Transactional execution of hierarchical reconfigurations in cyber-physical systems

摘要

Cyber-physical systems reconfigure the structure of their software architecture, e.g., to avoid hazardous situations and to optimize operational conditions like their energy consumption. These reconfigurations have to be safe so that the systems protect their users or environment against harmful conditions or events while changing their structure. As software architectures are typically built on components, reconfiguration actions need to take into account the component structure. This structure should support vertical composition to enable hierarchically encapsulated components. While many reconfiguration approaches for cyber-physical and embedded real-time systems allow the use of hierarchically embedded components, i.e., vertical composition, none of them offers a modeling and verification solution to take hierarchical composition, i.e., encapsulation, into account thus limiting reuse and compositional verification. In this paper, we present an extension to our existing modeling language, MECHATRONICUML, to enable safe hierarchical reconfigurations. The three extensions are (a) an adapted variant of the 2-phase-commit protocol to initiate reconfigurations that maintain component encapsulation, (b) the integration of feedback controllers during reconfiguration, and (c) a verification approach based on (timed) model checking for instances of our model. We illustrate our approach on a case study in the area of smart railway systems by showing two different use cases of our approach. We show that using our approach the systems can be easily designed to reconfigure safely.