TY - GEN
T1 - A component-based simplex architecture for high-Assurance cyber-physical systems
AU - Phan, Dung
AU - Yang, Junxing
AU - Clark, Matthew
AU - Grosu, Radu
AU - Schierman, John
AU - Smolka, Scott
AU - Stoller, Scott
N1 - Publisher Copyright: © 2017 IEEE.
PY - 2017/11/10
Y1 - 2017/11/10
N2 - We present Component-Based Simplex Architecture (CBSA), a new framework for assuring the runtime safety of component-based cyber-physical systems (CPSs). CBSA integrates Assume-Guarantee (A-G) reasoning with the core principles of the Simplex control architecture to allow component-based CPSs to run advanced, uncertified controllers while still providing runtime assurance that A-G contracts and global properties are satisfied. In CBSA, multiple Simplex instances, which can be composed in a nested, serial or parallel manner, coordinate to assure system-wide properties. Combining A-G reasoning and the Simplex architecture is a challenging problem that yields significant benefits. By utilizing A-G contracts, we are able to compositionally determine the switching logic for CBSAs, thereby alleviating the state explosion encountered by other approaches. Another benefit is that we can use A-G proof rules to decompose the proof of system-wide safety assurance into sub-proofs corresponding to the componentbased structure of the system architecture. We also introduce the notion of coordinated switching between Simplex instances, a key component of our compositional approach to reasoning about CBSA switching logic. We illustrate our framework with a component-based control system for a ground rover. We formally prove that the CBSA for this system guarantees energy safety (the rover never runs out of power), and collision freedom (the rover never collides with a stationary obstacle). We also consider a CBSA for the rover that guarantees mission completion: All target destinations visited within a prescribed amount of time.
AB - We present Component-Based Simplex Architecture (CBSA), a new framework for assuring the runtime safety of component-based cyber-physical systems (CPSs). CBSA integrates Assume-Guarantee (A-G) reasoning with the core principles of the Simplex control architecture to allow component-based CPSs to run advanced, uncertified controllers while still providing runtime assurance that A-G contracts and global properties are satisfied. In CBSA, multiple Simplex instances, which can be composed in a nested, serial or parallel manner, coordinate to assure system-wide properties. Combining A-G reasoning and the Simplex architecture is a challenging problem that yields significant benefits. By utilizing A-G contracts, we are able to compositionally determine the switching logic for CBSAs, thereby alleviating the state explosion encountered by other approaches. Another benefit is that we can use A-G proof rules to decompose the proof of system-wide safety assurance into sub-proofs corresponding to the componentbased structure of the system architecture. We also introduce the notion of coordinated switching between Simplex instances, a key component of our compositional approach to reasoning about CBSA switching logic. We illustrate our framework with a component-based control system for a ground rover. We formally prove that the CBSA for this system guarantees energy safety (the rover never runs out of power), and collision freedom (the rover never collides with a stationary obstacle). We also consider a CBSA for the rover that guarantees mission completion: All target destinations visited within a prescribed amount of time.
KW - Assume-guarantee reasoning
KW - Collision avoidance
KW - Component-based system architecture
KW - Cyber-physical systems
KW - Simplex architecture
UR - https://www.scopus.com/pages/publications/85040984586
U2 - 10.1109/ACSD.2017.23
DO - 10.1109/ACSD.2017.23
M3 - Conference contribution
T3 - Proceedings - International Conference on Application of Concurrency to System Design, ACSD
SP - 49
EP - 58
BT - Proceedings - 17th International Conference on Application of Concurrency to System Design, ACSD 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 17th International Conference on Application of Concurrency to System Design, ACSD 2017
Y2 - 25 June 2017 through 30 June 2017
ER -