ESA introduction – MBSE at system level Room: Newton 2

Trends in MBSE and experiences with SysML on Euclid

• Harold Metselaar (ESA/ESTEC)
• Jose Lorenzo Alvarez (ESA/ESTEC)

Room: Newton 2 In recent years, the system engineering field is coming to terms with a paradigm shift in the approach for complexity management. Different strategies have been proposed to cope with highly interrelated systems and system of systems. In particular, Model Based System Engineering (MBSE) intends to introduce methodologies for a systematic system definition, development, validation, deployment, operation and decommission, based on logical and visual relationship mapping, rather than traditional ‘document based’ information management. Euclid is the second medium class mission (M2) of the European Space Agency (ESA) Cosmic Vision program. Its primary goal is to determine the nature and distribution of dark matter and dark energy using two main cosmological probes: Weak Lensing (WL) and Galaxy Clustering (GC). Euclid is the first attempt to apply an MBSE approach at mission level for a major science project under development in ESA. The topic of this presentation is two-fold: (1) general trends in MBSE and (2) experiences with SysML on Euclid.

MBSSE used in the Ariane 6 launcher development

• Patrick Cormery (Airbus Safran Launchers)

Room: Newton 2 This presentation will focus on the current deployment of methods and tools, in the frame of Ariane 6 project. It will also address the on-going and future studies, targeting various aspects such as formal proof, integrated modelling for RAMS and the enhancement of analysis capabilities to be coupled with the existing toolset. The current status is covering the following capabilities : • Functional analysis with Mega • Refinement of the functional and Avionic electrical definition with Capella • Functional architecture Modelling with SYSML Rhapsody • Mission Management with DSL Vasco • Model transformation from SYSML and VASCO to Lustre language allowing formal proof • Automated generation of Documentation from Capella & SYSML • Automated code generation from SYSML and VASCO The next step, initiated from current R&T studies are focusing on : • The harmonization of the current toolset, replacing SYML & MEGA with a future version of Capella • Automated test generation and validation of the SYSML models correctness (in order to compensate the lack of certification of the code generator Tool) • RAMS modelling (linked to the Clarity project), with the ability to create non-functional links to be added to the Capella engineering models • Coupling of dedicated analysis tool to support Avionic architecture Trade-offs (power consumption, mass budget, thermal,…)

Connecting COMPASS to Capella

• Regis de Ferluc (Thales Alenia Space)

Room: Newton 2 Model Based FDIR process with Capella and COMPASS. “In the past decade, Model Checking and Model Simulation techniques have been investigated and developed with better and better results in terms of efficiency and performance. For a long time, those techniques have been identified as promising to assist Safety, Dependability and FDIR engineers in their activities when dealing with complex systems such as spacecraft and satellites. However, these techniques are rarely applied in operational projects due to major blocking points : (i) need for detailed knowledge on the methodology and hands-on practice by prospective users, (ii) big effort required to build a formal model of the system, (iii) insufficient means or methodology to ensure that the modelled system matches the real system, (iv) scarce understanding of properties to be proved, (v) tools with shortcomings in ergonomic and interoperability with other engineering environments. In this context, the recent deployment of Model Based System and Software Engineering practices is seen as an opportunity : instead of developing specific models for safety and FDIR analysis, it becomes possible to couple model checking and model simulation tools to System and Software engineering models. This track has been investigated during a CNES study aiming at defining a Model Based approach for supporting the FDIR process, and some prototyping activities have allowed to couple the COMPASS toolset to Melody Advance, the Thales modelling tool now released as open-source software under the name Capella. Based on such results, this presentation will provide an overview of what could be the future for Model Based Safety / FDIR Assessment in the Space domain.”

COMPASS: Future trends and developments

• Marco Bozzano (Fondazione Bruno Kessler)

Room: Newton 2 COMPASS is a toolset for model-based design of complex aerospace systems. It has been developed, under funding of the European Space Agency, in response to the need of a more formal and comprehensive approach to the problem of system-software co-engineering. A new release of the toolset, COMPASS 3.0, has recently been delivered, consolidating the work done over the last eight years. In this talk, we will summarize the main achievements of COMPASS, and present the roadmap for future developments, which include the integration of COMPASS with other modeling languages and design environments, and the synergy with other ESA-related initiatives such as the TASTE development environment and OSRA (On-board Software Reference Architecture).

Elevator pitches Room: Newton 2 * Ontology-based Requirements Validation - Speaker: Nick Bassiliades (Aristotle University of Thessaloniki) * Formal verification techniques applied to Spacecraft Mode Management - Speaker: Massimo Tipaldi (OHB) * Model Driven Engineering using COMPASS and Simulink - Speaker: Harold Bruintjes (RWTH Aachen) * CITADEL Adaptive Systems for High-Assurance Protection - Speaker: Stefano Tonetta (FBK) * COMPASS without AADL: towards COMPASS-STAR? - Speaker: Alessandro Cimatti (FBK)

Group discussion Room: Newton 2

ESA introduction – MBSE at software level Room: Newton 2

Data Modelling on Proba3 ASPIICS payload - Lessons learned and way forward

• Konrad Grochowski (N7 mobile)
• Michał Mosdorf (N7 mobile)

Room: Newton 2 ASPIICS payload software is responsible for the management of scientific observations performed on-board of PROBA3 mission. Additionally it provides important shadow position sensor data for the verification of PROBA3 satellites alignment. This talk will present ASPIICS instrument software architecture. Additionally there will be provided summary of lessons learned from the usage of TASTE and ASN.1 data modeling for the design and implementation of PUS-A stack. Designed PUS-A stack was integrated into on-board software and SVF scripting environment.

Mixing Re-Use and Model-Based Development - The CHEOPS Payload Software Experience

• Alessandro Pasetti (PnP Software)

Room: Newton 2 The CHEOPS payload software is a PUS application which offers 17 services to the satellite platform and uses 7 services from a lower-level computer. This software has been implemented as an instantiation of the CORDET Framework. The CORDET Framework provides reusable components to manage incoming and out-going PUS telecommands and reports. The framework must be customized with user-provided components implementing application-specific behaviour. In the CHEOPS case, these components were specified as a set of UML models compliant with the FW Profile. The FW Profile is a UML profile to support the modelling of reuse-oriented software applications. A tool - the FW Profile Editor - allows code to be generated from the models. This presentation describes our experience with building an application built partly as reused components and partly as components generated from their UML models.

SARGON (Space Automation & Robotics General cONtroller)

• Martin Azkarate (ESA/ESTEC)

Room: Newton 2 SARGON is devoted to the design of a Robot Control Operating Software (RCOS) based on the TASTE toolset and on existing open-source robotics software, with special care on its RAMS characteristics. ESA space robotics missions such as ExoMars or European Robotic Arm (ERA) require significant software engineering effort when compared with other satellite space missions, due to their complexity and low heritage. Moreover, the software engineering tools used are customized to such extent that a very little percentage of this software development, validation and verification effort becomes re-usable for future space robotics missions. One of SARGON’s main objectives is to reduce the cost of future software developments for space robotics missions. For this purpose, the TASTE framework provides a model-driven approach for the development of reusable and RAMS-compliant on-board software. The activity focuses on the analysis and definition of requirements for an RCOS and on identifying the building blocks to complement the current TASTE implementation for covering all needed RCOS functionalities. The aim of this TASTE RCOS is to be the base of future European space robotics applications, and in this context SARGON is a first step in that direction. SARGON is an activity funded by the ESA Basic Technology Research Programme (TRP). The activity is ongoing but has already been successful in securing a continuation. The EC H2020 programme, within the Strategic Research Cluster in Space Robotics, has awarded an operational grant to the ESROCOS team for the further development of SARGON.

Model-Based Design of an Energy-System Embedded Controller using TASTE

• Roberto Cavada (Fondazione Bruno Kessler)

Room: Newton 2 Model-based design has become a standard practice in the development of control systems. Many solutions provide simulation, code generation, and other functionalities to minimize the design time and optimize the resulting control system implementation. We report on the experience of using TASTE as the design environment for the controller of an energy system comprising a parabolic dish collector and a Stirling engine. Besides standard advantages of model-based design, an appealing feature of TASTE is the possibility of specifying the design model with a formal language such as SDL. The complexity of the designed system stressed the tool’s performances and usability. Nevertheless, the functionalities provided by TASTE were essential to manage such complexity.

Elevator pitches Room: Newton 2 * Model-based design and tools for space applications - Speaker: Holger Schlingloff (Fraunhofer/FOKUS) * A Model Based and Domain Specific Development Environment - Speaker: Andreas Wortmann (OHB) * How dynamic is TASTE? - Speaker: Roger Jacobs (Topic Products) * QGen as a qualifiable code generation backend for TASTE - Speaker: Andres Toom (IB-KRATES)

Group discussion Room: Newton 2

Closing

• Jean-Loup TERRAILLON (ESA)

Room: Newton 2