Showing papers by "Alberto Sangiovanni-Vincentelli published in 2014"

Model predictive control with signal temporal logic specifications

Abstract: We present a mathematical programming-based method for model predictive control of discrete-time cyber-physical systems subject to signal temporal logic (STL) specifications. We describe the use of STL to specify a wide range of properties of these systems, including safety, response and bounded liveness. For synthesis, we encode STL specifications as mixed integer-linear constraints on the system variables in the optimization problem at each step of a model predictive control framework. We present experimental results for controller synthesis for building energy and climate control.

A Contract-Based Methodology for Aircraft Electric Power System Design

Abstract: In an aircraft electric power system, one or more supervisory control units actuate a set of electromechanical switches to dynamically distribute power from generators to loads, while satisfying safety, reliability, and real-time performance requirements. To reduce expensive redesign steps, this control problem is generally addressed by minor incremental changes on top of consolidated solutions. A more systematic approach is hindered by a lack of rigorous design methodologies that allow estimating the impact of earlier design decisions on the final implementation. To achieve an optimal implementation that satisfies a set of requirements, we propose a platform-based methodology for electric power system design, which enables independent implementation of system topology (i.e., interconnection among elements) and control protocol by using a compositional approach. In our flow, design space exploration is carried out as a sequence of refinement steps from the initial specification toward a final implementation by mapping higher level behavioral and performance models into a set of either existing or virtual library components at the lower level of abstraction. Specifications are first expressed using the formalisms of linear temporal logic, signal temporal logic, and arithmetic constraints on Boolean variables. To reason about different requirements, we use specialized analysis and synthesis frameworks and formulate assume guarantee contracts at the articulation points in the design flow. We show the effectiveness of our approach on a proof-of-concept electric power system design.

Secure State Estimation For Cyber Physical Systems Under Sensor Attacks: A Satisfiability Modulo Theory Approach

Abstract: We address the problem of detecting and mitigating the effect of malicious attacks to the sensors of a linear dynamical system. We develop a novel, efficient algorithm that uses a Satisfiability-Modulo-Theory approach to isolate the compromised sensors and estimate the system state despite the presence of the attack, thus harnessing the intrinsic combinatorial complexity of the problem. By leveraging results from formal methods over real numbers, we provide guarantees on the soundness and completeness of our algorithm. We then report simulation results to compare its runtime performance with alternative techniques. Finally, we demonstrate its application to the problem of controlling an unmanned ground vehicle.

Model predictive control approach to online computation of demand-side flexibility of commercial buildings HVAC systems for Supply Following

Abstract: Commercial buildings have inherent flexibility in how their HVAC systems consume electricity. We investigate how to take advantage of this flexibility. We first propose a means to define and quantify the flexibility of a commercial building. We then propose a contractual framework that could be used by the building operator and the utility to declare flexibility on the one side and reward structure on the other side. We then design a control mechanism for the building to decide its flexibility for the next contractual period to maximize the reward, given the contractual framework. Finally, we perform at-scale experiments to demonstrate the feasibility of the proposed algorithm.

The Swarm at the Edge of the Cloud

Abstract: The paper explains how to use sensors as the eyes, ears, hands, and feet for the cloud. This paper describes the opportunities and challenges when integrating sensors and cloud computing.

Data-Driven Probabilistic Modeling and Verification of Human Driver Behavior

Abstract: We address the problem of formally verifying quantitative properties of driver models. We first propose a novel stochastic model of the driver behavior based on Convex Markov Chains, i.e., Markov chains in which the transition probabilities are only known to lie in convex uncertainty sets. This formalism captures the intrinsic uncertainty in estimating transition probabilities starting from experimentally-collected data. We then formally verify properties of the model expressed in probabilistic computation tree logic (PCTL). Results show that our approach can correctly predict quantitative information about driver behavior depending on her state, e.g., whether he or she is attentive or distracted. Copyright © 2014, Association for the Advancement of Artificial Intelligence. All rights reserved.

Model Predictive Control of regulation services from commercial buildings to the smart grid

Abstract: We first demonstrate that the demand-side flexibility of the Heating Ventilation and Air Conditioning (HVAC) system of a typical commercial building can be exploited for providing frequency regulation service to the power grid using at-scale experiments. We then show how this flexibility in power consumption of building HVAC system can be leveraged for providing regulation service. To this end, we consider a simplified model of the power grid with uncertain demand and generation. We present a Model Predictive Control (MPC) scheme to direct the ancillary service power flow from buildings to improve upon the classical Automatic Generation Control (AGC) practice. We show how constraints such as slow and fast ramping rates for various ancillary service providers, and short-term load forecast information can be integrated into the proposed MPC framework. Finally, we provide extensive simulation results to illustrate the effectiveness of the proposed methodology for enhancing grid frequency regulation.

Industrial Cyber-Physical Systems – iCyPhy

Abstract: ICyPhy is a pre-competitive industry-academic partnership focused on architectures, abstractions, technologies, methodologies, and supporting tools for the design, modeling, and analysis of large-scale complex systems. The purpose of this partnership is to promote research that applies broadly across industries, providing the intellectual foundation for next generation systems engineering. The focus is on cyber-physical systems, which combine a cyber side (computing and networking) with a physical side (e.g., mechanical, electrical, and chemical processes). Such systems present the biggest challenges and biggest opportunities in several critical industrial segments such as electronics, energy, automotive, defense and aerospace, telecommunications, instrumentation, and industrial automation. The approach leverages considerable experience designing complex artifacts in the semiconductor, embedded systems, and software industries, and major recent advances in algorithmic techniques for dealing with complexity. This consortium adapts and extends these techniques to handle the fundamentally different challenges in largescale cyber-physical systems.

Metronomy: a function-architecture co-simulation framework for timing verification of cyber-physical systems

Abstract: As the design complexity of cyber-physical systems continues to grow, modeling the system at higher abstraction levels with formal models of computation is increasingly appealing since it enables early design verification and analysis. One of the most important aspects in system modeling and analysis is timing. However, it is very challenging to analyze and verify timing at the early design stages, as the design representation is quite abstract and trade-offs have to be made between the performance requirements defined in terms of system functionality and the cost of the feasible architecture that can implement the functionality. In this paper, we present Metronomy, a function-architecture co-simulation framework that integrates functional modeling from Ptolemy and architectural modeling from the MetroII environment via a mapping interface. Metronomy exploits contract theory for timing verification and design space exploration via co-simulation. Two case studies on an electrical power system and a paper-feed sub-system for a high speed printing press demonstrate the effectiveness of our approach.

Security-aware mapping for TDMA-based real-time distributed systems

Abstract: Cyber-security has become a critical issue for real-time distributed embedded systems in domains such as automotive, avionics, and industrial automation. However, in many of such systems, tight resource constraints and strict timing requirements make it difficult or even impossible to add security mechanisms after the initial design stages. To produce secure and safe systems with desired performance, security must be considered together with other objectives at the system level and from the beginning of the design. In this paper, we focus on security-aware design for Time Division Multiple Access (TDMA) based real-time distributed systems. The TDMA-based protocol we consider is an abstraction of many time-triggered protocols that are being adopted in various safety-critical systems for their more predictable timing behavior, such as FlexRay, Time-Triggered Protocol, and Time-Triggered Ethernet. To protect against attacks on TDMA-based real-time distributed systems, we apply a message authentication mechanism with time-delayed release of keys, which provides a good balance between security and computational overhead but needs sophisticated network scheduling to ensure that the increased latencies due to delayed key releases will not violate timing requirements. We propose formulations and an algorithm to optimize the task allocation, priority assignment, network scheduling, and key-release interval length during the mapping process, while meeting both security and timing requirements. Experimental results of an automotive case study and a synthetic example show the effectiveness and efficiency of our approach.

The Unknown Component Problem: Theory and Applications

Abstract: The Problem of the Unknown Component: Theory and Applications addresses the issue of designing a component that, combined with a known part of a system, conforms to an overall specification. The authors tackle this problem by solving abstract equations over a language. The most general solutions are studied when both synchronous and parallel composition operators are used. The abstract equations are specialized to languages associated with important classes of automata used for modeling systems. The book is a blend of theory and practice, which includes a description of a software package with applications to sequential synthesis of finite state machines. Specific topologies interconnecting the components, exact and heuristic techniques, and optimization scenarios are studied. Finally the scope is enlarged to domains like testing, supervisory control, game theory and synthesis for special omega languages. The authors present original results of the authors along with an overview of existing ones.

Library-based scalable refinement checking for contract-based design

Abstract: Given a global specification contract and a system described by a composition of contracts, system verification reduces to checking that the composite contract refines the specification contract, i.e. that any implementation of the composite contract implements the specification contract and is able to operate in any environment admitted by it. Contracts are captured using high-level declarative languages, for example, linear temporal logic (LTL). In this case, refinement checking reduces to an LTL satisfiability checking problem, which can be very expensive to solve for large composite contracts. This paper proposes a scalable refinement checking approach that relies on a library of contracts and local refinement assertions. We propose an algorithm that, given such a library, breaks down the refinement checking problem into multiple successive refinement checks, each of smaller scale. We illustrate the benefits of the approach on an industrial case study of an aircraft electric power system, with up to two orders of magnitude improvement in terms of execution time.

Contract-based design of control protocols for safety-critical cyber-physical systems

Abstract: We introduce a platform-based design methodology that addresses the complexity and heterogeneity of cyber-physical systems by using assume-guarantee contracts to formalize the design process and enable realization of control protocols in a hierarchical and compositional manner. Given the architecture of the physical plant to be controlled, the design is carried out as a sequence of refinement steps from an initial specification to a final implementation, including synthesis from requirements and mapping of higher-level functional and non-functional models into a set of candidate solutions built out of a library of components at the lower level. Initial top-level requirements are captured as contracts and expressed using linear temporal logic (LTL) and signal temporal logic (STL) formulas to enable requirement analysis and early detection of inconsistencies. Requirements are then refined into a controller architecture by combining reactive synthesis steps from LTL specifications with simulation-based design space exploration steps. We demonstrate our approach on the design of embedded controllers for aircraft electric power distribution.

Are interface theories equivalent to contract theories

Abstract: Contract-based design is emerging as a unifying compositional paradigm for the specification, design and verification of large-scale complex systems. Different contract frameworks are currently available, but we lack a clear understanding of the relations between them. In this paper, we investigate the relation between interface theories (specifically, relational interfaces) and assume-guarantee (A/G) contracts. We introduce a natural transformation of interfaces to A/G contracts represented by linear temporal logic. Then, we analyze differences and correspondences between key operators and relations in the two theories (i.e. composition, refinement and conjunction), by studying their preservation properties under the proposed transformation. We show that the transformation preserves refinement, but does not generally preserve serial composition and conjunction. Then, we present an assumption-projection operator to make it possible to preserve serial composition and compatibility checking. Finally, we provide illustrative examples that shed light on the effectiveness of both frameworks for requirement formalization, early detection of integration errors, and use of abstraction-refinement.

Secure State Estimation Under Sensor Attacks: A Satisfiability Modulo Theory Approach.

Abstract: We address the problem of detecting and mitigating the effect of malicious attacks to the sensors of a linear dynamical system. We develop a novel, efficient algorithm that uses a Satisfiability-Modulo-Theory approach to isolate the compromised sensors and estimate the system state despite the presence of the attack, thus harnessing the intrinsic combinatorial complexity of the problem. By leveraging results from formal methods over real numbers, we provide guarantees on the soundness and completeness of our algorithm. We then report simulation results to compare its runtime performance with alternative techniques. Finally, we demonstrate its application to the problem of controlling an unmanned ground vehicle.

Let’s Get Physical: Computer Science Meets Systems

Abstract: In cyber-physical systems (CPS) computing, networking and control (typically regarded as the “cyber” part of the system) are tightly intertwined with mechanical, electrical, thermal, chemical or biological processes (the “physical” part). The increasing sophistication and heterogeneity of these systems requires radical changes in the way sense-and-control platforms are designed to regulate them. In this paper, we highlight some of the design challenges due to the complexity and heterogeneity of CPS. We argue that such challenges can be addressed by leveraging concepts that have been instrumental in fostering electronic design automation while dealing with complexity in VLSI system design. Based on these concepts, we introduce a design methodology whereby platform-based design is combined with assume-guarantee contracts to formalize the design process and enable realization of CPS architectures and control software in a hierarchical and compositional manner. We demonstrate our approach on a prototype design of an aircraft electric power system.

An MDA Approach for the Generation of Communication Adapters Integrating SW and FW Components from Simulink

Abstract: We present the tools, metamodels and code generation techniques in use at Elettronica SpA for the development of communication adapters for software and firmware systems from heterogeneous models. The process start from a SysML system model, developed according to the platform-based design (PBD) paradigm, in which a functional model of the system is paired to a model of the execution platform. Subsystems are refined as Simulink models or hand coded in C++. In turn, Simulink models are implemented as software code or firmware on FPGA, and an automatic generation of the implementation is obtained. Based on the SysML system architecture specification, our framework drives the generation of Simulink models with consistent interfaces, allows the automatic generation of the communication code among all subsystems (including the HW-FW interface code).

An Efficient Wire Routing and Wire Sizing Algorithm for Weight Minimization of Automotive Systems

Abstract: As the complexities of automotive systems increase, designing a system is a difficult task that cannot be done manually. In this paper, we propose an algorithm for weight minimization of wires used for connecting electronic devices in a system. The wire routing problem is formulated as a Steiner tree problem with capacity constraints, and the location of a Steiner vertex is selected for adding a splice connecting more than two wires. Besides wire routing, wire sizing is also done to satisfy resistance constraints and minimize the total wiring weight. Experimental results show the effectiveness and efficiency of our algorithm.

Distributed control of a swarm of buildings connected to a smart grid: demo abstract

Abstract: Energy-efficient control mechanisms are necessary to manage the ever increasing energy demand. Recently several tools for building energy consumption control have been proposed for small (e.g. homes) [8] and large (e.g. offices) buildings [3][6][1]. The mechanism each tool uses is different, e.g. HVAC control [3] and appliance rescheduling [8], but they share the goal of improving consumption of the buildings with respect to a given cost function. Some examples of cost functions are reduced energy consumption, reduced electricity bill, lower peak power, and increased ancillary service participation. The tools however do not capture the impacts of their control actions on the grid. These actions can lead to supply/demand imbalance and voltage/frequency deviation and thus, threaten grid stability. Utilities can take protective actions against those who cause instability by increasing electricity price or even momentarily disconnecting them from the grid. The effects of these protective actions can be so severe that the savings obtained by building management tools might disappear.

A model-based approach for bridging virtual and physical sensor nodes in a hybrid simulation framework.

Abstract: The Model Based Design (MBD) approach is a popular trend to speed up application development of embedded systems, which uses high-level abstractions to capture functional requirements in an executable manner, and which automates implementation code generation. Wireless Sensor Networks (WSNs) are an emerging very promising application area for embedded systems. However, there is a lack of tools in this area, which would allow an application developer to model a WSN application by using high level abstractions, simulate it mapped to a multi-node scenario for functional analysis, and finally use the refined model to automatically generate code for different WSN platforms. Motivated by this idea, in this paper we present a hybrid simulation framework that not only follows the MBD approach for WSN application development, but also interconnects a simulated sub-network with a physical sub-network and then allows one to co-simulate them, which is also known as Hardware-In-the-Loop (HIL) simulation.

Robust strategy synthesis for probabilistic systems applied to risk-limiting renewable-energy pricing

Abstract: We address the problem of synthesizing control strategies for Ellipsoidal Markov Decision Processes (EMDP), i.e., MDPs whose transition probabilities are expressed using ellipsoidal uncertainty sets. The synthesized strategy aims to maximize the total expected reward of the EMDP, constrained to a specification expressed in Probabilistic Computation Tree Logic (PCTL). We prove that the EMDP strategy synthesis problem for the fragment of PCTL disabling operators with a finite time bound is NP-complete and propose a novel sound and complete algorithm to solve it. We apply these results to the problem of synthesizing optimal energy pricing and dispatch strategies in smart grids that integrate renewable sources of energy. We use rewards to maximize the profit of the network operator and a PCTL specification to constrain the risk of power unbalance and guarantee quality-of-service for the users. The EMDP model used to represent the decision-making scenario was trained with measured data and quantitatively captures the uncertainty in the prediction of energy generation. An experimental comparison shows the effectiveness of our method with respect to previous approaches presented in the literature.

From Relational Interfaces to Assume-Guarantee Contracts

Abstract: : Contract-based design is emerging as a unifying compositional paradigm for the specification, design and verification of large-scale complex systems. Yet, different contract frameworks are currently available, without a clear understanding of the relations between them. In this paper, we investigate the relation between interface theories (specifically, relational interfaces) and assume-guarantee (A/G) contracts, revealing some of the subtleties involved. We show that the natural transformation of interfaces to A/G contracts represented by LTL formulas preserves refinement, but does not generally preserve serial composition, and we present an assumption-projection operator to remedy the latter issue. We also discuss the properties of our transformation with respect to conjunction. Finally, we provide illustrative examples that shed light on the effectiveness of both frameworks for requirement formalization, early detection of integration errors, and principled use of abstraction-refinement.

Introduction: Modeling, Analysis and Synthesis of Embedded Software and Systems

Abstract: Embedded systems are increasingly complex, function-rich and required to perform tasks that are mission- or safety-critical. The use of models to specify the functional contents of the system and its execution platform is today the most promising solution to reduce the productivity gap and improve the quality, correctness and modularity of software subsystems and systems. Models allow to advance the analysis, validation, and verification of properties in the design flow, and enable the exploration and synthesis of cost-effective and provably correct solutions. While there is (relative) consensus on the use of models, competing (and not necessarily compatible) approaches are explored in the academic and industrial domain, each with its distinctive features, strengths, and weaknesses. Modeling languages (and the accompanying methodologies) are today roughly divided as belonging to the Model-Based Design (MBD) or Model-Driven Engineering (MDE) approach. Component-based development is a desirable paradigm that applies to both modeling styles. Research work tries to define (and possibly widen) the range of model properties that can be analyzed and demonstrated as correct, providing methods and tools to this purpose. Time properties are an important subset, since they apply to the majority of the complex and distributed systems in the automotive, avionics, and controls domains. A synthesis path, with the methods and tools to generate a (provably correct) software or hardware implementation of a model is a necessary complement to the use of an analyzable modeling language, not only to improve efficiency, but to avoid the introduction of unwanted errors when the model is refined into its implementation.