Guest Editors' Introduction: Special Section on Science of Design for Safety Critical Systems

THE idea of this special section dawned on us during various discussions on the recent trends in computer system design throughout the 2008-2009 academic year when one of the editors spent a sabbatical year at INRIA hosted by the other editor. Cyber Physical System (CPS) was the most recent buzz word replacing the ‘hybrid systems’, and the ‘Science of Design’ (SoD) was the other buzz word on its way out to the perished land of unfashionable terminologies. In the realm of cyber physical systems there had been a lot of foundational developments under the guise of hybrid systems since the mid-nineties. The science of design, another terminology coined at the US National Science Foundation (NSF) somehow remained within the traditional programming language design community and did not get a wider acceptance. Within cyber physical systems, however, there are special classes of systems which are safety critical such as avionics, automotive, space mission systems, missile control, smart grid, industrial process control or SCADA etc. This is the class of systems that interested us the most. We realized that since many of these are domain specific, the engineers who design them are not necessarily computer scientists, and they could be from any other engineering field such as aerospace, electrical, mechanical, power systems, control and so on. The question that naturally comes up as to how they collaborate with the computer scientists who develop the foundations of system design especially systems that have digital control with analog environments which are very common in most safety-critical systems. So we appropriated the term “Science of Design” and termed the foundational aspect of such design as the science, and the domain specific engineering as the application of science. Next we talked to some of our colleagues who were involved in designs of unmanned vehicle systems. It was hoped that a strong contribution to this special issue could be obtained from such colleagues. One would assume that major requirements on the cyber components of such unmanned vehicles must be low power consumption, small form-factor, reliability, verifiability, etc. A paper describing how these requirements interplay with their system design approach, and how the physical system design influences the requirements of the cyber parts and the control algorithms, would have been a great contribution. It turned out that no integrated approach was followed by these designers. Intel x86 processors were purchased (a power hungry one), and an off-the-shelf real-time Linux was used as an execution environment, while MATLAB based control algorithm models were provided to C programmers to create the software. Disappointed by the lack of an integration of science of design into the engineering, we spoke to a number of researchers at a number of defense labs, and contractors, and heard very similar ‘separation of concern’ stories. The safety-critical systems that we were concerned with had strong coupling and interactions between one or more physical environments and a number of cyber or computing components. Evolution of the physical environments over time and space, described by their trajectories in continuous state spaces, are modeled by parameters whose evolution is best captured with continuous dynamical systems. Some of these parameters are controllable by the cyber components, and some evolve based on the dynamics of the physical worlds. The cyber components usually sample some or all of these parameters based on Nyquist criteria, and actuate robust feedback control over controllable parameters. This is often called digital control because the continuously varying parameters are sampled and discretized, while the control algorithms process the information to create control actuations in the form of discrete signals. The feedback control affects the trajectory in the physical state space. Specifically, robust control algorithms make sure that the planned trajectories are tracked by the physical system as accurately as possible, regardless of various uncertainties and exogenous disturbances. Before digital computers were cost effective, much of the control in many such systems were analog and mechanical in nature. This meant that the control components and the physical world together formed a complex dynamical system. The analysis of such system was within the realm of continuous mathematics. However, CPS systems have a dichotomy (between the continuous and the discrete) which poses challenges to their algorithmic development, proof of stability and robustness, etc. On the other hand, there is a tremendous opportunity due to the exponential effects of Moore’s law, making computing exponentially faster, cheaper, and smaller in size. However, the implementation of the control algorithms in hardware and/or software is often distributed in nature (digital signal processing, control computation for a large number of controllable parameters, and real time requirements may necessitate the use of a large number of processors, e.g. a modern automotive vehicle has more than 80 microcontrollers and processors). To make such hardware/software optimized and correct, one has to take care of concurrency issues, timing issues, power vs. performance trade-offs, and most importantly eliminate any redundant sampling or computation. Unfortunately, since such systems are often safety-critical (avionics, automotive, IEEE TRANSACTIONS ON COMPUTERS, VOL. 60, NO. 8, AUGUST 2011 1057