Cyber Physical Systems: New Challenges for Model-based Design

Institute for Software Integrated SystemsVanderbilt University

Cyber Physical Systems: New Challenges for Model-based

Design

Janos SztipanovitsISIS, Vanderbilt University

From Embedded Systems to Cyber-Physical Systems: A Review of the State-of-the-Art and Research Needs

CHESS Workshop

April 21, 2008

package org.apache.tomcat.session;

import org.apache.tomcat.core.*;import org.apache.tomcat.util.StringManager;import java.io.*;import java.net.*;import java.util.*;import javax.servlet.*;import javax.servlet.http.*;

/** * Core implementation of a server session * * @author James Duncan Davidson [[email protected]] * @author James Todd [[email protected]] */

public class ServerSession {

private StringManager sm = StringManager.getManager("org.apache.tomcat.session"); private Hashtable values = new Hashtable(); private Hashtable appSessions = new Hashtable(); private String id; private long creationTime = System.currentTimeMillis();; private long thisAccessTime = creationTime; private long lastAccessed = creationTime; private int inactiveInterval = -1; ServerSession(String id) { this.id = id; }

public String getId() { return id; }

public long getCreationTime() { return creationTime; }

public long getLastAccessedTime() { return lastAccessed; } public ApplicationSession getApplicationSession(Context context, boolean create) { ApplicationSession appSession = (ApplicationSession)appSessions.get(context);

if (appSession == null && create) {

// XXX // sync to ensure valid? appSession = new ApplicationSession(id, this, context); appSessions.put(context, appSession); }

// XXX // make sure that we haven't gone over the end of our // inactive interval -- if so, invalidate and create // a new appSession return appSession; } void removeApplicationSession(Context context) { appSessions.remove(context); }

/** * Called by context when request comes in so that accesses and * inactivities can be dealt with accordingly. */

void accessed() { // set last accessed to thisAccessTime as it will be left over // from the previous access

lastAccessed = thisAccessTime; thisAccessTime = System.currentTimeMillis(); }

void validate()

Software Control Systems

Abstraction• Adjustable• Integrative• Precise• Safe (analyzable)

Integration• Affordable• Model-based (end-to-end)• Manage heterogeneity better

Automation• Domain-specific tool chains, but• Reusable infrastructure

Embedded Systems Challenge

Systems industry turns IT driven: Aerospace, Automotive, Process,..

Modeling Layer

Abstractions are linked through refinement relations.

Abstraction layers allow the verification of different properties .

Key Idea: Manage design complexity by creating layers of abstractions in the design flow.(Alberto Sangiovanni-Vincentelli)

Platform mapping

Software architecture defines the composition of functions such that a least fixed point exists and is unique.

Hardware architecture defines a set of concurrent functional units, where the software architecture can be deployed.

Platform mapping

Behavior models define a set of timed automata with local clocks and broadcast. Models can be analyzed with TCTL.

Abstraction layers define platforms.

Platforms, Abstractions and Domain Specific Modeling Languages (DSML)

Key Idea: Capture intrinsic domain concepts with domain-specific modeling languages (DSML-s) and partition DSML-s into structural

and behavioral semantics.

The behavioral semantics defines what the structures do.

The structural semantics excludes semantically meaningless models.

No operator was provided for composition of values, so this merge model is semantically meaningless in this domain.

• The structural semantics views a model as a structure, and provides a means for calculating which structures are well-formed.

Model-Integrated Computing

• GME, the metaprogrammable modeling tool of ISIS, supports rapid

construction of metamodels and DSML models.

MetaGME metamodel of simple statecharts Model-editor generated from metamodel

Basic metamodeling notation: UML Class Diagram + OCL

Abstract syntax of DSML-s are defined by metamodels. Metamodeling languages provide structural semantics.

Specification of Structural Semantics of DSML-s

CrRrCYD

CRYL

Y

JiiY

),(

)(,,,

|

• Metamodels define the structural semantics of DSML-s:

OCL Constraints:self.transTo->forAll(s | s <> self)

A metamodeling language is one of the DSML-s: the same tool can be used for modeling and metamodeling.

C++ coding permits complex behavioral semantics, but the “specifications” are cluttered with C++ details.

• Behavioral semantics are defined with model transformations and semantic anchoring.

Graph transformations provide a transparent mechanism to attach semantics. However, not all behavioral semantics ca be specified this way.

Semantic anchoring with ASM captures the best of both worlds: Simple graph transformations and simple behavioral specifications.

Specification of Behavioral Semantics of DSML-s

': YYT RR

Lessons Learned: Metaprogrammable Tools

- Model-based development is practical!- Domain specific abstractions are not only desirable; they

are affordable- DSML-s are not programming languages

GME

UDM

GReAT

Best of Breed

• Modeling Tools• Simulators• Verifiers• Model Checkers

MetaModels

Generic Model Editor (GME)

Open Tool IntegrationFramework

Model Transformation

Model Management

OTIF

BACKPLANE REGISTRATION/NOTIFICATION/TRANSFER SERVICES

SEMANTIC TRANSLATOR

SEMANTIC TRANSLATOR

TOOL

TOOL ADAPTOR

TOOL

TOOL ADAPTOR

TOOL

TOOL ADAPTOR MANAGER

Standard interface/ Protocol

METADATA

DESERTComponent

Abstraction (TA)Design SpaceModeling (MD)

Design SpaceEncoding (TE)

Design SpacePruning

Design Decoding

ComponentReconstruction

Design Space Exploration

MIC Tool Suite

Lessons Learned: Transitioning

Researchers partnering with End Users with real stake and new challenges Working model for managing proprietary issues (Open Source, Gated

Source) Repository is active, live, quality controlled (and costs money to operate) Creates future market for tool vendors.

Example: Microsoft Software Factories (health care, web services) MathWorks interactions

NEW TRANSITIONIN MODEL IS ESSENTIAL IF WE EXPECT RAPID ANDSUBSTANTIAL IMPACT

Researchgroups

ESCHERInstitute

Boeing, GM Raytheon

A small scale experiment with potentially large impact that works: ESCHER

Non-profitUniversities IR&D FCS

DDXC2W

Repository

fundingcriteria

maturation High qualitytools & SW

emphasis

New Challenges: Cyber Physical Systems















void validate()


Abstraction• Adjustable• Integrative• Safe• Precise

Integration• Affordable• Model-based (end-to-end)• Manage heterogeneity better

Automation• Domain-specific tool chains, but• Reusable infrastructure

Systems industry turns IT driven: Aerospace, Automotive, Process,..















void validate()

Modeling Layer

New Challenges: Cyber Physical Systems















void validate()


Modeling Layer

Systems industry builds CPS: Aerospace, Automotive, Process,..

CPS - Integrated Modeling Discipline

Security

• It is not possible to identify whether behavioral attributes are the result of computations (computer programs), physical laws, or both working together;• Functionality and salient system characteristics are emerging through the interaction of physical and computational objects.

CPS and Model-Based Design

Model-Based Methods will drive the progress in CPS technology

Major advancements are needed in: Composition theory Certification and high

confidence design Secure systems design System Integration Design automation Education

New application domains will emerge rapidly Model-based system integration Architecture exploration Resilient systems

DSML/MetaM.

ModelTransf.

V&VModel Mgmnt

Tool Comp.

New Abstractions Semantic foundations Composition platforms for Heterogeneity Predictability under limitedcompositionality Foundation for System Integration Compositional Certification Agile Design Automation Open Architectures Reliable systems from unreliable Components Resiliency against Cyber Attacks

Example: System-of-System Engineering

Tool Chain for Architecture Exploration in FCS

ComponentAdapters

SystemModel

Segment

ADeVS, IONS

RELEX

Excel

RoseCAT file

IDD

GReATTransform

SystemIntegration

RuntimeGlue

(Deployed)

SystemIntegration

Test HarnessC++

______________________________

IDL______________________________

IntegrationLaboratory

Tools

GReATTransform

XML______________________________

FCS Program: Boeing – Vanderbilt/ISIS

Risk Mitigation: SurrogateModeling and Synthesis

BC Surrogate Component

GME Component Models

Code Generator

InputInterfaces

OutputInterfaces

BusinessLogic

(Generated)

System Of Systems Common Operating Environment

BC Surrogate Component

Code Generator

InputInterfaces

OutputInterfaces

AcquiredBusiness

Logic

“Real”BC

Component

Deployment Instance Topology Networks

Interfaces,Business

Logic

Interfaces

“Real”BC

Component

GME System Models

HumanControllers

MixedInitiative

Controller

Context Dep.Command

Interpretation

AdaptiveResourceAllocation

Data Distribution Network

CoordinationDecision Support

HCI AbstractCommands

PlatformCommands

AssignedPlatform

Commands

PlatformStatus

Model-Based Experiment Integration Environment: SSW

Building a Software/System “Wind Tunnel” (SSW)

Unmanned

Sensor Platforms

Issues to be studied experimentally:• Distributed Command and Control

– Synchronization and coordination– Distributed dynamic decision making– Network effects

• Information Sharing– Shared situation awareness– Common Operation Picture (COP)– Network effects

AFOSR PRET Project: Vanderbilt-ISIS, Berkeley, GMU

SSW Integration Architecture: Simulation Components and Models

Simulation Data Distribution/Communication Middleware

Simulation Integration Platform (HLA)

Distributed Simulation Platform

Instrumentation Layer

code

DEVSFederate.

OmNet++Federate

CPNFederate.

OGREFederate

SimulinkFederate

ControllerModels

NetworkModels

Org.Models

FusionModels

Model Integration Layer

“Virtual” Components

Instrumentation Layer

ExperimentSpecification

& Configuration

Run-time

Models

Env.Models

Model Integration

Ogre

Adaptive Human

Organization

MixedInitiative

Controller

Context Dep.Command

Interpretation

AdaptiveResourceAllocation

Data Distribution Network

CoordinationDecision Support

HCI AbstractCommands

PlatformCommands

AssignedPlatform

Commands

PlatformStatus

COPElements

COPElements

COPElements

Model-Integrated System and Software Laboratory Environment: C2 Windtunnel

CPN SL/SF Devs

GME

OMNET

Organization/Coordination Controller/Vehicle Dynamics Processing (Tracking) 3-D Environment (Sensors)

Simulation InteractionSimulation Architecture

Network Architecture

SL/SF

GME

Summary

CPS-s represent the coming new age in systems design

The required technology changes are profound – go way beyond the reach of “multidisciplinary” approaches

Role of model-based methods and tools is The impact on competitiveness is huge:

CPS-s are the foundation for the systems industry

Documents

Cyber Physical Systems: New Challenges for Model-based Design