Flight Systems are Cyber-Physical Systems

Similar documents
Complexity-Reducing Design Patterns for Cyber-Physical Systems. DARPA META Project. AADL Standards Meeting January 2011 Steven P.

Modeling Systems Using Design Patterns

Applications of Program analysis in Model-Based Design

Distributed Systems Programming (F21DS1) Formal Verification

! Use of formal notations. ! in software system descriptions. ! for a broad range of effects. ! and varying levels of use. !

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

Introduction to Formal Methods

FORMALIZED SOFTWARE DEVELOPMENT IN AN INDUSTRIAL ENVIRONMENT

An Information Model for High-Integrity Real Time Systems

Techniques for the unambiguous specification of software

Software Architecture in Action. Flavio Oquendo, Jair C Leite, Thais Batista

NOTES ON OBJECT-ORIENTED MODELING AND DESIGN

these developments has been in the field of formal methods. Such methods, typically given by a

Leslie Lamport: The Specification Language TLA +

Verification of Concurrent Programs, Part I: The Temporal Framework

40 Behaviour Compatibility

A SIMULATION ARCHITECTURE DESCRIPTION LANGUAGE FOR HARDWARE-IN-LOOP SIMULATION OF SAFETY CRITICAL SYSTEMS

Simulink/Stateflow. June 2008

Proving the Correctness of Distributed Algorithms using TLA

The Montana Toolset: OSATE Plugins for Analysis and Code Generation

Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems

Software Engineering of Robots

AADL Requirements Annex Review

Impact of Runtime Architectures on Control System Stability

Model-Driven Verifying Compilation of Synchronous Distributed Applications

An Approach to Software Component Specification

A PRIMITIVE EXECUTION MODEL FOR HETEROGENEOUS MODELING

Distributed Information System as a System of Asynchronous Concurrent Processes

Introduction to Modeling

CS4514 Real-Time Systems and Modeling

Formal Specification of Software Systems

OMER-2 Workshop Daimler-Chrysler Modeling Contest. Modeling S-Class Car Seat Control with AnyLogic

Enterprise Architect Training Courses

A Solution Based on Modeling and Code Generation for Embedded Control System

Update on AADL Requirements Annex

Modeling Kernel Language (MKL)

Using Heterogeneous Formal Methods in Model-Based Development LCCC Workshop on Formal Verification of Embedded Control Systems

Termination Analysis of the Transformation UML to CSP

Embedded Software Engineering

ISO compliant verification of functional requirements in the model-based software development process

Towards an Integrated System Model for Testing and Verification

Activation Inheritance in Modelica

Ionuţ Buricea. Trying to extend this work to timed protocols, I studied the verification of timed systems

System of Systems Architecture Generation and Evaluation using Evolutionary Algorithms

Cover Page. The handle holds various files of this Leiden University dissertation

Thesis Defense: Developing Real-Time Collaborative Editing Using Formal Methods

CITS5501 Software Testing and Quality Assurance Formal methods

Department Curriculum Map (new GCSE)

A Partial Correctness Proof for Programs with Decided Specifications

OMG Systems Modeling Language Tutorial May, 2012

Hybrid System Modeling: Operational Semantics Issues

CA314 Object Oriented Analysis & Design - 7. File name: CA314_Section_07_Ver01 Author: L Tuohey No. of pages: 16

Modelling and verification of cyber-physical system

CONVENTIONAL EXECUTABLE SEMANTICS. Grigore Rosu CS522 Programming Language Semantics

RTC: Language Support for Real-Time Concurrency

Concurrent Models of Computation

Eight units must be completed and passed to be awarded the Diploma.

Pattern-Based Analysis of an Embedded Real-Time System Architecture

Model-Based Design of Connected and Autonomous Vehicles

This project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No

Chapter 4. Capturing the Requirements. 4th Edition. Shari L. Pfleeger Joanne M. Atlee

Separating Product Variance and Domain Concepts in the Specification of Software Product Lines

AN OBJECT-ORIENTED VISUAL SIMULATION ENVIRONMENT FOR QUEUING NETWORKS

CONVENTIONAL EXECUTABLE SEMANTICS. Grigore Rosu CS422 Programming Language Semantics

A Tutorial on Agent Based Software Engineering

Verification of Cyber-Physical Controller Software Using the AVM Meta Tool Suite and HybridSAL

Analysis and Design Language (AADL) for Quantitative System Reliability and Availability Modeling

Qualitative Analysis of WorkFlow nets using Linear Logic: Soundness Verification

FlexRay International Workshop. FAN analysis

Introduction to parallel Computing

Symbolic Evaluation of Sums for Parallelising Compilers

ModelicaML: Getting Started Issue April 2012

ait: WORST-CASE EXECUTION TIME PREDICTION BY STATIC PROGRAM ANALYSIS

Evolution of XML Applications

Web Services Annotation and Reasoning

Modeling and Verification of RBC Handover Protocol

An Overview of the SysML-Modelica Transformation Specification

CONVENTIONAL EXECUTABLE SEMANTICS. Grigore Rosu CS422 Programming Language Design

Out-of-Order Parallel Simulation of SystemC Models. G. Liu, T. Schmidt, R. Dömer (CECS) A. Dingankar, D. Kirkpatrick (Intel Corp.)

Eliminating Annotations by Automatic Flow Analysis of Real-Time Programs

A Transformation-Based Model of Evolutionary Architecting for Embedded System Product Lines

Static Program Analysis

Deliver robust products at reduced cost by linking model-driven software testing to quality management.

Stack effect calculus with typed wildcards, polymorphism and inheritance. Abstract

Accuracy Analysis of Charged Particle Trajectory CAE Software

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

Formal Foundations of Software Engineering

Paradigms of computer programming

Temporal Semantics in Concurrent and Distributed Software

Q Body of techniques supported by. R precise mathematics. R powerful analysis tools. Q Rigorous, effective mechanisms for system.

Scope and Sequence for the New Jersey Core Curriculum Content Standards

Liveness and Fairness Properties in Multi-Agent Systems

Modeling Requirements

CFD Project Workflow Guide

Overview. 1. Ordinary Differential Equations, Algebraic Equations. 2. Block Diagrams

Hippo Software BPMN and UML Training

Modelling & Simulation of Complex Socio-Cyber- Physical Systems and Large Scale Systems of Systems

How to Make a Correct Multiprocess Program Execute Correctly on a Multiprocessor

Topological space - Wikipedia, the free encyclopedia

REAL-TIME OBJECT-ORIENTED DESIGN AND FORMAL METHODS

Transcription:

Flight Systems are Cyber-Physical Systems Dr. Christopher Landauer Software Systems Analysis Department The Aerospace Corporation Computer Science Division / Software Engineering Subdivision 08 November 2012 The Aerospace Corporation 2012

Summary We show how to model flight systems (software and hardware) as cyber-physical systems, by combining appropriate modeling paradigms: discrete interactions for software and other events, continuous processes for movement and hardware, and story lines for scenarios. 2

Outline Software-Intensive Embedded Systems The Real World What is Hard A New(ish) Approach: Com+Ode A New Hard Mathematical Problem Other Well-Known Modeling Mechanisms: AADL, DEVS, Modelica, and SysML What is missing in these approaches? Modeling Process Lessons Learned Conclusions and Recommendations Some References 3

Software-Intensive Embedded Systems Software is well-modeled and even well-defined by formal and systematic mechanisms Event patterns Alternatives and contingencies Iterations and rendezvous Scenarios are stories of what happens that is not controlled by the system They also define what the system is expected to do in response Embedded systems need context observation and interpretation to help predict their environment Making internal choices and responding to external direction These systems need to be able to build their own models 4

The Real World Not well-modeled by any formal or systematic mechanisms No matter how good the mathematical foundation is (MAUDE, CSP,...) Mostly smooth, occasional abrupt changes (``modes'') Things break and otherwise spin out of control The operational environment of any embedded system is Largely unpredictable and uncontrollable and mostly unknowable (``the slings and arrows of outrageous fortune'') Scenarios are stories of what happens that is not controlled by the system, including Activities of other agents or actors Component failures and other errors Unexpected environmental phenomena Other nominal and off-nominal activities 5

What is Hard Combination of abstract software transition models with very concrete hardware / environment models Software is about the sequencing (or partial ordering) of discrete events Concurrent and possibly distributed Behavior is generally assumed to be independent of platform Hardware / environment is about continuous or even smooth processes Evolving state of the system in an uncertain environment Concept of operations is about how the system will be used by its human and other operators Scenarios illustrate various desires and expectations for the system There are almost always not enough of these These three aspects of system development generally use completely different paradigms Many difficulties and errors in integrating them to predict system performance 6

A New(ish) Approach: Com+Ode Combination modeling method to reduce the difficulty and increase the reliability of these modeling efforts Com is a formal notation for software modeling for simulation and verification ODE is a collection of formal methods for solving differential equations Story interpreter (simulation engine) Integration among these model styles is explicit Interference spaces: physical, electromagnetic, resource contention Influence mappings from each one to the others Some matter more than others 7

Com Event-based programming Developed by the presenter in mid-1980 s (see references) Based on Hoare's CSP = Communicating Sequential Processes Altered for better separation of processes (Hoare also made this change for his CSP book) Concurrency and synchronization Hierarchical model definition Extended to allow time intervals and asynchronous interaction Mathematical foundation Simulation and verification from the same model Translation into C for simulation Translation into various temporal logics for verification 8

Ode Ordinary differential equations Movement Gradual changes Certain other temporal effects may matter State based instantaneous movement Smooth changes at various rates Singularities affect the way equations can be solved Special methods are needed for solving equations near singularities Different solver strategies depending on different properties of equations This is why we want explicit integration instead of implicit Global time may not be definable When the system is sufficiently distributed compared to the time resolution When propagation time becomes non-trivial compared to the rest of the computations 9

A New Hard Mathematical Problem Real / discrete space of high and variable dimensionality Importance space has different and dynamic measure of significance for each coordinate ``Design drivers are an example Smooth movement into a region may change the equations or just their importances Exploratory differential geometry provides some methods (simplicial complexes) Software transitions may also change the space New sets of variables and constraints matter Singularity indications and warnings Singularity predictions 10

Other Modeling Mechanisms - AADL http://www.aadl.info https://wiki.sei.cmu.edu/aadl Predictable model-based engineering of performance-critical real-time and embedded systems Text notation with graphics Defined in English with reference implementations Systematic but not mathematically formal There are also XML descriptions that formally define the syntax (not the semantics) Highly extensible (annexes can specialize application domain) Developed by SAE specifically for manufacturing Large world-wide user community Component abstractions in three categories Application software Execution platform (hardware) Composite (system integration elements) 11

Other Modeling Mechanisms DEVS http://www.acims.arizona.edu/ Text notation with graphical display Defined in English, but with a formal mapping to discrete dynamic systems Continuous models are also possible Three basic objects derived from the real world system Model, simulator, experimental frame Hierarchical construction of models Basic model has Input and output ports, internal state variables and parameters Time variable defines time until next internal transition (can be 0 or infinity) Internal transition function defines state changes at transition time External transition function defines response rules to external inputs Internal state changes and a new wait time Geared towards separating simulation from model, but still fairly specific to simulation 12

Other Modeling Mechanisms - Modelica http://www.modelica.org http://www.openmodelica.org Language for modeling of complex cyber-physical systems for simulation and other analyses Graphical notation and text annotation Structure from graph; behavior from text Defined in English, but mapped into a differential-algebraic equational system, with typed variables and explicit scope and volatility and conditional equations Hybrid discrete - continuous modeling Acausal (no implied order of computations) Components, interconnections Many tools exist for access to external languages Combined differential-algebraic equational systems may not be most appropriate Local context defined by conditional equations vs global validity 13

Other Modeling Mechanisms - SysML http://www.omg.org/spec/sysml/ http://omgsysml.org/ Customized and extended modification of UML 2.0 for system engineering Graphical notation with annotations Defined in English with reference implementations Systematic but not mathematically formal Four aspects Structure = Parts and connections Hierarchy of physical or logical components and environment functionality Behavior (discrete only) defined by interaction, state machines, activity / function Requirement relationships include hierarchies, refinements, derivation, satisfaction, verification Parametrics are constraints on system parameter values Ports include discrete data ports and continuous flow ports Rate restrictions and probabilities 14

What is missing in these approaches? All allow internal hierarchical view of an embedded system Structure, interfaces, local state, and reactions to external interactions Few expect an external view of system in environment All can model some of the relevant effects of the environment None can model all of the relevant effects of the environment Few clearly separate the model definition from its interpretation by a simulation or other analysis tool Few have formal definitions that support proofs of behavior Few (or none) have much tool support for proofs of local behaviors in context Systems operate in a tiny subspace of the vast possibilities defined by their parameters Proofs of constraints are useful in limiting searches and monitoring requirements (and also for simplifying descriptions and decisions) Few (or no) integration processes exist to map one approach into another, or to use a model in a different context 15

Modeling Process Lessons Learned Hierarchical modeling is extremely useful Early modeling can discover unexpected scenarios or definition gaps Model changes should always be mapped to all existing model resolutions Even back-mapping to older models that were used for analyses This is a kind of regression model testing Choosing a level of resolution adequate for the analysis at hand Usually a bit more than that required to state the analysis problem and its likely answers (sometimes a lot more) Validating the relationships among different resolution levels The formal foundations of com+ode, DEVS, and Modelica allow some properties to be proved Then they can be used in the simulation programs and other analyses Visualizations are important, but should not drive the computation There are forces and futures that we cannot see in the images 16

Conclusions and Recommendations Commonalities and differences in these notations should be better described There may also be other notations used in other domains There should be integration mechanisms to bridge their different notations and semantics Especially the basic computational models Integration commonality proofs will remove several incompatibility barriers Common model interchange formats need to be defined based on physical commonalities Since they all purport to model physical systems Also mapping of software behaviors as discrete dynamical systems (or some other mathematical objects) General modeling notations are not as useful because they are cumbersome Special purpose notations, context conditions, and explicit integration methods 17

Some References C. A. R. Hoare, Communicating Sequential Processes, Prentice- Hall (1985) Leslie Lamport, ``Time, Clocks, and the Ordering of Events in a Distributed System'', Comm. ACM Vol.21 No.7, pp. 558-565 (July 1978) Christopher Landauer, ``Communication Network Simulation Tools'', Part 3, pp. 995-1001 in Proceedings of the 16th Annual Pittsburgh Conference on Modeling and Simulation, April 1985, Pittsburgh, Instrument Society of America (Fall 1985) Christopher Landauer, ``Network and Protocol Modeling Tools'', pp. 87-93 in Proceedings of the 1984 IEEE / NBS Computer Networking Symposium, December 1984, NIST, Gaithersburg, Maryland (December 1984) 18

Some More References Christopher Landauer, ``Performance Modeling of Protocols'', Paper 16.2, vol. 2, pp. 219-221 in Proceedings of MILCOM'84: The 1984 IEEE Military Communications Conference, October 1984, Los Angeles (October 1984) Christopher Landauer, Kirstie L. Bellman, ``Integration Systems and Interaction Spaces'', pp. 161-178 in Proceedings of FroCoS'96: The First International Workshop on Frontiers of Combining Systems, 26-29 March 1996, Munich, Germany (March 1996) J. Stoer, R. Bulirsch, Introduction to Numerical Analysis, 2nd ed., Translated by R. Bartels, W. Gautschi, C. Witzgall, Springer (1993) 19

Questions? The Aerospace Corporation 2012

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback