David Garlan Ivan Ruchkin Carnegie Mellon University
Pittsburgh, PA, USA December 2014
Slide 2
Acknowledgements Joint work with faculty Bruce Krogh
(Electrical Engineering) Andre Platzer (Computer Science) Bradley
Schmerl (Software Engineering) and students Ajinkya Bhave
(multi-view synthesis) Akshay Rajhans (compositional verification)
Ivan Ruchkin (architecture and tools) With funding/support from
National Science Foundation Bosch Corporation Toyota Corporation
March 2014 2
Slide 3
Outline Cyber-physical systems Problem: Today software and
physical modeling are separate activities with very different
analytical models Difficult to make trade-offs and ensure
consistency Difficult to integrate the different modeling
approaches Approach: Unified representation through extensions of
software architecture and using architectural views to support
heterogeneous modeling and analysis Example: Quadrotor STARMAC
Summary March 2014 3
Slide 4
Cyber-Physical Systems 4 March 2014
Slide 5
Problems Todays approaches to designing cyber-physical systems
(CPS) Early separation between cyber and physical parts of system
design Different formalisms and methods within cyber and physical
engineering: physical dynamics control engineering hardware
platform software architecture Problem 1: Difficult to make
tradeoffs across different engineering dimensions Problem 2:
Difficult to determine consistency of different models Problem 3:
Difficult to create whole-system analyses March 2014 5
Slide 6
Example CPS: STARMAC Stanford Testbed for Autonomous Rotorcraft
for Multi- Agent Control (http://hybrid.eecs.berkeley.edu/starmac/)
Four rotors, arranged symmetrically on frame March 2014 6
Slide 7
7 Battery Ultrasonic Ranger High Level Control Processor Low
Level Control Processor GPS Electronics Interface Brushless Motors
IMU March 2014
Slide 8
Multiple Views 8 Physical View March 2014
Slide 9
Multiple Views 9 Physical View Control View March 2014
Slide 10
Multiple Views 10 Software View Physical View Control View
March 2014
Slide 11
Multiple Views 11 Software View Physical View Control View
Hardware View March 2014
Slide 12
Do they represent the system? 12March 2014
Slide 13
Are the views consistent? 13 ? March 2014
Slide 14
Is there a unifying representation? 14 ? March 2014
Slide 15
What we would like An approach that unifies both cyber and
physical design Allows one to describe the complete system Supports
tradeoff analysis But allows a multiplicity of models and analyses
Detects inconsistencies and mismatched assumptions Can reason about
completeness of design models Supported by tools Allowing automated
checking and linkage to legacy analysis tools March 2014 15
Slide 16
Approach Extend software architecture to support both physical
and cyber elements through a CPS architectural style Support
heterogeneous models and analyses through views Determine
consistency criteria for multiple views Support engineering through
extensions to software architecture modeling tools March 2014
16
Slide 17
Models as Architectural Views Control Model Base CPS
Architecture Hardware Model Arch. View X Arch. View Y Control Arch.
Hardware Arch. model-to-architectural-view relations architectural
-view-to-base-arch. relations March 2014 17
Slide 18
STARMAC Architectural Views 18 Model Arch. View Base Arch.
Hardware (AADL)Software (FSP)Physical (Modelica) March 2014
Slide 19
Simulink Architecture View March 2014 19
Slide 20
Simulink Model March 2014 20
Slide 21
What about Consistency? Structural consistency between the base
architecture and a view Determines if a view represents a valid
abstraction of the base architecture Weak: All elements of a view
must be derived (via encapsulation) from the base architecture
Special case is communication integrity: Two components in a view
cannot interact unless they can also interact in the base
architecture Strong: Every component in the base architecture is
accounted for in the view (possibly within an encapsulation
boundary) March 2014 21
Slide 22
Graph Analysis for View Consistency generation of component
connectivity graph Consistency of views analyzed as graph morphisms
1 1 VFLib Graph Matching Library:
http://amalfi.dis.unina.it/graph/db/vflib-2.0/doc/vflib.html March
2014 22
Slide 23
Structural Inconsistency in STARMAC 23 Weak Inconsistency March
2014
Slide 24
View-Model Consistency What is the architecture implied by a
model? Some models do not have explicit architecture E.g., hybrid
programs in KeYmaera Variables and transitions, not components and
connectors Ensure that a view represents a model Create
architectural types for components, timing, composition Generate
models from architectural view Support legacy and evolving models
through annotations 24March 2014
Slide 25
Exposing Architecture 25 Component: robot Component: obstacle
Connector: robot senses obstacle immediately and precisely Robots
property: control algorithm Obstacles property: control algorithm
Robots property: physics Solution: annotations
Slide 26
Tools: AcmeStudio Extensible framework for architecture design
and analysis Adaptation to CPS: support for associations between
architectural views augmenting views with semantic attributes and
analysis analysis plug-in for system-level verification March 2014
26
Slide 27
Conclusion CPS Architecture allows unified treatment of cyber
and physical aspects of systems design Supports heterogeneous
modeling and analysis through architecture views Provides formal
criteria for structural and semantic consistency (in-progress)
On-going work Model-view consistency: defining and automating view-
model relations Tooling: extending modeling tools to support
creation and navigation of multiple views March 2014 27
Slide 28
References A. Rajhans, A. Bhave, I. Ruchkin, B. Krogh, D.
Garlan, A. Platzer, B. Schmerl. Supporting Heterogeneity in
Cyber-Physical Systems Architectures. In IEEE Transactions on
Automatic Control 2014. Bhave, A., B.H. Krogh, D. Garlan, and B.
Schmerl. View Consistency in Architectures for Cyber-Physical
Systems. In 2011 IEEE/ACM International Conference on
Cyber-Physical Systems (ICCPS), 151-160, 2011. Rajhans, Akshay, and
Bruce H. Krogh. Heterogeneous Verification of Cyber-physical
Systems Using Behavior Relations. In Proceedings of the 15th ACM
International Conference on Hybrid Systems: Computation and
Control, 35-44. HSCC12. New York, NY, USA: ACM, 2012. R. Bahety and
H. Gill, Cyber-Physical Systems. The Impact of Control Technology,
IEEE, 2011. 28 March 2014
Slide 29
A. Rajhans, S.-W. Cheng, B. Schmerl, D. Garlan, B. Krogh, C.
Agbi and A. Y. Bhave. An Architectural Approach to the Design and
Analysis of Cyber-Physical Systems. In Electronic Communications of
the EASST, Vol. 21: Multi-Paradigm Modeling, 2009. A. Y. Bhave, B.
Krogh, D. Garlan and B. Schmerl. Multi-domain Modeling of
Cyber-Physical Systems using Architectural Views. In Proceedings of
the 1st Analytic Virtual Integration of Cyber-Physical Systems
Workshop, 2010. Co-located with RTSS 2010. A. Rajhans, A. Y. Bhave,
S. Loos, B. Krogh, A. Platzer and D. Garlan. Using Parameters in
Architectural Views to Support Heterogeneous Design and
Verification. In 50th IEEE Conference on Decision and Control (CDC)
and European Control Conference (ECC) December 2011. A. Y. Bhave,
D. Garlan, B. Krogh, A. Rajhans and B. Schmerl. Augmenting Software
Architectures with Physical Components. In Proc. of the Embedded
Real Time Software and Systems Conference (ERTS^2 2010), May 2010.
March 2014 29