumption. 320 test cases used to verify run time diagnosis Dynamic diagnosis using currently reported failures. (e.g., some tests can only be run in certain modes or at certain rates) Account for failure mode dependencies. (e.g., a valve can t be stuck open and stuck closed at the same time) Account for multiple failure scenarios. ADVISE to TFG Translation Manual TFG model required several weeks of labor and was 82% accurate on first try. Translated model will require a few hours of labor and should be 100% accurate on first try. Translated model was slightly smaller and faster. Batch scripts automatically generate the necessary data sets for TFG model/code testing from the ADVISE ambiguity group report Run Time erformance (target C processor / VxWorks / C++) Real time diagnoses will be run in an event driven manner Event = mode change or monitor status change Test cases averaged < 0.5 seconds of CU time per event (max 1Hz rate anticipated) Four large models run simultaneously with nearly linear memory & throughput demands

16 Summary IVHM requires rigorous systems engineering to manage complexity and assure integrity. A model-based approach provides a disciplined methodology for supporting the SE process: Successive refinement of diagnostic concepts and implementation. Incremental transition from conceptual design to detailed design to validation. Reuse of engineering data/models across design cycles. The Boeing Company is currently implementing a process-based, model-driven approach by employing tools from Boeing and ISIS, while evaluating other reasoners. The GFS case study is being used to document and benchmark the basic steps in the modeling process. Integration of the run time reasoners and models into Boeing s desktop software development environment is on-going.