Dagstuhl-Seminar 16362
Robustness in Cyber-Physical Systems
( 04. Sep – 09. Sep, 2016 )
Permalink
Organisatoren
- Martin Fränzle (Universität Oldenburg, DE)
- James Kapinski (Toyota Technical Center - Gardena, US)
- Pavithra Prabhakar (Kansas State University - Manhattan, US)
Kontakt
- Andreas Dolzmann (für wissenschaftliche Fragen)
- Annette Beyer (für administrative Fragen)
Electronically controlled systems have become pervasive in modern society and are increasingly being used to control safety-critical applications, such as medical devices and transportation systems. At the same time, these systems are increasing in complexity at an alarming rate, making it difficult to produce system designs that provide guaranteed properties in the face of various forms of uncertainty. Cyber-physical systems (CPS) is a new multi-disciplinary field aimed at providing a rigorous framework for designing and analyzing these systems.
Engineering robustness into systems under development has always been at the heart of good engineering practice, be it robustness against manufacturing tolerances and against variations in purity of construction materials in mechanical engineering, robustness against concentrations of educts in chemical engineering, against parameter variations in the plant model within control engineering, against quantization and measurement noise in signal processing, against faults in computer architecture, against attacks in security engineering, or against unexpected inputs or results in programming. In the CPS context, all the aforementioned engineering disciplines meet, as the digital networking and embedded control involved in CPS brings many kinds of physical processes into the sphere of human and computer control. This convergence of disciplines has proven extremely fruitful in the past, inspiring profound research on hybrid and distributed control, transferring notions and methods for safety verification from computer science to control theory, transferring proof methods for stability from control theory to computer science, and shedding light on the complex interplay of control objectives and security threats, to name just a few of the many interdisciplinary breakthroughs achieved over the past two decades. Unfortunately, a joint, interdisciplinary approach to robustness remains evasive. While most researchers in the field of CPS concede that it would be ideal to unify notions across the disciplinary borders to reflect the close functional dependencies between heterogeneous components, the current state of affairs is a fragmentary coverage by the aforementioned disciplinary notions.
This Dagstuhl Seminar will bring together researchers from both academia and industry working in hybrid control systems, mechatronics, formal methods, and real-time embedded systems. Participants will identify and discuss newly available techniques related to robust design and analysis that could be applied to open issues in the area of CPS and will identify open issues and research questions that require collaboration between the communities.
Some central questions that will be examined include:
- What is the rationale behind the plethora of existing notions of robustness and how are they related (if at all)?
- What measures have to be taken in a particular design domain (e.g., embedded software design) so that notions of robustness central to other domains that are functionally impacted (e.g., feedback control) are respected?
- What forms of correctness guarantees are provided by the different notions of robustness and would there be potential for unification or synergy?
- What design measures have been established by different disciplines for achieving robustness by construction, and how can they be lifted to other disciplines?
- Where do current notions of robustness or current techniques of system design fall short, and can these shortcomings be alleviated by adopting ideas from related disciplines?
The overarching objective of such research would be to establish trusted engineering approaches incorporating methods for producing CPS designs that sustain their correctness and performance guarantees even when used in a well-defined vicinity of their nominal operational regimes, and that can be trusted to degrade gracefully even when some of the underlying modeling and analysis assumptions turn out to be false.
Overview and Goals of the Seminar
Engineering robustness into systems under development has always been at the heart of good engineering practice, be it robustness against manufacturing tolerances and against variations in purity of construction materials in mechanical engineering, robustness against concentrations of educts in chemical engineering, against parameter variations in the plant model within control engineering, against quantization and measurement noise in signal processing, against faults in computer architecture, against attacks in security engineering, or against unexpected inputs or results in programming. In cyber-physical systems (CPS), all the aforementioned engineering disciplines meet, as the digital networking and embedded control involved in CPS brings many kinds of physical processes into the sphere of human and computer control. This convergence of disciplines has proven extremely fruitful in the past, inspiring profound research on hybrid and distributed control, transferring notions and methods for safety verification from computer science to control theory, transferring proof methods for stability from control theory to computer science, and shedding light on the complex interplay of control objectives and security threats, to name just a few of the many interdisciplinary breakthroughs achieved over the past two decades. Unfortunately, a joint, interdisciplinary approach to robustness remains evasive. While most researchers in the field of CPS concede that unifying notions across the disciplinary borders to reflect the close functional dependencies between heterogeneous components would be of utmost importance, the current state of affairs is a fragmentary coverage by the aforementioned disciplinary notions.
Synergies and research questions
The seminar set out to close the gap in the robustness investigations across the overlapping disciplines under the umbrella of CPS by gathering scientists from the entire spectrum of fields involved in the development of cyber-physical systems and their pertinent design theories. The seminar fostered interdisciplinary research answering the following central questions:
- What is the rationale behind the plethora of existing notions of robustness and how are they related?
- What measures have to be taken in a particular design domain (e.g., embedded software design) to be faithful to notions of robustness central to another domain it has functional impact on (e.g., feedback control)?
- What forms of correctness guarantees are provided by the different notions of robustness and would there be potential for unification or synergy?
- What design measures have been established by different disciplines for achieving robustness by construction, and how can they be lifted to other disciplines?
- Where do current notions of robustness or current techniques of system design fall short and can this be alleviated by adopting ideas from related disciplines?
The overarching objective of such research would be to establish trusted engineering approaches incorporating methods for producing cyber-physical system designs
- that sustain their correctness and performance guarantees even when used in a well-defined vicinity of their nominal operational regimes, and
- that can be trusted to degrade gracefully even when some of the underlying modeling and analysis assumptions turn out to be false.
To satisfy these design objectives, we require notions of robustness that go well beyond the classical impurities of embedded systems, like sampling, measurement noise, jitter, and machine tolerances, and must draw on concepts of robustness from disparate fields. This seminar identified parallels between related notions of robustness from the many varied domains related to CPS design and bridged the divide between disciplines, with the goal of achieving the above objectives.
Topics of the seminar
This seminar aimed to identify fundamental similarities and distinctions between various notions of robustness and accompanying design and analysis methods, with the goal of bringing together disparate notions of robustness from multiple academic disciplines and application domains. The following is a brief compendium of the robustness notions and application domains that were addressed in this seminar.
Robustness Notions and Design/Analysis Methods
One goal of this seminar was to identify crosscutting frameworks and design methodologies among the different approaches used to study robustness in the domains of control theory, computer science, and mechanical engineering. We considered the following broad classifications of robustness with the ultimate goal of synergizing the notions and techniques from the various disciplines.
- Input/Output Robustness
- Robustness with respect to system parameters
- Robustness in real-time system implementation
- Robustness due to unpredictable environments
- Robustness to Faults
Application Domains
The applications for the topics addressed in this seminar include cyber-physical systems for which robustness is a vital concern. The following is a partial list of these application domains.
Outcome
We summarize the outcomes of the discussions in the break-out sessions that were conducted by forming subgroups among the participants. The topics referred to different approaches and/or applications in the framework of robustness. One of the topics was about robustness for discrete systems. In this session, the need for defining robustness for these systems was extensively discussed, and one of the most relevant challenges identified was to define appropriate metrics on the state-space relevant to the application. Also some specific robustness issues in the domain of medical devices and automotive systems were identified.
Another discussion was about guaranteeing robust performance from systems based on machine learning. This issue is a difficult task and it is growing in importance as many new safety critical applications, such as self-driving cars, are being designed using machine learning techniques. A challenge is to develop reliable methodologies for certifying or designing for robust performance for systems based on machine learning.
Discussions in a third break-out group were centered around the issue of established engineering means for obtaining robustness by design and how to accommodate these in rigorous safety cases or formal proofs of correctness. A finding was that most formal models would currently require rather low-level coding of the dynamic behavior of such mechanisms, thereby requiring them to be re-evaluated on each new design rather than exploiting their guaranteed properties to simplify system analysis, which would be in line with their actual impact on engineering processes.
- Houssam Abbas (University of Pennsylvania - Philadelphia, US) [dblp]
- Paul Bogdan (USC - Los Angeles, US) [dblp]
- Alexandre Donzé (University of California - Berkeley, US) [dblp]
- Rüdiger Ehlers (Universität Bremen, DE) [dblp]
- Georgios Fainekos (Arizona State University - Tempe, US) [dblp]
- Martin Fränzle (Universität Oldenburg, DE) [dblp]
- Nathan Fulton (Carnegie Mellon University - Pittsburgh, US) [dblp]
- Miriam Garcia Soto (IMDEA Software - Madrid, ES) [dblp]
- Khalil Ghorbal (INRIA - Rennes, FR) [dblp]
- James Kapinski (Toyota Technical Center - Gardena, US) [dblp]
- Scott C. Livingston (Washington D.C., US) [dblp]
- Sarah M. Loos (Google Research, US) [dblp]
- Rupak Majumdar (MPI-SWS - Kaiserslautern, DE) [dblp]
- Jens Oehlerking (Robert Bosch GmbH - Stuttgart, DE) [dblp]
- Jan Otop (University of Wroclaw, PL) [dblp]
- Necmiye Ozay (University of Michigan - Ann Arbor, US) [dblp]
- Pavithra Prabhakar (Kansas State University - Manhattan, US) [dblp]
- Sylvie Putot (Ecole Polytechnique - Palaiseau, FR) [dblp]
- Stefan Ratschan (The Czech Academy of Sciences - Prague, CZ) [dblp]
- Matthias Rungger (TU München, DE) [dblp]
- Paulo Tabuada (University of California at Los Angeles, US) [dblp]
- Ufuk Topcu (University of Texas - Austin, US) [dblp]
- Eric M. Wolff (nuTonomy - Cambridge, US) [dblp]
- Bai Xue (Universität Oldenburg, DE) [dblp]
- Paolo Zuliani (University of Newcastle, GB) [dblp]
Klassifikation
- modelling / simulation
- semantics / formal methods
- verification / logic
Schlagworte
- Robustness
- Cyber-Physical Systems
- Formal Verification
- Real-time and Embedded Systems
- Fault tolerance
- Automotive
- Aerospace