The
project will last 30 months. It will hinge around two axes:
The
integration of languages:
- B:
language, method and tools enabling the construction of flawless
software, and validating the functional specification of complex systems
- AltaRica:
formal language for reliability studies. The tools have been chosen by Dassault
Aviation for safety studies concerning the workings of its Falcon F7X planes
and by Airbus Industries for its A350 programme.
In a hybrid modelling tool:
- The analysis of industrial case tests as regards this integration (control
system/testing study of Coppilot landing doors).
It brings
together:
-
The university of Marseille –ERISCS research group
-
-
This
project lies within the framework of the pôle de compétitivité’s “Safe
Communicating Systems” from the PACA region. It is particularly concerned with
the critical onboard communicating systems, which are essentially those that
present a risk to the people and/or the environment in the event that they
function incorrectly. Among these you can list the systems for supervision or
control, or industrial test installations such as chemical and nuclear
factories, transport or telecommunications networks, critical health systems,
transactional systems... The characteristics of these systems, besides the fact
that they are critical, is that they integrate both material and software
components. The share of software is increasingly important here. As a result
it is necessary to guarantee that the latter function correctly with the chosen
material architecture, including when the environment is disturbed. In other words,
it is essential to study the resistance of the system with breakdowns in the
material and/or software components, and the consequences of these breakdowns
when correct functioning can no longer be guaranteed.
The
development of the critical onboard communicating systems therefore requires
formal models. In the current industrial practice, these models are often
heterogeneous and numerous. These comprise:
- On
the one hand functional models which are aimed at describing how the
system should behave, guaranteeing that its behaviour conforms to its
specifications and correctly derives its implementation from the latter.
Among the formalisms used to construct these models, we can list the states-charts, the
formal languages such as Lustre and Esterel (and the associated tooling
such as Scade, etc), the asynchronous communicating models such as CSP,
DCS, ASM, the B method (and associated tooling such as Atelier B,
FDR, etc.).
- On
the other hand, we have the dysfunctional models, which are aimed at
analysing and reducing the frequency of incidents or accidents linked to
the working of a complex system. These models are typically fault trees or
bar chart reliability schemas.
Until
now, these two types of models have been developed separately and often by
different teams, with different ‘job’ cultures (design engineers on the one
hand, reliability on the other). The formalisms used in one case or another are
often too far away to be connected in an obvious manner. The passage of the
functional or dysfunctional models, or their cohabitation in a real system are
therefore mainly done in an ad-hoc manner and often “by hand”, with all the
risks and surcharges which that constitutes in the event the system
dysfunctions. It is particularly important to highlight that the slightest
change in the functional specification of the system requires that the
associated dysfunctional models are fully looked over on a regular basis, which
in turn will result in considerable maintenance costs and the possibility of
reduced adaptation of a system, as much for their architectural development
(networks, “scalability”) as for their new functionalities (distribution, evolution,
modularity, etc.).
The
result is that we can observe a detrimental separation between the functional
and dysfunctional models from a same system. Their integration is therefore
a major technological stake for the growing complexity of future critical
onboard communicating systems and their applications.
It is
very topical for at least four reasons:
- The
demand from society and economical pressure are forcing the working safety
requirements to be integrated as early as possible in the life cycle of
critical onboard systems, that’s to say from their initial functional
specification.
- The
working safety requirements are coupled with the requirement for the
availability of services. The latter can only be obtained by detailed
analysis of the layered working of the system.
- The
recent developments in functional and dysfunctional modelling formalisms
today make their integration possible thanks to the work being carried out
in the region.
- The
models are today performed within the framework of complicated software
workshops. These computer packages facilitate the integration of the
various techniques.
The
project aims to demonstrate the feasibility of this integration, as much from a
fundamental viewpoint as on industrial case studies.
Objectives
This project
aims, in the first stage, to develop a methodology which helps the design of
hybrid systems, based on modelling techniques using both B Method and the AltaRica
language.
Modelling
comprises studying heterogeneous formalisms capable of enabling easy specification
of complicated systems and interactions of the behaviour patterns they comprise
and is based on two method types.
From an
analytical point of view, quite naturally the first problem which presents
itself is that of consistency of the models. The main interest behind the
project is checking the safety properties throughout the development of a
complicated communicating system.
Of course, the research into such a heterogeneous methodology
will be guided by case studies of fields of application encountered by
industrial partners and specific Pôle SCS jobs (transport, health, risks, safety).
In a
second stage, we envisage the implementation of these techniques within the
framework of a prototype Mixed Workshop enabling the coherent use of the two approaches.
