Motivation: Applications of truly distributed sense and control systems
combining large numbers (100s to millions) of heterogeneous tightly
interacting components range from energy and environmental management (e.g.,
power grid monitoring and control), traffic monitoring and control (e.g., the
Nokia-Berkeley Bay Area cell-phone based traffic-monitoring experiment),
autonomous vehicles and aircraft, to biomedical and health care systems.
However, most of these applications come with a broad range of concerns in
terms of intended and accomplished behavior, reliability (and liability),
longevity and survivability, security, and constrained energy availability.
These concerns are aggravated by the spatial separation of the components
that requires control systems using communication networks to exchange
information. While progress has been made over the years in the design of
large-scale systems, we are far from having access to design methodologies
and technologies that can provide guarantees on behavior and execution.
Recent significant delays in the delivery of advanced aircraft both for civil
and military use due to unexpected interactions of a large number of
heterogeneous and strongly interdependent subsystems, the difficulties faced
in designing nano-scale micro-systems and the
necessity of reducing energy consumption expose the urgency of developing
sense and control algorithms and architectures, methodologies, models and
tools for the design of closed loop systems. The inherent fragility of
large-scale distributed systems with respect to malfunctioning of their components
as well as to malicious attacks requires the development and deployment of
fault-tolerant techniques as well as novel trust and security concepts before
catastrophic problems surface in systems such as the energy infrastructures
in vehicles, buildings and regional grids. The issues with the design of
complex systems are compounded by the lack of a clear set of metrics to
optimize and of constraints to satisfy. More often than not designers
rely on approximate, qualitative assessments obtained using experience and
intuition, a strategy that worked in the past, when complexity was
manageable. The need of identifying quantities that can be used to assess in
rigorous ways the results of the design activity is now acute to prevent
endless and prohibitively expensive re-cycles.
Vision: We envision a design process
that will support the embedding of large numbers of unreliable, sporadically
connected, dynamically reconfigurable computational nodes into an application
domain, coupled with closed-loop control systems that react at appropriate
timescales as events arise. The relevant timescale may vary by problem area,
but all the areas we target have demanding reactivity constraints coupled
with limited power, bandwidth, or communication topologies. Our focus on closed-loop
scenarios differentiates this proposal from the research agenda of the
sensor networks community while at the same time leveraging it; while sensor
networks have been studied and deployed mostly for monitoring applications,
we believe that the future will be about behavior control and autonomous
operations that require closed loop systems (as is clearly visible in the
research agenda of the large- and small-scale systems themes). Our contention
is that the only way to address the challenges of distributed control and
sensor multi-scale systems is to employ structured and formal design
methodologies that seamlessly and coherently combine the various dimensions
of the multi-scale design space, and that provide the appropriate design
metrics augmented with methods for computing them unambiguously, and the
abstractions, control algorithms and system architectures to manage the
inherent complexity. We believe that this approach will form the
necessary methodological infrastructure to develop and test innovative system
architectures that address issues such as validation, reliability and
long-term robustness, security and run-time resiliency, and guarantee
functionality and efficient operation. The design of systems consisting of a
multitude of components will be carried out with rigorous quantitative
analysis of performance figures including energy consumption as an essential
part while making sure that functionality is as expected.
This research forms the methodological
scaffolding of the other MuSyC themes. As such it will drive, and be driven
by, the energy-smart applications of the other themes (in the large and the
small). While the primary focus of this theme will be on energy-metrics,
its fundamental nature makes it possible to extend the results to multiple
design issues in different industrial domains.
In this respect, avionics for modern
aircraft serve as an excellent application for the technologies developed in
this theme. Modern commercial and military aircraft are rapidly increasing in
complexity and functionality, and have hundreds of IT components that
interact to manage the flight control, environmental control and
energy-generation subsystems. Together, these systems are responsible for
maintaining highly reliable, agile and efficient operation of the aircraft
and, increasingly, are part of an even larger system-of-systems consisting of
the overall air traffic control systems (for commercial airspaces) or air
operations center (for military systems). Future airborne systems that are
designed to dynamically optimize their operational performance and energy
efficiency rely on increased levels of complexity to coordinate energy flows
within a vehicle as well as operational tasks across a fleet of vehicles
(including combinations of manned and unmanned vehicles). To help set
identifiable goals and quantifiable metrics, this theme will use large
airborne platforms as the guiding case study in the development of its
methodologies and techniques (in addition, of course, to the application
drivers of the large-scale and small-scale systems themes.
Measures of Success. As in
all efforts that involve improving the state-of-the-art in methodology and
tools, measuring the success of the research listed in this Theme is a
challenge. In EDA, there is still debate as to how much productivity
improvement design tools have produced even though by now, no one questions
that the impact was great. By the same token, the benefits of platform-based
design as developed by the GSRC team have not been easy to measure albeit
there is a general consensus that this methodology is impacting the industry
in a major way. Nevertheless, the SCS Theme has made an effort to provide
metrics to assess success in its endeavors. The metrics related to design
time and quality will have to be computed defining the conditions for the
test, which will have to involve either legacy designs or new designs but
where the comparison is carried out with past designs of similar
characteristics.
Topic
|
Measures of Success and Outcomes
|
Modeling
|
Partially-ordered
models of time that are robust and distributed; Demonstration of multiple
coexisting time scales on models of physical dynamics; Definition of
energy-centric semantic annotations; Definition of timing repeatability
metric; Algorithms to generate quantitative models (so that the accuracy of
prediction improves super-linearly with the number of steps of the
algorithm.
|
Verification and Diagnostics
|
Algorithms
to either prove that the system is correct or generate a test plan that
demonstrates how the quantitative property is violated; these algorithms
will scale to > 10X larger systems than possible with current
verification methods; Heterogeneous simulation technologies for multi-scale
physical dynamics that can handle 10X more complex cyber-physical systems;
Localize the source of a failure with low false alarm rate (< 5%) and
using polynomially-many steps. Testing tools to
compute coverage metrics for semantic annotations and energy usage.
|
Distributed Control
|
Increased
efficiency of operations through at least 20% better manage ment of power. Communication architectures with low
energy consumption while improving by 10X the speed of distributed control
algorithms for multiple tasks.
|
Trust and Security
|
Incorporation
of physical-layer security and authentication mechanisms at multiple scales
allowing >10X resiliency to a set of common attacks, while expending no
more than 2% higher energy and scaling to >10X larger systems than
possible with current software-only security methods. Dynamic establishment
of trusted nodes enabling UCS for all distributed control and operation
schemes, with less than 5% communication overhead, less than 2% additional
energy consumption, capable of maintaining >80% performance despite the
existence of >35% corrupt nodes or agents.
|
Distributed Architectures
|
Overall
2X improvement in performance and reliability of the system and 50%
decrease in design time to achieve these results.
|
Avionics Systems
|
Reduction
of the development time by 2X required for design, implementation and
verification of complex, distributed control systems through the increased
use of formal methods for specification, design and verification. Reduction
of the number of fault conditions by 2X that require the system to be taken
out of service for inspection or repair, through the increase used of
onboard models and dynamic reconfiguration to provide enhanced fault
tolerance.
|
|
|
The team consists of world-renowned experts
in distributed control, sensor network design, system level design
methodologies, tools and models including verification, simulation and
synthesis, security and design-space exploration. In tune with the nature of
this theme, we will connect and interact closely with other FCRP centers
including Platforms (GSRC), Connectivity (IFC) and Modules and Circuits
(C2S2).
767 Electric Power System Modeling in SysML by John Finn, Mohammad Mostafizur Rahman Mozumdar, Alberto Sangiovanni Vincentelli,
University of California, Berkeley, Ver.02, April 19, 2011.
Abstract
This
document provides a preliminary description for SysML
modeling of the 767 electrical power system, a part
of the design methodology to the MuSyC/DSCS avionics challenge problem. It
starts with a short overview of the aircraft’s electric power system and then
highlights the components that have been modeled. Rational Rhapsody is used
as a SysML modeling interface.
Copyright 2011
|