DEMCON: Cyber / Physical Co-design for safety-critical systems

The design of embedded systems for safety-critical applications needs too much time and is thus too costly. Further, the interfaces between the cyber part and the physical part are often not precisely enough described, causing serious problems during system integration in the end of the design path, especially dealing with provisions to ensure the safety of the cyber-physical system.

A model-driven approach integrally treating the cyber and physical parts to support true co-design is needed to deal with the complexity and development-time challenges. This will also lead to shortening the design time and thus to a reduction of costs.

Driver Case

In modern surgery, being minimal invasive, or entering the body through natural orifices, a remote-controlled operating device is the central cyber-physical system. Besides
hapticly controlling the end-effector and support for navigation, also safety measures need to be in place to prevent the surgeon hitting vital body parts unwantedly.
Challenges here are to ensure that the end-effector will intrinsically stay in its (varying) working envelope; the accuracy is the same as without remote control; and its
tolerance against failures of the CPS. In this project we will use a mock-up, to show and test cyber-physical co-design issues.


For safety-critical cyber-physical systems, the total system, i.e. the cyber (computer) part and the physical part, need to be described in an integrated way, as both parts influence each other. Therefore, separate descriptions and treatment of the cyber and the physical part do not suffice, especially for safety-critical systems. Such a combined modelling approach asks for real cyber-physical co-design: To optimize the design, some of its parts can be exchanged between the cyber and the physical part. This allows for verification / testing during the whole design trajectory.

The cyber part has usually a discrete-event model of computation, and the physical part a continuous-time model of computation. Although interaction between these parts at model level is realized via co-simulation, so synchronizing on simulation time, integration of these ‘time domains’ as a formal description is not yet solved.

To ensure a high fault-tolerance level, absolutely needed for safety-critical systems, failures, and its countermeasures need to be modelled such that this can be tested via simulations early in the design process.

Design of the embedded software must be supported using refinement from coarse-grained models to detailed models, from which controller code can be generated. This implies support for designers to add details, especially at the interface between the cyber and physical parts, and also translate the models towards more detail and ultimately code. To further support structuring of the design, design patterns need to be developed, which separate nominal flow from fault handling.

Free Joomla Templates designed by Web Hosting Top