UniversityofCaliforniaatBerkeley

WelcomeandIntroduction

EdwardA.Lee

iCyPhyMiniWorkshop,Berkeley,Feb.14,2019

Professor of the Graduate School

iCyPhyIndustrialCyber-PhysicalSystemsCenter

Mission:

Tomakeadvancedsoftwareandnetworkingtechnologyusableinsafety-andmission-criticalindustrialapplications.

2 PrabalDutta,EdwardLee,AlbertoSangionvanni-Vincetelli,SanjitSeshia

ActiveProjectPartners

•  Avast•  Camozzi•  Denso•  Ford•  Siemens•  Toyota

3

FocusonModels

4

Amodelisanydescriptionofasystemthatisnotthething-in-itself.(dasDingansichinKantianphilosophy).

Challenges

•  Confusingthemapandtheterritory•  Choosingamodelingparadigm•  Understandingthepurposeofthemodel

5

Solomon Wolf Golomb

Lee,Berkeley 5 Photo by Rusi Mchedlishvili

Youwillneverstrikeoilbydrillingthroughthemap!

Modelsvs.Reality

Inthisexample,themodelinguniverseiscalculusandNewton’slaws.Faithfulnessishowwellthemodelanditstargetmatch

6

Themodel

Thetarget(thethingbeingmodeled).

AModel

7 ImagebyDominiqueToussaint,GNUFreeDocumentationLicense,Version1.2orlater.

APhysicalRealization

8

•  Inscience,thevalueofamodelliesinhowwellitsbehaviormatchesthatofthephysicalsystem.

•  Inengineering,thevalueofthephysicalsystemliesinhowwellitsbehaviormatchesthatofthemodel.

Ascientistasks,“CanImakeamodelforthisthing?”Anengineerasks,“CanImakeathingforthismodel?”

9

TheValueofModels

ModelFaithfulness

•  Toascientist,themodelisflawed.•  Toanengineer,therealizationisflawed.

Engineeringismoreaboutmakingthethingmatchthemodelratherthantheotherwayaround.

10

ConsiderChipDesign

Apieceofsiliconthatdoesn’tbehavelikethemodelisjustbeachsand.

11

IntelHaswell,eachwith1.4billiontransistors

ModelsandModelsandThings

12

Models

Things

Science Engineering

Assurance

Hope

Models

Abstraction Refinement

Assurance

UsefulModelsandUsefulThings

“Essentially,allmodelsarewrong,butsomeareuseful.”

Box,G.E.P.andN.R.Draper,1987:EmpiricalModel-BuildingandResponseSurfaces.WileySeriesinProbabilityandStatistics,Wiley.

“Essentially,allsystemimplementations

arewrong,butsomeareuseful.”LeeandSirjani,“Whatgoodaremodels,”FACS2018.

13

ChangingtheQuestion

Isthequestionwhetherourmodelsdescribethethinginitself(faithfully)?OrIsthequestionwhetherwecanbuildathing-in-itselfwherebehaviormatchesthatofourmodels(withhighprobability)?

14

VerificationandValidation

PerBoehm:•  AmIbuildingtheproductright?(verification)•  AmIbuildingtherightproduct?(validation)

15

VerificationandValidation

16

Model

Thing

Yourdesign

Whatyouwant

Model Requirements

Validation:Isthis

faithful?

Verification:Isthisasoundabstraction?

CyberPhysicalSystems

17

Whatkindsofmodelsshouldweuse?

SoftwareasaModel

18 Lee,Berkeley

PhysicalSystem Model

Single-threadedimperativeprogramsaredeterministicmodels

PhysicsasaModel

PhysicalSystem Model

Signal Signal

DifferentialEquationsaredeterministicmodels

Lee,Berkeley 19

Image:WikimediaCommons

Signal Signal

20 Image:WikimediaCommonsLee,Berkeley

AmajorproblemforCPS:combinationsofdeterministicmodelsarenondeterministic

OurStrategy

Findengineeringmodelsforwhichwecan:•  buildfaithfulrealizations,•  verifypropertieswecareabout,and•  designinterestingandusefulsystems.

21