Transcript Arch Approach to CPS

David Garlan
Ivan Ruchkin
Carnegie Mellon University
Pittsburgh, PA, USA
December 2014
Acknowledgements
 Joint work with faculty
 Bruce Krogh (Electrical Engineering)
 Andre Platzer (Computer Science)
 Bradley Schmerl (Software Engineering)
 … and students
 Ajinkya Bhave (multi-view synthesis)
 Akshay Rajhans (compositional verification)
 Ivan Ruchkin (architecture and tools)
 With funding/support from
 National Science Foundation
 Bosch Corporation
 Toyota Corporation
2
Outline
 Cyber-physical systems
 Problem: Today software and physical modeling are
separate activities with very different analytical models
 Difficult to make trade-offs and ensure consistency
 Difficult to integrate the different modeling approaches
 Approach: Unified representation through extensions of
software architecture and using architectural views to
support heterogeneous modeling and analysis
 Example: Quadrotor STARMAC
 Summary
3
Cyber-Physical Systems
4
Problems
Today’s approaches to designing cyber-physical systems (CPS)
 Early separation between cyber and physical parts of system design
 Different formalisms and methods within cyber and physical
engineering:
 physical dynamics
 control engineering
 hardware platform
 software architecture
 Problem 1: Difficult to make tradeoffs across different
engineering dimensions
 Problem 2: Difficult to determine consistency of different
models
 Problem 3: Difficult to create whole-system analyses
5
Example CPS: STARMAC
 Stanford Testbed for Autonomous Rotorcraft for Multi-
Agent Control (http://hybrid.eecs.berkeley.edu/starmac/)
 Four rotors, arranged symmetrically on frame
6
High Level
Control Processor
Low Level
Control Processor
GPS
Brushless Motors
IMU
Electronics
Interface
Ultrasonic Ranger
Battery
Multiple Views
Physical
View
Multiple Views
Control View
Physical
View
Multiple Views
Control View
Software View
Physical
View
Multiple Views
Control View
Physical
View
Software View
Hardware
View
Do they represent the system?
Are the views consistent?
?
Is there a unifying representation?
?
What we would like
 An approach that unifies both cyber and physical
design
 Allows one to describe the complete system
 Supports tradeoff analysis
 But allows a multiplicity of models and analyses
 Detects inconsistencies and mismatched assumptions
 Can reason about completeness of design models
 Supported by tools
 Allowing automated checking and linkage to legacy
analysis tools
15
Approach
 Extend software architecture to support both
physical and cyber elements through a CPS
architectural style
 Support heterogeneous models and analyses
through views
 Determine consistency criteria for multiple
views
 Support engineering through extensions to
software architecture modeling tools
16
Models as Architectural Views
Hardware
Model
Control
Model
RXMx
model-to-architectural-view relations
RYMy
Control
Arch.
Hardware
Arch.
Arch. View X
Arch. View Y
X
RBA
architectural -view-to-base-arch. relations
Base CPS Architecture
Y
BA
R
17
STARMAC Architectural Views
Hardware (AADL)
Software (FSP)
Model
TCP
Arch.
View
Base
Arch.
UDP
Physical (Modelica)
Simulink Architecture View
19
Simulink Model
20
What about Consistency?
 Structural consistency between the base
architecture and a view
 Determines if a view represents a valid abstraction of the
base architecture
 Weak: All elements of a view must be derived (via
encapsulation) from the base architecture
 Special case is communication integrity: Two
components in a view cannot interact unless they can
also interact in the base architecture
 Strong: Every component in the base architecture is
accounted for in the view (possibly within an
encapsulation boundary)
21
Graph Analysis for View Consistency
generation
of component
connectivity graph
3
0
4
3
0
1
4
2
6
1
2
7
5
8
BA
9
5
10
6
7
8
BA
9
13
11
Consistency of views analyzed
as graph morphisms1
4
3
10
5
0
2
2
0
5
7
Physical View
1VFLib
4
6
5
4
Simulink
1 View0
1
0
2
3
Simulink View
2
3
2
0
2
3
1
7
Physical View
5
13
12
1
4
1
1
6
11
3
12
3
5
6
4
7
9
8
Hardw
Hardware View
Graph Matching Library: http://amalfi.dis.unina.it/graph/db/vflib-2.0/doc/vflib.html
22
Structural Inconsistency in STARMAC
Weak
Inconsistency
View-Model Consistency
 What is the architecture implied by a model?
 Some models do not have explicit architecture
 E.g., hybrid programs in KeYmaera
 Variables and transitions, not components and connectors
 Ensure that a view represents a model
 Create architectural types for components, timing, composition
 Generate models from architectural view
 Support legacy and evolving models through annotations
Exposing Architecture
Component: robot
Component: obstacle
Connector: robot senses obstacle
immediately and precisely
Obstacle’s property: control
algorithm
Robot’s property: control
algorithm
Robot’s property: physics
Solution: annotations
25
Tools: AcmeStudio
component/connector types
analysis plugins
 Extensible framework for architecture design and analysis
 Adaptation to CPS:
 support for associations between architectural views
 augmenting views with semantic attributes and analysis
 analysis plug-in for system-level verification
26
Conclusion
 CPS Architecture allows unified treatment of cyber
and physical aspects of systems design
 Supports heterogeneous modeling and analysis
through architecture views
 Provides formal criteria for structural and semantic
consistency (in-progress)
 On-going work
 Model-view consistency: defining and automating view-
model relations
 Tooling: extending modeling tools to support creation and
navigation of multiple views
27
References
 A. Rajhans, A. Bhave, I. Ruchkin, B. Krogh, D. Garlan, A. Platzer, B.
Schmerl. Supporting Heterogeneity in Cyber-Physical Systems
Architectures. In IEEE Transactions on Automatic Control 2014.
 Bhave, A., B.H. Krogh, D. Garlan, and B. Schmerl. View Consistency in
Architectures for Cyber-Physical Systems. In 2011 IEEE/ACM International
Conference on Cyber-Physical Systems (ICCPS), 151-160, 2011.
 Rajhans, Akshay, and Bruce H. Krogh. Heterogeneous Verification of
Cyber-physical Systems Using Behavior Relations. In Proceedings of the
15th ACM International Conference on Hybrid Systems: Computation and
Control, 35-44. HSCC’12. New York, NY, USA: ACM, 2012.
 R. Bahety and H. Gill, Cyber-Physical Systems. The Impact of Control
Technology, IEEE, 2011.
28
 A. Rajhans, S.-W. Cheng, B. Schmerl, D. Garlan, B. Krogh, C. Agbi and
A. Y. Bhave. An Architectural Approach to the Design and Analysis of
Cyber-Physical Systems. In Electronic Communications of the EASST,
Vol. 21: Multi-Paradigm Modeling, 2009.
 A. Y. Bhave, B. Krogh, D. Garlan and B. Schmerl. Multi-domain
Modeling of Cyber-Physical Systems using Architectural Views. In
Proceedings of the 1st Analytic Virtual Integration of Cyber-Physical
Systems Workshop, 2010. Co-located with RTSS 2010.
 A. Rajhans, A. Y. Bhave, S. Loos, B. Krogh, A. Platzer and D. Garlan.
Using Parameters in Architectural Views to Support Heterogeneous
Design and Verification. In 50th IEEE Conference on Decision and
Control (CDC) and European Control Conference (ECC) December
2011.
 A. Y. Bhave, D. Garlan, B. Krogh, A. Rajhans and B. Schmerl.
Augmenting Software Architectures with Physical Components. In
Proc. of the Embedded Real Time Software and Systems Conference
(ERTS^2 2010), May 2010.
29