Ensuring Safety, Performance, and Security in Cloud-Enabled CPS: Accepted Paper Presents Thirteen Concepts at IEEE SysCon 2023

Our paper entitled “Thirteen Concepts to Play it Safe with the Cloud” has been accepted at IEEE International Systems Conference (SysCon), that will take place in Vancouver, Canada on April 17-20, 2023. The paper discusses how edge and cloud technologies has the potential to enhance safety-critical CPS, also in regulated environments. This is only possible when safety, performance, cyber security, and privacy of data are kept at the same level as in on-device only safety-critical CPS. To this end, this paper presents thirteen selected safety and performance concepts for distributed device-edge-cloud CPS solutions. This early result of the TRANSACT project aims to ensure needed end-to-end performance and safety levels from an end-user perspective, to extend edge and cloud benefits of more rapid innovation and inclusion of value-added services, also to safety-critical CPS.

Mastering Complexity – Academia, Industry and TNO working intimately together

The 3rd Annual Program Day for the Mastering Complexity (MasCot) Partnership program took place on Wednesday October 19. This time, the event was hosted by the University of Amsterdam and was held in the Startup Village at Science Park. Approximately 40 participants from academia, industry, NWO, and TNO attended the event. After a brief introduction, project updates were given from the four academic projects in the program:

  1. Scheduling Adaptive Modular Flexible Manufacturing Systems (SAM-FMS)
  2. Programming and Validating Software Restructurings
  3. TiCToC – Testing in Times of Continuous Change
  4. Design Space Exploration 2.0: Towards Optimal Design of Complex, Distributed Cyber Physical Systems

This was followed by Q&A and a short interaction where participants tried to identify the general complexity management techniques used in the projects. In the afternoon, there were breakout sessions focusing on the way-of-working in MasCot projects, how to best involve and engage all stakeholders in the project: industry and academic partners, users, and ESI liaisons. This allowed the different projects to listen to how the others organized their work, e.g. in terms of regular meetings and working on industry location, during the first years and reflect on the best way-of-working to reach their goals for the next stage.

The event was followed by a social program with informal networking set to the tune of a boat ride with drinks on the beautiful canals of a sunny autumn-colored Amsterdam and a dinner at the restaurant In de Waag.

Specification, Verification, and Adaptation of Software Interfaces using Eclipse ComMASuite

Software interfaces are key to realizing the benefits of component-based software architectures, yet specifying interfaces is difficult and may result in problems in the protocol specification itself, or in its interactions with clients. This problem is addressed through a six-step methodology for specification, verification, and adaptation of software interfaces. The methodology builds on the open-source tool Eclipse ComMASuite, developed by TNO-ESI partners in an open innovation eco-system. The specification and verification steps have been contributed back to the community and are supported by a two-day course named “Modelling and Analysis of Component-based Systems”, available from TNO-ESI in both an academic and industry version.

Please read my blog post that describes the methodology and demonstrates it step-by-step from a user perspective through a simple case study in a video.

Paper Accepted at PNSE 2022

I am happy to announce that the paper “Partial Specifications of Component-based Systems using Petri Nets” has been accepted for publication at the International Workshop on Petri Nets and Software Engineering (PNSE) 2022. This paper was first-authored by Bart-Jan Hilbrands, a (former) student in the Master of Software Engineering program at the University of Amsterdam, who did his master thesis project under the supervision of myself and my ESI colleague Debjyoti Bera. The master thesis project was conducted in the context of the DYNAMICS project, a bi-lateral research project between ESI and Thales, which looked into specification, verification, and adaptation of software interfaces.  This publication is a good example of how a good master thesis can be turned into a publication.

The paper addresses the problem of verifying correctness properties, such as absence of deadlocks, livelocks, and buffer overflows, in software components with multiple inter-dependent interfaces. An approach based on partial specification of dependencies between interfaces, expressed as a set of functional constraints, is proposed in the paper. The papers presents and formalizes three commonly occurring functional constraints and provides algorithms for encoding them into a Petri net representation of the interfaces, enabling interface verification through reachability analysis. The approach has been implemented and demonstrated using ComMA.

Seven Brave Software Architects/Engineers from Thales Completes MOANA-CBS Course using Eclipse ComMASuite

ESI (TNO) has given another instance of the course “Modelling and Analysis of Component-based Systems” (MOANA-CBS), developed as part of the applied research project DYNAMICS, at Thales. A batch of 7 brave software engineers participated to learn more about how to identify and resolve a range of interface model quality problems, such as deadlocks, livelocks, and race conditions. This instance of the course was adapted to be based completely on the latest version of Eclipse ComMASuite, the open source version of ComMA, making the course accessible to a large general audience. Previously, the course has been given with an internal version of ComMA or by using Petri nets as the interface modelling language.

 In total, over 110 participants, mostly with backgrounds in system and software engineering, have followed different versions of this course. This time, two former Thales participants assisted in giving the course, both by presenting contents and supervising exercises, to help Thales transfer the knowledge developed in the DYNAMICS project into the organization. We look forward to further improve the material and keep sharing the knowledge we developed with Thales and other interested parties.

Master Thesis on Formal Verification of Software Interfaces Defended

Today, Bart-Jan Hilbrands, a master student from UvA supervised by myself and my ESI colleague Debjyoti Bera, successfully defended his master thesis “Verification of Inter-Dependent Interfaces in Component-Based Architectures”. The thesis considers formal verification of ComMA components with multiple interfaces with inter-dependent behavior, caused by three different types of functional constraints. The four main contributions of the thesis are: 1) A formalization of each type of interface constraint, defining how they should restrict behavior, 2)  a set of assumptions, describing properties that help ComMA users avoid creating specifications with termination issues, 3) methods for encoding the behavior of these constraints into existing Petri net representations of interfaces, and 4) methods for validating whether a set of given constraints is encoded correctly into a given Petri net. The theory is supported by a prototype implementation ComMA.

Bart presented his thesis well and expertly answered questions from the committee. We thank Bart for his excellent work and wish him good luck is his future career. First off, he will continue working with me and Deb to publish his work as a paper.

Paper about Model-driven System Performance Engineering Accepted at ESWEEK Industry Session

The System Performance Expertise Team at ESI (TNO) has worked for a long time to consolidate our many years of experience across projects and companies. This effort has now culminated in a paper entitled “Model-driven System Performance Engineering for Cyber-physical Systems“, which has been accepted for the industry session at the Embedded Systems Week (ESWEEK) in October.

The paper describes ESI’s current view on the field of System-Performance Engineering (SysPE). SysPE encompasses modeling formalisms, methods, techniques, and industrial practices to design systems for performance, where performance is taken integrally into account during the whole system life cycle. Industrial SysPE state of practice is generally model-based. Due to the rapidly increasing complexity of systems, there is a need to develop and establish model-driven methods and techniques. To structure the field of SysPE, the paper identifies: (1) industrial challenges motivating the importance of SysPE, (2) scientific challenges that need to be addressed to establish model-driven SysPE, (3) important focus areas for SysPE and (4) best practices. A survey was conducted to collect feedback on our views. The responses were used to update and validate the identified challenges, focus areas, and best practices. The final result is presented in this paper. Interesting observations are that industry sees a need for better design-space exploration support, more than for additional performance modeling and analysis techniques. Also tools and integral methods for SysPE need attention. From the identified focus areas, scheduling and supervisory control is seen as lacking established best practices.

The paper will be presented as a part of Industry Session 2 at ESWEEK on October 12. The second talk of that session presents why and how ITEC, Nexperia, a world-leading manufacturer of semiconductor equipment, is moving towards model-driven system-level development. The session ends with a moderated Q&A. Since ESWEEK is an online event this year, you can register for 20 USD if you want to attend the conference and the session.

Update: The video of the Industry session is now available:

Modelling and Analysis of Component-based Systems (MOANA-CBS) Course Update

Last year, ESI (TNO) and Thales developed a two-day course on Modelling and Analysis of Component-based Systems (MOANA-CBS) as a part of the DYNAMICS project. The course addresses the trend to tackle software complexity by decomposing monolithic software into loosely coupled components. While this trend manages complexity through improved scalability, adaptability, and testability, it also increases concurrency and asynchronous communication. This may in turn lead to an explosion in possible behaviors. As a consequence, it is hard to oversee the behavior of such systems, resulting in situations where early design errors are detected much later in the system lifecycle with exponentially rising costs. The course targets software and system architects/engineers involved in design and implementation of components and interfaces, and teaches methods for modelling and analyzing them to guarantee that they are free from deadlocks, livelocks, races, and buffer overflows.

We piloted the course material both in academic and industrial environments. The former was as a part of my course Embedded Software and Systems, a part of the Software Engineering Master  at the University of Amsterdam. The latter was as a part of the Accelerate program run by Thales and Luminis to accelerate their medior software talent to a senior level. Thales recently published an interview with Patrick Schulenberg, one of the participants in the program, about his experience. Patrick explains that the program has been an excellent opportunity for him to grow within the company, and mentions the positive impact of our course: “ESI taught a class about interface modeling, sharing their experiences with using the Comma framework at Philips – this was a trigger for us to put practical modeling proficiency on our roadmap”.

Currently, we are developing an updated version of the MOANA-CBS course that will have closer ties to ComMA, an open-source domain-specific language initially developed by Philips and ESI that is currently used by several companies. This update will strengthen the practical applicability of the course for users of ComMA, and will introduce unfamiliar users to interface modelling and analysis through hands-on experience with the tool. The new version of the course is expected to be ready in Q3.

Paper Accepted at PNSE 2021

It has been almost a year since Mohammed (Madiou) Diallo submitted his bachelor thesis “Towards the Scalability of Detecting and Correcting Incompatible Service Interfaces“, which he carried out in the context of the DYNAMICS project, an applied research project between ESI (TNO) and Thales. After the thesis was finished, we discussed publishing the work as a paper and one year later, a slightly restructured and simplified version of the story has been accepted at the International Workshop on Petri Nets and Software Engineering (PNSE), a workshop co-located with the Petri Net conference.

The accepted paper is entitled “Synthetic Portnet Generation with Controllable Complexity for Testing and Benchmarking” and presents a heuristic-driven method for synthetic generation of random portnets, a kind of Petri Nets suitable for modelling software interfaces in component-based systems. The method considers three user-specified complexity parameters: the expected number input and output places, and the prevalence of non-determinism in the skeleton of the generated net. An implementation of this method is available as an open-source Python tool. Experiments demonstrate the relations between the three complexity parameters and investigate the boundaries of the proposed method. This work was helpful for the DYNAMICS project, as it allowed us to synthetically generate a large number of interfaces of varying complexity that we could use to evaluate the scalability of existing academic tools for adapter generation.

 

 

Open-source ComMA v0.1.0 officially released

Last week, the open sourcing of ComMA (Component Modelling and Analysis) in the context of the Eclipse Foundation, saw another milestone. The first version Eclipse CommaSuite is now online in the form of Release 0.1.0. ComMA is a set of DSLs used to (partially) specify the behavior of components and their interfaces, including time and data constraints. On the basis of these specifications, a number of artifacts can be automatically generated, including run-time monitors that validate compliance with the specification can be generated, visualizations, timing statistics, documentation, test cases, and adapters. Many of these features will be included in later releases of ComMA, and some of them have yet to emerge from research projects as mature features.

ComMA was originally developed by ESI and Philips, but more recently in collaboration with a growing number of other companies. For example, the DYNAMICS project in which ESI works together with Thales, we are currently investigating how adapters can be semi-automatically generated to bridge differences between components implementing different versions of interfaces. This work has been previously mentioned in an article in Bits & Chips, as well as in a paper. Currently, three master students from my Embedded Software and Systems course at UvA are also doing their graduation projects in the context of evolution of ComMA interfaces, looking into aspects of data dependencies, interface dependencies, and static impact analysis. We look forward to seeing the results of their work this summer.

You can read more about ComMA in this news article TNO published this week.
Update: The news article is now also published in Bits & Chips