Impact case study database
BIOLOGIC: synthesis of BIO-inspired and LOGIC-based techniques for the design of dependable intelligent systems
1. Summary of the impact
BIOLOGIC builds on the HiP-HOPS method offering a novel synthesis of bio-inspired AI with model-based techniques for the design of dependable intelligent systems. Impact resulted through creation of innovation eco-systems in the UK, Germany, Austria, the Nordic countries and Brazil. These have produced wealth and improved the dependability of systems via the following activities: a) Commercialisation of novel dependability tools HiP-HOPS (UK), Safety Designer (Germany), Metaedit+ HH (Finland), and contribution to Hull Spinout Lampada Digital Solutions (UK) b) Technology uptake by companies in transport, electronics and renewables with benefits for society and the economy, and with the BBC and global media reporting on applications c) Standardisation via the EAST-ADL automotive design language and improvements to application of automotive (ISO-26262) and aerospace (ARP-4761) safety.
2. Underpinning research
The BIOLOGIC Impact Case Study (ICS) is an evolution of the REF2014 ICS entitled HiP-HOPS. Both are founded on the HiP-HOPS research method which is continually developing since the homonymous HiP-HOPS paper by Prof. Papadopoulos in 1999. The method was originally focused on model-based dependability analysis of systems via auto-synthesis of fault trees and FMEAs. In the period, the scope was extended in order to: a) bring bioinspired AI techniques to HiP-HOPS, and b) address the dependability of intelligent systems. As responsible producers of technology, we understand that AI may evolve and malfunction in ways that may lead to dystopian scenarios. Dependable AI has, therefore, become a central goal of our research. To this end, HiP-HOPS has evolved and now covers the system engineering lifecycle of complex systems: from intelligent allocation of safety requirements, through automated dependability analysis, to evolutionary optimisation of architectures, automated production of certification artefacts, and intelligent safety monitoring of autonomous and cooperative systems using agents. These new developments are underpinned by a novel synthesis of bio-inspired AI with logic and models, hence the name BIOLOGIC given to the ICS to signify a turn of HIP-HOPS towards AI.
Research reported in [1-6] underpins the ICS. [1] is a “position paper” which describes the concept of synthesis of bio-inpired AI with logic and models for the design of dependable systems as this had evolved in HiP-HOPS until 2016 and sets out the scene for BIOLOGIC. The paper based on a plenary given at IFAC-DCDS (Mexico, May 27-29, 2015) on " Intersections of philosophy, logic and biology in design" and a keynote given at the 7th IEEE Conf. on Intelligent Computing and Information Systems on “ Metaheuristics for the design of safety critical systems: a synthesis of logic and biology in system design” (Cairo, Dec. 12-14, 2015). The paper also inspired an invited talk at Lorentz Centre workshop on " Safety of Future Systems" (Leiden, Netherlands, April 9-13, 2018). Papers [2-6] describe improvements including fuzzy temporal analysis [2], synthesis of safety arguments and safety cases [3], analysis of dynamic repairable systems [4], analysis of product lines [5] and an agent-based run-time dependability monitor for managing safety in autonomous systems [6]. Below we summarise the underpinning research.
HiP-HOPS assumes architectural and behavioural models which include component hierarchies with allocation of software to hardware, and state-machines. Algorithms can examine the origins and propagation of failure expressed in such models and locate potential design flaws. This is done via construction and analysis of fault trees and FMEAs that can record not only combinations but also sequences of faults. Analysis of sequences is facilitated by PANDORA, a temporal logic invented in Hull and further developed in the period [2]. HiP-HOPS incorporates bioinspired computational techniques that optimise system dependability versus cost, for example via optimal selection among design alternatives for components and subsystems or via optimal allocation and replication of software tasks on controllers.
HiP-HOPS enables a dependability-driven mode of design using metaheuristics that cost-optimally allocate system safety requirements as integrity requirements to subsystems and components from the early stages. This capability is particularly relevant in software design, and can save costs in verification as well as those costs typically incurred by errors identified and corrected later on. New work on nature-inspired algorithms which imitate the social intelligence of penguins was developed and applied to this problem in the period. HiP-HOPS creates model-connected safety cases, i.e. electronic certification documents. Techniques have been developed to enable its application on product lines. It is possible, for example, to auto-allocate integrity requirements across a product line in a way that components can cost-optimally meet the dependability requirements of several products. Recent extensions with fuzzy logic, and Bayesian nets address the dynamic nature of modern systems and uncertainties that arise from limited observability, imperfect data and unpredictability. Machine learning has been used to repair predictive safety models, e.g. fault trees, in real time when prediction clashes with reality. The SafeML technique was developed to measure the distributional shift between training and real-time input data and predict shifts in the accuracy of machine learning classifiers accordingly. These new features address important problems in the dependability of autonomous, cyber-physical and open systems of systems.
HiP-HOPS is complementary to other modelling languages and tools in the field of dependability: model-checking, probabilistic model-checking, and formal techniques. It contributes to the state-of-the-art with a distinctive approach to dependability-centred design, optimisation, analysis, and monitoring. Over 200 hundred papers on theory and applications have been published, over 80 in the period. We provide six references below, but more can be linked to the impact reported.
3. References to the research
[1] Papadopoulos Y., Walker M., Parker D., Sharvia S., Bottaci L., Kabir S., Azevedo L., Sorokos I. (2016) A Synthesis of Logic and Bio-inspired techniques in the Design of Dependable Systems, Annual Reviews in Control, 41:170-182, Elsevier.
[2] Kabir S., Walker M., Papadopoulos Y. Ruede E., Securius P. (2016), Fuzzy Temporal Fault Tree Analysis of Dynamic Systems, Journal of Approximate Reasoning, 77:20-37, Elsevier.
[3] Retouniotis A., Papadopoulos Y., Sorokos I., Parker D., Matragkas N., Sharvia S. (2017) Model-Connected Safety Cases, LNCS 10437: 50-66, Springer, ISBN 978-3-319-64118-8.
[4] Aizpurua, J. I., Papadopoulos Y., Merle G. (2018) Explicit Modelling and Treatment of Repair in Prediction of Dependability, IEEE Trans. Dependable and Secure Computing, 17:1147-1162.
[5] Oliveira A., Braga R., Masiero P., Parker D., Papadopoulos Y., Habli I., Kelly T. (2019) Variability management in safety-critical systems design and dependability analysis, Journal of Software: Evolution and Process, 31(8):e2202, Wiley Online Library.
[6] Kabir, S., Sorokos, I., Aslansefat, K., Papadopoulos, Y. (2019). A Runtime Safety Analysis Concept for Open Adaptive Systems. LNCS 11842:332-346, Springer, ISBN: 9783030328719.
4. Details of the impact
Strategy & Pathways: As HiP-HOPS evolved towards intelligent systems within the period, our impact strategy aimed at creating a network of interconnected national ecosystems that would incubate and promote technology transfer. Such ecosystems would include software houses developing or co-developing HiP-HOPS tools, or interfaces to the HiP-HOPS engine developed by Hull. This engine was packaged accordingly offering XML-schemas at input-output interfaces through which other design and analyses or visualisation tools could be connected at both input and output. With this strategy, we managed to create innovation ecosystems in the UK with Lampada [e5], Fire Services [e5] and EDF [e12], the Nordic countries with Metacase in Finland [e4] and Volvo in Sweden [e8], Germany with ESI GmbH [e3], Fraunhofer IKS [e6], Siemens [e11], Continental and Volkswagen [e6], [e9], Austria with Armengaud Innovate [e8] and AVL List [e10]), and Brazil with MDS Sistemas & Embraer [e7]. Together with software houses in these countries, we co-developed tools and created the infrastructure to support application of HiP-HOPS technologies. We then engaged large industrial users including Volvo [e8], Siemens [e11], EDF [e12], AVL List [e10] and Embraer [e7], and, through these collaborations, the road opened for wider application. Three major research grants enriched HiP-HOPS and created specific impact pathways in the period:
In MAENAD (2011-2014), an FP7 project, we contributed to the specification of EAST-ADL [e1], an emerging architecture description language developed as an automotive industry standard for the design of vehicles. Since then, several metamodels of HiP-HOPS were transferred into the Safety Annex of this language, which has gained influence in the automotive sector. The effort also led to collaboration with Volvo [e8], and Metacase, a Finnish company that commercialises EAST-ADL products and which developed a HiP-HOPS extension for EAST-ADL within its tool Metaedit+ [e4]
In DEIS (2017-2020), an H2020 project, we developed the concept of Digital Dependability Identities (DDI), i.e. modular, composable and executable specifications of dependability for use in complex cyber-physical systems and open systems of systems. DDIs have drawn heavily from earlier work on HiP-HOPS and EAST-ADL and are a public specification with all metamodels in the public domain. DDIs are further developed in the large ITEA project PANORAMA (2020-2022) [e11]. SESAME (EU project 101017258) is a new H2020 project on Security and Safety of Multi-robot Systems (2021-2024) where we lead the work on safety [e8]. SESAME will transfer the DDI concept via five applications that involve robots and autonomous systems in four domains: healthcare, agile manufacturing, agri-food, and inspection and maintenance. Industry also participates in the related SafeML project on Safety of Machine Learning [e3], [e8], [e9], [e11].
In DREAM (2018-2021), a project funded by the London-based Energy R&D Centre of Électricité de France (EDF) [e12], HiP-HOPS was extended with machine learning to develop data-driven, reliability-centred, bio-inspired maintenance optimisation techniques that exploit data-driven prognoses of remaining useful life of components for production of dynamic maintenance plans exploiting HiP-HOPS algorithms. This work is being taken up by EDF who operate wind farms in the UK with great potential for further impact in the industry. It also develops within the ORE Catapult and the AURA project, a large academic and industrial collaboration on wind energy led by the University of Hull.
Impact: We can identify two types of impact arising from the HiP-HOPS technology: 1) Economic impact of technology uptake as this is evident in the commercialization of software tools, creation of a spinout, and the reported consequent benefits which include efficiencies in assessment processes, and improvements on the reliability and availability of systems upon which the technique has been applied, and 2) Social impact via creation of high-skilled jobs, and improvements on the safety of systems. Details follow:
A. Impact on Technology & Novel Commercial Software Tools: Software tools HiP-HOPS by University of Hull [e2] and the Safety Designer by ESI GmbH (Germany) [e3] were commercially launched in 2012 – the latter with benefits shared by ESI and Hull. The development of these software tools has continued throughout the period and they were enhanced with the underpinning research. An extension of Metaedit+ by Metacase (Finland) to support EAST-ADL & HiP-HOPS, was launched in 2016 [e4]. In REF2014, we reported 30 licences of HiP-HOPS sold with estimated overall benefits at £300,000. There are now three advanced commercial HiP-HOPS tools by companies based in three countries (UK [e2], Germany [e3], Finland [e4]). Although not all data is publicly available, it is conservatively estimated that over 500 licences have been sold or maintained in the period with estimated revenue of £6,000,000 and additional benefits from service provision. There is also registered interest in tool development and commercialisation by innovation companies MDS Sistemas (Brazil) [e7] and new start-up Armengaud Innovate (Austria) [e8].
The technology influence of HiP-HOPS goes much further, as is has inspired other impactful techniques and commercial tools. This influence is acknowledged in accompanying testimonials. Safety Architect by All4Tech (France) is a safety analysis tool heavily drawing from HiP-HOPS [e6]. All4Tech acquired three licences of HiP-HOPS in 2011 and subsequently developed a product that provides similar Fault Tree and FMEA synthesis to HiP-HOPS. Component Fault Trees (CFTs) is a well-known technology invented by Fraunhofer IESE in 2003 that effectively provides a visualisation of the fault tree synthesis concepts proposed by HiP-HOPS in 1999. The CFT tool safeTbox is successfully commercialised by Fraunhofer IESE and used by many German companies [e6]. Siemens develop their own CFT tool called ComposR which is widely used by the company and its clients [e11]. The direct influence of HiP-HOPS is acknowledged in testimonials by Siemens [e11] and Fraunhofer [e6]. Embraer are developing and using their own Fault Tree Generator inspired by HiP-HOPS [e7]. All these tools have generated wealth, productivity benefits and improvements to the dependability of systems as evidenced in the accompanying testimonials.
B. Contribution to Spinout & Local Wealth Generation: HiP-HOPS technology has contributed to the creation and success of Lampada Digital Solutions - in particularly its subsidiary SEED software [e5]. The latter has a particular focus on commercialising a suite of real-time safety-critical software tools which include command and control software for the UK fire-service [e12]. This University-owned company sprang out of SEED, a European Development Fund project in which both undergraduates and researchers were involved since 2004. Within the SEED project and SEED software, HiP-HOPS research has driven the design of several safety critical software products for the UK fire-service [e5]. These products, under the umbrella of a suite called Intelligent Response, include Command & Control, Technical Fire Safety, and Web Risk Management. The SEED Software section of Lampada makes a positive contribution to the local economy training computer science students as interns, employing 12 people, and with an annual turnover of £855,000 in 2020 [e5].
C. Industrial Applications, Efficiencies & Improvement of System Quality: Via the local ecosystems that we created in the UK, Germany, Austria, the Nordic countries, and Brazil and their connections to China and Japan, HiP-HOPS has been transferred to the automotive (Honda, Toyota, Fiat, Continental, General Motors), aerospace (Embraer, Honeywell), railway (Siemens), shipping (DNV-GL), offshore & wind energy (Deep Horizon, EDF), and telecommunication industries (Huawei). We note that these licensees of HiP-HOPS are large industrial users and influence technology practice in their respective industries. The BBC, Automotive IQ, Electronic Engineering Journal and other global media have reported on our technology, specifically application of bio-inspired HiP-HOPS to automotive systems [e15].
Testimonials by experts in AVL [e10], Siemens [e11], Volvo [e8], EDF [e12] and MDS Systems [e7] concur that the HiP-HOPS technique and tools, including relevant EAST-ADL tools, facilitate an improved mode of design for dependable systems by introducing ways of rationalizing design, reusing models, exploring design spaces, automating processes, offering new analysis and optimization functionalities, as well as addressing new safety challenges in product lines and open systems of systems. These capabilities create efficiencies in design and analyses which translate to cost savings, including those costs that are incurred in unnecessary iteration of bad designs. Testimonies suggest that such savings are substantial. ESI [e3] reports on multiple benefits from application of the technology for their clients: “ firstly, companies experience increase in the productivity of analysis and certification activities due to the reuse of libraries and automation; secondly, there are improvements in the quality and traceability of safety analyses which ultimately improve the quality and safety of the systems designed with the tool”. Honda [e14] is one of our large users with multiple licenses of HiP-HOPS technology currently in use. They have published their internal process of model-based design and analysis and reported successful application of HiP-HOPS within the “Safety Designer” tool, explaining the productivity benefits from reuse of “ libraries” and a more systematic approach that avoids “trial and error”. Discussing requirement allocation, they state that the tool supports them to decide “ *What requirements are to be allocated where?*”, “ *How to realize requirements?*”, and “ Which requirement is more important”.
Improvements in the processes of design and analysis, and operation, via HiP-HOPS, have a positive impact on the dependability of systems. Testimonials [e3] ,[e6], [e8], [e10], [e11] concur that application of the technology indeed improves the safety of systems, which in turn reduces risks of injury and death as well as property and environmental damage that can be caused by system failures. Although users agree that benefits are hard to quantify, they also agree that these benefits are real and span across the applications reported.
D. Influence on Standards & Contribution to Exploitable Public Knowledge: Our main influence on standards is through EAST-ADL where HiP-HOPS metamodels and tools have been transferred – all this work is in the public domain. EAST-ADL has a growing impact in the automotive industry, and it is used by Volvo, Scania, Continental, Bosch, Fiat and General Motors, all members of the EAST-ADL Association. Metaedit+ and HiP-HOPS are recognised as official EAST-ADL supporting tools [e1]. Hull is sitting on the EAST-ADL association board tasked with the maintenance and evolution of the language [e8]. Our work on DDIs has created digital metamodels and tools which are available to the community through the DEIS Github repository. Applications by AVL in the Automotive Railway and Telehealth domains show “ practical management of safety in highly uncertain environments, and quantifiable improvement (over 50%) in the coverage of hazards compared to a static safety analysis process” [e10]. An association has been formed to convert this into a standard for expressing executable dependability models for autonomous and open systems. Siemens, AVL, and General motors already use this work [e6], [e10], [e11].
Safety standards like the generic IEC61508, the railway CENELEC, the automotive ISO26262, and the aerospace ARP-4761 standards, define processes for allocation of system safety requirements expressed in Safety Integrity Levels as integrity requirements of subsystems and components. We have improved these processes by developing model-based bio-inspired algorithms for cost-optimal automating allocation of requirements during design refinement. Testimonials evidence strong interest in this work [e6], [e7], [e8], [e10], [e11]. In collaboration with members of the Swedish & German committees of ISO-26262 and Fraunhofer IKS [e6], we are in discussion on improvements of the new automotive (ISO-26262) and possibly aerospace (ARP-4761) safety standards.
Looking to the future, we are currently strengthening our efforts on dependable AI. As AI and intelligent systems show commercial value, investment intensifies, and the technology accelerates fast. While dependability is paramount, the challenges are enormous and include system learning, autonomy, and high uncertainty in open systems. In BIOLOGIC ICS, we evidenced technology and creation of global innovation ecosystems which we hope may address these emerging challenges.
5. Sources to corroborate the impact
[e1]. EAST-ADL Association website **(**Global) [ *archived web* link]
[e2]. Commercial HiP-HOPS (UK) [ *archived web* link]
[e3]. Commercial Safety Designer by ESI GmbH (Germany) [archived web link] & Testimonial by Technical Director of ESI [ PDF provided]
[e3]. Commercial Metaedit+ by Metacase (Finland) [archived web link] & Testimonial by CEO of Metacase [ PDF provided]
[e4]. Commercial Intelligent Response suite by Lampada (UK) [archived web link] & Testimonial by CEO of Lampada [ PDF provided]
[e5]. Testimonial by Director of Fraunhofer Institute for Cognitive Systems on influence of HiP-HOPS on technology and business in (Germany) [ PDF provided]
[e6]. Testimonial by CEO & CTO of MDS Sistemas (Brazil) [ PDF provided]
[e7]. Testimonial by CEO of Armengaud Innovate (Austria) [ PDF provided]
[e8]. Testimonial by Technology and Strategy Leader, Volvo [ PDF provided]
[e9]. Testimonial by Head of Research and Innovation AVL List (Austria) [ PDF provided]
[e10]. Testimonial by Head of Research on Dependability, Siemens (Germany) [ PDF provided]
[e11]. DREAM project sponsored by EDF R&D UK [archived web link]
[e12]. Case study for Command & Control System by Lampada (UK) [ *archived web* link]
[e13]. Case study by Honda (Japan) [ *archived web* link]
[e14]. Articles in the BBC, Automotive IQ, Electronic Engineering Journal on applications of bio-inspired HiP-HOPS to automotive: [ *archived web* link.BBC , link.AIQ , link.EEJ]