University of California at Berkeley Welcome and Introduction Edward A. Lee iCyPhy Mini Workshop, Berkeley, Feb. 14, 2019 Professor of the Graduate School
UniversityofCaliforniaatBerkeley
WelcomeandIntroduction
EdwardA.Lee
iCyPhyMiniWorkshop,Berkeley,Feb.14,2019
Professor of the Graduate School
iCyPhyIndustrialCyber-PhysicalSystemsCenter
Mission:
Tomakeadvancedsoftwareandnetworkingtechnologyusableinsafety-andmission-criticalindustrialapplications.
2 PrabalDutta,EdwardLee,AlbertoSangionvanni-Vincetelli,SanjitSeshia
ActiveProjectPartners
• Avast• Camozzi• Denso• Ford• Siemens• Toyota
3
FocusonModels
4
Amodelisanydescriptionofasystemthatisnotthething-in-itself.(dasDingansichinKantianphilosophy).
Challenges
• Confusingthemapandtheterritory• Choosingamodelingparadigm• Understandingthepurposeofthemodel
5
Solomon Wolf Golomb
Lee,Berkeley 5 Photo by Rusi Mchedlishvili
Youwillneverstrikeoilbydrillingthroughthemap!
Modelsvs.Reality
Inthisexample,themodelinguniverseiscalculusandNewton’slaws.Faithfulnessishowwellthemodelanditstargetmatch
6
Themodel
Thetarget(thethingbeingmodeled).
AModel
7 ImagebyDominiqueToussaint,GNUFreeDocumentationLicense,Version1.2orlater.
APhysicalRealization
8
• Inscience,thevalueofamodelliesinhowwellitsbehaviormatchesthatofthephysicalsystem.
• Inengineering,thevalueofthephysicalsystemliesinhowwellitsbehaviormatchesthatofthemodel.
Ascientistasks,“CanImakeamodelforthisthing?”Anengineerasks,“CanImakeathingforthismodel?”
9
TheValueofModels
ModelFaithfulness
• Toascientist,themodelisflawed.• Toanengineer,therealizationisflawed.
Engineeringismoreaboutmakingthethingmatchthemodelratherthantheotherwayaround.
10
ConsiderChipDesign
Apieceofsiliconthatdoesn’tbehavelikethemodelisjustbeachsand.
11
IntelHaswell,eachwith1.4billiontransistors
ModelsandModelsandThings
12
Models
Things
Science Engineering
Assurance
Hope
Models
Abstraction Refinement
Assurance
UsefulModelsandUsefulThings
“Essentially,allmodelsarewrong,butsomeareuseful.”
Box,G.E.P.andN.R.Draper,1987:EmpiricalModel-BuildingandResponseSurfaces.WileySeriesinProbabilityandStatistics,Wiley.
“Essentially,allsystemimplementations
arewrong,butsomeareuseful.”LeeandSirjani,“Whatgoodaremodels,”FACS2018.
13
ChangingtheQuestion
Isthequestionwhetherourmodelsdescribethethinginitself(faithfully)?OrIsthequestionwhetherwecanbuildathing-in-itselfwherebehaviormatchesthatofourmodels(withhighprobability)?
14
VerificationandValidation
PerBoehm:• AmIbuildingtheproductright?(verification)• AmIbuildingtherightproduct?(validation)
15
VerificationandValidation
16
Model
Thing
Yourdesign
Whatyouwant
Model Requirements
Validation:Isthis
faithful?
Verification:Isthisasoundabstraction?
CyberPhysicalSystems
17
Whatkindsofmodelsshouldweuse?
SoftwareasaModel
18 Lee,Berkeley
PhysicalSystem Model
Single-threadedimperativeprogramsaredeterministicmodels
PhysicsasaModel
PhysicalSystem Model
Signal Signal
DifferentialEquationsaredeterministicmodels
Lee,Berkeley 19
Image:WikimediaCommons
Signal Signal
20 Image:WikimediaCommonsLee,Berkeley
AmajorproblemforCPS:combinationsofdeterministicmodelsarenondeterministic
OurStrategy
Findengineeringmodelsforwhichwecan:• buildfaithfulrealizations,• verifypropertieswecareabout,and• designinterestingandusefulsystems.
21