Dagstuhl Seminar 25091
Tradeoffs in Reactive Systems Design
( Feb 23 – Feb 28, 2025 )
(Click in the middle of the image to enlarge)
Permalink
Please use the following short url to reference this page:
https://www.dagstuhl.de/25091
Organizers
- Jerónimo Castrillón-Mazo (TU Dresden, DE)
- Chadlia Jerad (University of Manouba, TN)
- Edward A. Lee (University of California - Berkeley, US)
- Claire Pagetti (ONERA - Toulouse, FR)
Contact
- Marsha Kleinbauer (for scientific matters)
- Susanne Bach-Bernhard (for administrative matters)
Shared Documents
- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Schedule
Reactive systems are software systems that engage in a continual dialogue with their environment. They constitute the software parts of cyber-physical systems where timely reactions are often critical to safety. Applications include autonomous vehicles, electric power systems, industrial automation, healthcare electronics, and robotics. Because the software engages in a continual dialog with its environment, it often has conflicting requirements. It needs to be predictable, but robust to unpredictable events; it needs to react in a timely manner, but this often requires reacting with inconsistent information; it needs to be adaptable, but demonstrably safe; and it needs to be secure, but accessible and available. Many conferences and workshops focus on one of the goals, such as achieving real-time behavior, without explicitly acknowledging the costs and without providing sound strategies for dealing with failures that prevent reaching the goals. The focus of this seminar was on the tradeoffs that are intrinsic in the design of such systems. When you make a system predictable, available, secure, or even demonstrably safe, what have you lost?
This seminar pulled in experts from manifold disciplines, both academic and industrial, to identify and discuss the fundamental limits in reactive systems design that make tradeoffs inevitable. In preparation for the seminar, the co-organizers reached out to leading experts among the participants and invited them to deliver four talks to frame the discussions for each of the first four days. Following this initial outreach, all participants were contacted and invited to contribute through short talks, position statements, and demonstrations of any relevant tools. The seminar format was kept flexible and open to allow space for ideas and key discussion points to emerge organically. In this context, the working groups described in Section 4 of the full report arose from the core ideas and challenges identified during the morning sessions. These groups held their discussions during the first half of the afternoon sessions of the first two days. The seminar was organized as described blow.
Day 1: Consistency vs. availability
Consistency is agreement on shared information across a distributed system. Availability is the ability to act on that shared information in a timely way. It has been shown that as latency increases when sharing such information, either consistency or availability or both must be sacrificed. This topic focused on how to manage this tradeoff. It included presentations proposing different ways to formalize the tradeoff, as well as examples of how it arises in software design. Two breakout groups formed on the first day, focusing on the topics “Distributed Music Challenge” and “Can AI Be Used in Critical Systems?”
Day 2: Timeliness vs. accuracy
Because reactive systems interact continuously with their environment, they need to sense and interpret that environment. Today, many such systems need to include sophisticated vision subsystems, audio information processing, motion sensing, etc. The computation required to interpret sensor data often implies unacceptable delays or impossible energy requirements. It is not acceptable for an automated vehicle to identify a pedestrian after it has hit the pedestrian. This topic focused on how to manage this tradeoff. Three breakout groups formed on the second day, focusing on the topics “Benchmarks for RT systems”, “Tradeoff of timeliness and accuracy”, and "Orchestration/coordination languages vs reactive languages.”
Day 3: Predictability vs. adaptability
Reactive systems often perform critical tasks. We need for them to behave predictably during normal operation, but also adapt to behave reasonably in abnormal situations. Recent innovations in machine learning promise significant improvements for the latter requirement, but it is unclear how to reconcile the use of ML with the former requirement. This topic focused on how to manage this tradeoff.
Day 4: Security vs. accessibility
When systems are secure, nothing bad happens even when malicious players are present. Achieving the goal that “nothing bad happens,” however, is trivially easy by ensuring that nothing at all happens. Security measures often get in the way of other goals. This topic will focus on how to manage this tradeoff. For example, techniques that offer tiered access to capabilities, taint analysis, or mixtures of encrypted and unencrypted communication might be explored. During the afternoon session, reports from the group discussions were shared, along with brief previews of the software demonstrations (teasers) scheduled for Day 5.
Day 5: Tools and Demos
This topic focused on tools that support analysis and design and make explicit the management of tradeoffs. The key goal of the groups was to feel the pain intrinsic to the tradeoffs that are the theme of the seminar. A total of five software tools tutorials were presented (see Section 5). Hands-on exercises were organized into two sessions, each consisting of parallel tracks. This structure was designed to give participants the opportunity to experiment with two of the five available tools, rather than one. The tools presented were: “Lingua Franca”, “Timed SCCharts”, “QRML”, “Rebecca”, and “HipHop”.
Creative Commons BY 4.0
Jerónimo Castrillón-Mazo, Chadlia Jerad, Edward A. Lee, and Claire Pagetti
Reactive systems are software systems that engage in a continual dialogue with their environment. They constitute the software parts of cyber-physical systems where timely reactions are often critical to safety. Applications include autonomous vehicles, electric power systems, industrial automation, healthcare electronics, and robotics. Because the software engages in a continual dialog with its environment, it often has conflicting requirements. It needs to be predictable, but robust to unpredictable events; it needs to react in a timely manner, but this often requires reacting with inconsistent information; it needs to be adaptable, but demonstrably safe; and it needs to be secure, but accessible and available. Many conferences and workshops focus on one of the goals, such as achieving real-time behavior, without explicitly acknowledging the costs and without providing sound strategies for dealing with failures that prevent reaching the goals. The focus of this seminar will be on the tradeoffs that are intrinsic in the design of such systems. When you make a system predictable, available, secure, or even demonstrably safe, what have you lost? This Dagstuhl Seminar will pull in experts from manifold disciplines to identify and discuss the fundamental limits in reactive systems design that make tradeoffs inevitable.
Jerónimo Castrillón-Mazo, Chadlia Jerad, Edward A. Lee, Marten Lohstroh, Christian Menard, and Claire Pagetti
Please log in to DOOR to see more details.
- Andres Barrilado (NXP Semiconductors - Toulouse, FR) [dblp]
- Grzegorz Bazydlo (University of Zielona Gora, PL) [dblp]
- Frédéric Boniol (ONERA - Toulouse, FR) [dblp]
- Hasna Bouraoui (TU Dresden, DE)
- Thomas Carle (Toulouse University, FR) [dblp]
- Jerónimo Castrillón-Mazo (TU Dresden, DE) [dblp]
- Samarjit Chakraborty (University of North Carolina at Chapel Hill, US) [dblp]
- Anupam Chattopadhyay (Nanyang TU - Singapore, SG) [dblp]
- Arthur Clavière (Collins Aerospace - Blagnac, FR) [dblp]
- Marc Geilen (TU Eindhoven, NL)
- Alain Girault (INRIA - Grenoble, FR) [dblp]
- Andrés Goens Jokisch (University of Amsterdam, NL) [dblp]
- Arpan Gujarati (University of British Columbia - Vancouver, CA) [dblp]
- Jérôme Hugues (Carnegie Mellon University - Pittsburgh, US) [dblp]
- Victor Jegu (Airbus S.A.S. - Toulouse, FR) [dblp]
- Erling Rennemo Jellum (University of California - Berkeley, US) [dblp]
- Chadlia Jerad (University of Manouba, TN) [dblp]
- Einar Broch Johnsen (University of Oslo, NO) [dblp]
- Hokeun Kim (Arizona State University - Tempe, US) [dblp]
- Edward A. Lee (University of California - Berkeley, US) [dblp]
- Shaokai Jerry Lin (University of California - Berkeley, US) [dblp]
- Claire Pagetti (ONERA - Toulouse, FR) [dblp]
- Jan Reineke (Universität des Saarlandes - Saarbrücken, DE) [dblp]
- Marcus Rossel (Barkhausen Institut - Dresden, DE)
- Selma Saidi (TU Braunschweig, DE) [dblp]
- Klaus Schneider (RPTU Kaiserslautern-Landau, DE) [dblp]
- Martin Schoeberl (Technical University of Denmark - Lyngby, DK) [dblp]
- Alexander Schulz-Rosengarten (Universität Kiel, DE) [dblp]
- Katharina Sedow (Saneon GmbH - Ismaning, DE)
- Manuel Serrano (INRIA - Sophia Antipolis, FR) [dblp]
- Marjan Sirjani (Mälardalen University - Västerås, SE) [dblp]
- Jonathan Sprinkle (Vanderbilt University - Nashville, US) [dblp]
- Eric Tutu Tchao (Kwame Nkrumah University of Science and Technology, GH)
- Lothar Thiele (ETH Zürich, CH) [dblp]
- Reinhard von Hanxleden (Universität Kiel, DE) [dblp]
- Eugene Yip (GLIWA GmbH & Co. KG, DE) [dblp]
Classification
- Distributed / Parallel / and Cluster Computing
- Programming Languages
- Systems and Control
Keywords
- Reactive systems
- Time-centric software
- Distributed systems
- Concurrent Programming Models
- Cyber-Physical Systems
