Transcript Document

Institute for Software Integrated Systems
Vanderbilt University
Cyber Physical Systems: New
Challenges for Model-based Design
Janos Sztipanovits
ISIS, Vanderbilt University
From Embedded Systems to Cyber-Physical Systems:
A Review of the State-of-the-Art and Research Needs
CHESS Workshop
April 21, 2008
Embedded Systems Challenge
Systems industry turns IT driven: Aerospace, Automotive, Process,..
Software
Control
Systems
package org. apac he.to mcat. sessi on;
import org.a pach e.tom cat.c ore.* ;
import org.a pach e.tom cat.u til.S tring Mana ger;
import java. io.* ;
import java. net. *;
import java. util .*;
import javax .ser vlet. *;
import javax .ser vlet. http. *;
/**
* Core impl emen tatio n of a ser ver s essi on
*
* @aut hor J ames Dunc an Da vidso n [du ncan @eng. sun.c om]
* @aut hor J ames Todd [gon zo@en g.sun .com ]
*/
public class Ser verSe ssion {
pri vate Stri ngMan ager sm =
Stri ngMa nager .getM anage r("or g.ap ache. tomca t.ses sion" );
pri vate Hash table valu es = new H asht able( );
pri vate Hash table appS essio ns = new Hasht able( );
pri vate Stri ng id ;
pri vate long crea tionT ime = Syst em.c urren tTime Milli s();;
pri vate long this Acces sTime = cr eati onTim e;
pri vate long last Acces sed = crea tion Time;
pri vate int inact iveIn terva l = - 1;
Ser verSe ssio n(Str ing i d) {
this .id = id;
}
pub lic S trin g get Id() {
retu rn i d;
}
pub lic l ong getCr eatio nTime () {
retu rn c reati onTim e;
}
pub lic l ong getLa stAcc essed Time( ) {
retu rn l astAc cesse d;
}
pub lic A ppli catio nSess ion g etApp lica tionS essio n(Con text cont ext,
bool ean creat e) {
Appl icat ionSe ssion appS essio n =
(App licat ionSe ssion )appS essi ons.g et(co ntext );
if ( appS essio n == null && cr eate ) {
// X XX
// s ync t o ens ure v alid?
appS essio n = n ew Ap plica tion Sessi on(id , thi s, co ntex t);
appS essio ns.pu t(con text, app Sessi on);
}
// X XX
// m ake sure that we ha ven't gon e ove r the end of ou r
// i nact ive i nterv al -- if s o, i nvali date and c reate
// a new appS essio n
retu rn a ppSes sion;
}
voi d rem oveA pplic ation Sessi on(Co ntex t con text) {
appS essi ons.r emove (cont ext);
}
/**
* Calle d by cont ext w hen r eques t co mes i n so that acces ses and
* inact ivit ies c an be deal t wit h ac cordi ngly.
*/
voi d acc esse d() {
// s et l ast a ccess ed to this Acce ssTim e as it wi ll be lef t ove r
// f rom the p revio us ac cess
last Acce ssed = thi sAcce ssTim e;
this Acce ssTim e = S ystem .curr entT imeMi llis( );
}
voi d val idat e()
Modeling Layer
Abstraction
• Adjustable
• Integrative
• Precise
• Safe (analyzable)
Integration
• Affordable
• Model-based
(end-to-end)
• Manage heterogeneity
better
Automation
• Domain-specific
tool chains, but
• Reusable
infrastructure
Platforms, Abstractions and Domain
Specific Modeling Languages (DSML)
Key Idea: Manage design complexity by creating layers of
abstractions in the design flow.
(Alberto Sangiovanni-Vincentelli)
Abstraction layers define
platforms.
Software architecture defines the
composition of functions such that a
least fixed point exists and is
unique.
Platform mapping
Abstractions are linked
through refinement
relations.
Hardware architecture defines a set of
concurrent functional units, where the
software architecture can be deployed.
Platform mapping
Abstraction layers allow
the verification of
different properties .
Behavior models define a set of timed
automata with local clocks and broadcast.
Models can be analyzed with TCTL.
Model-Integrated Computing
The structural semantics
excludes semantically
meaningless models.
No operator was provided
for composition of values,
so this merge model is
semantically meaningless
in this domain.
Key Idea: Capture intrinsic domain concepts with domain-specific
modeling languages (DSML-s) and partition DSML-s into structural
and behavioral semantics.
• The structural semantics views a model as a structure, and
provides a means for calculating which structures are well-formed.
The behavioral semantics defines what the structures
do.
Specification of Structural
Semantics of DSML-s
• Metamodels define the structural semantics
of DSML-s:
L  Y , RY , C , ( i ) iJ
Abstract syntax of
D (Y , C )  r  RY | r
C
DSML-s are defined by
• GME, the metaprogrammable modeling tool of ISIS, supports rapid
metamodels.
Metamodeling languages construction of metamodels and DSML models.
provide structural
semantics.
OCL Constraints:
self.transTo->forAll(s | s <> self)
A metamodeling language
is one of the DSML-s:
the same tool can be used
for modeling and
metamodeling.
Basic metamodeling notation: UML Class Diagram + OCL
MetaGME metamodel of simple statecharts Model-editor generated from metamodel
Specification of Behavioral
Semantics of DSML-s
C++ coding permits
complex behavioral
semantics, but the
“specifications” are
cluttered with C++
details.
Graph transformations
provide a transparent
mechanism to attach
semantics. However, not
all behavioral semantics
ca be specified this way.
Semantic anchoring with
ASM captures the best
of both worlds: Simple
graph transformations
and simple behavioral
specifications.
• Behavioral semantics are defined with model
transformations and semantic anchoring.
 T : RY  RY '
Lessons Learned:
Metaprogrammable Tools
- Model-based development is practical!
- Domain specific abstractions are not only desirable; they are
affordable
- DSML-s are not programming languages
Generic Model Editor (GME)
GME
Model Management
Design Space
Exploration
UDM
DESERT
Best of Breed
Component
Abstraction (TA)
Design Space
Modeling (MD)
Design Space
Encoding (TE)
Component
Reconstruction
Design
Decoding
Design Space
Pruning
Meta
Models
OTIF
TOOL
TOOL
TOOL
TOOL
ADAPTOR
TOOL
ADAPTOR
TOOL
ADAPTOR
METADATA
SEMANTIC
TRANSLATOR
GReAT
MIC Tool Suite
Model Transformation
MANAGER
BACKPLANE
REGISTRATION/NOTIFICATION/TRANSFER SERVICES
SEMANTIC
TRANSLATOR
Standard interface/
Protocol
Open Tool Integration
Framework
• Modeling Tools
• Simulators
• Verifiers
• Model Checkers
Lessons Learned: Transitioning
A small scale experiment with potentially large
impact that works: ESCHER
Universities
Research
groups
Non-profit
criteria
ESCHER
Institute
IR&D
funding
emphasis
Boeing, GM
Raytheon
FCS
DDX
C2W
High quality
tools & SW
maturation
Repository




Researchers partnering with End Users with real stake and new challenges
Working model for managing proprietary issues (Open Source, Gated Source)
Repository is active, live, quality controlled (and costs money to operate)
Creates future market for tool vendors.
Example: Microsoft Software Factories (health care, web services)
MathWorks interactions
 NEW TRANSITIONIN MODEL IS ESSENTIAL IF WE EXPECT RAPID AND
SUBSTANTIAL IMPACT
New Challenges: Cyber Physical
Systems
Systems industry turns IT driven: Aerospace, Automotive, Process,..
Software
Control
Systems
package org. apac he.to mcat. sessi on;
import org.a pach e.tom cat.c ore.* ;
import org.a pach e.tom cat.u til.S tring Mana ger;
import java. io.* ;
import java. net. *;
import java. util .*;
import javax .ser vlet. *;
import javax .ser vlet. http. *;
/**
* Core impl emen tatio n of a ser ver s essi on
*
* @aut hor J ames Dunc an Da vidso n [du ncan @eng. sun.c om]
* @aut hor J ames Todd [gon zo@en g.sun .com ]
*/
public class Ser verSe ssion {
pri vate Stri ngMan ager sm =
Stri ngMa nager .getM anage r("or g.ap ache. tomca t.ses sion" );
pri vate Hash table valu es = new H asht able( );
pri vate Hash table appS essio ns = new Hasht able( );
pri vate Stri ng id ;
pri vate long crea tionT ime = Syst em.c urren tTime Milli s();;
pri vate long this Acces sTime = cr eati onTim e;
pri vate long last Acces sed = crea tion Time;
pri vate int inact iveIn terva l = - 1;
Ser verSe ssio n(Str ing i d) {
this .id = id;
}
pub lic S trin g get Id() {
retu rn i d;
}
pub lic l ong getCr eatio nTime () {
retu rn c reati onTim e;
}
pub lic l ong getLa stAcc essed Time( ) {
retu rn l astAc cesse d;
}
pub lic A ppli catio nSess ion g etApp lica tionS essio n(Con text cont ext,
bool ean creat e) {
Appl icat ionSe ssion appS essio n =
(App licat ionSe ssion )appS essi ons.g et(co ntext );
if ( appS essio n == null && cr eate ) {
// X XX
// s ync t o ens ure v alid?
appS essio n = n ew Ap plica tion Sessi on(id , thi s, co ntex t);
appS essio ns.pu t(con text, app Sessi on);
}
// X XX
// m ake sure that we ha ven't gon e ove r the end of ou r
// i nact ive i nterv al -- if s o, i nvali date and c reate
// a new appS essio n
retu rn a ppSes sion;
}
voi d rem oveA pplic ation Sessi on(Co ntex t con text) {
appS essi ons.r emove (cont ext);
}
/**
* Calle d by cont ext w hen r eques t co mes i n so that acces ses and
* inact ivit ies c an be deal t wit h ac cordi ngly.
*/
voi d acc esse d() {
// s et l ast a ccess ed to this Acce ssTim e as it wi ll be lef t ove r
// f rom the p revio us ac cess
last Acce ssed = thi sAcce ssTim e;
this Acce ssTim e = S ystem .curr entT imeMi llis( );
}
voi d val idat e()
Modeling Layer
Abstraction
• Adjustable
• Integrative
• Safe
• Precise
Integration
• Affordable
• Model-based
(end-to-end)
• Manage heterogeneity
better
Automation
• Domain-specific
tool chains, but
• Reusable
infrastructure
New Challenges: Cyber Physical
Systems
Systems industry builds CPS: Aerospace, Automotive, Process,..
Software
Control
Systems
Security
package org. apac he.to mcat. sessi on;
import org.a pach e.tom cat.c ore.* ;
import org.a pach e.tom cat.u til.S tring Mana ger;
import java. io.* ;
import java. net. *;
import java. util .*;
import javax .ser vlet. *;
import javax .ser vlet. http. *;
/**
* Core impl emen tatio n of a ser ver s essi on
*
* @aut hor J ames Dunc an Da vidso n [du ncan @eng. sun.c om]
* @aut hor J ames Todd [gon zo@en g.sun .com ]
*/
public class Ser verSe ssion {
pri vate Stri ngMan ager sm =
Stri ngMa nager .getM anage r("or g.ap ache. tomca t.ses sion" );
pri vate Hash table valu es = new H asht able( );
pri vate Hash table appS essio ns = new Hasht able( );
pri vate Stri ng id ;
pri vate long crea tionT ime = Syst em.c urren tTime Milli s();;
pri vate long this Acces sTime = cr eati onTim e;
pri vate long last Acces sed = crea tion Time;
pri vate int inact iveIn terva l = - 1;
Ser verSe ssio n(Str ing i d) {
this .id = id;
}
pub lic S trin g get Id() {
retu rn i d;
}
pub lic l ong getCr eatio nTime () {
retu rn c reati onTim e;
}
pub lic l ong getLa stAcc essed Time( ) {
retu rn l astAc cesse d;
}
pub lic A ppli catio nSess ion g etApp lica tionS essio n(Con text cont ext,
bool ean creat e) {
Appl icat ionSe ssion appS essio n =
(App licat ionSe ssion )appS essi ons.g et(co ntext );
if ( appS essio n == null && cr eate ) {
// X XX
// s ync t o ens ure v alid?
appS essio n = n ew Ap plica tion Sessi on(id , thi s, co ntex t);
appS essio ns.pu t(con text, app Sessi on);
}
// X XX
// m ake sure that we ha ven't gon e ove r the end of ou r
// i nact ive i nterv al -- if s o, i nvali date and c reate
// a new appS essio n
retu rn a ppSes sion;
}
voi d rem oveA pplic ation Sessi on(Co ntex t con text) {
appS essi ons.r emove (cont ext);
}
/**
* Calle d by cont ext w hen r eques t co mes i n so that acces ses and
* inact ivit ies c an be deal t wit h ac cordi ngly.
*/
voi d acc esse d() {
// s et l ast a ccess ed to this Acce ssTim e as it wi ll be lef t ove r
// f rom the p revio us ac cess
last Acce ssed = thi sAcce ssTim e;
this Acce ssTim e = S ystem .curr entT imeMi llis( );
}
voi d val idat e()
Modeling
Layer Modeling Discipline
CPS - Integrated
• It is not possible to identify whether behavioral attributes are the result of
computations (computer programs), physical laws, or both working together;
• Functionality and salient system characteristics are emerging through the
interaction of physical and computational objects.
CPS and Model-Based Design
DSML/
MetaM.
Model
Transf.
V&V
Model
Mgmnt
Tool
Comp.










Composition
platforms for
Heterogeneity





Predictability
under limited
compositionality





Foundation for
System
Integration





Compositional
Certification















Reliable systems
from unreliable
Components





Resiliency
against Cyber
Attacks





New
Abstractions
Semantic
foundations
Agile Design
Automation
Open
Architectures
 Model-Based Methods will drive
the progress in CPS technology
 Major advancements are
needed in:
 Composition theory
 Certification and high confidence
design
 Secure systems design
 System Integration
 Design automation
 Education
 New application domains will
emerge rapidly
 Model-based system integration
 Architecture exploration
 Resilient systems
Example: System-of-System
Engineering
Tool Chain for Architecture
Exploration in FCS
ADeVS,
IONS
RELEX
Excel
System
Integration
Component
Adapters
C++
______
______
IDL
______
______
______
______
______
______
______
______
Runtime
Glue
(Deployed)
GReAT
Transform
IDD
System
Model
Segment
System
Integration
Test Harness
C++
IDL
______
______
______
______
______
XML
______
______
______
______
______
______
______
______
______
______
Integration
Laboratory
Tools
GReAT
Transform
Rose
CAT file
FCS Program: Boeing – Vanderbilt/ISIS
Risk Mitigation: Surrogate
Modeling and Synthesis
GME System Models
Deployment
Networks
Instance Topology
GME Component Models
Interfaces
Interfaces,
Business
Logic
Code Generator
“Real”
BC
Component
Input
Interfaces
Acquired
Business
Logic
Output
Interfaces
BC Surrogate Component
Code Generator
Input
Interfaces
Business
Logic
(Generated)
Output
Interfaces
BC Surrogate Component
System Of Systems Common Operating Environment
“Real”
BC
Component
Building a Software/System
“Wind Tunnel” (SSW)
Mixed
Initiative
Controller
Human
Controllers
Abstract
Commands
HCI
Coordination
Context Dep.
Command
Interpretation
Adaptive
Resource
Allocation
Platform
Commands
Decision
Support
Assigned
Platform
Commands
Platform
Status
Data Distribution Network
Model-Based Experiment Integration Environment: SSW
Issues to be studied experimentally:
• Information Sharing
– Shared situation awareness
– Common Operation Picture (COP)
– Distributed dynamic decision making
– Network effects
– Network effects
• Distributed Command and Control
– Synchronization and coordination
AFOSR PRET Project: Vanderbilt-ISIS, Berkeley, GMU
SSW Integration Architecture:
Simulation Components and Models
Experiment
Specification
& Configuration
“Virtual”
Components
code
Model Integration Layer
Controller
Models
Network
Models
Org.
Models
Fusion
Models
OmNet++
Federate
CPN
Federate.
DEVS
Federate.
Env.
Models
Models
Run-time
Simulink
Federate
OGRE
Federate
InstrumentationLayer
Layer
Instrumentation
Simulation Integration Platform (HLA)
Simulation Data Distribution/Communication Middleware
Distributed Simulation Platform
Model Integration
Processing (Tracking)
Controller/Vehicle Dynamics
Organization/Coordination
CPN
SL/SF Devs Ogre
SL/SF
Adaptive
Human
Organization
Mixed
Initiative
Controller
Context Dep.
Command
Interpretation
Abstract
Commands
HCI
Coordination
COP
Elements
Adaptive
Resource
Allocation
Assigned
Platform
Commands
Platform
Commands
Decision
Support
COP
Elements
3-D Environment (Sensors)
COP
Elements
Platform
Status
Data Distribution Network
Model-Integrated System and Software Laboratory Environment: C2 Windtunnel
GME
Simulation Interaction
GME
Simulation Architecture
OMNET
Network Architecture
Summary
 CPS-s represent the coming new age in systems
design
 The required technology changes are profound –
go way beyond the reach of “multidisciplinary”
approaches
 Role of model-based methods and tools is
 The impact on competitiveness is huge: CPS-s
are the foundation for the systems industry