Upload
laasya
View
48
Download
0
Embed Size (px)
DESCRIPTION
Cyber Physical Systems: New Challenges for Model-based Design. Janos Sztipanovits ISIS, Vanderbilt University From Embedded Systems to Cyber-Physical Systems: A Review of the State-of-the-Art and Research Needs CHESS Workshop April 21, 2008. Embedded Systems Challenge. Modeling Layer . - PowerPoint PPT Presentation
Citation preview
Institute for Software Integrated SystemsVanderbilt University
Cyber Physical Systems: New Challenges for Model-based
DesignJanos Sztipanovits
ISIS, Vanderbilt University
From Embedded Systems to Cyber-Physical Systems: A Review of the State-of-the-Art and Research Needs
CHESS WorkshopApril 21, 2008
package org.apache.tomcat.session;
import org.apache.tomcat.core.*;import org.apache.tomcat.util.StringManager;import java.io.*;import java.net.*;import java.util.*;import javax.servlet.*;import javax.servlet.http.*;
/** * Core implementation of a server session * * @author James Duncan Davidson [[email protected]] * @author James Todd [[email protected]] */
public class ServerSession {
private StringManager sm = StringManager.getManager("org.apache.tomcat.session"); private Hashtable values = new Hashtable(); private Hashtable appSessions = new Hashtable(); private String id; private long creationTime = System.currentTimeMillis();; private long thisAccessTime = creationTime; private long lastAccessed = creationTime; private int inactiveInterval = -1; ServerSession(String id) { this.id = id; }
public String getId() { return id; }
public long getCreationTime() { return creationTime; }
public long getLastAccessedTime() { return lastAccessed; } public ApplicationSession getApplicationSession(Context context, boolean create) { ApplicationSession appSession = (ApplicationSession)appSessions.get(context);
if (appSession == null && create) {
// XXX // sync to ensure valid? appSession = new ApplicationSession(id, this, context); appSessions.put(context, appSession); }
// XXX // make sure that we haven't gone over the end of our // inactive interval -- if so, invalidate and create // a new appSession return appSession; } void removeApplicationSession(Context context) { appSessions.remove(context); }
/** * Called by context when request comes in so that accesses and * inactivities can be dealt with accordingly. */
void accessed() { // set last accessed to thisAccessTime as it will be left over // from the previous access
lastAccessed = thisAccessTime; thisAccessTime = System.currentTimeMillis(); }
void validate()
Software Control Systems
Abstraction• Adjustable• Integrative• Precise• Safe (analyzable)
Integration• Affordable• Model-based (end-to-end)• Manage heterogeneity better
Automation• Domain-specific tool chains, but• Reusable infrastructure
Embedded Systems Challenge
Systems industry turns IT driven: Aerospace, Automotive, Process,..
Modeling Layer
Abstractions are linked through refinement relations.
Abstraction layers allow the verification of different properties .
Key Idea: Manage design complexity by creating layers of abstractions in the design flow.(Alberto Sangiovanni-Vincentelli)
Platform mapping
Software architecture defines the composition of functions such that a least fixed point exists and is unique.
Hardware architecture defines a set of concurrent functional units, where the software architecture can be deployed.
Platform mapping
Behavior models define a set of timed automata with local clocks and broadcast. Models can be analyzed with TCTL.
Abstraction layers define platforms.
Platforms, Abstractions and Domain Specific Modeling Languages (DSML)
Key Idea: Capture intrinsic domain concepts with domain-specific modeling languages (DSML-s) and partition DSML-s into structural
and behavioral semantics.
The behavioral semantics defines what the structures do.
The structural semantics excludes semantically meaningless models.
No operator was provided for composition of values, so this merge model is semantically meaningless in this domain.
• The structural semantics views a model as a structure, and provides a means for calculating which structures are well-formed.
Model-Integrated Computing
• GME, the metaprogrammable modeling tool of ISIS, supports rapid
construction of metamodels and DSML models.
MetaGME metamodel of simple statecharts Model-editor generated from metamodel
Basic metamodeling notation: UML Class Diagram + OCL
Abstract syntax of DSML-s are defined by metamodels. Metamodeling languages provide structural semantics.
Specification of Structural Semantics of DSML-s
CrRrCYD
CRYL
Y
JiiY
),(
)(,,,
|
• Metamodels define the structural semantics of DSML-s:
OCL Constraints:self.transTo->forAll(s | s <> self)
A metamodeling language is one of the DSML-s: the same tool can be used for modeling and metamodeling.
C++ coding permits complex behavioral semantics, but the “specifications” are cluttered with C++ details.
• Behavioral semantics are defined with model transformations and semantic anchoring.
Graph transformations provide a transparent mechanism to attach semantics. However, not all behavioral semantics ca be specified this way.
Semantic anchoring with ASM captures the best of both worlds: Simple graph transformations and simple behavioral specifications.
Specification of Behavioral Semantics of DSML-s
': YYT RR
Lessons Learned: Metaprogrammable Tools
- Model-based development is practical!- Domain specific abstractions are not only desirable; they
are affordable- DSML-s are not programming languages
GME
UDM
GReAT
Best of Breed
• Modeling Tools• Simulators• Verifiers• Model Checkers
MetaModels
Generic Model Editor (GME)
Open Tool IntegrationFramework
Model Transformation
Model Management
OTIF
BACKPLANE REGISTRATION/NOTIFICATION/TRANSFER SERVICES
SEMANTIC TRANSLATOR
SEMANTIC TRANSLATOR
TOOL
TOOL ADAPTOR
TOOL
TOOL ADAPTOR
TOOL
TOOL ADAPTOR MANAGER
Standard interface/ Protocol
METADATA
DESERTComponent
Abstraction (TA)Design Space
Modeling (M D)Design SpaceEncoding (TE)
Design SpacePruning
Design Decoding
ComponentReconstruction
Design Space Exploration
MIC Tool Suite
Lessons Learned: Transitioning
Researchers partnering with End Users with real stake and new challenges Working model for managing proprietary issues (Open Source, Gated
Source) Repository is active, live, quality controlled (and costs money to operate) Creates future market for tool vendors.
Example: Microsoft Software Factories (health care, web services) MathWorks interactions
NEW TRANSITIONIN MODEL IS ESSENTIAL IF WE EXPECT RAPID ANDSUBSTANTIAL IMPACT
Researchgroups
ESCHERInstitute
Boeing, GM Raytheon
A small scale experiment with potentially large impact that works: ESCHER
Non-profitUniversities IR&D FCS
DDXC2W
Repository
fundingcriteria
maturation High qualitytools & SW
emphasis
New Challenges: Cyber Physical Systems
package org.apache.tomcat.session;
import org.apache.tomcat.core.*;import org.apache.tomcat.util.StringManager;import java.io.*;import java.net.*;import java.util.*;import javax.servlet.*;import javax.servlet.http.*;
/** * Core implementation of a server session * * @author James Duncan Davidson [[email protected]] * @author James Todd [[email protected]] */
public class ServerSession {
private StringManager sm = StringManager.getManager("org.apache.tomcat.session"); private Hashtable values = new Hashtable(); private Hashtable appSessions = new Hashtable(); private String id; private long creationTime = System.currentTimeMillis();; private long thisAccessTime = creationTime; private long lastAccessed = creationTime; private int inactiveInterval = -1; ServerSession(String id) { this.id = id; }
public String getId() { return id; }
public long getCreationTime() { return creationTime; }
public long getLastAccessedTime() { return lastAccessed; } public ApplicationSession getApplicationSession(Context context, boolean create) { ApplicationSession appSession = (ApplicationSession)appSessions.get(context);
if (appSession == null && create) {
// XXX // sync to ensure valid? appSession = new ApplicationSession(id, this, context); appSessions.put(context, appSession); }
// XXX // make sure that we haven't gone over the end of our // inactive interval -- if so, invalidate and create // a new appSession return appSession; } void removeApplicationSession(Context context) { appSessions.remove(context); }
/** * Called by context when request comes in so that accesses and * inactivities can be dealt with accordingly. */
void accessed() { // set last accessed to thisAccessTime as it will be left over // from the previous access
lastAccessed = thisAccessTime; thisAccessTime = System.currentTimeMillis(); }
void validate()
Software Control Systems
Abstraction• Adjustable• Integrative• Safe• Precise
Integration• Affordable• Model-based (end-to-end)• Manage heterogeneity better
Automation• Domain-specific tool chains, but• Reusable infrastructure
Systems industry turns IT driven: Aerospace, Automotive, Process,..
package org.apache.tomcat.session;
import org.apache.tomcat.core.*;import org.apache.tomcat.util.StringManager;import java.io.*;import java.net.*;import java.util.*;import javax.servlet.*;import javax.servlet.http.*;
/** * Core implementation of a server session * * @author James Duncan Davidson [[email protected]] * @author James Todd [[email protected]] */
public class ServerSession {
private StringManager sm = StringManager.getManager("org.apache.tomcat.session"); private Hashtable values = new Hashtable(); private Hashtable appSessions = new Hashtable(); private String id; private long creationTime = System.currentTimeMillis();; private long thisAccessTime = creationTime; private long lastAccessed = creationTime; private int inactiveInterval = -1; ServerSession(String id) { this.id = id; }
public String getId() { return id; }
public long getCreationTime() { return creationTime; }
public long getLastAccessedTime() { return lastAccessed; } public ApplicationSession getApplicationSession(Context context, boolean create) { ApplicationSession appSession = (ApplicationSession)appSessions.get(context);
if (appSession == null && create) {
// XXX // sync to ensure valid? appSession = new ApplicationSession(id, this, context); appSessions.put(context, appSession); }
// XXX // make sure that we haven't gone over the end of our // inactive interval -- if so, invalidate and create // a new appSession return appSession; } void removeApplicationSession(Context context) { appSessions.remove(context); }
/** * Called by context when request comes in so that accesses and * inactivities can be dealt with accordingly. */
void accessed() { // set last accessed to thisAccessTime as it will be left over // from the previous access
lastAccessed = thisAccessTime; thisAccessTime = System.currentTimeMillis(); }
void validate()
Modeling Layer
New Challenges: Cyber Physical Systems
package org.apache.tomcat.session;
import org.apache.tomcat.core.*;import org.apache.tomcat.util.StringManager;import java.io.*;import java.net.*;import java.util.*;import javax.servlet.*;import javax.servlet.http.*;
/** * Core implementation of a server session * * @author James Duncan Davidson [[email protected]] * @author James Todd [[email protected]] */
public class ServerSession {
private StringManager sm = StringManager.getManager("org.apache.tomcat.session"); private Hashtable values = new Hashtable(); private Hashtable appSessions = new Hashtable(); private String id; private long creationTime = System.currentTimeMillis();; private long thisAccessTime = creationTime; private long lastAccessed = creationTime; private int inactiveInterval = -1; ServerSession(String id) { this.id = id; }
public String getId() { return id; }
public long getCreationTime() { return creationTime; }
public long getLastAccessedTime() { return lastAccessed; } public ApplicationSession getApplicationSession(Context context, boolean create) { ApplicationSession appSession = (ApplicationSession)appSessions.get(context);
if (appSession == null && create) {
// XXX // sync to ensure valid? appSession = new ApplicationSession(id, this, context); appSessions.put(context, appSession); }
// XXX // make sure that we haven't gone over the end of our // inactive interval -- if so, invalidate and create // a new appSession return appSession; } void removeApplicationSession(Context context) { appSessions.remove(context); }
/** * Called by context when request comes in so that accesses and * inactivities can be dealt with accordingly. */
void accessed() { // set last accessed to thisAccessTime as it will be left over // from the previous access
lastAccessed = thisAccessTime; thisAccessTime = System.currentTimeMillis(); }
void validate()
Software Control Systems
Modeling Layer
Systems industry builds CPS: Aerospace, Automotive, Process,..
CPS - Integrated Modeling Discipline
Security
• It is not possible to identify whether behavioral attributes are the result of computations (computer programs), physical laws, or both working together;• Functionality and salient system characteristics are emerging through the interaction of physical and computational objects.
CPS and Model-Based Design
Model-Based Methods will drive the progress in CPS technology
Major advancements are needed in: Composition theory Certification and high confidence
design Secure systems design System Integration Design automation Education
New application domains will emerge rapidly Model-based system integration Architecture exploration Resilient systems
DSML/MetaM.
ModelTransf. V&V Model
MgmntTool Comp.
New Abstractions Semantic foundations Composition platforms for Heterogeneity Predictability under limitedcompositionality Foundation for System Integration Compositional Certification Agile Design Automation Open Architectures Reliable systems from unreliable Components Resiliency against Cyber Attacks
Example: System-of-System Engineering
Tool Chain for Architecture Exploration in FCS
ComponentAdapters
SystemModel
Segment
ADeVS, IONS RELEX
Excel
RoseCAT file
IDD
GReATTransform
SystemIntegration
RuntimeGlue
(Deployed)
SystemIntegration
Test HarnessC++
______________________________
IDL______________________________
IntegrationLaboratory
Tools
GReATTransform
XML______________________________
FCS Program: Boeing – Vanderbilt/ISIS
Risk Mitigation: SurrogateModeling and Synthesis
BC Surrogate Component
GME Component Models
Code Generator
InputInterfaces
OutputInterfaces
BusinessLogic
(Generated)
System Of Systems Common Operating Environment
BC Surrogate Component
Code Generator
InputInterfaces
OutputInterfaces
AcquiredBusiness
Logic
“Real”BC
Component
Deployment Instance Topology Networks
Interfaces,Business
Logic
Interfaces
“Real”BC
Component
GME System Models
HumanControllers
MixedInitiative
Controller
Context Dep.Command
Interpretation
AdaptiveResourceAllocation
Data Distribution Network
Coordination Decision Support
HCI AbstractCommands
PlatformCommands
AssignedPlatform
Commands
PlatformStatus
Model-Based Experiment Integration Environment: SSW
Building a Software/System “Wind Tunnel” (SSW)
Unmanned
Sensor Platforms
Issues to be studied experimentally:• Distributed Command and Control
– Synchronization and coordination– Distributed dynamic decision making– Network effects
• Information Sharing– Shared situation awareness– Common Operation Picture (COP)– Network effects
AFOSR PRET Project: Vanderbilt-ISIS, Berkeley, GMU
SSW Integration Architecture: Simulation Components and Models
Simulation Data Distribution/Communication Middleware
Simulation Integration Platform (HLA)
Distributed Simulation Platform
Instrumentation Layer
code
DEVSFederate.
OmNet++Federate
CPNFederate.
OGREFederate
SimulinkFederate
ControllerModels
NetworkModels
Org.Models
FusionModels
Model Integration Layer
“Virtual” Components
Instrumentation Layer
ExperimentSpecification
& Configuration
Run-time
Models
Env.Models
Model Integration
OgreAdaptive Human
Organization
MixedInitiative
Controller
Context Dep.Command
Interpretation
AdaptiveResourceAllocation
Data Distribution Network
Coordination Decision Support
HCI AbstractCommands
PlatformCommands
AssignedPlatform
Commands
PlatformStatus
COPElements
COPElements
COPElements
Model-Integrated System and Software Laboratory Environment: C2 Windtunnel
CPN SL/SF Devs
GMEOMNET
Organization/Coordination Controller/Vehicle Dynamics Processing (Tracking) 3-D Environment (Sensors)
Simulation InteractionSimulation Architecture
Network Architecture
SL/SF
GME
Summary
CPS-s represent the coming new age in systems design
The required technology changes are profound – go way beyond the reach of “multidisciplinary” approaches
Role of model-based methods and tools is The impact on competitiveness is huge:
CPS-s are the foundation for the systems industry