Proceedings of the 5th Workshop of the MPM4CPS COST Action

227  Descargar (0)

Texto completo

(1)

COST Action IC1404: Multi-Paradigm Modelling for

Cyber-Physical Systems

http://www.mpm4cps.eu/

Proceedings of the 5th Workshop of the

MPM4CPS COST Action

November 24-25, 2016  Malaga, Spain

(2)

Technical Report No. ITI16/02

Departamento de Lenguajes y Ciencias de la Computación. Universidad de Málaga.

Copyright © 2016 for the individual papers by the papers' authors. Copying permitted for private and academic purposes. This volume is published and copyrighted by its editors.

Editors:

Hans Vangheluwe

University of Antwerp (Belgium)

Vasco Amaral

Universidade Nova de Lisboa (Portugal)

Holger Giese

Hasso-Plattner-Institut für Softwaresystemtechnik GmbH (Germany)

Jan Broenink

University of Twente (Netherlands)

Bernhard Schätz fortiss GmbH (Germany)

Alexander Norta

Tallinn University of Technology (Estonia)

Paulo Carreira

Universidade de Lisboa (Portugal)

Miguel Goulão

Universidade Nova de Lisboa (Portugal)

Antonio Vallecillo

Universidad de Málaga (Spain)

(3)

Table of Contents

Preface . . . I

Foundations

Modeling Mobility Using Dynamic Topology Models . . . 1–21

Fernando J. Barros

Engineering Hybrid Modelling Languages . . . 22–34

Sadaf Mustafiz, Cláudio Gomes, Bruno Barroca, Hans Vangheluwe

Real-Time MDE: An Overview . . . 35–46

Moussa Amrani, Pierre-Yves Schobbens

Novel Verification Paradigms for Nonlinear Hybrid Automata . . . 47–55

Eva M. Navarro López

Usability Driven Development with Usability Software Engineering Modeling Environment

(USE-ME) . . . 56–75

Ankica Bariši´c

Automated Analysis of Traceability in Cyber-Physical Systems (Tool Demonstration) . . . . 76–92

Ferhat Erata, Bedir Tekinerdogan

Techniques

A Hybrid Master (Discrete-Event and Discrete-Time) for Functional Mockup Interface . . . 93–100

Vincent Albert

Adding Uncertainty and Units to Quantity Types in Software Models . . . 101–110

Loli Burgueño, Tanja Mayerhofer, Antonio Vallecillo, Manuel Wimmer

Integrating Uncertainty Modelling with Use Case Modelling to Discover Unknowns . . . 111–117

Tao Yue, Shaukat Ali, Man Zhang

Model-Driven Testing of Cyber-Physical Systems with the Explicit Consideration of

Uncertainty (U-Testing) . . . 118–123

Shaukat Ali, Man Zhang, Tao Yue

Separation of Concerns in Continuous Time Hierarchical Co-Simulation . . . 124–130

(4)

Modeling of Cooperation Behavior in Flexible Vehicle Platoon Based on Hybrid Automaton

and Predicitive Analysis . . . 131–142

Lejla Banjanovic-Mehmedovic

Introduction to Physical-Systems Modelling with Bond Graphs (Tutorial) . . . 143–159

Jan F. Broenink

Application Domains

Architecting the Next Generation of Vehicles . . . 160–174

Patrizio Pelliccione

Innovative Designs through Topological Design Space Exploration . . . 175–191

Mike Nicolai

Simulation and Design-Time Analysis of the Smart Grid in the Czech Republic . . . 192–195

Barbora Buhnova

A Multi-Domain Approach to Design of CPS in Special Education: Issues of Evaluation

and Adaptation (Paper) . . . 196–205

Maya Dimitrova, Anna Lekova, Snezhanka Kostova, Chavdar Roumenin, Milena Cherneva, Aleksandar Krastev, Ivan Chavdarov

Education

How to Exploit an Experience Gained in CPS Related Projects for Master Students Training

Program in ERASMUS+ Project . . . 206-221

(5)

Preface

In virtually any area of human activity, Cyber-Physical Systems (CPS) are emerging. CPS are truly complex, designed systems that integrate physical, software and network aspects. To date, no unifying theory and no systematic design methods, techniques and tools exist for such systems. Individual mechanical, electrical, network or software engineering disciplines only offer partial solutions. Multi-paradigm Modelling (MPM) proposes to model every part and aspect of a system explicitly, at the most appropriate level(s) of abstraction, using the most appropriate modelling formalism(s). Modelling language engineering, including model transformations, and the study of their semantics, are used to realize MPM. MPM is seen as an effective answer to the challenges of designing CPS.

The COST Action IC1404: Multi-Paradigm Modelling for Cyber-Physical Systems (MPM4CPS) aims to promote foundations, techniques and tools for multi-paradigm modelling for cyber-physical systems, and to provide educational resources to both academia and industry. This will be achieved by bringing together and disseminating knowledge and experiments on CPS problems and MPM so-lutions.

The fifth MPM4CPS workshop took place on November 24-25, 2016 in Malaga, Spain. The program comprised presentations of MPM4CPS COST Action members discussing their work on foundations, techniques, application domains, and education in MPM4CPS, as well as joint work meetings. These proceedings collect the presentations given at the workshop. They cover many different aspects of multi-paradigm modelling for cyber-physical systems including, but not limited to

– foundations of MPM4CPS including

– language engineering,

– model transformations,

– verification paradigms,

– traceability;

– techniques in MPM4CPS including

– co-simulation,

– uncertainty modelling,

– model-driven testing,

– predictive analysis;

– application domains of MPM4CPS in the

– automotive industry,

– aviation industry,

– smart grids,

– robotics;

– education in MPM4CPS.

We would like to thank the presenters contributing their work to the MPM4CPS COST Action. Furthermore, we would like to thank Antonio Vallecillo, Loli Burgueño and Tanja Mayerhofer for organizing the workshop.

(6)
(7)

0RGHOLQJ0RELOLW\XVLQJ'\QDPLF

7RSRORJ\0RGHOV

)HUQDQGR-%DUURV

'HSW,QIRUPDWLFV(QJLQHHULQJ 8QLYHUVLW\RI&RLPEUD

3RUWXJDO

0DODJD6SDLQ1RYHPEHU

IC1404 – Multi-Paradigm Modelling for Cyber-Physical Systems

‡ 7KHUHSUHVHQWDWLRQRIVSDWLDOO\PRYLQJHQWLWLHVLV

FRPPRQO\DFKLHYHGXVLQJSXEOLVKVXEVFULEH FRPPXQLFDWLRQ36&

‡ 36&FDQEHFRPHFRPSOH[DQGLQHIILFLHQW

‡ UHTXLUHVWKHGHILQLWLRQRIUHJLRQVRILQWHUHVW

‡ JHQHUDWHVIDOVHSRVLWLYHPHVVDJHV

‡ &RQYHQWLRQDOVWDWLFSHHUWRSHHU

FRPPXQLFDWLRQ33&WKRXJKXVXDOO\PRUH HIILFLHQWGRHVQRWKDYHWKHUHTXLUHGIOH[LELOLW\WR UHSUHVHQWPRELOHHQWLWLHV

(8)

‡ :HKDYHGHYHORSHGWKHLQWHJUDWLRQRI36&DQG 33&VW\OHVXQGHUWKHKLHUDUFKLFDODQGPRGXODU G\QDPLFWRSRORJ\SDUDGLJP

‡ 7KHXQLILFDWLRQLVDFKLHYHGXVLQJUXQWLPH

WRSRORJ\DGDSWDWLRQ

O ,WLQYROYHVWKHG\QDPLFFUHDWLRQGHOHWLRQRI

OLQNVWRFDSWXUHWKHFXUUHQWLQWHUDFWLRQV EHWZHHQHQWLWLHV

‡ 7KHDUFKLWHFWXUHFRPELQHVWKHDGYDQWDJHVRI

36&DQG33&HQDEOLQJDIOH[LEOHVLPXODWLRQ DUFKLWHFWXUH

,QWURGXFWLRQ

‡ 7KHDUFKLWHFWXUHVXSSRUWVWZRW\SHVRI36&

VW\OHV

‡ WKHWUDGLWLRQDOSXVKVW\OHo HYHQWV

‡ WKHQRYHOSXOOVW\OHo VDPSOLQJ

DEVWUDFWVLQIRUPDWLRQUHTXHVWDQGLQIRUPDWLRQ

VHQGLQJ

HQDEOHVH[DUDGDUWRVDPSOHDWLWVRZQUDWH

‡ %HQHILWVDUHGHPRQVWUDWHGWKURXJKWKHPRGHOLQJ

RIDQDLUGHIHQVHVFHQDULRGHVFULEHGLQWKH +\)ORZ PRGHOLQJDQGVLPXODWLRQIUDPHZRUN

(9)

3XVK&RPPXQLFDWLRQ

(10)

‡ 7KH+\EULG)ORZ6\VWHP6SHFLILFDWLRQ+\)ORZLVD IRUPDOLVPDLPHGWRGHVFULEHKHWHURJHQHRXVV\VWHPV

‡ +\)ORZ FRPELQHVWUDGLWLRQDOHYHQWEDVHGV\VWHPVDQG WKHQRYHOFRQFHSWRIJHQHUDOL]HGVDPSOLQJ

‡ +\)ORZ FDQGHVFULEHGHQVHWUDMHFWRULHVWKURXJKWKH FRQFHSWRIFRQWLQXRXVIORZ

‡ 7UDMHFWRULHVFDQEHVDPSOHGHQDEOLQJWKHGHVFULSWLRQRI QXPHULFDOPHWKRGVIRU2'(RUGLQDU\GLIIHUHQWLDO

HTXDWLRQLQWHJUDWLRQDQGHYHQWGHWHFWLRQ]HURFURVVLQJ GHWHFWRU

+\)ORZ )RUPDOLVP

‡ +\)ORZ KDVWZRW\SHVRIPRGHOVEDVLFDQG

QHWZRUN

‡ $EDVLFPRGHOFDQUHDGDQGSURGXFHFRQWLQXRXV

DQGGLVFUHWHIORZVHYHQWVDQGLWSURYLGHVWKH EDVLFRSHUDWRUVIRUVWDWHUHSUHVHQWDWLRQDQG G\QDPLFEHKDYLRU

‡ $QHWZRUNPRGHOLVDFRPSRVLWLRQRIEDVLF

PRGHOVDQGRURWKHUQHWZRUNPRGHOVSURYLGLQJ DQDEVWUDFWLRQIRUUHSUHVHQWLQJKLHUDUFKLFDO V\VWHPV

(11)

+\)ORZ %DVLF0RGHO

+\)ORZ

;F

;G

<F

<G

(12)

+\)ORZ %DVLF0RGHO

(13)

*HQHUDWRU%DVLF0RGHO

(14)

+\)ORZ 1HWZRUN0RGHO

class GeneratorZeroCross extends Executive { public void topology() {

super.topology();

addComponent(Generator, "Generator"); addComponent(ZeroCross, "ZeroCross");

link("Generator", "DF", "ZeroCross", "event"); link("ZeroCross", "sample", "Generator", "CF"); link("ZeroCross", "Z", "Executive", "detect"); }

public void detect(double clock, double value) { println "$clock\t$value";

} }

(15)

‡ 7KHWRSRORJ\FRPSRVLWLRQDQGOLQNLQJRI

+\)ORZ QHWZRUNVLVG\QDPLFHQDEOLQJWRDGMXVW WKHPRGHODFFRUGLQJWRIRUH[DPSOHWKHGLVWDQFH EHWZHHQPRYLQJHQWLWLHV

‡ ,WEHFRPHVSRVVLEOHWROLQNPRELOHHQWLWLHVWKDW

DUHZLWKLQVHQVRUUDQJHDQGWRUHPRYHWKHVH FRPPXQLFDWLRQOLQNVZKHQHQWLWLHVEHFRPHIDU DSDUW

+\)ORZ-8VH 0 6(QYLURQPHQW

‡ 1HWZRUNWRSRORJ\LVPDQDJHGE\WKH+\)ORZ

H[HFXWLYHFRPSRQHQW

‡ 7KLVHOHPHQWLVD+\)ORZ EDVLFPRGHOLQFUHDVHG

ZLWKWRSRORJ\PDQDJHPHQWRSHUDWLRQV

‡ 7KLVGHVLJQHQDEOHVWKHGLUHFWFRPPXQLFDWLRQRI

WKHH[HFXWLYHZLWKWKHRWKHUQHWZRUNFRPSRQHQWV

‡ &RPSRQHQWVFDQPDNHUHTXHVWVWRPRGLI\WKH

WRSRORJ\DQGDOVRWRUHWULHYHLQIRUPDWLRQDERXW WKHFXUUHQWQHWZRUNWRSRORJ\

(16)

‡ 7KH+LJK/HYHO$UFKLWHFWXUH+/$LVD VWDQGDUGIRU0 6

‡ +/$LVEDVHGRQSXEOLVKVXEVFULEH

FRPPXQLFDWLRQ36&

‡ +/$HQDEOHVWKHLQWHURSHUDELOLW\RIVLPXODWRUV

WRFUHDWHFRPSOH[VFHQDULRV

‡ +/$VXSSRUWVIHGHUDWHVDQGIHGHUDWLRQVD

FRPELQDWLRQRIIHGHUDWHV

+/$2YHUYLHZ

‡ +/$REMHFWVFDQEHXVHGWRDFKLHYHWKH

FRPPXQLFDWLRQWKURXJKVKDUHGPHPRU\

‡ +/$REMHFWVDUHSDVVLYHHQWLWLHVGHSHQGLQJRQ

IHGHUDWHVWREHPRGLILHG

‡ 7KHIHGHUDWHVLQYROYHGLQ+/$REMHFW

PDQDJHPHQWDQGLQIRUPDWLRQUHWULHYDOKDYHWKHLU UHXVHVHYHUHO\OLPLWHG

(17)

‡ +/$57,FDQQRWEHPRGLILHG

‡ QRVXSSRUWIRU33&

‡ +/$VXSSRUWVRQO\IODWPRGHOV

‡ FRPSOH[PRGHOVEHQHILWIRUPDKLHUDUFKLFDO

UHSUHVHQWDWLRQ

‡ +/$LPSRVHV36&

‡ 33&FDQSURYLGHDEHWWHUUHSUHVHQWDWLRQ

‡ +/$LVEDVHGRQWKHGLVFUHWHHYHQWSDUDGLJP

‡ KRZWRUHSUHVHQWFRQWLQXRXVPRGHOV"

‡ PRYLQJHQWLWLHV"

+/$/LPLWDWLRQV

‡ 3XEOLVKVXEVFULEHRSHUDWLRQVSURYLGHDQ

DEVWUDFWLRQIRUGHVFULELQJG\QDPLFWRSRORJLHV

‡ 1HZFRPSRQHQWVFDQEHDGGHGUHPRYHG

G\QDPLFDOO\WRIURPDQHWZRUNZLWKRXWDIIHFWLQJ WKHH[LVWLQJFRPSRQHQWV

‡ 33FRPPXQLFDWLRQLVPRUHHIILFLHQWIRU

UHSUHVHQWLQJNQRZQOLQNV

‡ QRIDOVHSRVLWLYHPHVVDJHV

‡ UHTXLUHVQRILOWHUV

‡ 2XUVROXWLRQ

‡ 8VHG\QDPLF33&WRUHSUHVHQW36&

(18)

&RPELQLQJ33ZLWK36&

‡ 7RSRORJ\FDQEHGHVFULEHGLQDFRPSDFWPDQQHU

E\EXONFRPPDQGV

‡ 'URQH'URQH

‡ SXEOLVK&)[\

‡ SXEOLVK')FRPP

‡ 5DGDU

‡ VXEVFULEH&)[\

‡ VXEVFULEH')FRPP

‡ %XONFRPPDQGVFDQEHPDSSHGLQWR33&OLQNV

LQ-8VH+\)ORZ

‡ 3URYLGHVWKHXQLILFDWLRQRI36&DQG33&

(19)

‡ ,QPDQ\PRGHOVZHZDQWWROLQNHQWLWLHVWKDWDUH NQRZQWRLQWHUDFW

‡ 3XUVXHUGURQH

‡ $SXUVHULVRQO\FRQQHFWHGWRRQHWDUJHW

ZK\XVLQJ36&"

‡ 5DGDUGURQH

‡ $FFXUDWHGHWHFWLRQUHTXLUHVDGDSWLYH

VDPSOLQJGHSHQGLQJRQEHDPGURQH GLVWDQFH

‡ +\)ORZ H[HFXWLYHFDQFUHDWHG\QDPLFOLQNVWR

VXSSRUW33&FRPPXQLFDWLRQ

&RPELQLQJ33ZLWK36&

(20)

‡ 6SDWLDOSDUWLWLRQLQJFDQEHLQWHJUDWHGZLWK33& LQRUGHUWRDFKLHYHDQHIILFLHQWGHVFULSWLRQRI PRELOHHQWLWLHV

‡ :HFRQVLGHUDUHJLRQRILQWHUHVW52,PDQDJHU

FRPSRQHQWZLWKWKHDELOLW\WRNHHSWUDFNRI SXEOLVKVXEVFULEH

‡ (QWLWLHVFDQGHFODUH52,VWRWKHPDQDJHU

‡ ZKHQWKHVHUHJLRQVRYHUODSWKLVFRPSRQHQW

VHQGVDVLJQDOWRWKHH[HFXWLYHWKDWFDQDGDSW WKHWRSRORJ\

$LU'HIHQVH

(21)

52,V

(22)

3HHUWR3HHU&RPPXQLFDWLRQ

(23)

‡ $VHQWLWLHVPRYHWKHLUUHJLRQVRILQWHUHVWZLOO HYHQWXDOO\RYHUODS

‡ 7KHPDQDJHUXSRQRYHUODSGHWHFWLRQVHQGVD

UHTXHVWWRWKHH[HFXWLYHWKDWZLOOFUHDWHDOLQN EHWZHHQWKHUDGDUDQGWKHGURQHVRLWFDQEH WUDFNHG

‡ 'URQHFDQQRWEHXVHGLQFRQYHQWLRQDOSXEOLVK

VXEVFULEHFRPPXQLFDWLRQVLQFHLWVLQWHUIDFHGRHV QRWPDWFKUDGDUVDPSOLQJSRUW[\

‡ 'URQHSRUW[\0LFRQYH\VWKHSRVLWLRQLQPLOHV

ZKLOHWKHUDGDUUHTXLUHVWKLVLQIRUPDWLRQLQNP

$LU'HIHQVH

‡ 7KHFRPPXQLFDWLRQEHWZHHQWKHUDGDUDQG

'URQHLVHVWDEOLVKHGE\WKH-8VH+\)ORZ FRPPDQG

(24)

$LU'HIHQVH

‡ +\)ORZ G\QDPLFSHHUWRSHHUFRPPXQLFDWLRQLV

DEOHWRUHSUHVHQWSXEOLVKVXEVFULEH FRPPXQLFDWLRQ

‡ ,WFDQDOVRUHSUHVHQWWKHVSDFHSDUWLWLRQLQJ

DOJRULWKPVUHTXLUHGWRREWDLQDQHIILFLHQW UHSUHVHQWDWLRQRIPRYLQJHQWLWLHV

‡ $GGLWLRQDOO\SHHUWRSHHUOLQNVFDQEH

HVWDEOLVKHGXVLQJ-8VH+\)ORZ DGDSWHU FDSDELOLWLHV

(25)

‡ 6FHQDULRZLWKWZRDLUERUQHUDGDUV5DQG5 PRYLQJDWFRQVWDQWYHORFLWLHVZLWKIL[HGUDGLXV WUDMHFWRULHV

‡ 7ZRGURQHV'DQG'PRYLQJDWDFRQVWDQW

YHORFLW\EXWZLWKDSLHFHZLVHFRQVWDQWUDGLXV WKDWFKDQJHVDWUDQGRPWLPHV

‡ 7KHUDGDUVDUHPRGHOHGE\WKHLUURWDWLQJEHDPV

WKDWKDYHDIL[HGSHULRG

‡ $UDGDUHFKRLVSURGXFHGZKHQDUDGDUEHDP

GHWHFWVDGURQH

$LU'HIHQVH

‡ 7KHVHLQWHUDFWLRQVUHTXLUHVWKHFUHDWLRQRIDQHZ

GHWHFWRUIRUHDFKGURQH

‡ LWEHQHILWVIURP33&WRHQDEOHWKHGHWHFWRU

WRVDPSOHWKHSRVLWLRQLQIRUPDWLRQIURPERWK WKHUDGDUEHDPDQGIURPDVSHFLILFGURQH

‡ 8SRQGHWHFWLRQUDGDUVFDQODXQFKDSXUVXHUWR

GLVDEOHWKHGURQH

‡ 3XUVXHUVKDYHDGLJLWDOFRQWUROOHUWKDWXVHVD

SURSRUWLRQDOODZIRUJXLGDQFH

(26)

$LU'HIHQVH

‡ 3XEOLVKVXEVFULEHLQWHUDFWLRQFDQEHPDSSHGLQWR

DSHHUWRSHHUFRPPXQLFDWLRQQHWZRUNZLWKD G\QDPLFWRSRORJ\

‡ 7KLVPDSSLQJHQDEOHVERWKFRPPXQLFDWLRQVW\OHV

WREHXVHGLQFRPELQDWLRQWRGHVFULEHGLIIHUHQW DVSHFWVRIWKHVDPHPRGHO

‡ 7KHLQWHJUDWLRQRIVW\OHVHQDEOHVPRGHOHUVWRXVH

WKHEHVWUHSUHVHQWDWLRQIRUDJLYHQV\VWHP

(27)

‡ :HSODQWRH[WHQG-86(+<)/2: PRGHOOLEUDU\

LQRUGHUWRUHSUHVHQWPRUHFRPSOH[DQGGHWDLOHG VFHQDULRV

‡ :HFRQVLGHUDOVRWKDWIXWXUHYHUVLRQVRIWKH+/$

VXSSRUWLQJWKHPRGHOLQJFRQVWUXFWVGLVFXVVHG KHUHOLNHWKHRSHQ57,VDPSOLQJDQGSHHUWR SHHUFRQQHFWLRQVFDQLPSURYHLWVH[SUHVVLYHQHVV VLPSOLI\LQJWKHGHVFULSWLRQRIFRPSOH[V\VWHPV

)XWXUH:RUN

‡ )HUQDQGR-%DUURVّ0RGHOLQJPRELOLW\WKURXJK

G\QDPLFWRSRORJLHVْ6LPXODWLRQ0RGHOOLQJ

3UDFWLFHDQG7KHRU\9ROXPH'HFHPEHU 3DJHVي

‡ KWWSG[GRLRUJMVLPSDW

(28)

$ $ % !"#

!" #$!

! % &!%'(#)*+,-./,0,+1+'(#)

&'(%)+,-/-02-23# 5"6 768-:; 8/,<

2+ + !" '(#)+ /345346#)+ + + ! 1+'(#)

=#" 6>

?

% 6@

%% @

" @

"; @

AAA

2)?

6 B6%>6%@

" 66 6 CD@

" 66 6 ;CD %)@

(29)

(66 6 E CD

)6

% 6B;# F )6

+ %)BG)

# F

C#" 66 % 6D

## %"%C&=D

CE(D + %C2 HD

7 1 /+ 8!4+ +&4*+#)-/#,'

+ ! &*9 !

42+#3& *:81& *

;38 +;< 13=42+ 1+ ">34='(#$?,/.)

(30)

42+'81& *:3& *

= /;;=" ; / !" ; ;/= !444! ++ / 1 3+)./,(!444+ "+ '((?+

?

6%%)E CED

G% 6

6%%)

>

C% B( %D

&6 ) )%

I+H$";

(31)

$%5 ?$=J>

$%5

+

( +6

&6

5

(32)

$%5 ?$= )%

$%5 ?'E(J>

+) ' )

;

'

(33)

$%5 ?'E( )%

&6 ) )%

6K

)6

% H6

(34)

%&6 ) )%

" %

HL%>6%&6 ) )%? + 6B$ 56+ )C$=D

(35)

HL%>6%&6 ) )%? + 6B$ 56+ )C'E(D

D

42+ "342+ B 5346#.+-)(/-),1+'(#.

> 6,?

$=C"?$=@ ?'E(D

(36)

M 5N#? (

;?0 )3O

$=C"D6 ) )%

=8 % / 53 !314E(-+?0-C.($ 0 %" )3

(37)

M 5N#? &

> 68?

'E(C"?'E(@ ?$=D

(38)

M 5N#? (

;?0 )3O

'E(C"D6 ) )%

(39)

M 5N#? &

0&6) 3C DE P

% )%% 6)

C; %)6#" PD

%)

6 )%

=

66 C) %D

%" )

E

AAA

(40)

E M 5

=;60 )370 %" )3

E

" A

66 )

E

'E(

$=

= % %

6)= )

% %

Q

(41)

www.unamur.be

5HDO7LPH0

'(

$Q2YHUYLHZ

0RXVVD$

05$1,

3LHUUH<YHV6

&+2%%(16

&RVW $FWLRQ,& 030&36:RUNVKRS

0iODJD 6SDLQ± 7KXUVGD\ 1RYHPEHU

www.unamur.be 2

(42)

www.unamur.be 3

M

DE

3D Classification

3URSHUW\NLQG 7UDQVIRUPDWLRQ

)RUPDO9HULILFDWLRQ 7HFKQLTXH

$PUDQL 0 DQG &RPEHPDOH % DQG /XFLR / DQG 6HOLP * DQG 'LQJHO - DQG /H 7UDRQ < DQG 9DQJKHOXZH + DQG &RUG\ -Formal Verification Techniques for Model Transformations: A Tridimensional Classification -RXUQDO RI 7HFKQRORJ\

Barriers for R

T

Formal Verif.

‰ Undecidability

ƒ Both from the timed and non-timed parts, which are often intrically mixed into functionalities

ƒ Abstractions required in each part for performing formal verification

‰ Tool Maturity

ƒ Most tools work on very low-level representations (automata + various logics)

ƒ How to relate results back to model level?

‰ Theoretical Foundations in MDE

ƒ What is a « good » notion of time?

ƒ Is there a « universal » notion of time?

(43)

Agenda

1.

Classification

2.

Contributions Overview

3.

Conclusions

www.unamur.be 6

(44)

www.unamur.be 7

R

T

-M

DE

Classification

7LPH 5HSUHVHQWDWLRQ 7UDQVIRUPDWLRQ

/DQJXDJH

7LPH

www.unamur.be 8

Transformation Languages

7LPH 5HSUHVHQWDWLRQ 7UDQVIRUPDWLRQ

/DQJXDJH 7/

(45)

www.unamur.be 9

Graph-Based T

L

s (G

BTL

s)

‰ Formal Background: Category Theory [1]

ƒ Tgg,

ƒ Some MDEfeatures (e.g., inheritance & containment)

addressed recently [2]

‰ Usually, visual (or hybrid) concrete syntax

ƒ Customisable with metamodel concepts [3,4]

ƒ Also with pure textual syntax (e.g., ATL)

‰ Common formal background with Petri Nets (PNs) [6]

ƒ Reuse of existing tools and

existing Fv techniques

>@ 52=(1%(5**(GHandbook of Graph Grammars and Computing by Graph Transformation (Vol. I):RUOG6FLHQWLILF3XEOLVKLQJ >@ -85$&.6DQG 7$(17=(5 *$&RPSRQHQW&RQFHSWIRU7\SHG*UDSKV:LWK,QKHULWDQFHDQG&RQWDLQPHQW6WUXFWXUHV,QICGT SS±

>@ 7$(17=(5*$**$7RRO(QYLURQPHQWIRU$OJHEUDLF*UDSK7UDQVIRUPDWLRQ,Q$*7,9( /1&6SS± >@ '(/$5$-DQG9$1*+(/8:(+8VLQJ$720DVD0HWD&$6(7RRO,Q,&(,6SS±

>@ 0$;,029$0DQG(+5,*+DQG(50(/&)RUPDO5HODWLRQVKLS%HWZHHQ3HWUL1HWDQG*UDSK7UDQVIRUPDWLRQ6\VWHPV%DVHGRQ )XQFWRUV EHWZHHQ0$GKHVLYH&DWHJRULHV,Q31*7YROSS±

www.unamur.be 10

Meta-Programmed Languages (M

PL

s)

‰

« Action » Languages [1]

ƒ Specifically designed for manipulating model features;

ƒ Operational in nature;

ƒ Usually using a textual syntax close to code

‰

Formal backgrounds

ƒ Semantics foundations from imperative / Object-Oriented

Languages [2].

‰

Possible reuse of existing technology

ƒ With a high price for adapting it;

ƒ Not necessarily at the adequate abstraction level

>@ &20%(0$/(%DQG&5e*87;DQG*$52&+(3/DQG7+,5,28;; (VVD\2Q6HPDQWLFV'HILQLWLRQLQ0'(± $Q,QVWUXPHQWHG$SSURDFK IRU0RGHO9HULILFDWLRQJournal of SoftwareSS±

(46)

www.unamur.be 11

Time

7LPH 5HSUHVHQWDWLRQ 7UDQVIRUPDWLRQ /DQJXDJH 7/ 7LPH

Time Features

‰ Domain

ƒ Discrete (with integers) or Dense (with rationals or reals)

ƒ If bounded, simplifies the FV

‰ Language

‰ Structure, describing how internal

states are organised:

ƒ Linear, in the form of sequences

ƒ Branching, in the form of trees

‰ Determinism, describing how

precisely the system is known:

ƒ Abstraction from implementation details;

ƒ Possible unprescribed choices ;

ƒ Unknown environment

‰ Property Type, indicating which

language’s type of properties are expressible

12 7LPH

/DQJXDJH )HDWXUHV 'RPDLQ

>@ )XULD & DQG 0DQGULROL ' DQG 0RU]HQWL $ DQG 0 5RVVL Modeling Time In Computing 6SULQJHU9HUODJ

Dense Discrete Hybrid ense 6WUXFWXUH ete Discrete Discre

Branchingnching Linear

'HWHUPLQLVP 3URS7\SH

(47)

Time Features

‰ Features

Mechanisms within the language to express communication and synchronicity

‰ Synchronicity, describing at which

pace changes occur within the system

ƒ Synchronous, at the same time;

ƒ Asynchronous, at different/indpt paces

‰ Communication, describing how

asynch. systems communicate

ƒ Through shared resources; or

ƒ Through message passing;

ƒ Or both!

13 7LPH

/DQJXDJH )HDWXUHV 'RPDLQ

>@ )XULD & DQG 0DQGULROL ' DQG 0RU]HQWL $ DQG 0 5RVVL Modeling Time In Computing 6SULQJHU9HUODJ

6\QFKURQLFLW\ &RPPXQLFDWLRQ

Asynchronous Synchronous Message-Passing

Resource Sharing Resou chronoushronnousno

Message-Passing

ssage-UHTXLUHV

www.unamur.be 14

Time Representation

7LPH 5HSUHVHQWDWLRQ 7UDQVIRUPDWLRQ

/DQJXDJH 7/

(48)

www.unamur.be 15

Time Representation [1]

‰ [TaD]: Time as Data

ƒ Time information represented within the model

ƒ Example: clock counters, timers as MM attributes

‰ [TaC]: Time as Control

ƒ Time information integrated at transformation level

ƒ Example: time manipulation constructs available in the TL

‰ [TaE]: Time as Embedding

ƒ Time not explicitly available

ƒ Implicit in a third-party language, when translated

ƒ Requires both model and transformation(s) to become translatable

Not mutually exclusive: all three can be mixed!

>@ -'H/DUD(*XHUUD$%RURQDW5+HFNHODQG37RUULQL 'RPDLQ6SHFLILF 'LVFUHWH (YHQW0RGHOOLQJ DQG6LPXODWLRQ8VLQJ *UDSK7UDQVIRUPDWLRQ

Journal of Software and Systems Modelling±

www.unamur.be 16

(49)

www.unamur.be 17

Overview & Choices

7LPH5HSUHVHQWDWLRQ 7UDQVIRUPDWLRQ

/DQJXDJH 7/

7LPH

7UDQVIRUPDWLRQ /DQJXDJH

7/

7LPH5HSUHVHQWDWLRQ

‰ Contributions number

ƒ 5 supporting references (classification, etc.) ƒ 40 overviewed contributions

‰ Space constraints

ƒ Some are cited by website (one ref for 10 pubs) ƒ Others have several references for slightly different usage

‰ Presentation Choice

ƒ Also related to space constraints

ƒ First try: by time representation, but does not fit ƒ Finally: by TL

Statistics

By Transformation Language

MPL GBT

18

By Time Domain

Discrete Continuous Hybrid

By Synchronicity

Synchronous Asynchronous Hybrid

By Communication Style

(50)

www.unamur.be 19

Summary Tables: M

PL

s

Contribution Domain Language Features Time Rep.

StateCharts Discrete Branching / Non-Determ. Asynch. / MP TaC Activity Diags

fUML Discrete Branching / Non-Determ. Asynch. / MP TaC

MARTE/ CCSL Hybrid Branching / Non-Determ. Hybrid / ?? TaD + TaC

HybridUML Hybrid Branching / Non-Determ. Asynch. / RS TaD + TaC ForSyDe Hybrid Branching / Non-Determ. Asynch. / RS TaC ModHel’X Hybrid Branching / Non-Determ. Hybdrid / MP TaC GeMoC Hybrid Branching / Non-Determ. Hybrid / ?? TaC

6\QFKURQLFLW\K L LW &RPPXQLFDWLRQ

Asynchronous

Message-Passingge-Passing Resource SharingResource S Synchronous Hybrid Synchron chronous ybri )HDWXUHV www.unamur.be 20

Summary Tables: G

BTL

s

Contribution Domain Language Features Time

Rep.

Petri Nets Discrete Branching / Non-Determ. Asynch. / RS TaC

Stochastic Hybrid Branching / Non-Determ. Asynch. / MP TaC

De Lara & Vangheluwe Discrete Branching / Non-Determ. Asynch. / Rs TaC

De Lara, Guerra et al. Hybrid Branching / Non-Determ. Asynch. / MP TaD + TaE

Stroblet al. Discrete Branching / Non-Determ. Asynch. / RS TaD

Gapayet al. Discrete Branching / Non-Determ. Asynch. / Rs TaD

Moment 2 Discrete Branching / Non-Determ. Asynch. / Rs TaC

E-Motions Discrete Branching / Non-Determ. Asynch. / Rs TaC

MechatronicUML Hybrid Branching / Non-Determ. Asynch. / MP TaC

ATOMPM Discrete Branching / Non-Determ. Asynch. / Rs TaE

6\QFKURQLFLW\

C E

K L LW &RPPXQLFDWLRQ

Asynchronous

(51)

www.unamur.be 21

C

ONCLUSIONS

www.unamur.be 22

Paper Summary

1. A Classification for studying Real-Time MDEcontributions

ƒ Which Transformation Language is used?

ƒ Which characteristics of time are important for V&V?

ƒ How time is represented in MDE Frameworks?

2. A partial validation on selected contributions

ƒ 43 papers so far

3. An approach that should be refined, precised and extended

ƒ Dimension 3 (Time Representation) should be more precise

ƒ Is there more contribution in the « pure » MDE scope?

ƒ How these compare with classical GPLapproaches for time?

(52)

www.unamur.be 23

Future Work

1. How to gather more papers?

ƒ Perform a Systematic Litterature Review?

ƒ Proceed by experience?

(contact specialised researchers + my own)

ƒ Extend the study’s scope?

2. Consider all possible V&V techniques for Real-Time

ƒ Integrated Testing (i.e. with HW) is common for

embedded systems

ƒ Simulationfor continuous systems is also a huge domain

(53)

Novel verification paradigms for nonlinear

hybrid automata

Several application domains

Eva M. Navarro López

School of Computer Science, Manchester, UK

COST Action IC1404 – Multi-Paradigm Modelling for Cyber-Physical Systems (MPM4CPS)

Málaga Workshop, WG1 Foundations Málaga, 24th November, 2016

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

Summary

1 The hybrid system salad

2 DYVERSE: a modelling, verification and control framework

3 Branches of DYVERSE

(54)

The hybrid system salad DYVERSE: a modelling, verification and control framework

Branches of DYVERSE The hybrid system recipe

The hybrid system salad: A new fresh perspective

Different labels for the same idea

Combination of continuous dynamics and discrete phenomena

Eva Navarro López DYVERSE

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DYVERSE: a cocktail of disciplines

Hybrid automaton framework

Research that challenges orthodoxy

Mixing theory and practice, breaking boundaries of different disciplines

DYnamical-drivenVERification ofSystems withEnergy considerations

The first-funded project in the UK on the verification and control of nonlinear hybrid systems

(55)

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DYVERSE: a cocktail of disciplines Hybrid automaton framework

Hybrid automaton framework: basic elements

Eva Navarro López DYVERSE

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

A collage of ideas

Dynamically-aware abstractions and formal verification:

exploiting dynamical properties of systems

Application-orientedapproach: results for real-world systems

andautomatic generationof hybrid automata from a dynamical

specification

Verification ofstability-relatedandlivenessproperties

Complex systemsapplications

(56)

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

Automated verification as a dynamical analysis tool

Eva Navarro López DYVERSE

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

DyverseRBT: Dyverse Rigid Body Toolbox

What?

To generate automatically a general-purpose transition system for the description of mechanical systems with multiple impacts and friction

Why?

Simulation: To create event-driven simulations of multi-rigid-body mechanical systems

Formal verification: Hybrid systems automated verification tools to check that properties of mechanical systems are satisfied

Control: To include formal verification results in the control loop to modify system response. Avoid ‘something bad will never happen’ (safety), ensure ‘something good will happen’ (liveness)

(57)

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

Limitations in multi-contact rigid-body systems

Beyond the bouncing ball

A simple example that cannot be expressed using the classical hybrid automaton framework

Eva Navarro López DYVERSE

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

The multi-rigid-body (MRB) hybrid automaton

Typical hybrid automaton elements

Dynamical discrete locations Continuous states

Initial states

Continuous dynamics

Domains of discrete locations Edges (discrete transitions) Guards

Reset maps

New elements integrating computation of contact forces

Computation nodes

Non-dynamical discrete locations

(58)

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

Hybrid automaton with computation nodes for a single neuron

A medium spiny neuron withD1-type receptors in the striatum

Eva Navarro López DYVERSE

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

Automatic generation of hybrid automata

(59)

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

Implementation

Eva Navarro López DYVERSE

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

Dyverse Bounded Model Checker (DyverseBMC)

Overview of the modelling, simulation and verification framework

Mike O’Toole and Eva Navarro-López

http://staff.cs.manchester.ac.uk/˜navarroe/papers/otoole_navarro2016.pdf

(60)

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

Dynamically-aware verification: liveness and deadness

DeadRegions. Generation of a dead region on a hybrid automaton for a given inevitability property of reaching some desired live region

proveByTA.Abstraction of a linear continuous system of the formx˙ =Ax+b to a timed automaton for proving inevitability (reaching a specified live zone). It then uses the stand-alone prover of TA prover UPPAAL to prove the property

PWproveByTA.Abstraction of a piecewise-linear system of a class of the formx˙ =Ax to a timed automaton for proving inevitability. It then uses the stand-alone prover of TA prover UPPAAL to prove the property

Eva Navarro-López and Rebekah Carter, TCS 2016

http://staff.cs.manchester.ac.uk/˜navarroe/research/dyverse/liveness/

Eva Navarro López DYVERSE

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

DYVERSE team for the verification branches presented

(61)

The hybrid system salad DYVERSE: a modelling, verification and control framework Branches of DYVERSE

DyverseRBT: automated generation of hybrid automata DyverseBMC: falsification of safety properties Verification of liveness properties

Some references

E.M. Navarro-López, R. Carter. “Deadness and how to disprove liveness in hybrid dynamical systems”.Theoretical Computer Science,642(2016), 1–23.

M. O’Toole, E.M. Navarro-López. “Falsification of safety properties in multi-rigid-body mechanical systems with hybrid automata and constraint satisfaction”. Available at

http://staff.cs.manchester.ac.uk/˜navarroe/papers/otoole_navarro2016.pdf.

E.M. Navarro-López, U. Çelikok, N.S. ¸Sengör. “Hybrid systems neuroscience”. In the book Closed-Loop Neuroscience, pp. 113–129. Academic Press, September 2016.

E.M. Navarro-López. “DYVERSE: From formal verification to biologically-inspired real-time self-organising systems”. In the bookComputation for Humanity – Information Technology to Advance Society, pp. 305–350. CRC Press/Taylor & Francis, October 2013.

E.M. Navarro-López, D.S. Laila. “Group and total dissipativity and stability of multi-equilibria hybrid automata”.IEEE Transactions on Automatic Control,58(12) (2013), 3196–3202. R. Carter, E.M. Navarro-López. “Dynamically-driven timed automaton abstractions for proving liveness of continuous systems”. InProceedings of the 10th International Conference on Formal Modelling and Analysis of Timed Systems, FORMATS 2012, LNCS, vol. 7595 (M. Jurdzi´nski and D. Ni˘ckovi´c, Eds), pp. 59–74, Springer-Verlag, 2012.

E.M. Navarro-López, R. Carter. “Hybrid automata: An insight into the discrete abstraction of discontinuous systems”.International Journal of Systems Science. Special Issue on Variable Structure Systems Methods for Control and Observation of Hybrid Systems,42(11) (2011), 1883–1898.

(62)

8VDELOLW\GULYHQGHYHORSPHQW

ZLWK8VDELOLW\6RIWZDUH(QJLQHHULQJ

0

0RGHOLQJ(QYLURQPHQW86(0(

$QNLFD %DULãLü

VXSHUYLVRUV 9DVFR$PDUDO0LJXHO*RXOmR

,&± 0XOWL3DUDGLJP0RGHOOLQJIRU&\EHU3K\VLFDO6\VWHPV

'RPDLQ6SHFLILF/DQJXDJH

‡ Qºžêđđó­áóĈºÆžĀ«ºđģººêim\I"Q\Q9Sžê³

q\I€z9\S\Q9S

‡ mº³ė­ºđ̺ėĈºóÄ­óèĀėđžđÏóê­óê­ºĀđĈ

‡ ,ó­ėĈóêđ̺³óèžÏê­óê­ºĀđĈ

‡ 9ê­ĄºžĈÏêÆáĩĀóĀėឡ

‡ k›Ìă·ČÉ·›¨ăČÿ›ªČÌïæÝ·Ğ·ÝɚªÝïă·ÿČïČÉ·°ïä›Ìæɛ

‡ S›ÿÿïğČÉ·°·ăÌÃæăû›ª·

‡ qºĢºĄžá«ºêºÄÏđĈ­ážÏ躳ɊÏêģºááɢ³ºÄÏ꺳³óèžÏêĈ

‡ gÿï°ĒªČÌĞÌČĥÛÌæă

‡ ·ČČ·ÿČÌä·Čïä›ÿÚ·Č

‡ ĞïÌ°·ÿÿïÿɞûÿïæ·ä›ûûÌæÃ㨷Čğ··æ°ïä›Ìæ›æ°

ăïÁČğ›ÿ·°·Ğ·Ýïûä·æČªï檷ûČă

‡ I·Ğ·ÿ›Ã·ČÉ··Ĥû·ÿČÌă·ïÁ°ïä›Ìæ·Ĥû·ÿČă

(63)

/DQJXDJH

‡ $ODQJXDJHLVDPHDQVRIFRPPXQLFDWLRQ

‡ 7KHXVHULQWHUIDFHLVDUHDOL]DWLRQRIDODQJXDJH

‡ $ODQJXDJHLVDPRGHOWKDWGHVFULEHVWKHDOORZHGWHUPV

DQGKRZWRFRPSRVHWKHPLQWRYDOLGVHQWHQFHV $QNLFD%DULãLü 8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

'6//LIHF\FOH

(64)

'6//LIHF\FOH

$QNLFD%DULãLü

ϳ9«ėÏá³đ̺ qIĄÏÆÌđɑ

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

'6//LIHF\FOH

$QNLFD%DULãLü

ϳ9«ėÏá³đ̺ qIĄÏÆÌđɑ

ϳ9 «ėÏá³đ̺ ĄÏÆÌđ qIɑ

(65)

4XDOLW\LQ8VHLH8VDELOLW\

$QNLFD%DULãLü

Ɣ 'LIIHUHQWODQJXDJHV OLNHO\KDYHGLIIHUHQW

FRQWH[WVRIXVH

Ɣ 7KHLUXVHUVDUHOLNHO\ WRKDYHGLIIHUHQW

NQRZOHGJHVHWV

Ɣ $PLQLPXPVHWRI RQWRORJLFDOFRQFHSWV LVUHTXLUHGWRXVHWKH ODQJXDJH

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

8VDELOLW\6RIWZDUH(QJLQHHULQJ0RGHOLQJ(QYLURQPHQW

86(0(

(66)

$QNLFD%DULãLü

8VDELOLW\6RIWZDUH(QJLQHHULQJ0RGHOLQJ(QYLURQPHQW

86(0(

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

86(0(LQ'6/OLIHF\FOH

$QNLFD%DULãLü

(67)

86(0(LQ'6/OLIHF\FOH

$QNLFD%DULãLü 8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

&RQWH[W0RGHOLQJ

86(0(

(68)

$QNLFD%DULãLü

8VHU+LHUDUFK\

9LVXDOLQR

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

9LVXDOLQR

8VHU7HPSODWHV

(69)

$QNLFD%DULãLü

&RQWH[W0RGHOLQJ

86(0(

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

9LVXDOLQR

&RQWH[W(QYLURQPHQW

(70)

$QNLFD%DULãLü

&RQWH[W0RGHOLQJ

86(0(

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

9LVXDOLQR

:RUNIORZV

(71)

$QNLFD%DULãLü

9LVXDOLQR

6FHQDULRV

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

86(0(LQ'6/OLIHF\FOH

(72)

$QNLFD%DULãLü

*RDO0RGHOLQJ

86(0(

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

9LVXDOLQR

8VDELOLW\*RDO0RGHO

(73)

$QNLFD%DULãLü

*RDO0RGHOLQJ

86(0(

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

9LVXDOLQR

8VDELOLW\0HWKRGDQG

5HTXLUHPHQWV

9

(74)

86(0(LQ'6/OLIHF\FOH

$QNLFD%DULãLü 8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

(YDOXDWLRQ0RGHOLQJ

86(0(

(75)

$QNLFD%DULãLü

9LVXDOLQR

(YDOXDWLRQ2EMHFWLYHV

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

(YDOXDWLRQ0RGHOLQJ

86(0(

(76)

$QNLFD%DULãLü

9LVXDOLQR

(YDOXDWLRQ

,QVWDQWLDWLRQ

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

,QWHUDFWLRQ0RGHOLQJ

86(0(

(77)

$QNLFD%DULãLü

9LVXDOLQR

,QWHUDFWLRQ0RGHO

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

$QNLFD%DULãLü

6XUYH\0RGHOLQJ

86(0(

(78)

8VDELOLW\HYDOXDWLRQRI'RPDLQ6SHFLILF/DQJXDJHV $QNLFD%DULãLü

9LVXDOLQR 9L

6XUYH\0RGHO

86(0(LQ'6/OLIHF\FOH

(79)

$QNLFD%DULãLü

5HSRUW0RGHOLQJ

86(0(

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

86(0(LQ'6/OLIHF\FOH

(80)

$QNLFD%DULãLü

&RYHUDJH(QJLQH

86(0(

8VDELOLW\GULYHQGHYHORSPHQWZLWK86(0(

3XEOLFDWLRQV

 [XQE< <gQãQü 6<hE] Z<g<Y !QOkIY ]kY@] <[G GIZ<g OkQ<g±[jg]GkEQ[O kh<DQYQjs E][EIg[h I<gYs Q[ jPI / GIpIY]dZI[j EsEYI Y]q/ IrdIgQI[EIgId]gj±[+g]EIIGQ[Oh]NjPIÂhj[jIg[<jQ][<Y7]gXhP]d][!]GIYŸgQpI[IpIY]dZI[j+g]EIhhIh<[G+g<EjQEIh<jjPI ÂÈjP[jIg[<jQ][<Y!] /][NIgI[EI6<YI[EQ</d<Q[$Ej]DIgÃÁÂÅ

Ð [XQE<<gQãQü±p<Yk<jQ[OjPI-k<YQjsQ[1hI]N]Z<Q[Ÿ/dIEQNQE <[Ok<OIhQ[<[OQYI7<s±[+g]EIIGQ[Oh]NjPI]Ej]g<Y/sZd]hQkZ <jjPIÂÇjP[jIg[<jQ][<Y][NIgI[EI][!]GIYgQpI[[OQ[IIgQ[O <[Ok<OIh<[G/shjIZh¥!] /¦!Q<ZQY]gQG<1/1.$Ej]DIg ÃÁÂÄ

Đ [XQE<<gQãQü±jIg<jQpIIp<Yk<jQ][]N]Z<Q[Ÿ/dIEQNQE <[Ok<OIh±[+g]EIIGQ[Oh]NjPI!/jkGI[j.IhI<gEP]ZdIjQjQ][<jjPIÂÇjP [jIg[<jQ][<Y][NIgI[EI][!]GIYgQpI[[OQ[IIgQ[O <[Ok<OIh<[G/shjIZh¥!] /¦!Q<ZQY]gQG<!$Ej]DIgÃÁÂÄ

Ő [XQE< <gQãQü +IGg] !][jIQg] 6<hE] Z<g<Y !QOkIY ]kY@] !QOkIY !][jIQg] ±+<jjIg[h N]g p<Yk<jQ[O 1h<DQYQjs ]N ]Z<Q[Ÿ/dIEQNQE <[Ok<OIh±[+g]EIIGQ[Oh]NjPIÂÊjP][NIgI[EI][d<jjIg[Y<[Ok<OIh]Ndg]Og<Zh¥+ ]+¦/+ /ÃÁÂÃ0kEh][gQv][<1/$Ej]DIg ÃÁÂÃ

Ɛ gk[]<gg]E<Gk<gG]!<gfkIh6<YjIg<YIO<h6<hE]Z<g<Y<[G[XQE<<gQãQü±0PI.+/ <E<hIhjkGs]NY<[Ok<OII[OQ[IIgQ[O khQ[O!N]gI[Ig<jQ[O.+<ZIhN]g!]DQYI+P][Ih±[+g]EIIGQ[Oh]NjPIÂÃjP7]gXhP]d][]Z<Q[Ÿ/dIEQNQE!]GIYQ[O<j/+ / ÃÁÂÍ0kEh][gQv][<!$Ej]DIgÃÁÂÃ

ǐ [XQE< <gQãQü 6<hE] Z<g<Y <[G !QOkIY ]kY@]±1h<DQYQjs p<Yk<jQ][ ]N ]Z<Q[Ÿ/dIEQNQE <[Ok<OIh± [+g]EIIGQ[Oh ]N jPI // ]Ej]g<Y/sZd]hQkZ<jjPIÉjP[jIg[<jQ][<Y][NIgI[EI][jPI-k<YQjs]N[N]gZ<jQ][<[G]ZZk[QE<jQ][h0IEP[]Y]Os¥-10¦ QhD][ +]gjkO<Y/IdjIZDIgÃÁÂÍ

Ȑ [XQE<<gQãQü6<hE]Z<g<Y!QOkIY]kY@]<[Ggk[]<gg]E<±p<Yk<jQ[OjPI1h<DQYQjs]N]Z<Q[Ÿ/dIEQNQE <[Ok<OI±[]]X]gZ<Y <[G+g<EjQE<YhdIEjh]N]Z<Q[Ÿ/dIEQNQE <[Ok<OIh.IEI[jIpIY]dZI[jhIGQjIGDs!<gW<[!Ig[QXY]D<Y/IdjIZDIgÃÁÂÍd<OIh ÄÉǟÅÁÈ

ɐ [XQE< <gQãQü 6<hE] Z<g<Y !QOkIY ]kY@] <[G gk[] <gg]E<±-k<YQjs Q[ 1hI ]N ]Z<Q[Ÿ/dIEQNQE <[Ok<OI < <hI /jkGs± [+g]EIIGQ[Oh ]N jPI 7]gXhP]d ][ p<Yk<jQ][ <[G 1h<DQYQjs ]N +g]Og<ZZQ[O <[Ok<OIh <[G 0]]Yh ¥+ 01 ÃÁ¦ <j /+ / ÃÁ +]gjY<[G$gIO][1/!$Ej]DIgÃÁÂÂ

ʐ [XQE<<gQãQü6<hE]Z<g<Y!QOkIY]kY@]<[Ggk[]<gg]E<±-k<YQjsQ[1hI]N/ hkggI[jp<Yk<jQ][!IjP]Gh±[+g]EIIGQ[Oh]N jPI"$.1!°ÃÁ]QZDg<+]gjkO<Y/IdjIZDIgÃÁÂÂ

ÂÁ [XQE<<gQãQü6<hE]Z<g<Y!QOkIY]kY@]<[Ggk[]<gg]E<±]qj]gI<EP<kh<DYI/ ‹!]pQ[Oj]q<gG</shjIZ<jQEp<Yk<jQ][± [+g]EIIGQ[Oh ]N jPI ÆjP [jIg[<jQ][<Y 7]gXhP]d ][ !kYjQŸ+<g<GQOZ !]GIYQ[O ¥!+!°ÃÁ¦ <j !]GIYh ÃÁ 7IYYQ[Oj][ "Iq ;I<Y<[G //0]kg[<Y$Ej]DIgÃÁÂÂ

$QNLFD%DULãLü

(81)
(82)

$XWRPDWHG$QDO\VLVRI7UDFHDELOLW\LQ

&\EHU3K\VLFDO6\VWHPV

)HUKDW(UDWD%HGLU7HNLQHUGRJDQ

,&±0XOWL3DUDGLJP 0RGHOOLQJ IRU &\EHU3K\VLFDO 6\VWHPV

&KDOOHQJHVRI7UDFHDELOLW\LQ,QGXVWU\

6HPDQWLFDOO\PHDQLQJIXOWUDFHDELOLW\

ƒ WUDFHDELOLW\UHODWLRQVVKRXOGKDYHDULFKVHPDQWLFPHDQLQJ

LQVWHDGRIEHLQJVLPSOHELGLUHFWLRQDOUHIHUHQWLDOUHODWLRQ

&RQILJXUDELOLW\RIWUDFHDELOLW\SRVVLEO\G\QDPLFDOO\

ƒ WKH VHPDQWLFV RIWUDFHDELOLW\ LVRIWHQVWDWLFDOO\GHILQHG

ƒ WKHVHPDQWLFVFDQQRWEHHDVLO\DGDSWHGIRUWKHQHHGVRI

GLIIHUHQWSURMHFWV

ƒ GLIIHUHQWWUDFHDEOHHOHPHQWVDQGWKHW\SHVRIUHODWLRQVH[LVWLQ

LQGXVWULDOVHWWLQJV

6HYHUDOLQGXVWULHVGHPDQGVIRUPDOSURRIVRIWUDFHDELOLW\

&RQVLVWHQF\FKHFNLQJDQGUHSDLULQJEURNHQWUDFHOLQNV

(83)

:KDW LV WKHSUREOHP"

,QGXVWULDO8VH&DVHLQ$LUEXV

(84)

6,'36\VWHP,QVWDOODWLRQ'HVLJQ3ULQFLSOHV

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

&RPSRQHQW2QWRORJ\DQG5XOHV

͞^ƚƌƵĐƚƵƌĂůͺůĞŵĞŶƚ͟

͞ƌĂĐŬĞƚ͟ ͞&ĂƐƚĞŶĞƌ͟

͞WĐůĂŵƉ͟

͞ƐƐĞŵďůLJ͟

WŚLJƐŝĐĂů ĐŽŵƉŽŶĞŶƚ

ůĂŵƉ

WͲůĂŵƉ

WͲůĂŵƉ E^ϱϱϭϲ

ƚƚĂĐŚŵĞŶƚ ĚĞǀŝĐĞ

ŽŵƉŽŶĞŶƚ ƐƐĞŵďůLJ KďũĞĐƚWƌŽƉĞƌƚŝĞƐ

ƐƵďůĂƐƐKĨ

ZĚĨƐ͗ůĂďĞů ^ŬŽƐ͗ƉƌĞĨ>ĂďĞů ŶŶŽƚĂƚŝŽŶWƌŽƉĞƌƚŝĞƐ

͞WͲĐůĂŵƉE^ϱϱϭϲĐĂŶďĞĨŝdžĞĚŽŶyǁŝƚŚz͟

͞WŚLJƐŝĐĂůĐŽŵƉŽŶĞŶƚ͟ ͞^ƚĂŶĚĂƌĚƌĞĨĞƌĞŶĐĞ͟

2EMHFWLYHV

ƒ DĂŶĂŐĞƌƵůĞƐͬĚĞƐŝŐŶƉƌŝŶĐŝƉůĞƐĂŶĚŝŵƉƌŽǀĞƚƌĂĐĞĂďŝůŝƚLJ

(85)

,QGXVWULDO8VH&DVHLQ)RUG2WRVDQ

6\QFKURQL]DWLRQRI'HVLJQ6SHFLILFDWLRQVZLWK&RPSXWHU $LGHG'HVLJQ'DWDLQ3URGXFW/LIHF\FOH0DQDJHPHQW

%20DQG'HVLJQ6SHFLILFDWLRQV

͞ŽŵƉƵƚĞƌͲĂŝĚĞĚĞƐŝŐŶĂƚĂ͟ ͞ŝůůŽĨDĂƚĞƌŝĂůĂƚĂ͟

(86)

,QGXVWULDO8VH&DVHLQ+DYHOVDQ

,QWHJUDWLRQZLWK$SSOLFDWLRQ/LIHF\FOH0DQDJHPHQWWRHQVXUH UHOLDELOLW\DQGFRQVLVWHQF\LQWKHV\VWHPXQGHUGHYHORSPHQW 5HTXLUHPHQW &RQWUDFW 5HTXLUHPHQW 6\VWHP 7HVW &DVH 7HVWHG%\ 7HVW 6WRU\%RDUG 'HVLJQ0RGHO 6WRU\%RDUG 5HTXLUHPHQW 6\VWHP 5HTXLUHPHQW 6RIWZDUH 3DUHQW &KLOG 5HTXLUHPHQW +DUGZDUH 3DUHQW &KLHOG 7DVN 3DUHQW &KLOG %XJ &KDQJH 5HTXHVW $FFHVVLEOH 2EMHFW +\SHU/LQN 5HTXLUHPHQW &RQWUDFW 5HODWHG 5HODWHG (QJLQHHULQJ &KDQJH 3URSRVDO $IIHFWHG%\ $IIHFW 7DVN 3DUHQW &KLOG 6KDUH3RLQW 'RFXPHQW $WWDFKPHQW 3UHG 6XF &RQILJXUDWLRQ ,WHP &RQWDLQV $OORFDWHGWR 9DOLGDWLRQ 3ODQ 9DOLGDWHG%\ 9DOLGDWHV &KDQJHVHW ,PSOHPHQWHGE\ 7DUVNL$3ODWIRUPIRU$XWRPDWHG$QDO\VLVRI '\QDPLFDOO\&RQILJXUDEOH7UDFHDELOLW\ 6HPDQWLFV

The Paper is accepted by “The 32nd ACM Symposium on

(87)

2YHUYLHZRI7HFKQLFDO&RQWULEXWLRQV #7DUVNL

dĞĐŚŶŝĐĂů tŽƌŬƉĂĐŬĂŐĞƐ

&ŽƌŵĂů ^ƉĞĐŝĨŝĐĂƚŝŽŶΘ &ŽƌŵĂů^ĞŵĂŶƚŝĐƐ

dƌĂĐĞĂďŝůŝƚLJ DĂŶĂŐĞŵĞŶƚ

dƌĂĐĞĂďŝůŝƚLJ sŝƐƵĂůŝnjĂƚŝŽŶ

dƌĂĐĞĂďŝůŝƚLJĂƚĂͲ DŽĚĞů

ƵƚŽŵĂƚĞĚ ŶĂůLJƐŝƐ ^ĞŵĂŶƚŝĐŽŵĂŝŶ

;dƌĂĐĞĂďŝůŝƚLJͿ

>ŽĐĂƚŝŽŶƐ >ŝŶŬƐ

^LJŶƚĂdž ;&ŽƌŵĂůŝƐŵͿ

&ŝƌƐƚͲŽƌĚĞƌ>ŽŐŝĐ džŝŽĂŵĂƚŝĐ^ĞƚdŚĞŽƌLJ

ZĞůĂƚŝŽŶĂů ĂůĐƵůƵƐ

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

$XWRPDWHG$QDO\VLVRI'\QDPLFDOO\ &RQILJXUHG7UDFHDELOLW\6HPDQWLFV

͞dƌĂĐĞĂďŝůŝƚLJZƵůĞƐƚŽĚĞĨŝŶĞƚƌĂĐĞĂďŝůŝƚLJƐĞŵĂŶƚŝĐƐ͟

͞sĂƌŝŽƵƐdƌĂĐĞĂďŝůŝƚLJŶĂůLJƐŝƐŵŝŐŚƚďĞƉĞƌĨŽƌŵĞĚ͟

(88)

7HFKQLFDO&RQWULEXWLRQV#7DUVNL

&RQFHSWXDO0RGHOIRU7UDFHDELOLW\

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

7HFKQLFDO&RQWULEXWLRQV#7DUVNL

)RUPDOL]DWLRQRI7UDFHDELOLW\6HPDQWLFV

(89)

7DUVNL

$SSURDFK

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

7HFKQLFDO&RQWULEXWLRQV#7DUVNL

(90)

7UDFHDELOLW\$QDO\VLV

dƌĂĐĞĂďŝůŝƚLJ ŶĂůLJƐŝƐ

ƵƚŽŵĂƚĞĚ ZĞĂƐŽŶŝŶŐ

ŚĂŶŐĞ/ŵƉĂĐƚ ŶĂůLJƐŝƐ

ŽŶƐŝƐƚĞŶĐLJ ĐŚĞĐŬŝŶŐ

>ŽĐĂƚŝŽŶ ĚŝƐĐŽǀĞƌLJ

ZĞĂƐŽŶŝŶŐĂďŽƵƚ ƚƌĂĐĞƌĞůĂƚŝŽŶƐ

ƵƚŽŵĂƚĞĚ dƌĂĐĞďŝůŝƚLJ >ŝŶŬ

ƌĞĂƚŝŽŶ

ĞƚǁĞĞŶ DŽĚĞůŝŶŐ >ĂŶŐƵĂŐĞƐ

DƵůƚŝͲŵŽĚĞů ŽŶƐŝƐƚĞŶĐLJ ŚĞĐŬŝŶŐ

LJŶĂŵŝĐĂů ŽŶĨŝŐƵƌĂďŝůŝƚLJŽĨ

^ƉĞĐŝĨŝĐĂƚŝŽŶ

^ĐĂůĂďŝůŝƚLJ

/ŶƚĞŐƌĂƚŝŽŶŽĨ ĨĨŝĐŝĞŶƚĞĐŝƐŝŽŶ

WƌŽĐĞĚƵƌĞƐ

/ŶĐƌĞŵĞŶƚĂů ƉƉƌŽĂĐŚ

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

7\SHV&RPSRQHQW2QWRORJ\GHULYHGIURP WKHVSHFLILFDWLRQ

(91)

$VVLJQLQJ8QDU\5HODWLRQVWRD7UDFHDEOH (OHPHQWV

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

$VVLJQLQJ%LQDU\5HODWLRQVWRD7UDFH /LQN

(92)

6HOHFWLQJDUDQJHIRUDELQDU\UHODWLRQ IURPDQH[LVWLQJWUDFHDEOHHOHPHQWV

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

$XWRPDWHG$QDO\VLVRI7UDFHDELOLW\

(93)
(94)

)RUPDO6SHFLILFDWLRQRI7UDFHDELOLW\

&ŽƌŵĂů ^ƉĞĐŝĨŝĐĂƚŝŽŶŽĨ dƌĂĐĞĂďŝůŝƚLJ;tWϯͿ

>ŽĂĚͬhƉĚĂƚĞ ^ƉĞĐŝĨŝĐĂƚŝŽŶ

hƉĚĂƚĞƐŝŐŶĂƚƵƌĞƐ

hƉĚĂƚĞĨĂĐƚƐĂŶĚ ĂŶŶŽƚĂƚĞĚĨĂĐƚƐ

ĐůŝƉƐĞͲďĂƐĞĚdĞdžƚ ĚŝƚŽƌ

^ĞŵĂŶƚŝĐŶĂůLJƐŝƐ ƌƌŽƌZĞƉŽƌƚŝŶŐ

^LJŶƚĂdž,ŝŐŚůŝŐŚƚŝŶŐ ŽŶƚĞŶƚƐƐŝƐƚƐ

^ŚŽǁĂůůdƌĂĐĞ

dLJƉĞƐ ƵƐƚŽŵĂŶŶŽƚĂƚŝŽŶƐ

ZĞĂƐŽŶΛƌĞůĂƚŝŽŶ dƌĂĐĞΛŵŽĚĞů

>ŽĐĂƚĞΛĚŽĐƵŵĞŶƚ >ŽĂĚΛŵŽĚĞů ĞĨŝŶŝƚŝŽŶŽĨ&ŽƌŵĂů

^ĞŵĂŶƚŝĐƐ

ĞĨŝŶŝƚŝŽŶŽĨ dĞŵƉŽƌĂů WƌŽƉĞƌƚŝĞƐ

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

7H[WXDO(GLWRULQ$FWLRQ

(95)

7UDFHDELOLW\9LVXDOL]DWLRQ9LHZ

dƌĂĐĞĂďŝůŝƚLJ sŝƐƵĂůŝnjĂƚŝŽŶ

;sŝĞǁͿ

:'ƌĂƉŚͲďĂƐĞĚ sŝƐƵĂůŝnjĂƚŝŽŶ

dŽǀŝƐƵĂůŝƐĞD& /ŶƐƚĂŶĐĞ

/ŶƚĞŐƌĂƚŝŽŶůůŽLJ͛Ɛ ^ŝŵƵůĂƚŝŽŶ^ĐƌĞĞŶ

^ƵƉƉŽƌƚŵƵƚĂƚŝŽŶ ŽŶůůŽLJ͛ƐƵŶŝǀĞƌƐĞ

ƌĞĂƚĞƚŽŵ hƉĚĂƚĞƚŽŵ

ĞůĞƚĞƚŽŵ ĞůĞƚĞZĞůĂƚŝŽŶ

ƌĞĂƚĞZĞůĂƚŝŽŶ ŚĂŶŐĞdLJƉĞ

sŝƐƵĂů /ŵƉƌŽǀĞŵĞŶƚƐ͘

Ğ͘Ő͘͞ĚŐĞ ƌŽƐƐŝŶŐ DŝŶŝŵŝnjĂƚŝŽŶ͟

ĂƐŚĞĚ>ŝŶĞƐ

,ŝŐŚůŝŐŚƚŝŶŐ ƚŽŵƐĂŶĚ ZĞůĂƚŝŽŶƐ /ŶƚĞŐƌĂƚŝŽŶǁŝƚŚ ŽƚŚĞƌĐŽŵƉŽŶĞŶƚƐ

'HPRQVWUDWLRQ

9LVXDOL]DWLRQLQ$FWLRQ

(96)
(97)

7UDFHDELOLW\0DQDJHPHQW:3

dƌĂĐĞĂďŝůŝƚLJ DĂŶĂŐĞŵĞŶƚ

ĐůŝƉƐĞsŝĞǁƐ

dƌĂĐĞĂďŝůŝƚLJsŝĞǁ ŽŶƚĞdžƚƵĂůsŝĞǁ

dĂƌŐĞƚŵĂƉƉŝŶŐ ^ŽƵƌĐĞŵĂƉƉŝŶŐ

ĐůŝƉƐĞtŝnjĂƌĚƐ

DĂƌŬǁͬƚLJƉĞ ĞůĞƚĞDĂƌŬ

DĂƉDĂƌŬĞƌ ZĞŵŽǀĞ

ŚĂŶŐĞdLJƉĞ

ĐůŝƉƐĞĐƚŝŽŶƐ

,LJƉĞƌůŝŶŬ ĚĞƚĞĐƚŽƌƐĂŶĚ

ŵĞŶƵ

ƌĂŐĂŶĚƌŽƉ

^ƵƉƉŽƌƚĞĚ ĐůŝƉƐĞĚŝƚŽƌƐ

EĂǀŝŐĂƚŝŽŶ

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

'HPRQVWUDWLRQ

7UDFHDELOLW\0DQDJHPHQWLQ$FWLRQ

(98)

'LVFXVVLRQ

ƒ )LUVWRUGHUWKHRU\RIUHODWLRQVWREHDVROXWLRQIRUWUDFHDELOLW\LQ

030&36"

3UHOLPLQDU\UHVXOWVVKRZVWKDWWKHDSSURDFKZRUNVRQWKH

V\QFKURQL]DWLRQRIGHVLJQUXOHVZLWKGHVLJQLQVWDOODWLRQRISK\VLFDO FRPSRQHQWV

ƒ &XUUHQWO\'3//7VROYHUGRHVQRWH[LVWVIRUWKHWKHRU\

ƒ :KDWDERXWRWKHUWKHRULHVDQGFRPELQDWLRQRIWKHRULHV"

ƒ 6KRXOGZHFRQVLGHUDOVRWKHWHPSRUDOEHKDYLRURIWKH

WUDFHDELOLW\"

/ϭϰϬϰʹ DƵůƚŝͲWĂƌĂĚŝŐŵDŽĚĞůůŝŶŐĨŽƌLJďĞƌͲWŚLJƐŝĐĂů^LJƐƚĞŵƐ

(99)

A hybrid master (event and

discrete-time) for Functional Mockup Interface

Vincent Albert

LAAS-CNRS / University of Toulouse

MPM4CPS workshop – Malaga, Spain, 2016 COST Action IC1404

Overview

‡

Introduction

‡

Solution

‡

Experiments

‡

Conclusion and perspectives

(100)

Introduction

3

Discrete-time simulation

‹˜‡ƒ•›•–‡—†‡”–Š‡ˆ‘”ௗ௫ ሺ௧ሻ

ௗ௧ ൌ ݂ ݔ ݐ ǡ ݑ ݐ

ݔ ݐ ൅ ݄ ൌ ݔ ݐ ൅ௗ௫೔ሺ௧ሻ

ௗ௧ Ǥ ݄

(101)

Discrete-event simulation

‹˜‡ƒ•›•–‡—†‡”–Š‡ˆ‘” ሶݍ ݐ ൌ ݂ ݍ ݐ ǡ ݑ ݐ ݍ ݐ ൅ ȟݐ ൌ ݍ ݐ ൅ ሶݍ ݐ Ǥ ȟݐ

ȟ ൌ ݍ ݐ ൅ ȟݐ െ ݍሺݐሻ

5

Discrete-event simulation

‹˜‡ƒ•›•–‡—†‡”–Š‡ˆ‘” ሶݍ ݐ ൌ ݂ ݍ ݐ ǡ ݑ ݐ ݍ ݐ ൅ ȟݐ ൌ ݍ ݐ ൅ ሶݍ ݐ Ǥ ȟݐ

ȟ ൌ ݍ ݐ ൅ ȟݐ െ ݍሺݐሻ

1. The required time for the solution of ݍ ݐ to change by ȟis

οݐ ൌ ቐ

୼୕

ሶ௤ ݂݅ ሶݍ ് Ͳ

λ ݋ݐ݄݁ݎݓ݅ݏ݁

At this time, the next state will be

ݍ ݐ൅ οݐ ൌ ݍ ݐ ൅ ݏ݅݃݊ ሶݍ ݐ כ οܳ

(102)

Discrete-event simulation

‹˜‡ƒ•›•–‡—†‡”–Š‡ˆ‘” ሶݍ ݐ ൌ ݂ ݍ ݐ ǡ ݑ ݐ ݍ ݐ ൅ ȟݐ ൌ ݍ ݐ ൅ ሶݍ ݐ Ǥ ȟݐ

ȟ ൌ ݍ ݐ ൅ ȟݐ െ ݍሺݐሻ

1. The required time for the solution of ݍ ݐ to change by ȟis

οݐ ൌ ቐ

୼୕

ሶ௤ ݂݅ ሶݍ ് Ͳ

λ ݋ݐ݄݁ݎݓ݅ݏ݁

At this time, the next state will be

ݍ ݐ൅ οݐ ൌ ݍ ݐ ൅ ݏ݅݃݊ ሶݍ ݐ כ οܳ

2. If ሶݍchanges of value before ݐ௞൅ οݐthen

ݍ ൌ ݍ ൅ ሶݍ כ ݁

οݐ ൌ ൞

οܳ െ ݍ െ ݍ݈

ሶݍ ݂݅ ሶݍ ് Ͳ

λ ݋ݐ݄݁ݎݓ݅ݏ݁ 7

Discrete-Event System Specification

൏ ܺǡ ܻǡ ܵǡ ߜ݅݊ݐǡ ߜ݁ݔݐǡ ߜܿ݋݊ǡ ɉǡ ݐܽ ൐ ݐܽ ׷ ܵ ՜ Թ଴ǡஶ

Model DEVS

Atomic component

Simulator DEVS

Parallel DEVS protocol

(103)

Issues

h<0 is falseat the integration step before ݐଵ

h<0 is true at the integration step aˆ–‡”ݐଵ

DEVS FMU

3. Get time of FMU next event 2. Handle FMU input external event

9

1. Continuous /discrete interface

4. Handle FMU internal event

Hybrid Master for DEVS-FMI

(104)

DEVS-FMI for ME

11

double predictState(double t) {

currentTime = t;

horizon = t + lookAheadHorizon; while (currentTime < horizon)

currentTime = integrate(currentTime+lookAheadStepSize); newState = fmi2getContinuousState();

outputs = fmi2getReal(); predictions.add(newState); eventInds = fmi2GetEventIndicators() for(eventInds.size)

if(eventInds[i] != savedeventInds[i]) handleEvent(); //bisectional search return currentTime;

return currentTime; }

Experiments

(105)

BouncingBall

13

DC-Motor and PWM Controller

(106)

Conclusion and Perspectives

15

Conclusion and Perspectives

‡

Conclusion

± Modular and hierarchical hybrid master (discrete-time

and discrete-event simulation algorithms) for cosimulation and model exchange

± Passed with JModelica, failed with FMUSDK (?)

± Techno : FMIPP (SWIG, ODEINT)

‡

Perspectives

± Extend the standard for discrete-event paradigm

± Develop interface for VHDL simulator

± Develop interface for FPGA

(107)

Business Informatics Group

Institute of Software Technology and Interactive Systems TU Wien

Favoritenstraße 9-11/188-3, 1040 Vienna, Austria

phone: +43 (1) 58801 - 18804 (secretary), fax: +43 (1) 58801 - 18896 office@big.tuwien.ac.at, www.big.tuwien.ac.at

%XVLQHVV,QIRUPDWLFV*URXS

Adding Uncertainty and Units to Quantity Types in Software Models

Tanja Mayerhofer, Manuel Wimmer

Business Informatics Group, TU Wien, Austria

Tanja Mayerhofer

Workshop of IC1404 – Multi-Paradigm Modelling for Cyber-Physical Systems

November 24-25, 2016, Malaga, Spain

Antonio Vallecillo, Loli Burgueño

Atenea, Universidad de Málaga, Spain

Motivation

Uncertainty and Units in Engineering Disciplines

ƒ Engineers naturally think about uncertaintyassociated with measured values

and units of values

ƒ Uncertainty and units are explicitly defined in models and considered in model-based simulations

ƒ Example: Coupled Clutches of Modelica Standard Library

2 SKLVWDUW UDGURWDWLRQDQJOH

ZVWDUW UDGVDQJXODUYHORFLW\

(108)

Uncertainty and Units in Software Engineering

ƒ Very limited support for representing uncertainty and units in software models

ƒ No support for considering such properties in model-based simulations

ƒ Example: How to represent a measured value in UML? Motivation

3

0HDVXUH

YDOXH5HDO

What kindof value is measured? In which unitis the value measured? What is the uncertaintyof the measurement method?

Contributions

1. Type system for representing measurement uncertainty and units ƒ Kernel representation for quantities

2. Algebra of operations for performing computations with uncertain data and units

ƒ Computational kernel for computing quantities

3. Implementationsfor Java, OCL, UML

(109)

Units and Dimensions Systems of Units

International System of Units (SI)

ƒ Base dimensions: Length, Mass, Time, Electric Current, Thermodynamic Temperature, Amount of Substance, Luminous Intensity

ƒ Base units: Meter (m), Kilogram (kg), Second (s), Ampere (A), Kelvin (K), Mole (mol), Candela (cd)

ƒ Derived dimensions: 90 dimensions derived from the base dimensions e.g., Area, Volume, Velocity

ƒ Derived units: 90 units derived from the base units

e.g., Square Meter (m²), Cubic Meter (m³), Meter per Second (m/s)

Other Systems of Units

ƒ Centimeter-Gram-Second System (CGS)

ƒ Imperial System

ƒ United States Customary System (USCS, USC)

5

B. N. Taylor and A. Thompson. The International System of Units (SI). NIST, 2008. http://www.nist.gov/pml/pubs/sp811/.

Units and Dimensions Representation of Units

ƒ Any unit can be derived from the base units: ܤ௘భ כ ܤ

ଶ ௘

…ܤ௘೙where ܤ

௜represents a base unit and ݁௜its exponent ƒ Hence, any unit can be defined by the exponents ݁௜of the base units:

݁ଵǡ ݁ଵǡ ǥ ǡ ݁௡

ƒ Examples

6 ܯ݁ݐ݁ݎ ݉ ൌ ݉ଵכ ݇݃כ ݏכ ܣכ ܭכ ܿ݀כ ݉݋݈כ ݎܽ݀ൌ ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳ

ܵݍݑܽݎ݁ ܯ݁ݐ݁ݎ ݉ଶ ൌ ݉ଶכ ݇݃଴כ ݏ଴כ ܣ଴כ ܭ଴כ ܿ݀଴כ ݉݋݈଴כ ݎܽ݀଴ ൌ ʹǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳ

ܯ݁ݐ݁ݎ ݌݁ݎ ܵ݁ܿ݋݊݀ ݉Ȁݏ ൌ ݉ଵכ ݇݃כ ݏିଵכ ܣכ ܭכ ܿ݀כ ݉݋݈כ ݎܽ݀ൌ ͳǡ Ͳǡ െͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳ

(110)

Units and Dimensions Conversion Between Units

ƒ Conversion of quantity values from base units ܤ௜to derived units ܦ௜

ƒ Multiply the numerical value of the quantity value with conversion factor ݂ܿ

ƒ Add an offset݋to the resulting numerical value

ƒ Definition:ݔ ܦ ൌ ሺݔ כ ݂ܿ ൅ ݋ሻ ܤ

ƒ Examples:

ƒ Conversion factors and offsets can be defined relative to the base units: ݂ܿ௜: ݂ܿଵǡ ݂ܿଵǡ ǥ ǡ ݂ܿ௡ ǡ݋௜: ݋ଵǡ ݋ଶǡ ǥ ǡ ݋௡

ƒ Examples:

7 ܭ݈݅݋݉݁ݐ݁ݎ ݇݉ ǣ ݂ܿ ൌ ͳͲͲͲǡ ͳǡ ͳǡ ͳǡ ͳǡ ͳǡ ͳǡ ͳ ݋݂ ൌ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳ

ܥ݈݁ܿ݅ݑݏ ιܥ ǣ ݂ܿ ൌ ͳǡ ͳǡ ͳǡ ͳǡ ͳǡ ͳǡ ͳǡ ͳ݋݂ ൌ Ͳǡ Ͳǡ Ͳǡ Ͳǡ ʹ͹͵Ǥͳͷǡ Ͳǡ Ͳǡ Ͳ

ܭ݈݅݋݉݁ݐ݁ݎ ݌݁ݎ ܪ݋ݑݎ ݇݉Ȁ݄ ǣ ݂ܿ ൌ ͳͲͲͲǡ ͳǡ ͵͸ͲͲǡ ͳǡ ͳǡ ͳǡ ͳǡ ͳ ݋݂ ൌ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳǡ Ͳ ݔ ݇݉ ൌ ݔ כ ͳͲͲͲ ൅ Ͳ ݉

ݔ ιܥ ൌ ሺݔ כ ͳ ൅ ʹ͹͵Ǥͳͷሻ

ݔ ݇݉Ȁ݄ ൌ ሺݔ כଵ଴଴଴

ଷ଺଴଴൅ ͲሻȀ•

Units and Dimensions Model-Based Representation

ƒ Domain Model

ƒ Example Instances

8

8QLW

QDPH6WULQJ V\PERO6WULQJ GLPHQVLRQV5HDO>@ FRQYHUVLRQ)DFWRU 5HDO>@ RIIVHW5HDO>@

P8QLW

QDPH 0HWHU V\PERO P

GLPHQVLRQV ! FRQYHUVLRQ)DFWRU ! RIIVHW !

NPK8QLW

QDPH .LORPHWHUSHU+RXU V\PERO NPK

GLPHQVLRQV !

(111)

Measurement Uncertainty Representation of Uncertainty

Definition: Standard Uncertainty [GUM]

ƒ Uncertainty of the result of a measurement ݔexpressed as a standard deviation ݑ

ƒ Representation: ݔ േ ݑor ሺݔǡ ݑሻ

ƒ Examples:

9

[GUM] JCGM 100:2008. Evaluation of measurement data – Guide to the expression of uncertainty in measurement. Joint Committee for Guides in Metrology, 2008.

Normal distribution: ሺݔǡ ߪሻwith mean ݔ, standard deviation ߪ

Interval ܽǡ ܾ : Uniform or rectangular distribution is assumed

ሺݔǡ ݑሻwith ݔ ൌ௔ା௕

ଶ , ݑ ൌ ሺ௕ି௔ሻ

ଶ ଷ

Measurement Uncertainty Model-Based Representation

ƒ Domain Model

ƒ Example Instances

10

85HDO

[5HDO X 5HDO

85HDO

[ X

85HDO

[ X

Figure

Actualización...

Referencias

Actualización...