Martina Maggio

About Martina Maggio

Professor at Saarland University. Associate Professor at Lund University. Research interests at the intersection between control theory and real-time systems.

Adaptive Design of Real-Time Control Systems subject to Sporadic Overruns

In ADMORPH, we look at the guarantees that we can provide for embedded systems that do not behave as we expect them to do. One of this unexpected behaviour manifests itself as deadline misses. In particular, control tasks that miss their deadlines can be dangerous and potentially create trouble (think about the controller that prompts a car to hold a lane not computing regularly – the car could then deviate and cross to another lane, with potential for accidents).

Some of our research focuses on designing controllers that do not miss their deadlines, but in somecases we wonder what we can guarantee when we have a controller that might just misbehave occasionally. In a paper (co-authored by Paolo Pazzaglia, Arne Hamann, Dirk Ziegenbein and Martina Maggio) that will be presented next week at the Design, Automation and Test in Europe Conference (and won the paper award in the embedded and cyber-physical systems track – Thanks! We are really humbled and excited!) we look at how to modify existing controllers in a viable way.

When a controller is already in production phase, only small modifications will be allowed (changing some constants here and there)but this can potentially go a long way to enforce some robustness. In the paper we describe one of such small modifications to an existing control architecture and implementation and show that using the knowledge of past misses can improve the controller performance.

The paper (preprint available) will be presented on Thursday February 4th at 5:30 PM – 5:45 PM CET.We hope to see you at DATE and we welcome your feedback!

Testing systems in the presence of adaptation

With the realisation of the ADMORPH vision embedded systems will gain the ability to change their behaviour. These systems will learn how to counteract specific threats. A robot may learn that a given path is not traversable and will look for alternatives to reach its objective. A radar may use more or less power to detect objects. A controller may learn not to trust sensor data because they have likely been compromised. However, one hard question to answer is: “how can we test that the software that these systems execute behave in the way we expect”? Even more: “are we really able to determine what we expect”?

Testing software in the presence of learning and adaptation is an extremely complex problem. Should we let the system learn for a while before starting the testing procedure? If we had learn something different, would we then be better or worse? Suppose for example that we have a camera that is trying to detect people in the video images. Imagine we never feed it with an image that contains people. Can we really say that we had enough data for the camera to start working in the way it is supposed to work?

We try to find an answer to some of these questions in our publication “Testing Self-Adaptive Software with Probabilistic Guarantees on Performance Metrics” that has received an ACM SIGSOFT Distinguished Paper Award at the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2020.

In the paper we talk about how the testing of adaptive software should switch paradigm and go from being deterministic to providing probabilistic guarantees and we argue about why it is not possible to do anything different. We use a tool called scenario theory to perform software testing for adaptive systems with probabilistic guarantees. We apply the theory to two case studies (an adaptive video encoder, and and tele-assistance service).

Can we still be sure of something when control systems miss their deadlines?

Within the ADMORPH project, we are looking at how systems respond to failures and cyber-attacks. Our aim is to create a new generation of embedded systems. These new systems should be able to react to faults and attacks, by adapting and morphing themselves. One key component to realise this vision is to understand how these systems behave when they are experiencing a fault or an attack and what are their limitations.

To this end we started studying what happens to control systems when the controller misses some deadlines. This could happen when the system is under attack, due to the malicious action of the attacker. It could also simply happens because of a transient hardware failure.

In particular, we have been looking at systems where the controller can miss up to a specific number n of consecutive deadlines. Our aim was to assess the robustness of these systems, and their ability to perform well despite the problems. We started our investigation with the assumption that control systems are very robust. Usually their robustness makes them resilient to disturbances and environmental fluctuations. We set off to prove when they are robust to computational problems too.

The result of our investigation is a stability criterion. We can determine the maximum number of consecutive deadline misses that do not harm the system. This means that the controlled system remains stable despite computational sequences of hits and misses, with the constraint that the system cannot experience more than n misses in a row.

The results of our study are described in a paper that is going to be presented in July at the Euromicro Conference on Real-Time Systems (ECRTS). A paper preprint is available.