NSF. Hybrid Systems: From Models to Code. Tom Henzinger. UC Berkeley. French Guyana, June 4, 1996 $800 million embedded software failure

Similar documents
Center for Hybrid and Embedded Software Systems. Hybrid & Embedded Software Systems

Center for Hybrid and Embedded Software Systems (CHESS)

Foundations of Hybrid and Embedded Software and Systems: Project Overview

Table of Contents. Foundations of Hybrid and Embedded Software Systems

EECE Hybrid and Embedded Systems: Computation

Introduction to co-simulation. What is HW-SW co-simulation?

Cyber Physical Systems: Next Generation of Embedded Systems

Component Based Design for Embedded Systems

Closing the loop around Sensor Networks

ANNUAL REPORT FOUNDATIONS OF HYBRID AND EMBEDDED SYSTEMS AND SOFTWARE NSF/ITR PROJECT AWARD NUMBER: CCR

FOUNDATIONS OF HYBRID AND EMBEDDED SYSTEMS AND SOFTWARE

The CPAL programming language. Lean Model-Driven Development through Model-Interpretation

Integrated Safety Envelopes

Modeling and Validation

Notes S5 breakout session - Hybrid Automata Verification S5 Conference June 2015

Introduction to Real-Time Systems

Embracing Complexity. Gavin Walker Development Manager

Model-based Development with

William Milam Ford Motor Co

FORMAL MODELING AND VERIFICATION OF MULTI-AGENTS SYSTEM USING WELL- FORMED NETS

Dr Daniela Cancila. Laboratoire des composants logiciels pour la Sécurité et la Sûreté des Systèmes (L3S)

On-demand printable robots

ExCAPE. Rajeev Alur, Ras Bodik, Jeff Foster, Bjorn Hartmann, Lydia Kavraki,

Modular Performance Analysis

A Case for Opportunistic Embedded Sensing In Presence of Hardware Power Variability

Teaching Embedded Systems to Berkeley Undergraduates

The Evolution of Real-Time Programming

What is a Simulation? Simulation & Modeling. Why Do Simulations? Emulators versus Simulators. Why Do Simulations? Why Do Simulations?

Digital Systems Design

Sequential program, state machine, Concurrent process models

Automated Testing of Autonomous Driving Assistance Systems

DAV Institute of Engineering & Technology Department of ECE. Course Outcomes

Advanced Digital Design

Computer Aided Design of Electronics

Policy-Based RTL Design

An Integrated Modeling and Simulation Methodology for Intelligent Systems Design and Testing

Distributed Control-as-a-Service with Wireless Swarm Systems"

By the end of this chapter, you should: Understand what is meant by engineering design. Understand the phases of the engineering design process.

Some recent results and some open problems concerning solving infinite duration combinatorial games. Peter Bro Miltersen Aarhus University

Complex Systems and Microsystems Design: The Meet-in-the-Middle Approach

The Evolution of Waveform Relaxation for Circuit and Electromagnetic Solvers

Dependable Wireless Control

From Model-Based Strategies to Intelligent Control Systems

Introduction. Reading: Chapter 1. Courtesy of Dr. Dansereau, Dr. Brown, Dr. Vranesic, Dr. Harris, and Dr. Choi.

Welcome to 6.S084! Computation Structures (special)

Reinforcement Learning Simulations and Robotics

Stanford Center for AI Safety

CS 730/830: Intro AI. Prof. Wheeler Ruml. TA Bence Cserna. Thinking inside the box. 5 handouts: course info, project info, schedule, slides, asst 1

Dynamic Power Management in Wireless Sensor Networks: An Application-driven Approach

DESIGN TECHNOLOGY FOR THE TRILLION-DEVICE FUTURE

Formal Composition for. Time-Triggered Systems

Executive Summary. Chapter 1. Overview of Control

Communication and control of distributed hybrid systems

Validation of Frequency- and Time-domain Fidelity of an Ultra-low Latency Hardware-in-the-Loop (HIL) Emulator

A New Approach to the Design and Verification of Complex Systems

UNIT-III LIFE-CYCLE PHASES

Research Statement. Sorin Cotofana

A premium passenger car is controlled and managed by 80+ Embedded Systems. Communication systems for vehicle electronics

Low Power Design Methods: Design Flows and Kits

Exploring Pedestrian Bluetooth and WiFi Detection at Public Transportation Terminals

A Model-Based Development Environment and Its Application in Engine Control

R2U2 in Space: System & Software Health Management for Small Satellites

Despite the euphonic name, the words in the program title actually do describe what we're trying to do:

Scientific Certification

AVACS Automatic Verification and Analysis of Complex Systems

Industrial Cyber-Physical Systems icyphy

Getting to Smart Paul Barnard Design Automation

Real-Time Systems Hermann Härtig Introduction

Software-Intensive Systems Producibility

Neural Networks The New Moore s Law

Modeling and Simulation Made Easy with Simulink Carlos Osorio Principal Application Engineer MathWorks Natick, MA

First steps towards a mereo-operandi theory for a system feature-based architecting of cyber-physical systems

Formal Methods for Semi-Autonomous Driving

MULTI-LAYERED HYBRID ARCHITECTURE TO SOLVE COMPLEX TASKS OF AN AUTONOMOUS MOBILE ROBOT

Verification and Validation for Safety in Robots Kerstin Eder

Kosuke Imamura, Assistant Professor, Department of Computer Science, Eastern Washington University

CS649 Sensor Networks IP Lecture 9: Synchronization

Laurea Specialistica in Ingegneria. Ingegneria dell'automazione: Sistemi in Tempo Reale

TOWARDS AN UNIFIED APPROACH FOR MODELING AND ANALYSIS OF REAL-TIME EMBEDDED SYSTEMS USING MARTE/UML

Dipartimento di Elettronica Informazione e Bioingegneria Robotics

Computing RW Supervisors:

Artificial Intelligence: Implications for Autonomous Weapons. Stuart Russell University of California, Berkeley

Dependable Communication Synthesis for Distributed Embedded Systems *

Lecture 8 Receding Horizon Temporal Logic Planning & Compositional Protocol Synthesis

Exact Response Time of FlexRay Communication Protocol

Automated Driving Systems with Model-Based Design for ISO 26262:2018 and SOTIF

10703 Deep Reinforcement Learning and Control

Hardware Implementation of Automatic Control Systems using FPGAs

Disseny físic. Disseny en Standard Cells. Enric Pastor Rosa M. Badia Ramon Canal DM Tardor DM, Tardor

CPS-Ed 2014 Cyber-Physical Systems Education Workshop at UC Berkeley

Introduction to Computer Science - PLTW #9340

Datorstödd Elektronikkonstruktion

A Winning Combination

Semantics of Metamodeling

Engineering Education: A Focus on Systems

Run-time Power Control Scheme Using Software Feedback Loop for Low-Power Real-time Applications

Model-Based Design as an Enabler for Supply Chain Collaboration

NanoFabrics: : Spatial Computing Using Molecular Electronics

Gregory Bock, Brittany Dhall, Ryan Hendrickson, & Jared Lamkin Project Advisors: Dr. Jing Wang & Dr. In Soo Ahn Department of Electrical and Computer

Embedded System Hardware - Reconfigurable Hardware -

Transcription:

Hybrid Systems: From Models to Code Tom Henzinger UC Berkeley NSF UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Foundations of Hybrid and Embedded Software Systems French Guyana, June 4, 1996 $800 million embedded software failure

Mars, December 3, 1999 Crashed due to uninitialized variable ITR Kickoff / Chess 3 $4 billion development effort 40-50% system integration & validation cost

Sources of Complexity -concurrency -real time -heterogeneity A hybrid system consists of multiple continuous (physical) and discrete (computational) components that interact with each other in real time. ITR Kickoff / Chess 5 Embedded Software Design: Current State Design Simulate Model (e.g., Simulink) No formal connection between requirements, model, and resources: expensive development cycle iterates all stages Redesign Code generation Optimize Test Code No exact correspondence between model and code: -difficult to upgrade code -difficult to reuse code ITR Kickoff / Chess 6

Embedded Software Design: Our Vision Design Verify Model Compilation (analysis, optimization, and code generation) Code ITR Kickoff / Chess 7 The FRESCO Project (Formal Real-Time Software Components) Hybrid System Model MASACCIO: correctness by formal verification against requirements Time-Safe Code GIOTTO: correctness by schedulability analysis against resources ITR Kickoff / Chess 8

Continuous (Euclidean) Systems State space: R n Dynamics: initial condition + differential equations x Room temperature: x(0) = x 0 x (t) = -K x(t) x 0 t Analytic complexity. ITR Kickoff / Chess 9 Discrete (Boolean) Systems State space: B m Dynamics: initial condition + transition relation heat Heater: off on off on t Combinatorial complexity. ITR Kickoff / Chess 10

The Curse of Concurrency 300,000 latches 1011 11 10 stars stars 100,000 10 states

Hybrid Systems m n State space: B R Dynamics: initial condition + transition relation + differential equations x 0 off on Thermostat: t off x = -K x x L x l x u on x = K (H-x) x U ITR Kickoff / Chess 13 Hybrid Automata y x ITR Kickoff / Chess 14

Hybrid Automata far x [-50,-40] x 1000 x = 1000 app! near x [-50,-30] x 0 app train x = 100 exit! x : [2000, ) past x [30,50] x 100 x = 0 exit ITR Kickoff / Chess 15 Hybrid Automata up y = 9 y 90 y = 90 open y = 0 raise raise? lower? raise? down y = -9 y 0 y = 0 closed y = 0 lower gate lower? ITR Kickoff / Chess 16

Hybrid Automata app exit t := 0 t := 0 t = 1 t α app? lower! idle exit? raise! t = 1 t α controller lower raise ITR Kickoff / Chess 17 Requirements Safety:! ( x 10 loc[gate] = closed ) Liveness:! " ( loc[gate] = open ) Real time:! z :=0. ( z = 1 " ( loc[gate] = open z 60 )) Verification and failure analysis by model checking (e.g., HyTech). ITR Kickoff / Chess 18

Two Problems with Hybrid Automata 1. Scalability Possible solutions: -hierarchy (MASACCIO) -assume-guarantee decomposition (interfaces) 2. Robustness Possible solutions: -ε-variability -discounted future ITR Kickoff / Chess 19 MASACCIO Hierarchical Hybrid Automata ITR Kickoff / Chess 20

MASACCIO Hierarchical Hybrid Automata ITR Kickoff / Chess 21 MASACCIO Hierarchical Hybrid Automata ITR Kickoff / Chess 22

MASACCIO Hierarchical Hybrid Automata ITR Kickoff / Chess 23 MASACCIO ITR Kickoff / Chess 24

Two Problems with Hybrid Automata 1. Scalability Possible solutions: -hierarchy (MASACCIO) -assume-guarantee decomposition (interfaces) 2. Robustness Possible solutions: -ε-variability -discounted future ITR Kickoff / Chess 25 The Robustness Problem Hybrid Automaton Property slightly perturbed automaton ITR Kickoff / Chess 26

The Robustness Problem Hybrid Automaton x = 3 Safe ITR Kickoff / Chess 27 The Robustness Problem Hybrid Automaton x = 3+ε Unsafe ITR Kickoff / Chess 28

A Possible Solution of the Robustness Problem: Metrics on Traces Model Property instead of Yes or No consider ε-variation ITR Kickoff / Chess 29 A More Radical Solution of the Robustness Problem: Discounting the Future value(model,property): States {Yes, No} value(model,property): States R ITR Kickoff / Chess 30

A More Radical Solution of the Robustness Problem: Discounting the Future value(model,property): States {Yes, No} value(m,"t) = µx. (T pre(x)) discountedvalue(model,property): States R discountedvalue(m,"t) = µx. max(t, λ pre(x)) discount factor 0<λ<1 ITR Kickoff / Chess 31 A More Radical Solution of the Robustness Problem: Discounting the Future Robustness Theorem: If discountedbisimilarity(m 1,m 2 ) > 1 - ε, then discountedvalue(m 1,p) - discountedvalue(m 2,p) < f(ε). Further Advantages of Discounting: -approximability because of geometric convergence (avoids non-termination of verification algorithms) -applies also to probabilistic systems and to games (enables reasoning under uncertainty and control) ITR Kickoff / Chess 32

The FRESCO Project (Formal Real-Time Software Components) Hybrid System Model MASACCIO: correctness by formal verification against requirements Time-Safe Code GIOTTO: correctness by schedulability analysis against resources ITR Kickoff / Chess 33 The History of Computer Science: Lifting the Level of Abstraction High-level languages: Programming to the application Requirements focused code Compilation The assembly age : Programming to the platform Resource focused code -Traditional high-level languages abstract time. -This abstraction is unsuitable for real-time applications, which are still programmed in terms of platform time ( priority tweaking ). -GIOTTO: Real-time programming in terms of application time. ITR Kickoff / Chess 34

MASACCIO GIOTTO Time-Triggered Programming ITR Kickoff / Chess 35 MASACCIO GIOTTO Time-Triggered Programming ITR Kickoff / Chess 36

MASACCIO GIOTTO Time-Triggered Programming 200 Hz 400 Hz 200 Hz 1 khz ITR Kickoff / Chess 37 MASACCIO GIOTTO Time-Triggered Programming 1. Concurrent Periodic Tasks: -sensing -control law computation -actuating 2. Multiple Modes of Operation: -navigational modes (autopilot, manual, etc.) -maneuver modes (taxi, takeoff, cruise, etc.) -degraded modes (sensor, actuator, CPU failures) ITR Kickoff / Chess 38

MASACCIO GIOTTO Time-Triggered Programming Mode 1 Task S 400 Hz Task C 200 Hz Task A 1 khz Condition 1.2 Condition 2.1 Mode 2 Task S 400 Hz Task C 200 Hz Task A 1 khz Task A 1 khz Mode 3 Task S 400 Hz Task C 200 Hz Task A 2 khz Mode 4 Task C 100 Hz Task A 1 khz ITR Kickoff / Chess 39 MASACCIO GIOTTO Separation of Concerns Host code e.g. C Functionality. -No time. -Atomic. -Sequential. Glue code Giotto Timing and interaction. -Real time. -Reactive. -Concurrent. This kind of software is reasonably well understood. The software complexity lies in the glue code. ITR Kickoff / Chess 40

Two Opposing Forces Requirements Verification automatic (model checking) Model Environment Implementation automatic (compilation) Resources ITR Kickoff / Chess 41 Two Opposing Forces Requirements Verification Model Environment Implementation property preserving Resources ITR Kickoff / Chess 42

Two Opposing Forces Requirements Verification Composition Component Component Implementation Resources ITR Kickoff / Chess 43 Two Opposing Forces Requirements (time, fault tolerance, etc.) Verification no change Component Component Implementation no change Deep Compositionality Resources ITR Kickoff / Chess 44

Achieving Verifiability and Compositionality in GIOTTO: The FLET (Fixed Logical Execution Time) Assumption Software Task read sensor input at time t d>0 is the task's "logical execution time" write actuator output at time t+d, for fixed d ITR Kickoff / Chess 45 Embedded Programming in GIOTTO The programmer specifies sample rate d and jitter j to solve the control problem at hand. The compiler ensures that d and j are met on a given platform (hardware resources and performance); otherwise it rejects the program. ITR Kickoff / Chess 46

Implementing the FLET Assumption time t possible physical execution on CPU time t+d buffer output ITR Kickoff / Chess 47 Contrast the FLET with Standard Practice output as soon as ready ITR Kickoff / Chess 48

Advantages of the FLET and GIOTTO -predictable timing and value behavior (no internal race conditions, minimal jitter) -portable, composable code (as long as the platform offers sufficient performance) ITR Kickoff / Chess 49 Research Agenda From Hybrid Models -robust hybrid models (tube topologies, discounting) -model checking for hierarchical and stochastic hybrid models -multi-aspect assume-guarantee decomposition of hybrid models (interface theories for time, resources, fault tolerance) To Embedded Code -distributed schedulability analysis and code generation -on-line code modification and fault tolerance ITR Kickoff / Chess 50

Credits Scalable and Robust Hybrid Systems: Luca de Alfaro, Arkadeb Ghosal, Marius Minea, Vinayak Prabhu, Marcin Jurdzinski, Rupak Majumdar GIOTTO: Ben Horowitz, Christoph Kirsch, Rupak Majumdar, Slobodan Matic, Marco Sanvido ITR Kickoff / Chess 51 Collaborators of the FRESCO Project -Alex Aiken on time-safety analysis of embedded code -Karl Hedrick on Giotto implementation of electronic throttle control -Edward Lee on Giotto modeling and code generation in Ptolemy -Edward Lee on rich interface theories as type theories for component interaction -George Necula on model checking device drivers -George Necula on scheduler-carrying embedded code -Alberto Sangiovanni-Vincentelli on synthesis of protocol converters from interfaces -Alberto Sangiovanni-Vincentelli and Shankar Sastry on platform-based design of a helicopter flight control system using Giotto -Shankar Sastry on hybrid automata ITR Kickoff / Chess 52

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback