DOCSLIB.ORG

A Methodology for Model-Based Development and Safety Analysis of Transport Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Methodology for Model-Based Development and Safety Analysis of Transport Systems A Methodology for Model-based Development and Safety Analysis of Transport Systems Simon Hordvik1, Kristoffer Øseth1, Jan Olaf Blech2 and Peter Herrmann1 1Norwegian University of Science and Technology, Trondheim, Norway 2RMIT University, Melbourne, Australia Keywords: Software Engineering, Spatial Modeling, Cyber-physical Systems. Abstract: We present a method to engineer the control software of transport systems and analyze their safety using the Reactive Blocks framework. The development benefits from the model-based approach and makes the analysis of the systems at design time possible. The software is analyzed for freedom of collisions and other spatiotem- poral properties by combining test runs of already existing devices to find out their physical constraints with the analysis of simulation runs using the verification tool BeSpaceD. This allows us to discover potential safety hazards already during the development of the control software. In particular, we introduce a methodology for the engineering and safety analysis of transportation systems and elaborate its practical usability by means of a demonstrator based on Lego Mindstorms. 1 INTRODUCTION spatiotemporal properties in safety-critical systems. It has been deployed in several applications imple- In the development of control software for transport mented with Reactive Blocks and simulated in the and other cyber-physical systems, safety is a ma- Java software environment, e.g., (Han et al., 2015; jor challenge to achieve (Lee, 2008). Particularly, Herrmann et al., 2016). one has to analyze the software for compliance with A contribution of this paper is a methodology that spatiotemporal properties like guaranteeing a suffi- defines the various engineering and analysis steps of cient safety distance between devices at all times. the control software development process. It allows This is mostly achieved by intensive and costly test- us to combine the analysis of kinematic behavior and ing of the software for functional and quality of ser- other data obtained by gauging existing devices with vice attributes. To ease the analysis effort, we sup- the simulation and formal verification of the control plement traditional test-based development by apply- software in order to guarantee that a device fulfills ing a model-based software engineering technique. certain spatiotemporal properties. An example for Its formal semantics facilitates the use of automatic measured data is the worst-case braking distance of model-checking and provers that can detect flaws in a train that is observed by testing an actual unit. It is the control software. Since we perform the checks directly considered in a BeSpaced verification prov- on the models and not on the later code, these flaws, ing that the control software causes the train to brake which might be sources for violations of spatiotempo- sufficiently early such that collisions with other trains ral properties, are discovered early making the overall are prevented. development process more cost effective than plain We apply the methodology by developing the con- system testing. trol software of a demonstrator which is built with As a model-driven development tool, we chose Lego Mindstorms together with additional sensors Reactive Blocks (Kraemer et al., 2009). It provides and servers. Lego Mindstorms offers the necessary the ability to reuse and share building blocks. Fur- hardware components needed to build a physical au- ther, Reactive Blocks enables us to simulate data and tonomous rail-based system. It is an affordable way to control flows, to model check the building blocks for create demonstrators such as robots, that can be used functional correctness, and to create executable code in hobby settings as well as research. Event-driven automatically. Moreover, we use BeSpaceD (Blech software can be run on the Lego Mindstorms compo- and Schmidt, 2014), which enables the verification of nents enabling the control entities to execute actions 91 Hordvik, S., Øseth, K., Blech, J. and Herrmann, P. A Methodology for Model-based Development and Safety Analysis of Transport Systems. In Proceedings of the 11th International Conference on Evaluation of Novel Software Approaches to Software Engineering (ENASE 2016), pages 91-101 ISBN: 978-989-758-189-2 Copyright c 2016 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved ENASE 2016 - 11th International Conference on Evaluation of Novel Software Approaches to Software Engineering based on input received from the different types of Development of Initial Control Software sensors. We describe the Lego Mindstorms demon- strator as well as the various development steps fol- Prototype Testing of Initial Software lowing the methodology. Reactive Blocks and BeSpaceD are introduced in Development of Extended Control Software Sect. 2 followed by the presentation of the method- ology in Sect. 3. In Sect. 4, the demonstrator is dis- Software Analysis with BeSpaceD cussed while Sect. 5 describes the development of its software based on the methodology. Section 6 refers Transformation into Executable Code to experience with the approach and in Sect. 7 we present related work. In Sect. 8, we conclude and Figure 1: Methodology overview. name some ideas for future work. abstraction and reduction. It enables the creation of verification goals for SAT and SMT solvers and pro- vides connections to these tools. Thus, these solvers 2 REACTIVE BLOCKS AND can be used based on much more concrete models BESPACED than their traditional inputs. On the other hand, Be- SpaceD models are more abstract than typical use- The model-driven engineering technique Reactive case specific (meta-)models that are used in case spe- Blocks is a tool-set for the development of reac- cific tools. From an expressiveness point of view, SAT tive software systems (Kraemer et al., 2009). A and SMT offer the specification elements of propo- system model consists of an arbitrary number of sitional logic (+ Presburger arithmetic (Presburger, building blocks, i.e., models of subsystems or sub- 1929)). Semantically, using BeSpaceD the notions functionalities, that are composed with each other. A of time and space are added. Other semantic carry- major advantage of this modeling method is its reuse ing elements are available: They are treated as predi- potential since a building block can comprise sub- cate parameters and have to be resolved in programs functionality that is useful in many different applica- building on the BeSpaceD frameworks or queries to tions. The building block is specified once, stored in BeSpaceD. a tool library, and, when needed, moved into a system BeSpaceD is written in Scala and compatible with model by simple drag and drop. The behavior of a Eclipse/Java. The modeling language is based on building block is modeled by UML activities that may abstract datatypes and integrates with the Scala lan- contain UML call behavior actions representing its in- guage. It is possible to write one’s own programs that ner building blocks. These inner blocks are also spec- construct BeSpaceD models and to write code using ified by UML activities such that the approach scales. BeSpaceD functionality for checking it. In fact, as The interface of a building block is specified by an shown in (Herrmann et al., 2016; Han et al., 2014), External State Machine (ESM) that describes the ab- an extension of Reactive Blocks is able to transfer its breviated interface behavior of the block (Kraemer models to BeSpaceD models such that they can be di- and Herrmann, 2009). To make analysis of functional rectly analyzed for spatiotemporal properties. correctness by model checking possible, the activi- ties and ESMs are supplemented with formal seman- tics (Kraemer and Herrmann, 2010). Moreover, Re- active Blocks enables the automatic transformation of 3 METHODOLOGY system models into well-performing Java code (Krae- mer et al., 2006). Some tool extensions allow us to an- The creation of control software for transport systems alyze models also for safety (Slatten˚ et al., 2011) and requires knowledge about central kinematic proper- probabilistic real-time (Han et al., 2013; Han et al., ties like braking distances or maximum accelerations. 2014) properties. Since the systems and their environments are often BeSpaceD is a constraint solving and non- too complex to gain such data exclusively by simu- classical model checking framework (Blech and lation, it has to be gathered by testing and observing Schmidt, 2014; Blech and Schmidt, 2013). It em- prototypes. This feature is considered by our method- phasizes particularly on dealing with models of cyber- ology (see Fig. 1). It consists of five major steps: physical systems that usually comprise a large amount 1. In parallel to the development of the physical de- of time and space-based aspects. BeSpaceD provides vice, an initial version of the control software is a modeling language and a library to reason on mod- engineered with Reactive Blocks. This first model els, using techniques such as state-space exploration, already contains several functions that will also be 92 A Methodology for Model-based Development and Safety Analysis of Transport Systems used later in the final version, e.g., the access to sensors and actuators. The functions guarantee- ing safety, however, are either not implemented or 4 based on initial data concluded from simulations resp. experience with previous versions. 3 2. Code is generated from the initial Reactive Blocks model and used in the prototypes which are tested
Load more

Recommended publications
  • Model-Based Engineering and Spatiotemporal Analysis of Transport Systems
    Model-based Engineering and Spatiotemporal Analysis of Transport Systems Simon Hordvik1, Kristoffer Øseth1, Henrik Heggelund Svendsen1, Jan Olaf Blech2, and Peter Herrmann1 1 NTNU, Trondheim, Norway, fsimon.hordvik, kristoffer.oseth, [email protected], [email protected] 2 RMIT University, Melbourne, Australia, [email protected] Abstract. To guarantee that modern transport systems carry their pas- sengers in a safe and reliable way, their control software has to fulfill ex- treme safety and robustness demands. To achieve that, we propose the model-based engineering of the controllers using the tool-set Reactive Blocks. This leads to models in a precise formal semantics that can be formally analyzed. Thus, we can verify that a transport system prevents collisions and fulfills other spatiotemporal properties. In particular, we combine test runs of already existing devices to find out their physical constraints with the analysis of simulation runs using the verification tool BeSpaceD. So, we can discover potential safety hazards already during the development of the control software. A centerpiece of our work is a methodology for the engineering and safety analysis of transportation systems. We elaborate its practical usability by means of two control systems for a demonstrator based on Lego Mindstorms. This paper is an extension of [20]. Keywords: Software engineering, spatial modeling, cyber-physical sys- tems. 1 Introduction In the development of control software for transport and other cyber-physical systems, safety is a major challenge to achieve [25]. Particularly, one has to analyze the software for compliance with spatiotemporal properties like guaran- teeing a sufficient safety distance between devices at all times.
    [Show full text]
  • Self-Adaptive Control in Cyber-Physical Systems: the Autonomous Train Experiment
    Self-Adaptive Control in Cyber-Physical Systems: The Autonomous Train Experiment Alexander Svae Amir Taherkordi NTNU Trondheim, Norway NTNU Trondheim and [email protected] University of Oslo, Norway amirhost@ifi.uio.no Peter Herrmann Jan Olaf Blech NTNU Trondheim, Norway RMIT University, Australia [email protected] [email protected] ABSTRACT gent information handling and communication technologies to pro- Autonomous systems become more and more important in today’s vide innovative services for traffic management and transport in or- transport sector. They often operate in dynamic environments in der to avoid traffic congestions and accidents [3]. As an interdisci- which unpredictable events may occur at any time. These events plinary field of research, ITS development requires cosnidration to may affect the safe operation of vehicles, calling for highly effi- many different areas such as electronics, control, communications, cient control software technologies to reason about and react on sensing, robotics, signal processing and information systems [7]. their appearance. A crucial efficiency parameter is timeliness as As advanced Cyber-Physical Systems (CPS), the operation of ITS vehicles often operate under high speed. The contribution of this depends on complex yet reliable and seamless interactions between paper is the presentation and analysis of design aspects of dynamic the computer systems of a vehicle and its physical components. control software in the context of an autonomous train experiment. While most of these systems are operated by humans, fully au- This is achieved through a self-adaptation software framework in- tonomous means of transport become more popular. In order to tended for autonomous trains and built on a demonstrator using guarantee safety, robustness, efficiency, performance, and security, Lego Mindstorms.
    [Show full text]
  • A Methodology for Model-Based Development and Safety Analysis of Transport Systems
    A Methodology for Model-based Development and Safety Analysis of Transport Systems Simon Hordvik1, Kristoffer Øseth1, Jan Olaf Blech2 and Peter Herrmann1 1Norwegian University of Science and Technology, Trondheim, Norway 2RMIT University, Melbourne, Australia fsimon.hordvik, kristoff[email protected], [email protected], [email protected] Keywords: Software engineering, spatial modeling, cyber-physical systems. Abstract: We present a method to engineer the control software of transport systems and analyze their safety using the Reactive Blocks framework. The development benefits from the model-based approach and makes the analysis of the systems at design time possible. The software is analyzed for freedom of collisions and other spatiotemporal properties by combining test runs of already existing devices to find out their physical constraints with the analysis of simulation runs using the verification tool BeSpaceD. This allows us to discover potential safety hazards already during the development of the control software. In particular, we introduce a methodology for the engineering and safety analysis of transportation systems and elaborate its practical usability by means of a demonstrator based on Lego Mindstorms. 1 Introduction to simulate data and control flows, to model check the building blocks for functional correct- In the development of control software for ness, and to create executable code automati- transport and other cyber-physical systems, cally. Moreover, we use BeSpaceD (Blech and safety is a major challenge to achieve (Lee, 2008). Schmidt, 2014), which enables the verification of Particularly, one has to analyze the software for spatiotemporal properties in safety-critical sys- compliance with spatiotemporal properties like tems.
    [Show full text]
  • List of Projects Using Raspberry Pi with Advance View: 1
    List of Projects using Raspberry Pi with advance view: 1. Home/Hotel Monitoring System with Automated controls A cloud connected prototype to monitor and control any hotel or can be home, The system is connected to an android application. Story Everyday we see a changing trend in technology and no matter wh has changed the way we live today and…... Listed under: Metering - Instrument Projects, Sensor - Transducer - Detector Projects 2. JQR Quadruped Autonomous Robot With a lot of inspiration from Boston Dynamics projects, I'm trying to make something great w million dollars. Story JQR Quadruped Robot is a DIY project with the main objective to build an autonomous, legged robot that wi people in many activities. The project…... Listed under: Robotics - Automation Projects 3. Raspberry Pi Web-Controlled Robot with Video Simple Raspberry Pi web-controlled robot with video live streaming. Story gatoBo gato is the spanish translation for cat. A web controlled Raspberry Pi Zero W Robot with live video streaming. This is something I b order to bother my cats. About Raspberry Pi Wikipedia: The Raspberry Pi is a…... Listed under: Robotics - Automation Projects 4. Alexa Messenger for Whatsapp Text anyone at anytime without even holding your phone or type a single letter with Alexa Messen Story Alexa Messenger for Whatsapp Did you ever want to text your friend but you are always busy or just not comfortable wit phone small screen…... Listed under: Other Projects 5. Archimedes: The AI Robot Owl A wearable robotic owl familiar. Archimedes judges your emotions, via Google AIY. Story As feature in Make: Magazine! This is a robotic owl that looks around for cool people, and can tell whether you're happy or upset.
    [Show full text]
  • EDCK 4001 Everyware Cloud Development Kit
    EDCK 4001 Everyware Cloud Development Kit • Production Grade • Hands-on Learning • Preinstalled IoT Application • Simulation of Industrial Use Cases • Ready to Go Production Grade - Leverages production-grade hardware, software and services to provide a familiar development environment to Embedded, IT and OT developers Hands-on Learning - Shows every building block of a sophisticated industrial IoT application, how to create a bidirectional connection with the Cloud and how to do remote management Preinstalled IoT Application - Provides a real-world example where a IoT Edge Gateway and a PLC are used to create a link between the Cloud and the Field Simulation of Industrial Use Cases - Includes support for ModBus and a PLC, it is designed to be expandable beyond the included example, and to interface with other user devices Ready to Go - Packages HW, SW, a Cloud license and accessories to get started immediately The EDCK 4001 is a Development Kit for Everyware Cloud that provides a learning environment and a testbed for industrial IoT applications; it targets professional developers with an Embedded, IT or OT background. Creating an End-to-End solution typically requires bridging Field devices with Cloud-based services; the EDCK 4001 replicates a complete scenario, in which the field devices are simulated by a panel that provides some data sources and receivers (buttons, LEDs, etc). The bidirectional data and command flow between the Cloud and the Field is managed by a Gateway, which is connected to a PLC that controls the panel. The preinstalled IoT application shows how to implement a complete solution, including remote device management and OTA package deployment.
    [Show full text]
  • 1597761580Cf56f542.Pdf
    Edited by Carlos Rafael Fernandes Picanço Luiz Alexandre Barbosa de Freitas Hernando Borges Neves Filho Introduction to software development for behavior analysts Volume 2 1st Edition © 2020 Associação Brasileira de Psicologia e Medicina Comportamental, Campinas, São Paulo, Brasil. ISBN 978-65-87203-01-0 E-book for free online distribution. Associação Brasileira de Psicologia e Medicina Comportamental – ABPMC Campinas, São Paulo, Brasil, 2020 _ Administrative Board 2019-2020 Executive Board President: João Vicente Marçal Vice-president: Denise Lettieri First secretary: Gustavo Tozzi Second secretary: Elisa Sanabio Heck First treasurer: Flávio da Silva Borges Second treasurer: Cristiano Coelho Editora ABPMC's Editorial Board Angelo A. S. Sampaio César A. Alves da Rocha Diego Zilio Giovana Munhoz da Rocha Monalisa F. F. C. Leão About the book Editorial supervision: Editora ABPMC's Editorial Board Cover: Edmilson Pinto da Silva Junior Layout: Carlos Rafael Fernandes Picanço Support: Imagine Tecnologia Comportamental Authors Brent A. Kaplan Dr. Brent Kaplan received his PhD from the Applied Behavioral Economics Laboratory at the University of Kansas and completed his postdoctoral training at the Fralin Biomedical Research Institute at VTC. He currently works with Dr. Mikhail Koffarnus as a Research Assistant Professor in the Department of Family and Community Medicine at the University of Kentucky. His research interests focus on applying behavioral economic concepts to understand drug abuse and drug valuation. His other research interests include novel applications of behavioral economics and integrating contemporary technology into data analysis and dissemination. Carlos Rafael Fernandes Picanço Dr. Rafael Picanço received his doctorate in Psychology from the graduate Program of Behavior Theory and Research at the Federal University of Pará.
    [Show full text]
  • A Survey on Visual Programming Languages in Internet of Things
    Hindawi Scientific Programming Volume 2017, Article ID 1231430, 6 pages https://doi.org/10.1155/2017/1231430 Review Article A Survey on Visual Programming Languages in Internet of Things Partha Pratim Ray Department of Computer Applications, Sikkim University, Gangtok, Sikkim 737102, India Correspondence should be addressed to Partha Pratim Ray; [email protected] Received 31 October 2016; Accepted 19 February 2017; Published 8 March 2017 Academic Editor: Alok Mishra Copyright © 2017 Partha Pratim Ray. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Visual programming has transformed the art of programming in recent years. Several organizations are in race to develop novel ideas to run visual programming in multiple domains with Internet of Things. IoT, being the most emerging area of computing, needs substantial contribution from the visual programming paradigm for its technological propagation. This paper surveys visual programming languages being served for application development, especially in Internet of Things field. 13 such languages are visited from several popular research-electronic databases (e.g., IEEE Xplore, Science Direct, Springer Link, Google Scholar, Web of Science, and Postscapes) and compared under four key attributes such as programming environment, license, project repository, and platform supports. Grouped into two segments, open source and proprietary platform, these visual languages pertain few crucial challenges that have been elaborated in this literature. The main goal of this paper is to present existing VPLs per their parametric proforma to enable na¨ıve developers and researchers in the field of IoT to choose appropriate variant of VPL for particular type of application.
    [Show full text]
  • Robust Low-Level ITS Architecture Using Osgi, Reactive Blocks and OPC-UA
    Robust Low-level ITS Architecture using OSGi, Reactive Blocks and OPC-UA Snorre Lothar von Gohren Edwin Master of Science in Communication Technology Submission date: Januar 2014 Supervisor: Frank Alexander Krämer, ITEM Co-supervisor: Jo Skjermo, SINTEF Norwegian University of Science and Technology Department of Telematics Robust low­level ITS architecture using OSGi, Reactive Blocks and OPC­UA Many ITS stations today are still in the research phase and “Statens Vegvesen” are moving forward with new improvements. This thesis will study how OSGi and Reactive Blocks can aid in creating an application which is robust and ready for improvements on the fly. In the end, a scenario is desirable in which ITS applications can be built from Reactive Blocks, where specific capabilities of an ITS station are represented by corresponding building blocks, and the specific application logic can be expressed by combining the blocks accordingly. Generic functions like lifecycle management, service discovery, consistent startup and graceful failures should also be modeled in an understandable way, so that it is easy to upgrade and develop new functions for the ITS stations. This task will work directly with “Statens Vegvesen” and some of their test stations they have in their regulation. Source code should be made available and virtual test environments can be used. Interesting questions: ● How can the application be made robust in terms of error handling and edge cases? ● How can the application be upgraded without any inconvenience? ● How can the application
    [Show full text]
  • EDCK 4001 Everyware Cloud Development Kit
    EDCK 4001 Everyware Cloud Development Kit • Production Grade • Hands-on Learning • Preinstalled IoT Application • Simulation of Industrial Use Cases • Ready to Go Production Grade - Leverages production-grade hardware, software and services to provide a familiar development environment to Embedded, IT and OT developers Hands-on Learning - Shows every building block of a sophisticated industrial IoT application, how to create a bidirectional connection with the Cloud and how to do remote management Preinstalled IoT Application - Provides a real-world example where a IoT Edge Gateway and a PLC are used to create a link between the Cloud and the Field Simulation of Industrial Use Cases - Includes support for ModBus and a PLC, it is designed to be expandable beyond the included example, and to interface with other user devices Ready to Go - Packages HW, SW, a Cloud license and accessories to get started immediately The EDCK 4001 is a Development Kit for Everyware Cloud that provides a learning environment and a testbed for industrial IoT applications; it targets professional developers with an Embedded, IT or OT background. Creating an End-to-End solution typically requires bridging Field devices with Cloud-based services; the EDCK 4001 replicates a complete scenario, in which the field devices are simulated by a panel that provides some data sources and receivers (buttons, LEDs, etc). The bidirectional data and command flow between the Cloud and the Field is managed by a Gateway, which is connected to a PLC that controls the panel. The preinstalled IoT application shows how to implement a complete solution, including remote device management and OTA package deployment.
    [Show full text]
  • CON4441 - Plugging Configurability Into Your Iot Application Gateway
    CON4441 - Plugging Configurability into your IoT Application Gateway Frank Alexander Kraemer Marco Carrer Disclaimer This presentation has been prepared by Bitreactive and Eurotech S.p.A. (or “Eurotech”) and has to be read in conjunction with its oral presentation. The information contained in this presentation does nor purport to be comprehensive. Neither Bitreactive nor Eurotech nor any of its officers, employees, advisers or agents accepts any responsibility for/or makes any representation or warranty, express or implied, as to the truth, fullness, accuracy or completeness of the information in this presentation (or whether any information has been omitted from the presentation) or any other information relating to Eurotech, its subsidiaries or associated companies, whether written, oral or in a visual or electric form, transmitted or made available. This document is confidential and is being provided to you solely for your information and may not be reproduced, further distributed to any other person or published, in whole or in part, for any purpose. The distribution of this document in other jurisdictions may be restricted by law, and persons into whose possession this document comes should inform themselves about, and observe, any such restrictions. This document is directed only at relevant persons. Other persons should not act or rely on this document or any of its contents. No reliance may be placed for any purposes whatsoever on the information contained in this document or any other material discussed during this presentation, or on its completeness, accuracy or fairness. The information in this document and any other material discussed at this presentation is subject to verification, completion and change.
    [Show full text]