Block diagram of an imagined adaptive cruise control.
This course is about the modeling, design and analysis of Cyber-Physical Systems (CPS). What are CPS?
As the name suggests, CPS integrate computational elements inside a physical environment wherein the different physical and computational subsystems interact with each other. In other words, these are like the traditional embedded systems. However, in that sense any computation that is worth considering ``integrates computational elements inside a physical environment''. Ergo, every computer system becomes a CPS. However, CPS form feedback loops so that the physical system's behavior is affected by the computation and vice-versa To specialize our attention to particular class of systems, let us write down a few characteristics of CPS and provide examples of systems we will include in our study, as well as exclude certain classes of systems.
As you will realize, deciding what to include/exclude inside the aegis of "CPS" can be tricky. However, rather than provide a criteria to exclude, we will focus on a criterion of inclusion.
Let us consider an examples of CPS in the description below.
An adaptive cruise controller is increasingly a feature in many modern automobile. It uses radar, lidar and vision sensors to sense the presence of vehicles in front of the driver. It then controls the speed of the car to maintain a constant distance between the vehicle in front by application of throttle or brakes. The system interacts with the driver, allowing the driver to set a desired speed and following distance, and warns the user of impending collisions. It also interacts with other systems inside the car such as the anti-lock braking system.
Block diagram of an imagined adaptive cruise control.
Here are some of the notable aspects of this system:
Real-Time and Embedded System: These are characteristics of the type of computer system and operating system that executes the control tasks. For example, sensing, control and actuator tasks are periodically scheduled inside a real-time operating system.
Feedback: The controller's action affects the subject vehicle, the driver and those of other vehicles in the vicinity. Likewise, changes in the subject vehicle, the driver or other vehicles in the vicinity affect the controller's action. This is called feedback.
Safety Critical: The driver literally trusts the system with his/her life! Imagine a catastrophic failure -- a sensor malfunction causes the system to detect a false alarm collision and slam the brakes. Another truck behind the subject vehicle fails to react in time to the massive reduction in velocity, and causes a dangerous rear end collision. This is just one possible way the system could potentially fail. Can you think of others?
Uncertain Environments: If the operating environment is perfectly predictable, a perfect design is possible. However, if you have ever been on a highway, you know that it is a highly uncertain environment. Imagine designing a system that must operate in >108 cars over a period of 10 years. Such a system must be able to operate safely in almost any imaginable scenario and in some scenarios that we are unable to imagine at this time.
Interactive: Another important feature is that the system must interact with the human driver and numerous other subsystems inside a modern automobile that control the vehicles speed. These may include fuel injection systems, air-fuel ratio controllers, anti-lock braking and air bag deployment. Interaction bugs can lead to serious failures. Imagine a situation wherein the cruise control commands the vehicle to speed up at the same time the human presses the brake. Ideally, the cruise control must disengage and allow the human command to take precedence. At the same time, the brake may have been accidentally brushed against by the foot. In such a situation, disengaging cruise control leaves the vehicle without a controller and can potentially surprise the driver. Interaction design takes on a serious note here: interactions can be between human and the CPS or between two different subsystems that may be working against each other.
Note that I am deliberatively drawing somewhat tedious distinction between the main feedback loop of the system and the interactions with other systems.
People with type-1 diabetes will need to control their blood glucose levels by the external administration of insulin. Insulin is a hormone that causes a reduction in the blood glucose levels of the patient. An artificial pancreas device controls how much insulin the patient gets in order to keep the blood glucose levels within a normal range of around 70-180 mg/dl.
Block diagram of a closed loop artificial pancreas system.
The application is very similar to a cruise control or a thermostat. If blood glucose level is high, provide more insulin and withhold the insulin if low. However, the system is complicated in many ways. Insulin once given into the body sticks around for up to 4 hours and cannot be withdrawn easily. In other words, imagine a car with a sticky accelerator pedal but no brakes. Once again, we observe some characteristics:
Here are some of the notable aspects of this system:
Real-Time and Embedded System: The system is implemented in a software and runs periodically in a real-time OS.
Feedback: Controller actions affect insulin delivery to the patient and thus changes the patient's blood glucose level. In turn, changes ot the patient affect the controller's action.
Safety Critical: If too much insulin is delivered, the patient may end up losing consciousness, in a coma or even dying. Even though 70 mg/dl is the lower limit of the normal range, the patient may die if the blood glucose level goes below 40 mg/dl. This is an extremely dangerous condition called hypoglycemia.
Uncertain Environments: No two humans are alike. Human physiology varies widely between different individuals. Furthermore, the blood glucose can increase due to meals taken by the patient or decrease when the patient works out. These events must either be forecast by the controller or the user must somehow announce to the controller that a meal or exercise is coming in the near future. Otherwise, trying to control a meal after the fact can lead to dangerous lows. The sensors used are very noisy and subject to random dropouts.
Interactive: The system must be able to accept inputs from the user to change its short term or longer term behavior.
Thus far, we have highlighted the key aspects of a CPS: real-time embedded software, feedback, running in a safety critical setting with a highly uncertain environment. Finally, humans and other systems are present in this environment and interact with the CPS under study.
Numerous other situations also have these characteristics:
Avionics: Airplanes have been self-flying or nearly autonomous for a long time now. Autopilot systems can take over shortly after takeoff and assist the pilot in landing. Let us run over the highlighted aspects and convince ourselves that these are present in these systems.
Smart-Grid Power Systems: Software systems are increasingly taking control of power distribution systems. They control the grid configuration in response to changes in demand and supply of power at various parts of the grid. These systems exist at many levels in the power grid. At the home level, we have smart power meters that can turn off/on various loads in response to signals from the utility. At the community level, microgrids can either be islanded and use local power generation (eg., rooftop solar panels) to distribute power among various homes. If local power generation is inadequate, they can connect to the main grid. At the utility level, software can manage the process of spinning up generators in response to demand and market prices. Once again, these are real-time embedded systems, safety critical, uncertain environments and interactive in nature.
Robotic Manufacturing Systems: I invite the reader to investigate an example of a robotic manufacturing arm. Why is it safety critical? What are the uncertainties in its environment? Finally, how is it an interactive system?
The aim of this course is to provide foundations for CPS. What form do these foundations take? What is the use of such foundations?
Mathematical Modeling: mathematical models are a cornerstone of engineering. Without detailed modeling, engineers cannot build bridges or airplanes. We will do the same for CPS. However, CPS are unique in the sense that the computational part will use some familiar models like automata. However, the physical environment often has continuous variables like pressure, altitude, glucose concentrations that must be modeled using differential/difference equations. The overall system is a combination of these automata and physical subsystems. We will study these class of systems, which are commonly known as hybrid dynamical systems.
Properties: If you would like to build systems that are correct, you need to understand what correct means. Thus, specifying properties is an important part of designing CPS. We will talk about ways by which important properties such as safety, stability and liveness can be written out formally.
Verification Algorithms: The aim of verification is to systematically check if the models of the system satisfy the properties we claim about them. We will study some of the basic algorithms like model checking and deductive verification in this class.
Applications: While the study of hybrid dynamical systems leads us to some very interesting mathematics, we will instead focus on some applications to highlight why the ideas in this course merit serious consideration by people who build these systems.
Who came up with the term Cyber-Physical Systems? For the longest time, these systems were variously called real-time embedded systems or hybrid dynamical systems, depending on your perspective.
The term Cyber-Physical Systems was coined by Dr. Helen Gill of the US National Science Foundation (NSF) in 2006 (see here). Note however, that the closely related study of cybernetics goes back to the work of Norbert Wiener during the 1940s and 50s. Here is how Kolmogorov defines Cybernetics
".. a science concerned with the study of systems of any nature which are capable of receiving, storing, and processing information so as to use it for control .. " (see here)