I have been working for a decade on design methodologies for the realization of systems able to self-detect the occurrence of hardware failures, with the goal of eventually being able to tolerate them. I sometimes find it difficult to provide an overview of the proposed approaches and their potential benefits and costs, with a good balance of significance and details, such that even the nonexpert reader may be able to follow the discussion. This paper reaches this goal, presenting significant and broad research on the approach to how to design critical systems able to deal with failure occurrence in real time, dynamically finding a way around the problems.

The paper presents an innovative approach to developing systems able to self-detect incorrect behavior and failures, and to identify a solution to the problem, such that the system can still perform the task it was meant for. The approach is based on the idea of programming embedded systems through a different paradigm, called “model-based autonomy”; the systems have on-board models of the expected behavior, both in fault free and faulty situations, so that a sort of reasoning can be carried out to respond to the upcoming events. In order to achieve this capability, programmers develop a controlling program, coding the desired system behavior together with the models of the systems to be controlled, in terms of the nominal behavior and common failure modes.

Through a simplified spacecraft for orbital insertion example, the authors discuss the adoption of the model-based programming paradigm, thus targeting the control programming and system models. The paper clearly describes the components’ models, discussing their desired functionality, along with the additional behavior to be adopted in the case of hardware failures. The paper then focuses on the central part of the decisional process, through which the deductive controller estimates the system state, and eventually reconfigures the target state based on the current situation of the system components.

The core problems at the base of this approach involve a search for the best solution over a discrete space. An efficient online reasoning method, called conflict-directed A* algorithm, is presented as an evolution of previously developed approaches.

An overview of the application of this model-based approach that has been refined in the past two decades is then presented, giving the reader a feeling for the significance of, and evolving research in, this field.

I enjoyed reading the paper, finding it interesting, clear, and challenging. Actually, one question remains unsolved: how are failures in the model-based executive dealt with?