An overview research talk given during at JPL on July 22, 2015.
Abstract:
Today’s complex cyber-physical systems require the use of a variety of models to capture different aspects of these systems: physical models, software models, control models, and so on. A critical challenge is to ensure consistency and completeness of these models. In this talk we describe an approach that uses architectural models as the basis for reconciliation. Specifically, a base architecture of the system is used as a unifying representation to compare the structure and semantics of the associated models through a set of architectural projections, or views. Each model is related to the base architecture through the abstraction of a corresponding architectural view, which captures structural and semantic correspondences between model elements and system entities. The use of the architectural view framework to relate system models from different domains is illustrated in the context of a quad-rotor air vehicle and an on-going collaboration with Toyota on future braking system design.
[2016/2017] Introduction to Software ArchitectureIvano Malavolta
This presentation is about a lecture I gave within the "Software systems and services" immigration course at the Gran Sasso Science Institute, L'Aquila (Italy): http://cs.gssi.infn.it/.
http://www.ivanomalavolta.com
Capella Days 2021 | Using MBSE to Integrate Engineering Undergraduate Courses...Obeo
The use of MBSE into the undergraduate courses brings the opportunity to integrate the curriculum through an Integrated Design Model. This lecture will: (i) explain the incorporation of Capella into an Airspace Engineering Curriculum; (ii) describe the experience in each discipline, allowing to keep the context, expanding through systemic perspectives; and (iii) present some results, feedbacks and lessons learned.
The lecture will close with how the Brazilian Secretary of Education changed the Brazilian Engineering Courses Guidelines to incorporate Systems Thinking and the opportunity to use Arcadia, and Capella – being free/opensource – as a common Systems Engineering Core.
[2016/2017] Introduction to Software ArchitectureIvano Malavolta
This presentation is about a lecture I gave within the "Software systems and services" immigration course at the Gran Sasso Science Institute, L'Aquila (Italy): http://cs.gssi.infn.it/.
http://www.ivanomalavolta.com
Capella Days 2021 | Using MBSE to Integrate Engineering Undergraduate Courses...Obeo
The use of MBSE into the undergraduate courses brings the opportunity to integrate the curriculum through an Integrated Design Model. This lecture will: (i) explain the incorporation of Capella into an Airspace Engineering Curriculum; (ii) describe the experience in each discipline, allowing to keep the context, expanding through systemic perspectives; and (iii) present some results, feedbacks and lessons learned.
The lecture will close with how the Brazilian Secretary of Education changed the Brazilian Engineering Courses Guidelines to incorporate Systems Thinking and the opportunity to use Arcadia, and Capella – being free/opensource – as a common Systems Engineering Core.
Recovering a software architecture from source is challenging. Automated methods generally provide architectural descriptions which are not very useful. Manual architecture recovery methods are very labour intensive. SyMAR is a method for manual software architecture recovery which aims to efficiently extract a software architecture description from vertical slices through the software system.
Illustrate general good design principles in software engineering such as low coupling, high cohesion, modularity, abstraction, separation of interface and implementation. With examples.
A SYSTEMC/SIMULINK CO-SIMULATION ENVIRONMENT OF THE JPEG ALGORITHMVLSICS Design
In the past decades, many factors have been continuously increasing like the functionality of embedded systems as well as the time-to-market pressure has been continuously increasing. Simulation of an entire system including both hardware and software from early design stages is one of the effective approaches to improve the design productivity. A large number of research efforts on hardware/software (HW/SW) co-simulation have been made so far. Real-time operating systems have become one of the important components in the embedded systems. However, in order to validate function of the entire system, this system has to be simulated together with application software and hardware. Indeed, traditional methods of verification have proven to be insufficient for complex digital systems. Register transfer level test-benches have become too complex to manage and too slow to execute. New methods and verification techniques began to emerge over the past few years. Highlevel test-benches, assertion-based verification, formal methods, hardware verification languages are just a few examples of the intense research activities driving the verification domain.
This Presentation contains all the topics in design concept of software engineering. This is much more helpful in designing new product. You have to consider some of the design concepts that are given in the ppt
Recovering a software architecture from source is challenging. Automated methods generally provide architectural descriptions which are not very useful. Manual architecture recovery methods are very labour intensive. SyMAR is a method for manual software architecture recovery which aims to efficiently extract a software architecture description from vertical slices through the software system.
Illustrate general good design principles in software engineering such as low coupling, high cohesion, modularity, abstraction, separation of interface and implementation. With examples.
A SYSTEMC/SIMULINK CO-SIMULATION ENVIRONMENT OF THE JPEG ALGORITHMVLSICS Design
In the past decades, many factors have been continuously increasing like the functionality of embedded systems as well as the time-to-market pressure has been continuously increasing. Simulation of an entire system including both hardware and software from early design stages is one of the effective approaches to improve the design productivity. A large number of research efforts on hardware/software (HW/SW) co-simulation have been made so far. Real-time operating systems have become one of the important components in the embedded systems. However, in order to validate function of the entire system, this system has to be simulated together with application software and hardware. Indeed, traditional methods of verification have proven to be insufficient for complex digital systems. Register transfer level test-benches have become too complex to manage and too slow to execute. New methods and verification techniques began to emerge over the past few years. Highlevel test-benches, assertion-based verification, formal methods, hardware verification languages are just a few examples of the intense research activities driving the verification domain.
This Presentation contains all the topics in design concept of software engineering. This is much more helpful in designing new product. You have to consider some of the design concepts that are given in the ppt
Thales has been deploying Arcadia and Capella MBSE methods and tools for the past 15 years. As for any journey, there have been many joys and not less difficulties.
During this webinar, Thales presents the foundations of their MBSE approach, how their engineering practices have been improved with the use of models, and what are they doing now to sustain and drive this model-based transformation.
---------
This webinar was driven by Juan Navas (from Thales)
Juan Navas is a Systems Architect with +10 years’ experience on performing and implementing Systems Engineering practices in industrial organizations. He accompanies systems engineering managers and systems architects implement Model-Based Systems Engineering and Product Line Engineering approaches in operational projects, helping them defining their engineering strategies, objectives and practices.
Architectural Abstractions for Hybrid ProgramsIvan Ruchkin
Modern cyber-physical systems interact closely with continuous physical processes like kinematic movement. Software component frameworks do not provide an explicit way to represent or reason about these processes. Meanwhile, hybrid program models have been successful in proving critical properties of discrete-continuous systems. These programs deal with diverse aspects of a cyber-physical system such as controller decisions, component communication protocols, and mechanical dynamics, requiring several programs to address the variation. However, currently these aspects are often intertwined in mostly monolithic hybrid programs, which are difficult to understand, change, and organize. These issues can be addressed by component-based engineering, making hybrid modeling more practical. This
paper lays the foundation for using architectural models to
provide component-based benefits to developing hybrid pro-
grams. We build formal architectural abstractions of hy-
brid programs and formulas, enabling analysis of hybrid programs at the component level, reusing parts of hybrid programs, and automatic transformation from views into hybrid programs and formulas. Our approach is evaluated in the context of a robotic collision avoidance case study.
Software engineering is a detailed study of engineering to the design, development and maintenance of software. Software engineering was introduced to address the issues of low-quality software projects.
[2015/2016] Introduction to software architectureIvano Malavolta
This presentation is about a lecture I gave within the "Software systems and services" immigration course at the Gran Sasso Science Institute, L'Aquila (Italy): http://cs.gssi.infn.it/.
http://www.ivanomalavolta.com
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...Ivan Ruchkin
Presented by Zhenjiang Mao at the Robot Trust for Symbiotic Societies (RTSS) Workshop, ICRA 2024.
Out-of-distribution (OOD) detection is essential in autonomous driving, to determine when learning-based components encounter unexpected inputs. Traditional detectors typically use encoder models with fixed settings, thus lacking effective human interaction capabilities. With the rise of large foundation models, multimodal inputs offer the possibility of taking human language as a latent representation, thus enabling language-defined OOD detection. In this paper, we use the cosine similarity of image and text representations encoded by the multimodal model CLIP as a new representation to improve the transparency and controllability of latent encodings used for visual anomaly detection. We compare our approach with existing pre-trained encoders that can only produce latent representations that are meaningless from the user's standpoint. Our experiments on realistic driving data show that the language-based latent representation performs better than the traditional representation of the vision encoder and helps improve the detection performance when combined with standard representations.
Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...Ivan Ruchkin
This poster was presented by Zhenjiang Mao at ICRA 2024.
Related paper: https://arxiv.org/abs/2404.00462
Abstract: A world model creates a surrogate world to train a controller and predict safety violations by learning the internal dynamic model of systems. However, the existing world models rely solely on statistical learning of how observations change in response to actions, lacking precise quantification of how accurate the surrogate dynamics are, which poses a significant challenge in safety-critical systems. To address this challenge, we propose foundation world models that embed observations into meaningful and causally latent representations. This enables the surrogate dynamics to directly predict causal future states by leveraging a training-free large language model. In two common benchmarks, this novel model outperforms standard world models in the safety prediction task and has a performance comparable to supervised learning despite not using any data. We evaluate its performance with a more specialized and system-relevant metric by comparing estimated states instead of aggregating observation-wide error.
Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...Ivan Ruchkin
Presented by Sydney Pugh at the 15th ACM/IEEE International Conference on Cyber-Physical Systems.
Abstract: Deep learning models have shown promising predictive accuracy for time-series healthcare applications. However, ensuring the robustness of these models is vital for building trustworthy AI systems. Existing research predominantly focuses on robustness to synthetic adversarial examples, crafted by adding imperceptible perturbations to clean input data. However, these synthetic adversarial examples do not accurately reflect the most challenging real-world scenarios, especially in the context of healthcare data. Consequently, robustness to synthetic adversarial examples may not necessarily translate to robustness against naturally occurring adversarial examples, which is highly desirable for trustworthy AI. We propose a method to curate datasets comprised of natural adversarial examples to evaluate model robustness. The method relies on probabilistic labels obtained from automated weakly-supervised labeling that combines noisy and cheap-to-obtain labeling heuristics. Based on these labels, our method adversarially orders the input data and uses this ordering to construct a sequence of increasingly adversarial datasets. Our evaluation on six medical case studies and three non-medical case studies demonstrates the efficacy and statistical validity of our approach to generating naturally adversarial datasets.
Repairing Learning-Enabled Controllers While Preserving What WorksIvan Ruchkin
Presented at the 15th ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2024).
Abstract: Learning-enabled controllers have been adopted in various cyber-physical systems (CPS). When a learning-enabled controller fails to accomplish its task from a set of initial states, researchers leverage repair algorithms to fine-tune the controller's parameters. However, existing repair techniques do not preserve previously correct behaviors. Specifically, when modifying the parameters to repair trajectories from a subset of initial states, another subset may be compromised. Therefore, the repair may break previously correct scenarios, introducing new risks that may not be accounted for. Due to this issue, repairing the entire initial state space may be hard or even infeasible. As a response, we formulate the Repair with Preservation (RwP) problem, which calls for preserving the already-correct scenarios during repair. To tackle this problem, we design the Incremental Simulated Annealing Repair (ISAR) algorithm, which leverages simulated annealing on a barriered energy function to safeguard the already-correct initial states while repairing as many additional ones as possible. Moreover, formal verification is utilized to guarantee the repair results. Case studies on an Unmanned Underwater Vehicle (UUV) and OpenAI Gym Mountain Car (MC) show that ISAR not only preserves correct behaviors from previously verified initial state regions, but also repairs 81.4% and 23.5% of broken state spaces in the two benchmarks. Moreover, the average signal temporal logic (STL) robustnesses of the ISAR repaired controllers are larger than those of the controllers repaired using baseline methods.
Poster: Conservative Safety Monitors of Stochastic Dynamical SystemsIvan Ruchkin
Poster for the paper presented at the NASA Formal Methods Symposium (NFM) by Matthew Cleaveland on May 16, 2023.
Abstract:
Generating accurate runtime safety estimates for autonomous systems is vital to ensuring their continued proliferation. However, exhaustive reasoning about future behaviors is generally too complex to do at runtime. To provide scalable and formal safety estimates, we propose a method for leveraging design-time model checking results at runtime. Specifically, we model the system as a probabilistic automaton (PA) and compute bounded-time reachability probabilities over the states of the PA at design time. At runtime, we combine distributions of state estimates with the model checking results to produce a bounded time safety estimate. We argue that our approach produces well-calibrated safety probabilities, assuming the estimated state distributions are well-calibrated. We evaluate our approach on simulated water tanks.
Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...Ivan Ruchkin
This poster was presented at the University of Florida AI Days 2023. It is based on this paper: https://arxiv.org/abs/2308.12252
Title: How Safe Am I Given What I See? Calibrated Prediction of Safety Chances for Image-Controlled Autonomy
Abstract: End-to-end learning has emerged as a major paradigm for developing autonomous systems. Unfortunately, with its performance and convenience comes an even greater challenge of safety assurance. A key factor of this challenge is the absence of the notion of a low-dimensional and interpretable dynamical state, around which traditional assurance methods revolve. Focusing on the online safety prediction problem, this paper proposes a configurable family of learning pipelines based on generative world models, which do not require low-dimensional states. To implement these pipelines, we overcome the challenges of learning safety-informed latent representations and missing safety labels under prediction-induced distribution shift. These pipelines come with statistical calibration guarantees on their safety chance predictions based on conformal prediction. We perform an extensive evaluation of the proposed learning pipelines on two case studies of image-controlled systems: a racing car and a cartpole.
Verify-then-Monitor: Calibration Guarantees for Safety ConfidenceIvan Ruchkin
Presented at the Sixth International Workshop on
Design Automation for Cyber-Physical Systems (DACPS), co-located with the Design Automation Conference (DAC) 2023.
Abstract:
Autonomous cyber-physical systems (CPS) are increasingly deployed in complex and safety-critical environments. To help CPS interact with such environments, learning-enabled components, such as neural networks, often implement perception and control functions. Unfortunately, the complexity of the environments and learning components is a major challenge to ensuring the safety of CPS. An emerging assurance paradigm prescribes verifying as much of the CPS as possible at design time - and then monitoring the probability of safety at run time in case of unexpected situations. How can we guarantee that the monitor produces a probability that is well-calibrated to the true chance of safety? This talk will overview our recent answers in two settings. The first combines Bayesian filtering with probabilistic model checking of Markov decision processes. The second is based on confidence monitoring of assumptions behind closed-loop neural-network verification.
Causal Repair of Learning-Enabled Cyber-physical SystemsIvan Ruchkin
Presented by Pengyuan (Eric) Lu at the International Conference on Assured Autonomy 2023.
Abstract: Models of actual causality leverage domain knowledge to generate convincing diagnoses of events that caused an outcome. It is promising to apply these models to diagnose and repair run-time property violations in cyber-physical systems (CPS) with learning-enabled components (LEC). However, given the high diversity and complexity of LECs, it is challenging to encode domain knowledge (e.g., the CPS dynamics) in a scalable actual causality model that could generate useful repair suggestions. In this paper, we focus causal diagnosis on the input/output behaviors of LECs. Specifically, we aim to identify which subset of I/O behaviors of the LEC is an actual cause for a property violation. An important by-product is a counterfactual version of the LEC that repairs the run-time property by fixing the identified problematic behaviors. Based on this insights, we design a two-step diagnostic pipeline: (1) construct and Halpern-Pearl causality model that reflects the dependency of property outcome on the component's I/O behaviors, and (2) perform a search for an actual cause and corresponding repair on the model. We prove that our pipeline has the following guarantee: if an actual cause is found, the system is guaranteed to be repaired; otherwise, we have high probabilistic confidence that the LEC under analysis did not cause the property violation. We demonstrate that our approach successfully repairs learned controllers on a standard OpenAI Gym benchmark.
Conservative Safety Monitors of Stochastic Dynamical SystemsIvan Ruchkin
Presented at the NASA Formal Methods Symposium (NFM) by Matthew Cleaveland on May 16, 2023.
Abstract:
Generating accurate runtime safety estimates for autonomous systems is vital to ensuring their continued proliferation. However, exhaustive reasoning about future behaviors is generally too complex to do at runtime. To provide scalable and formal safety estimates, we propose a method for leveraging design-time model checking results at runtime. Specifically, we model the system as a probabilistic automaton (PA) and compute bounded-time reachability probabilities over the states of the PA at design time. At runtime, we combine distributions of state estimates with the model checking results to produce a bounded time safety estimate. We argue that our approach produces well-calibrated safety probabilities, assuming the estimated state distributions are well-calibrated. We evaluate our approach on simulated water tanks.
Confidence Composition for Monitors of Verification AssumptionsIvan Ruchkin
Presented at 13th ACM/IEEE Intl. Conf. on Cyber-Physical Systems, part of CPS-IoT Week, on May 4, 2022.
Presentation video: https://youtu.be/nnhcUhih-vQ
Abstract:
Closed-loop verification of cyber-physical systems with neural network controllers offers strong safety guarantees under certain assumptions. It is, however, difficult to determine whether these guarantees apply at run time because verification assumptions may be violated. To predict safety violations in a verified system, we propose a three-step confidence composition (CoCo) framework for monitoring verification assumptions. First, we represent the sufficient condition for verified safety with a propositional logical formula over assumptions. Second, we build calibrated confidence monitors that evaluate the probability that each assumption holds. Third, we obtain the confidence in the verification guarantees by composing the assumption monitors using a composition function suitable for the logical formula. Our CoCo framework provides theoretical bounds on the calibration and conservatism of compositional monitors. Two case studies show that compositional monitors are calibrated better than their constituents and successfully predict safety violations.
Overcoming Heterogeneity in Autonomous Cyber-Physical SystemsIvan Ruchkin
Presented at the following seminar series in Spring 2022:
- University of Arizona, SIE Department
- San Diego State University, CS Department
- University of Kansas, EECS Department
- Tulane University, CS Department
- Auburn University, CSSE Department
- University of Hawaii, ICS Department
- Virginia Tech, ISE Department
- Santa Clara University, CS Department
- University of Kentucky, CS Department
- Indiana University - Purdue University Indianapolis, CIS Department
- Michigan State University, CSE Department
- University of Florida, ECE Department
- Florida Atlantic University, EECS Department
Abstract:
From autonomous vehicles to smart grids, cyber-physical systems (CPS) play an increasingly important role in today's society. Often, CPS operate autonomously in highly critical settings, and thus it is imperative to engineer these systems to be safe and trustworthy. However, it is particularly difficult to do so due to CPS heterogeneity -- the high diversity of components and models used in these systems. This heterogeneity substantially contributes to fragmented, incoherent assurance as well as to inconsistencies between different models of the system.
This talk will present two complementary techniques for overcoming CPS heterogeneity: confidence composition and model integration. The former technique combines heterogeneous confidence monitors to produce calibrated estimates of the run-time probability of safety in CPS with machine learning components. The latter technique discovers inconsistencies between heterogeneous CPS models using a logic-based specification language and a verification algorithm. The application of these techniques will be demonstrated on an unmanned underwater vehicle and a power-aware service robot. These techniques serve as stepping stones towards the vision of engineering autonomous systems that are aware of their own limitations.
High-Confidence Data Programming for Evaluating Suppression of Physiological ...Ivan Ruchkin
Presented by Sydney Pugh at the IEEE/ACM international conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE) 2021.
Abstract: False alarms generated by physiological monitors can overwhelm clinical caretakers with a variety of alarms. The resulting alarm fatigue can be mitigated with alarm suppression. Before being deployed, such suppression mechanisms need to be evaluated through a costly observational study, which would determine and label the truly suppressible alarms. This paper proposes a lightweight method for evaluating alarm suppression without access to the true alarm labels. The method is based on the data programming paradigm, which combines noisy and cheap-to-obtain labeling heuristics into probabilistic labels. Based on these labels, the method estimates the sensitivity/specificity of a suppression mechanism and describes the likely outcomes of an observational study in the form of confidence bounds. We evaluate the proposed method in a case study of low SpO2 alarms using a dataset collected at Children's Hospital of Philadelphia and show that our method provides tight and accurate bounds that significantly outperform the naive comparative method.
Data Generation with PROSPECT: a Probability Specification ToolIvan Ruchkin
Presented at the Winter Simulation Conference 2021.
Abstract: Stochastic simulations of complex systems often rely on sampling dependent discrete random variables. Currently, their users are limited in expressing their intention about how these variables are distributed and related to each other over time. This limitation leads the users to program complex and error-prone sampling algorithms. This paper introduces a way to specify, declaratively and precisely, a temporal distribution over discrete variables. Our tool PROSPECT infers and samples this distribution by solving a system of polynomial equations. The evaluation on three simulation scenarios shows that the declarative specifications are easier to write, 3x more succinct than imperative sampling programs, and are processed correctly by PROSPECT.
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...Ivan Ruchkin
Presented at Formal Methods in Outer Space
Essays Dedicated to Klaus Havelund on the Occasion of His 65th Birthday. Link to the paper: https://link.springer.com/chapter/10.1007/978-3-030-87348-6_8
Abstract:
Design-time approaches to safety assurance for autonomous systems are limited because they must rely on assumptions about the behaviors of learned components in previously unseen environments. These assumptions may be violated at run time, thus invalidating the guarantees produced at design time. To overcome this limitation, we propose to complement design-time assurance with run-time monitoring that calculates the confidence that those assumptions are satisfied and, therefore, design-time guarantees continue to hold. As the first step in our vision, we elicit the logical relationship between assumption violations and safety violations. Then, we develop a probabilistic confidence monitor for each design-time assumption. Finally, we compose these assumption monitors based on their logical relation to safety violations, producing a system-wide assurance monitor. Our vision is illustrated with a case study of an autonomous underwater vehicle that performs pipeline inspection.
Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...Ivan Ruchkin
Authors: Ivan Ruchkin, Matthew Cleaveland, Shuo Li, Dominick Pastore, Sooyong Jang, Taylor Carpenter, Radoslav Ivanov, James Weimer, Oleg Sokolsky, and Insup Lee.
Presented in the DARPA Assured Autonomy Phase 2 Demonstration Workshop.
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...Ivan Ruchkin
A presentation at the Hot Topics Day "Application of DARPA Assured Autonomy Program Technologies to Autonomous Learning-Enabled Real-Time Systems" at RTSS 2020
http://2020.rtss.org/workshop-darpa
On the Role of Assumptions in Engineering Smart SystemsIvan Ruchkin
A position talk given at the Smart Designing of Smart Systems workshop: https://sdpsnet.org/sdps-2020/ws8.html
Engineers necessarily make assumptions during design and implementation of complex systems. These assumptions often set the expectations of one component towards the environment and other components. Assumptions are typically seen as implicit weak points of the system: should they be violated at run time, the system is likely to fall short of its required performance and safety. Although some recent work makes the assumptions explicit, they are still seen as liabilities. This talk will take a complementary perspective and explore how engineering assumptions enable intelligent behaviour in systems and design processes -- and how their violations can be managed at design time and run time.
Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...Ivan Ruchkin
Authors: Ivan Ruchkin, Oleg Sokolsky, James Weimer, Tushar Hedaoo, and Insup Lee
Abstract: Run-time monitoring is a vital part of safety-critical systems. However, early-stage assurance of monitoring quality is currently limited: it relies either on complex models that might be inaccurate in unknown ways, or on data that would only be available once the system has been built. To address this issue, we propose a compositional framework for modeling and analysis of noisy monitoring systems. Our novel 3-value detector model uses probability spaces to represent atomic (non-composite) detectors, and it composes them into a temporal logic-based monitor. The error rates of these monitors are estimated by our analysis engine, which combines symbolic probability algebra, independence inference, and estimation from labeled detection data. Our evaluation on an autonomous underwater vehicle found that our framework produces accurate estimates of error rates while using only detector traces, without any monitor traces. Furthermore, when data is scarce, our approach shows higher accuracy than non-compositional data-driven estimates from monitor traces. Thus, this work enables accurate evaluation of logical monitors in early design stages before deploying them.
Original paper: http://dx.doi.org/10.1109/TCAD.2020.3...
Supplementary materials: https://www.researchgate.net/publication/342993188_Supplementary_Materials_for_Compositional_Probabilistic_Analysis_of_Temporal_Properties_over_Stochastic_Detectors
Video presentation: https://www.youtube.com/watch?v=q-9aHAQwd9Q
Source code and data: https://github.com/bisc/prob-comp-asst
Thesis Defense: Integration of Modeling Methods for Cyber-Physical SystemsIvan Ruchkin
A slide deck from my PhD thesis defense.
The video of the defense talk can be seen here: https://scs.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=aebd3567-e42b-4281-94a7-a98f011d1268
Abstract: "Cyber-physical systems (CPS) incorporate digital (cyber) and mechanical (physical) elements that interact in complex ways. Many safety-critical CPS, such as autonomous vehicles and drones, are becoming increasingly widespread and hence demand rigorous quality assurance. To this end, CPS engineering relies on modeling methods, which use models to represent the system and design-time analyses to interpret/change the models. Coming from diverse scientific and engineering fields, these modeling methods are difficult to combine, or integrate, due to implicit relations and dependencies between them. CPS failures can lead to substantial damage or loss of life, and are often due to two key integration challenges: (i) inconsistencies between models — contradictions in models that do not add up to a cohesive design, and (ii) incorrect interactions of analyses — out-of-order executions in mismatched contexts, leading to erroneous analysis outputs.
This thesis presents a novel approach to detect and prevent integration issues between CPS modeling methods during the design phase. To detect inconsistencies between models, the approach allows engineers to specify integration properties — quantified logical statements that relate various elements of multiple models — in the Integration Property Language (IPL). IPL statements describe verifiable conditions that are equivalent to an absence of inconsistencies. To interface with the models, IPL relies on integration abstractions — simplified representations of models for integration purposes. Two abstractions are proposed in this thesis: views (annotated component-and-connector models, inspired by software architecture) and behavioral properties (expressions in model-specific languages, such as the linear temporal logic). Combining these abstractions enables engineers to mix model structure and behavior in IPL statements. To ensure correct interactions of analyses, I introduce analysis contracts — a lightweight specification that captures inputs, outputs, assumptions, and guarantees for each analysis, in terms of the integration abstractions. Given these contracts, an analysis execution platform performs analyses in the order of their dependencies, and only in contexts that guarantee correct outputs.
My approach to integration was validated on four case studies of CPS modeling methods in different systems: energy-aware planning in a mobile robot, collision avoidance in a mobile robot, thread/battery scheduling in a quadrotor, and reliable/secure sensing in an autonomous vehicle. The validation has shown that the approach supports expressive integration properties, which can be soundly checked within practical constraints, all while being customizable to diverse models, analyses, and domains."
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Identifying and Resolving Consistency Issues between Model Representations
1. David Garlan and Ivan Ruchkin
Carnegie Mellon University
Pittsburgh, PA, USA
July 2015
2. Acknowledgements
Joint work with faculty
Bruce Krogh (Electrical Engineering)
Andre Platzer (Computer Science)
Bradley Schmerl (Software Engineering)
Dionisio De Niz (Software Engineering Institute)
Sagar Chaki (Software Engineering Institute)
… and students
Ajinkya Bhave (multi-view consistency)
Akshay Rajhans (semantic verification)
Ivan Ruchkin (architecture and analyses)
With funding/support from
National Science Foundation
Bosch Corporation
Toyota Corporation
2
3. Outline
Characteristics of cyber-physical systems and the role of models
Today’s model-based CPS methods have many problems
Difficult to make trade-offs and ensure consistency/completeness
Difficult to integrate the different modeling approaches
Difficult to maintain models over time
Approach:
Unified representation through extensions of software architecture and
using architectural views to support heterogeneous modeling and analysis
Formal approach to checking model consistency via views
Tools for dependency analysis and coordination, supporting evolution
Various examples along the way
Quad-rotors, Smart highways, Real-time systems, Smart homes
3
5. What is a Cyber-Physical System?
Many of today’s systems involve complex combinations of
software and physical elements
Examples:
Energy-efficient buildings (heating, cooling, power, …)
Smart electric grid
Transportation: automotive control, rail control, air traffic control
Security systems
These are hard to design and implement -- requires
expertise from many domains
Control systems, networking, mechanical design, software
applications, etc.
Effective engineering requires models: state machines, differential
equations, etc.
5
6. Problems
Different formalisms and methods within CPS:
physical dynamics
control law development
hardware platform
software architecture
Problem 1: Difficult to make tradeoffs across different
engineering dimensions
Problem 2: Difficult to determine and maintain consistency
and completeness of models
Problem 3: Difficult to combine multi-disciplinary analyses
10
7. Example: STARMAC
Stanford Testbed for Autonomous Rotorcraft for Multi-
Agent Control (http://hybrid.eecs.berkeley.edu/starmac/)
Four rotors, arranged symmetrically on frame
11
17. What we would like
An approach that unifies cyber and physical design
Allows one to describe the complete system
Supports tradeoff analysis
Allows a multiplicity of models and analyses
Detects inconsistencies and mismatched assumptions
Can reason about completeness of design models
Supported by tools
Allowing automated checking and linkage to legacy
analysis tools
Enables incremental development
21
18. Approach
1. Support both cyber and physical elements
through a CPS architectural style
2. Support heterogeneous models and analyses
through views
3. Determine consistency criteria for multiple views
4. Maintain views and models current through
model-view relations
5. Support development through analysis tools
6. Integrate multi-domain analyses using contracts
22
20. Software Architecture
Represents a system as a graph of components and
connectors
Components: computational elements (databases, servers,
etc)
Connectors: communication pathways (RMI, http, etc)
Properties: abstract behavior of elements (expected load,
latencies, transaction rates)
Benefits of software architecture
Abstraction reduces complexity
Supports design-time analysis and tradeoffs
However, does not usually consider physical
modeling, beyond simple sensors and actuators
24
21. Extended with Physical Elements
Include physical system as a set of interacting
components with shared variables/coupled
constraints
Components: Physical elements (mechanical, electrical,
thermal, environmental,…)
Connectors: Physical interactions (conservation laws,
energy flows, …)
Behavior: Dynamic behavior of elements (DAEs, LHA,
…)
Bridging elements link physical elements to cyber
elements
25
23. Behavioral Modeling
Behaviors are associated with subsets of the
architecture suitable for analysis
Ex 1: Simulink model focuses on control performance,
abstracts scheduling and communication jitter in
software.
Ex 2: Software behavior modeling focuses on
communication between position ground station and
position controller, abstracts away physical aspects.
Leads to need for multiple models
Tailored to particular behavior/analysis
Related via a base architectural model through views
27
24. Models as Architectural Views
Control
Model
Mx
XR My
YR
X
BAR
Y
BAR
Base CPS Architecture
Hardware
Model
Arch. View X Arch. View Y
Control
Arch.
Hardware
Arch.
model-to-architectural-view relations
architectural -view-to-base-arch. relations
28
29. Process Algebra View
Can check, e.g., liveness
If user tells ground station to move rotor to location A, ground
station will eventually receive a status message from the position
controller that it is at new location
Allows us to reason about connection over lossy, wireless network
Retry (TCP) connector allows liveness property to be satisfied
33
Gnd_Station
QuadRotor
TCP UDP
30. What about Consistency?
Structural consistency between the base
architecture and a view
Determines if a view represents a valid abstraction of the
base architecture
Weak: All elements of a view must be derived (via
encapsulation) from the base architecture
Special case is communication integrity: Two
components in a view cannot interact unless they can
also interact in the base architecture
Strong: Every component in the base architecture is
accounted for in the view (possibly within an
encapsulation boundary)
34
33. Tools: AcmeStudio
component/connector types
analysis plugins
Extensible framework for architecture design and analysis
Adaptation to CPS:
support for associations between architectural views
augmenting views with semantic attributes and analysis
analysis plug-in for system-level verification
37
35. 46
Model-Driven Engineering for CPS
Software engineering models:
● UML, statecharts, ADLs, process
algebras
● Pros: information hiding,
composition and reuse
● Cons: limited treatment of
continuous processes
Hybrid system models:
● Hybrid automata, hybrid
programs
● Pros: strong formal foundations
for explicit continuity
● Cons: limited support for
information hiding, higher-level
representation
36. 47
Model-Driven Engineering for CPS
Software engineering models:
● UML, statecharts, ADLs, process
algebras
● Pros: information hiding,
composition and reuse
● Cons: limited treatment of
continuous processes
Hybrid system models:
● Hybrid automata, hybrid
programs
● Pros: strong formal foundations
for explicit continuity
● Cons: limited support for
information hiding, higher-level
representation
Goal: bring component-based engineering benefits
such as maintainability and analysis to hybrid programs
37. 48
Background: Hybrid Programs (HPs) [1]
● A; B – execute A, then B
● A* - execute A zero or
more times
● ?P – test P; continue if
A holds, abort otherwise
● { x1' := F1 … xn' := Fn & P } – evolve along differential equations within
region P
● A U B – execute either A or B
● x := S – assign S to
variable x
● x := * - assign an arbitrary
value to variable x
[1] A. Platzer. Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics. 2010.
Robot ::== (
a := *;
? b <= a <= A;
{ v' = a, x' = v, v >= 0 }
)*
x
v
a
38. 49
Robot's trajectory: arcs
Fragmentation of concerns and
components.
●Difficult to derive and reuse variants
●No restriction of information flow,
implicit “errors”
Robot-obstacle interaction
39. 50
Architecture for HP
● Target: represent HPs with architectural constructs to enable:
– Composition and analysis
– Derivation and reuse
● Strategy:
– Once: Give architectural concepts meaning in HP
– For each system: Model HP at architectural level (yellow)
– For each variant: Generate plain HP (green)
HPPart Architectural model
*..* 1..1
40. 51
HP Actors
Each actor contains:
● State: variables, constants, and constraints.
● Ports: variables visible to other actors.
● Ctrl: a HP to execute over State U Ports.
● Phys: set of differential equations over State U Ports.
HP actor (HPA) – a component of a hybrid program.
HP
HPA 1
HPA 2
41. 52
Composers
Steps:
● {HPA} → HPA → HP
Example: sequential composer
SeqC(a,b)::== (a.Ctrl ; b.Ctrl; {a.Phys, b.Phys})*
Composer – an algorithm to aggregate actors into a HP.
HP
HPA 1
HPA 2
compose
Composer
42. 53
HP Connectors
Contains:
● Set of roles (e.g., sensing and sensed roles)
● Role-to-port attachment mapping
● Transform: an algorithm to generate a HP without the connector
HP Connector (HPC) – a representation of actor interaction.
HPA 1 HPA 2
transform
HPA 3 HPA 4
46. 57
HP Architectural View
● Contains: {HPA}, {HPC}, Composer
● Represented with a single architectural model
● Amenable to information flow analysis:
– Is information hiding violated?
HP View – an architectural representation of a HP.
HPA 1 HPA 2
generate
Composer
HP
View
HPC
47. 58
Architectural Types
Example: types of robot physics: grid / line / arc / spiral.
Architectural type – a partially specified HPA, HPC, or Composer.
HPA 1 HPA 2
generate
Composer
HP
View
HPC
Type B
Type A
Type C
48. 59
Architectural DDL Formula
Architectural DDL Formula (ADDL) – a DDL formula over HP views.
Example: “the robot behaves in a way that gives the obstacle an
opportunity to stop.”
Init → [HP View 1] (RobotFar ∧ (ObstFar → <HP View 2> Safe))
HP View 1:
- robot is moving
- obstacle (abstract) is moving
HP View 2 :
- robot is stopped
- obstacle (concrete) is
given a chance to stop
49. 60
Design, Reuse Component Analysis
Model-Driven Engineering with
Architectural HP
Verification
HP 1
HP 2
Type A Architectural View 1*..* *..*
Architectural View 2
Architectural View 3
ADDL 2
ADDL 1
1..1
Type B
50. 61
Evaluation
● Method: “architecturalized” 15 model variants in an existing
case study [2]; observed extent of reuse and errors found by
analysis.
● Reuse results:
– Sensing connectors: average 2 connectors per variant.
– Actor physics types are widely used, up to 5-7 times in 15
models
[2] S. Mitsch, K. Ghorbal, and A. Platzer. On provably safe obstacle avoidance for autonomous
robotic ground vehicles. 2013.
51. 62
Composition Analysis Results
● Lack of component separation: robot assigns
obstacle's position variable (intent – sensing).
Threats: safety, implementability.
● Conflation of variables within HPs: sensing
intersection's position vs. obstacle's position.
Threats: safety, maintainability.
● Conflation of variables across HPs: different
meanings of a variable – direction vs. speed.
Threats: safety, implementability, maintainability.
52. 63
HP Views: Summary
● CPS require expressive and maintainable models.
● Hybrid programs are expressive, but have limited
modularity.
● Architectural abstractions for HPs improve
maintainability and detect implicit modeling errors.
54. Analytic Aspect of Integration
Sensor
Sampling
PID
Controller
Actuator
Controller
Sensor
board
CPU
Actuator
board
System
Bin packing
Analysis
Power
ExecTime
Frequency scaling
Analysis
66
55. Analytic Aspect of Integration
Sensor
Sampling
PID
Controller
Actuator
Controller
Sensor
board
CPU
Actuator
board
System
Bin packing
Analysis
Power
ExecTime
Frequency scaling
Analysis
Frequency scaling is applicable only when:
used after Bin packing
the system is behaviorally deadline-monotonic
Otherwise frequency scaling may render the system
unschedulable
67
61. Analysis Contracts
Given a domain σ, analysis contract C is a tuple (I, O, A, G)
Inputs I ⊆ A ∪ S
Outputs O ⊆ A ∪ S
Assumptions A ⊆ Fσ
Guarantees G ⊆ Fσ
74
62. Analysis Contracts
Given a domain σ, analysis contract C is a tuple (I, O, A, G)
Inputs I ⊆ A ∪ S
Outputs O ⊆ A ∪ S
Assumptions A ⊆ Fσ
Guarantees G ⊆ Fσ
Where:
Fσ ::= {∀|∃} v1..vn • φ | {∀|∃} v1..vn • φ : ψ
φ is a static predicate formula over A and S
ψ is an LTL formula over A, S, and R
75
69. Analysis Contracts: Work in Progress
• New domains are being incorporated:
• Reliability (FMEA)
• Security (sensor trustworthiness)
• Control (secure state estimation)
• Tight integration with multiple views.
• Automated resolution of dependency loops.
82
70. Analysis Contracts: Summary
• Analysis integration is error-prone
• Incorrect ordering
• Violation of implicit assumptions
• Our solution:
• Contract specification language
• Contract verification algorithm
• Framework implementation
• Effective, extensible, and scalable
83
71. Conclusion
CPS requires heterogeneous collections of models to
enable deep semantic analysis
Leads to problems of consistency, completeness, and
incremental development
We are exploring the integration of heterogeneous
modeling and analysis through architecture views
Provides formal criteria for structural and semantic
consistency
Can be supported by tools that manage dependencies and
support model-view relationships
84
72. References
I. Ruchkin, B. Schmerl and D. Garlan. Architectural Abstractions for
Hybrid Programs. In Proc. of the 18th International ACM Sigsoft
Symposium on Component-Based Software Engineering (CBSE 2015),
Montréal, May 2015.
I. Ruchkin, D. De Niz, S. Chaki, D. Garlan. Contract-Based Integration of
Cyber-Physical Analyses. In Proc. of the 14th International Conference on
Embedded Software, New Delhi, India, October 2014.
A. Y. Bhave, B.H. Krogh, D. Garlan, and B. Schmerl. View Consistency in
Architectures for Cyber-Physical Systems. In 2011 IEEE/ACM International
Conference on Cyber-Physical Systems (ICCPS), 151-160, 2011.
A. Rajhans, A.Y. Bhave, I. Ruchkin, B. Krogh, D. Garlan, A. Platzer, and B.
Schmerl. Supporting Heterogeneity in Cyber-Physical Systems
Architectures. In IEEE Transactions on Automatic Control, 2014.
85
73. A. Rajhans, S.-W. Cheng, B. Schmerl, D. Garlan, B. Krogh, C. Agbi and
A. Y. Bhave. An Architectural Approach to the Design and Analysis of
Cyber-Physical Systems. In Electronic Communications of the EASST,
Vol. 21: Multi-Paradigm Modeling, 2009.
A. Y. Bhave, B. Krogh, D. Garlan and B. Schmerl. Multi-domain
Modeling of Cyber-Physical Systems using Architectural Views. In
Proc. of the 1st Analytic Virtual Integration of Cyber-Physical Systems
Workshop, 2010. Co-located with RTSS 2010.
A. Y. Bhave, D. Garlan, B. Krogh, A. Rajhans and B. Schmerl.
Augmenting Software Architectures with Physical Components. In
Proc. of the Embedded Real Time Software and Systems Conference
(ERTS 2010), May 2010.
I. Ruchkin, D. De Niz, S. Chaki, D. Garlan. ACTIVE: A Tool for
Integrating Analysis Contracts. In Proc. of the 5th Analytic Virtual
Integration of Cyber-Physical Systems Workshop, 2014. Co-located
with RTSS 2014.
86
References