Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems - Project Overview - Janos Sztipanovits ISIS-Vanderbilt University MURI Year 1 Review Meeting Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems UC Berkeley, Berkeley, CA September 6, 2007

2 Team Vanderbilt Sztipanovits (PI), Karsai, Volgyesi, Porter, Thibodeaux UC Berkeley Tomlin (PI), Lee, Sastry, Gonzales, Hoffmann, Zhou CMU Krogh (PI), Clarke Jain, Lerda Stanford Boyd (PI) Skaf

3 FUNDING ($K)— Show all funding contributing to this project FY06 FY07 FY08 FY09 FY10 FY11 AFOSR Funds Option TRANSITIONS Strong link to industry: Boeing, BAE Systems, Raytheon, GM, MathWorks, National Instruments, TTTech Industry affiliate programs: CHESS, ESCHER, GMLab. STUDENTS, POST-DOCS 9 graduate students (MURI) + student groups from other projects LABORATORY POINT OF CONTACT Lt Col Scott Wells, AFRL/AFOSR Dr. Siva Banda, AFRL/VACA, WPAFB, OH Ray Bortner, AFRL/VACA, WPAFB, OH APPROACH/TECHNICAL CHALLENGES Guaranteed behavior of distributed control software using the following approaches: (1) extension of robust controller design to selected implementation error categories (2) providing “certificate of correctness” for the controller implementation (3) development of semantic foundation for tool chain composition (4) introducing safe computation models that provide behavior guarantees ACCOMPLISHMENTS/RESULTS  See Presentations Long-Term PAYOFF: Decrease the V&V cost of distributed embedded control systems OBJECTIVES Development of a theory of deep composition of hybrid control systems with attributes of computational and communication platforms Development of foundations for model-based software design for high-confidence, networked embedded systems applications. Composable tool architecture that enables tol reusability in domain-specific tool chains Experimental research Frameworks and Tools for High-Confidence Design of Adaptive, Distributed Embedded Control Systems if (inactiveInterval != -1) { int thisInterval = (int)(System.currentTimeMill is() - lastAccessed) / 1000; if (thisInterval > inactiveInterval) { invalidate(); ServerSessionManager ssm = ServerSessionManager.getMana ger(); ssm.removeSession(this); } private long lastAccessedTime = creationTime; /** * Return the last time the client sent a Model Transformation Modeling Languages Models Model Translators Model-based Code Generators Analysis tools Platforms Control Design Implementation Design

4 Model-Based Design Overall Undertaking Scope of the Project: Development of component technologies in all areas Development model-based design methods Incrementally building and refining a tool chain for an experimental domain (UAV control) Demonstration of control software development with the tool chain Experiments Robust Control Design Control Platform Component Platforms Component Platforms Code and SW Component Design System and Hardware Platforms System and Hardware Platforms System-Level Design System-Level Design X Expensive Intractable Fragile

5 Model-Based Design Robust Control Design Component Platforms Component Platforms Control Platform System and Hardware Platforms System and Hardware Platforms Code and Component Design System-Level Design System-Level Design We Improve Robustness of Controllers Against Implementation Errors How should we use implementation abstractions in controller design? (Boyd, Krogh, Clarke) Robust Control Design

6 Model-Based Design Robust Control Design Component Platforms Component Platforms Control Platform System and Hardware Platforms System and Hardware Platforms Code and Component Design System-Level Design System-Level Design We Improve Scalability of Verification Algorithms How should we use implementation abstractions in controller design? (Boyd, Krogh) How can we exploit heterogeneous abstractions in verification and test generation? (Tomlin, Sastry, Clarke, Krogh) Verification and Test Generation Verification and Test Generation

7 Model-Based Design Robust Control Design Components Platform Components Platform Control Platform System and Hardware Platforms System and Hardware Platforms Code and Component Design System-Level Design System-Level Design We Develop High-Confidence Code Generators How should we use implementation abstractions in controller design? (Boyd, Krogh) How can we exploit heterogeneous abstractions in verification and test generation? (Tomlin, Sastry, Clarke, Krogh) How to design high-confidence code generators? (Lee, Karsai) Code Generation Code Generation

8 Model-Based Design Robust Control Design Components Platform Components Platform Control Platform System and Hardware Platform System and Hardware Platform Code and Component Design System-Level Design System-Level Design We Build Infrastructure for Reconfigurable Tool Chains How should we use implementation abstractions in controller design? (Boyd, Krogh) How can we exploit heterogeneous abstractions in verification and test generation? (Tomlin, Sastry, Clarke, Krogh) How to design high-confidence code generators? (Lee, Karsai) How can we design and customize model-based design flows? (Volgyesi, Karsai, Krogh, Lee, Sztipanovits) PRISM Meta-Model ECSL-DP Meta-Model AIRES Meta-Model CFG Meta-Model PRISM  ESML ESML-  CFG ESML  AIF Model-Based Design

9 Robust Control Design Components Platform Components Platform Control Platform System and Hardware Platform System and Hardware Platform Code and Component Design System-Level Design System-Level Design We Evaluate Progress Experimentally How should we use implementation abstractions in controller design? (Boyd, Krogh) How can we exploit heterogeneous abstractions in verification and test generation? (Tomlin, Sastry, Clarke, Krogh) How to design high-confidence code generators? (Lee, Karsai) How can we design and customize model-based design flows? (Volgyesi, Karsai, Krogh, Lee, Sastry, Sztipanovits) How can we evaluate V&V methods experimentally? (Tomlin, Sastry)

10 Accomplishment Highlights Proved feasibility of methods and framework for decoupling (possibly imperfect) controller implementation from controller design/specification (Boyd). Developed model-based timing analysis for networked embedded systems, test generation for timed automata and model-based verification of numerical code (Krogh). Applied reachable set technologies to the analysis and design of collision avoidance schemes for multiple autonomous quadrotor aircraft, and to the very close formation flying of multiple fixed wing UAVs (Tomlin, Sastry). Analyzed the limits of approximation techniques for continuous image computation in model checking hybrid systems. Developed verification algorithms for MATLAB/Simulink models by combining SW model checking with numerical simulation tools. (Clarke) Developed model-based code generation algorithm using partial evaluation (Lee). Developed model-based code generation algorithm using model transformation (Karsai). Developed end-to-end model-based design tool chain prototype for TTP and RTAI Linux platform (Volgyesi, Karsai, Sztipanovits). Developed quadrotor UAV experimental platform (Tomlin, Sastry).

11 Transitioning Ptolemy II 6.0 was released on February 13, Ptolemy II includes the code generation facility. The Ptolemy source tree is available via CVS. We are actively working with Bosch and National Instruments. In addition we have: Assisted in the transfer of avionics code from B Berkeley HCDDES team provided consultation and research materials about the IEEE-1588 platform as a possible testbed. Prototyped a vhdl target for the code generation effort. Researched Hybrid Interchange formats and discussed these with researchers in Alberto Sangiovanni- Vincentelli's group and at Cadence Berkeley Labs. Discussed the design of Vanderbilt's code generation Vanderbilt’s MIC tool suite (GME, GReAT, UDM, OTIF) has two major releases during the last year. The releases are available through the ESCHER and ISIS download sites. Vanderbilt continued working with GM, Raytheon and BAE Systems research groups on transitioning model-based design technologies into programs. Vanderbilt continued working with Boeing’s FCS program on applying the MIC tools for precise architecture modeling and systems integration. Collaboration with TTTech, University of Vienna.

12 Year 2 Plans Robust controller design for timing skew and jitter. (Boyd) Extension of model-based test generation to dynamic environments, model-based verification of Simulink/Stateflow code and extension of timing analysis tools (Krogh) Integration of model-based code generation with code verification and test generation (Karsai) Continue research on verification of hybrid systems using Model Checking. Will focus on practical verification of Simulink/Stateflow code using software Model Checking techniques (Clarke) Extension of code generation capabilities to interrupt driven concurrency and develop platform for timed sample-data and timed-distributed environment (Lee) Develop second release of integrated tool chain for high – confidence design (Volgyesi, Karsai, Sztipanovits) Multi-UAV control experiments (Tomlin, Sastry))