ADMORPH had a strong presence in the organization of a panel session at the ASD Autonomous Systems Design initiative, in the scope of the DATE 2021 conference. The session, under the theme “Self-adaptive safety- and mission-critical CPS: wishful thinking or absolute necessity?” was organized by ADMORPH researchers Martina Maggio and Andy Pimentel. It took place on the 5th of February, by video-conference, and attracted the attention of about 60 participants. Speakers (or panelist) on the program were Stefanos Skalistis (Raytheon Technologies, Ireland), talking about “Certification challenges of adaptive avionics systems”, and Clemens Grelck (University of Amsterdam, Netherlands), presenting “The TeamPlay Coordination Language for Dependable Systems”. The third speaker in the panel was Sasa Misailovic (from UIUC), talking about “Programming Systems for Helping Developers Cope with Uncertainty”. The panel session resulted in a lively discussion about what adaptation can do, how to test it, and how to certify the results.
In ADMORPH, we look at the guarantees that we can provide for embedded systems that do not behave as we expect them to do. One of this unexpected behaviour manifests itself as deadline misses. In particular, control tasks that miss their deadlines can be dangerous and potentially create trouble (think about the controller that prompts a car to hold a lane not computing regularly – the car could then deviate and cross to another lane, with potential for accidents).
Some of our research focuses on designing controllers that do not miss their deadlines, but in somecases we wonder what we can guarantee when we have a controller that might just misbehave occasionally. In a paper (co-authored by Paolo Pazzaglia, Arne Hamann, Dirk Ziegenbein and Martina Maggio) that will be presented next week at the Design, Automation and Test in Europe Conference (and won the paper award in the embedded and cyber-physical systems track – Thanks! We are really humbled and excited!) we look at how to modify existing controllers in a viable way.
When a controller is already in production phase, only small modifications will be allowed (changing some constants here and there)but this can potentially go a long way to enforce some robustness. In the paper we describe one of such small modifications to an existing control architecture and implementation and show that using the knowledge of past misses can improve the controller performance.
With the realisation of the ADMORPH vision embedded systems will gain the ability to change their behaviour. These systems will learn how to counteract specific threats. A robot may learn that a given path is not traversable and will look for alternatives to reach its objective. A radar may use more or less power to detect objects. A controller may learn not to trust sensor data because they have likely been compromised. However, one hard question to answer is: “how can we test that the software that these systems execute behave in the way we expect”? Even more: “are we really able to determine what we expect”?
Testing software in the presence of learning and adaptation is an extremely complex problem. Should we let the system learn for a while before starting the testing procedure? If we had learn something different, would we then be better or worse? Suppose for example that we have a camera that is trying to detect people in the video images. Imagine we never feed it with an image that contains people. Can we really say that we had enough data for the camera to start working in the way it is supposed to work?
We try to find an answer to some of these questions in our publication “Testing Self-Adaptive Software with Probabilistic Guarantees on Performance Metrics” that has received an ACM SIGSOFT Distinguished Paper Award at the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2020.
In the paper we talk about how the testing of adaptive software should switch paradigm and go from being deterministic to providing probabilistic guarantees and we argue about why it is not possible to do anything different. We use a tool called scenario theory to perform software testing for adaptive systems with probabilistic guarantees. We apply the theory to two case studies (an adaptive video encoder, and and tele-assistance service).
The HiPEAC Info magazine is a quarterly publication providing the latest news on the activities within the European HiPEAC network, as well as activities on high-performance embedded architectures and compilers at large.
The April issue includes an article introducing the ADMORPH project and describing the project objectives and the addressed challenges.
Martina Maggio is a Professor at the Computer Science Department, Saarland University, having a partial affiliation as an Associate Professor at the Department of Automatic Control, Lund University. She completed her Ph.D. at Politecnico di Milano, working with Alberto Leva on the applications of control-theoretical tools for the design of computing systems. During her Ph.D. she spent one year as a visiting graduate student at the Computer Science and Artificial Intelligence Laboratory at MIT, working with Anant Agarwal and Hank Hoffmann on the Self-Aware Computing project. Then she joined Lund University in 2012 as a postdoctoral researcher, working with Karl-Erik Årzén on resource allocation for cloud infrastructures and real-time systems. She became an Assistant Professor in 2014, and then Docent and Associate Professor in 2017.
Where does your interest for CS originate from and how did you come to study CS?
I think my interest comes from being exposed to computers from an early age in a playful manner. Seeing small assignments (e.g., write a program that computes my age in days) as games helped me build some confidence and develop skills that otherwise would have been more difficult to acquire.
When I was a child, my dad brought home first a Commodore 64 and then our first computer. Initially, I was mostly fascinated by gaming and games, but soon he started explaining how the programming side worked, and helped me write the first few programs in Basic. He also insisted that I’d learn how to type fast and prompted me to follow a course (developed as a series of exercises) to learn the position of letters on the keyboard. A lot followed from that, I felt I was progressing fast and I could speak with this strange machine and have it do what I wanted. Even though I was interested in many other topics in school, that fascination stayed with me. Then the Internet came, and I felt there were so many possibilities open for somebody who understood what was going on underneath the computer, so I decided to study computer engineering.
How was it for you to study CS, such a male dominated discipline?
It is undeniable that females are less represented than males among CS academics. However, I never really felt discouraged by the fact that CS was a male dominated discipline. I had impressive role models during my studies.
One of the best professors I had is Donatella Sciuto. I had the pleasure of sitting in her “Computer Architecture” course, and her teaching style is just fantastic. She was really able to capture our attention as students. It was not only because she was very clear in her explanation. We could see the amount of energy she put into her lectures. As a student, I hated waking up early to get to lectures at 8am, except when she was the teacher.
I did not feel that my fellow students were treating me differently because I was a girl. Whenever there was a situation in which I experienced some discrimination (first-hand or second-hand) I felt supported and appreciated by my friends and colleagues. The episodes of “discrimination” that I personally experienced could be related to gender, but also to many other things – among which I would rank my temperament pretty high, I was never an easy one to deal with.
Of course, prejudice exists. And I had – sometimes – the feeling that some teachers would have initial bias towards me as a girl. But I think I always found people that were able to judge me for what I could achieve (and not for my gender), and look beyond their original bias.
Did you ever have the feeling that, as a female student, you had a disadvantage compared to male students in the field?
I don’t think I had a disadvantage as a female student.
I studied with many male friends, we exchanged opinions and had interesting and intense technical discussions. I learned a lot from them and I think they also learned from me. In our exchanges, often I would come up with a different way of learning something. Research shows that it is likely for females and males to learn in different ways and I think the diversity of the environment I grew up in was enriching.
Progressing in my career, I think being a female has both been good and bad for me. I think I had access to some opportunities really early in my career, because our research communities are pushing to reach an acceptable level of diversity. At the same time, my experience seems to confirm the studies that females are more prone to self-doubt and lack of confidence.
What do you think is necessary to attract more female students to the field of CS?
I think we should stop treating females and males differently, starting from a young age. Based on what I experienced myself, I would say we need to go to schools and teach rudiments of CS with games, to really young kids. Let them be entertained and learn by playing, without considering them different from one another. Keep encouraging them, regardless of their gender, to pursue something that they like. Make sure they remember the fun they had as young adults. And of course, make sure they have good role models.
What you expect from the ADMORPH project and its potential impact?
The idea behind the ADMORPH project is to create a new generation of adaptive embedded systems. These systems should be able to understand their requirements and execution environment, and morph to adapt to it. In particular, we look into faults and security attacks as the two main sources that generate the need for adaptation.
From the personal side, I expect to interact with like-minded people, who are curious and want to find new technical and technological solutions for a problem that is becoming bigger and bigger every day. When the systems we are using increase in their complexity (as it is the case in many different domains now) it becomes extremely difficult to verify and validate their behaviour in every possible circumstances. This is even stressed in situations (like cyber-attacks) in which we do not know what this behaviour can be. I think we are all eager to work on a problem that we see as a threat to the safety and reliability of the technology that we use every day.
What kind of ideas do you want to bring to the project?
Realising this vision requires expertise in many different areas. I bring into the project a perspective on control theory. During 2019, I spent 10 months at Bosch Corporate Research for a sabbatical and I started to work on the resilience of control systems that can miss their deadlines. Connecting this with the ADMORPH project, deadlines can be missed because of faults or attacks. For the system under control, the result is very similar: they do not receive new commands. Together with colleagues at Bosch, I have been analysing when this poses a threat to the correct system execution. In this case, we should trigger morphing and adaptation. I plan to keep working on this research line, to properly qualify when adaptation is needed and quantify how much and what are the limitations that we will face.
Within the ADMORPH project, we are looking at how systems respond to failures and cyber-attacks. Our aim is to create a new generation of embedded systems. These new systems should be able to react to faults and attacks, by adapting and morphing themselves. One key component to realise this vision is to understand how these systems behave when they are experiencing a fault or an attack and what are their limitations.
To this end we started studying what happens to control systems when the controller misses some deadlines. This could happen when the system is under attack, due to the malicious action of the attacker. It could also simply happens because of a transient hardware failure.
In particular, we have been looking at systems where the controller can miss up to a specific number n of consecutive deadlines. Our aim was to assess the robustness of these systems, and their ability to perform well despite the problems. We started our investigation with the assumption that control systems are very robust. Usually their robustness makes them resilient to disturbances and environmental fluctuations. We set off to prove when they are robust to computational problems too.
The result of our investigation is a stability criterion. We can determine the maximum number of consecutive deadline misses that do not harm the system. This means that the controlled system remains stable despite computational sequences of hits and misses, with the constraint that the system cannot experience more than n misses in a row.
The results of our study are described in a paper that is going to be presented in July at the Euromicro Conference on Real-Time Systems (ECRTS). A paper preprint is available.