Information Technology Reference
In-Depth Information
If the design could be simulated earlier, for example with the techniques presented in
this paper, simulations could also be used to assess whether the required functionality
is able to detect and handle the hazardous situations. The feedback loop between design
and requirements could thus be shortened. This could further facilitate the development
of both basic control and safety-systems.
Testing or simulation-aided testing of design and development specifications cannot
be used to prove the correctness of them. However, simulations can be used to test the
reactions of control or safety systems to events in the system that could not be tested
with the actual system without compromising safety. Moreover, simulations may aid in
comparing alternative solutions in terms of, for example, availability of the controlled
system that may be important from the point of view of the developer organization or
the end user but not that of safety standards. Extensive testing is also required by safety
standards. The problem with conventional testing is that the system should be already
implemented in order to be tested. If both the simulation model and the executable ap-
plication would be produced by trusted, automatic transformations based on the same
model, testing could as well utilize the simulation model of the application. Conse-
quently, with our approach, an improvement would also be the ability to test earlier in
the development process based on platform independent models.
Another issue that must be increasingly considered in industrial control systems in
future is security, as demonstrated by the recent Stuxnet worm. It can be easily justified
that compromising security may lead to compromising safety, for example if a safety-
critical, measured value is lost or modified. However, security is hardly mentioned in
safety standards such as IEC 61508. We are expecting a change in this in near future.
Security issues could also be taken into account in simulations. For example, security-
related test simulations could be supported by making it possible to mark vulnerable
information channels for the simulation engine. The engine could then add a constant or
time-varying gain for the values transferred with use of the channel to test the reactions
of the control system to an unusual situation. Losing a connection totally would also be
a meaningful simulation case that could reveal serious vulnerabilities in systems.
7
Conclusions
This paper has presented a tool-supported approach to transform functional UML AP
models and their interlocking specifications to ModelicaML models and finally to sim-
ulateable Modelica models. The aim of the approach and transformation implementa-
tion is to enable automated and less tedious creation of simulation models and thus
to support model-driven development of control systems, including their interlocking
and constraint control functions. Compared to present development practices of control
systems, this could enable the testing of the solutions earlier during the development
process. The approach also offers the other, listed benefits of simulations.
The example system and the control approaches presented in this paper were simple
but still adequate for demonstrating the techniques in creation of two simulation models.
Simulations could be used to compare the two designed interlocking approaches within
a feedback control system. This is also how simulations are currently typically used if
their development is considered worthwhile.
Search WWH ::
Custom Search