composition at scale - chess · sensor fus target rec integrated embedded common services...
TRANSCRIPT
Institute for Software Integrated SystemsVanderbilt University
Composition at Scale
Janos SztipanovitsJanos Sztipanovits18 August, 2010
Software at ScaleUC BerkeleyBerkeley, CAy,
Outline
Integration Challenge in Software Intensive Systems
Pursuing Compositionality Model-Based System Integration Approach Model-Based Integration Process Software/Systems “Wind Tunnel” Challenges Challenges
Component Integration
Functional: E.g.: Dynamics• Composability and
DigitalController
D/AS/H
PowerAmp.
PlantandSensors
Composability and compositionality are keyconcepts
A/D • Defined for carefully selectedproperties (stability, latency,power,..)Component Integration Platform (e.g. SL/SF)
Software: E.g. Timing• Decomposed into structure, interaction and behavior
p g ( g )
Comp-1 Comp-2 Comp-3 • Challenges: – composition frameworks
providing constructivityComponent Integration Platform (e.g. TTP)
providing constructivityfor essential properties
Layered Systems: Vertical Integration
Command andCommand andControlControl FormationFormation SensorSensor
ProcessingProcessing
Human OrganizationHuman Organization• Inter-layer interactionsCognitive processes
Social interaction C d d t l
Roles Layers Characteristics
System Operation LayerSystem Operation Layer
• Effects propagateacross the layers
• Efficiency and optimization
Command and control
CoordinationData distribution
SW/Component LayerSW/Component Layer
• Efficiency and optimizationdrives toward intractability
• Inter-layer relationship:
Component interactionsComponent behaviorsArchitecture
Resource management
ACCU MUXEI (8-6)
I (2-0) D(3-0) I (8-6)CK
S(3-0)
R(3-0)
I (8-0): Instruction CodeD(3-0): Input DataCK: ClockY(3-0): Output
OS/Network Layer OS/Network Layer - mapping- refinement- synthesis
Resource managementSchedulingSeparation
Timing/performanceF lt t
ALU
MUXOUT
RAMI (5-3)
CKI (8-7)
Y(3-0)
R(3 0)
ALU_OUT(3-0)Rb(3-0)
Ra(3-0)
HW/Systems LayerHW/Systems Layer • Challenges: – modeling, – constraining
i
Fault managementPower management
Heat dissipationCrossover
Materials & Devices Materials & Devices – composingRadiation effects
System of System Integration
• Heterogeneous Future Combat System
Distributed DatabaseInformation LayerI bl
Standards-BasedOpen SoftwareArchitectureCommon Operating
PictureJoint CommonDatabase
Information ManagementInformation ManagementVehicle Applications Mission Applications Business Applications Administration Applications
Human Machine Interface /Machine-Machine Interface
& P
rep
ndin
g
men
t
n n Tr
aini
ng
nt ent
t on oot
Vehicle Applications Mission Applications Business Applications Administration Applications
Human Machine Interface /Machine-Machine Interface
& P
rep
ndin
g
men
t
n n Tr
aini
ng
nt ent
t on oot
• Open Dynamic Architecture - heterogeneous
t ki
COP
Distributed DatabaseInformation LayerInteroperableexport
HQESO
nnin
g &
Prep
nder
stan
ding
t & E
xecu
tion
ion
ogni
tion
Sust
ainm
ent
Trai
ning
Warfighter Interface
DB Synchronization
InteroperabilityInteroperabilityFIOP
Foundation Infrastructure –(e.g, Network with: COMSEC Crypto Services, Mobility Enhancements, IP Network Appliqué's, )
Operating System
Operating System Abstraction Services
Network InfrastructureServices
SOS Framework ServicesCOTSNDI
SOS Operations ServicesInformation Assurance (IA) Network Mgt (NM) Information Dissemination Mgt (IDM)
Application Program Interfaces –Common Services
COTSNDI
Mis
sion
Pla
nnin
g &
Situ
atio
n U
nder
sta
Bat
tle C
omm
and
Inte
grat
ed S
usta
inm
Targ
et R
ecog
nitio
nS
enso
r Fu
sion
Em
bedd
ed M
issi
on
Nav
igat
ion
Con
trol
s
Pro
puls
ion
Hyd
raul
ic
Ele
ctric
alFu
el S
ys
Hea
lth M
anag
emen
Eng
inee
ring
Pro
cure
men
tFa
cilit
ies
Logi
stic
sP
erso
nnel
Tran
spor
tatio
n
Dis
posa
l
Sys
tem
Man
agem
eR
emot
e Se
rver
Mgt
Sof
twar
e D
istr
ibut
i
Use
r Man
agem
ent
Sof
twar
e U
pgra
deS
oftw
are
Inst
all
Rem
ote
Trou
bles
ho
Foundation Infrastructure –(e.g, Network with: COMSEC Crypto Services, Mobility Enhancements, IP Network Appliqué's, )
Operating System
Operating System Abstraction Services
Network InfrastructureServices
SOS Framework ServicesCOTSNDI
SOS Operations ServicesInformation Assurance (IA) Network Mgt (NM) Information Dissemination Mgt (IDM)
SOS Operations ServicesInformation Assurance (IA) Network Mgt (NM) Information Dissemination Mgt (IDM)
Application Program Interfaces –Common Services
COTSNDI
Mis
sion
Pla
nnin
g &
Situ
atio
n U
nder
sta
Bat
tle C
omm
and
Inte
grat
ed S
usta
inm
Targ
et R
ecog
nitio
nS
enso
r Fu
sion
Em
bedd
ed M
issi
on
Nav
igat
ion
Con
trol
s
Pro
puls
ion
Hyd
raul
ic
Ele
ctric
alFu
el S
ys
Hea
lth M
anag
emen
Eng
inee
ring
Pro
cure
men
tFa
cilit
ies
Logi
stic
sP
erso
nnel
Tran
spor
tatio
n
Dis
posa
l
Sys
tem
Man
agem
eR
emot
e Se
rver
Mgt
Sof
twar
e D
istr
ibut
i
Use
r Man
agem
ent
Sof
twar
e U
pgra
deS
oftw
are
Inst
all
Rem
ote
Trou
bles
ho
networking - heterogeneouscomponents
UE/HQESO
EPLRSSINCGARSVHF
Link 4ALink 11Link 16WIN T
Mis
sion
Pla
Situ
atio
n U
n
Battl
e M
gmt
Sens
or F
us
Targ
et R
eco
Inte
grat
ed S
Embe
dded
T
Common Services
Information Management
Computing and Networking
HQ
BattleCommand
Reachback
HHQ XX
InteroperabilityInteroperability
• Very high level concurrency with complex interactions
WIN-T Hierarchical Ad-Hoc Network
DataImagesVoice
UGS
WNW WNW
stubnetJTRS
• Challenges: – understanding and– predicting behaviorL COP L COP L COP L COP
Video Vetronics
Common VehicleSubsystems
EO/IR EO/IRSAR/MTI
PlatformPlatformNetworked CommandNetworked Command
Outline
Integration Challenge in Software Intensive Systems
Pursuing Compositionality Model-Based System Integration Approach Model-Based Integration Process Software/Systems “Wind Tunnel” Challenges Challenges
Integration Inside AbstractionLayers: Composition
Plant DynamicsModels
Controller Models
Dynamics: • Properties: stability, safety, performance• Abstractions: continuous time, functions,
signals, flows,…Ph i l d i
1( ) ( ( ), ..., ( ))p jB t B t B t
s g a s, o s,Physical design
SoftwareArchitecture
Models
Software Component
CodeS ft d i
Software : • Properties: deadlock, invariants,
security,…• Abstractions: logical-time concurrency
1( ) ( ( ), ..., ( ))c kB i B i B i
Software design Abstractions: logical time, concurrency, atomicity, ideal communication,..
System Architecture
Models
ResourceManagement
Models
Systems : • Properties: timing, power, security, fault
toleranceAb t ti di t ti d l
1( ) ( ( ), ..., ( ))j p i k iB t B t B t
Sztipanovits: 8
System/Platform Design • Abstractions: discrete-time, delays, resources, scheduling,
Integration Across Abstraction Layers: Much Unsolved Problems
Plant DynamicsModels
Controller Models
Ph i l d i
Controller dynamics is developedwithout considering implementation uncertainties (e.g. word length, clock accuracy ) optimizing performancePhysical design accuracy ) optimizing performance.
Assumption: Effects of digital implementationcan be neglectedX
SoftwareArchitecture
Models
Software Component
Code
Software architecture models are developed without explicitly consideringsystems platform characteristics, eventhough key behavioral properties
Software design depend on it.
Assumption: Effects of platform properties can be neglectedX
System Architecture
Models
ResourceManagement
Models
System-level architecture defines implementation platform configuration. Scheduling, network uncertainties, etc. are introduce time variant delays that may
X
Sztipanovits: 9
System/Platform Design introduce time variant delays that may require re-verification of key properties on all levels.
Challenge to Compositionality: Heterogeneity
• Consequence of the lack of composability across system layers– intractable interactions– unpredictable system level behavior– full-system verification does not scale
• Active research: simplification strategies– Decoupling: Use design concepts that
decouple systems layers for selectedproperties p p
– Cross-layer Abstractions: Develop methods that can handle effects of cross-layer i t ti
Sztipanovits: 10
interactions
Decoupling Example 1: Robust Implementation of R-T Systems
Abdellatif, Combaz, Sifakis [2010]:Model Based Implementation ofModel-Based Implementation of Real-Time Applications
Abstract Model • : Based on Logical Execution Time (LET)
Based on Timed Automata Actions are atomic and timeless
M
implementationtime safety:
They can be executed after release time andbefore the due time
• : : real-time system Models the behaviorM
Real-Time Model
• : : real-time system. Models the behaviorof the software on a platform. Actions are assigned with WCET
M
Sztipanovits: 11
time robustness
Decoupling Example 1: Robust Implementation of R-T Systems
Abdellatif, Combaz, Sifakis [2010]:Model Based Implementation of
However, essential system properties such as stability safetyModel-Based Implementation of
Real-Time Applicationsproperties such as stability, safety, performance are expressed interms of physical behavior
Abstract Model • : Based on Logical Execution Time (LET)
Based on Timed Automata Actions are atomic and timeless
M
implementationtime safety:
They can be executed after release time andbefore the due time
• : : real-time system Models the behaviorM
Real-Time Model
• : : real-time system. Models the behaviorof the software on a platform. Actions
are assigned with WCET
M
Sztipanovits: 12
time robustness
Decoupling Example 2: Passive Dynamics
Physical models
Goals:
• Compositional verification ofpessential dynamic properties
− stability− safetyimplementation
Abstract Model
• Passivity guarantees stabilityindependently from implementation induced
t i ti
implementation
uncertainties− time varying delays− network uncertainties
(packet drops delays)
time safety:
Real-time Model
(packet drops, delays)• Decreased verification complexity
Kottenstette N J Hall X Koutsoukos P J
Sztipanovits: 13
time robustness
Kottenstette, N., J. Hall, X. Koutsoukos, P. J. Antsaklis, and J. Sztipanovits, "Digital Control of Multiple Discrete Passive Plants Over Networks", Int. J. of Systems, Control and Communications 2010
Illustration of Passive Dynamics
Experimental Setup Joint Angle and Reference
• Two CrustCrawler robotic arms Time delay (Robot 2 and PJ)arms– 4 DOF with AX-12 smart
servos at each joint• Novint haptic paddle
Sztipanovits: 14
Novint haptic paddle• Five networked Windows
PCs with Matlab/Simulink
Open Research Problems
• Extend theory for decoupling
• Develop theory of compositionality among system layers• Develop theory of compositionality among system layers(vertical composition)
E t d iti lit f lti l ti• Extend compositionality for multiple properties, e.g. stability, safety and invariants
• Exploit compositionality in software synthesis
Sztipanovits: 15
Outline
• Integration Challenge in Software Intensive Systems
• Pursuing Compositionality• Model-Based System Integration
– Approach– Model-Based Integration Process– Software/Systems “Wind Tunnel”
Challenges– Challenges
Sztipanovits: 16
System of System Integration
Future Combat System
Distributed DatabaseInformation LayerInteroperable
Standards-BasedOpen SoftwareArchitectureCommon Operating
PictureJoint CommonDatabase
Information ManagementInformation ManagementVehicle Applications Mission Applications Business Applications Administration Applications
Human Machine Interface /Machine-Machine Interface
lann
ing
& P
rep
Und
erst
andi
ngm
man
d
d Su
stai
nmen
t co
gniti
on
usio
n
d M
issi
on T
rain
ing
n n nage
men
t
ng ent
atio
n
anag
emen
ter
ver M
gtD
istr
ibut
ion
agem
ent
Upg
rade
nsta
ll
roub
lesh
oot
Vehicle Applications Mission Applications Business Applications Administration Applications
Human Machine Interface /Machine-Machine Interface
lann
ing
& P
rep
Und
erst
andi
ngm
man
d
d Su
stai
nmen
t co
gniti
on
usio
n
d M
issi
on T
rain
ing
n n nage
men
t
ng ent
atio
n
anag
emen
ter
ver M
gtD
istr
ibut
ion
agem
ent
Upg
rade
nsta
ll
roub
lesh
oot
• Heterogeneous
COP
Interoperableexport
HQESO
lann
ing
& Pr
ep
Und
erst
andi
ng
mt &
Exe
cutio
n
usio
n
cogn
ition
d Su
stai
nmen
t
d Tr
aini
ng
Warfighter Interface
DB Synchronization
InteroperabilityInteroperabilityFIOP
Foundation Infrastructure –(e.g, Network with: COMSEC Crypto Services, Mobility Enhancements, IP Network Appliqué's, )
Operating System
Operating System Abstraction Services
Network InfrastructureServices
SOS Framework ServicesCOTSNDI
SOS Operations ServicesInformation Assurance (IA) Network Mgt (NM) Information Dissemination Mgt (IDM)
Application Program Interfaces –Common Services
COTSNDI
Mis
sion
PS
ituat
ion
UB
attle
Com
Inte
grat
edTa
rget
Rec
Sen
sor
Fu
Em
bedd
ed
Nav
igat
ion
Con
trol
s
Pro
puls
ion
Hyd
raul
icE
lect
rical
Fuel
Sys
Hea
lth M
a
Eng
inee
rinP
rocu
rem
eFa
cilit
ies
Logi
stic
sP
erso
nnel
Tran
spor
ta
Dis
posa
l
Sys
tem
Ma
Rem
ote
SeS
oftw
are
D
Use
r Man
aS
oftw
are
US
oftw
are
I
Rem
ote
Tr
Foundation Infrastructure –(e.g, Network with: COMSEC Crypto Services, Mobility Enhancements, IP Network Appliqué's, )
Operating System
Operating System Abstraction Services
Network InfrastructureServices
SOS Framework ServicesCOTSNDI
SOS Operations ServicesInformation Assurance (IA) Network Mgt (NM) Information Dissemination Mgt (IDM)
SOS Operations ServicesInformation Assurance (IA) Network Mgt (NM) Information Dissemination Mgt (IDM)
Application Program Interfaces –Common Services
COTSNDI
Mis
sion
PS
ituat
ion
UB
attle
Com
Inte
grat
edTa
rget
Rec
Sen
sor
Fu
Em
bedd
ed
Nav
igat
ion
Con
trol
s
Pro
puls
ion
Hyd
raul
icE
lect
rical
Fuel
Sys
Hea
lth M
a
Eng
inee
rinP
rocu
rem
eFa
cilit
ies
Logi
stic
sP
erso
nnel
Tran
spor
ta
Dis
posa
l
Sys
tem
Ma
Rem
ote
SeS
oftw
are
D
Use
r Man
aS
oftw
are
US
oftw
are
I
Rem
ote
Tr
• Open Dynamic Architecture - heterogeneousnetworking
UE/HQESO
EPLRSSINCGARSVHF
Link 4ALink 11Link 16WIN T
Mis
sion
Pl
Situ
atio
n U
Battl
e M
gm
Sens
or F
u
Targ
et R
e
Inte
grat
ed
Embe
dded
Common Services
Information Management
Computing and Networking
HQ
BattleCommand
Reachback
HHQ XX
networking - heterogeneouscomponents
WIN-T Hierarchical Ad-Hoc Network
DataImagesVoiceVideo V t i
UGS
WNW WNW
stubnetJTRS
• Very high level concurrency with complex interactions
L COP L COP L COP L COP
Video Vetronics
Common VehicleSubsystems
EO/IR EO/IRSAR/MTI
Networked CommandNetworked Command
• Challenges: – understanding and– predicting behavior
Sztipanovits: 17
How to achieve predictability with limited/partial composability?
PlatformPlatformNetworked CommandNetworked Command
Real-Life SoS Development
• All integration categories are present (component, layer, SoS)SoS)
• Systems are evolving along “spiral-outs”• New technical challenges are emerging and potentialNew technical challenges are emerging and potential
solutions need to be rapidly explored• All layers of the system are subject to modifications,
there are no well defined synchronization points in the development process
• Integration is inherently incremental; deployedIntegration is inherently incremental; deployed systems need to be integrated with components on different level of maturity: prototypical and with i l t d t / t
Sztipanovits: 18
simulated systems/components.
How Is It Solved Today?
• Systems are integrated when all components are delivered
– Acquisition pushes in this direction
• Integration means: “Make it working somehow” • System Integration Labs do not offer support for
spiral developmentTh i h t d l ith i l t• There is no approach to deal with incomplete specifications and components
System Integration is the highest risk most
Sztipanovits: 19
System Integration is the highest risk, most expensive, least predictable step in SoS development
Emerging Solution: Model-Based Integration
Apply Models Earlypp y y Apply Models Often Use Every OpportunityUse Every Opportunity Requirements/Architecture Integration Architecture/Design Integration Design Assessment/Verification Prototyping/Scaling Implementation Scaling
Testing Testing
Tool Chain for Architecture Exploration in FCS
ADeVS, IONS RELEX
Excel
Component
SystemModelSegment
IDD
GReATTransform
SystemIntegration
SystemComponentAdapters
C++______________________________
IDL______________________________
SystemIntegrationTest Harness
C++______________________________
IDL________________________
GReATTransform
XML______
RoseCAT file
RuntimeGlue(Deployed)
______
IntegrationLaboratoryTools
________________________
Risk Mitigation: SurrogateModeling and Synthesis
GME System Models
GME Component ModelsDeployment Instance Topology Networks
GME Component Models
Interfaces,Business
Interfaces
Code GeneratorCode Generator
BusinessLogic
InputInterfaces
OutputInterfaces
BusinessLogic(Generated)
InputInterfaces
OutputInterfaces
AcquiredBusinessLogic
“Real”BC
“Real”BC
BC Surrogate Component
(Generated)
System Of Systems Common Operating Environment
BC Surrogate Component
Logic ComponentComponent
Outline
• Integration Challenge in Software Intensive Systems
• Pursuing Compositionality• Model-Based System Integration
– Approach– Model-Based Integration Process– Software/Systems “Wind Tunnel”
Challenges– Challenges
Sztipanovits: 23
Heterogeneous Simulation Integration
Organization/Coordination Controller/Vehicle Dynamics Processing (Tracking) 3-D Environment (Sensors)
CPN Devs Delta3DSL/SFCPNAdaptive Human
Organization
MixedInitiative
Controller
Context Dep.Command
Interpretation
AdaptiveResourceAllocation
Coordination Decision Support
HCI AbstractCommands
PlatformCommands
AssignedPlatform
Commands
CPN Devs Delta3DSL/SF
How can we integrate the models?How can we integrate the simulated heterogeneous system components?H i t t th i l ti i ?
CPN
Data Distribution Network
Support
PlatformStatus
COPElements
COPElements
COPElements
Model-Integrated System and Software Laboratory Environment: C2 Windtunnel
How can we integrate the simulation engines?
GME GMESimulation Interaction Simulation Architecture
OMNETNetwork Architecture
Model-based Integration Architecture
“Virtual”
Model Integration LayerComponents
ExperimentSpecification
& ConfigurationController
ModelsNetworkModels
Org.Models
FusionModels
Models
Env.Models
Si l ti I t ti Pl tf (HLA)
Instrumentation Layer
DEVSFederate.
OmNet++Federate
CPNFederate.
OGREFederate
SimulinkFederate
Instrumentation Layer
Run-time
Simulation Data Distribution/Communication Middleware
Simulation Integration Platform (HLA)
Distributed Simulation PlatformDistributed Simulation Platform
https://wiki.isis.vanderbilt.edu/OpenC2WT
Experiments: Impact of Cyber Attacks
Network attack: A sub-network with hundreds of zombie nodes attacks a critical
router on the main network. Flood attack on udp, tcp or ping p, p p g
Full Zombie subnet
network
Outline
Integration Challenge in Software Intensive Systems
Pursuing Compositionality Model-Based System Integration Approach Model-Based Integration Process Software/Systems “Wind Tunnel” Challenges Challenges
Open Research Problems: Modeling at Scale
Model Versioning Granularity Semantic conflict detection with DSL extensibility
C di ti d l i i Coordinating model versioning with evolving modeling languages, tools, and tool
integration frameworksintegration frameworks with other development artifacts
Collaborative distributed modelingCollaborative distributed modeling Conflict visualization and collaborative resolution Merge consistency guarantees
Summary
• System Integration is a grand challengef i i l l tof engineering large-scale systems
• Composition/compositionality have practical and theoretical limits in complexpractical and theoretical limits in complex heterogeneous systems
• Model-based methods provide promising• Model-based methods provide promising solutions for hard problems
Sztipanovits: 29