From Electronic Design Automation to Cyber-Physical System Design Automation:
A Tale of Platforms and Contracts
Pierluigi NuzzoMing Hsieh Department of Electrical and Computer Engineering
University of Southern California, Los [email protected]
In Honor of Alberto Sangiovanni-Vincentelli
International Symposium on Physical Design, San Francisco, April 16, 2019
Pierluigi Nuzzo, USC2
Cyber-Physical System Design: What Can Go Wrong?
Pierluigi Nuzzo, USC3
The Quest for the Next Level of Abstraction: System Level Design
Courtesy: A. Sangiovanni-Vincentelli
Pierluigi Nuzzo, USC
Platform-Based Design
Contracts
Applications
What’s next?
4
Pierluigi Nuzzo, USC
“Let’s Get Physical: Computer Science Meets Systems,” ETAPS Workshop, 2014
Cyber-Physical System Design: State of the Art
CostOptimization
Data & Control Thermal Management
Size/PowerOptimization
System FunctionalSpecification
. . . SubsystemDesign
ComponentDesign
SystemArchitecture
Verification & Validation
(V&V)
ComponentTesting
SubsystemTesting
Power
Physical system (plant) Embedded system (computation)
NetworkingSensors
Actuators
Controller
PTOLEMY II
VERILOG
VHDL
Conventional V&V techniques do not scale to highly complex or adaptable systems
Experiencedarchitects must rely on accrued knowledge and heuristics to take risky decisions
Virtual Integration
5
A large number of poorly integrated languages and tools
Pierluigi Nuzzo, USC6
Learning from Logic Synthesis
d+e b+h
t4’
at2+c
t1t3+fgh
b’ h’
a
d’ e’g
f
c
inv(1) nand2(2)
nor(2)
aoi21 (3)
xor (5)
nand3 (3)
oai22 (4)
nor3 (3)F
f
gd
e
h
ba
c
nand3(3)
oai21(3)
oai21 (3)
and2(3)
inv(1)nand2(2)
High level function model Gate library
(platform)
Function
model in
netlist
Gate library
in netlist
Technology
Mapping
(covering )
Mapped design
- Separation of function and architecture
- Common language for functional and
architectural level netlists (Boolean
logic, NAND2 gate)
- Automatic mapping
restructuring restructuring
Courtesy: A. Sangiovanni-Vincentelli
Pierluigi Nuzzo, USC
Platform-Based Design
7
Implementation Space:
Application Space: System Specification
LNALNA
Platform Library
Synthesis (Optimization)
System Requirements
Behavioral and Non-Functional Models
NetworksSensors Actuators Processors Controllers
Performance
SafetyReliability
[A. Sangiovanni-Vincentelli and A. Ferrari, ‘90]
Pierluigi Nuzzo, USC8
Platform Instance
Platform Design-Space Export
Platform
(Architectural) Space
Platform Instance
Function Instance
FunctionSpace
Mapped
Platform(Architectural) Space
FunctionSpace
Platform Instance
Function Instance
Mapped
Automotive
Smart Buildings
Synthetic Biology
ASV Triangles Mixed-Signal Systems on Chip
Avionics
Pierluigi Nuzzo, USC
Platform-Based Design With Contracts
9
Abstraction Rules
Requirement Formalization
Implementation Space:
Application Space: System Specification
LNALNA
Platform Library
Synthesis (Optimization)
System Requirements
Behavioral and Non-Functional Models
RefinementRules
Composition Rules
Contracts
NetworksSensors Actuators Processors Controllers
Performance
SafetyReliability
Pierluigi Nuzzo, USC
Assume/Guarantee (A/G) Contracts
10
Contracts are Assume-Guaranteepairs
– Component properties are guaranteed under a set of assumptions on the environment
– Global properties of systems are derived based on local properties of the components
Time
Misra ‘81 Meyer ‘92
Clarke ‘98
Henzinger
‘08
Henzinger
‘01Benveniste ‘08Lamport ‘83
Raclet
‘09McMillan
‘97Sangiovanni‘12
Software Engineering and Verification
System Design
Nuzzo ‘09
vout
vin
Gain: 10
Component
Environment
Assumptions: |𝒗𝒊𝒏| ≤ 𝟐Guarantees: 𝒗𝒐𝒖𝒕 = 𝟏𝟎𝒗𝒊𝒏
Pierluigi Nuzzo, USC11
A Rigorous Calculus for Modular and Hierarchical Design
System Requirements Requirement
Component Req.
Component Design
SystemDesign
Component Design
Component Design
Component Req.
Component Req.
∧
Conjunction
≽
⊗Refinement
Composition
⊨
Modular verification of “global” properties of systems out of local properties of components
Step-wise refinement of large, complex architectures
Design reuse
Satisfaction
Pierluigi Nuzzo, USC
Vertical Contracts
12
Horizontal Contracts:
How to check or enforce compatibility?
Vertical Contracts:
How to check or enforce consistency
between the two levels?
Think about the role of design rules in physical design
Pierluigi Nuzzo, USC
Electric Power System (EPS) in “More-Electric” Aircraft
13
TerraSwarm
Pierluigi Nuzzo, USC
Aircraft Electric Power System Design
Design architecture, i.e., the set of GeneratorsBatteriesAC BusesDC BusesRectifiersTransformersTransformers & RectifiersContactorsLoadsand their interconnections
… and the control algorithm under safety, reliability and real-time performance requirements
Typical requirement: The probability that a critical bus is unpowered for more than 70 ms shall be smaller than 10-9……less than 1 failure per 100,000 years of operation!Single Line Diagram modified
from Honeywell Patent
“A Contract-Based Methodology for Aircraft Electric Power System Design,” IEEE Access, 2014
14
Loads
“A Platform-Based Methodology with Contracts and Related Tools for the Design of Cyber-Physcal Systems,” Proc. IEEE, 2015
Pierluigi Nuzzo, USC
Methodology and Tools: Summary
15
Verification and Simulation-Based Design Space Exploration
Component and Control
Design
Lower-level Implementation
Architecture Design
Cver/simCC,syn
Top-level Specification
CA,syn
Component and Contract
Library
Discrete EventHybrid
Continuous Time
and Hybrid
Static/Extra-functional
1. No AC bus shall be simultaneously powered by more than one AC source. 2. The aircraft electric power system shall provide power with the following characteristics: 115 +/- 5 V (amplitude) and 400 Hz (frequency) for AC loads and 28 +/-2 V for DC loads.3. The failure probability at an essential load must be less than 10-9 during a mission.
4. DC buses shall not be unpowered for more than 70 ms.
“Methodology and Tools for Next Generation Cyber-Physical Systems: The iCyPhy Approach,” P. Nuzzo, A. Sangiovanni-Vincentelli, R. Murray, INCOSE 2015
Pierluigi Nuzzo, USC16
Demonstrated reasoning about temporal properties of networks and integration with Natural Language Processing tools (IBM WATSON)
Aircraft Power System Design with CHASE
Inconsistent when time is less than
20 ms
Logic specification are up to 4,500 literals in size
“CHASE: Contract-Based Requirement Engineering for Cyber-Physical System Design,” P. Nuzzo et al., DATE, 2018
Application space
Implementation space (library)
Optimization
(MILP) Final architecture
(topology, routing,
mapping)
“Optimized Selection of Reliable and Cost-Effective Cyber-Physical System Architectures,” DATE’14
Dreamliner-like power system based on Honeywell patent reproduced in ~4 min
Optimized Selection of Reliable and Cost-Effective Architectures
Architecture exploration of aircraft air management systems
“A Mixed Discrete-Continuous Optimization Scheme for Cyber-Physical System Architecture Exploration,” ICCAD’15
Pierluigi Nuzzo, USC18
Boolean
Constraints
Convex
Constraints
Convex
Optimization
Mixed Integer
Programming
SAT + ConvexSAT
Solvers SMT
Solvers
Reasoning About Software and Dynamics: Satisfiability Modulo Convex Programming (SMC)
Controller Synthesis for Robotic Motion Planning[CDC’16, HSCC’17, CDC’17, ICRA’19]
Secure State Estimation [ICCPS’16, TAC 17, TECS 18]
Pierluigi Nuzzo, USC
Stochastic Contracts for CPS Design with Uncertainty
Expressed in Stochastic Signal Temporal Logic (StSTL) to support probabilistic constraints
Balance expressiveness with tractability of verification and synthesis
“The battery charge level B shall not be less than 0.3 with probability larger than or equal to 0.95”
19
AC Bus 1 AC Bus 2
GEN 1 GEN 3 GEN 2
TRU TRU
DC Bus 1
Sheddable
DC Loads 1
Non-sheddable
DC Loads 1
Battery 1
DC Bus 2
Sheddable
DC Loads 2
Non-sheddable
DC Loads 2
Battery 2
C1 C3
C2 C4
C5
C6 C7
C8 C9 C10 C11
Battery charge versus time (50 simulations)
Stochastic Model of Aircraft Power System [TECS 19]
Probabilistic Environment Model
Pierluigi Nuzzo, USC
What’s Next?
Compositional (modular, hierarchical) abstractions for CPS design
Computational tools for reasoning about the interaction between discrete and continuous models
Dealing with uncertainty
20
Thank you
21
