publications
2024
-
A driver-vehicle model for ADS scenario-based testingRodrigo Queiroz, Divit Sharma, Ricardo Caldas, and 4 more authorsIEEE Transactions on Intelligent Transportation Systems, 2024Scenario-based testing for automated driving systems (ADS) must be able to simulate traffic scenarios that rely on interactions with other vehicles. Although many languages for high-level scenario modelling have been proposed, they lack the features to precisely and reliably control the required micro-simulation, while also supporting behavior reuse and test reproducibility for a wide range of interactive scenarios. To fill this gap between scenario design and execution, we propose the Simulated Driver-Vehicle (SDV) model to represent and simulate vehicles as dynamic entities with their behavior being constrained by scenario design and goals set by testers. The model combines driver and vehicle as a single entity. It is based on human-like driving and the mechanical limitations of real vehicles for realistic simulation. The model leverages behavior trees to express high-level behaviors in terms of lower-level maneuvers, affording multiple driving styles and reuse. Furthermore, optimization-based maneuver planners guide the simulated vehicles towards the desired behavior. Our extensive evaluation shows the model’s design effectiveness using NHTSA pre-crash scenarios, its motion realism in comparison to naturalistic urban traffic, and its scalability with traffic density. Finally, we show the applicability of our SDV model to test a real ADS and to identify crash scenarios, which are impractical to represent using predefined vehicle trajectories. The SDV model instances can be injected into existing simulation environments via co-simulation.
@article{queiroz2024driver, title = {A driver-vehicle model for ADS scenario-based testing}, author = {Queiroz, Rodrigo and Sharma, Divit and Caldas, Ricardo and Czarnecki, Krzysztof and Garc{\'\i}a, Sergio and Berger, Thorsten and Pelliccione, Patrizio}, journal = {IEEE Transactions on Intelligent Transportation Systems}, year = {2024}, publisher = {IEEE}, dimensions = {true}, doi = {10.1109/TITS.2024.3373531}, } -
Runtime Verification and Field-based Testing for ROS-based Robotic SystemsRicardo Caldas, Juan Antonio Piñera García, Matei Schiopu, and 3 more authorsIEEE Transactions on Software Engineering, 2024Robotic systems are becoming pervasive and adopted in increasingly many domains, such as manufacturing, healthcare, and space exploration. To this end, engineering software has emerged as a crucial discipline for building maintainable and reusable robotic systems. The field of robotics software engineering research has received increasing attention, fostering autonomy as a fundamental goal. However, robotics developers are still challenged trying to achieve this goal given that simulation is not able to deliver solutions to realistically emulate real-world phenomena. Robots also need to operate in unpredictable and uncontrollable environments, which require safe and trustworthy self-adaptation capabilities implemented in software. Typical techniques to address the challenges are runtime verification, field-based testing, and mitigation techniques that enable fail-safe solutions. However, there is no clear guidance to architect ROS-based systems to enable and facilitate runtime verification and field-based testing. This paper aims to fill in this gap by providing guidelines that can help developers and quality assurance (QA) teams when developing, verifying or testing their robots in the field. These guidelines are carefully tailored to address the challenges and requirements of testing robotics systems in real-world scenarios. We conducted (i) a literature review on studies addressing runtime verification and field-based testing for robotic systems, (ii) mined ROS-based applications repositories, and (iii) validated the applicability, clarity, and usefulness via two questionnaires with 55 answers overall. We contribute 20 guidelines: 8 for developers and 12 for QA teams formulated for researchers and practitioners in robotic software engineering. Finally, we map our guidelines to open challenges thus far in runtime verification and field-based testing for ROS-based systems and, we outline promising research directions in the field. Guidelines website and replication package: https://ros-rvft.github.io
@article{caldas2024runtime, title = {Runtime Verification and Field-based Testing for ROS-based Robotic Systems}, author = {Caldas, Ricardo and García, Juan Antonio Piñera and Schiopu, Matei and Pelliccione, Patrizio and Rodrigues, Genaína and Berger, Thorsten}, year = {2024}, dimensions = {true}, journal = {IEEE Transactions on Software Engineering}, volume = {}, number = {}, pages = {1-24}, doi = {10.1109/TSE.2024.3444697}, } -
Explainability for Property Violations in Cyber-Physical Systems: An Immune-Inspired ApproachJoão Paulo Costa Araujo, Genaína Nunes Rodrigues, Marc Carwehl, and 4 more authorsIEEE Software, 2024Complex relations between cybernetic and physical components of a cyber-physical system (CPS) in tandem with continuous environment changes represent a challenge to engineering robust CPSs. To help engineers determine the cause of violations, there is a need for a systematic approach that helps understanding the system behaviors that lead to critical failures of the CPS. In this work, we present a methodology that identifies and isolates crucial anomalous behaviors that can not only hamper the system but also are often challenging to capture while engineering a CPS.
@article{de2024explainability, title = {Explainability for Property Violations in Cyber-Physical Systems: An Immune-Inspired Approach}, author = {de Araujo, João Paulo Costa and Rodrigues, Genaína Nunes and Carwehl, Marc and Vogel, Thomas and Grunske, Lars and Caldas, Ricardo and Pelliccione, Patrizio}, journal = {IEEE Software}, year = {2024}, publisher = {IEEE}, dimensions = {true}, doi = {10.1109/MS.2024.3387289}, } - Search-based Trace DiagnosticGabriel Araujo, Ricardo Caldas, Federico Formica, and 3 more authors(under submission), 2024
Cyber-physical systems (CPS) development requires verifying whether system behaviors violate their requirements. This analysis often considers system behaviors expressed by execution traces and requirements expressed by signal-based temporal properties. When an execution trace violates a requirement, engineers need to solve the trace diagnostic problem: They need to understand the cause of the breach. Automated trace diagnostic techniques aim to support engineers in the trace diagnostic activity. This paper proposes search-based trace-diagnostic (SBTD), a novel trace-diagnostic technique for CPS requirements. Unlike existing techniques, SBTD relies on evolutionary search. SBTD starts from a set of candidate diagnoses, applies an evolutionary algorithm iteratively to generate new candidate diagnoses (via mutation, recombination, and selection), and uses a fitness function to determine the qualities of these solutions. Then, a diagnostic generator step is performed to explain the cause of the trace violation. We implemented Diagnosis, an SBTD tool for signal-based temporal logic requirements expressed using the Hybrid Logic of Signals (HLS). We evaluated Diagnosis by performing 34 experiments for 17 trace-requirements combinations leading to a property violation and by assessing the effectiveness of SBTD in producing informative diagnoses and its efficiency in generating them on a time basis. Our results confirm that Diagnosis can produce informative diagnoses in practical time for most of our experiments (33 out of 34).
- Towards an Engineering Discipline to Resilient Cyber-Physical SystemsRicardo CaldasDoctoral Symposium (FSE’24), 2024
Resilient cyber-physical systems comprise computing systems able to continuously interact with the physical environment in which they operate, despite runtime errors. The term resilience refers to the ability to cope with unexpected inputs while delivering correct service. Examples of resilient computing systems are Google’s PageRank and the Bubblesort algorithm. Engineering for resilient cyber-physical systems requires a paradigm shift, prioritizing adaptability to dynamic environments. Software as a tool for self-management is a key instrument for dealing with uncertainty and embedding resilience in these systems. Yet, software engineers encounter the ongoing challenge of ensuring resilience despite environmental dynamic change. My thesis aims to pioneer an engineering discipline for resilient cyber-physical systems. Over four years, we conducted studies, built methods and tools, delivered software packages, and a website offering guidance to practitioners. This paper provides a condensed overview of the problems tackled, our methodology, key contributions, and results highlights. Seeking feedback from the community, this paper serves both as preparation for the thesis defense and as insight into future research prospects.
@article{caldas2024resilience, title = {Towards an Engineering Discipline to Resilient Cyber-Physical Systems}, author = {Caldas, Ricardo}, journal = {Doctoral Symposium (FSE'24)}, year = {2024}, publisher = {-}, }
2023
-
EzSkiROS: A Case Study on Embedded Robotics DSLs to Catch Bugs EarlyMomina Rizwan, Ricardo Caldas, Christoph Reichenbach, and 1 more authorIn 2023 IEEE/ACM 5th International Workshop on Robotics Software Engineering (RoSE), 2023In robotics, we do not have all the information available at all times. This limits our ability to make predictions, including our ability to detect program bugs early. However, running a robot is an expensive task and finding errors only during runtime might prolong the debugging loop or even cause safety hazards. In this paper, we propose to help developers find bugs early with minimal extra effort by using embedded Domain-Specific Languages (DSLs) that enforce early checks. We describe DSL design patterns suitable for the robotics domain and demonstrate our approach for DSL embedding in Python, using a case study on an industrial tool SkiROS2, designed for robotic skill composition. We demonstrate our patterns on the embedded DSL EzSkiROS and show that our approach is effective at performing safety checks during the robot launch time, much earlier than at run time. In interviews with robotics developers familiar with the SkiROS2 software stack, they report that they find our DSL-based approach useful not only for finding bugs early, but also to increase robotics code maintainability.
@inproceedings{rizwan2023ezskiros, title = {EzSkiROS: A Case Study on Embedded Robotics DSLs to Catch Bugs Early}, author = {Rizwan, Momina and Caldas, Ricardo and Reichenbach, Christoph and Mayr, Matthias}, booktitle = {2023 IEEE/ACM 5th International Workshop on Robotics Software Engineering (RoSE)}, pages = {61--68}, year = {2023}, organization = {IEEE}, }
2022
-
An architecture for mission coordination of heterogeneous robotsGabriel Rodrigues, Ricardo Caldas, Gabriel Araujo, and 3 more authorsJournal of Systems and Software, 2022Context: Robots can potentially collaborate to execute a variety of tasks in the service robots domain. However, developing applications of service robots can be complex due to the high level of uncertainty and required level of autonomy. Objective: We aim at contributing an architecture for the development of applications, capable of coordinating multi-robot missions, and that promotes modifiability and seamless integration of independently developed components. Method: In this work, we introduce MissionControl: an ensemble-based architecture to coordinate missions of heterogeneous robots to autonomously form coalitions. MissionControl comprises a component model and a runtime environment. The component model specifies how the system can be extended for different robot’s behaviors and environments. The runtime environment provides the processes required for coordinating the execution of missions at runtime. Results: We evaluated MissionControl in a simulated environment in the healthcare domain. We randomly generated 81 scenarios with uncertainty in the robots’ initial configurations. Then, each scenario was executed 8 times (i.e. 648 runs), where we evaluated the feasibility and efficiency of MissionControl for autonomously forming coalitions against a baseline approach that uses a random robot allocation. Statistical hypotheses testing yielded that MissionControl was able to achieve higher success rates while reducing the required time to conclude a mission, when compared to a baseline approach. We also perform an evaluation of the key quality attributes of the architecture, i.e. modifiability and integrability. Conclusions: MissionControl demonstrated itself able to coordinate multi-robot missions by autonomously assigning missions. Despite the error-prone robotic mission environment and demanding computational resources, MissionControl led to a significant increase in the success rate, while also decreasing the time required to conclude robotic missions when compared to a baseline approach.
@article{rodrigues2022architecture, title = {An architecture for mission coordination of heterogeneous robots}, journal = {Journal of Systems and Software}, volume = {191}, pages = {111363}, year = {2022}, issn = {0164-1212}, dimensions = {true}, doi = {https://doi.org/10.1016/j.jss.2022.111363}, url = {https://www.sciencedirect.com/science/article/pii/S0164121222000929}, author = {Rodrigues, Gabriel and Caldas, Ricardo and Araujo, Gabriel and {de Moraes}, Vicente and Rodrigues, Genaína and Pelliccione, Patrizio}, keywords = {Ensemble-based software architecture, Cooperative heterogeneous robots, Multi-robots systems, Robotic missions, Cyber–physical systems}, }
2021
-
RoboMAX: Robotic Mission Adaptation eXemplarsMehrnoosh Askarpour, Christos Tsigkanos, Claudio Menghi, and 10 more authorsIn 2021 International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), May 2021Emerging and future applications of robotic systems pose unique self-adaptation challenges. To support the research needed to address these challenges, we provide an extensible repository of robotic mission adaptation exemplars. Co-designed with robotic application stakeholders including researchers, developers, operators, and end-users, our repository captures key sources of uncertainty, adaptation concerns, and other distinguishing characteristics of such applications. An online form enables external parties to supply new exemplars for curation and inclusion into the repository. We envisage that our RoboMAX repository will enable the development, evaluation, and comparison of self-adaptation approaches for the robotic systems domain.
@inproceedings{askarpour2021robomax, author = {Askarpour, Mehrnoosh and Tsigkanos, Christos and Menghi, Claudio and Calinescu, Radu and Pelliccione, Patrizio and García, Sergio and Caldas, Ricardo and von Oertzen, Tim J and Wimmer, Manuel and Berardinelli, Luca and Rossi, Matteo and Bersani, Marcello M. and Rodrigues, Gabriel S.}, booktitle = {2021 International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)}, title = {RoboMAX: Robotic Mission Adaptation eXemplars}, year = {2021}, volume = {}, number = {}, pages = {245-251}, keywords = {}, doi = {10.1109/SEAMS51251.2021.00040}, issn = {2157-2321}, month = may, } -
Towards Mapping Control Theory and Software Engineering Properties using Specification PatternsRicardo Caldas, Razan Ghzouli, Alessandro V. Papadopoulos, and 3 more authorsIn 2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C), Sep 2021A traditional approach to realize self-adaptation in software engineering (SE) is by means of feedback loops. The goals of the system can be specified as formal properties that are verified against models of the system. On the other hand, control theory (CT) provides a well-established foundation for designing feedback loop systems and providing guarantees for essential properties, such as stability, settling time, and steady state error. Currently, it is an open question whether and how traditional SE approaches to self-adaptation consider properties from CT. Answering this question is challenging given the principle differences in representing properties in both fields. In this paper, we take a first step to answer this question. We follow a bottom up approach where we specify a control design (in Simulink) for a case inspired by Scuderia Ferrari (F1) and provide evidence for stability and safety. The design is then transferred into code (in C) that is further optimized. Next, we define properties that enable verifying whether the control properties still hold at code level. Then, we consolidate the solution by mapping the properties in both worlds using specification patterns as common language and we verify the correctness of this mapping. The mapping offers a reusable artifact to solve similar problems. Finally, we outline opportunities for future work, particularly to refine and extend the mapping and investigate how it can improve the engineering of self-adaptive systems for both SE and CT engineers.
@inproceedings{caldas2021towards, author = {Caldas, Ricardo and Ghzouli, Razan and Papadopoulos, Alessandro V. and Pelliccione, Patrizio and Weyns, Danny and Berger, Thorsten}, booktitle = {2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)}, title = {Towards Mapping Control Theory and Software Engineering Properties using Specification Patterns}, year = {2021}, volume = {}, number = {}, pages = {281-286}, keywords = {}, doi = {10.1109/ACSOS-C52956.2021.00067}, issn = {}, month = sep, } -
Body Sensor Network: A Self-Adaptive System Exemplar in the Healthcare DomainEric Bernd Gil, Ricardo Caldas, Arthur Rodrigues, and 3 more authorsIn 2021 International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), May 2021Recent worldwide events shed light on the need of human-centered systems engineering in the healthcare domain. These systems must be prepared to evolve quickly but safely, according to unpredicted environments and ever-changing pathogens that spread ruthlessly. Such scenarios suffocate hospitals’ infrastructure and disable healthcare systems that are not prepared to deal with unpredicted environments without costly re-engineering. In the face of these challenges, we offer the SA-BSN - Self-Adaptive Body Sensor Network - prototype to explore the rather dynamic patient’s health status monitoring. The exemplar is focused on self-adaptation and comes with scenarios that hinder an interplay between system reliability and battery consumption that is available after each execution. Also, we provide: (i) a noise injection mechanism, (ii) file-based patient profiles’ configuration, (iii) six healthcare sensor simulations, and (iv) an extensible/reusable controller implementation for self-adaptation. The artifact is implemented in ROS (Robot Operating System), which embraces principles such as ease of use and relies on an active open source community support.
@inproceedings{gil2021body, author = {Gil, Eric Bernd and Caldas, Ricardo and Rodrigues, Arthur and da Silva, Gabriel Levi Gomes and Rodrigues, Genaína Nunes and Pelliccione, Patrizio}, booktitle = {2021 International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)}, title = {Body Sensor Network: A Self-Adaptive System Exemplar in the Healthcare Domain}, year = {2021}, volume = {}, number = {}, pages = {224-230}, keywords = {}, doi = {10.1109/SEAMS51251.2021.00037}, issn = {2157-2321}, month = may, dimensions = {true}, }
2020
-
A Hybrid Approach Combining Control Theory and AI for Engineering Self-Adaptive SystemsRicardo Caldas, Arthur Rodrigues, Eric Bernd Gil, and 3 more authorsIn Proceedings of the IEEE/ACM 15th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, May 2020Control theoretical techniques have been successfully adopted as methods for self-adaptive systems design to provide formal guarantees about the effectiveness and robustness of adaptation mechanisms. However, the computational effort to obtain guarantees poses severe constraints when it comes to dynamic adaptation. In order to solve these limitations, in this paper, we propose a hybrid approach combining software engineering, control theory, and AI to design for software self-adaptation. Our solution proposes a hierarchical and dynamic system manager with performance tuning. Due to the gap between high-level requirements specification and the internal knob behavior of the managed system, a hierarchically composed components architecture seek the separation of concerns towards a dynamic solution. Therefore, a two-layered adaptive manager was designed to satisfy the software requirements with parameters optimization through regression analysis and evolutionary meta-heuristic. The optimization relies on the collection and processing of performance, effectiveness, and robustness metrics w.r.t control theoretical metrics at the offline and online stages. We evaluate our work with a prototype of the Body Sensor Network (BSN) in the healthcare domain, which is largely used as a demonstrator by the community. The BSN was implemented under the Robot Operating System (ROS) architecture, and concerns about the system dependability are taken as adaptation goals. Our results reinforce the necessity of performing well on such a safety-critical domain and contribute with substantial evidence on how hybrid approaches that combine control and AI-based techniques for engineering self-adaptive systems can provide effective adaptation.
@inproceedings{caldas2020hybrid, author = {Caldas, Ricardo and Rodrigues, Arthur and Gil, Eric Bernd and Rodrigues, Gena\'{\i}na Nunes and Vogel, Thomas and Pelliccione, Patrizio}, title = {A Hybrid Approach Combining Control Theory and AI for Engineering Self-Adaptive Systems}, year = {2020}, isbn = {9781450379625}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3387939.3391595}, doi = {10.1145/3387939.3391595}, booktitle = {Proceedings of the IEEE/ACM 15th International Symposium on Software Engineering for Adaptive and Self-Managing Systems}, pages = {9–19}, numpages = {11}, keywords = {hybrid, control theory, self-adaptive software, optimization}, location = {Seoul, Republic of Korea}, series = {SEAMS '20}, dimensions = {true}, }
2019
-
Taming Uncertainty in the Assurance Process of Self-Adaptive Systems: a Goal-Oriented ApproachGabriela Félix Solano, Ricardo Caldas, Genaína Nunes Rodrigues, and 2 more authorsIn 2019 IEEE/ACM 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), May 2019Goals are first-class entities in a self-adaptive system (SAS) as they guide the self-adaptation. A SAS often operates in dynamic and partially unknown environments, which cause uncertainty that the SAS has to address to achieve its goals. Moreover, besides the environment, other classes of uncertainty have been identified. However, these various classes and their sources are not systematically addressed by current approaches throughout the life cycle of the SAS. In general, uncertainty typically makes the assurance provision of SAS goals exclusively at design time not viable. This calls for an assurance process that spans the whole life cycle of the SAS. In this work, we propose a goal-oriented assurance process that supports taming different sources (within different classes) of uncertainty from defining the goals at design time to performing self-adaptation at runtime. Based on a goal model augmented with uncertainty annotations, we automatically generate parametric symbolic formulae with parameterized uncertainties at design time using symbolic model checking. These formulae and the goal model guide the synthesis of adaptation policies by engineers. At runtime, the generated formulae are evaluated to resolve the uncertainty and to steer the self-adaptation using the policies. In this paper, we focus on reliability and cost properties, for which we evaluate our approach on the Body Sensor Network (BSN) implemented in OpenDaVINCI. The results of the validation are promising and show that our approach is able to systematically tame multiple classes of uncertainty, and that it is effective and efficient in providing assurances for the goals of self-adaptive systems.
@inproceedings{solano2019taming, author = {Félix Solano, Gabriela and Caldas, Ricardo and Nunes Rodrigues, Genaína and Vogel, Thomas and Pelliccione, Patrizio}, booktitle = {2019 IEEE/ACM 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)}, title = {Taming Uncertainty in the Assurance Process of Self-Adaptive Systems: a Goal-Oriented Approach}, year = {2019}, volume = {}, number = {}, pages = {89-99}, keywords = {}, doi = {10.1109/SEAMS.2019.00020}, issn = {2157-2321}, month = may, }
2018
-
A Learning Approach to Enhance Assurances for Real-Time Self-Adaptive SystemsArthur Rodrigues, Ricardo Caldas, Genaı́na Nunes Rodrigues, and 2 more authorsIn Proceedings of the 13th International Conference on Software Engineering for Adaptive and Self-Managing Systems, May 2018The assurance of real-time properties is prone to context variability. Providing such assurance at design time would require to check all the possible context and system variations or to predict which one will be actually used. Both cases are not viable in practice since there are too many possibilities to foresee. Moreover, the knowledge required to fully provide the assurance for self-adaptive systems is only available at runtime and therefore difficult to predict at early development stages. Despite all the efforts on assurances for self-adaptive systems at design or runtime, there is still a gap on verifying and validating real-time constraints accounting for context variability. To fill this gap, we propose a method to provide assurance of self-adaptive systems, at design- and runtime, with special focus on real-time constraints. We combine off-line requirements elicitation and model checking with on-line data collection and data mining to guarantee the system’s goals, both functional and non-functional, with fine tuning of the adaptation policies towards the optimization of quality attributes. We experimentally evaluate our method on a simulated prototype of a Body Sensor Network system (BSN) implemented in OpenDaVINCI. The results of the validation are promising and show that our method is effective in providing evidence that support the provision of assurance.
@inproceedings{rodrigues2018learning, author = {Rodrigues, Arthur and Caldas, Ricardo and Rodrigues, Gena\'{\i}na Nunes and Vogel, Thomas and Pelliccione, Patrizio}, title = {A Learning Approach to Enhance Assurances for Real-Time Self-Adaptive Systems}, year = {2018}, isbn = {9781450357159}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3194133.3194147}, doi = {10.1145/3194133.3194147}, booktitle = {Proceedings of the 13th International Conference on Software Engineering for Adaptive and Self-Managing Systems}, pages = {206–216}, numpages = {11}, keywords = {real-time systems, assurance evidence, learning approach, goal-oriented, self-adaptive systems, data mining}, location = {Gothenburg, Sweden}, series = {SEAMS '18}, dimensions = {true}, }