An STPA Analysis of the ReVolt - Expanding and Improving the System-Theoretic Process Analysis (STPA) Framework

Abstract

The ReVolt is an idea developed by DNV GL. It is an autonomous vessel designed for container transport between harbors. To test the concept, a co-operational project was started with NTNU. Two master students from the cybernetics department developed a smaller version of the ReVolt. DNV GL provided them with the hull itself, as well as the thruster design. The remaining components are chosen by these students, and they have implemented functionality for dynamic positioning and remote control. Because this project was successful, DNV GL have chosen new students that will continue working on the ReVolt. It is intended to become autonomous within the near future.

Safety is an important aspect of an autonomous vessel. If safety cannot be guaranteed, the vessel cannot be used. Therefore, DNV GL requested that a safety analysis is performed of the ReVolt. The method chosen to perform the analysis is called STPA (System-Theoretic Process Analysis). This analysis is the main focus of this Master thesis. Using the available information, and the future plans for the ReVolt, an STPA analysis has been performed.

Due to the lack of documentation from the developers of the ReVolt, a significant amount of time was spent trying to develop the required documentation in this thesis, based on the available information. UML diagrams were used to document system behavior and functionality. Adding the step of documentation to the STPA approach has been proposed. For the STPA analysis, a framework developed by the co-supervisor was tested and evaluated. The framework provided good support to the analyst, and helped make sure no details were ignored in the analysis.

STPA is a safety analysis tool that is well suited for a complex system as the ReVolt. Several design guidelines were extracted from the analysis results, even though time limited the level the analysis was taken to. The fact that the analysis was performed by a single person, most likely reduced the quality of the analysis. A team of people is required to ensure a satisfactory analysis. Still, the documentation that was developed greatly contributed to performing a thorough system analysis. The results from the analysis presents three main areas for system improvement for the ReVolt at this time; loss of communication, incorrect or missing sensor measurements, and time delays in the reference channels.