on emergent misbehavior
play

On Emergent Misbehavior John Rushby With help from Hermann Kopetz - PowerPoint PPT Presentation

Dec 19, 2022 •660 likes •886 views

On Emergent Misbehavior John Rushby With help from Hermann Kopetz Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Emergent Misbehavior 1 The Basic Idea We build systems from components, but systems have

  1. On Emergent Misbehavior John Rushby With help from Hermann Kopetz Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Emergent Misbehavior 1

  2. The Basic Idea • We build systems from components, but systems have properties not possessed by their individual components • Emergence is the idea that complex systems may possess qualities that are different in kind than those of their components: described by different languages (ontologies) ◦ e.g., velocities of atoms vs. temperature of gas ◦ e.g., neural activity in the brain vs. thoughts in the mind Quality is used as a generic term for the result of emergence: behavior, structure, patterns, etc. • Systems where macro qualities are straightforward consequences of the micro level are called resultant John Rushby, SR I Emergent Misbehavior 2

  3. Overview • There’s good emergence and bad • In particular, complex systems can have failures not predicted from their components, interactions, or design • Call this Emergent Misbehavior • I’m interested in emergent misbehavior and how to control it • I suspect “emergence” here is more glitter than substance • But I’ll start by outlining traditional emergence • Then get on to misbehavior • And a Crazy Idea John Rushby, SR I Emergent Misbehavior 3

  4. Emergence Two key ideas • Downward Causation: interactions at the macro level propagate back to the micro level ◦ e.g., flock flowing around an obstruction: individuals respond to actions of neighbors ◦ Micro behavior seems stochastic ◦ Macro behavior is systemic • Supervenience: there can be no difference at the macro level without a difference at the micro level ◦ If I have a new idea, my neural state must change ◦ But different micro states may correspond to the same macro state i.e., macro states are a surjective function of micro states John Rushby, SR I Emergent Misbehavior 4

  5. Strong and Weak Emergence • What I just described is sometimes called strong emergence ◦ Not obvious you can compute macro behavior from micro • In contrast to weak emergence ◦ Asserts you can compute macro behavior from micro, but only by simulation ◦ i.e., there’s no accurate description of the system simpler than the system itself • Weak emergence is an attempt to eliminate downward causation ◦ Because it looks like something from nothing ◦ Because it is epiphenomenal (sterile side-effect) • But then weak emergence just looks like another name for behavior that is unexplained (by our current theories) John Rushby, SR I Emergent Misbehavior 5

  6. Is Emergence Relative? • Emergence is relative to our models or theories for how macro qualities derive from the micro level • So weak emergence is just a reflection of ignorance ◦ i.e., of the weakness of our current theories and models • Note that we can have theories for emergent qualities without being able to explain their emergence from the micro level ◦ e.g., chemistry prior to quantum mechanics • Even when we can predict macro qualities from micro models, that’s not always the best way to proceed ◦ We have statistical thermodynamics, but we still use Boyle’s Law John Rushby, SR I Emergent Misbehavior 6

  7. Is Emergence Relative? (ctd.) • Even strong emergence can be “explained” by adding new details to models of micro behavior • e.g., traffic jams, which look emergent ◦ New rule: in heavy traffic, faster cars cannot overtake slower ones, so they have to brake ⋆ This reflects/encodes downward causation ◦ More sophisticated models predict phantom traffic jams (standing waves, or solitons) • So, qualities are emergent until we learn how to explain then, then they become resultant • cf. Quantum Mechanics and downfall of British Emergentism • Emergent qualities are ontologically novel (at least, in this domain), so revision to micro-level theory may be substantial • So. . . ? John Rushby, SR I Emergent Misbehavior 7

  8. Emergent Misbehavior • There’s good emergence and bad • In particular, complex systems can have failures not predicted from their components, interactions, or design • Emergent or just unexpected? • Probably the latter, but in sufficiently complicated contexts it may be useful to consider these failures as different in kind than the usual ones • Maybe some are due to downward causation • In any case, possibly a useful new way to look at failures John Rushby, SR I Emergent Misbehavior 8

  9. Examples • Jeff Mogul’s paper: ◦ Mostly OS and network examples concerning performance and fairness degradation rather than outright failure ◦ e.g., router synchronization ◦ Note that these properties are expressed in the language of the emergent system, not the components ◦ Like phantom traffic jams • Feature interaction in telephone systems • West/East coast phone and power blackouts • 1993 shootdown of US helicopters by US planes in Iraq • ¨ Uberlingen mid-air collision John Rushby, SR I Emergent Misbehavior 9

  10. Even “Correct” Systems Can Exhibit Emergent Misbehavior • We have components with verified properties, we put them together in a design for which we require properties P, Q, R, etc. and we verify those, but the system fails in operation. . . how? • There’s a property S we didn’t think about ◦ Maybe because it is ontologically novel: needs to be expressed in a new language of the emergent system, not in the language of the components ◦ If we’d tried to verify it, we’d have found the failure ◦ But it’s hard to anticipate all the things we care about in a complicated system • Call these unanticipated requirements • Note that S could be negated (i.e., a property we don’t want) John Rushby, SR I Emergent Misbehavior 10

  11. Even “Correct” Systems Can Exhibit Emergent Misbehavior (ctd.) • We verified that interactions of components A and B deliver property P and that A and C deliver Q, taking care of failures appropriately: A || B ⊢ P , A || C ⊢ Q • But there’s an interaction we didn’t think about ◦ We didn’t anticipate that some behaviors of C (e.g., failures) could affect the interactions of A and B, hence P is violated even though A and B are behaving correctly (and so is C, wrt. the property Q): A || B || C �⊢ P • That’s why FAA certifies only complete airplanes and engines • Call these unanticipated interactions (or overlooked assumptions) John Rushby, SR I Emergent Misbehavior 11

  12. Causes of Emergent Misbehavior • I think they all come down to ignorance ◦ Or epistemic uncertainty • There are no accurate descriptions of some complex systems simpler than the system itself (recall weak emergence) • But all our analysis and verification are with respect to abstractions and simplifications, hence we are ignorant about the full set of system qualities • More particularly, we may be ignorant about ◦ The complete set of requirements we will care about in the composed system ◦ The complete set of behaviors of each component ◦ The complete set of interactions among the components John Rushby, SR I Emergent Misbehavior 12

  13. How to Eliminate or Control Emergent Misbehavior • Identify and reduce ignorance • Eliminate or control unanticipated behaviors and interactions ◦ i.e., deal with the manifestations of ignorance • Engineer resilience ◦ i.e., adapt to the consequences of ignorance John Rushby, SR I Emergent Misbehavior 13

  14. Identify and Reduce Ignorance Vinerbi, Bondavalli, and Lollini propose tracking ignorance as part of requirements engineering • Quantify it (qualitatively, e.g., low, medium, high) • Have rules how it propagates though AND and OR etc. • If it gets too large, consider replacing a source of high ignorance (e.g., COTS, or another system) by a better-understood and more limited component John Rushby, SR I Emergent Misbehavior 14

  15. Identify and Reduce Ignorance (ctd. 1) • There are other fields where epistemic uncertainty plays a central rˆ ole: particularly, safety ◦ Have to try and think of everything ◦ And deal with it • Everything raises epistemic uncertainty • Hazard analysis is about systematic ways to explore everything • But I think it can be put on a more formal footing ◦ And that automated support is needed and feasible • There are some promising avenues for doing this ◦ e.g., model checking very abstract designs ◦ Using SMT solvers for infinite bounded model checking with uninterpreted functions • Distinguish the (formal) verification and the safety case ◦ Safety case addresses epistemic uncertainty in verification John Rushby, SR I Emergent Misbehavior 15

  16. Identify and Reduce Ignorance (ctd. 2) • Black and Koopman observe that safety goals are often emergent to the system components • e.g., the concept (no) “collision” might feature in the top-level safety goal for an autonomous automobile • But “collision” has no meaning for the brake, steering, and acceleration components • They suggest identifying local goals for each component whose conjunction is equivalent to the system safety goal, recognizing that some unknown additional element X may be needed (because of emergence) to complete the equivalence • An objective is then to minimize X • Seems based on an impoverished view of how local goals compose when components interact John Rushby, SR I Emergent Misbehavior 16

Recommend

1.Think about the most difficult misbehavior youve ever dealt with 2.Jot this down on the

1.Think about the most difficult misbehavior youve ever dealt with 2.Jot this down on the

AS WE GET STARTED 1.Think about the most difficult misbehavior youve ever dealt with 2.Jot this down on the post-it at your spot ISU New Teacher Conference [6/22/18] 2:00-2:50 PM Kira Hamann, MISTAKEN GOALS: Ed.D. CRACKING THE

575 views • 31 slides
Emergent Distributed Bio-Organization: A Framework for Achieving Emergent Properties in

Emergent Distributed Bio-Organization: A Framework for Achieving Emergent Properties in

Emergent Distributed Bio-Organization: A Framework for Achieving Emergent Properties in Unstructured Distributed Systems George Eleftherakis ( The University of Sheffield International Faculty, CITY College ) Ognen Paunovski ( South-East

427 views • 14 slides
CS 525M Mobile and Ubiquitous Computing Seminar Ted Goodwin Mitigating Routing Misbehavior

CS 525M Mobile and Ubiquitous Computing Seminar Ted Goodwin Mitigating Routing Misbehavior

CS 525M Mobile and Ubiquitous Computing Seminar Ted Goodwin Mitigating Routing Misbehavior in Mobile Ad Hoc Networks Sergio Marti, T.J. Giuli, Kevin Lai, and Mary Baker Department of Computer Science Stanford University Stanford, CA

454 views • 34 slides
1 Fractals Coined by Benoit Mandelbrot To differentiate from pure geometric figures

1 Fractals Coined by Benoit Mandelbrot To differentiate from pure geometric figures

Last time Concepts Emergence, emergent systems, Life Real life Artificial life Topics NetLogo Assignment 1 21/1 - 09 Emergent Systems, Jonny Pettersson, UmU 21/1 - 09 Emergent Systems, Jonny Pettersson, UmU

114 views • 10 slides
Using Substructure Mining to Identify Misbehavior in Network Provenance Graphs David DeBoer,

Using Substructure Mining to Identify Misbehavior in Network Provenance Graphs David DeBoer,

Using Substructure Mining to Identify Misbehavior in Network Provenance Graphs David DeBoer, Georgetown University Wenchao Zhou, Georgetown University Lisa Singh, Georgetown University June 23, 2013, GRADES Workshop, SIGMOD 2013 New York, NY

582 views • 40 slides
Emergent a syst em C-kur s, 5 pong, HT-04 J onny Pet t ersson j onny@cs.umu.se 2/11 - 04

Emergent a syst em C-kur s, 5 pong, HT-04 J onny Pet t ersson j onny@cs.umu.se 2/11 - 04

Emergent a syst em C-kur s, 5 pong, HT-04 J onny Pet t ersson j onny@cs.umu.se 2/11 - 04 Emergent Systems, Jonny Pettersson, UmU 1 Cource Descript ion The f ocus of t he cource includes t he acquisit ion of : knowledge about t he

404 views • 13 slides
through Glo lobal Lib iberal Arts Responsive, Emergent Vision and Effective, Collaborative

through Glo lobal Lib iberal Arts Responsive, Emergent Vision and Effective, Collaborative

The Future of Learning through Glo lobal Lib iberal Arts Responsive, Emergent Vision and Effective, Collaborative Strategy Emergent Process and Strategy Nakagaki Experiment (2000) Slime Mold Emerges to Solve Maze Majo jor Questions for

446 views • 9 slides
functional and QoS interoperability at the middleware layer Emergent mobile systems in the IoT

functional and QoS interoperability at the middleware layer Emergent mobile systems in the IoT

Georgios Bouloukakis In collaboration with: Valrie Issarny and Nikolaos Georgantas Enabling Emergent Mobile Systems in the IoT: functional and QoS interoperability at the middleware layer Emergent mobile systems in the IoT Traffic

467 views • 35 slides
Emergent Invasive Plant Program A CNPS Chapter model for early detection and effective response to

Emergent Invasive Plant Program A CNPS Chapter model for early detection and effective response to

Emergent Invasive Plant Program A CNPS Chapter model for early detection and effective response to emergent invasive weeds Emergent ent Invasive e Plant Management ement Program Many counties in California lack an effective process to

513 views • 34 slides
Emergent, Crowd-scale Programming Practice in the IDE Ethan Fast , Daniel Ste ff ee, Lucy Wang,

Emergent, Crowd-scale Programming Practice in the IDE Ethan Fast , Daniel Ste ff ee, Lucy Wang,

Emergent, Crowd-scale Programming Practice in the IDE Ethan Fast , Daniel Ste ff ee, Lucy Wang, Michael Bernstein, Joel Brandt Stanford HCI, Adobe Research Emergent behaviors, or the ways people adapt to a system, can be just as informative

960 views • 68 slides
Emergent spacetimes: Toy models for quantum gravity. Matt Visser Time and Matter Lake

Emergent spacetimes: Toy models for quantum gravity. Matt Visser Time and Matter Lake

School of Mathematical and Computing Sciences Te Kura Pangarau, Rorohiko Emergent spacetimes: Toy models for quantum gravity. Matt Visser Time and Matter Lake Bled, Slovenia 26-31 August 2007 Abstract: Why are emergent

923 views • 48 slides
Emergent behaviour in virtual agents Emergent behaviour in virtual agents Colin Chibaya Colin

Emergent behaviour in virtual agents Emergent behaviour in virtual agents Colin Chibaya Colin

Emergent behaviour in virtual agents Emergent behaviour in virtual agents Colin Chibaya Colin Chibaya and Professor Shaun Bangay Professor Shaun Bangay Research goal Research goal To investigate control routines for achieving emergent

679 views • 13 slides
Incremental Pragmatics and Emergent Communication Nicholas Tomlin and Ellie Pavlick (Brown

Incremental Pragmatics and Emergent Communication Nicholas Tomlin and Ellie Pavlick (Brown

Incremental Pragmatics and Emergent Communication Nicholas Tomlin and Ellie Pavlick (Brown University) Groundedness in Emergent Communication Roughly: one-to-one correspondence between vocabulary tokens and real-world attributes;

156 views • 14 slides
Debunking the Myths: Creating a Shared Understanding of Emergent Curriculum WEBINAR BY SUSAN

Debunking the Myths: Creating a Shared Understanding of Emergent Curriculum WEBINAR BY SUSAN

Debunking the Myths: Creating a Shared Understanding of Emergent Curriculum WEBINAR BY SUSAN STACEY, M.A. Context: A little about myself and my connection to Emergent Curriculum A British education hands- on experiences as a learner,

727 views • 44 slides
Physical Complexity Part A: Emergent behaviour in physical infrastructures Prof.dr.ir. M.P.C.

Physical Complexity Part A: Emergent behaviour in physical infrastructures Prof.dr.ir. M.P.C.

Physical Complexity Part A: Emergent behaviour in physical infrastructures Prof.dr.ir. M.P.C. Weijnen Professor, Faculty of TPM, TU Delft Emergent behaviour Behaviour at the macro- level emerges from the behaviour of system elements at

598 views • 44 slides
Social aspects in focus Sociological perspective A community is a construction or a model The

Social aspects in focus Sociological perspective A community is a construction or a model The

Communities? Emergent Interaction Systems A kind of environment in which a number of individual actors share some experience/ Background The goal of the lecture is to look at Emergent phenomenon. interaction systems from a non technical

315 views • 4 slides
Emergent Lorentz Invariance from Strong

Emergent Lorentz Invariance from Strong

Emergent Lorentz Invariance from Strong Dynamics Oriol Pujols IFAE & Universitat Autnoma de Barcelona Based on arXiv:1305.0011

299 views • 28 slides
The Emergent Church and Last Days Ecumenism By Dr. Andy Woods Adapted from Roger Oakland, Faith

The Emergent Church and Last Days Ecumenism By Dr. Andy Woods Adapted from Roger Oakland, Faith

The Emergent Church and Last Days Ecumenism By Dr. Andy Woods Adapted from Roger Oakland, Faith Undone and Moody Handbook of Theology pps. 689-99 Emergent Ecclesiology: Male Headship In the emerging church, the role of women in the church

771 views • 47 slides
RICE OPTICS Land, Water, and Markets in Emergent Rural-Urban Topographies of Vietnam and Nigeria

RICE OPTICS Land, Water, and Markets in Emergent Rural-Urban Topographies of Vietnam and Nigeria

RICE OPTICS Land, Water, and Markets in Emergent Rural-Urban Topographies of Vietnam and Nigeria Malika Leiper and Ryan Thomas DES 3329 Emergent Urbanizations / Commodity Chains Group / Rice Worlds Most Produced Agricultural Commodities

615 views • 18 slides
TCS G 2 Manifolds and 4D Emergent Strings Fengjun Xu Universit at Heidelberg arXiv:

TCS G 2 Manifolds and 4D Emergent Strings Fengjun Xu Universit at Heidelberg arXiv:

TCS G 2 Manifolds and 4D Emergent Strings Fengjun Xu Universit at Heidelberg arXiv: 2006.02350 Strings and Fields 2020, YITP, Kyoto Fengjun Xu TCS G 2 Manifolds and 4D Emergent Strings 18/11/2020 1 / 16 Swampland Program What kinds of

471 views • 22 slides
1 Fract als Coined by Benoit Mandelbr ot To dif f erent iat e f rom pure geomet ric f

1 Fract als Coined by Benoit Mandelbr ot To dif f erent iat e f rom pure geomet ric f

5/11 - 04 Emergent Systems, Jonny Pettersson, UmU 1 Last t ime Concept s Emergence, emer gent syst ems, Lif e Real lif e Ar t if icial lif e Topics 5/11 - 04 Emergent Systems, Jonny Pettersson, UmU 2 Out line f

321 views • 11 slides
Emergent Phenomena in High-Energy Particle Collisions Peter Skands (Monash University) Image

Emergent Phenomena in High-Energy Particle Collisions Peter Skands (Monash University) Image

Emergent Phenomena in High-Energy Particle Collisions Peter Skands (Monash University) Image Credits: blepfo Physics Colloquium, UNSW VINCIA VINCIA November, 2019 Emergence G. H. Lewes (1875): "the emergent is unlike its components

496 views • 30 slides
1 Expected learning outcomes After the course students will be able to: exemplify how the

1 Expected learning outcomes After the course students will be able to: exemplify how the

Ume University Department of Computing Science Emergent systems Spring-15 Jonny Pettersson http://www.cs.umu.se/kurser/5DV017/VT15 19/1 - 15 Emergent Systems, Jonny Pettersson, UmU Course Description Element 1, theory, 4,5

528 views • 11 slides
EMERGENT RESPONDING: GETTING MORE BANG FOR YOUR BUCK WHEN TEACHING VERBAL BEHAVIOR S A R A

EMERGENT RESPONDING: GETTING MORE BANG FOR YOUR BUCK WHEN TEACHING VERBAL BEHAVIOR S A R A

7/22/2016 EMERGENT RESPONDING: GETTING MORE BANG FOR YOUR BUCK WHEN TEACHING VERBAL BEHAVIOR S A R A H A . L E C H AG O, P H . D. , B C B A - D OBJECTIVES Facts about ASD Define emergent verbal behavior (VB) Brief

1.02k views • 72 slides

More recommend