Jingyi Wang,Jun Sun,Shengchao Qin,Cyrille Jegourel

DOI: https://doi.org/10.1109/tse.2018.2886898

IF: 7.4

2018-01-01

IEEE Transactions on Software Engineering

Abstract:Precisely modeling complex systems like cyber-physical systems is challenging, which often renders model-based system verification techniques like model checking infeasible. To overcome this challenge, we propose a method called LAR to automatically ‘verify’ such complex systems through a combination of learning, abstraction and refinement from a set of system log traces. We assume that log traces and sampling frequency are adequate to capture ‘enough’ behaviour of the system. Given a safety property and the concrete system log traces as input, LAR automatically learns and refines system models, and produces two kinds of outputs. One is a counterexample with a bounded probability of being spurious. The other is a probabilistic model based on which the given property is ‘verified’. The model can be viewed as a proof obligation, i.e., the property is verified if the model is correct. It can also be used for subsequent system analysis activities like runtime monitoring or model-based testing. Our method has been implemented as a self-contained software toolkit. The evaluation on multiple benchmark systems as well as a real-world water treatment system shows promising results.

Nianyu Li,Di Bai,Zhuoqun Yang,Wenpin Jiao

DOI: https://doi.org/10.48550/arXiv.1706.08271

2017-12-28

Abstract:Self-adaptive software is considered as the most advanced approach and its development attracts a lot of attention. Decentralization is an effective way to design and manage the complexity of modern self-adaptive software systems. However, there are still tremendous challenges. One major challenge is to unify decentrality with traditional self-adaptive implementation framework during design and implementation activity. One is to guarantee the required global goals and performance of decentralized self-adaptive systems operating in highly dynamic and uncertain environments. Another challenge is to predict the influence of system's internal change on its self-adaptability to the environment. To solve these problems, we combine the mechanisms of separation of concerns with modeling method using timed automata to allow the system to be analyzed and verified. Timed computation tree logic is used to specify system goals and stochastic simulations in dynamic environment are experimented to verify decentralized self-adaptive system's adaptation properties. In this paper, we extracted a motivation example from practical applications in UAV emergency mission scenarios. The whole approach is evaluated and illustrated with this motivation example and the statistical results can be used as reference for arrangement planning of UAVs in cyber physical spaces.

Software Engineering,Formal Languages and Automata Theory

Jeremy Morse,Dejanira Araiza-Illan,Jonathan Lawry,Arthur Richards,Kerstin Eder

DOI: https://doi.org/10.48550/arXiv.1603.01082

IF: 3.7

2016-03-03

Robotics

Abstract:The widespread adoption of autonomous systems depends on providing guarantees of safety and functional correctness, at both design time and runtime. Information about the extent to which functional requirements can be met in combination with non-functional requirements (NFRs) -- i.e. requirements that can be partially complied with -- , under dynamic and uncertain environments, provides opportunities to enhance the safety and functional correctness of systems at design time. We present a technique to formally define system attributes that can change or be changed to deal with dynamic and uncertain environments (denominated weakened specifications) as a partially ordered lattice, and to automatically explore the system under different specifications, using probabilistic model checking, to find the likelihood of satisfying a requirement. The resulting probabilities form boundaries of "optimal specifications", analogous to Pareto frontiers in multi-objective optimization, informing the designer about the system's capabilities, such as resilience or robustness, when changing its attributes to deal with dynamic and uncertain environments. We illustrate the proposed technique through a domestic robotic assistant example.

Arthur Rodrigues,Ricardo Diniz Caldas,Genaína Nunes Rodrigues,Thomas Vogel,Patrizio Pelliccione

DOI: https://doi.org/10.1145/3194133.3194147

2018-04-03

Abstract:The assurance of real-time properties is prone to context variability. Providing such assurance at design time would require to check all the possible context and system variations or to predict which one will be actually used. Both cases are not viable in practice since there are too many possibilities to foresee. Moreover, the knowledge required to fully provide the assurance for self-adaptive systems is only available at runtime and therefore difficult to predict at early development stages. Despite all the efforts on assurances for self-adaptive systems at design or runtime, there is still a gap on verifying and validating real-time constraints accounting for context variability. To fill this gap, we propose a method to provide assurance of self-adaptive systems, at design- and runtime, with special focus on real-time constraints. We combine off-line requirements elicitation and model checking with on-line data collection and data mining to guarantee the system's goals, both functional and non-functional, with fine tuning of the adaptation policies towards the optimization of quality attributes. We experimentally evaluate our method on a simulated prototype of a Body Sensor Network system (BSN) implemented in OpenDaVINCI. The results of the validation are promising and show that our method is effective in providing evidence that support the provision of assurance.

Software Engineering

Maria Casimiro,Diogo Soares,David Garlan,Luís Rodrigues,Paolo Romano

DOI: https://doi.org/10.1145/3648682

2024-03-07

ACM Transactions on Autonomous and Adaptive Systems

Abstract:This paper focuses on the problem of optimizing system utility of Machine-Learning (ML) based systems in the presence of ML mispredictions. This is achieved via the use of self-adaptive systems and through the execution of adaptation tactics, such as model retraining , which operate at the level of individual ML components. To address this problem, we propose a probabilistic modeling framework that reasons about the cost/benefit trade-offs associated with adapting ML components. The key idea of the proposed approach is to decouple the problems of estimating (i) the expected performance improvement after adaptation and (ii) the impact of ML adaptation on overall system utility. We apply the proposed framework to engineer a self-adaptive ML-based fraud-detection system, which we evaluate using a publicly-available, real fraud detection data-set. We initially consider a scenario in which information on model’s quality is immediately available. Next we relax this assumption by integrating (and extending) state-of-the-art techniques for estimating model’s quality in the proposed framework. We show that by predicting the system utility stemming from retraining a ML component, the probabilistic model checker can generate adaptation strategies that are significantly closer to the optimal, as compared against baselines such as periodic or reactive retraining.

computer science, information systems, artificial intelligence, theory & methods

Xingyu Zhao,Simos Gerasimou,Radu Calinescu,Calum Imrie,Valentin Robu,David Flynn

DOI: https://doi.org/10.48550/arXiv.2303.08476

2023-12-12

Abstract:Autonomous robots used in infrastructure inspection, space exploration and other critical missions operate in highly dynamic environments. As such, they must continually verify their ability to complete the tasks associated with these missions safely and effectively. Here we present a Bayesian learning framework that enables this runtime verification of autonomous robots. The framework uses prior knowledge and observations of the verified robot to learn expected ranges for the occurrence rates of regular and singular (e.g., catastrophic failure) events. Interval continuous-time Markov models defined using these ranges are then analysed to obtain expected intervals of variation for system properties such as mission duration and success probability. We apply the framework to an autonomous robotic mission for underwater infrastructure inspection and repair. The formal proofs and experiments presented in the paper show that our framework produces results that reflect the uncertainty intrinsic to many real-world systems, enabling the robust verification of their quantitative properties under parametric uncertainty.

Robotics,Artificial Intelligence

Aksel Vaaler,Svein Jostein Husa,Daniel Menges,Thomas Nakken Larsen,Adil Rasheed

2024-04-03

Abstract:Many autonomous systems face safety challenges, requiring robust closed-loop control to handle physical limitations and safety constraints. Real-world systems, like autonomous ships, encounter nonlinear dynamics and environmental disturbances. Reinforcement learning is increasingly used to adapt to complex scenarios, but standard frameworks ensuring safety and stability are lacking. Predictive Safety Filters (PSF) offer a promising solution, ensuring constraint satisfaction in learning-based control without explicit constraint handling. This modular approach allows using arbitrary control policies, with the safety filter optimizing proposed actions to meet physical and safety constraints. We apply this approach to marine navigation, combining RL with PSF on a simulated Cybership II model. The RL agent is trained on path following and collision avpodance, while the PSF monitors and modifies control actions for safety. Results demonstrate the PSF's effectiveness in maintaining safety without hindering the RL agent's learning rate and performance, evaluated against a standard RL agent without PSF.

Robotics,Artificial Intelligence

Mohammed Foughali,Félix Ingrand,Cristina Seceleanu

DOI: https://doi.org/10.1007/978-3-030-30923-7_7

2019-01-01

Abstract:Failure of robotic software may cause catastrophic damages. In order to establish a higher level of trust in robotic systems, formal methods are often proposed. However, their applicability to the functional layer of robots remains limited because of the informal nature of specifications, their complexity and size. In this paper, we formalize the robotic framework and automatically translate its components to UPPAAL-SMC, a real-time statistical model checker. We apply our approach to verify properties of interest on a real-world autonomous drone navigation that does not scale with regular UPPAAL.

Esther Aguado,Zorana Milosevic,Carlos Hernández,Ricardo Sanz,Mario Garzon,Darko Bozhinoski,Claudio Rossi

DOI: https://doi.org/10.3390/s21041210

IF: 3.9

2021-02-09

Sensors

Abstract:Autonomous systems are expected to maintain a dependable operation without human intervention. They are intended to fulfill the mission for which they were deployed, properly handling the disturbances that may affect them. Underwater robots, such as the UX-1 mine explorer developed in the UNEXMIN project, are paradigmatic examples of this need. Underwater robots are affected by both external and internal disturbances that hamper their capability for autonomous operation. Long-term autonomy requires not only the capability of perceiving and properly acting in open environments but also a sufficient degree of robustness and resilience so as to maintain and recover the operational functionality of the system when disturbed by unexpected events. In this article, we analyze the operational conditions for autonomous underwater robots with a special emphasis on the UX-1 miner explorer. We then describe a knowledge-based self-awareness and metacontrol subsystem that enables the autonomous reconfiguration of the robot subsystems to keep mission-oriented capability. This resilience augmenting solution is based on the deep modeling of the functional architecture of the autonomous robot in combination with ontological reasoning to allow self-diagnosis and reconfiguration during operation. This mechanism can transparently use robot functional redundancy to ensure mission satisfaction, even in the presence of faults.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Luo Yixing,Zhou Yuan,Zhao Haiyan,Jin Zhi,Zhang Tianwei,Liu Yang,Barthaud Danny,Yu Yijun

DOI: https://doi.org/10.1007/s10270-022-00981-7

2022-01-01

Software & Systems Modeling

Abstract:Autonomous unmanned systems (AUSs) emerge to replace human operators for achieving better safety, efficiency, and effectiveness in harsh and difficult missions. They usually run in a highly open and dynamic operating environment, in which some unexpected situations may occur, leading to violations of predefined requirements. In order to maintain stable performance, the AUS control software needs to predict in advance whether the requirements will be violated and then make adaptations to maximize requirements satisfaction. We propose Captain , a model-driven and control-based online adaptation approach, for the AUS control software. At the modeling phase, apart from the system behavior model and the operating environment model, we construct a requirements satisfaction model. At runtime, based on the requirements satisfaction model, Captain first predicts whether the requirements will be violated in the upcoming situation; then identifies the unsatisfiable requirements that need to be accommodated; and finally, finds an optimal adaptation for the upcoming situation. We evaluate Captain in both simulated scenarios and the real world. For the former, we use two cases of UAV Delivery and UUV Ocean Surveillance, whose results demonstrate the Captain ’s robustness, scalability, and real-time performance. For the latter, we have successfully implemented Captain in the DJI Matrice 100 UAV with real-world workloads.

Karan Mahesh,Tyler M. Paine,Max L. Greene,Nicholas Rober,Steven Lee,Sildomar T. Monteiro,Anuradha Annaswamy,Michael R. Benjamin,Jonathan P. How

2024-10-02

Abstract:Marine robots must maintain precise control and ensure safety during tasks like ocean monitoring, even when encountering unpredictable disturbances that affect performance. Designing algorithms for uncrewed surface vehicles (USVs) requires accounting for these disturbances to control the vehicle and ensure it avoids obstacles. While adaptive control has addressed USV control challenges, real-world applications are limited, and certifying USV safety amidst unexpected disturbances remains difficult. To tackle control issues, we employ a model reference adaptive controller (MRAC) to stabilize the USV along a desired trajectory. For safety certification, we developed a reachability module with a moving horizon estimator (MHE) to estimate disturbances affecting the USV. This estimate is propagated through a forward reachable set calculation, predicting future states and enabling real-time safety certification. We tested our safe autonomy pipeline on a Clearpath Heron USV in the Charles River, near MIT. Our experiments demonstrated that the USV's MRAC controller and reachability module could adapt to disturbances like thruster failures and drag forces. The MRAC controller outperformed a PID baseline, showing a 45%-81% reduction in RMSE position error. Additionally, the reachability module provided real-time safety certification, ensuring the USV's safety. We further validated our pipeline's effectiveness in underway replenishment and canal scenarios, simulating relevant marine tasks.

Robotics,Systems and Control

zhuoqun yang,zhi jin

DOI: https://doi.org/10.1007/978-3-662-43610-3_9

2014-01-01

Abstract:Self-adaptive system (SAS) is capable of adjusting its behavior to cope with changes in the deployed environment. Parametric adaptation is an important fashion for achieving adaptation. Context can be defined as the reification of the environment. It may influence the decisions on how to adjust the system behavior. Thus, how to incorporate context into the parametric adaptation mechanism becomes a challenging issue. This paper provides solutions to this issue from a requirements engineering perspective. We develop the goal-oriented requirements model for SASs and build the context model for the environment, and then integrate these two models via defined relations. Adaptation goal model is derived by refining the adaptation goal with adaptation tasks which are underpinned by MAPE loop. Finally, we show how to utilize the specifications to design parametric adaptation algorithms. Our approach is illustrated with an example from the intelligent transportation application.

Frédéric Dadeau,Jean-Philippe Gros,Olga Kouchnarenko

DOI: https://doi.org/10.1007/s11219-019-09487-w

2020-01-23

Software Quality Journal

Abstract:Self-adaptive systems have to implement adaptation policies described by sets of rules that express how the components are reconfigured within the system, the priority of a given reconfiguration to happen, when a given (sequence of) event(s) occurs, and when specific conditions on the system state are satisfied. However, when this priority is given by a fuzzy value (e.g., high, medium, low) depending on external and internal events, it has to be implemented inside the software with particular implementation choices made. This paper is dedicated to the validation of adaptation policies, using a model-based testing approach and a verdict establishment that is based on both the runtime verification of temporal properties, and the detection of inconsistencies between the adaptation policy and the reconfigurations implemented in the self-adaptive system. We propose means to establish a test verdict based on the respect of the adaptation policy by the implementation, along with coverage measures of the rules. This provides interesting feedback on the adaptation policy rules, allowing to detect reconfigurations that should not have occurred, high-priority reconfigurations that are never triggered, or low-priority reconfigurations that are too frequently executed, potential inconsistencies in the rules, or wrong interpretation of priorities. The test verdict is made based on the analysis of the execution traces of the system, which is stimulated using a usage model that describes the probabilities of external events to occur. An experiment, performed on a vehicular ad-hoc network of autonomous vehicles, illustrates the interest of the approach.

computer science, software engineering

G. Evers,J. H. A. M. Vervoort,R. C. Engelaar,H. Nijmeijer,A. G. de Jager,X. Q. Chen,W. H. Wang

DOI: https://doi.org/10.1109/icca.2009.5410406

2009-01-01

Abstract:The AUV (autonomous underwater vehicle) of the University of Canterbury targets to discover any foreign organisms residing on the sea chests of ships, which cause a risk for the domestic biodiversity, and removes them. With the design of the AUV finished, the primary goal of this paper is to design control software that stabilizes the vehicle and minimizes the error in the desired trajectory. The dynamical model with implemented assumptions ultimately leads to a decoupled system of non-linear equations in three directions: surge, heave and yaw. For this system, experiments are designed (but not yet successfully accomplished) to identify the system parameters. With respect to control, a feedback linearization is firstly applied to a 1D case, which results in a satisfactory PIDcontroller, taking into account parameter perturbation and noise contamination. Finally, the under actuated problem in the 2D situation is evaluated, for which a path planning method and a state feedback control method is derived.

Ngo Van Hien,Ngo Van He,Van-Thuan Truong,Ngoc-Tam Bui

DOI: https://doi.org/10.3390/app10228293

2020-11-23

Applied Sciences

Abstract:In this paper, a hybrid realization model is proposed for the controllers of autonomous underwater vehicles (AUVs). This model is based on the model-based systems engineering (MBSE) methodology, in combination with the model-driven architecture (MDA), the real-time unified modeling language (UML)/systems modeling language (SysML), the extended/unscented Kalman filter (EKF/UKF) algorithms, and hybrid automata, and it can be reused for designing controllers of various AUV types. The dynamic model and control structure of AUVs were combined with the specialization of MDA concepts as follows. The computation-independent model (CIM) was specified by the use-case model combined with the EKF/UKF algorithms and hybrid automata to intensively gather the control requirements. Then, the platform-independent model (PIM) was specialized using the real-time UML/SysML to design the capsule collaboration of control and its connections. The detailed PIM was subsequently converted into the platform-specific model (PSM) using open-source platforms to promptly realize the AUV controller. On the basis of the proposed hybrid model, a planar trajectory-tracking controller, which allows a miniature torpedo-shaped AUV to autonomously track the desired planar trajectory, was implemented and evaluated, and shown to have good feasibility.

Zhuoqun Yang,Zhi Jin,Zhi Li

DOI: https://doi.org/10.48550/arxiv.1704.00869

2017-01-01

Abstract:Self-adaptive systems (SASs) are capable of adjusting its behavior in response to meaningful changes in the operational con-text and itself. The adaptation needs to be performed automatically through self-managed reactions and decision-making processes at runtime. To support this kind of automatic behavior, SASs must be endowed by a rich runtime support that can detect requirements violations and reason about adaptation decisions. Requirements Engineering for SASs primarily aims to model adaptation logic and mechanisms. Requirements models will guide the design decisions and runtime behaviors of sys-tem-to-be. This paper proposes a model-driven approach for achieving adaptation against non-functional requirements (NFRs), i.e. reliability and performances. The approach begins with the models in RE stage and provides runtime support for self-adaptation. We capture adaptation mechanisms as graphical elements in the goal model. By assigning reliability and performance attributes to related system tasks, we derive the tagged sequential diagram for specifying the reliability and performances of system behaviors. To formalize system behavior, we transform the requirements model to the corresponding behavior model, expressed by Label Transition Systems (LTS). To analyze the reliability requirements and performance requirements, we merged the sequential diagram and LTS to a variable Discrete-Time Markov Chains (DTMC) and a variable Continuous-Time Markov Chains (CTMC) respectively. Adaptation candidates are characterized by the variable states. The optimal decision is derived by verifying the concerned NFRs and reducing the decision space. Our approach is implemented through the demonstration of a mobile information system.

Mohammed Abufouda

DOI: https://doi.org/10.48550/arXiv.1402.2144

2014-02-10

Software Engineering

Abstract:Self-adaptivity allows software systems to autonomously adjust their behavior during run-time to reduce the cost complexities caused by manual maintenance. In this paper, a framework for building an external adaptation engine for self-adaptive software systems is proposed. In order to improve the quality of self-adaptive software systems, this research addresses two challenges in self-adaptive software systems. The first challenge is to provide better performance of the adaptation engine by managing the complexity of the adaptation space efficiently and the second challenge is handling run-time uncertainty that hinders the adaptation process. This research utilizes Case-based Reasoning as an adaptation engine along with utility functions for realizing the managed system's requirements.

Ricardo Diniz Caldas,Arthur Rodrigues,Eric Bernd Gil,Genaína Nunes Rodrigues,Thomas Vogel,Patrizio Pelliccione

DOI: https://doi.org/10.1145/3387939.3391595

2020-04-24

Abstract:Control theoretical techniques have been successfully adopted as methods for self-adaptive systems design to provide formal guarantees about the effectiveness and robustness of adaptation mechanisms. However, the computational effort to obtain guarantees poses severe constraints when it comes to dynamic adaptation. In order to solve these limitations, in this paper, we propose a hybrid approach combining software engineering, control theory, and AI to design for software self-adaptation. Our solution proposes a hierarchical and dynamic system manager with performance tuning. Due to the gap between high-level requirements specification and the internal knob behavior of the managed system, a hierarchically composed components architecture seek the separation of concerns towards a dynamic solution. Therefore, a two-layered adaptive manager was designed to satisfy the software requirements with parameters optimization through regression analysis and evolutionary meta-heuristic. The optimization relies on the collection and processing of performance, effectiveness, and robustness metrics w.r.t control theoretical metrics at the offline and online stages. We evaluate our work with a prototype of the Body Sensor Network (BSN) in the healthcare domain, which is largely used as a demonstrator by the community. The BSN was implemented under the Robot Operating System (ROS) architecture, and concerns about the system dependability are taken as adaptation goals. Our results reinforce the necessity of performing well on such a safety-critical domain and contribute with substantial evidence on how hybrid approaches that combine control and AI-based techniques for engineering self-adaptive systems can provide effective adaptation.

Software Engineering

Simon Diemert,Jens H. Weber

2023-04-02

Abstract:Self-adaptive systems are able to change their behaviour at run-time in response to changes. Self-adaptation is an important strategy for managing uncertainty that is present during the design of modern systems, such as autonomous vehicles. However, assuring the safety of self-adaptive systems remains a challenge, particularly when the adaptations have an impact on safety-critical functions. The field of safety engineering has established practices for analyzing the safety of systems. System Theoretic Process and Analysis (STPA) is a hazard analysis method that is well-suited for self-adaptive systems. This paper describes a design-time extension of STPA for self-adaptive systems. Then, it derives a reference model and analysis obligations to support the STPA activities. The method is applied to three self-adaptive systems described in the literature. The results demonstrate that STPA, when used in the manner described, is an applicable hazard analysis method for safety-critical self-adaptive systems.

Systems and Control,Software Engineering

Mahya Mohammadi Kashani,Tobias John,Jeremy P. Coffelt,Einar Broch Johnsen,Andrzej Wasowski

2024-10-02

Abstract:Autonomous Underwater Vehicles (AUVs) need to operate for days without human intervention and thus must be able to do efficient and reliable task planning. Unfortunately, efficient task planning requires deliberately abstract domain models (for scalability reasons), which in practice leads to plans that might be unreliable or under performing in practice. An optimal abstract plan may turn out suboptimal or unreliable during physical execution. To overcome this, we introduce a method that first generates a selection of diverse high-level plans and then assesses them in a low-level simulation to select the optimal and most reliable candidate. We evaluate the method using a realistic underwater robot simulation, estimating the risk metrics for different scenarios, demonstrating feasibility and effectiveness of the approach.

Robotics