May 31, 2014 - The software of mechatronic systems interacts with the sys- tem's physical ... diagrams, the platform-independent software development starts in ...
The MechatronicUML Method: Model-Driven Software Engineering of Self-Adaptive Mechatronic Systems Steffen Becker, Stefan Dziwok, Christopher Gerking, Christian Heinzemann, Wilhelm Schäfer
Matthias Meyer, Uwe Pohlmann Fraunhofer IPT, Project Group Mechatronic Systems Design Software Engineering Zukunftsmeile 1, Paderborn, Germany
Software Engineering Group Heinz Nixdorf Institute, University of Paderborn Zukunftsmeile 1, Paderborn, Germany
[matthias.meyer|uwe.pohlmann] @ipt.fraunhofer.de
[steffen.becker|stefan.dziwok|christopher. gerking|c.heinzemann|wilhelm]@upb.de ABSTRACT The software of mechatronic systems interacts with the system’s physical environment. In such systems, an incorrect software may cause harm to human life. As a consequence, software engineering methods for developing such software need to enable developers to effectively and efficiently proof their correctness. This is further complicated by additional characteristics of mechatronic systems as selfadaptation and coordination with other systems. In this poster, we present MechatronicUML which is a modeldriven software engineering method that especially considers these characteristics of self-adaptive mechatronic systems.
Categories and Subject Descriptors D.2.2 [Software Engineering]: Design Tools and Techniques—Object-oriented design methods; D.2.4 [Software Engineering]: Software/Program Verification—formal methods, model checking
General Terms Design, Verification
Keywords Component model, cyber-physical systems, mechatronic systems, reconfiguration, timed model checking
1.
INTRODUCTION
Nowadays, software drives all kinds of systems that interact with their physical environment [4]. Examples for such systems are autonomously driving cars or trains, selfcoordinating robots, or production systems in smart factories. These systems are referred to as mechatronic systems or cyber-physical systems.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. ICSE ’14, May 31 – June 7, 2014, Hyderabad, India Copyright 14 ACM 978-1-4503-2768-8/14/05 ...$15.00.
The software of mechatronic systems has to execute in a safety-critical, real-time environment, i.e., human life may be harmed if the software does not always produce correct results in the right time bounds. As a consequence, the software must be correct in its first release. Therefore, incremental testing-based developed approaches are not applicable to such software. Instead, a software engineering method for mechatronic systems has to provide effective and efficient means to develop the software and prove its correctness. The software development is further complicated by additional characteristics of mechatronic systems. Software controls continuous physical processes, e.g., the movement and braking of a vehicle. Thus, the software is bound to physical laws that imply further real-time constraints. Mechatronic systems may involve several autonomous, coordinating subsystems, e.g., in a platoon of vehicles. This requires asynchronous message communication, which imposes further constraints on the software. Furthermore, mechatronic systems have to adapt flexibly to changing environments, e.g., additional autonomous vehicles willing to join a platoon, or failing hardware systems. Finally, the software runs on embedded devices that limit the available hardware resources. A software engineering method for mechatronic systems needs to treat the combination of these characteristics. In our poster, we present MechatronicUML, which is such a software engineering method. MechatronicUML is model-driven and provides a domain-specific development process as well as a formal modeling language. Furthermore, our method enables scalable verification by timed model checking and hybrid system simulation that enables to analyze the software in its physical environment. In our poster, we present the key features of our method for the platformindependent design phase.
2.
METHOD OVERVIEW
The MechatronicUML development process [8, 4] structures the platform-independent modeling of a mechatronic system’s software in five major steps that we introduce in the following. Based on formal use cases defined by modal sequence diagrams, the platform-independent software development starts in Step 1 by modeling a component-based software architecture using our domain-specific language [1]. The component model is the central artifact for all subsequent modeling and analyzing steps. It integrates components created
by software engineers with the sensors and actors, which provide respectively receive continuous signals [2]. In Step 2, the developer determines which components need to interact. For each interaction, he has to model a coordination protocol that defines the asynchronous messagebased communication at application-level. The developer models the protocol’s behavior using extended state machines that capture the necessary message exchange and real-time properties for the interaction. A distinguishing feature of MechatronicUML is that components may join or leave the interaction at runtime. Therefore, the protocols are adaptable to the changing environment. After the specification, our process advises to verify the correctness of the coordination protocols [3]. MechatronicUML’s models are formal such that developers can apply timed model checking, e.g., using the model checker UPPAAL1 . Based on the verified coordination protocols, the developer defines and verifies the behavior of the components in Step 3. This verification step proves that the component behavior correctly refines each involved coordination protocol. Separating the coordination protocols and components is the key idea of MechatronicUML’s compositional verification approach, which enables scalable formal verification for large and complex systems [5, 3]. In Step 4, developers extend their software architecture such that it automatically adapts itself to a changing environment. Our approach ensures transactional execution of such adaptations in real-time. This strategy prevents the system to enter unsafe configurations in reconfiguration operations [6], where the system shows incorrect behavior. Again, our process enforces correctness by model checking of the adaptation behavior [8]. In the final Step 5, the verified software model is automatically transformed [7, 9] into the representation of commercial off-the-shelf (COTS) simulation tools like MATLAB/Simulink2 and Modelica/Dymola3 . These tools enable to simulate the behavior of the complete mechatronic system in its physical environment. As a consequence, control engineering uses existing COTS tools to specify the environment model as well as the continuous control software. In addition, these tools provide the ability to generate certified source code for the system.
3.
CONCLUSION
Our poster outlines the platform-independent part of our MechatronicUML method that addresses the challenges developers face in engineering the software of mechatronic systems. MechatronicUML guides developers by a domain-specific process in which they create models of the systems under development. Formal verifications and hybrid system simulations ensure the correctness of their design. The key novelties of our approach include the tight integration of a model-based software engineering approach with an industrial-scale control engineering development method [4]. In contrast to other approaches, our verication and simulation techniques support the analysis of models of reconfigurations with timing constraints as well as timedependent asynchronous message-exchange including mes-
sage loss, message delays, and several message buffers with replacement policies. All features are realized in an open-source modeling and analysis tool suite4 , which is integrated into the extensible Eclipse environment.
4.
ACKNOWLEDGMENTS
This work was partially developed in the Leading-Edge Cluster ’Intelligent Technical Systems OstWestfalenLippe’ (it’s OWL). The Leading-Edge Cluster is funded by the German Federal Ministry of Education and Research (BMBF).
5.
REFERENCES
[1] S. Becker et al. The MechatronicUML design method process and language for platform-independent modeling. Technical Report tr-ri-14-337, Heinz Nixdorf Institute, University of Paderborn, 2014. Vers. 0.4. [2] S. Burmester, H. Giese, and O. Oberschelp. Hybrid UML components for the design of complex self-optimizing mechatronic systems. In J. Braz, H. Ara´ ujo, A. Vieira, and B. Encarnacao, editors, Informatics in Control, Automation and Robotics I. Springer, Mar. 2006. [3] T. Eckardt, C. Heinzemann, S. Henkler, M. Hirsch, C. Priesterjahn, and W. Sch¨ afer. Modeling and verifying dynamic communication structures based on graph transformations. Computer Science - Research and Development, 28(1):3–22, Feb. 2013. [4] J. Gausemeier, F.-J. Rammig, and W. Sch¨ afer, editors. Design Methodology for Intelligent Technical Systems. Lecture Notes in Mechanical Engineering. Springer, 2014. [5] H. Giese, M. Tichy, S. Burmester, W. Sch¨ afer, and S. Flake. Towards the compositional verification of real-time UML designs. In Proceedings of the 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 38–47. ACM, 2003. [6] C. Heinzemann and S. Becker. Executing reconfigurations in hierarchical component architectures. In Proc. of the 16th intern. ACM Sigsoft Symp. on Component based software engineering, pages 3–12. ACM, 2013. [7] C. Heinzemann, J. Rieke, and W. Sch¨ afer. Simulating self-adaptive component-based systems using MATLAB/Simulink. In IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems, SASO ’13, pages 71–80. IEEE, Sept. 2013. [8] C. Heinzemann, O. Sudmann, W. Sch¨ afer, and M. Tichy. A discipline-spanning development process for self-adaptive mechatronic systems. In Proc. of the 2013 Intern. Conf. on Software and System Process, ICSSP 2013, pages 36–45. ACM, 2013. [9] U. Pohlmann, S. Dziwok, M. Meyer, M. Tichy, and S. Thiele. A modelica coordination pattern library for cyber-physical systems. In 7th Intern. ICST Conf. on Simulation Tools and Techniques. ICST, 2014.
1
http://www.uppaal.com http://www.simulink.com 3 https://www.modelica.org/ & http://www.dymola.com 2
4
http://trac.cs.upb.de/mechatronicuml
