Conference PaperPDF Available

SysML-based Profile for Dependable UAV Design

Authors:
Mikael Steurer at TU Dresden
Mikael Steurer
Andrey Morozov at University of Stuttgart
Andrey Morozov
Klaus Janschek at TU Dresden
Klaus Janschek
Klaus-Peter Neitzke at Nordhausen University of Applied Sciences
Klaus-Peter Neitzke
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

Model-based systems engineering approaches are commonly used for the development of various heterogeneous mechatronic systems including nowadays popular Unmanned Aerial Vehicles (UAV). As a rule, the dependability analysis is carried out during the system integration phase of the UAV development. Therefore, fundamental design drawbacks might be uncovered too late leading to serious and costly rework. This paper presents a new methodology for the early dependability analysis of a UAV system applicable during the design phase. The proposed dependability analysis is based on the Dual-graph Error Propagation Model (DEPM), a stochastic model of system design aspects that influence error propagation processes: control flow, data flow, and component-level reliability properties. A new domain-specific Systems Modeling Language (SysML) profile and the transformation algorithm from the SysML model to the DEPM are introduced as two key parts of this methodology as well as the main research results of this paper. The relevant technical details of the modeling workflow are demonstrated with a case study UAV that explains how to design a UAV using the introduced SysML profile, transform the SysML model into the DEPM, and evaluate dependability properties.
Figures - uploaded by Andrey Morozov
Author content
All figure content in this area was uploaded by Andrey Morozov
Content may be subject to copyright.
Content uploaded by Andrey Morozov
Author content
All content in this area was uploaded by Andrey Morozov on Jan 17, 2024
Content may be subject to copyright.
SysML-based Profile for Dependable UAV
Design
Mikael Steurer Andrey Morozov Klaus Janschek
Klaus-Peter Neitzke ∗∗
Institute of Automation, Technische Universit¨at Dresden, Dresden,
Germany, (e-mail: [mikael.steurer, andrey.morozov,
klaus.janschek]@tu-dresden.de).
∗∗ Institute for Informatics, Automation and Electronics, Hochschule
Nordhausen, Nordhausen, Germany, (e-mail:
klaus-peter.neitzke@hs-nordhausen.de
Abstract: Model-based systems engineering approaches are commonly used for the develop-
ment of various heterogeneous mechatronic systems including nowadays popular Unmanned
Aerial Vehicles (UAV). As a rule, the dependability analysis is carried out during the system
integration phase of the UAV development. Therefore fundamental design drawbacks might be
uncovered too late leading to serious and costly rework. This paper presents a new methodology
for the early dependability analysis of a UAV system applicable during the design phase. The
proposed dependability analysis is based on the Dual-graph Error Propagation Model (DEPM),
a stochastic model of system design aspects that influence error propagation processes: control
flow, data flow, and component-level reliability properties. A new domain-specific Systems
Modeling Language (SysML) profile and the transformation algorithm from the SysML model
to the DEPM are two key parts of this methodology as well as the main research results of
this paper. The relevant technical details are demonstrated with a case study UAV modeling
workflow that explains how to design a UAV using the introduced SysML profile, transform the
SysML model into the DEPM, and evaluate dependability properties.
Keywords: Modeling, Systems Engineering, Robotics, Fault Tolerance, MBSE, SysML, UML,
Dependability, Profile, Error Propagation, Stochastic Models
1. INTRODUCTION
The sales of UAVs have grown over the past years and
will continue to rise in the next few years according to
DroneFlyers (2017), SESAR (2016), and Tractica (2016).
With the growing commercial sales, the number of air-
borne UAVs also rises. Moreover, not all UAV designers or
developers do consider the dependability of their construc-
tions. This results in an increased hazard risk for living
beings and infrastructure. Aviˇzienis et al. (2004) define
safety as the absence of catastrophic consequences on the
user(s) and the environment. A failure of the UAV system
can cause a catastrophic consequence. Therefore, UAVs are
treated as safety-critical systems and expected to satisfy
high dependability requirements.
The complexity of safety-critical UAV systems grows con-
tinuously, especially of the ones with a high level of au-
tonomy. More precisely, the software part becomes more
and more complex. Complex software algorithms are in-
tegrated not only into onboard computers but in smart
sensors, and some parts of the actuator chains such as
electronic speed controllers.
Fault Tree Analysis (FTA) (IEC (2006b)) or Failure Mode
and Effects Analysis (FMEA) (IEC (2006a)) are two com-
mon methods for reliability evaluation of hardware com-
ponents that are recommended in safety standards such
as IEC 61508 and ISO 26262. FTA is a top-down quan-
titative approach that makes possible to derive reliability
metrics based on the composition of system components.
In contrast, FMEA is a qualitative bottom-up approach
that allows deriving of safety metrics. However, techniques
like FTA and FMEA are not suitable for complex cyber-
physical systems with heterogeneous components and their
nontrivial interactions.
It is necessary to investigate structural and behavioral
aspects of a system to understand error propagation mech-
anisms directly in the early modeling stages of the sys-
tem development. Thus, a new methodology is needed for
meaningful dependability evaluation.
In the industrial environment, the typical development
workflow is the V-model that describes a macro-cycle with
integrated problem-solving micro cycles (Gausemeier and
Moehringer (2002)). According to the V-model, the archi-
tectural design of the system belongs to the system design
phase and the evaluation of dependability aspects belongs
to the system integration phase that is chronologically
located after the design phase. In cases where reliability
is a requirement from the outset, the consideration of
reliability should be part of the architectural design.
The use of models in industrial practice is often limited to
a particular engineering domain like mechanical or electri-
cal engineering, information technology, or dependability
analysis, as clarified in Prosvirnova et al. (2017). SysML
provides the means for the generalized design of the three
domains: mechanical engineering, electrical engineering,
and information technology.
The proposed methodology for generating realistic and
meaningful dependability metrics contains both novel and
existing methods. The goal of this methodology is to close
the gap between system design and dependability analysis
domains in early stages of the system design in order
to avoid unnecessary effort for the elimination of design
shortcomings during the system integration stage.
The rest of the article is organized as follows. Section 2
discusses the related work in the domains of Model-Based
Safety Analysis (MBSA), Model-Based Systems Engineer-
ing (MBSE), and clarifies the paper contribution. Section 3
describes the proposed methodology. A general overview
is given in Subsection 3.1. Subsection 3.2 describes a new
domain-specific SysML profile that supports the proposed
methodology. Subsection 3.3 gives a modeling formalism
for generating a structural model using this SysML profile.
The conversion of the generated data from the systems en-
gineering domain to the error propagation analysis domain
is represented in Subsection 3.4. Section 4 introduces a
case study UAV system and demonstrates the application
of the proposed methodology.
2. STATE OF THE ART
2.1 Model-based systems engineering for the mechatronic
system design
The MBSE approach makes it possible to cope with high
system complexity, shorten development time and avoid
shortcomings in integration and consistency of different
domains. OMG SysML (OMG (2015)) is a commonly used
general-purpose graphical modeling languages for design,
analysis and verification of complex mechatronic systems.
SysML becomes a standard for modeling hardware/ soft-
ware co-design of mechatronic systems both in industrial
and research and development domains. A SysML-based
methodology for the architectural design of mechatronic
systems is proposed in Mhenni et al. (2014a). This method-
ology consists of two main steps. Step one, a black box
analysis amongst other things using Block Definition Dia-
grams (BDD), leads to a comprehensive and consistent set
of requirements. Step two, a white box analysis amongst
other things using Internal Block Diagrams (IBD), leads to
the system architecture. In Rahman and Mizukawa (2013),
SysML is used for the system-level design and a subsequent
preparation for the dynamic simulation of the modeled
system with the special focus on the performance charac-
teristics. Several alternative design paradigms are used for
the mechatronic system design. For example Architecture
Analysis and Design Language (AADL) (Feiler and Gluch
(2012)) or Simulink/Stateflow (Ong (1998)). The method-
ology introduced in this paper is based on SysML because
of extensive modeling capabilities, inherent extensibility
mechanisms (profiles), available modeling tools such as
Papyrus Neon, MagicDraw, or Enterprise Architect, and
xml-based storage format that allows relatively simple
model-to-model transformation.
System: Example
Number of steps: 1000
e1
e3
0.5 e2
0.5 d1
N_err = 40.85
1
0.1
0.9 d2
N_err = 38.77
(a) DEPM example (b) Conditions
Fig. 1. Dual graph error propagation model example with
element conditions
2.2 Dual-graph error propagation model
The DEPM is a mathematical abstraction of system design
aspects that influence error propagation processes such
as control flow, data flow, and component-level reliability
properties as presented in Morozov (2012). A DEPM
model is described by the following mathematical notation:
DE P M := (E, D , CF, DF, C)
Ea set of executable system elements;
Da set of data storages;
CF a set of directed control flow arcs;
DF a set of directed data flow arcs;
Ca set of conditions of the elements.
Figure 1 shows an example of a DEPM model that contains
the elements “e1”, “e2”, and “e3”, data storages “d1”
and “d2”, control flows (black arrows), data flows (purple
arrows), transitions and conditions that describe individ-
ual reliability properties of the elements. ErrorProTM, a
tool for stochastic error propagation analysis, allows a
user to create, modify and compute DEPM models using
underlying model checking techniques based on discrete-
time Markov chain models (Morozov et al. (2015)). The
DEPM elements represent executable parts of the system
and that determine error propagation through these parts.
For example, element “e2” contains two conditions. If “d1”
contains an erroneous value and “e2” is executed, then the
output “d2” will also contain an erroneous value. The error
propagates over the data flow edges from “d1” to “d2”. If
no error occurs in input “d1” and “e2” is executed, then
“d2” is will be correct with a probability of 0.9 and “d2”
is erroneous with the probability 0.1. In other words, the
element “e2” is the initial point of the erroneous output
data “d2”. This small example shows that the DEPM is
capable to fault activation and error propagation. Our
tool, ErrorPro computes the mean number of errors in
selected data storages, such as “d1” and “d2” that are
highlighted in yellow in the DEPM model of Figure 1 (a),
using the probabilistic conditions of the elements (Figure 1
(b)) and the probabilities of control flow transitions.
2.3 Model-based system analysis
This paper is focused on the two main aspects: (1) UAV
design and (2) dependability analysis. These two aspects
can be combined using two different approaches.
The first approach is to generate a single model that
describes both architectural and dependability properties.
For the dependability assessment in the early phases of
software development life cycle, Bernardi et al. (2011)
introduced a profile for Dependability Analysis and Mod-
eling (DAM) to the Unified Modeling Language (UML R
)
profile for Modeling and Analysis of Real-Time and Em-
bedded systems (MARTE). MARTE for UML extends
UML with the modeling capabilities for real-time and
embedded systems. The DAM profile allows the derivation
of stochastic Petri net models for dependability assessment
of software systems. In Delange and Feiler (2014) a fault
propagation ontology that supports software architecture
fault modeling with the help of fault propagation, compo-
nent failure behavior, and the effects on system behavior
is introduced. The approach supports automatic safety
analysis by annotating the AADL with error behavior
specifications.
The second approach is to use two different domain-
specific modeling techniques. Mhenni et al. (2014b) pro-
pose a methodology for automatic fault tree generation
from SysML IBDs. The generation of safety analysis arti-
facts is done automatically through the definition of four
structural design patterns with their fault tree counter-
parts. A similar approach comes from Ding et al. (2016),
where the fully automatic method for the transformation
of annotated Activity Diagrams (AD) to a DEPM model
is presented and demonstrated with a mechatronic case
study.
In this paper, we follow the second approach. At first, a
structural SysML model is built. Subsequently, the DEPM
model is generated. The advantage is, that the modeling
process is carried out using annotated structural SysML
diagrams and dependability analysis metrics are obtained
without additionally effort in this domain. Also, we have
discovered only a few contributions about dependability
analysis of UAV systems. Two examples of the application
of formal methods and statistical simulation for UAV
safety assessment are presented in Kapp´e et al. (2017) and
Mason et al. (2017).
2.4 Paper contribution
This paper introduces a new methodology for the de-
tailed evaluation of dependability metrics based on an
UAV system model in early stages of the development.
Two key parts of this methodology which are also main
research results of this paper are: (1) user-specific SysML
profile, called UAV Dependability Profile (UDP), (2) the
model-to-model transformation algorithm that enables the
DEPM-based analysis.
3. PROPOSED METHODOLOGY
3.1 Overview
“Methodology is generally a guideline for solving a prob-
lem, with specific components such as phases, tasks, meth-
Fig. 2. Methodology guideline
ods, techniques and tools.” (Ishak and Alias (2005)) The
UML AD in Figure 2 shows three actions which have to
be performed. The UDP contains the basis for the internal
activities. The first action “create specific UDP model”
that has to be performed according to the instructions
of Section 3.3. The object ”Specific UDP model” plays
the role of the output of the first action and the input
of the second action. The conversion workflow of the
second action “convert UDP to DEPM” is explained in
detail in Section 3.4. When the “specific DEPM model” is
available, the third action “analyze specific DEPM model”
is executed with the help of ErrorPro and produces the
”DEPM analysis results”, the numerical evaluation of sys-
tem reliability. The advantage of this methodology is, that
the systems engineer only has to perform the first action
“create specific UDP model” manually. The other steps
can be automated.
3.2 UAV dependability profile
The UDP supports modeling of different UAV configura-
tions, like multi rotors, fixed-wings, or combinations. The
UML-based SysML (OMG (2011)) is a commonly used
modeling language for mechatronic systems, such as UAVs.
As illustrated in Figure 4, UML represents the metamodel
of all subordinated profiles and models. UML was devel-
oped for modeling of software systems and comes with
a powerful extension mechanism based on the underlying
OMG Meta Object Facility (OMG (2013)). The OMG
Meta Object Facility represents the the top-level of the
metaization. Hence UML-based SysML, has opened the
door to the systems engineering domain for modeling of
complex hardware/software systems. The UDP, a SysML-
based end-user specific profile delivers the possibility of
a subsequent dependability analysis. The system struc-
ture in UDP models is represented by SysML BDDs and
IBDs. The UDP extends the standard SysML profile and
the UML metamodel, especially the three stereotypes:
“Block”, “FullPort”, and “ItemFlow“. Thus, the UDP
<<Block, UAV>>
uav
+control:Control [*]
+ sensors:Sensors [*]
+ airframe:Airframe [1]
+ actuators:Actuators [*]
+powersystem:PoewerSytem [*]
measured sensor data
actuator valuescommand
generalized coordinates
generalized forces
power
flight state
disturbances
Fig. 3. Top-level structural internal block diagram tem-
plate of a UAV system
Fig. 4. Placement of the UAV dependability profile within
the OMG Meta Object Facility
includes a library of commonly used UAV components
with freedom in modeling of their internal structure. The
proposed top-level UAV structure template is illustrated
in Figure 3. The “PowerSystem” delivers the required
power to the electrical loads “Control”, “Actuators”, and
“Sensors”. The “Sensors” component delivers depending
on the types of sensors measured values to the “control”.
The control can be a simple one, which only controls the
attitude, or a complex autonomous flight control system,
but in every case the outputs are manipulated actuator
values. These values are transformed to generalized forces
by the “Actuators” which are effecting the measured val-
ues of the “Sensors” over the mechanical connection to
the “Airframe”. The SysML stereotype “Block” builds the
generalization of all library components, which are illus-
trated in Figure 5, to match top-level UAV to the SysML
modeling framework of BDDs. A division between com-
ponents with continuous and discrete outputs is reached
through the division of a general “UDPBlock” into “UDP-
BlockCont” and “UDPBlockDis”. Components that are
used to generate IBDs for UDP models are illustrated
in Figure 6. These components are necessary to ensure a
correct translation of the created UDP model to a DEPM
model.
Fig. 5. Heredity structure of UDP components for block
definition diagrams
Fig. 6. UDP components for internal block diagrams
3.3 Creation of a UAV SysML model with the UAV
dependability profile
From the high-level design point of view a UAV is a
classical mechatronic system that consists of software,
hardware, and physical parts (Janschek (2011)). The UDP
was developed with the aspiration to provide building
blocks for dependable UAV design with maximum possible
freedom, according to the top-level structural template
in Figure 3. In the first step of the intended workflow
the user creates a new SysML model. After that the
user applies the UDP profile in order to get an access
to the UDP components. The modelling process starts
with a top-level BDD. The user should use the ”UDP
Nodes” of the Papyrus Neon BDD palette that can be
linked using the common SysML edges. An IBD has to be
created in order to model the context of the associated and
subordinate UDP blocks inside the superordinate UDP
block. Similar to the BDD, the ”UDP Nodes” palette
should be used for the IBDs. However, in contrast to the
BDD the components of the IBD should be linked with
the edges of the specific ”UDP Edges” palette.
UDP blocks and UDP flows are annotated with the values
“Frequ” and “UpdateFrequ” in order to specify the exe-
cution frequencies. Attaching specified frequencies also to
UDP flows is neccessary, because UDP blocks can con-
tain UDP ports with different update rates. This issue
is explained in detail in the following Section. The UDP
Fig. 7. Workflow for UDP-to DEPM-conversion
blocks are also annotated with failure probability values
called “FailureProb”. For the dependability analysis with
the DEPM, all attached values of the lowest-level compo-
nents have to be specified. These values are used for the
definition of DEPM element conditions, what is explained
in the next Subsection. If realistic results are expected,
the approach is sensitive to available component relia-
bility information. Commonly used component reliability
prediction guidelines like FIDES (FIDES (2009)), NRPD
(Denson et al. (1994)) or MIL-HDBK-217F (MIL-HDBK-
217F (1991)) are recommended for the identification of the
particular “FailureProb” values.
3.4 Transformation from SysML to DEPM
After the modeling of the system structure and annotating
the component frequencies and the reliability attributes,
the SysML model has to be transformed into a DEPM
model. Figure 7 shows the transformation workflow, ex-
plaining Step [2] of Figure 2.
Step 2.1: Based on the annotated frequency values of
“UDPBlocks” and “UDP Flows”, frequency classes are de-
fined. The number of frequency classes is equal to the num-
ber of different frequencies of all modeled “UDPBlocks”
and “UDP Flows”. Figure 8 sketches a DEPM example
with three different frequency classes: fast (blue), medium
(orange), and slow (green). Thereby the fast class includes
“m” elements, the medium class includes “n” elements,
and the slow class includes “l” elements. The associated
activation times of the frequency classes are shown on the
timeline above.
Step 2.2: A single “UDPBlock” may be represented in
several frequency classes by several DEPM elements. More
precisely, the number of created DEPM elements of one
“UDPBlock” is equal to the number of correspondent
frequency classes. In the reference DEPM (Figure 8) the
elements “e1fast”, “e1medium”, and “e1slow” represent
the modeled “UDPBlock” “e1”. A real-world example of
slow
medium
fast
18 19 2013
time [time units]
14 15 16 177 8 9 10 11 120 1 2 3 4 5 6
Fig. 8. Dual-graph error propagation model of a multi-
frequency system with the frequency class activation
timeline
a component divided into several frequency classes could
be a Micro Controller Unit (MCU). The processor of this
MCU works with a fast frequency while one output is
updated with a medium and another output with a slow
frequency. In this case the DEPM control flow graph will
contain three nested loops with one MCU element in each
loop.
Step 2.3: Data storages are created and connected via
DEPM data flow arcs with the correspondent DEPM
elements, based on the “UDP Flow” attributes such as
“informationSource”, “informationTarget”, and “name”.
For all divided DEPM elements, a state variable is created
to get them connected to one state, because divided DEPM
elements represent one structural SysML block. In the
reference DEPM, “d1 represents the state variable of
element “e1 and “d2 the output data of element “el
slow”, which is requested by the element “emfast”.
Step 2.4: A set of probabilistic conditions should be
defined for each DEPM element. These conditions describe
fault activation and error propagation processes between
inputs and outputs of the DEPM elements. The conditions
are generated using the annotated reliability values of each
“UDPBlock” stereotype and all subordinated stereotypes.
These Failure Rates (FR) are taken from the reliability
prediction guidelines and commonly defined in “Failure
in Time (FIT)”, which means the number of failures in
109hours. We transform these values into the component
Error Propabailities (EPc) which are used as condition
probabilities:
EP c=F Rc[F I T ]
fc[Hz]·3600 [ s
h]·109(1)
FRcThe failure rate from the reliability annotation
of the component;
fcThe frequency from the frequency annotation
of the component;
Step 2.5: DEPM control flow arcs are created based on
the attributes “informationSource” and “informationTar-
get” of the “UDP Flows”. Further control flow arcs are
created using the information about the defiend frequency
classes. The control flow transition probability from the
last element of a frequency class to the first element of the
next lower frequency class is calculated as follows:
pij =fj
fi
(2)
pij The probability of the transition from eito ej;
fiThe frequency of the higher frequency class;
fjThe frequency of the lower frequency class.
The control flow transition probability from the last el-
ement of any frequency class to the first element of the
highest frequency class is computed as follows:
pi1 = 1 pij
pi1 The probability of the transition from eito e1.
Step 2.6: The steps 2.1 - 2.5 are repeated for each “UDP-
Block” that has sub-components. For example, a “UDP-
Block” of the stereotype “Powertrain” includes an elec-
tronic speed controller, a brushless motor, and a propeller.
The sub-components of this block will be transformed into
a nested DEPM model.
Step 2.7: A number of steps should be defined in the
DEPM in order to compute system dependability proper-
ties. One step corresponds to the execution of one DEPM
element. The necessary number of steps to compute one
hyper period is calculated as follows:
NS=
NFC
X
i=1
(fi·NEi)·HP
NFC The number of frequency classes;
fiThe frequency of the ith frequency class;
NEiThe number of elements in the ith frequency class;
HP Hyper period, the smallest interval of time after
which the periodic control flow pattern of all
frequency classes is repeated.
The HP is computed as the ratio of the least common
multiple of all frequency classes to the frequency of the
highest frequency class.
4. CASE STUDY
This section demonstrates the application of the described
methodology to a quadrocopter UAV system. The first
step is the creation of the UDP model. Figures 9 and 10
depict the correspondent top-level BDD and IBD of the
Fig. 9. A top-level BDD of the case study quadrocopter
quadrocopter. Additional BDDs and IBDs are created for
sub-components of the top-level element “Quadcopter” in
order to demonstrate the hierarchical design. For example,
the sub-components of the “Powertrain” are shown in
Figure 11.
The heredity structure of the UDP allows the annotation
of the error probabilities to components, which are sub-
stereotypes of the “UDPBlock”. Failure rates of the com-
ponents of the case study UAV quadrocopter are defined
using the FIDES and the NRPD guideline. For example
the FR of a digital integrated circuit of electronic speed
controllers is 12.5918 FIT. The working frequency equals
to 500 Hz. The EP is computed based on the Equation (1).
EP =12.5918 F I T
500 Hz ·3600 s
h
·109= 6.995 ·10-15
After that the frequencies are defined for each UDP
component. For the components, which have per definition
continuous time outputs, a discretized frequency of 1000
Hz is used. In our case three frequency classes have been
defined, see Table 1.
Table 1. Frequency classes
Frequency class Frequency value Number of DEPM
number [Hz] elements
1 1000 5
2 500 8
3 100 8
The number of steps is computed according to the Step 2.7.
We evaluate 9800 steps that corresponds to one second of
operation or a single hyper period. Based on Equation (2)
the control flow probability for the transition from the
frequency class one (1000 Hz) to the frequency class two
(500 Hz) is
Fig. 10. A top-level IBD of the case study quadcopter
Fig. 11. A sub-level IBD of the powertrain frontleft
p12 =500 Hz
1000 Hz = 0.5,
and from the frequency class two (500 Hz) to the frequency
class three (100 Hz):
p23 =100Hz
500Hz = 0.2.
In sake of transparency, the case study DEPM has been
reduced. We model only one out of four actuators. The
block “MPU6050” is generalized into the element “Sen-
sor”. In spite of the simplifications, the DEPM covers all
relevant aspects of the proposed methodology. The DEPM
generated from the UDP model is shown in Figure 12. The
DEPM contains 21 elements, 16 data storages, 23 control
flow and 82 data flow arcs.
An example of the computed numerical results is the
number of errors in the DEPM “StateFrame” data stroage.
This is the probabilistic number of errors of the whole
system, because all the other components are mechanically
connected to the frame. The computed number of errors
during one hyper period is equal to 0.0003832.
This is also a good example for the propagation of errors
along the control and data flow structure. In this case
study the element “Frame” was defined as completely reli-
able without the possibility to cause a fault. Nevertheless,
its state has a probability to be erroneous during one
hyper period. Hence, the number of errors can only be
extinguished by error propagation.
5. CONCLUSION
This article presents a methodology that integrates de-
pendability analysis within a Model-Based Systems Engi-
neering approach in early phases the system development.
The methodology contains both state of the art methods
like the Dual-graph Error Propagation Model (DEPM)
and SysML-based structural modeling of mechatronic sys-
tems as well as new aspects such as the UAV Dependability
Profile (UDP) and the conversion algorithm from SysML
into the DEPM. Technical details of the main research
results were presented in a formal way and demonstrated
with a case study UAV model. Currently, the UDP to
DEPM conversion should be done systematically but man-
ually according to the workflow in Figure 7. Therefore,
one of the future goals is the complete automation of the
whole transformation step that will require more technical
effort than methodical. However, this will increase the
consistency between the system design and dependability
analysis domains. Fault tolerance and redundancy aspects
of individual or combined sub-components have to be
modeled and integrated into the DEPM model manually.
By further investigation of these aspects, it will be possible
to integrate them into the set of predefined UDP blocks
that are already annotated with the reliability properties
and use this information for the generation of the DEPM
model.
REFERENCES
Aviˇzienis, A., Laprie, J.C., and Randell, B. (2004). De-
pendability and its threats: a taxonomy. Building the
Information Society, 91–120.
Bernardi, S., Merseguer, J., and Petriu, D.C. (2011). A
dependability profile within MARTE. Software and
Systems Modeling, 10(3), 313–336.
Delange, J. and Feiler, P. (2014). Architecture fault mod-
eling with the AADL error-model annex. In Software
ame1000
1
Sens1000
0.5
Bat500
1
Ctrl500
1
ESC500
StateESC
ESC100
1 1
1
0.5
Fig. 12. A DEPM that was generated from the UDP model
of the case study quadrocopter
Engineering and Advanced Applications (SEAA), 2014
40th EUROMICRO Conference on, 361–368. IEEE.
Denson, W., Chandler, G., Crowell, W., Clark, A., and
Jaworski, P. (1994). Nonelectronic Parts Reliability
Data 1995. Technical report, RELIABILITY ANAL-
YSIS CENTER GRIFFISS AFB NY.
Ding, K., Mutzke, T., Morozov, A., and Janschek, K.
(2016). Automatic Transformation of UML System
Models for Model-based Error Propagation Analysis
of Mechatronic Systems. IFAC-PapersOnLine, 49(21),
439–446.
DroneFlyers (2017). Anzahl der verkauften kommerziellen
Drohnen weltweit in den Jahren 2013 bis 2017. Statista.
Feiler, P.H. and Gluch, D.P. (2012). Model-based engineer-
ing with AADL: an introduction to the SAE architecture
analysis & design language. Addison-Wesley.
FIDES (2009). Reliability methodology for electronic
systems. FIDES group.
Gausemeier, J. and Moehringer, S. (2002). VDI 2206-A
new guideline for the design of mechatronic systems.
IFAC Proceedings Volumes, 35(2), 785–790.
IEC (2006a). Analysis Techniques for System Reliability-
Procedure for Failure Mode and Effects Analysis
(FMEA). IEC 60812.
IEC (2006b). Fault Tree Analysis (FTA). IEC 61025.
Ishak, I.S. and Alias, R.A. (2005). Designing a Strate-
gic Information System Planning Methodology for
Malaysian Institutes of Higher Learning (ISP-IPTA).
Universiti Teknologi Malaysia.
Janschek, K. (2011). Mechatronic systems design: meth-
ods, models, concepts. Springer Science & Business
Media.
Kapp´e, T., Arbab, F., and Talcott, C. (2017). A
Component-oriented Framework for Autonomous
Agents. In International Conference on Formal Aspects
of Component Software, 20–38. Springer.
Mason, I.A., Nigam, V., Talcott, C., and Brito, A. (2017).
A Framework for Analyzing Adaptive Autonomous
Aerial Vehicles. In CoSim-CPS 1st Workshop on Formal
Co-Simulation of Cyber-Physical Systems.
Mhenni, F., Choley, J.Y., Penas, O., Plateaux, R., and
Hammadi, M. (2014a). A SysML-Based Methodology
for Mechatronic Systems Architectural Design. Ad-
vanced Engineering Informatics, 28(3), 218–231.
Mhenni, F., Nguyen, N., and Choley, J.Y. (2014b). Auto-
matic fault tree generation from SysML system models.
In 2014 IEEE. In ASME International Conference on
Advanced Intelligent Mechatronics (AIM)(July 2014),
715–720.
MIL-HDBK-217F (1991). Military Handbook: Reliability
Prediction of Electronic Equipment. United States of
America: Department of defense.
Morozov, A., Tuk, R., and Janschek, K. (2015). ErrorPro:
Software tool for stochastic error propagation analysis.
In 1st International Workshop on Resiliency in Embed-
ded Electronic Systems, Amsterdam, The Netherlands,
59–60.
Morozov, A. (2012). Dual-graph model for error propaga-
tion analysis of mechatronic systems. Dresden Univer-
sity of Technology.
OMG (2011). OMG Unified Modeling Language
(OMG UML), Infrastructure, Version 2.4.1. URL
http://www.omg.org/spec/UML/2.4.1.
OMG (2013). OMG Meta Object Facility
(MOF) Core Specification, Version 2.4.1. URL
http://www.omg.org/spec/MOF/2.4.1.
OMG (2015). OMG Systems Modeling Lan-
guage (OMG SysML), Version 1.4. URL
http://www.omg.org/spec/SysML/1.4/.
Ong, C.M. (1998). Dynamic simulation of electric machin-
ery using Matlab/Simulink. Prentice-Hall PTR,.
Prosvirnova, T., Saez, E., Seguin, C., and Virelizier, P.
(2017). Handling Consistency Between Safety and
System Models. In International Symposium on Model-
Based Safety and Assessment, 19–34. Springer.
Rahman, M.A.A. and Mizukawa, M. (2013). Modeling and
design of mechatronics system with SysML, Simscape
and Simulink. In Advanced Intelligent Mechatronics
(AIM), 2013 IEEE/ASME International Conference on,
1767–1773. IEEE.
SESAR (2016). European Drones Outlook Study. Unlock-
ing the value for Europe.
Tractica (2016). Consumer Drone Sales to Increase Tenfold
to 67.7 Million Units Annually by 2021.
... The proposed method offered a systematic way to derive DEPM graphs from corresponding system representations, fundamental to model-based systems engineering (MBSE) [5]. DEPM has since been applied in domains including avionics ( [6], [7], [8], [9], [10], [11]), automotive and robotics ( [5], [12], [13], [14]), embedded software( [15], [16], [17], [18]), and medical systems( [19], [20]). Within nuclear safety, recent endeavors have leveraged DEPM for reliability analysis [21], software CCF modeling [22] and as a hardware-software failure simulation tool for dynamic PRA( [23], [24]). ...
Implementing Multiple Control Paths in the Dual Error Propagation Graph for Stochastic Failure Analysis of Digital Instrumentation and Control Systems
Conference Paper
  • Jan 2024
Advanced nuclear reactors are ushering in a transformative era in the nuclear energy sector, characterized by generational advancements in safety, efficiency, and sustainability. Central to realizing the advanced reactor philosophy is the integration of digital instrumentation and control (I&C) systems, which are critical for enhancing the operational integrity, economic viability, and safety of advanced reactor designs. Designed to be vastly more complex than their analog counterparts, digital I&Cs offer comparatively superior control, diagnostic capabilities, and adaptability. However, added complexity makes failures of such systems inherently hard to describe, let alone predict, due in part to their potential for propagating internal errors in manners that are often unintuitive and opaque. Consequently, the use of digital I&Cs poses new challenges to qualifying reactor safety. Addressing these challenges requires a fundamental rethinking of probabilistic failure modeling. The dual error propagation method (DEPM) is a stochastic technique that allows us to induce and track failure behavior by explicitly representing a system in terms of its control and data flows – two attributes that are sufficient to adequately describe combinatorial logic. However, the physical processes underlying digital systems like all natural processes are inherently coincident. So far the nature of abstraction requires DEPM models to be sequential and time-agnostic leading to fundamental inconsistencies that are accepted nonetheless by relaxing modeling assumptions. This paper is an extension to our previous work introducing the concept of multiple control paths within DEPM aimed at addressing its sequential limitations. Through a case study on basic digital logic building blocks we showcase the improved expressivity afforded by multi-control DEPM emphasizing its potential and limitations in supporting the reliability analysis of larger more complex digital I&Cs. Our analysis demonstrates that while multi-control DEPM is feasible it is fundamentally limited by its inability to explicitly model time consequently accurately modeling race conditions concurrency and synchronization without compromising modeling assumptions remains unachievable. Furthermore multi-control DEPM is computationally expensive due to an exponential increase in the number of modeled states with each added control flow the issue of this so-called state-space explosion stays largely unresolved within DEPM as a whole. Given these limitations we conclude by proposing future research directions including the exploration of alternative time-explicit modeling techniques and strategies for managing model complexity with a deeper case study to follow.
View
... The proposed method offered a systematic way to derive DEPM graphs from corresponding system representations, fundamental to model-based systems engineering (MBSE) [5]. DEPM has since been applied in domains including avionics ( [6], [7], [8], [9], [10], [11]), automotive and robotics ( [5], [12], [13], [14]), embedded software( [15], [16], [17], [18]), and medical systems( [19], [20]). Within nuclear safety, recent endeavors have leveraged DEPM for reliability analysis [21], software CCF modeling [22] and as a hardware-software failure simulation tool for dynamic PRA( [23], [24]). ...
Implementing Multiple Control Paths in the Dual Error Propagation Graph for Stochastic Failure Analysis of Digital Instrumentation and Control Systems
Preprint
  • Jun 2024
Advanced nuclear reactors are ushering in a transformative era in the nuclear energy sector, characterized by generational advancements in safety, efficiency, and sustainability. Central to realizing the advanced reactor philosophy is the integration of digital instrumentation and control (I&C) systems, which are critical for enhancing the operational integrity, economic viability, and safety of advanced reactor designs. Designed to be vastly more complex than their analog counterparts, digital I&Cs offer comparatively superior control, diagnostic capabilities, and adaptability. However, added complexity makes failures of such systems inherently hard to describe, let alone predict, due, in part, to their potential for propagating internal errors in manners that are often unintuitive and opaque. Consequently, the use of digital I&Cs poses new challenges to qualifying reactor safety. Addressing these challenges requires a fundamental rethinking of probabilistic failure modeling. The dual error propagation method (DEPM) is a stochastic technique that allows us to induce and track failure behavior by explicitly representing a system in terms of its control and data flows-two attributes that are sufficient to adequately describe combinatorial logic. However, the physical processes underlying digital systems, like all natural processes, are inherently co-incident. So far, the nature of abstraction requires DEPM models to be sequential and time-agnostic, leading to fundamental inconsistencies that are accepted nonetheless by relaxing modeling assumptions. This paper is an extension to our previous work introducing the concept of multiple control paths within DEPM, aimed to address its sequential limitations. Through a case study on basic digital logic building blocks, we showcase the improved expressivity afforded by multi-control DEPM, emphasizing its potential and limitations in supporting the reliability analysis of larger, more complex digital I&Cs. Our analysis demonstrates that while multi-control DEPM is feasible, it is fundamentally limited by its inability to explicitly model time. Consequently, accurately modeling race conditions, concurrency, and synchronization without compromising modeling assumptions remains unachievable. Furthermore, multi-control DEPM is computationally expensive due to an exponential increase in the number of modeled states with each added control flow. The issue of this so-called state-space explosion stays largely unresolved within DEPM as a whole. Given these limitations, we conclude by proposing future research directions, including the exploration of alternative time-explicit modeling techniques and strategies for managing model complexity, with a deeper case study to follow.
View
... This allows the extending of AADL models with error models and hazard models for safety and hazard analysis [11], [12], [13]. SysML v1 resilience profiles for reliability analysis were introduced in [14] and [15]. In our previous work [16], [17], [18] we used and extended the SysML v2 RiskMetadata package [19]. ...
Automated and Continuous Risk Assessment for ROS-Based Software-Defined Robotic Systems
Conference Paper
Full-text available
  • Aug 2023
In modern and complex production systems, the focus is shifted toward the software part. Software-Defined Manufacturing (SDM) and Cyber-Physical Production Systems (CPPS) characterize this trend. SDM and CPPS enable the concept of adaptive, flexible, and self-configuring production systems. These software-intensive robotic systems are safety- critical because they usually are applied in the same environ- ments as human workers. Therefore they require a continuous risk assessment. The uploading of a new software to the system can change its behavior drastically and therefore, the risk assessment needs to be redone. Key enabling technologies are digital twins, advanced and hybrid risk models, and Model-to- Model (M2M) transformation methods. In this paper, we introduce a new approach to the automated and continuous risk assessment based on Robot Operating System (ROS) code of a software-defined robotic system. The approach pipelines four key elements: (i) a logger that logs the data of the digital twin, (ii) an adder algorithm that creates risk annotated code based on the given ROS code, the output of the logger, and the hardware description including risk data of robot parts, (iii) an M2M transformation algorithm that automatically generates hybrid risk models from risk-annotated code, and (iv) OpenPRA solvers for numerical evaluation of the generated hybrid risk models.
View
... The mainstream standardized language for modeling systems is SysML [24]. It offers a profile mechanism which can be used to specialize its generic metamodel and diagrams in order to support functional safety aspects of systems (e.g., dependability analysis in the aerospace domain [25]). On the other hand, the USF metamodel as a DSL offers the streamlined combination of structural aspects as well as control-/dataflow in the same model. ...
The Universal Safety Format in Action: Tool Integration and Practical Application
Article
Full-text available
  • Jan 2023
Designing software that meets the stringent requirements of functional safety standards imposes a significant development effort compared to conventional software. A key aspect is the integration of safety mechanisms into the functional design to ensure a safe state during operation even in the event of hardware errors. These safety mechanisms can be applied at different levels of abstraction during the development process and are usually implemented and integrated manually into the design. This does not only cause significant effort but does also reduce the overall maintainability of the software. To mitigate this, we present the Universal Safety Format (USF), which enables the generation of safety mechanisms based on the separation of concerns principle in a model-driven approach. Safety mechanisms are described as generic patterns using a transformation language independent from the functional design or any particular programming language. The USF was designed to be easily integrated into existing tools and workflows that can support different programming languages. Tools supporting the USF can utilize the patterns in a functional design to generate and integrate specific safety mechanisms for different languages using the transformation rules contained within the patterns. This enables not only the reuse of safety patterns in different designs, but also across different programming languages. The approach is demonstrated with an automotive use-case as well as different tools supporting the USF.
View
... Also, structural, behavioral, and requirement characteristics were considered when designing the architecture of UAVs. In Steurer, Morozov [9] study, they analyzed the UAV dependability profile using SysML. Dual-graph error propagation model (DEPM) was part of their methodology, while a method for converting SysML models to DEPM was developed. ...
Modeling and Analysis of Unmanned Aerial Vehicle System Leveraging Systems Modeling Language (SysML)
Article
Full-text available
  • Dec 2022
The use of unmanned aerial vehicles (UAVs) has seen a significant increase over time in several industries such as defense, healthcare, and agriculture to name a few. Their affordability has made it possible for industries to venture and invest in UAVs for both research and commercial purposes. In spite of their recent popularity; there remain a number of difficulties in the design representation of UAVs, including low image analysis, high cost, and time consumption. In addition, it is challenging to represent systems of systems that require multiple UAVs to work in cooperation, sharing resources, and complementing other assets on the ground or in the air. As a means of compensating for these difficulties; in this study; we use a model-based systems engineering (MBSE) approach, in which standardized diagrams are used to model and design different systems and subsystems of UAVs. SysML is widely used to support the design and analysis of many different kinds of systems and ensures consistency between the design of the system and its documentation through the use of an object-oriented model. In addition, SysML supports the modeling of both hardware and software, which will ease the representation of both the system’s architecture and flow of information. The following paper will follow the Magic Grid methodology to model a UAV system across the SysML four pillars and integration of SysML model with external script-based simulation tools, namely, MATLAB and OpenMDAO. These pillars are expressed within standard diagram views to describe the structural, behavior, requirements, and parametric aspect of the UAV. Finally, the paper will demonstrate how to utilize the simulation capability of the SysML model to verify a functional requirement.
View
... In the case of air platforms, it is required to introduce additional mechanisms to the design process, allowing for the preparation of a design that is easy to expand, maintain and verify. In recent years, the use of UAV functionalities based on the System Modeling Language (SysML) [6] and Unified Modeling Language (UML) [7] models have become widely used. UML also uses the Object Constraint Language (OCL), which allows for additional detailing of the system's functionality and defining constraints that must always be met. ...
Designing a Reliable UAV Architecture Operating in a Real Environment
Article
Full-text available
  • Dec 2021
The article presents a method of designing a selected unmanned aerial platform flight scenario based on the principles of designing a reliable (Unmanned Aerial Vehicle) UAV architecture operating in an environment in which other platforms operate. The models and results presented relate to the medium-range aerial platform, subject to certification under the principles set out in aviation regulations. These platforms are subject to the certification process requirements, but their restrictions are not as restrictive as in the case of manned platforms. Issues related to modeling scenarios implemented by the platform in flight are discussed. The article describes the importance of Functional Hazard Analysis (FHA) and Fault Trees Analysis (FTA) of elements included in the hardware and software architecture of the system. The models in Unified Modeling Language (UML) used by the authors in the project are described, supporting the design of a reliable architecture of flying platforms. Examples of the transformations from user requirements modeled in the form of Use Cases to platform operation models based on State Machines and then to the final UAV operation algorithms are shown. Principles of designing system test plans and designing individual test cases to verify the system’s operation in emergencies in flight are discussed. Methods of integrating flight simulators with elements of the air platform in the form of Software-in-the-Loop (SIL) models based on selected algorithms for avoiding dangerous situations have been described. The presented results are based on a practical example of an algorithm for detecting an air collision situation of two platforms.
View
A systematic literature review on the mathematical underpinning of model‐based systems engineering
Article
Full-text available
  • Aug 2024
The International Council on Systems Engineering (INCOSE) has initiated a Future of Systems Engineering (FuSE) program that includes a stream for advancing the theoretical foundations of the discipline of Systems Engineering (SE). A near‐term goal of FuSE is to assess the adequacy of current theoretical foundations of SE. The discipline of SE is converging toward model‐based practices (i.e., MBSE) that have not yet reached the maturity of model‐based practices in other engineering domains. For example, finite element analysis and computational fluid dynamics are grounded in mathematical theory, while, generally, MBSE is not. However, some attempts have been made to underpin MBSE with theoretical richness. This article presents a systematic literature study that surveyed state of the art on providing MBSE with mathematical foundations. Our protocol collected over 2000 publications that were reviewed for inclusion/exclusion, categorized, and analyzed. We provide insights to the type of mathematical theories used, domains of applications, and areas of SE to which the math was applied to, among other analysis. We also provide a synthesized discussion about the field moving forward, emphasizing positive trends along with the negatives and areas of concern. Overall, we found the field to be nascent.
View
A SysML-Based Architecture Framework for Helicopter
Chapter
  • Sep 2023
A multi-level system architecture framework has been devised due to the absence of an architecture framework suitable for helicopter development. The proposed architecture framework is tool-agnostic and can accommodate a wide range of SysML modeling tools. It uses three viewpoints (conceptual, logical, and physical) to transform stakeholder requirements into final products. The framework facilitates the development of helicopters at five system levels. The logical viewpoint is the focal point of this framework, corresponding to three levels of system hierarchy. The principles of functional integrity and three-level function integration are proposed for developing a logical viewpoint. The principle of functional integrity is used to decompose a function into a subfunction. The principle of functional integration is used to decompose functionality downward. This approach emphasizes the expression of system architecture, defines the representation of system elements, establishes rules for expressing relationships through different views, and identifies views applicable to various viewpoints. Finally, this framework’s concrete application is demonstrated using the helicopter brake function.
View
MBSE Process Modeling Based on Development Process Space Metamodel
Chapter
  • Jul 2022
In the mechatronics field, the application of Model-Based Systems Engineering (MBSE) is more and more widespread. Research on system development process is an important means to support MBSE application. There is a lack of a general model that can describe the hierarchical level and multiple iterations of MBSE development process in the existing literature. In this paper, a general Development Process Space Metamodel (DPSM) is proposed. A vector in DPSM can be used to determine the unique state of the system development process, which meets the modeling needs of hierarchical and iterative MBSE development process. In the case study, a development process model of MBSE methodology called ARCADIA is established with DPSM to illustrate the universality of DPSM. DPSM provides alternative way for modeling and analysis of MBSE development process in the future.
View
Model-Based Dependability Assessment of Phased-Mission Unmanned Aerial Vehicles
Article
  • Jan 2020
Assessment of non-functional reliability and safety requirements in the early development phases helps to prevent conceptually wrong decisions and, as a consequence, significantly reduces overall development costs. The application of model-based system analysis techniques demonstrates promising results for complex avionics systems, especially software-intensive Unmanned Aerial Vehicles (UAV). Such systems are commonly designed to accomplish a specific mission consisting of multiple mission phases. The concept of phased mission systems enables the specification of individual requirements for different phases. For instance, the reliability requirements or system specifications are different for UAV flights over an agricultural field and a highway. Therefore, modern analytical methods have to distinguish between different mission phases and enable the analysis of phased missions. In this paper, we propose a new model-based method that allows system engineers to assess a conceptional design specification of the UAV concerning the fulfillment of phase-specific requirements. The proposed approach exploits modern probabilistic model checking techniques for the quantification of several dependability metrics. The method supports the systematic analysis of system specifications that contain both structural and behavioral system properties. A case study demonstrates the feasibility of the proposed method.
View
View
Handling Consistency Between Safety and System Models
Conference Paper
Full-text available
  • Aug 2017
  • Lect Notes Comput Sci
Safety analyses are of paramount importance for the development of embedded systems. In order to perform these analyses, safety engineers use different modeling techniques, such as, for instance, Fault Trees or Reliability Block Diagrams. One of the industrial development process challenges today is to ensure the consistency between safety models and system architectures.
View
Automatic Transformation of UML System Models for Model-based Error Propagation Analysis of Mechatronic Systems
Article
Full-text available
  • Dec 2016
Mechatronic systems consist of heterogeneous components: mechanical parts, hardware, and software. Appropriate models, which describe the mutual physical interaction on common Abstract levels, are required. UML is a widely accepted candidate for design and model-based analysis of the mechatronic systems. For the error propagation analysis on system level we have introduced a stochastic dual-graph error propagation model. This model captures control and data flow aspects of the system and allows the computation of various reliability metrics using discrete time Markov chain models. In our recent case-studies, UML Activity Diagrams have been used as baseline models. However, the transformation process was not fully automatic. This process is not so straightforward, despite the obvious structural similarities of the activity diagrams and our error propagation models. This article presents a new fully automatic method for the transformation of annotated activity diagrams. The transformation algorithm is described in detail with formal set-based mathematical notations. The article addresses both theoretical and technical sides of the problem. The method is demonstrated as a part of a complete analytical workflow in the frame of a mechatronic case study.
View
Dual Graph Error Propagation Model for Mechatronic System Analysis
Article
Full-text available
  • Aug 2011
Error propagation analysis is an important part of a system development process. This paper addresses a model based analysis of spreading of data errors through mechatronic systems. Error propagation models for such kind of systems must use an abstraction level, which allows the proper mapping of the mutual interaction of heterogeneous system elements such as software, hardware and physical parts. A number of appropriate approaches have been introduced in recent years. The majority of them are based only on a data flow analysis. It is shown in this paper that for a complete picture the system control flow has to be considered as well. A new approach based on probabilistic control flow and data flow graphs is presented. The structures of the graphs can be derived systematically from an UML/SysML model of a system. The knowledge about an operational system profile allows the definition of additional system properties. Initially this model was developed for software errors localization. This paper shows its applicability to the error propagation analysis of an entire mechatronic system. The paper presents the modeling concept, the complete mapping process and application of the model for error localization. A reference robot control example demonstrates the main modeling steps.
View
The Architecture Analysis & Design Language (AADL): An Introduction
Article
Full-text available
  • Feb 2006
In November 2004, the Society of Automotive Engineers (SAE) released the aerospace standard AS5506, named the Architecture Analysis & Design Language (AADL). The AADL is a modeling language that supports early and repeated analyses of a system's architecture with respect to performance-critical properties through an extendable notation, a tool framework, and precisely defined semantics. The language employs formal modeling concepts for the description and analysis of application system architectures in terms of distinct components and their interactions. It includes abstractions of software, computational hardware, and system components for (a) specifying and analyzing real-time embedded and high dependability systems, complex systems of systems, and specialized performance capability systems and (b) mapping of software onto computational hardware elements. The AADL is especially effective for model-based analysis and specification of complex real-time embedded systems. This technical note is an introduction to the concepts, language structure, and application of the AADL.
View
A Component-Oriented Framework for Autonomous Agents
Conference Paper
  • Sep 2017
  • Lect Notes Comput Sci
The design of a complex system warrants a compositional methodology, i.e., composing simple components to obtain a larger system that exhibits their collective behavior in a meaningful way. We propose an automaton-based paradigm for compositional design of such systems where an action is accompanied by one or more preferences. At run-time, these preferences provide a natural fallback mechanism for the component, while at design-time they can be used to reason about the behavior of the component in an uncertain physical world. Using structures that tell us how to compose preferences and actions, we can compose formal representations of individual components or agents to obtain a representation of the composed system. We extend Linear Temporal Logic with two unary connectives that reflect the compositional structure of the actions, and show how it can be used to diagnose undesired behavior by tracing the falsification of a specification back to one or more culpable components.
View
View
A SysML-based methodology for mechatronic systems architectural design
Article
  • Aug 2014
  • ADV ENG INFORM
Mechatronic systems are characterized by the synergic interaction between their components from different technological domains. These interactions enable the system to achieve more functionalities than the sum of the functionalities of its components considered independently. Traditional design approaches are no longer adequate and there is a need for new synergic and multidisciplinary design approaches with close cooperation between specialists from different disciplines. SysML is a general purpose multi-view language for systems modeling and is identified as a support to this work. In this paper, a SysML-based methodology is proposed. This methodology consists of two phases: a black box analysis with an external point of view that provides a comprehensive and consistent set requirements, and a white box analysis that progressively leads to the internal architecture and behavior of the system.
View
Modeling and design of mechatronics system with SysML, Simscape and Simulink
Conference Paper
  • Jul 2013
This paper presents a work underdone with the intention of filling the gap between system-level designs and simulations in the context of mechatronics. High levels system designs and specifications that usually expressed in SysML are not sufficient to verify the performance of dynamical systems because SysML is only capable of descriptive semantics. In other words, it cannot generate executable simulations. Engineers often use separate simulation tools (e.g., Matlab/Simulink) for evaluating the system performance. In this sense, we propose a modeling and simulation approach using stereotypes and specializations of SysML standards to facilitate mechatronics system design. As a merit, descriptive SysML models are integrated with simulation models (e.g. Simulink and Simscape) in a single execution environment. We demonstrate the approach along with an illustrative example of a mobile robotic platform.
View
View