Can we still be sure of something when control systems miss their deadlines?

Within the ADMORPH project, we are looking at how systems respond to failures and cyber-attacks. Our aim is to create a new generation of embedded systems. These new systems should be able to react to faults and attacks, by adapting and morphing themselves. One key component to realise this vision is to understand how these systems behave when they are experiencing a fault or an attack and what are their limitations.

To this end we started studying what happens to control systems when the controller misses some deadlines. This could happen when the system is under attack, due to the malicious action of the attacker. It could also simply happens because of a transient hardware failure.

In particular, we have been looking at systems where the controller can miss up to a specific number n of consecutive deadlines. Our aim was to assess the robustness of these systems, and their ability to perform well despite the problems. We started our investigation with the assumption that control systems are very robust. Usually their robustness makes them resilient to disturbances and environmental fluctuations. We set off to prove when they are robust to computational problems too.

The result of our investigation is a stability criterion. We can determine the maximum number of consecutive deadline misses that do not harm the system. This means that the controlled system remains stable despite computational sequences of hits and misses, with the constraint that the system cannot experience more than n misses in a row.

The results of our study are described in a paper that is going to be presented in July at the Euromicro Conference on Real-Time Systems (ECRTS). A paper preprint is available.