A fresh multidisciplinary research and engineering area of Cyber-Physical Systems (CPSs) lies on an intersection of more traditional fields, like mechanical and electrical engineering, and newer approaches from AI, ubiquitous computing, and software engineering. Although modeling is a core method in these areas, the concrete mindsets and methods for it are very diverse, which makes system-level reasoning across models more complicated. For instance, it is difficult to predict how smoothing a control algorithm represented in Simulink would affect schedulability guarantees provided by a rate-monotonic analysis model. Conveniently, software architecture is well-known for reconciling concerns by loosening up model semantics, which makes it a promising tool for model-based design of CPSs. This talk discusses several examples from the automotive and robotics domains to expose the challenges of using heterogeneous models and how software architecture might help alleviate those. All these considerations will be linked to the mysterious second part of the title.
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Architectures for Cyber-Physical Systems, or Why Ivan Doesn’t Want to Graduate
1. Architectures for Cyber-Physical Systems,
or Why Ivan Doesn’t Want to Graduate
Ivan Ruchkin1
Institute for Software Research
Carnegie Mellon University
March 25, 2013
1
In collaboration with A. Bhave, A. Rajhans, B. Krogh, D. Garlan, B. Schmerl, A. Platzer, S. Mitsch, and
others
1 / 40
2. Outline
1 Cyber-Physical Systems: Faces of Engineering
Problem and Hypothesis
2 Architecture for CPS Modeling
Structural Consistency: Quadrotor
Organizing Verification Information: Collision Avoidance
3 Future Research Ideas
4 Conclusion
2 / 40
3. Cyber-Physical Systems: Faces of Engineering
Outline
1 Cyber-Physical Systems: Faces of Engineering
Problem and Hypothesis
2 Architecture for CPS Modeling
Structural Consistency: Quadrotor
Organizing Verification Information: Collision Avoidance
3 Future Research Ideas
4 Conclusion
3 / 40
11. Cyber-Physical Systems: Faces of Engineering
Definition
Cyber-Physical Systems (CPSs) – systems with intensive interaction
between computational and physical elements, often with a high degree of
uncertainty, autonomy, and openness2 .
2
R. Bahety and H. Gill, Cyber-Physical Systems. The Impact of Control Technology, IEEE, 2011.
11 / 40
12. Cyber-Physical Systems: Faces of Engineering
Definition
Cyber-Physical Systems (CPSs) – systems with intensive interaction
between computational and physical elements, often with a high degree of
uncertainty, autonomy, and openness2 .
Unlike traditional control systems: variability in software and
environments;
2
R. Bahety and H. Gill, Cyber-Physical Systems. The Impact of Control Technology, IEEE, 2011.
11 / 40
13. Cyber-Physical Systems: Faces of Engineering
Definition
Cyber-Physical Systems (CPSs) – systems with intensive interaction
between computational and physical elements, often with a high degree of
uncertainty, autonomy, and openness2 .
Unlike traditional control systems: variability in software and
environments;
Unlike purely software systems: physical concerns like sensing and
movement.
2
R. Bahety and H. Gill, Cyber-Physical Systems. The Impact of Control Technology, IEEE, 2011.
11 / 40
14. Cyber-Physical Systems: Faces of Engineering
Disciplines involved
Control theory
Electrical and electronic design
Artificial intelligence
Modeling and verification
Software programming
Mechanical engineering
Ubiquitous computing
12 / 40
15. Cyber-Physical Systems: Faces of Engineering
Disciplines involved
Control theory
Electrical and electronic design
Artificial intelligence
Modeling and verification
Software programming
Mechanical engineering
Ubiquitous computing
As a result:
Interdisciplinary teams
Different approaches to design
12 / 40
16. Cyber-Physical Systems: Faces of Engineering
Technical Research Agenda in CPS
As declared3 :
Autonomy in varying operating conditions
3
Lee, Edward A. Cyber Physical Systems: Design Challenges. EECS Department, University of California,
Berkeley, January 2008.
13 / 40
17. Cyber-Physical Systems: Faces of Engineering
Technical Research Agenda in CPS
As declared3 :
Autonomy in varying operating conditions
Assurance: safety and security
3
Lee, Edward A. Cyber Physical Systems: Design Challenges. EECS Department, University of California,
Berkeley, January 2008.
13 / 40
18. Cyber-Physical Systems: Faces of Engineering
Technical Research Agenda in CPS
As declared3 :
Autonomy in varying operating conditions
Assurance: safety and security
Interoperability between different control systems
3
Lee, Edward A. Cyber Physical Systems: Design Challenges. EECS Department, University of California,
Berkeley, January 2008.
13 / 40
19. Cyber-Physical Systems: Faces of Engineering
Technical Research Agenda in CPS
As declared3 :
Autonomy in varying operating conditions
Assurance: safety and security
Interoperability between different control systems
Extensibility in design
3
Lee, Edward A. Cyber Physical Systems: Design Challenges. EECS Department, University of California,
Berkeley, January 2008.
13 / 40
20. Cyber-Physical Systems: Faces of Engineering
Technical Research Agenda in CPS
As declared3 :
Autonomy in varying operating conditions
Assurance: safety and security
Interoperability between different control systems
Extensibility in design
Approaches to handle cyber AND physical concerns
3
Lee, Edward A. Cyber Physical Systems: Design Challenges. EECS Department, University of California,
Berkeley, January 2008.
13 / 40
21. Cyber-Physical Systems: Faces of Engineering
Technical Research Agenda in CPS
As declared3 :
Autonomy in varying operating conditions
Assurance: safety and security
Interoperability between different control systems
Extensibility in design
Approaches to handle cyber AND physical concerns
Tools for design and development
3
Lee, Edward A. Cyber Physical Systems: Design Challenges. EECS Department, University of California,
Berkeley, January 2008.
13 / 40
22. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
Outline
1 Cyber-Physical Systems: Faces of Engineering
Problem and Hypothesis
2 Architecture for CPS Modeling
Structural Consistency: Quadrotor
Organizing Verification Information: Collision Avoidance
3 Future Research Ideas
4 Conclusion
14 / 40
23. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 1/2
Use of a model in a CPS project:
15 / 40
24. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 1/2
Use of a model in a CPS project:
Verification of a particular system property early in the lifecycle
15 / 40
25. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 1/2
Use of a model in a CPS project:
Verification of a particular system property early in the lifecycle
Documentation and communication
15 / 40
26. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 1/2
Use of a model in a CPS project:
Verification of a particular system property early in the lifecycle
Documentation and communication
Constraining downstream (model) implementation
Control algorithm: a generic form established through verification; a
concrete one is achieved through gradual refinement.
15 / 40
27. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 1/2
Use of a model in a CPS project:
Verification of a particular system property early in the lifecycle
Documentation and communication
Constraining downstream (model) implementation
Control algorithm: a generic form established through verification; a
concrete one is achieved through gradual refinement.
Supporting the assumptions of other models
Worst-case assumptions on communication delays vs. detailed
calculations for delays.
15 / 40
28. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 2/2
Our interest lies in CPS modeling. Major challenge – heterogeneity of
models that comes from dissimilar modeling formalisms and makes those
hard to use together.
16 / 40
29. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 2/2
Our interest lies in CPS modeling. Major challenge – heterogeneity of
models that comes from dissimilar modeling formalisms and makes those
hard to use together.
Discrete vs continuous
Set-theoretic models vs. partial differential equations
16 / 40
30. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 2/2
Our interest lies in CPS modeling. Major challenge – heterogeneity of
models that comes from dissimilar modeling formalisms and makes those
hard to use together.
Discrete vs continuous
Set-theoretic models vs. partial differential equations
physical vs. cyber
Forces and speeds vs. thread safety
16 / 40
31. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 2/2
Our interest lies in CPS modeling. Major challenge – heterogeneity of
models that comes from dissimilar modeling formalisms and makes those
hard to use together.
Discrete vs continuous
Set-theoretic models vs. partial differential equations
physical vs. cyber
Forces and speeds vs. thread safety
Varying degree of determinism
LTS vs. hybrid state automata
16 / 40
32. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 2/2
Our interest lies in CPS modeling. Major challenge – heterogeneity of
models that comes from dissimilar modeling formalisms and makes those
hard to use together.
Discrete vs continuous
Set-theoretic models vs. partial differential equations
physical vs. cyber
Forces and speeds vs. thread safety
Varying degree of determinism
LTS vs. hybrid state automata
Varying levels of abstraction
Basic element: “sensor” vs. “sensing error”.
16 / 40
33. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 2/2
Our interest lies in CPS modeling. Major challenge – heterogeneity of
models that comes from dissimilar modeling formalisms and makes those
hard to use together.
Discrete vs continuous
Set-theoretic models vs. partial differential equations
physical vs. cyber
Forces and speeds vs. thread safety
Varying degree of determinism
LTS vs. hybrid state automata
Varying levels of abstraction
Basic element: “sensor” vs. “sensing error”.
Different treatment of system state
State machines vs. signal flow (Simulink)
16 / 40
34. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
CPS Modeling: Problem 2/2
Our interest lies in CPS modeling. Major challenge – heterogeneity of
models that comes from dissimilar modeling formalisms and makes those
hard to use together.
Discrete vs continuous
Set-theoretic models vs. partial differential equations
physical vs. cyber
Forces and speeds vs. thread safety
Varying degree of determinism
LTS vs. hybrid state automata
Varying levels of abstraction
Basic element: “sensor” vs. “sensing error”.
Different treatment of system state
State machines vs. signal flow (Simulink)
Different treatment of timing, error handling, . . .
16 / 40
35. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
Research Hypothesis
Architecture can help alleviate the heterogeneity of CPS models and relate
individual ones.
17 / 40
36. Cyber-Physical Systems: Faces of Engineering Problem and Hypothesis
Research Hypothesis
Architecture can help alleviate the heterogeneity of CPS models and relate
individual ones.
Architecture has a good track record in software engineering as means
of aggregating analyses of different nature.
Architecture is loose on semantics; strong semantics is one of the
reasons it’s difficult to combine individual models.
17 / 40
37. Architecture for CPS Modeling
Outline
1 Cyber-Physical Systems: Faces of Engineering
Problem and Hypothesis
2 Architecture for CPS Modeling
Structural Consistency: Quadrotor
Organizing Verification Information: Collision Avoidance
3 Future Research Ideas
4 Conclusion
18 / 40
38. Architecture for CPS Modeling Structural Consistency: Quadrotor
Outline
1 Cyber-Physical Systems: Faces of Engineering
Problem and Hypothesis
2 Architecture for CPS Modeling
Structural Consistency: Quadrotor
Organizing Verification Information: Collision Avoidance
3 Future Research Ideas
4 Conclusion
19 / 40
42. Architecture for CPS Modeling Structural Consistency: Quadrotor
Problem
Inconsistent assumptions about connections of the GPS sensor
Control model: the GPS is connected to the low-level processor.
Hardware model: the GPS is connected to the high-level processor.
23 / 40
43. Architecture for CPS Modeling Structural Consistency: Quadrotor
Problem
Inconsistent assumptions about connections of the GPS sensor
Control model: the GPS is connected to the low-level processor.
Hardware model: the GPS is connected to the high-level processor.
Solution: create architectural views for models and relate them.
23 / 40
44. Architecture for CPS Modeling Structural Consistency: Quadrotor
Problem
Inconsistent assumptions about connections of the GPS sensor
Control model: the GPS is connected to the low-level processor.
Hardware model: the GPS is connected to the high-level processor.
Solution: create architectural views for models and relate them.
Outcome: the inconsistency detected during modeling, before
development.
23 / 40
45. Architecture for CPS Modeling Structural Consistency: Quadrotor
Solution: Method
Model X Model Y
X Y
RVx encapsulation RVy
View VX View VY
Vx Vy
RBA encapsulation/refinement RBA
Base CPS Architecture
24 / 40
46. Architecture for CPS Modeling Structural Consistency: Quadrotor
Solution: Control and Hardware Views
25 / 40
47. Architecture for CPS Modeling Structural Consistency: Quadrotor
Solution: Base Architecture
26 / 40
48. Architecture for CPS Modeling Structural Consistency: Quadrotor
Lessons
Architecture is great to relate models with explicit structures
Benefits: extensible specification of rules to find implicit defects
Downside: need to produce architectural views
27 / 40
49. Architecture for CPS Modeling Organizing Verification Information: Collision Avoidance
Outline
1 Cyber-Physical Systems: Faces of Engineering
Problem and Hypothesis
2 Architecture for CPS Modeling
Structural Consistency: Quadrotor
Organizing Verification Information: Collision Avoidance
3 Future Research Ideas
4 Conclusion
28 / 40
50. Architecture for CPS Modeling Organizing Verification Information: Collision Avoidance
Context
Cooperative Collision Avoidance (CICAS):
Y
h
l 0 f jX
POV
0 g Z
00
SV
29 / 40
51. Architecture for CPS Modeling Organizing Verification Information: Collision Avoidance
Problem
Safety is a complicated verification task for CICAS.
Verification models need to be organized hierarchically
30 / 40
54. Architecture for CPS Modeling Organizing Verification Information: Collision Avoidance
Lessons
Architecture as an information management framemork
Benefit: helps extend heterogeneous analyses
Downside: high overhead of maintaining
33 / 40
55. Future Research Ideas
Outline
1 Cyber-Physical Systems: Faces of Engineering
Problem and Hypothesis
2 Architecture for CPS Modeling
Structural Consistency: Quadrotor
Organizing Verification Information: Collision Avoidance
3 Future Research Ideas
4 Conclusion
34 / 40
57. Future Research Ideas
Generation of architectural views from models
Incorporating verification-significant information into architecture
35 / 40
58. Future Research Ideas
Generation of architectural views from models
Incorporating verification-significant information into architecture
Representing assumptions as contstraints over view parameters
35 / 40
59. Future Research Ideas
Generation of architectural views from models
Incorporating verification-significant information into architecture
Representing assumptions as contstraints over view parameters
Understanding the difference between model structure and model’s
assumed architecture
35 / 40
60. Future Research Ideas
Generation of architectural views from models
Incorporating verification-significant information into architecture
Representing assumptions as contstraints over view parameters
Understanding the difference between model structure and model’s
assumed architecture
Development of architecturally similar models helps reduce complexity
35 / 40
61. Conclusion
Outline
1 Cyber-Physical Systems: Faces of Engineering
Problem and Hypothesis
2 Architecture for CPS Modeling
Structural Consistency: Quadrotor
Organizing Verification Information: Collision Avoidance
3 Future Research Ideas
4 Conclusion
36 / 40
62. Conclusion
Summary
CPS present multiple challenges in heterogeneous modeling
Combining physical and cyber aspects
Relating models of very different nature
Architecture may play different roles to bridge the gap
Plenty of other reseach opportunities exist
37 / 40
72. Conclusion
References
Bhave, A., B.H. Krogh, D. Garlan, and B. Schmerl. âĂIJView
Consistency in Architectures for Cyber-Physical Systems.âĂİ In 2011
IEEE/ACM International Conference on Cyber-Physical Systems
(ICCPS), 151 âĂŞ160, 2011.
Rajhans, Akshay, and Bruce H. Krogh. âĂIJHeterogeneous
Verification of Cyber-physical Systems Using Behavior Relations.âĂİ
In Proceedings of the 15th ACM International Conference on Hybrid
Systems: Computation and Control, 35âĂŞ44. HSCC âĂŹ12. New
York, NY, USA: ACM, 2012.
40 / 40