Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University


One of the challenges for CPSs is that they must be able to adapt to anomalies in themselves and in their environments, such as a degraded or failed sensor, and problems with systems to which they connect, including the infrastructure they use. Because CPSs will be ubiquitous, it will not be possible to have human operators continuously monitoring and managing them. Consequently, CPSs will be required to monitor themselves and take corrective actions as needed, either to fix problems or to improve their behavior.

Although CPSs of today have some ability to deal with changes in the environment, the approaches used to do so have several drawbacks. As an example, the adaptation code is typically entangled with the application code in the form of exception handling or conditionals. This low-level handling of the adaptation may result in taking inadequate actions that are based only on information local to that particular component. For example, one component may decide to retry sending a request to another component, assuming that the previous request was lost, when the appropriate action would be to stop sending requests until the target component, which had failed in this case, is restarted. In order to be able to make the appropriate decision in situations like this, it is necessary to have a more comprehensive and higher level view of the system to reason about the problem and the required adaptation to deal with it. The system's architecture provides the high-level perspective required to reason about the system itself and the adaptations.

In architecture-based self-adaptation, a model of the architecture of the running system is maintained at runtime and used to reason about the changes that should be made to the system to achieve the desired quality attributes. Several existing techniques for analyzing software architectures can be used to reason about the current system configuration and the possible alternatives to which it could adapt. For example, the recent self-diagnosis approaches can identify the architectural element most likely to have caused a failure, and the performance of different alternative architectures can be analyzed by transforming their architecture models into performance models that can be evaluated.

We are developing approaches to improve architecture-based self-adaptation so that adaptations can be done proactively rather than as reaction to changes. Achieving this requires explicitly considering the time it takes for adaptation strategies to be executed. Furthermore, we are using probabilistic model checking to quantitatively verify properties of the self-adaptive system.