Xiaohong Chen,Jing Liu,Frederic Mallet,Zhi Jin

DOI: https://doi.org/10.1109/apsec.2011.30

2011-01-01

Abstract:As the embedded systems are becoming more and more complex, requirements engineering approaches are needed for modeling requirements, especially the timing requirements. Among various requirements engineering approaches, the Problem Frames(PF) approach is particularly useful in requirements modeling for the embedded systems due to the characteristic that the PF pays special attention to the environment entities that will interact with the to-be software. However, no concern is given on timing requirements of the PF at present. This paper studies how to add timing constraints on problem domains in the PF. Our approach is to integrate the problem representation frame in the PF with the timing representation mechanism of MARTE(Modeling and Analysis of Real Time and Embedded systems). A unified problem frame modeling process integrated with timing constraints is provided, and problem frame requirements with timing constraints expressed by MARTE/CCSL(Clock Constraint Specification Language) and clock construction operators are obtained.

Haicheng Tu,Yongxiang Xia,Xi Zhang,Hui-liang Shen

DOI: https://doi.org/10.1063/5.0043601

2021-01-01

Chaos An Interdisciplinary Journal of Nonlinear Science

Abstract:With the rapid development of information technology, traditional infrastructure networks have evolved into cyber physical systems (CPSs). However, this evolution has brought along with it cyber failures, in addition to physical failures, which can affect the safe and stable operation of the whole system. In light of this, in this paper, we propose an interdependence-constrained optimization model to improve the robustness of the cyber physical system. The proposed model includes not only the realistic physical law but also the interdependence between the physical network and the cyber network. However, this model is highly nonlinear and cannot be solved directly. Therefore, we transform the model into a bi-level mixed integer linear programming problem, which can be easily and effectively solved in polynomial time. We conduct the simulation based on standard Institute of Electrical and Electronics Engineers test cases and study the impact of the disaster level and coupling strength on the robustness of the whole system. The simulation results show that our proposed model can effectively improve the robustness of the cyber physical system. Moreover, we compare the performance of the power supply in different CPSs, which have different network structures of the cyber network. Our work can provide useful instructions for system operators to improve the robustness of CPSs after extreme events happen in them.

Lei Bu,Qixin Wang,Xin Chen,Linzhang Wang,Tian Zhang,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1145/2000367.2000368

2011-01-01

Abstract:Many Cyber-Physical Systems (CPS) are highly nondeterministic. This often makes it impractical to model and predict the complete system behavior. To address this problem, we propose that instead of offline modeling and verification, many CPS systems should be modeled and verified online, and we shall focus on the system's time-bounded behavior in short-run future , which is more describable and predictable. Meanwhile, as the system model is generated/updated online, the verification has to be fast. It is meaningless to tell an online model is unsafe when it is already out-dated. To demonstrate the feasibility of our proposal, we study two cases of our ongoing projects, one on the modeling and verification of a train control system, and the other on a Medical Device Plug-and-Play (MDPnP) application. Both cases are about safety-critical CPS systems. Through these two cases, we exemplify how to build online models that describe the time-bounded short-run behavior of CPS systems; and we show that fast online modeling and verification is possible.

Eun-Young Kang,Li Huang

DOI: https://doi.org/10.48550/arXiv.1806.07702

2018-06-20

Software Engineering

Abstract:Modeling and analysis of timing constraints is crucial in automotive systems. EAST-ADL is a domain specific architectural language dedicated to safety-critical automotive embedded system design. In most cases, a bounded number of violations of timing constraints in systems would not lead to system failures when the results of the violations are negligible, called Weakly-Hard (WH). We have previously specified EAST-ADL timing constraints in Clock Constraint Specification Language (CCSL) and transformed timed behaviors in CCSL into formal models amenable to model checking. Previous work is extended in this paper by including support for probabilistic analysis of timing constraints in the context of WH: Probabilistic extension of CCSL, called PrCCSL, is defined and the EAST-ADL timing constraints with stochastic properties are specified in PrCCSL. The semantics of the extended constraints in PrCCSL is translated into Proof Objective Models that can be verified using SIMULINK DESIGN VERIFIER. Furthermore, a set of mapping rules is proposed to facilitate guarantee of translation. Our approach is demonstrated on an autonomous traffic sign recognition vehicle case study.

Xiong Xu,Shuling Wang,Bohua Zhan,Xiangyu Jin,Naijun Zhan,Jean-Pierre Talpin

DOI: https://doi.org/10.1145/3631483.3631487

2023-10-30

ACM SIGAda Ada Letters

Abstract:The design of safety-critical cyber-physical systems (CPSs) involve several dimensions, including physics, hardware rchitecture and software functionality. It is desirable to design CPSs by taking these issues into account uniformly and yet, few existing design workflows support this aim. For instance, AADL is an architecturecentric modelling formalism for CPSs, which focuses on modelling architecture and prototyping real-time hardware platforms, but it delegates physical and software behavioral models to so-called annexes. By contrast, Simulink/Stateflow (S/S) focuses on modelling interacting physical and software behaviors, but does not render the non-functional characteristics of their hardware platforms. To address this issue, in [1], we proposed the combination of AADL and S/S, called AADL S/S, to comodel CPSs and presented a method to uniformly analyse and verify them. AADL S/S provides a unified graphical co-modelling environment for CPS design and supports simulation through C code generation. Also, [1] presented a formal semantics of AADL S/S by translation to Hybrid Communicating Sequential Processes (HCSP), yielding a deductive verification framework of the combined models using Hybrid Hoare Logic (HHL). Additionally, [1] proved the correctness of the translation of AADL S/S to HCSP.

Xiaoying Bai,Ming Wang,Hao Lu,Weitek Tsai

2012-01-01

Abstract:A systematic approach for modeling and verifying timing constraints was developed to ensure timing constraints in the real-time systems. The approach defines the basic time concepts and gives a timing constraint model based on the simple temporal problem-improved (STP-I) method. A verification algorithm is given for consistence checking of the constraint graph model using a constraint resolver. A transformation mechanism is also given to transform complex timing constraints to basic expressions. A case study of a real-time data process unit (DPU) system illustrates the approach. This approach gives a more systematic analysis of typical fault models for real-time systems than existing designs, hence it can model the constraints more accurately using the concepts of time points and time intervals that facilitate effective time defect detection.

Lei Bu,Tian Zhang,Xin Chen,Linzhang Wang,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1145/3229783.3229793

2018-01-01

Abstract:By combining communication, computation, and control (3C), Cyber-Physical Systems (CPS)0tightly couple the physical world with the cyber-world, to enable more applications, enhance performance, increase dependability and etc. Among these goals, as CPS are widely used in the safety-critical area, guaranteeing the basic dependability/safety is after all the prerequisite and often the top concern. However, the behavior of CPS is extremely complex. First of all, due to the existence of both discrete control modes transition and continuous real-time behavior in CPS, the behavior of CPS is a complex hybrid state space, which is difficult to understand and handle. Secondly, most CPS applications are working in the open environment and acquiring real-time data from the environment intensively to adjust their own behavior. The dynamic environment makes the behavior space more complex to reason. When a system is too complex to analyze directly, building an abstract model of the system and then conducting analysis on the model to answer questions about the original system is an important and widely-used method. Meanwhile, a reasonable model also plays important roles in the phase of specification, design, development, testing, monitoring and so on. Therefore, it is an important topic of investigating how model-based methods can be applied in the context of CPS to increase the quality and dependability of the system. During the past decade, our research group at Nanjing University has devoted a lot of efforts into this mission. We conducted comprehensive research in a wide spectrum of CPS including model-driven design, verification, control, monitoring, and testing. In this paper, we will make a general review of the progress we made on these directions recently.

Anastasia Mavridou,Hamza Bourbouh,Dimitra Giannakopoulou,Thomas Pressburger,Mohammad Hejase,Pierre-Loic Garoche,Johann Schumann

DOI: https://doi.org/10.1109/re48521.2020.00040

2020-08-01

Abstract:Capturing and analyzing requirements of Cyber-Physical Systems (CPS) can be challenging, since CPS models typically involve time-varying and real-valued variables, physical system dynamics, or even adaptive behavior. MATLAB/Simulink is a development and simulation framework that is widely used in industry to capture such systems. In this paper, we report on the application of NASA Ames tools to perform end-to-end analysis of the Ten Lockheed Martin Challenge Problems (LMCPS). LMCPS is a set of industrial Simulink model benchmarks and natural language requirements developed by domain experts. Our framework, which integrates the tools FRET and COCOSIM, is used to: 1) elicit, explain, and formalize the semantics of the given natural language requirements; 2) generate verification code and monitors that can be automatically attached to the Simulink models; 3) perform verification by using SMT-based model checkers. FRET and COCOS1M are open source, and can be used by other researchers and practitioners to replicate our case study. We provide a categorization of recurring patterns in the formalization of the requirements and discuss the strengths and weaknesses of our automated verification approach.

Chun Liu,Wei Zhang,Haiyan Zhao,Zhi Jin

DOI: https://doi.org/10.1109/apsec.2013.29

2013-01-01

Abstract:Integrating the computing process and the physical process, cyber-physical systems (CPS) pose many challenges to the system analysis and modeling. While most of the existing work focuses on developing the precise and formal model of CPS, little attentions have been given to the early requirements analysis and modeling which focuses on what the users' requirements are and what the software and physical domains of CPS will do to meet the users' requirements. In this paper, we provide an approach for early requirements analysis and modeling of CPS. This approach proposes to build the structure model to capture the system architecture, and the goal model to capture the refinement relationships between the users' requirements and the assumptions and requirements on the domains in CPS. These models help to build a clear understanding about CPS between the users and the designers and pave the way to define the precise and formal model. What these models are and how to build them are illustrated through a cruise control system.

Xiaohong Chen,Zhiwei Zhong,Zhi Jin,Min Zhang,Tong Li,Xiang Chen,Tingliang Zhou

DOI: https://doi.org/10.1109/re.2019.00040

2019-01-01

Abstract:Consistency verification of safety requirements is an important but still challenging task for safety-critical systems such as rail transit systems. That is mainly because requirements are typically written in natural language and with strong time constraints. Driven by the practical need from industry, in this paper we propose a systematic approach to specify safety requirements in a quasi-natural language and automatically verify their consistency using formal methods. Specifically, we define a domain specific language SafeNL to specify safety requirements, and then automatically transform them into formal constraints defined in the Clock Constraint Specification Language (CCSL). The transformed constraints can be automatically and efficiently verified by model checking. We conduct two practical case studies to analyze the safety requirements of an interlocking system in CASCO Signal Ltd. Results of the studies show the validity and utility of our approach can pragmatically contribute to industrial practice. We also report some lessons learned from case studies.

Chun LIU,Ran-Ran HUANG,Wei ZHANG,Hai-Yan ZHAO,Zhi JIN

DOI: https://doi.org/10.11897/SP.J.1016.2016.02344

2016-01-01

Abstract:The integration of computing process with physical process makes the software requirements analysis for Cyber-Physical Systems (CPS)a challenging task.First,software requirements need to be derived from the desired changes of physical entities and the properties of such physical entities.Second,analysts can’t treat the software as a whole and describe its external behaviors. Instead,they need to analyze the software entities and physical entities composing CPS and capture the properties of each physical entity and desired behaviors of each software entity.Finally,a unified way is required to describe the properties of physical entities and the behaviors of software entities to help validate the satisfaction of user’requirements.Based on problem frame and goal oriented approaches,this paper proposes an approach to address this task.It describes the properties of physical entities and the behaviors on software entities in CPS as the causal relations between <br> phenomena.Starting from the physical phenomena desired by users,it then follows the goal based analysis process,transforms the software requirements analysis into building the phenomena causal chains required to meet users’requirements,and finally validates the satisfactions of users’requirements by checking whether the desired phenomena in the causal chains can be reached through describing the causal chains with Alloy.An adaptive cruise control system has been taken as an example to show the feasibility.

Bo Chen,Xi Li,Xuehai Zhou

DOI: https://doi.org/10.1016/j.sysarc.2018.06.002

IF: 5.836

2018-01-01

Journal of Systems Architecture

Abstract:Modelling and Analysis of Real-time and Embedded systems (MARTE) as a domain-specific language is widely used for designing, analysing, and the building of cyber physical systems (CPS). It also provides CCSL as a purely declarative language for expressing logical and chronometric constraints on clocks. Although MARTE/CCSL is powerful expressively, it lacks formal semantics-based language support for describing and analysing. Semantic support, such as timed Input/Output automata not only provides modelling and analysis of timing behaviors, it also provides modelling of the Input/Output behaviors in a direct sense compared to timed automata. The Input/Output behavior can verify the casual relationship between components, one of the most important behaviors is the fairness between components. Thus, to improve the capacity of modeling and verification of the MARTE/CCSL behavior model, we present a method to use MARTE/CCSL as a high level specification language for modelling, then mapping MARTE/CCSL behavior model to timed Input/Output automata, then using an integrated tool (UPPAAL-TIGA) to verify the safety, liveness, and fairness thereof. Finally, we demonstrate the proposed transformation method using a Telerobot control system of real-time systems.

Rafael Rosales,Michael Paulitsch

DOI: https://doi.org/10.1145/3386244

2021-01-28

Abstract:Time plays a major role in the specification of Cyber-physical Systems (CPS) behavior with concurrency, timeliness, asynchrony, and resource limits as their main characteristics. In addition to timeliness , the specification of CPS needs to assess and unambiguously define its behavior with respect to the other Quality-of-Information (QoI) properties: (1) Correctness, (2) Completeness, (3) Consistency, and (4) Accuracy. Very often, CPS need to handle these QoI properties, and any combination thereof, multiple times when performing computation and communication processes. However, a model-driven and systematic approach to specify CPS behavior that jointly considers combined QoI aspects is possible but missing in existing methodologies. As the first contribution of this work, we provide an extension to an established model of computation (MoC) based on “Functions driven by Finite State Machine” (FunState) to enable a model-driven composition mechanism to create CPS behavior specifications from reusable components. Second, we present a novel set of design patterns to illustrate the modeling of QoI-aware CPS specifications that can be applied in several state-of-the-art Electronic System Level (ESL) methodologies. The time semantics of the MoC are formalized using the tagged-signal-model, and the presented model-driven approach enables the composition of multiple design patterns. The main benefits of the presented model-driven approach and design patterns to create CPS specifications are as follows: (a) reduce modeling effort, errors, and time through the reuse of known recipes to re-incurring tasks and allow to automatically generate repetitive control flows based on extended Finite State Machines; (b) increase system robustness and facilitate the creation of holistic QoI management allowing to unambiguously define system behavior for scenarios with single/multiple QoI requirement violations in different models of computation; (c) dynamically validate timing behavior of system implementations to enable a multi-objective optimization of nonfunctional properties that influence CPS timing. We demonstrate the aforementioned benefits through the modeling and evaluation of an infrastructure-assisted automated driving case study using Infrastructure-to-Vehicle (I2V) communications to distribute QoI critical road environment information.

Jiawan Wang,Wenxia Liu,Muzimiao Zhang,Jiaqi Wei,Yuhui Shi,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1007/978-3-031-65633-0_15

2024-01-01

Abstract:Cyber-physical systems (CPSs) are used in many safety-critical areas, making it crucial to ensure their safety. However, with CPSs increasingly dynamically deployed and reconfigured during run-time, their safety analysis becomes challenging. For one thing, reconfigurable CPSs usually consist of multiple agents dynamically connected during runtime. Their highly dynamic system topologies are too intricate for traditional modeling languages, which, in turn, hinders formal analysis. For another, due to the growing size and uncertainty of reconfigurable CPSs, their system models can be huge and even unavailable at design time. This calls for runtime analysis approaches with better scalability and efficiency. To address these challenges, we propose a scenario-based hierarchical modeling language for reconfigurable CPS. It provides template models for agent inherent features, together with an instantiation mechanism to activate single agent's runtime behavior, communication configurations for multiple agents' connected behaviors, and scenario task configurations for their dynamic topologies. We also present a path-oriented falsification approach to falsify system requirements. It employs classification-model-based optimization to explore search space effectively and cut unnecessary system simulations and robustness calculations for efficiency. Our modeling and falsification are implemented in a tool called SNIFF. Experiments have shown that it can largely reduce modeling time and improve modeling accuracy, and perform scalable CPS falsification with high success rates in seconds.

Massimo Nazaria

DOI: https://doi.org/10.48550/arXiv.1905.04780

2019-05-14

Abstract:Cyber-Physical Systems (CPSs) have become an intrinsic part of the 21st century world. Systems like Smart Grids, Transportation, and Healthcare help us run our lives and businesses smoothly, successfully and safely. Since malfunctions in these CPSs can have serious, expensive, sometimes fatal consequences, System-Level Formal Verification (SLFV) tools are vital to minimise the likelihood of errors occurring during the development process and beyond. Their applicability is supported by the increasingly widespread use of Model Based Design (MBD) tools. MBD enables the simulation of CPS models in order to check for their correct behaviour from the very initial design phase. The disadvantage is that SLFV for complex CPSs is an extremely time-consuming process, which typically requires several months of simulation. Current SLFV tools are aimed at accelerating the verification process with multiple simulators that work simultaneously. To this end, they compute all the scenarios in advance in such a way as to split and simulate them in parallel. Furthermore, they compute optimised simulation campaigns in order to simulate common prefixes of these scenarios only once, thus avoiding redundant simulation. Nevertheless, there are still limitations that prevent a more widespread adoption of SLFV tools. Firstly, current tools cannot optimise simulation campaigns from existing datasets with collected scenarios. Secondly, there are currently no methods to predict the time required to complete the SLFV process. This lack of ability to predict the length of the process makes scheduling verification activities highly problematic. In this thesis, we present how we are able to overcome these limitations with the use of a data-intensive simulation campaign optimiser and an accurate machine-independent execution time estimator.

Software Engineering

Yan Zhang,Xiangwei Liu,Jin Shi,Tian Zhang,Zhuzhong Qian

DOI: https://doi.org/10.1109/IMIS.2014.8

2014-01-01

Abstract:Cyber-Physical Systems (CPS) play an important role in the safety-critical systems. It is very significant to verify whether some concerned behaviors exist in a CPS. Hybrid interface automata, extension of a non-hybrid version, are used to model a CPS. A scenario, described by MARTE sequence diagram, specifies the concerned behaviors. An algorithm is given for bounded checking the behavioral nonexistent consistency, namely, the behaviors specified by a scenario all do not exist in a hybrid interface automaton. The idea of the algorithm is, firstly, encoding the behavioral nonexistent consistency to an unconstrained dynamic programming, secondly, solving the unconstrained dynamic programming by a genetic algorithm. The algorithm can search the results on the real domain, and be applied to nonlinear as well as linear hybrid systems.

Man Lin,Yongwen Pan,Laurence T. Yang,Minyi Guo,Nenggan Zheng

DOI: https://doi.org/10.1109/tetc.2013.2274042

2013-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Energy aware scheduling and reliability are both very critical for real-time cyber-physical system design. However, it has been shown that the transient faults of a system will increase when the processor runs at reduced speed to save energy consumption. In this paper, we study total energy and reliability scheduling co-design problem for real-time cyber-physical systems. Total energy refers the sum of static and dynamic energy. Our goal is to minimize total energy while guaranteeing reliability constraints. We approach the problem from two directions based on the two different ways of guaranteeing the reliability of the tasks. The first approach aims at guaranteeing reliability at least as high as that of without speed scaling by reserving recovery job for each scaled down task. Heuristics have been used to guide the speed scaling and shutdown techniques that are used to lower total energy consumption while guaranteeing the reliability. The second way to guarantee the reliability of the tasks is to satisfy a known minimum reliability constraint for the tasks. The minimum reliable speed guarantees the reliability level of tasks, and is used as a constraint in the energy minimization problem. Both static and dynamic co-design methods are explored. Experimental results show that our methods are effective.

Changjian Zhang,Parv Kapoor,Romulo Meira-Goes,David Garlan,Eunsuk Kang,Akila Ganlath,Shatadal Mishra,Nejib Ammar

2024-03-26

Abstract:The adoption of cyber-physical systems (CPS) is on the rise in complex physical environments, encompassing domains such as autonomous vehicles, the Internet of Things (IoT), and smart cities. A critical attribute of CPS is robustness, denoting its capacity to operate safely despite potential disruptions and uncertainties in the operating environment. This paper proposes a novel specification-based robustness, which characterizes the effectiveness of a controller in meeting a specified system requirement, articulated through Signal Temporal Logic (STL) while accounting for possible deviations in the system. This paper also proposes the robustness falsification problem based on the definition, which involves identifying minor deviations capable of violating the specified requirement. We present an innovative two-layer simulation-based analysis framework designed to identify subtle robustness violations. To assess our methodology, we devise a series of benchmark problems wherein system parameters can be adjusted to emulate various forms of uncertainties and disturbances. Initial evaluations indicate that our falsification approach proficiently identifies robustness violations, providing valuable insights for comparing robustness between conventional and reinforcement learning (RL)-based controllers

Systems and Control,Logic in Computer Science,Software Engineering

Richárd Szabó,András Vörös

DOI: https://doi.org/10.48550/arXiv.2108.12773

2021-08-29

Abstract:Cyber-physical systems (CPS) can be found everywhere: smart homes, autonomous vehicles, aircrafts, healthcare, agriculture and industrial production lines. CPSs are often critical, as system failure can cause serious damage to property and human lives. Today's cyber-physical systems are extremely complex, heterogeneous systems: to be able to manage their complexity in a unified way, we need an infrastructure that ensures that our systems operate with the high reliability as intended. In addition to the infrastructure, we need to provide engineers a method to ensure system reliability at design time. The paradigm of model-driven design provides a toolkit supporting the design and analysis and by choosing the proper formalisms, the model-driven design approach allows us to validate our system at design time.

Distributed, Parallel, and Cluster Computing,Software Engineering