Energy-Aware System-Level Design of Cyber-Physical Systems

Cyber-Physical Systems (CPSs) are heterogeneous systems in which one or several computational cores interact with the physical environment. This interaction is typically performed through electromechanical elements such as sensors and actuators. Many CPSs operate as part of a network and some of them present a constrained energy budget (for example, they are battery powered). Examples of energy constrained CPSs could be a mobile robot, the nodes that compose a Body Area Network or a pacemaker. The heterogeneity present in the composition of CPSs together with the constrained energy availability makes these systems challenging to design. A way to tackle both complexity and costs is the application of abstract modelling and simulation. This thesis proposed the application of modelling at the system level, taking energy consumption in the different kinds of subsystems into consideration. By adopting this cross disciplinary approach to energy consumption it is possible to decrease it effectively. The results of this thesis are a number of modelling guidelines and tool improvements to support this kind of holistic analysis, covering energy consumption in electromechanical, computation and communication subsystems. From a methodological point of view these have been framed within a V-lifecycle. Finally, this approach has been demonstrated on two case studies from the medical domain enabling the exploration of alternative systems architectures and producing energy consumption estimates to conduct trade-off analysis

An Adaptive Integration Architecture for Software Reuse

The problem of building large, reliable software systems in a controlled, cost-effective way, the so-called software crisis problem, is one of computer science\u27s great challenges. From the very outset of computing as science, software reuse has been touted as a means to overcome the software crisis issue. Over three decades later, the software community is still grappling with the problem of building large reliable software systems in a controlled, cost effective way; the software crisis problem is alive and well. Today, many computer scientists still regard software reuse as a very powerful vehicle to improve the practice of software engineering. The advantage of amortizing software development cost through reuse continues to be a major objective in the art of building software, even though the tools, methods, languages, and overall understanding of software engineering have changed significantly over the years. Our work is primarily focused on the development of an Adaptive Application Integration Architecture Framework. Without good integration tools and techniques, reuse is difficult and will probably not happen to any significant degree. In the development of the adaptive integration architecture framework, the primary enabling concept is object-oriented design supported by the unified modeling language. The concepts of software architecture, design patterns, and abstract data views are used in a structured and disciplined manner to established a generic framework. This framework is applied to solve the Enterprise Application Integration (EM) problem in the telecommunications operations support system (OSS) enterprise marketplace. The proposed adaptive application integration architecture framework facilitates application reusability and flexible business process re-engineering. The architecture addresses the need for modern businesses to continuously redefine themselves to address changing market conditions in an increasingly competitive environment. We have developed a number of Enterprise Application Integration design patterns to enable the implementation of an EAI framework in a definite and repeatable manner. The design patterns allow for integration of commercial off-the-shelf applications into a unified enterprise framework facilitating true application portfolio interoperability. The notion of treating application services as infrastructure services and using business processes to combine them arbitrarily provides a natural way of thinking about adaptable and reusable software systems. We present a mathematical formalism for the specification of design patterns. This specification constitutes an extension of the basic concepts from many-sorted algebra. In particular, the notion of signature is extended to that of a vector, consisting of a set of linearly independent signatures. The approach can be used to reason about various properties including efforts for component reuse and to facilitate complex largescale software development by providing the developer with design alternatives and support for automatic program verification

Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

Specifying reactive system behavior

Fundamentally, the development of software applications involves dealing with two distinct domains: the real world and software domains; the two converge at the point where a software application is used to make an unsatisfactory real world situation into a satisfactory one. Thus, software application development is a problem solving activity that assumes a problem has been identified and a software application is desired to address this problem. In this context, it is necessary to take measures that ensure the solution will be both adequate and appropriate with respect to the problem. In particular, it is of utmost importance that the problem in hand and the application's role in helping to solve it are satisfactorily understood by the development team. If this condition is not observed then the application produced is doomed to be inadequate and/or inappropriate, independently of the capabilities of the available technologies and resources, and also independently of other wicked aspects of software development: constantly changing requirements, time-to-market pressures, significant social, political, ethical or economic issues in the project, etc. The principal objective of this thesis was to improve the state-of-the-art of specifications that are used to communicate to the development team the behavior of the (future) system. In addressing this objective, this work initially involved defining the essential requirements of specifications that could ensure that the development team has a precise, correct and common understanding of the way the system is required to behave. As a result of analyzing the identified requirements, two general kinds of specifications were distinguished and perceived to be necessary to address the requirements adequately; one that addresses the concerns of the designers, providing a precise description of the system responsibilities; and one that addresses the concerns of the stakeholders in general, providing an informal description of the goals that the stakeholders have against the system. The first specification is referred to as the Behavioral Design Contract and the second one is referred to as the Behavioral Stakeholders Contract. In this thesis, these two specifications were concretely realized as part of the ANZAC approach. The ANZAC approach defines two work artifacts called the ANZAC use case descriptions and the ANZAC specification, which express the Behavioral Stakeholders Contract and the Behavioral Design Contract, respectively. ANZAC use case descriptions offer an informal and usage-oriented description of the concordant goals that the stakeholders have against the system. An ANZAC specification offers a precise, operational description of the system's responsibilities in servicing all possible requests that it can receive over its lifetime; it uses a restricted subset of the Unified Modeling Language (UML) and its Object Constraint Language (OCL). In the ANZAC approach, the ANZAC use case descriptions are developed following the ANZAC use case framework. This framework defines the context, purpose, style and form of an ANZAC use case description, and it provides a goal-based approach to use case elicitation. Once a number of ANZAC use case descriptions are established, they can be refined to an ANZAC specification. This refinement procedure is (informally) defined by the ANZAC mapping technique. An ANZAC specification is developed by the description of three models, which each express a different but complementary view of the system. These three models are called the Concept Model, the Operation Model, and the Protocol Model. The Concept Model defines an abstract system state space in terms of concepts from the problem domain, the Operation Model describes the effect of system operations on the system state, and the Protocol Model defines the correct behavior of the system in terms of its (allowable) input protocol. As a "proof of concept", this thesis demonstrates the ANZAC approach applied to an elevator control system, which is used to show how ANZAC offers a clean approach for capturing the Behavioral Stakeholders and Design Contract. The elevator case study demonstrates the mapping between the Behavioral Stakeholders Contract and the Behavioral Design Contract using the ANZAC mapping technique. It also highlights the difference in the level of precision and formality that can be found between ANZAC use case descriptions and an ANZAC specification. Furthermore, it demonstrates some of the more advanced features of the ANZAC approach, in particular, its ability to specify performance constraints and concurrent behavior

Applying visualisation to model-based formal specifications.

The most important and challenging activity in developing new software systems is arguably ascertaining their features and characteristics before development takes place. This activity, known as requirements engineering, involves software developers identifying the requirements of the customers who are procuring the system, and then documenting them in a requirements specification.Producing a requirements specification is a complex, time consuming and human-centred activity. It is essential that both parties discuss the requirements, analyse them and negotiate any issues, uncertainties or conflicts that arise. To assist in this process, a prototype of the software can be developed and then thrown away after the requirements process has been completed. Such a prototype helps to stimulate discussion and to provide a vehicle for experimentation and evaluation. This form of prototyping is now a popular and well-known requirements engineering technique. One powerful throwaway prototyping approach involves developing prototypes quickly using executable model-based formal specifications. These are based upon mathematical notations that possess a defined syntax and semantics. They have a useful dual role in the requirements process. On the one hand, they can be used to express requirements specifications in a precise and unambiguous manner, whilst on the other they can also be subjected to execution to produce a prototype. However, despite the benefits that such executable specifications have for the developer, their use can be problematic in situations that involve communication with customers. This is because traditionally, for reasons of productivity, the execution behaviour of prototypes developed in this manner is often depicted using developer-centred representations. Such representations often do not correspond to the perceptions or expertise of the customer, as they are often too abstract or technical. If the customer cannot recognise or comprehend these, accurate evaluation of the prototype cannot take place, stifling much needed dialogue and rendering the prototyping process ineffective.This research advocates that applying visualisation to this form of prototyping can alleviate the problems of comprehension and the subsequent breakdown in dialogue. The objective is to employ the techniques and principles of visualisation to transform the developer-centred prototype execution behaviour into customer-oriented representations based upon pictorial and graphical forms from their own universe of discourse. Applying visualisation in this way can retain the advantages of using executable formal specifications to build prototypes, while at the same time stimulating and sustaining effective dialogue between developers and customers. The objective of the research concerns the production of a system for visualising the execution of a specific executable formal specification-based prototype development technique. The resulting system is then evaluated by demonstrating its application in a series of case studies. These reveal the capabilities of the approach, and demonstrate the benefits that can be gained over and above the use of existing prototyping techniques based on executable formal specifications

On Modularity In Abstract State Machines

In the field of model based formal methods we investigate the Abstract State Machine (ASM) modularity features. With the growing complexity of systems and the experience gained in more than thirty years of ASM method application a need for more manageable models emerged. We mainly investigate the notion of modules in ASMs as independent interacting components and the ability to identify portions of the machine state with the aim of improving the modelling process. In this thesis we provide a language level semantically well defined solution for (1) the definition of ASM modules as independent services and their communication behaviour; (2) a new construct that operates on the global state of an ASM machine that ease the management of state partitions and their identification; (3) a novel transition rule for the management of computations providing different execution strategies and putting termination condition for the machine inside the specification; (4) a data definition convention along with a new transition rule for their manipulation via pattern matching. In our work we build upon CoreASM, a well-known extensible modelling framework and tool environment for ASMs. The semantic of our modularity constructs is compatible with the one defined for the CoreASM interpreter. This ease the implementation of extension plugins for tool support of modularity features. A real world system use case ground model ends the thesis exemplifying the practical usage of our modularity constructs

Sustainability-Based Product Design in a Decision Support Semantic Framework

The design of products for sustainability involves holistic consideration of a complex diversity of objectives and requirements over a product’s life cycle related to the environment, economics, and the stakeholders in society. These objectives may only be considered effectively when they are represented transparently to design participants early in a design process. Life Cycle Assessment (LCA) provides a credible prescription to account for environmental impacts. However, LCA methods are time consuming to use and are intended to assess the impacts of a completely defined design. Thus, more capable methods are needed to efficiently identify more sustainable design concepts. To this end, this work introduces a fundamental approach to formulate models for normative decision analysis to accurately account for these multiple objectives. Salient features of this novel approach include the direct accounting of the LCA formulations via mathematical relationships and their integration with derived expressions for compatible life cycle cost models, as well as a methodical approach to account for significant sources of uncertainty. Here, a semantic ontological framework integrates the information associated with decision criteria with that of the standards and regulations applicable to a design situation. Since this framework shares the context and meaning of this information and design rationale across domains of knowledge transparently among design participants, this approach can influence a design toward sustainability considerations while the design complies with regulations and standards. Hypothetical equivalents and inequivalents method is represented and deployed to consistently model a designer’s preferences among the criteria. Material selection is a very significant factor for the optimal concept selection of a product’s components. A new method is detailed to estimate the impacts of material alternatives across an entire design space. Here, a new surrogate model construction technique, which is much more efficient than the construction of complete LCA models, can prune the design space with adequate robustness for near optimal concept selection. This new technique introduces a feasible approximation of a Latin Hypercube design at the first of two sampling stages to overcome the issues with sampling from discrete data sets of material property variables

A new approach to the development and maintenance of industrial sequence logic

This thesis is concerned with sequence logic as found in industrial control systems, with the focus being on process and manufacturing control systems. At its core is the assertion that there is a need for a better approach to the development of industrial sequence logic to satisfy the life-cycle requirements, and that many of the ingredients required to deliver such an approach are now available. The needs are discussed by considering the business case for automation and deficiencies with traditional approaches. A set of requirements is then derived for an integrated development environment to address the business needs throughout the control system life-cycle. The strengths and weaknesses of relevant control system technology and standards are reviewed and their bias towards implementation described. Mathematical models, graphical methods and software tools are then assessed with respect to the requirements for an integrated development environment. A solution to the requirements, called Synect is then introduced. Synect combines a methodology using familiar graphical notations with Petri net modelling supported by a set of software tools. Its key features are justified with reference to the requirements. A set of case studies forms the basis of an evaluation against business needs by comparing the Synect methodology with current approaches. The industrial relevance and exploitation are then briefly described. The thesis ends with a review of the key conclusions along with contributions to knowledge and suggestions for further research