Rigorous engineering of collective adaptive systems – 2nd special section

An adaptive system is able to adapt at runtime to dynamically changing environments and to new requirements. Adaptive systems can be single adaptive entities or collective ones that consist of several collaborating entities. Rigorous engineering requires appropriate methods and tools that help guaranteeing that an adaptive system lives up to its intended purpose. This paper introduces the special section on “Rigorous Engineering of Collective Adaptive Systems.” It presents the 11 contributions of the section categorizing them into ﬁve distinct research lines: correctness by design and synthesis, computing with bio-inspired communication, new system models, machine learning, and programming and analyzing ensembles.


Introduction
A collective adaptive system (CAS), often referred to as an ensemble, is composed of collaborating entities capable of adjusting dynamically to evolving and open-ended environments, as well as to new requirements that arise during runtime [46,51].Often, the individual entities within such a system possess distinct properties and objectives.The interactions among these entities, or with humans, can lead to unforeseen emergent phenomena.
In the contemporary landscape, numerous systems exemplify both collectiveness and adaptiveness.Notable examples include intelligent systems such as smart cities and advanced transportation networks, cyber-physical systems like swarms of robots and sensor networks, and socio-technical systems like distributed energy grids.
The rigorous engineering of CASs demands the application of appropriate methodologies and tools to ensure these systems maintain alignment with their intended purposes even in the face of dynamically changing environments.This comprehensive endeavor encompasses: • Theory development: Creating robust theories for the design and analysis of CASs.• Programming and management techniques: Developing specialized techniques for effectively programming and managing these intricate systems.• Systematic mechanism creation: Employing systematic methods for crafting adaptive mechanisms that respond intelligently to evolving conditions.• Validation and verification: Implementing rigorous techniques for validating and verifying the functionality and reliability of these systems.• Security and trust enhancement: Incorporating strategies to enhance security and trustworthiness, ensuring the integrity of the system's operation.• Performance optimization: Striving for performance optimization and enhancing efficiency while preserving system adaptability and effectiveness.

Research projects and workshop series
The European Commission was one of the main drivers of the research on ensembles and CASs.
The starting point was the "Global Computing Initiative"1 with projects such as AGILE [5] and MIKADO [12] on mobile computing [64] and with the Interlink workshop series [71].Subsequently the influential European research programs "Self-Awareness in Autonomic Systems"2 and "Fundamentals of Collective Adaptive Systems"3 funded projects such as ASCENS [72,74] on "Autonomic Service-Component ENSembles," SAPERE [77] on "Self-Aware PERvasive service Ecosystems," ALLOW Ensembles [24] on large-scale collective adaptive ensembles, and QUAN-TICOL [18] on a quantitative approach to the design and management of collective and adaptive behaviors.
More recent related initiatives and projects are the German Transregional Collaborative Research Centre 248 "Foundations of Perspicuous Software Systems"4 and the Italian collaborative project "IT-Matters".5There are several related workshop series, e.g., on "Engineering Collective Adaptive Systems"6 and on "Formal Methods for Autonomous Systems (FMAS)".7 This special section on "Rigorous Engineering of Collective Adaptive Systems" is a follow-up of the first special section on this topic [35] and was inspired by five successful tracks [34,50,73,75,76] at the ISoLA conferences in 2014 [54], 2016 [55], 2018 [56], 2020 [57], and 2022 [58].

Contents
The 11 papers included in this special section are revised and extended versions of papers originally presented at the ISoLA 2022 track [76].They all closely align with the global challenges outlined above ranging from advancing theoretical foundations to ensuring correctness and optimal performance.In the following sections, we provide brief overviews of the papers, categorizing them into five distinct research lines: • correctness by design and synthesis, • computing with bio-inspired communication, • new system models, • machine learning, • programming and analyzing ensembles.For each category, we also highlight recent research results related to the respective line.

Correctness by design and synthesis
Building correct software systems presents a grand challenge.Although CASs often exhibit considerable complexity, certain critical components can be synthesized or constructed correctly through compositional reasoning processes.The two papers in this section exemplify two complementary approaches.
The paper titled "Correct by Design Coordination of Autonomous Driving Systems" [22] by Marius Bozga and Joseph Sifakis presents a "correct-by-design" approach for ensuring accurate coordination in autonomous driving systems.These systems are real-time distributed systems where components possess only partial knowledge of their environment.Their behavior is subject to influence from temporal and spatial changes, and they must simultaneously satisfy both individual and collective goals.The development of reliable autonomous driving systems entails addressing significant challenges, including system modeling, specification of traffic rules, system construction, and verification of system correctness.
The approach of Bozga and Sifakis builds upon earlier work [21] related to collision avoidance policies and the representation of autonomous driving systems, combining static environment maps with vehicle dynamics.An autonomous driving system is seen as a dynamic system consisting of a map and a set of vehicles moving along specific routes.It is managed by a runtime which computes the available spaces for vehicles based on their positions and attributes.Applying assume-guarantee reasoning, Bozga and Sifakis establish the principle of a safe control policy for vehicles, ensuring they adhere to their allocated free space.They introduce speed control policies that both comply with safety contracts and are non-blocking.Traffic regulations are expressed through linear-time temporal logic formulas that impose speed limitations on vehicles.The primary outcome is the development of secure free space policies, guaranteeing that the system's behavior, when implemented, is inherently safe in accordance with the contracts governing the vehicles and the runtime.
Strategy synthesis in games is a timely research field (see [45] for an overview) with applications in many domains, encompassing transportation, medical systems, and CASs.Integrating strategy synthesis with methods like spatial model checking is a promising topic which can lead to better modeling and analysis capabilities for CASs.
In the second paper of this section, titled "An Experimental Toolchain for Strategy Synthesis with Spatial Proper-ties" [67], by Maurice ter Beek, Davide Basile, Laura Bussi, and Vincenzo Ciancia, the authors demonstrate the practical application of strategy synthesis to ensure spatial properties.They introduce a toolchain that seamlessly integrates CATLib [6] and VoxLogicA [8], enabling full automation.CATLib is a tool for game composition and strategy synthesis relying on finite state automata, while VoxLogicA is a spatial model checker facilitating the verification of properties related to (pixels of) digital images.The authors exemplify their approach with two case studies in strategy synthesis on automata: one is a fundamental example that encodes agent motion in image-based spaces, and the other is a realistic proof-of-concept derived from a railway domain case study.Notably, the latter example is a novel addition, and substantial enhancements have been made to both the toolchain and the model-checking procedure compared to the paper presented at the ISOLA 2022 conference [7].

Computing with bio-inspired communication
Biological and natural systems, like bird flocks, ant colonies, and insect swarms, have captivated researchers due to their complex, emergent behaviors.Understanding these phenomena has involved diverse mathematical approaches, including graph theory [62], statistical mechanics [17], and optimization algorithms [40].The paper "A causal, time independent synchronization pattern for collective adaptive systems" by Peter Fettke and Wolfgang Reisig, a revised version of their previous work [42], relies on Petri nets for formal foundations and advocates the Heraklit approach [41] for modeling the behavior of artificial ants.Heraklit is a modern component-based modeling language and tool.Dynamic behavior is expressed by symbolic Petri nets and thus structured along causal dependencies, and not along temporal relations.The Heraklit approach is exemplified through a case study involving "ants on a bar" and the "net-atom" design pattern is introduced as a generalization of the ant example.
Heraklit, as well as most of the abovementioned approaches, focuses on global, top-down system behavior.In contrast, the paper "Modelling Flocks of Birds and Colonies of Ants from the Bottom Up" [38] by Rocco De Nicola, Luca Di Stefano, Omar Inverso, and Serenella Valiani argues for a different, bottom-up approach.This approach involves defining systems in terms of their individual components and local rules, allowing for the natural emergence of collective behavior.The advantages of this approach are demonstrated through a diverse set of examples, including instances of flocking behavior, ant colonies, and group dynamics.The paper places a strong emphasis on the use of formal languages to facilitate the use of automatic tools for efficient simulation and formal analysis.This approach paves the way for scalable, adaptive system designs that draw inspiration from principles found in natural systems.Building upon the work presented in [37], this paper extends the research by introducing fresh examples and presenting new evaluation results to substantiate and further validate the proposed approach.

New system models
Several approaches to system modeling in the context of CASs are known.These approaches encompass various methodologies, including process-oriented system models, exemplified by the SCEL language [33], the ensemble system model [47], and a stream-based approach [23].These system models consider collections of individual entities as ensembles.When dealing with a large number of agents, individually examining each agent's state becomes impractical.For example, in scenarios involving swarms of droids or autonomous taxis, tracking the details of each agent is prohibitively costly or even unfeasible.Instead, the focus shifts toward achieving the collective objectives of the group, such as coordinating droid choreography or ensuring uniform taxi coverage in urban areas.Statistical approaches such as chemical reaction networks (see, e.g., [27]), fluid approximation (see, e.g., [19]), or mean-field approximation (see, e.g., [20]) are preferred for analyzing the collective behavior of such systems.These approaches treat the agents' states as real numbers and concentrate on aggregate properties, offering a more practical means of studying large-scale CAS scenarios.
The paper "A Kinetic Approach to Study the Collective Dynamics of Multi-Agent Systems" [60] by Stefania Monica, Federico Bergenti, and Franco Zambonelli introduces the Kinetic Theory of Multi-Agent Systems (KTMAS), which is a statistical approach for analyzing the asymptotic collective dynamics of decentralized multi-agent systems.KTMAS is specifically designed to investigate the long-term behavior of these systems, where agents influence each other's states through direct messaging.The paper builds on previous work [59], extending it to provide an analytic framework for characterizing KTMAS.This framework supports both descriptive and prescriptive reasoning for understanding and designing the long-term behavior of large multi-agent systems.Importantly, it offers an alternative to simulations.By applying the framework to multi-agent systems employing the symmetric gossip algorithm, the authors demonstrate the accuracy and effectiveness of KTMAS.They provide rigorous proof for two asymptotic properties of the symmetric gossip algorithm and validate them by comparing the results with independent simulations conducted on a multi-agent implementation.
The second paper in this section "A Modal Approach to Conscious Social Agents" [30] by Chen Yifeng and J. W. Sanders aims at a fundamental mathematical model for the notions of awareness, consciousness, and empathy of agents.The quest for a universally accepted definition of consciousness has been elusive across diverse fields like neuroscience, philosophy, physics, computer science, and mathematics.In response, this paper takes an innovative approach by introducing laws of modal logic that are designed to describe and capture the essential properties of consciousness.The ultimate goal is to develop a comprehensive set of laws that characterize consciousness, offering a fresh perspective on this complex and multifaceted phenomenon.The study builds upon the approach introduced in prior work by the same authors [29] and focuses on systems where agents coexist within a habitat alongside an external environment.This ecosystem undergoes dynamic changes over time, involving shifts in agent behaviors, interactions, and adaptations.The research investigates agent interactions and empathy with a particular emphasis on awareness, utilizing reflexive theories to infer properties of consciousness, specifically as they relate to awareness of awareness.The theory is founded on falsifiable observations, with laws expressed based on this framework, leading to a collection of consistent laws.The study also delves into empathy, especially among eusocial animals (colonial animal species that live in multigenerational family groups) and creatures with social interactions, and applies this formalism to human empathy tests and AIrelated scenarios -the so-called Sally-Anne Test of human empathy and the Keynesian Beauty Contest.

Machine learning
Many modern smart systems, like Industry 4.0 manufacturing systems, are self-adaptive systems, which continually monitor their performance, adapt their behavior, and optimize themselves to align with changing conditions.Such systems often comprise multiple components that need coordinated adaptation and optimization.Traditionally, component-based frameworks and adaptation rules (see, e.g., [25,36,65]) were used for guiding system reconfiguration, but as data-driven approaches gain prominence, machine learning and neural networks are used for controlling how cooperating agent systems are dynamically formed and reconfigured at runtime (see, e.g., [9,44,53,70]).Neural networks are integrated into the self-adaptation loop, specifically the MAPE-K loop [48], which guides real-time decisions and architectural changes, such as service routing and deployment.Traditionally, component-based frameworks and adaptation rules (see, e.g., [25,36,65]) were used for guiding system reconfiguration.However, with the increasing prominence of data-driven approaches, the landscape has evolved.Machine learning and neural networks now play a pivotal role in orchestrating the dynamic formation and reconfiguration of cooperating agent systems at runtime (see, e.g., [9,44,53,70]).Neural networks have been seamlessly integrated into the self-adaptation loop, particularly within the MAPE-K loop framework [48].This integration guides real-time decisions and architectural changes, encompassing tasks such as service routing and deployment.
Nevertheless, a noteworthy challenge in this domain concerns the somewhat ad-hoc integration, often lacking a welldefined architectural framework.The core of this challenge lies in the absence of abstract architectural models capable of elegantly encapsulating machine learning and data-driven optimization strategies across many different system components.
The paper "Machine-learning abstractions for componentbased self-optimizing systems" authored by Michal Töpfer, Milad Abdullah, Tomáš Bureš, Petr Hnetynka, and Martin Kruliš effectively addresses this gap by introducing a novel component model called ML-DEECo.This model features dedicated abstractions for supervised learning and optimization heuristics, with a demonstrated use case in Industry 4.0 settings.The authors provide a Python-based implementation that illuminates the entire automated learning process, from data collection to real-time inference.This not only streamlines the development of the learning loop but also reduces the level of expertise required for implementation.The paper provides also a detailed description of how machine learning is integrated into the ML-DEECo component model.
Neural networks also offer the advantage of learning unforeseen stochastic relationships (see, e.g., [9,39]), making adaptations more refined and dynamic.However, switching entirely from rule-based to neural network-based adaptations can lead to the loss of domain knowledge and complexity issues.
The paper "Generating Adaptation Rule-Specific Neural Network" authored by Tomáš Bureš, Petr Hnetynka, Martin Kruliš, František Plášil, Danylo Khalyeyev, Sebastian Hahner, Stephan Seifermann, Maximilian Walter, and Robert Heinrich addresses two crucial research questions: how to infuse domain knowledge encoded in logical rules into neural network learning and how to incrementally transition from rules to neural networks.To tackle these issues, the authors introduce the rule-specific neural network (rsNN) method.This approach systematically converts adaptation rules into corresponding rsNNs, tailored to the logical predicates found within the rules.Additionally, atomic "attunable" predicates further refine these constructs before integration.The paper includes motivating examples and illustrates the rsNN approach.

Programming and analyzing ensembles
The last part of this special section discusses novel programming and analysis techniques for multi-robot systems and reconfigurable interacting systems.
Developing software for a single autonomous robot is challenging, but the complexity amplifies in multi-robot systems (MRSs), where seamless cooperation among robots is imperative.Existing software tools like Robot Operating System (ROS; see, e.g., [52]) have undoubtedly facilitated robotics application development.However, they often necessitate grappling with low-level intricacies, which can be time consuming and error-prone.To alleviate these challenges, researchers have proposed the adoption of modeldriven engineering principles and higher-level language abstractions to streamline development processes (see, e.g., [28]).In particular, in [14], an approach was introduced integrating the X-KLAIM language [13] with ROS for single robots, and this approach was later extended to MRSs [15].X-KLAIM [11] is a programmer-friendly extension of the coordination language Kernel Language for Agents Interaction and Mobility (KLAIM; [32]) with high-level process constructs.It is worth noting that KLAIM served as the foundational inspiration for developing the kernel language Service Component Ensemble Language (SCEL; [33]), designed specifically for crafting CASs.
The paper "Coordinating and Programming Multiple ROS-based Robots with X-KLAIM" [16] authored by Lorenzo Bettini, Khalid Bourr, Rosario Pugliese, and Francesco Tiezzi represents a significant enhancement to the approach initially introduced in [15].In this paper, the authors introduce a novel structuring of robot behavior into distinct layers, resulting in more readable and maintainable code.Two warehouse scenarios showcase the incremental development enabled by this methodology for MRS.The proposed framework serves as a proof-of-concept for applying the tuple space-based paradigm to the realm of MRS software development.With experiments comparing a Javabased implementation against the conventional ROS Pythonbased approach, the paper demonstrates slightly higher but acceptable latency and lower memory consumption in the Java code, underlining the practicality of their approach.
Like ensembles, Reconfigurable Interacting Systems [1], or Reconfigurable MASs for short, consist of a set of autonomous agents that interact based on mutual interest.These systems exhibit opportunistic interactions through reconfiguration, group formation, and self-organization.Typically, Reconfigurable MASs deal with smaller-scale systems than CASs.
The paper "Language Support for Verifying Reconfigurable Interacting Systems" by Yehia Abd Alrahman, Shaun Azzopardi, Luca Di Stefano, and Nir Piterman presents R-CHECK, a toolkit for designing and verifying Reconfigurable MASs.R-CHECK builds upon ReCiPe's symbolic semantics and extends it with a minimalistic high-level programming language.Furthermore, it integrates the interaction logic ltol [1] to facilitate reasoning about interaction strategies.R-CHECK offers a comprehensive toolkit that includes simulation and visualization of model checking counterexamples.This functionality empowers users to perform thorough verification of high-level features, such as channel mobility, reconfiguration, coalition formation, and self-organization.The initial version of R-CHECK was introduced in [2].The paper in this issue, referenced as [3], extends R-CHECK's capabilities.It now includes native support for reasoning about message exchange and incorporates a native interpreter designed specifically for the semantics of R-CHECK models.
The paper "Comparing Perfomance Abstractions for Collective Adaptive Systems" [61] by Maurizio Murgia, Riccardo Pinciroli, Catia Trubiani, and Emilio Tuosto focuses on the quantitative analysis of CASs.Utilizing a multi-robot scenario, the paper demonstrates the application of two distinct approaches for performance analysis: one based on queuing networks [49] and the other on generalized stochastic Petri nets [31,63] (for another use of Petri nets in CASs, see [43] in this issue).These approaches differ in their methodologies.The former automatically compiles the model from a behavioral specification in the style of the AbC calculus [4], while the latter requires the designer to directly create a performance model.The paper investigates three different coordination scenarios: independent non-communicating autonomous robots, collaborating robots, and a centralized architecture where the robots are guided by a coordinator.The paper extensively compares and discusses the advantages and disadvantages of the various specification methodologies and architectural styles.A noteworthy observation is that, in all cases, the analysis yields a high agreement between the obtained model-based performance predictions.

Concluding remarks
Engineering CASs constitutes a dynamic research field characterized by a multitude of challenges, with a primary focus on the adaptivity and autonomy of both agents and systems.This special issue comprehensively addresses a range of topics, including correctness by design and synthesis, bioinspired communication systems, novel system models, machine learning, and the programming and analysis of ensembles.Notably, machine learning techniques play a crucial role in complementing rigorous (formal) methods, especially in data-driven applications and systems operating in dynamically changing environments and adapting to evolving requirements.
The story does not end here.In the near future, large language models such as OpenAI's GPT [66], Google's Bard [68], and Meta's Llama [69] will offer new opportunities for software construction [10,26] and may also influence the way how CASs are built.This might be the topic for the next special section of STTT.