From Programs to From Programs to Systems: Building a Systems: Building a Smarter WorldSmarter World
Joseph Joseph SifakisSifakisRiSDRiSD LabLab, EPFL, EPFL
I&C Research DayI&C Research DayEPFLEPFL
June 21, 2012June 21, 2012
The Evolution of IST
Foundations -Alan Turing, Kurt Gödel
Scientific Computing– Defense Applications WEB –
Information Society
Embedded Systems:
Convergence between Computing and Telecommunications
Graphic Interfaces, Mouse
Information Systems: Commercial Applications Integrated circuits
Exponential technological progress and new applications increasingly shift focus from programs to systems
The Internet of Things:Convergence between
Embedded Systems and the Internet
Multi-core Systems
1936
1945
1970
1980 1990
2000 2015
2010
Cloud Computing
OVERVIEW
3
From Programs to Systems
System Design
Three Grand Challenges
Marrying Physicality and Computation
Component-based Design
Adaptivity
A System-centric Vision for CS
4
From Programs to Systems – Systems EverywhereSystems EverywhereSystems integrating software and hardware
jointly and specifically designed to provide given functionalities, which are often critical.
From Programs to Systems – Significant Differences
Program
i o
System
fi(ii) = oi
i n…
…i ,2
,i 1
PhysicalEnvironment
on …
…o
2 ,o1
f(i) = o
I/O values Terminating Deterministic Platform-independent
behavior Theory of computation
I/O streams of values Non-terminating Non-predictable Platform-dependent
behavior No theory!
From Programs to Systems – Significant Differences
Program
i o
System
fi(ii) = oi
i n…
…i ,2
,i 1
PhysicalEnvironment
on …
…o
2 ,o1
f(i) = o
I/O values Terminating Deterministic Platform-independent
behavior Theory of computation
I/O streams of values Non-terminating Non-predictable Platform-dependent
behavior No theory!
From Programs to Systems – Significant Differences
ResourcesResources HealthHealthBuildingsBuildings TransportTransport CommunicationsCommunications
SystemSystem(SW+HW)(SW+HW)
Systems are hard to design due to unpredictable and subtle interactions with their environment, rather than to complex data and algorithms
From Programs to Systems – New Trends
8
New trends break with traditional Computing Systems Engineering.It is hard to jointly meet technical requirements such as:
Reactivity: responding within known and guaranteed delaye.g. flight controller
Autonomy: provide continuous service without human intervention e.g. no manual start, optimal power management
Dependability: guaranteed minimal service in any case e.g. attacks, hardware failures, software execution errors
Scalability: at runtime or evolutionary growth (linear performance increase with resources)e.g. reconfiguration, scalable services
Technological challenge: Capacity to build systems of guaranteed functionality and quality, at acceptable costs.
...and also take into account economic requirements for optimal cost/quality
OVERVIEW
9
From Programs to Systems
System Design
Three Grand Challenges
Marrying Physicality and Computation
Component-based Design
Adaptivity
A System-centric Vision for CS
System Design – About Design
RECIPERECIPE(Program)(Program)
Put apples in pie plate;Put apples in pie plate; Sprinkle with cinnamon Sprinkle with cinnamon and 1 tablespoon sugar;and 1 tablespoon sugar;
In a bowl mix 1 cup sugar, In a bowl mix 1 cup sugar, flour and butter;flour and butter;
Blend in unbeaten egg, Blend in unbeaten egg, pinch of salt and the nuts;pinch of salt and the nuts;
Mix well and pour over apples;Mix well and pour over apples;Bake at 350 degrees Bake at 350 degrees
for 45 minutesfor 45 minutes
INGREDIENTSINGREDIENTS(Resources)(Resources)
1 pie plate buttered1 pie plate buttered5or 6 apples, cut up5or 6 apples, cut up¾¾ c. butter, meltedc. butter, melted
1 c. flour1 c. flour½½ c. chopped nutsc. chopped nuts1tsp cinnamon1tsp cinnamon1tbsp sugar1tbsp sugar1c. Sugar1c. Sugar1 egg1 egg
Design is a Design is a universal conceptuniversal concept, , a par excellence intellectual activity a par excellence intellectual activity
leading to artifacts meeting given requirements.leading to artifacts meeting given requirements.
EasyEasyApple Apple PiePie
Pro
cedu
raliz
atio
n
Mat
eria
lizat
ion
System Design – Two Main Gaps
Req
uire
men
tsR
equi
rem
ents
(dec
lara
tive)
(dec
lara
tive)
App
licat
ion
SW
App
licat
ion
SW
(exe
cuta
ble)
(exe
cuta
ble)
Sys
tem
Sys
tem
(HW
+SW
)(H
W+S
W)
Correctness?Correctness? Correctness?Correctness?
Pro
cedu
raliz
atio
n
Mat
eria
lizat
ion
System Design – Requirements
12
Trustworthiness requirements express assurance that the designed system can be trusted that it will perform as expected despite
HW failuresHW failures Design ErrorsDesign Errors Environment Environment DisturbancesDisturbances
Malevolent Malevolent ActionsActions
Optimization requirements are quantitative constraints on resources such as time, memory and energy characterizing
1) performance e.g. throughput, jitter and latency; 2) cost e.g. storage efficiency, processor utilizability3) tradeoffs between performance and cost
System Design – Trustworthiness vs. Optimization
13
Trustworthiness requirements characterize qualitative correctness – a state is either trustworthy or not
Non Trustworthy States
Optimization requirements characterize execution sequences
Trustworthiness vs. Optimization The two types of requirements are often conflicting System design should determine tradeoffs driven by cost-effectiveness
and technical criteria
System Design – Levels of Criticality
14
Safety critical: a failure may be a catastrophic threat to human lives
Security critical: harmful unauthorized access
Mission critical: system availability is essential for the proper running of an organization or of a larger system
Best-effort: optimized use of resources for an acceptable level of trustworthiness
System Design – Status and Vision
Safety and/or security critical systems of low complexity Flight controller, smart card
Complex « best effort » systems Telecommunication systems, web-based applications
We need:
Affordable critical systems in areas such as transport, health, energy management
Successful integration of heterogeneous mixed criticality systems Internet of Things
Intelligent Transport Systems
Smart Grids
« Ambient Intelligence»
This vision is currently unattainable – Trustworthiness should be a guiding concern throughout the design process
TOM
OR
RO
WTO
DA
Y
We master – at a high cost – two types of systems which are difficult to integrate:
System Design – State of the Art
Traditional systems engineering disciplines are based on solid theory for building artefacts with predictable behaviour over their life-time.
Computing systems engineering lacks similar constructivity results only partial answers to particular design problems
predictability is hard to guarantee at design time
a posteriori validation remains essential for ensuring correctness
System Design – State of the ArtDesign of large IT systems is a risky undertaking, mobilizing hundreds of engineers over several years.
Obstacles Complexity – mainly for building systems by
reusing existing components Requirements are often incomplete, and
ambiguous (specified in natural language) Design approaches are empirical and based
on the expertise and experience of teams
Consequences
Poor understanding of systems dynamics and emergent properties
Patches are used to fix vulnerability and safety problems – this is not compatible with enhanced autonomy and reactivity.
You can’t fix, what you don’t understand!
System Design – Checking Trustworthiness
Verification Method
RequirementsRequirements
YES, NO, DON’T KNOW
Should be: faithful e.g.
whatever property is satisfied for the model holds for the real system
generated automatically from system descriptions
Should be: consistent
e.g. there exists some model satisfying them
complete e.g. they tightly characterize the system’s behavior
As a rule, for infinite state models all non trivial properties are undecidablee.g. x<100
Intrinsically high complexity for finite state models (state explosion problem)
ModelModel
offoff
onon
2 states
23 states ~2300 states22 states
System Design – Checking Trustworthiness
Verification techniques
are mainly and extensively applied for detecting design errors in large hardware and medium size software systems for trustworthiness requirements that can be formalized
cannot be applied to systems as we have no faithful modeling techniques - interaction between application software, the underlying HW platform and external environment is ill-understood.
suffer inherent complexity limitations
System Design – The Cost of Trustworthiness
OVERVIEW
21
From Programs to Systems
System Design
Three Grand Challenges
Marrying Physicality and Computation
Component-based Design
Adaptivity
A System-centric Vision for CS
22
Marrying Physicality and Computation
SYSTEMSoftware: application SW middleware OS
Environment: deadlines jitter throughput
HW Platform:HW Platform: CPU speedCPU speed memory memory power power failure ratesfailure rates temperaturetemperature
23
Marrying Physicality and Computation
Software: application SW middleware OS
SYSTEM
Environment: deadlines jitter throughput
HW Platform:HW Platform: CPU speedCPU speed memory memory power power failure ratesfailure rates temperaturetemperature
SW Design SW Design cannot ignore HW designcannot ignore HW design
24
Marrying Physicality and Computation
SYSTEMSoftware: application SW middleware OS
Environment: deadlines jitter throughput
HW Platform:HW Platform: CPU speedCPU speed memory memory power power failure ratesfailure rates temperaturetemperature
SW Design SW Design cannot ignore control designcannot ignore control design
25
Marrying Physicality and Computation
SYSTEMSoftware: application SW middleware OS
Environment: deadlines jitter throughput
HW Platform:HW Platform: CPU speedCPU speed memory memory power power failure ratesfailure rates temperaturetemperature
System Design coherently integrates all these
We need to revisit and revise computing to integrate methods from EE and Control
OVERVIEW
26
From Programs to Systems
System Design
Three Grand Challenges
Marrying Physicality and Computation
Component-based Design
Adaptivity
A System-centric Vision for CS
Component-based Design
Building complex systems by composing a small number of types of components is essential for any engineering discipline.
This confers numerous advantages such as mastering complexity, enhanced productivity and correctness through reuse
Component composition orchestrates interactions between components. It lies at the heart of the system integration challenge.
No Common Component Model for Systems Engineering!
Component-based Design – The Babel of Languages
System designers deal with a large variety of components, with different characteristics, from a large variety of viewpoints, each highlighting different dimensions of a system
Verilog
VHDL SystemC
Statecharts
SysML
Matlab/Simulink,
AADL
BPEL
JavaTSpaces Concurrent FortranNesC
CorbaMPI
Javabeans.NET
SWbusSoftbench
TLM
C
SES/Workbench
Fractal
Consequences: Using semantically unrelated formalisms e.g. for programming, HW
description and simulation, breaks continuity of the design flow and jeopardizes its coherency
Costly system development decoupled from validation and evaluation.
Component-based Design – Correctness-by-Construction
Compositionality rules guarantee that composite components inherit essential properties of constituent components
We need compositionality results for progress properties such as. deadlock-freedom and liveness
Component-based Design – Correctness-by-Construction
Composability rules guarantee that adding new components does not jeopardize essential properties of integratedcomponents
Feature interferencein OS, middleware,telecommunicationsystems and web Services are all due to lack of composability!
OVERVIEW
31
From Programs to Systems
System Design
Three Grand Challenges
Marrying Physicality and Computation
Component-based Design
Adaptivity
A Vision for CS
Adaptivity – Intelligence for Correctness Despite Uncertainty
Design Errors
Security ThreatsHW
failures
Varying ET Varying Load
Mitigation
SY
STE
MC
ON
TRO
LLE
R Learning
Objective Management
Planning
System System statestate
ParameterParametersteeringsteering
Systems must provide services meeting given requirements in interaction with intrinsically uncertain (non-deterministic) environments
Adaptivityconsists in using control-based techniques to ensure correctness despite uncertainty
Strong AI Vision – Intelligence Matching Human Intelligence
Considers that human intelligence can be so precisely described that it can be matched by a machine
IBM IBM ““WATSONWATSON”” (2011)(2011)The Jeopardy!The Jeopardy!--playing playing
question answering systemquestion answering system
Supercomputers are used to perform heavy computational tasks e.g. problem solving or reasoning
IBM Deep Blue (1997)IBM Deep Blue (1997)
Adaptivity – Intrinsic and Estimated Uncertainty
Uncertainty can be measured as the difference between average and extreme system behavior. It has two main sources:
External environment e.g. varying throughput, attacks Hardware platforms e.g. manufacturing errors or aging, varying execution times due to layering, caches, speculative execution.
BCET BCET WCET WCET
Intrinsic UncertaintyIntrinsic Uncertainty
Upper Upper Bound Bound
Lower Lower Bound Bound
Estimated UncertaintyEstimated Uncertainty
Execution TimesExecution Times
Intrinsic uncertainty is aggravated by lack of precise modeling and analysis techniques (estimated uncertainty)
Adaptivity – Critical vs. Best Effort Engineering
BAD STATES
Critical systems engineering based on worst-case analysis and static resource reservation e.g. hard real-time, massive redundancy.
Leads to over-provisioned systems
Two diverging design paradigms
ERROR STATES
Best effort engineeringbased on average case analysis and dynamic resource management e.g. to optimize speed, memory, bandwidth, power.No guaranteed availability
Adaptivity – Mixed Criticality SystemsSeparation between critical and best-effort designs is no longer affordable. In a car more than 50 ECU’s at different criticality levels designed separately federated architectures by using networks poor global reliability and high development costs
Towards integrated mixed criticality systems allowing applications at different criticality levels to interact and co-exist on the same computational platform e.g. IMA for avionic systems, AUTOSAR for automotive systems.
Adaptive control techniques
allow meeting both trustworthiness and optimization requirements in mixed criticality systems
first and foremost critical applications use with high priority a provably sufficient amount of global shared resources secondarily, non-critical applications are served in a best-effort mode
are extensively and increasingly applied in many areas e.g. robotics, multimedia systems, networks, data mining
Adaptivity – Adaptive Control
37
Planning
Learning
Management of objectives
Movie would have been better …
Go to: 1) Stadium 2) Movie 3) Restaurant
OVERVIEW
38
From Programs to Systems
System Design
Three Grand Challenges
Marrying Physicality and Computation
Component-based Design
Adaptivity
A System-centric Vision for CS
A System-Centric Vision for CS
System Design
Raises a multitude of deep theoretical problems such as the conceptualization of needs in a given area and their effective transformation into correct artifacts.
has attracted little attention from scientific communities and is relegated to second class status design is by its nature multi-disciplinary and requires consistent integration of heterogeneous system models supporting different levels of abstraction including logics, algorithms and programs as well as physical system models.
is central to CS. Awareness on its centrality is a chance to reinvigorate CS research and build new scientific foundations matching the needs for increasing system integration and new applications
A System-Centric Vision for CS – The Frontiers
LogicMathematics
BiologyPhysics Computer Science
A System-Centric Vision for CS–The Frontiers
The Physical HierarchyThe Physical Hierarchy
The UniverseThe Universe
GalaxyGalaxy
Solar SystemSolar System
ElectroElectro--mechanical Systemmechanical System
CrystalsCrystals--FluidsFluids--GasesGases
MoleculesMolecules
AtomsAtoms
ParticlesParticles
The CyberThe Cyber--HierarchyHierarchy
The CyberThe Cyber--worldworld
Networked SystemNetworked System
Reactive SystemReactive System
Virtual MachineVirtual Machine
Instruction Set ArchitectureInstruction Set Architecture
Integrated CircuitIntegrated Circuit
Logical GateLogical Gate
TransistorTransistor
The BioThe Bio--HierarchyHierarchy
OrganismOrganism
OrganOrgan
TissueTissue
CellCell
SubSub--cellular Machinerycellular Machinery
Protein and RNA networksProtein and RNA networks
Protein and RNAProtein and RNA
GeneGene
We need theory, methods and tools for climbing We need theory, methods and tools for climbing upup--andand--down the abstraction hierarchydown the abstraction hierarchy
A System-Centric Vision for CS –The Frontiers
42
•• Deals with phenomena of Deals with phenomena of the the «« realreal »» physical physical world (transformations of world (transformations of mattermatter and energy)and energy)
•• Focuses mainly on the Focuses mainly on the discovery of physical discovery of physical laws.laws.
•• Physical systemsPhysical systems ––Analytic modelsAnalytic models
•• Continuous mathematicsContinuous mathematics
•• Differential equations Differential equations --robustnessrobustness
•• Predictability for classical Predictability for classical PhysicsPhysics
•• Mature disciplineMature discipline
Physics
•• Deals with the Deals with the representation and representation and transformation informationtransformation information
•• Focuses mainly on the Focuses mainly on the construction of systems construction of systems
•• Computing systemsComputing systems ––MachinesMachines
•• Discrete mathematicsDiscrete mathematics ––LogicLogic
•• AutomataAutomata, , Algorithms,Algorithms,ComplexityComplexity TheoryTheory
•• VerificationVerification, , Testing, Testing,
•• Young fast evolving Young fast evolving disciplinediscipline
Computer Sc.
A System-Centric Vision for CS –The Frontiers
Artificial vs. Natural IntelligenceLiving organisms intimately combine interacting physical and computational phenomena that have a deep impact on their development and evolution Shared characteristics with computing systems
use of memory distinction between hardware and software use of languages
Remarkable differences : robustness of computation built-in mechanisms for adaptivity emergence of abstractions – concepts
Interactions and cross-fertilization Non von Neumann computing Neuromorphic, Cognitive Computing CAD methods&tools Synthetic Biology
A System-Centric Vision for CS –The Frontiers
MathematicsMathematics
SentienceSentience
LearningLearning
AbstractionAbstraction EmotionEmotion
Robust ComputationRobust Computation
RecognitionRecognition SynthesisSynthesis
A System-Centric Vision for CS – Looking for Foundations
Theoretical research in CS often focuses on Theoretical research in CS often focuses on ““nice theorynice theory”” that is that is not always practically relevantnot always practically relevant
……. while practitioners propose ad hoc frameworks hardly . while practitioners propose ad hoc frameworks hardly amenable to formalization e.g. nonamenable to formalization e.g. non--orthogonal concepts, orthogonal concepts, ambiguous semantics ambiguous semantics
“….. in the academic world the theories that are more likely to attract a devoted following are those that best allow a clever but not very original young man to demonstrate his cleverness.”
“Perfection is reached not when there is no longer anything to add, but when there is no longer anything to take away”
“Make everything as simple as possible, but not simpler”
A System-Centric Vision for CS – Looking for Foundations
Is it possible to find a mathematically elegant and still practicable theoretical framework for system design?
"The most incomprehensible thing about the world is that it is at all comprehensible."
The key issue is discovering laws governing phenomena
Physics and Biology study a given Physics and Biology study a given ““realityreality””
Computer Science mainly deals with building systems (artifacts) Computer Science mainly deals with building systems (artifacts)
The key issue is buildingcorrect systems cost-effectively
A System-Centric Vision for CS – Concluding Remark
We mold the We mold the conditions conditions of existence ofof existence ofthe cyberthe cyber--worldworld
Is everything for the best Is everything for the best in the best of all possible in the best of all possible
cybercyber--worlds ?worlds ?
The physical world The physical world is part of our is part of our conditions of conditions of existence existence
Thank YouThank You
Top Related