A Platform-Based Design Methodology With Contracts and Related Tools for the Design of Cyber-Physical Systems

We introduce a platform-based design methodology that uses contracts to specify and abstract the components of a cyber-physical system (CPS), and provide formal support to the entire CPS design flow. The design is carried out as a sequence of refinement steps from a high-level specification to an implementation built out of a library of components at the lower level. We review formalisms and tools that can be used to specify, analyze, or synthesize the design at different levels of abstraction. For each level, we highlight how the contract operations can be concretely computed as well as the research challenges that should be faced to fully implement them. We illustrate our approach on the design of embedded controllers for aircraft electric power distribution systems.

[1]  Rajeev Alur,et al.  Counterexample-guided predicate abstraction of hybrid systems , 2006, Theor. Comput. Sci..

[2]  Alberto Sangiovanni-Vincentelli,et al.  Controller synthesis for hybrid systems with a lower bound on event separation , 2003 .

[3]  Enrico Tronci,et al.  Model-based synthesis of control software from system-level formal specifications , 2011, TSEM.

[4]  Christos G. Cassandras,et al.  Introduction to Discrete Event Systems , 1999, The Kluwer International Series on Discrete Event Dynamic Systems.

[5]  Goran Frehse,et al.  PHAVer: algorithmic verification of hybrid systems past HyTech , 2005, International Journal on Software Tools for Technology Transfer.

[6]  Joseph Sifakis,et al.  On the Synthesis of Discrete Controllers for Timed Systems (An Extended Abstract) , 1995, STACS.

[7]  Roderick Bloem,et al.  Anzu: A Tool for Property Synthesis , 2007, CAV.

[8]  Rupak Majumdar,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2010, Lecture Notes in Computer Science.

[9]  Hardi Hungar,et al.  Using contract-based component specifications for virtual integration testing and architecture design , 2011, 2011 Design, Automation & Test in Europe.

[10]  Vijay Kumar,et al.  Modular Specification of Hybrid Systems in CHARON , 2000, HSCC.

[11]  Roberto Passerone,et al.  Platform-Based Design and Frameworks: METROPOLIS andMETRO II , 2018, Model-Based Design for Embedded Systems.

[12]  Alberto L. Sangiovanni-Vincentelli,et al.  Library-based scalable refinement checking for contract-based design , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[13]  Alberto L. Sangiovanni-Vincentelli,et al.  Contract-based design of control protocols for safety-critical cyber-physical systems , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[14]  Alberto L. Sangiovanni-Vincentelli,et al.  Optimal load management system for Aircraft Electric Power distribution , 2013, 52nd IEEE Conference on Decision and Control.

[15]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[16]  Hadas Kress-Gazit,et al.  Temporal-Logic-Based Reactive Mission and Motion Planning , 2009, IEEE Transactions on Robotics.

[17]  Wang Yi,et al.  Developing UPPAAL over 15 years , 2011, Softw. Pract. Exp..

[18]  Communism,et al.  University of Pennsylvania , 1847, Medical History.

[19]  W. Damm,et al.  Boosting Re-use of Embedded Automotive Applications Through Rich Components , 2005 .

[20]  Xin Chen,et al.  Flow*: An Analyzer for Non-linear Hybrid Systems , 2013, CAV.

[21]  Krishnendu Chatterjee,et al.  Synthesizing robust systems , 2009, 2009 Formal Methods in Computer-Aided Design.

[22]  Alberto L. Sangiovanni-Vincentelli,et al.  Robustness in analog systems: Design techniques, methodologies and tools , 2011, 2011 6th IEEE International Symposium on Industrial and Embedded Systems.

[23]  Stefan Ratschan,et al.  Safety verification of hybrid systems by constraint propagation-based abstraction refinement , 2007, TECS.

[24]  Alexandre Donzé,et al.  Breach, A Toolbox for Verification and Parameter Synthesis of Hybrid Systems , 2010, CAV.

[25]  Vijay Kumar,et al.  Automated composition of motion primitives for multi-robot systems from safe LTL specifications , 2014, 2014 IEEE/RSJ International Conference on Intelligent Robots and Systems.

[26]  Calin Belta,et al.  A Fully Automated Framework for Control of Linear Systems from Temporal Logic Specifications , 2008, IEEE Transactions on Automatic Control.

[27]  Edward A. Lee,et al.  Cyber-physical system design contracts , 2013, 2013 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[28]  Alberto L. Sangiovanni-Vincentelli,et al.  Quo Vadis, SLD? Reasoning About the Trends and Challenges of System Level Design , 2007, Proceedings of the IEEE.

[29]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[30]  Alberto L. Sangiovanni-Vincentelli,et al.  Are interface theories equivalent to contract theories? , 2014, 2014 Twelfth ACM/IEEE Conference on Formal Methods and Models for Codesign (MEMOCODE).

[31]  Viktor Schuppan,et al.  RATSY - A New Requirements Analysis Tool with Synthesis , 2010, CAV.

[32]  Dejan Nickovic,et al.  Monitoring Temporal Properties of Continuous Signals , 2004, FORMATS/FTRTFT.

[33]  Manuel Mazo,et al.  PESSOA: A Tool for Embedded Controller Synthesis , 2010, CAV.

[34]  Igor Potapov,et al.  Reachability Problems , 2012, Lecture Notes in Computer Science.

[35]  Ashish Tiwari,et al.  Abstractions for hybrid systems , 2008, Formal Methods Syst. Des..

[36]  Carla Piazza,et al.  Discrete Semantics for Hybrid Automata , 2009, Discret. Event Dyn. Syst..

[37]  Andreas Junghanns,et al.  Functional Mockup Interface 2.0: The Standard for Tool independent Exchange of Simulation Models , 2012 .

[38]  Thomas A. Henzinger,et al.  HYTECH: a model checker for hybrid systems , 1997, International Journal on Software Tools for Technology Transfer.

[39]  A. T. Hofkamp,et al.  CIF 3: Model-Based Engineering of Supervisory Controllers , 2014, TACAS.

[40]  Paulo Tabuada,et al.  Approximately Bisimilar Symbolic Models for Incrementally Stable Switched Systems , 2008, IEEE Transactions on Automatic Control.

[41]  Ian Moir,et al.  Aircraft Systems: Mechanical, Electrical, and Avionics Subsystems Integration , 2008 .

[42]  J. Lygeros,et al.  A game theoretic approach to controller design for hybrid systems , 2000, Proceedings of the IEEE.

[43]  J. E. Rooda,et al.  Syntax and semantics of the compositional interchange format for hybrid systems , 2013, J. Log. Algebraic Methods Program..

[44]  Amir Pnueli,et al.  Jtlv: A Framework for Developing Verification Algorithms , 2010, CAV.

[45]  P. S. Thiagarajan,et al.  The Discrete Time Behavior of Lazy Linear Hybrid Automata , 2005, HSCC.

[46]  Marco Roveri,et al.  Requirements Validation for Hybrid Systems , 2009, CAV.

[47]  H. Wong-Toi,et al.  The synthesis of controllers for linear hybrid automata , 1997, Proceedings of the 36th IEEE Conference on Decision and Control.

[48]  Alberto L. Sangiovanni-Vincentelli,et al.  Let's Get Physical: Computer Science Meets Systems , 2014, FPS@ETAPS.

[49]  Alberto L. Sangiovanni-Vincentelli,et al.  Interchange Format for Hybrid Systems: Abstract Semantics , 2006, HSCC.

[50]  Jana Kosecka,et al.  Control of Discrete Event Systems , 1992 .

[51]  Joël Ouaknine,et al.  Abstraction and Counterexample-Guided Refinement in Model Checking of Hybrid Systems , 2003, Int. J. Found. Comput. Sci..

[52]  Marta Z. Kwiatkowska,et al.  Stochastic Model Checking , 2007, SFM.

[53]  Nancy A. Lynch,et al.  Hybrid Systems: Computation and Control , 2002, Lecture Notes in Computer Science.

[54]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[55]  Alberto L. Sangiovanni-Vincentelli,et al.  A hierarchical coordination language for interacting real-time tasks , 2006, EMSOFT '06.

[56]  Dana N. Xu,et al.  Probabilistic Contracts for Component-Based Design , 2010, ATVA.

[57]  Pravin Varaiya,et al.  What's decidable about hybrid automata? , 1995, STOC '95.

[58]  Departement d'Informatique,et al.  From Timed Models to Timed Implementations , 2007 .

[59]  Thomas A. Henzinger,et al.  Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems , 1992, Hybrid Systems.

[60]  Davide Bresolin,et al.  Open Problems in Verification and Refinement of Autonomous Robotic Systems , 2012, 2012 15th Euromicro Conference on Digital System Design.

[61]  Alberto Sangiovanni-Vincentelli,et al.  Embedded Systems Development, From Functional Models to Implementations , 2014 .

[62]  Sriram Sankaranarayanan,et al.  S-TaLiRo: A Tool for Temporal Logic Falsification for Hybrid Systems , 2011, TACAS.

[63]  Alberto L. Sangiovanni-Vincentelli,et al.  CalCS: SMT solving for non-linear convex constraints , 2010, Formal Methods in Computer Aided Design.

[64]  Christiaan J. J. Paredis,et al.  Enabling Multi-View Modeling with SysML Profiles and Model Transformations , 2009 .

[65]  Panagiotis Manolios,et al.  Synthesizing Cyber-Physical Architectural Models with Real-Time Constraints , 2011, CAV.

[66]  Luciano Lavagno,et al.  Metropolis: An Integrated Electronic System Design Environment , 2003, Computer.

[67]  Gary T. Leavens,et al.  Invited Tutorials - A JML Tutorial: Modular Specification and Verification of Functional Behavior for Java , 2007, CAV 2007.

[68]  Thomas A. Henzinger,et al.  Reactive Modules , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[69]  Janos Sztipanovits,et al.  Composition of Cyber-Physical Systems , 2007, 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS'07).

[70]  Lev Greenberg,et al.  Meta 2: Lingua Franca Design and Integration Language , 2011 .

[71]  Tiziano Villa,et al.  Synthesis of Implementable Control Strategies for Lazy Linear Hybrid Automata , 2013, 2013 Federated Conference on Computer Science and Information Systems.

[72]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[73]  Thomas A. Henzinger,et al.  Giotto: a time-triggered language for embedded programming , 2001, Proc. IEEE.

[74]  Amir Pnueli,et al.  Synthesis of Reactive(1) designs , 2006, J. Comput. Syst. Sci..

[75]  Massimo Benerecetti,et al.  Automatic synthesis of switching controllers for linear hybrid systems: Safety control , 2013, Theor. Comput. Sci..

[76]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[77]  Alberto L. Sangiovanni-Vincentelli,et al.  Taming Dr. Frankenstein: Contract-Based Design for Cyber-Physical Systems , 2012, Eur. J. Control.

[78]  Alberto L. Sangiovanni-Vincentelli,et al.  Contract-Based Design for Computation and Verification of a Closed-Loop Hybrid System , 2008, HSCC.

[79]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[80]  Alberto Sangiovanni-Vincentelli,et al.  Methodology and Tools for Next Generation Cyber‐Physical Systems: The iCyPhy Approach , 2015 .

[81]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[82]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[83]  Jean-François Raskin,et al.  Almost ASAP semantics: from timed models to timed implementations , 2005, Formal Aspects of Computing.

[84]  Alberto L. Sangiovanni-Vincentelli,et al.  Optimized selection of reliable and cost-effective cyber-physical system architectures , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[85]  Hongyang Qu,et al.  Assume-Guarantee Verification for Probabilistic Systems , 2010, TACAS.

[86]  Alessandro Cimatti,et al.  SMT-based scenario verification for hybrid systems , 2013, Formal Methods Syst. Des..

[87]  Ufuk Topcu,et al.  TuLiP: a software toolbox for receding horizon temporal logic planning , 2011, HSCC '11.

[88]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.

[89]  Ron Koymans,et al.  Specifying real-time properties with metric temporal logic , 1990, Real-Time Systems.

[90]  Orna Kupferman,et al.  Vacuity Detection in Temporal Model Checking , 1999, CHARME.

[91]  Davide Bresolin,et al.  Assume–guarantee verification of nonlinear hybrid systems with Ariadne , 2014 .

[92]  Toni Mancini,et al.  System Level Formal Verification via Model Checking Driven Simulation , 2013, CAV.

[93]  Roberto Passerone,et al.  Contract-Based Reasoning for Component Systems with Rich Interactions , 2014, Embedded Systems Development, From Functional Models to Implementations.

[94]  Sergio Yovine,et al.  KRONOS: a verification tool for real-time systems , 1997, International Journal on Software Tools for Technology Transfer.

[95]  Xuening Sun,et al.  Methodology for the Design of Analog Integrated Interfaces Using Contracts , 2012, IEEE Sensors Journal.

[96]  Davide Bresolin,et al.  Ariadne: Dominance Checking of Nonlinear Hybrid Automata Using Reachability Analysis , 2012, RP.

[97]  Kim G. Larsen,et al.  Compositional Design Methodology with Constraint Markov Chains , 2010, 2010 Seventh International Conference on the Quantitative Evaluation of Systems.

[98]  Edward A. Lee,et al.  Metronomy: A function-architecture co-simulation framework for timing verification of cyber-physical systems , 2014, 2014 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[99]  Roberto Passerone,et al.  Multiple Viewpoint Contract-Based Specification and Design , 2008, FMCO.

[100]  Alberto Sangiovanni-Vincentelli,et al.  Smart Buildings in the Smart Grid: Contract-Based Design of an Integrated Energy Management System , 2015 .

[101]  David Broman,et al.  Determinate composition of FMUs for co-simulation , 2013, 2013 Proceedings of the International Conference on Embedded Software (EMSOFT).

[102]  Erika Ábrahám,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2014, Lecture Notes in Computer Science.

[103]  Alberto L. Sangiovanni-Vincentelli,et al.  Model predictive control with signal temporal logic specifications , 2014, 53rd IEEE Conference on Decision and Control.

[104]  J. Willems The Behavioral Approach to Open and Interconnected Systems , 2007, IEEE Control Systems.

[105]  Olivier Bournez,et al.  Approximate Reachability Analysis of Piecewise-Linear Dynamical Systems , 2000, HSCC.

[106]  Alberto Casagrande,et al.  pyHybrid Analysis: A Package for Semantics Analysis of Hybrid Systems , 2013, 2013 Euromicro Conference on Digital System Design.

[107]  Axel Legay,et al.  From Programs to Systems. The Systems perspective in Computing , 2014, Lecture Notes in Computer Science.

[108]  Kim G. Larsen,et al.  UPPAAL-Tiga: Time for Playing Games! , 2007, CAV.

[109]  Davide Bresolin,et al.  Correct-by-construction code generation from hybrid automata specification , 2011, 2011 7th International Wireless Communications and Mobile Computing Conference.

[110]  Alberto L. Sangiovanni-Vincentelli,et al.  A Contract-Based Methodology for Aircraft Electric Power System Design , 2014, IEEE Access.

[111]  Nancy A. Lynch,et al.  Hybrid I/O automata , 1995, Inf. Comput..

[112]  Stefan Ratschan,et al.  Guaranteed Termination in the Verification of Ltl Properties of Non-linear Robust Discrete Time Hybrid Systems , 2005, Int. J. Found. Comput. Sci..

[113]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.