systems engineering and the sins of complex software
play

Systems Engineering and the Sins of Complex Software OSADL - PowerPoint PPT Presentation

Jun 23, 2023 •31 likes •231 views

Systems Engineering and the Sins of Complex Software OSADL Nicholas Mc Guire < safety@osadl.org > April 13, 2018 Nicholas Mc Guire (OSADL) c April 13, 2018 1 / 12 Why do we need regulation ? To establish a common problem space

  1. Systems Engineering and the Sins of Complex Software OSADL Nicholas Mc Guire < safety@osadl.org > April 13, 2018 � Nicholas Mc Guire (OSADL) c April 13, 2018 1 / 12

  2. Why do we need regulation ? To establish a common problem space definition To gain a common understanding of context and scope To ensure peer-review of solution space (industry, academia, public) � Nicholas Mc Guire (OSADL) c April 13, 2018 2 / 12

  3. Why do we need regulation ? To establish a common problem space definition To gain a common understanding of context and scope To ensure peer-review of solution space (industry, academia, public) Goal: Wide acceptance of technology in the technical community and society Defined limits and accepted responsibilities � Nicholas Mc Guire (OSADL) c April 13, 2018 2 / 12

  4. Acceptance Jumping orders of magnitude in acceptance ? 1.2M people killed in car accidents per year worldwide 0-1k people killed in civil aircraft per year What gets more attention in the media ? � Nicholas Mc Guire (OSADL) c April 13, 2018 3 / 12

  5. Acceptance Jumping orders of magnitude in acceptance ? 1.2M people killed in car accidents per year worldwide 0-1k people killed in civil aircraft per year What gets more attention in the media ? Controllability is a subjective issue - never the less it determines perceived responsibility and risk acceptance. � Nicholas Mc Guire (OSADL) c April 13, 2018 3 / 12

  6. What‘s in a standard ? Agreed upon consolidated state-of-the-art : encoded as processes, measures and techniques fit to the problem space � Nicholas Mc Guire (OSADL) c April 13, 2018 4 / 12

  7. What‘s in a standard ? Agreed upon consolidated state-of-the-art : encoded as processes, measures and techniques fit to the problem space What‘s the state-of-the-art for Autonomous Vehicles ? � Nicholas Mc Guire (OSADL) c April 13, 2018 4 / 12

  8. What‘s in a standard ? Agreed upon consolidated state-of-the-art : encoded as processes, measures and techniques fit to the problem space What‘s the state-of-the-art for Autonomous Vehicles ? What‘s the state-of-the-art for verifying AI/ML ? � Nicholas Mc Guire (OSADL) c April 13, 2018 4 / 12

  9. What‘s wrong with ISO 26262 Table driven safety Only covers low complexity systems Assumes software correctness implies behavioral correctness Software is considered to be deterministic Assumes a driver is in control ISO 26262 was classical micro-controllers and automotive applications consolidated into the then state-of-the-art for low complexity systems. � Nicholas Mc Guire (OSADL) c April 13, 2018 5 / 12

  10. What‘s wrong with ISO 26262 Table driven safety Only covers low complexity systems Assumes software correctness implies behavioral correctness Software is considered to be deterministic Assumes a driver is in control ISO 26262 was classical micro-controllers and automotive applications consolidated into the then state-of-the-art for low complexity systems. No standard — no (verifiable) safety properties � Nicholas Mc Guire (OSADL) c April 13, 2018 5 / 12

  11. What‘s wrong with ISO 26262 Table driven safety Only covers low complexity systems Assumes software correctness implies behavioral correctness Software is considered to be deterministic Assumes a driver is in control ISO 26262 was classical micro-controllers and automotive applications consolidated into the then state-of-the-art for low complexity systems. No standard — no (verifiable) safety properties Wrong standard — no safety either � Nicholas Mc Guire (OSADL) c April 13, 2018 5 / 12

  12. What is the state-of-the-art ? Thats really an open issue for autonomous vehicles - nobody knows ! Fundamental issues are unresolved (nondeterministic algorithms, FP-usage, reproducibility,...) Applicable domain standards do not exist yet Accepted procedures for establishing tolerable safety not agreed (if they exist at all) Expected behavior of systems - not agreed - not even understood V&V of AI/ML ? indicators and methods - not known � Nicholas Mc Guire (OSADL) c April 13, 2018 6 / 12

  13. Classes of Safe Systems Type A System (low complexity) The failure modes are well-defined; and 1 The behavior under fault conditions can be completely defined 2 Type B Systems (complex) The failure modes are not well-defined; or 1 The behavior under fault conditions cannot be completely 2 defined � Nicholas Mc Guire (OSADL) c April 13, 2018 7 / 12

  14. Classes of Safe Systems Type A System (low complexity) The failure modes are well-defined; and 1 The behavior under fault conditions can be completely defined 2 Type B Systems (complex) The failure modes are not well-defined; or 1 The behavior under fault conditions cannot be completely 2 defined Type C Systems ? (high complexity ?) What constitutes a failure is not well-understood; or 1 The behavior under absence of (SW/HW) faults cannot be 2 completely defined In autonomous systems the correlation between software correctness and system behavior is essentially lost. � Nicholas Mc Guire (OSADL) c April 13, 2018 7 / 12

  15. Common fallacies Using wrong standards and Checklist safety Functional focus - safety as post-processing event Hazard mitigation before hazard elimination Keep it simple at the code rather than the design level Correct code does not imply correctness of behavior in AI Focus on local mitigations rather than system scope Focus on confirmation of acceptability rather than risk assessment Building compliant rather than safe system Separation of safety competence and decision authority Lack of communication with respect to safety issues Lack of responsibility for and awareness of safety issues Time/market and management pressure: functional focus ... � Nicholas Mc Guire (OSADL) c April 13, 2018 8 / 12

  16. Why this - What changed ? Totally different solution space - data & behavior - > evolution Fundamental change of software capabilities needed Change of legal environment Novel, untested, unexplored, not understood technologies It seems nobody bothered to build a solid foundation And then there is this complexity problem - nobody has a clue how to manage this level of complexity for safety - absolutely nobody. � Nicholas Mc Guire (OSADL) c April 13, 2018 9 / 12

  17. What are some mitigations ? (finally) Introduce system-safety engineering in automotive industry - there is no such things as SEooC for novel systems. Establish and then agree on the state-of-the-art Develop a set of suitable standards Jointly define a legal environment: Vienna Convention on Road Traffic++ ?, security ?, data ownership ? Build up a safety awareness/culture around autonomy related technologies in academia and industry Educate the public (including politicians) on benefits and safety risks ... � Nicholas Mc Guire (OSADL) c April 13, 2018 10 / 12

  18. Conclusion Safe processes depends on an established state-of-the-art Coordination and standardization is mandatory for safety The existing measures and techniques/metrics will not do A set of domain standards for autonomous vehicles needed Establishing new methods is research and has no guranteed time-line - it‘s done when it‘s done - product time-lines are not relevant for safety Safety in autonomous vehicles is not going to be achieved as an add-on to a conglomerate of unverifiable assist-systems. � Nicholas Mc Guire (OSADL) c April 13, 2018 11 / 12

  19. Rant Rail industry worked on autonomy for 50 years and brought it into service in safe step-by-step mode - did you hear much about this in the news ? If business interests decide safety it will be a (continued) bloody mess - with nobody taking responsibility. Lets iterartively build a solid foundations first — understood Technology, agreed Standards and sound Regulations. � Nicholas Mc Guire (OSADL) c April 13, 2018 12 / 12

  20. Rant Rail industry worked on autonomy for 50 years and brought it into service in safe step-by-step mode - did you hear much about this in the news ? If business interests decide safety it will be a (continued) bloody mess - with nobody taking responsibility. Lets iterartively build a solid foundations first — understood Technology, agreed Standards and sound Regulations. Expect the first safe autonomous vehicles on the road in 2040+ Thanks ! � Nicholas Mc Guire (OSADL) c April 13, 2018 12 / 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Appreciate Software Engineering: Build complex software systems in the

Introduction Appreciate Software Engineering: Build complex software systems in the

Objectives Introduction Appreciate Software Engineering: Build complex software systems in the Chapter 1 context of frequent change Understand how to produce a high quality software system within the allowed time deal

411 views • 5 slides
1 Concurrent Systems Distributed Systems Typically: Typically: Multithreaded or

1 Concurrent Systems Distributed Systems Typically: Typically: Multithreaded or

Today Chair of Software Engineering Complex Systems Software Engineering What is it? Prof. Dr. Bertrand Meyer Examples Dr. Manuel Oriol Technologies involved Dr. Bernd Schoeller Dynamically Evolvable Systems What is it?

375 views • 10 slides
Programming in the large Engineering complex software systems Computadores II / 2005-2006

Programming in the large Engineering complex software systems Computadores II / 2005-2006

Programming in the large Engineering complex software systems Computadores II / 2005-2006 Characteristics of RT Systems Large and Complex Concurrent control of system components Facilities for hardware control Extremely reliable

742 views • 28 slides
Software Engineering Prof. Dr. Bertrand Meyer Dr. Manuel Oriol Dr. Bernd Schoeller Lectures 20:

Software Engineering Prof. Dr. Bertrand Meyer Dr. Manuel Oriol Dr. Bernd Schoeller Lectures 20:

Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer Dr. Manuel Oriol Dr. Bernd Schoeller Lectures 20: Engineering Complex Systems Today Complex Systems What is it? Examples Technologies involved

770 views • 55 slides
Software Engineering for Embedded Systems Software Engineering for Embedded Systems Dr.-Ing.

Software Engineering for Embedded Systems Software Engineering for Embedded Systems Dr.-Ing.

Software Engineering for Embedded Systems Software Engineering for Embedded Systems Dr.-Ing. Mohammad. Abdullah Al Faruque Dipl.-Inform. Sebastian Kobbe CES - C hair for E mbedded S ystems (Prof. Dr. Jrg Henkel) Department of Computer Science

847 views • 72 slides
Grace Q&amp;A with Ken Legg 1) What does this mean? If you forgive the sins of any, they

Grace Q&amp;A with Ken Legg 1) What does this mean? If you forgive the sins of any, they

Grace Q&amp;A with Ken Legg 1) What does this mean? If you forgive the sins of any, they are forgiven them; if you retain the sins of any, they are retained (John 20:23) 1) Only God can forgive sins 2) All our sins were paid for at

609 views • 24 slides
Software development lifecycle The power of process How complex is software? What is complex?

Software development lifecycle The power of process How complex is software? What is complex?

Software Life Cycle Software development lifecycle The power of process How complex is software? What is complex? How complex is software? Measures of complexity: lines of code number of classes number of modules module

752 views • 38 slides
Testing &amp; Debugging TB-1 Need for Testing Software systems are inherently complex

Testing &amp; Debugging TB-1 Need for Testing Software systems are inherently complex

Testing &amp; Debugging TB-1 Need for Testing Software systems are inherently complex Large systems 1 to 3 errors per 100 lines of code (LOC) Extensive verification and validiation is required to build quality software Verification

779 views • 34 slides
Software Engineering Designing, building and maintaining large software systems CS 422

Software Engineering Designing, building and maintaining large software systems CS 422

Chapter 1 Chapter 1 An Introduction to Software Engineering Learning Objective ...to give an appreciation for and to introduce software engineering and to place it into context with the system engineering process , process models and some of the

191 views • 15 slides
Case Study: Complex Systems Engineering Colin Williams IBM Continuous Engineering: Solutions

Case Study: Complex Systems Engineering Colin Williams IBM Continuous Engineering: Solutions

Case Study: Complex Systems Engineering Colin Williams IBM Continuous Engineering: Solutions Executive Introduction Purpose of the presentation: Will be to illustrate how applied systems engineering and project management go hand in hand in

260 views • 10 slides
An Architecture-Centric Approach for Software Engineering with for Software Engineering with

An Architecture-Centric Approach for Software Engineering with for Software Engineering with

An Architecture-Centric Approach for Software Engineering with for Software Engineering with Situated Multiagent Systems PhD Defense Danny Weyns Katholieke Universiteit Leuven October 11, 2006 Supervisors Tom Holvoet &amp; Pierre Verbaeten

779 views • 48 slides
Software Architectures of Dependable Systems: From Closed to Open Systems V. Issarny et al.

Software Architectures of Dependable Systems: From Closed to Open Systems V. Issarny et al.

Software Architectures of Dependable Systems: From Closed to Open Systems V. Issarny et al. INRIA Rocquencourt, France Architecture-based Development of Complex Software Systems Benefits wrt systems robustness Methods and tools

562 views • 27 slides
Runtime Models as Interfaces for Adapting Software Systems Seminar on Software Engineering for

Runtime Models as Interfaces for Adapting Software Systems Seminar on Software Engineering for

Runtime Models as Interfaces for Adapting Software Systems Seminar on Software Engineering for Self-Adaptive Systems Schloss Dagstuhl, October 24-29, 2010 Thomas Vogel System Analysis and Modeling Group Hasso Plattner Institute University of

306 views • 14 slides
COMPLEX MODES IN LINEAR STOCHASTIC SYSTEMS S. Adhikari Department of Engineering University of

COMPLEX MODES IN LINEAR STOCHASTIC SYSTEMS S. Adhikari Department of Engineering University of

COMPLEX MODES IN LINEAR STOCHASTIC SYSTEMS S. Adhikari Department of Engineering University of Cambridge Trumpington Street Cambridge CB2 1PZ (U.K.) October, 2000 Outline of the Talk Introduction Viscously Damped Systems Complex

497 views • 15 slides
Model-Driven Software Engineering of Self- Adaptive Systems NTH Graduate School, 28.01.2011

Model-Driven Software Engineering of Self- Adaptive Systems NTH Graduate School, 28.01.2011

Model-Driven Software Engineering of Self- Adaptive Systems NTH Graduate School, 28.01.2011 Holger Giese System Analysis &amp; Modeling Group, Hasso Plattner Institute for Software Systems Engineering at the University of Potsdam, Germany

560 views • 45 slides
SOFTWARE ARCHITECTURE SOFTWARE ARCHITECTURE OF AI-ENABLED SYSTEMS OF AI-ENABLED SYSTEMS

SOFTWARE ARCHITECTURE SOFTWARE ARCHITECTURE OF AI-ENABLED SYSTEMS OF AI-ENABLED SYSTEMS

SOFTWARE ARCHITECTURE SOFTWARE ARCHITECTURE OF AI-ENABLED SYSTEMS OF AI-ENABLED SYSTEMS Christian Kaestner Required reading: Hulten, Geoff. &quot; Building Intelligent Systems: A Guide to Machine Learning Engineering. &quot; Apress, 2018,

1.51k views • 88 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Natural Language Parsing with Context-Free Grammars SPFLODD

Natural Language Parsing with Context-Free Grammars SPFLODD

Natural Language Parsing with Context-Free Grammars SPFLODD September 10, 2013 What is Parsing? General answer: analyze text with respect to

1.06k views • 73 slides
July 29, 2018 WHY I PICKED POSTGRES OVER ORACLE WHY WHY This presentation Open source

July 29, 2018 WHY I PICKED POSTGRES OVER ORACLE WHY WHY This presentation Open source

July 29, 2018 WHY I PICKED POSTGRES OVER ORACLE WHY WHY This presentation Open source Change glasses WHY THIS PRESENTATION Its a journey To boldly go Why not? WHY OPEN SOURCE 2nd wave Traditional business

592 views • 48 slides
P2P: Storage Overall outline (Relatively) chronological overview of P2P areas: What is

P2P: Storage Overall outline (Relatively) chronological overview of P2P areas: What is

P2P: Storage Overall outline (Relatively) chronological overview of P2P areas: What is P2P? Filesharing structured networks storage the cloud Dynamo Design considerations Challenges and design

509 views • 40 slides
Financing on-site power in Myanmar On-site power for off-grid telecom tower Grid-tied rooftop

Financing on-site power in Myanmar On-site power for off-grid telecom tower Grid-tied rooftop

Financing on-site power in Myanmar On-site power for off-grid telecom tower Grid-tied rooftop solar for commercial customer 36 million Number of Myanmar people without electricity 217 kWh Average annual per capita energy consumption 15%

1.31k views • 10 slides
Incorporating Engineering Knowledge Max Yi Ren, Panos Y. Papalambros University of Michigan, Ann

Incorporating Engineering Knowledge Max Yi Ren, Panos Y. Papalambros University of Michigan, Ann

Adaptive Choice-Based Conjoint Analysis Incorporating Engineering Knowledge Max Yi Ren, Panos Y. Papalambros University of Michigan, Ann Arbor IDETC14 Buffalo, NY Aug 19 th , 2014 Motivation (1/2) partworth Engineering Survey or &amp;

489 views • 17 slides
RegML 2020 Class 4 Regularization for multi-task learning Lorenzo Rosasco UNIGE-MIT-IIT

RegML 2020 Class 4 Regularization for multi-task learning Lorenzo Rosasco UNIGE-MIT-IIT

RegML 2020 Class 4 Regularization for multi-task learning Lorenzo Rosasco UNIGE-MIT-IIT Supervised learning so far Regression f : X Y R Classification f : X Y = { 1 , 1 } What next? Vector-valued f : X Y R T

742 views • 47 slides
3. Preference Learning Techniques 4. Complexity of Preference Learning 5. Conclusions 1 ECAI

3. Preference Learning Techniques 4. Complexity of Preference Learning 5. Conclusions 1 ECAI

AGENDA 1. Preference Learning Tasks 2. Performance Assessment and Loss Functions 3. Preference Learning Techniques 4. Complexity of Preference Learning 5. Conclusions 1 ECAI 2012 Tutorial on Preference Learning | Part 5 | J. Frnkranz &amp;

478 views • 6 slides

More recommend