Cyber-physical systems often operate in dynamic environments where unexpected events should be managed while guaranteeing acceptable behavior. Providing comprehensive evidence of their dependability under change represents a major open challenge. In this article, we exploit the notion of equilibrium, that is, the ability of the system to maintain an acceptable behavior within its multidimensional viability zone and propose RUNE² (RUNtime Equilibrium verification and Enforcement), an approach able to verify at runtime the equilibrium condition and to enforce the system to stay in its viability zone. RUNE² includes (i) a system specification that takes into account the uncertainties related to partial knowledge and possible changes; (ii) the computation of the equilibrium condition to define the boundaries of the viability zone; (iii) a runtime equilibrium verification method that leverages Bayesian inference to reason about the ability of the system to remain viable; and (iv) a resilience enforcement mechanism that exploits the posterior knowledge to steer the execution of the system inside the viability zone. We demonstrate both benefits and costs of the proposed approach by conducting an empirical evaluation using two case studies and 24 systems synthetically generated from pseudo-random models with increasing structural complexity.

网络物理系统通常在动态环境中运行，在这种环境中，应管理意外事件，同时保证可接受的行为。提供全面的证据来证明他们在变革中的可靠性是一项重大的公开挑战。在本文中，我们利用平衡的概念，即系统在其多维生存区内维持可接受行为的能力，并提出 RUNE 2 ^（运行时平衡验证和执行），一种能够在运行时验证平衡的方法条件并强制系统保持在其生存区域。符文²包括 (i) 考虑与部分知识和可能的变化相关的不确定性的系统规范；(ii) 计算平衡条件以定义生存区的边界；(iii) 运行时平衡验证方法，利用贝叶斯推理来推断系统保持可行的能力；(iv) 弹性执行机制，利用后验知识来引导系统在可行区内执行。我们通过使用两个案例研究和从结构复杂性不断增加的伪随机模型综合生成的 24 个系统进行实证评估，展示了所提出方法的优点和成本。