Cyber Physical Systems. Model-Based Design

Nowadays the complexity of embedded systems is constantly increasing and several different types of applications concurrently execute on the same computational platform. Hence these systems have to satisfy real-time constraints and support real-time communication. The design and verification of these systems is very complex, full formal verification is not always possible and the run-time verification is the only feasible path to follow. In this context, the possibility to simulate their behavior becomes a crucial aspect. This paper proposes a SystemC modular RTOS model to assist the design and the verification of real-time embedded systems. The model architecture has been designed to capture all the typical functionalities that every RTOS owns, in order to easily reproduce the behavior of a large class of RTOS. The RTOS model can support functional simulation for design space exploration to rapidly evaluate the impact of different RTOS configurations (such as scheduling policies) on the overall system performances. Moreover the model can be used for software verification by implementing specific RTOS APIs over the generic services provided by the model, allowing the simulation of a real application without changing any instruction. The proposed approach enables the user to model non-deterministic behaviors at architectural and application level by means of probabilistic distributions. This allows to assess system performances of complex embedded systems under uncertain behavior (e.g. execution time). A use case is proposed considering an instance of the model compliant with the ARINC 653 specification, which requires spatial and temporal segregation, and where typical RTOS performances are assessed given the probability distributions of execution time and aperiodic task activation.

Cyber-physical systems are systems where the environment interacts with computers (the cyber part) with real-time constraints. Emerging technologies, such as artificial intelligence and machine learning, call for ever-increasing processing power. However, for real-time systems, we need to prove statically that this processing demand can be performed within strict deadlines.

This paper explores a time-predictable multicore architecture for those demanding cyber-physical systems. We explore different models of communication between those multiple cores. We compare the message passing model on top of a network-on-chip with message passing on two forms of shared scratchpad memory.

For lower arm amputees, prosthetic hands promise to restore most of physical interaction capabilities. This requires to accurately predict hand gestures capable of grabbing varying objects and execute them timely as intended by the user. Current approaches often rely on physiological signal inputs such as Electromyography (EMG) signal from residual limb muscles to infer the intended motion. However, limited signal quality, user diversity and high variability adversely affect the system robustness. Instead of solely relying on EMG signals, our work enables augmenting EMG intent inference with physical state probability through machine learning and computer vision method. To this end, we: (1) study state-of-the-art deep neural network architectures to select a performant source of knowledge transfer for the prosthetic hand, (2) use a dataset containing object images and probability distribution of grasp types as a new form of labeling where instead of using absolute values of zero and one as the conventional classification labels, our labels are a set of probabilities whose sum is 1. The proposed method generates probabilistic predictions which could be fused with EMG prediction of probabilities over grasps by using the visual information from the palm camera of a prosthetic hand. Our results demonstrate that InceptionV3 achieves highest accuracy with 0.95 angular similarity followed by 1.4 MobileNetV2 with 0.93 at \(\sim \)20% the amount of operations.

This paper describes a component-based concurrent model of computation for reactive systems. The components in this model, featuring ports and hierarchy, are called reactors. The model leverages a semantic notion of time, an event scheduler, and a synchronous-reactive style of communication to achieve determinism. Reactors enable a programming model that ensures determinism, unless explicitly abandoned by the programmer. We show how the coordination of reactors can safely and transparently exploit parallelism, both in shared-memory and distributed systems.

A reachable set computation method for dynamical systems with an integral constraint over the input set is proposed. These models are typical in robustness analysis when studying the impact of bounded energy noises over a system response and can also model a large family of complex systems. The reachable set is over-approximated using a guaranteed set-based integration method within the interval arithmetic framework.

With the increasing level of automation in road vehicles, the traditional workhorse of safety assessment, namely, physical testing, is no longer adequate as the sole means of ensuring safety. A standard safety assessment benchmark is to evaluate the behavior of a new design in the context of a risk-exposing test scenario. Manual or computerized analysis of the behavior of such systems is challenging because of the presence of non-linear physical dynamics, computational components, and impacts. In this paper, we study the utility of a new technology called rigorous simulation for addressing this problem. Rigorous simulation aims to combine some of the benefits of traditional simulation methods with those of traditional analytical methods such as symbolic algebra. We develop and analyze in detail a case study involving an Intersection Collision Avoidance (ICA) test scenario using the hazard analysis techniques prescribed in the ISO 26262 functional safety standard. We show that it is possible to formally model and rigorously simulate the test scenario to produce informative results about the severity of collisions. The work presented in this paper demonstrates that rigorous simulation can handle models of non-trivial complexity. The work also highlights the practical challenges encountered in using it.

Existing simulation methods cannot provide functionally and temporally correct simulations for the cyber-side of automotive systems since they do not correctly model temporal behaviours such as varying execution times and task preemptions. To address such limitations, our previous work proposes a novel simulation technique that guarantees the functional and temporal simulation correctness. However, the simulation technique is designed assuming a single core simulator. In this work, we extend the single core simulator targeting a multicore simulator to enhance the simulation capacity. In this multicore extension, a major challenge is the inter-core interferences in a multicore environment, which causes unpredictability of simulated job execution times, which in turn makes it hard to model the timings of the real cyber-side of an automotive system. To overcome the challenge, this paper empirically analyzes the inter-core interferences for typical automotive workloads and proposes a practical multicore extension approach, which can still provide a functionally and temporally correct simulation, without using complex inter-core isolation mechanisms. Our experimental study shows that the proposed multicore extension approach can significantly improve the simulation capacity over the previous single core simulator while still preserving simulation correctness.

Hybrid systems are dynamical systems that include both continuous and discrete changes. Modeling and simulation of hybrid systems can be challenging due to various kinds of subtleties of their behavior. The declarative modeling language HydLa aims at concise description of hybrid systems by means of constraints and constraint hierarchies. HyLaGI, a publicly available symbolic simulator of HydLa, featured error-free computation with symbolic parameters. Based on symbolic computation, HyLaGI provides various functionalities including nondeterministic execution, handling of infinitesimal quantities, and construction of hybrid automata. Nondeterministic execution in the framework of constraint programming enables us to solve inverse problems by automatic parameter search. This paper introduces these features by means of example programs. This paper also discusses our experiences with HydLa programming, which is unique in that its data and control structures are both based on constraint technologies. We discuss its expressive power and our experiences with modeling using constraint hierarchies.

We show that, for any spatially discretized system of reaction-diffusion, the approximate solution given by the explicit Euler time-discretization scheme converges to the exact time-continuous solution, provided that diffusion coefficient be sufficiently large. By “sufficiently large”, we mean that the diffusion coefficient value makes the one-sided Lipschitz constant of the reaction-diffusion system negative. We apply this result to solve a finite horizon control problem for a 1D reaction-diffusion example. We also explain how to perform model reduction in order to improve the efficiency of the method.

We report on a remote test environment for a mandatory undergraduate lab course on microcontroller programming at RWTH Aachen University. Since the course is being attended by up to 320 students each semester, it is not possible to provide comprehensive supervised on-site access to the laboratory equipment during the preparation phase of the participants. To deal with this common scalability problem of lab courses we implemented a remotely and continuously accessible test pool with full feature support of the used microcontroller platform. The paper presents the architecture and the detailed implementation of the pool, and we provide an evaluation of its success based on usage statistics and student feedback.

In this paper, we give an overview of aspects a graduate lab course should cover for didactic success. As worked example, we present an interdisciplinary lab course for computer scientists and engineers with the goal to automatically controlled distill wine to brandy. We present the developed automation hardware, with respect to the features allowing for a sound lab course performance. We also illustrate the affected organizational structure and the associated blended learning capabilities. These allow for an efficient carrying out of the course. Beyond, we give information on the special boundary conditions from regulatory and safety departmental side for this special example. Yet, the presented work can be used as template for inspiration up to a blueprint when designing a graduate lab course.

Cyber-Physical Systems (CPS) are evolving to become more intelligent, autonomous and collaborating, playing an important role in societal infrastructure. The amount of knowledge required in developing and managing future CPS will be unprecedented, leading to stronger needs for collaboration, competence provisioning, continuous learning and renewal of education. This is where “competence” (or learning) “networks” involving academia and industry play an important role. We elaborate and discuss needs, lessons learnt and challenges for such competence networks in the context of CPS. We draw upon our experiences gained from ICES - the KTH-industry cross-disciplinary and multi-domain competence network which in 2019 has been operational for 11 years, growing from 6 to more than 30 participating organizations. The ICES network focuses on activities to support students, industrial engineers and managers, and academic faculty, acting as a network, catalyst and competence provider directed towards these stakeholders. We elaborate challenges faced during the operation of ICES including the lack of prioritization of competence networks and education, the paradox with strong needs for competence networks but perceived lack of time, the challenges of reaching out to stakeholders, and fragmented efforts addressing competence provisioning. We finally discuss ways forward. In conclusion, we believe that the ICES type of network could be relevant in many other areas characterized by complex systems.