Edward A. Lee

Edward A. Lee
University of California, Berkeley | UCB · Department of Electrical Engineering and Computer Sciences

PHD

About

611
Publications
148,576
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
38,521
Citations

Publications

Publications (611)
Preprint
Full-text available
The rise of intelligent autonomous systems, especially in robotics and autonomous agents, has created a critical need for robust communication middleware that can ensure real-time processing of extensive sensor data. Current robotics middleware like Robot Operating System (ROS) 2 faces challenges with nondeterminism and high communication latency w...
Preprint
Full-text available
Timing control while preserving determinism is often a key requirement for ensuring the safety and correctness of distributed cyber-physical systems (CPS). Discrete-event (DE) systems provide a suitable model of computation (MoC) for time-sensitive distributed CPS. The high-level architecture (HLA) is a useful tool for the distributed simulation of...
Preprint
Full-text available
This paper introduces the Precision-Timed Virtual Machine (PretVM), an intermediate platform facilitating the execution of quasi-static schedules compiled from a subset of programs written in the Lingua Franca (LF) coordination language. The subset consists of those programs that in principle should have statically verifiable and predictable timing...
Preprint
Full-text available
Discrete-event (DE) systems are concurrent programs where components communicate via tagged events, where tags are drawn from a totally ordered set. Reactors are an emerging model of computation based on DE and realized in the open-source coordination language Lingua Franca. Distributed DE (DDE) systems are DE systems where the components (reactors...
Article
Full-text available
Distributed systems often require dynamic capabilities to ensure adaptability, efficiency, and fault-tolerance. In applications where determinism and timing are crucial, a clear and well-defined approach to deterministic dynamism is much needed, but inherently difficult to define. This work gives dynamism deterministic semantics, thus enabling prec...
Article
This paper introduces software-defined watchdogs, a programming model for handling faults that manifest as delayed or missing signals. The programming model is implemented as an extension to the polyglot coordination language LINGUA FRANCA, where it acts as an eager deadline for delayed inputs. The technique is compared against hardware-defined wat...
Article
Full-text available
Lingua Franca is a programming paradigm that eases the development of distributed cyber-physical systems and ensures determinism. These systems are subject to stringent timing constraints, generally expressed as task deadlines, and meeting them requires real-time scheduling. This work presents a layered scheduling strategy for Lingua Franca for enh...
Article
We discuss a novel approach for constructing deterministic reactive systems that revolves around a temporal model that incorporates a multiplicity of timelines. This model is central to Lingua Franca (LF), a polyglot coordination language and compiler toolchain we are developing for the definition and composition of concurrent components called rea...
Article
Full-text available
Formal verification of cyber-physical systems (CPS) is challenging because it has to consider real-time and concurrency aspects that are often absent in ordinary software. Moreover, the software in CPS is often complex and low-level, making it hard to assure that a formal model of the system used for verification is a faithful representation of the...
Article
Full-text available
In distributed applications, Brewer’s CAP theorem tells us that when networks become partitioned (P), one must give up either consistency (C) or availability (A). Consistency is agreement on the values of shared variables; availability is the ability to respond to reads and writes accessing those shared variables. Availability is a real-time proper...
Article
Actor frameworks and similar reactive programming techniques are widely used for building concurrent systems. They promise to be efficient and scale well to a large number of cores or nodes in a distributed system. However, they also expose programmers to nondeterminism, which often makes implementations hard to understand, debug, and test. The rec...
Conference Paper
Complex software systems often feature distinct modes of operation, each designed to handle a particular scenario that may require the system to respond in a certain way. Breaking down system behavior into mutually exclusive modes and discrete transitions between modes is a commonly used strategy to reduce implementation complexity and promote code...
Article
Full-text available
Tiered distributed computing systems, where components run in Internet-of-things devices, in edge computers, and in the cloud, introduce unique difficulties in maintaining consistency of shared data while ensuring availability. A major source of difficulty is the highly variable network latencies that applications must deal with. It is well known i...
Preprint
Full-text available
Actor frameworks and similar reactive programming techniques are widely used for building concurrent systems. They promise to be efficient and scale well to a large number of cores or nodes in a distributed system. However, they also expose programmers to nondeterminism, which often makes implementations hard to understand, debug, and test. The rec...
Chapter
In the Logical Execution Time (LET) principle, concurrent software components interact deterministically, reading their inputs atomically at the start of a task and producing outputs atomically after a fixed elapsed logical time. In addition to deterministic concurrency, LET programs yield more deterministic timing when they interact with their phy...
Chapter
Full-text available
In 2010, Fuhrmann et al. argued for enhancing modeler productivity by providing tooling that, put simply, combines the best of textual and graphical worlds. They referred to this as pragmatics , and argued that a key enabler would be the ability to automatically synthesize customized graphical views from a (possibly textual) model. The model would...
Preprint
Full-text available
Asynchronous frameworks for distributed embedded systems, like ROS and MQTT, are increasingly used in safety-critical applications such as autonomous driving, where the cost of unintended behavior is high. The coordination mechanism between the components in these frameworks, however, gives rise to nondeterminism, where factors such as communicatio...
Chapter
We argue that the utility of time as a semantic property of software is not limited to the domain of real-time systems. This paper outlines four concurrent design patterns: alignment, precedence, simultaneity, and consistency, all of which are relevant to general-purpose software applications. We show that a semantics of logical time provides a nat...
Preprint
Full-text available
In distributed applications, Brewer's CAP theorem tells us that when networks become partitioned, there is a tradeoff between consistency and availability. Consistency is agreement on the values of shared variables across a system, and availability is the ability to respond to reads and writes accessing those shared variables. We quantify these con...
Article
Full-text available
Many programming languages and programming frameworks focus on parallel and distributed computing. Several frameworks are based on actors, which provide a more disciplined model for concurrency than threads. The interactions between actors, however, if not constrained, admit nondeterminism. As a consequence, actor programs may exhibit unintended be...
Chapter
Euclidean geometry and Newtonian time with floating point numbers are common computational models of the physical world. However, to achieve the kind of cyber-physical collaboration that arises in the IoT, such a literal representation of space and time may not be the best choice. In this chapter we survey location models from robotics, the interne...
Article
Full-text available
Programmable Logic Controllers (PLCs) are an established platform, widely used throughout industrial automation but rather poorly understood among researchers. This paper gives an overview of the state of the practice, explaining why this settled technology persists throughout industry and presenting a critical analysis of the strengths and weaknes...
Article
Full-text available
The value of verification of cyberphysical systems depends on the relationship between the state of the software and the state of the physical system. This relationship can be complex because of the real-time nature and different timelines of the physical plant, the sensors and actuators, and the software that is almost always concurrent and distri...
Article
Accurate localization from Cyber-Physical Systems (CPS) is a critical enabling technology for context-aware applications and control. As localization plays an increasingly safety-critical role, location systems must be able to identify and eliminate faulty measurements to prevent dangerously inaccurate localization. In this article, we consider the...
Article
An emerging type of network architecture called edge computing has the potential to improve the availability and resilience of IoT services under anomalous situations such as network failures or denial-of-service (DoS) attacks. However, relatively little has been explored on the problem of ensuring availability even when edge computers that provide...
Chapter
This paper describes a component-based concurrent model of computation for reactive systems. The components in this model, featuring ports and hierarchy, are called reactors. The model leverages a semantic notion of time, an event scheduler, and a synchronous-reactive style of communication to achieve determinism. Reactors enable a programming mode...
Conference Paper
Full-text available
This paper describes an implementation in progress of a C-based framework for execution of deterministic, concurrent, real-time software components called "reactors." The component interfaces and their interconnections are given in a coordination language called Lingua Franca, while the work done by the components is given in ordinary C. The imple...
Article
Programmable Logic Controllers are an established platform used throughout industrial automation, but rather poorly understood among researchers in the control systems community. This paper gives an overview of the state of the practice in industrial control systems while presenting a critical analysis of the dominant programming styles used in tod...
Conference Paper
Full-text available
We discuss ongoing work towards a metalanguage , execution model, and compiler tool chain that promotes determinism and grants first-class citizenship to the timing aspects of computation.
Conference Paper
Actors have become widespread in programming languages and programming frameworks focused on parallel and distributed computing. While actors provide a more disciplined model for concurrency than threads, their interactions, if not constrained, admit nondeterminism. As a consequence, actor programs may exhibit unintended behaviors and are less amen...
Article
Denial-of-service (DoS) attacks on the safety-critical Internet of Things (IoT) can lead to life-threatening consequences, and the risk of these attacks is increasing. We propose levels of context awareness to address availability threats and illustrate how context-aware edge computing enhances the IoT?s resilience to DoS attacks through our edge-c...
Preprint
Programming time-critical systems is notoriously difficult. In this paper we propose an actor-oriented programming model with a semantic notion of time and a deterministic coordination semantics based on discrete events to exercise precise control over both the computational and timing aspects of the system behavior.
Conference Paper
Full-text available
Programming time-critical systems is notoriously difficult. In this paper we propose an actor-oriented programming model with a semantic notion of time and a deterministic coordination semantics based on discrete events to exercise precise control over both the computational and timing aspects of the system behavior.
Article
Full-text available
Model-based design methodologies are commonly used in industry for the development of complex cyber-physical systems (CPSs). There are many different languages, tools, and formalisms for model-based design, each with its strengths and weaknesses. Instead of accepting some weaknesses of a particular tool, an alternative is to embrace heterogeneity,...
Chapter
Simulating computer architecture as a cyber-physical system has many potential use cases including simulation of side channels and software-in-the-loop modeling and simulation. This paper presents an integrated simulation tool using a computer architecture simulator, gem5 and Ptolemy II. As a case study of this tool, we build a power and thermal mo...
Conference Paper
Discovery, invention, and design are all about models. When we say "Joseph Priestly discovered oxygen in 1774," we do not mean that Priestly dug up a canister of oxygen, recognized it as something new, and released it, for the first time, into the air. We mean instead that Priestly came up with a model for the composition of air and the role of one...
Article
Full-text available
The Internet of Things (IoT) leverages internet technology in cyber-physical systems (CPSs), but the protocols and principles of the Internet were designed for interacting with information systems, not cyber-physical systems. For one, timeliness is not a factor in any widespread internet technology, with Quality-of-Service (QoS) features having bee...
Preprint
Full-text available
This paper describes a component-based concurrent model of computation for reactive systems. The components in this model, featuring ports and hierarchy, are called reactors. The model leverages a semantic notion of time, an event scheduler, and a synchronous-reactive style of communication to achieve determinism. Reactors enable a programming mode...
Article
Understanding behavior by building models.
Preprint
Full-text available
We propose a measure and a metric on the sets of infinite traces generated by a set of atomic propositions. To compute these quantities, we first map properties to subsets of the real numbers and then take the Lebesgue measure of the resulting sets. We analyze how this measure is computed for Linear Temporal Logic (LTL) formulas. An implementation...
Chapter
Models are central to engineering. They are used for analysis, synthesis, and communication between humans. A given artifact or process may have multiple models with different purposes, modeling different aspects, or modeling at varying levels of abstraction. In this paper, we give a general overview of how models are used, with the goal of making...
Article
Considering the potential danger to individuals of rapid coevolution.
Conference Paper
The emerging class of wide-area streaming analytics faces the challenge of scarce and variable WAN bandwidth. Non-adaptive applications built with TCP or UDP suffer from increased latency or degraded accuracy. State-of-the-art approaches that adapt to network changes require developer writing sub-optimal manual policies or are limited to applicatio...
Article
Self-adaptation is a well-known technique to handle growing complexities of software systems, where a system autonomously adapts itself in response to changes in a dynamic and unpredictable environment. With the increasing need for developing self-adaptive systems, providing a model and an implementation platform to facilitate integration of adapta...
Article
Full-text available
In this paper, we describe a component-based software architecture for the Internet of Things in which proxies for Things and services that we call "accessors" interact with one another under a concurrent, time-stamped, discrete-event (DE) semantics. These proxies are analogous to web pages, which proxy a cloud-based service such as a bank, but ins...
Article
Full-text available
In this paper we address the development of dependable self-adaptive systems focusing on the specific domain of track-based traffic control systems where timing issues are critical.
Conference Paper
Availability of authentication and authorization services is critical for the safety of the Internet of Things (IoT). By leveraging an emerging network architecture based on edge computers, IoT's availability can be protected even under situations such as network failures or denial-of-service (DoS) attacks. However, little has been explored for the...
Article
Full-text available
Today, real-time behavior of programs is a property that emerges from implementations rather than a property that is specified in models. Control over timing behavior of software is difficult to achieve, and timing behavior is neither predictable nor repeatable. This paper argues that this problem can be solved by making a commitment to determinist...
Conference Paper
Full-text available
This paper introduces contextual callbacks, which allow environments to authenticate themselves to nearby devices and advertise local services in response to the reception of radio-broadcast announcements that are emitted by mobile devices.
Book
How humans and technology evolve together in a creative partnership. In this book, Edward Ashford Lee makes a bold claim: that the creators of digital technology have an unsurpassed medium for creativity. Technology has advanced to the point where progress seems limited not by physical constraints but the human imagination. Writing for both literat...
Conference Paper
The challenges posed by the Internet of Things (IoT) render existing security measures ineffective against emerging networks and devices. These challenges include heterogeneity, operation in open environments, and scalability. In this paper, we propose SST (Secure Swarm Toolkit), an open-source toolkit for construction and deployment of an authoriz...
Conference Paper
Full-text available
Self-adaptive systems are systems that automatically adapt in response to environmental and internal changes, such as possible failures and variations in resource availability. Such systems are often realized by a MAPE-K feedback loop, where Monitor, Analyze, Plan and Execute components have access to a runtime model of the system and environment w...
Conference Paper
autoCode4 synthesizes structured reactive controllers from realizable specifications in the GXW subset of linear temporal logic (LTL). Generated reactive controllers are expressed in terms of an intermediate synchronous dataflow (SDF) format, which is further translated, using an open interface, into SCADE/Lustre and Ptolemy II. Moreover, autoCode4...
Article
Authentication and authorization are essential parts of basic security processes and are sorely needed in the Internet of Things (IoT). The emergence of edge and fog computing creates new opportunities for security and trust management in the IoT. In this article, the authors discuss existing solutions to establish and manage trust in networked sys...
Article
This article examines the role of modeling in the engineering of cyber-physical systems. It argues that the role that models play in engineering is different from the role they play in science, and that this difference should direct us to use a different class of models, where simplicity and clarity of semantics dominate over accuracy and detail. I...
Article
In this paper, we propose a cooperative multi-robot control system, operating in an unfamiliar or unstructured environment. We focus on a robust model predictive control (robust-MPC) framework that enables robotic agents to operate in uncertain environments, and study the effect of observation uncertainties that arise from sensor noise on cooperati...
Article
The Internet of Things (IoT) represents a new class of applications that can benefit from cloud infrastructure. However, directly connecting smart devices to the cloud has multiple disadvantages and is unlikely to keep up with the growing speed of the IoT or the diverse needs of IoT applications. Here, the authors argue that fundamental IoT propert...
Conference Paper
Full-text available
This paper presents FIDE, an Integrated Development Environment (IDE) for building applications using Functional Mock-up Units (FMUs) that implement the standardized Functional Mock-up Interface (FMI). FIDE is based on the actororiented Ptolemy II framework and leverages its graphical user interface, simulation engine, and code generation feature t...
Conference Paper
We consider the problem of generating randomized control sequences for complex networked systems typically actuated by human agents. Our approach leverages a concept known as control improvisation, which is based on a combination of data-driven learning and controller synthesis from formal specifications. We learn from existing data a generative mo...
Article
One of the biggest challenges in cyber–physical system (CPS) design is their intrinsic complexity, heterogeneity, and multidisciplinary nature. Emerging distributed CPSs integrate a wide range of heterogeneous aspects such as physical dynamics, control, machine learning, and error handling. Furthermore, system components are often distributed over...
Article
In this paper, we propose a cooperative multi-robot control system, operating in dynamic and uncertain environments. We focus on a robust model predictive control (robust MPC) framework that enables robotic agents to operate in uncertain environments. The proposed system includes multiple observation robots that gather information cooperatively as...
Conference Paper
Full-text available
We describe the prototype of a next-generation implementation of EnergyPlus, DOE's whole-building energy simulation engine. This new implementation breaks EnergyPlus into a set of component models with clearly defined input and output ports. It instantiates these components and their connections from the EnergyPlus input file – thereby not disrupti...
Conference Paper
Full-text available
This paper describes an open-source simulator for cyber-physical systems called CyPhySim that is based on Ptolemy II. This simulator supports classical (Runge-Kutta) and quantized-state simulation of ordinary differential equations, modal models (hybrid systems), discrete-event models, the Functional Mockup Interface (FMI) for model-exchange and co...
Article
Full-text available
This paper uses interface automata to develop an interface theory for a component architecture for Internet of Things (IoT) applications. Specifically, it examines an architecture for IoT applications where so-called “accessors” provide an actor-oriented proxy for devices (“things”) and services. Following the principles of actor models, an accesso...
Article
Automotive controllers are often first designed in a simulation environment using continuous time models of the controller and vehicle plant. Unfortunately, the controller's implementation in software and deployment onto a microcontroller has ramifications for performance and cost. In this paper, we use an automotive case study of a yaw moment cont...
Conference Paper
Full-text available
System simulation is a valuable tool to unveil inefficiencies and to test new strategies when implementing and revising systems. Often, simulations are parameterized using offline data and heuristic knowledge. Operational data, i.e., data gained through experimentation and observation, can greatly improve the fidelity between the actual system and...
Article
Accuracy and responsiveness are two key properties of emerging cyber-physical energy systems that need to incorporate high throughput sensor streams for distributed monitoring and control applications. The electric power grid, which is a prominent example of such systems, is being integrated with high throughput sensors in order to support stable s...
Article
Full-text available
Cyber-physical systems are integrations of computation, communication networks, and physical dynamics. Although time plays a central role in the physical world, all widely used software abstractions lack temporal semantics. The notion of correct execution of a program written in every widely-used programming language today does not depend on the te...
Article
Full-text available
This paper defines a suite of requirements for future hybrid cosimulation standards, and specifically provides guidliance for development of a hybrid cosimulation version of the Functional Mockup Interface (FMI). A cosimulation standard defines interfaces that enable diverse simulation tools to interoperate. Specifically, one tool defines a compone...