An integrated model-based early validation approach for railway systems Ronan Baduel To cite this version: Ronan Baduel. An integrated model-based early validation approach for railway systems. Other [cs.OH]. Université Toulouse le Mirail - Toulouse II, 2019. English. NNT : 2019TOU20083. tel- 03012187v2 HAL Id: tel-03012187 https://hal-univ-tlse2.archives-ouvertes.fr/tel-03012187v2 Submitted on 26 Nov 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE En vue de l’obtention du DOCTORAT DE L’UNIVERSITÉ DE TOULOUSE Délivré par l'Université Toulouse 2 - Jean Jaurès Présentée et soutenue par Ronan BADUEL Le 30 septembre 2019 Une approche intégrée d'ingénierie des systèmes ferroviaires basée sur les modèles et prenant en charge leur validation Ecole doctorale : EDMITT - Ecole Doctorale Mathématiques, Informatique et Télécommunications de Toulouse Spécialité : Informatique et Télécommunications Unité de recherche : IRIT : Institut de Recherche en Informatique de Toulouse Thèse dirigée par Jean-michel BRUEL et Iulian OBER Jury M. Vincent CHAPURLAT, Examinateur M. Ludovic APVRILLE, Examinateur M. Marius BOZGA, Examinateur Mme Isabelle PERSEIL, Examinatrice M. Jean-michel BRUEL, Directeur de thèse M. Iulian OBER, Co-directeur de thèse M. Drira KHALIL, Président An integrated model-based early validation approach for railway systems Ronan Baduel, PhD Student at Bombardier Transport 1 Acknowledgments Though a personal work by nature, many people were involved in this thesis, and deserve to be cited. I would like to thank first Jean-Michel Bruel, Iulian Ober, Mohammad Chami and Eddy Doba, which have overseen my activities these past three years and helped me achieved my goals. I would then like to thank Vincent Chapurlat, who helped me find this thesis, reviewed it as a rapporteur and has been the professor that taught me system engineering before that. A special mention to the functional architecture team in BT. They welcomed me in the company, helped me with my work and made my period in Crespin very enjoyable. I hence thank Jerome, Samy, Laurent, Lucile, Ali, Mouhammadou, Maria, Carine, Aurelien, Emmanuel, Carlos, Delphine, Pierre and all the others in BT that helped during my time there. I thank my family, which greatly supported me in my studies up to this Phd. A special thank to my brother, who helped proof-reading this work without counting the hours. I finally thank the jury, who agreed to evaluate this work and provided both a serious scrutiny during the defense of the thesis and welcomed advices afterwards. I am liable to omit people, so I would like to thank the readers, be they contributors or persons interested in this work, for the value they bring to this work. Abstract Systems engineering is a field of study multidisciplinary by nature, using knowledge and techniques from different fields, from mathematics and computer science to organiza- tional theory. As such, it encompasses hundreds of different jobs and practices. It is a discipline used to develop complex systems, meaning systems being composed of different elements linked by relationships. While specifying, developing and validating individual components may not be an issue, doing the same for the whole system is often difficult. A complex system such as a train is developed by several teams of engineers with different viewpoints. We consider here the practice in Bombardier Transport (BT), a train manufacturing company. In BT, the functional architecture alone necessitates to be divided among different engineers, using different scopes of study. It is expressed at system level, meaning the level of abstraction of a vehicle (consist) forming a train. The system is not defined as a global element, it is induced by different pieces of information. This information is specified by several engineers or even teams of engineers, even when considering the system only as a whole without the elements composing it. The requirements, meaning the expectations expressed regarding the system, often 2 include information relative to sub-systems or components. In order to conceive the system, the information characterizing it should be expressed at system level or be linked to global properties or constraints. It means abstracting the information when possible. Considering the amount of information used to characterize a system, abstracting it helps to make it more manageable while overlooking unnecessary details which are not relevant to a global perspective. It can then be integrated into a coherent whole. Achieving the abstraction and the integration of the information requires having traceability, so that every relevant piece of information is considered when studying the whole system. Relevant information about the whole system is taken into account when studying each of its parts. The notion of relevance mentioned here means that it has an impact on the part that is currently studied. For example, a train, which is a whole system, will generally not move if one of its doors, which is a component, is open. On the other hand, a door component will not open if the whole train is moving. In this example, with the train being considered as a complex system, information regarding each individual door will not be considered when studying the train as a whole, just as a door will not receive information regarding characterizing the train as a whole. It is however necessary to express, correlate and trace information between different levels of abstraction to know and/or specify a system and its behavior. 3 The goal pursued in this thesis is to provide a method to integrate information re- garding a train system during the design phase, enabling the specification, representation and validation of its behavior. To this end, several solutions are developed: concepts characterizing the system and its behaviors are developed and applied in models. The way the models are created and the information expressed through them is automatically checked using verification rules. The information and the models are then integrated. The integration is specified and checked using constraints and properties based on the system concepts developed. R´esum´e L'ing´enieriesyst`emeest par nature un domaine d'´etudemultidisciplinaire. Elle fait appel `ades connaissances et des techniques d'origines vari´ees,allant des math´ematiqueset de l'informatique `ala th´eoriede l'organisation. Ainsi, elle couvre des centaines de m´etiers et de pratiques diff´erents. C'est une discipline employ´eepour d´evelopper des syst`emes, c’est-`a-diredes ensembles compos´esde diff´erents ´el´ements li´espar des relations. Bien que sp´ecifier,d´evelopper et valider chacun de ces ´el´ements s´epar´ement soit r´ealisable, faire de m^emepour le syst`emedans sa globalit´eest souvent difficile. Un syst`emecomplexe tel qu'un train est d´evelopp´epar diff´erentes ´equipes d'ing´enieurs, chacune adoptant un point de vue diff´erent. On s'int´eresseici aux pratiques au sein de Bombardier Transport (BT), une entreprise fabriquant des trains. A lui seul, le d´eveloppement d'une architecture fonctionnelle d'un train au sein de BT n´ecessitede r´epartirle travail entre diff´erents ing´enieurs,chacun s'int´eressant `aun cadre d'´etudepar- ticulier. Une telle architecture est consid´er´eeau niveau d'abstraction du syst`eme´etudi´e, qui est un v´ehiculeformant un train ou une partie de train. Le syst`emen'est alors pas d´efinicomme un ensemble global, il est induit par diff´erentes informations. Celles- ci sont fournies par diff´erents ing´enieursou ´equipes d'ing´enieurs,quand bien m^emeon s'int´eresseau syst`emeet non pas aux ´el´ements qui le composent. Les exigences, c’est-`a-direles attentes exprim´eesvis-`a-visdu syst`eme, comprennent g´en´eralement des informations relatives `ases sous-syst`emesou ses composants. Pour concevoir un syst`eme,les informations qui le caract´erisent doivent ^etreexprim´ees`ason propre niveau d'abstraction ou bien ^etreli´ees`ades propri´et´esou contraintes globales qui lui sont propres. Cela demande d'abstraire les ´el´ements d'information chaque fois que cela est possible. Etant donn´ela quantit´ed'informations relatives au syst`eme, les abstraire facilite ainsi leur gestion tout en occultant les d´etailssuperflus. On peut alors les int´egrerau sein d'un tout coh´erent. 4 Abstraire et int´egrerles informations relatives au syst`emen´ecessite de pouvoir les tracer, de fa¸con`ace que toute information pertinente soit prise en compte lors de l'´etude du syst`emeglobal, et que toute information pertinente issue du syst`emeglobal soit prise en compte lors de l'´etuded'un des ´el´ements qui le compose. La notion de pertinence exprim´eeici se rapporte `al'impact que cela peut avoir sur l'objet ´etudi´e. Un train, en tant que syst`emeglobal, ne pourra g´en´eralement pas bouger si l'une de ses portes, ´etant donc un de ses composants, est ouverte. De la m^emefa¸con,une porte, en tant que composant, ne pourra pas s'ouvrir si le train est en mouvement. On voit ainsi que l'´etude du train dans son ensemble ne tient pas compte des informations sp´ecifiques`achaque porte, tout comme chaque porte ne consid`erepas l'ensemble des informations caract´erisant le train. Il est en revanche n´ecessaired'exprimer, corr´eler et tracer les informations entre les diff´erents niveaux d'abstractions pour conna^ıtreet/ou sp´ecifierun syst`emeet son comportement.