Lecture: How Much Hard is System Design?
Joseph Sifakis
Abstract:
The ICT revolution is dominated by the IoT vision which promises increasingly interconnected smart objects providing autonomous services for the optimal management of resources and enhanced quality of life. These include smart grids, smart transport systems, smart health care services, automated banking services, smart factories, etc. Their coordination will be achieved using a unified network infrastructure, in particular to collect data and send them to the cloud which in return will provide using data analytics, intelligent services to ensure global trustworthiness and performance.
This vision raises a lot of expectations and in my opinion some over-optimism about its short-term impact.
The purpose of this talk is to discuss to what extent the IoT vision is reachable under the current state of the art, identify technical obstacles and point out work directions for overcoming them.
It is well understood that the current network infrastructure is neither safe nor secure enough. Furthermore, it is hard to guarantee time predictability for critical events. All these make problematic the development and coordination of critical autonomous systems and services. Additional problems come from the need to integrate critical and best-effort systems and deal with heterogeneous technical requirements.
We need to work in two complementary directions.
The first is to make progress in overcoming long-standing obstacles. These include limitations stemming from the lack of effective solutions to well-defined algorithmic problems e.g. verification and synthesis, but also from hard problems of different nature, such as faithful modeling of complex cyber-physical systems and requirement capturing and formalization in an unambiguous technical language.
The second is to develop design flows for mixed criticality systems and so to bridge the gap between critical and best effort system design. Existing design flows for critical systems are not any more affordable in the IoT context for both technical and economic reasons. Guaranteeing statically at design time correctness of critical systems such as self-driving cars becomes impossible due to unmanaged uncertainty of their execution and external environment. We need effective design flows seeking an appropriate balance between properties guaranteed at design time and properties enforced at run time. This implies in particular that we break with the deterministic concept of correctness adopted by some critical application standards.
The key issue is to design adaptive systems that can change dynamically their
behavior to cope timely and effectively with hazards of any kind caused by design errors, failures or malevolent action. Adaptation is the capability to change system behavior in particular by reconfiguring its services and resources guided by knowledge acquired both at design time and at run time. We identify technical challenges for adaptive control achieved by combining three main functions: objective management, planning and learning.