Brace: assertion-driven development of cyber-physical systems applications

Developing cyber-physical systems (CPS) is challenging because correctness depends on both logical and physical states, which are difficult to observe collectively. Developers must repeatedly rerun the system, often in different physical environments, while observing its behavior. The developers then tweak the hardware and software until the entire system appears to meet some minimum requirements. This process is tedious, error-prone, and lacks rigor. In addition, there are always underlying and often unstated assumptions about the physical environment that are subject to variance; these assumptions should be captured early and explicitly in the development process. To address these issues, we present Brace, a framework that allows developers to explicitly specify both physical and logical assumptions and expected behaviors. Brace then enables run-time checking of these combined physical and logical specifications, provided in the form of assertions, using the physical environment in which a CPS application is running. Brace uses physics models and temporal semantics to guide CPS developers in creating appropriate assertions and to check specified assertions for inconsistencies with the physical world. This paper presents our initial investigation into the requirements and semantics of such assertions, which we call cyber-physical assertions, and the realization of cyber-physical assertions within the Brace framework. We discuss our experience implementing and using Brace with a variety of sensors.