Tuesday 24 December 2019

Triplet Models

A triplet is a simple bipartite cyber-physical system in microcosm. Its two physical interacting parts are the machine M and the governed world W: the third part of the triplet is the behaviour B resulting from their interaction. The software engineer's obligation is to devise a governed behaviour B to satisfy the relevant requirements, programming the bipartite system to ensure that this behaviour is enacted by the system in operation.

This obligation demands good models of the machine and governed world. As in any creative task in the physical world, two distinct kinds of model are needed—often combined, obscuring the distinction. The first is an axiomatic model, describing the given properties of the governed world that will form the substance and context of the new creation. The second is a behavioural model, describing the behaviour of the governed world that will emerge from its interaction with the machine. The axiomatic model is the indispensable foundation for the behavioural model: the given properties it describes simultaneously enable and limit the possible behaviours.

For the machine M, the axiomatic model is—or should be—provided off-the-shelf by the hardware order code specification and the programming language semantics; the behavioural model is the program to be executed. This view holds for a machine-code program, a program in an abstract high-level language, and everything between. Elevating the machine models to a level incorporating abstractions far above—but never, of course, excluding—the machine's ports and physical interfaces may seem obvious today; but it is possible only because computing machinery has advanced far towards the unattainable twin goals of perfect reliability and perfect formality. In some settings, these near-perfections have allowed computer programming to become more abstract, sharing much with mathematics and logic.

The governed world too needs axiomatic and behavioural models; but the physical world's character—unlike the machine's—is inherently non-formal and unreliable. These imperfections makes it hard to find firm ground on which to build the axiomatic model of the governed world that is essential to a reliable behavioural model—that is, to support dependable governed behaviour in the world. The primary obligation of software engineering in a cyber-physical system is to develop behavioural models from which the triplet system's behaviour in the given physical world can be predicted with justified confidence. Where, then, can we base an axiomatic model on which a reliable behavioural model can be based? The nature and development of an axiomatic model of the governed world of a triplet is a topic that demands another post.

Links to other posts:
 ↑ Triplets: Triplets (Machine+World=Behaviour) are system behaviour elements
 ↑ Models: Types and purposes of models of the physical world
 → The Right-Hand Side: Why the model-reality relationship is problematic
 → Axiomatic Models:  Capturing basic assumptions for a behaviour

No comments:

Post a Comment