Simplex Architecture Meets RTLola
Bernd Finkbeiner, Jessica Schmidt, Maximilian Schwenger
Designing controllers for safety-critical cyber-physical systems is a challenging task due to their complex dynamics and only partial access to information. Despite these difficulties, machine learned controllers show remarkable success. Their outstanding performance is tarnished by an opaque structure that prohibits reasoning about their internals. A remedy for this problem is the Simplex architecture. It embeds an arbitrarily complex controller into a verifiable structure that monitors controller decisions. Upon detection of potentially harmful commands, the architecture falls back to a simple and safe controller. While validation of control decisions is easier than finding them, it still has to account for complex temporal dependencies. At the same time, deployment in embedded safety-critical system requires the monitor to be formally verifiable and to cope with strict resource limitations. In this talk we will discuss the monitoring module of the Simplex architecture on the example of an artificial pancreas and propose using the RTLOLA monitoring framework.