Slide 1

David Garlan Ivan Ruchkin Carnegie Mellon University Pittsburgh, PA, USA December 2014

Slide 2

Acknowledgements Joint work with faculty Bruce Krogh (Electrical Engineering) Andre Platzer (Computer Science) Bradley Schmerl (Software Engineering) and students Ajinkya Bhave (multi-view synthesis) Akshay Rajhans (compositional verification) Ivan Ruchkin (architecture and tools) With funding/support from National Science Foundation Bosch Corporation Toyota Corporation March 2014 2

Slide 3

Outline Cyber-physical systems Problem: Today software and physical modeling are separate activities with very different analytical models Difficult to make trade-offs and ensure consistency Difficult to integrate the different modeling approaches Approach: Unified representation through extensions of software architecture and using architectural views to support heterogeneous modeling and analysis Example: Quadrotor STARMAC Summary March 2014 3

Slide 4

Cyber-Physical Systems 4 March 2014

Slide 5

Problems Todays approaches to designing cyber-physical systems (CPS) Early separation between cyber and physical parts of system design Different formalisms and methods within cyber and physical engineering: physical dynamics control engineering hardware platform software architecture Problem 1: Difficult to make tradeoffs across different engineering dimensions Problem 2: Difficult to determine consistency of different models Problem 3: Difficult to create whole-system analyses March 2014 5

Slide 6

Example CPS: STARMAC Stanford Testbed for Autonomous Rotorcraft for Multi- Agent Control (http://hybrid.eecs.berkeley.edu/starmac/) Four rotors, arranged symmetrically on frame March 2014 6

Slide 7

7 Battery Ultrasonic Ranger High Level Control Processor Low Level Control Processor GPS Electronics Interface Brushless Motors IMU March 2014

Slide 8

Multiple Views 8 Physical View March 2014

Slide 9

Multiple Views 9 Physical View Control View March 2014

Slide 10

Multiple Views 10 Software View Physical View Control View March 2014

Slide 11

Multiple Views 11 Software View Physical View Control View Hardware View March 2014

Slide 12

Do they represent the system? 12March 2014

Slide 13

Are the views consistent? 13 ? March 2014

Slide 14

Is there a unifying representation? 14 ? March 2014

Slide 15

What we would like An approach that unifies both cyber and physical design Allows one to describe the complete system Supports tradeoff analysis But allows a multiplicity of models and analyses Detects inconsistencies and mismatched assumptions Can reason about completeness of design models Supported by tools Allowing automated checking and linkage to legacy analysis tools March 2014 15

Slide 16

Approach Extend software architecture to support both physical and cyber elements through a CPS architectural style Support heterogeneous models and analyses through views Determine consistency criteria for multiple views Support engineering through extensions to software architecture modeling tools March 2014 16

Slide 17

Models as Architectural Views Control Model Base CPS Architecture Hardware Model Arch. View X Arch. View Y Control Arch. Hardware Arch. model-to-architectural-view relations architectural -view-to-base-arch. relations March 2014 17

Slide 18

STARMAC Architectural Views 18 Model Arch. View Base Arch. Hardware (AADL)Software (FSP)Physical (Modelica) March 2014

Slide 19

Simulink Architecture View March 2014 19

Slide 20

Simulink Model March 2014 20

Slide 21

What about Consistency? Structural consistency between the base architecture and a view Determines if a view represents a valid abstraction of the base architecture Weak: All elements of a view must be derived (via encapsulation) from the base architecture Special case is communication integrity: Two components in a view cannot interact unless they can also interact in the base architecture Strong: Every component in the base architecture is accounted for in the view (possibly within an encapsulation boundary) March 2014 21

Slide 22

Graph Analysis for View Consistency generation of component connectivity graph Consistency of views analyzed as graph morphisms 1 1 VFLib Graph Matching Library: http://amalfi.dis.unina.it/graph/db/vflib-2.0/doc/vflib.html March 2014 22

Slide 23

Structural Inconsistency in STARMAC 23 Weak Inconsistency March 2014

Slide 24

View-Model Consistency What is the architecture implied by a model? Some models do not have explicit architecture E.g., hybrid programs in KeYmaera Variables and transitions, not components and connectors Ensure that a view represents a model Create architectural types for components, timing, composition Generate models from architectural view Support legacy and evolving models through annotations 24March 2014

Slide 25

Exposing Architecture 25 Component: robot Component: obstacle Connector: robot senses obstacle immediately and precisely Robots property: control algorithm Obstacles property: control algorithm Robots property: physics Solution: annotations

Slide 26

Tools: AcmeStudio Extensible framework for architecture design and analysis Adaptation to CPS: support for associations between architectural views augmenting views with semantic attributes and analysis analysis plug-in for system-level verification March 2014 26

Slide 27

Conclusion CPS Architecture allows unified treatment of cyber and physical aspects of systems design Supports heterogeneous modeling and analysis through architecture views Provides formal criteria for structural and semantic consistency (in-progress) On-going work Model-view consistency: defining and automating view- model relations Tooling: extending modeling tools to support creation and navigation of multiple views March 2014 27

Slide 28

References A. Rajhans, A. Bhave, I. Ruchkin, B. Krogh, D. Garlan, A. Platzer, B. Schmerl. Supporting Heterogeneity in Cyber-Physical Systems Architectures. In IEEE Transactions on Automatic Control 2014. Bhave, A., B.H. Krogh, D. Garlan, and B. Schmerl. View Consistency in Architectures for Cyber-Physical Systems. In 2011 IEEE/ACM International Conference on Cyber-Physical Systems (ICCPS), 151-160, 2011. Rajhans, Akshay, and Bruce H. Krogh. Heterogeneous Verification of Cyber-physical Systems Using Behavior Relations. In Proceedings of the 15th ACM International Conference on Hybrid Systems: Computation and Control, 35-44. HSCC12. New York, NY, USA: ACM, 2012. R. Bahety and H. Gill, Cyber-Physical Systems. The Impact of Control Technology, IEEE, 2011. 28 March 2014

Slide 29

A. Rajhans, S.-W. Cheng, B. Schmerl, D. Garlan, B. Krogh, C. Agbi and A. Y. Bhave. An Architectural Approach to the Design and Analysis of Cyber-Physical Systems. In Electronic Communications of the EASST, Vol. 21: Multi-Paradigm Modeling, 2009. A. Y. Bhave, B. Krogh, D. Garlan and B. Schmerl. Multi-domain Modeling of Cyber-Physical Systems using Architectural Views. In Proceedings of the 1st Analytic Virtual Integration of Cyber-Physical Systems Workshop, 2010. Co-located with RTSS 2010. A. Rajhans, A. Y. Bhave, S. Loos, B. Krogh, A. Platzer and D. Garlan. Using Parameters in Architectural Views to Support Heterogeneous Design and Verification. In 50th IEEE Conference on Decision and Control (CDC) and European Control Conference (ECC) December 2011. A. Y. Bhave, D. Garlan, B. Krogh, A. Rajhans and B. Schmerl. Augmenting Software Architectures with Physical Components. In Proc. of the Embedded Real Time Software and Systems Conference (ERTS^2 2010), May 2010. March 2014 29