A Game of Attribute Decomposition for Software Architecture Design

Attribute-driven software architecture design aims to provide decision support by taking into account the quality attributes of softwares. A central question in this process is: What architecture design best fulfills the desirable software requirements? To answer this question, a system designer needs to make tradeoffs among several potentially conflicting quality attributes. Such decisions are normally ad-hoc and rely heavily on experiences. We propose a mathematical approach to tackle this problem. Game theory naturally provides the basic language: Players represent requirements, and strategies involve setting up coalitions among the players. In this way we propose a novel model, called decomposition game, for attribute-driven design. We present its solution concept based on the notion of cohesion and expansion-freedom and prove that a solution always exists. We then investigate the computational complexity of obtaining a solution. The game model and the algorithms may serve as a general framework for providing useful guidance for software architecture design. We present our results through running examples and a case study on a real-life software project.Comment: 23 pages, 5 figures, a shorter version to appear at 12th International Colloquium on Theoretical Aspects of Computing (ICTAC 2015

Raisonnement sur les modèles : détection et isolation d'anomalies dans les systèmes de diagnostic

Dans le cadre du diagnostic à base de Modèle, un ensemble de règles d'inférence est typiquement exploité pour calculer des diagnostics, ceci en utilisant une théorie scientifique et mathématique sur le système à diagnostiquer, ainsi qu'un ensemble d'observations. Contrairement aux hypothèses classiques, les Modèles sont souvent anormaux vis-à-vis d'un ensemble de propriétés requises. Naturellement, cela affecte la qualité des diagnostics [à Airbus]. Une théorie sur la réalité, l'information et la cognition est créé pour redéfinir, dans une perspective basée sur la théorie des modèles, le cadre classique de diagnostic à base de Modèle. Ceci rend possible la formalisation des anomalies et de leur relation avec des propriétés des diagnostics. Avec ce travail et avec l'idée qu'un système de diagnostic implémenté peut être vu comme un objet à diagnostiquer, une théorie de méta-diagnostic est développée, permettant la détection et isolation d'anomalies dans les Modèles des systèmes de diagnostic. Cette théorie est mise en pratique à travers d'un outil, MEDITO; et est testée avec succès à travers un ensemble de problèmes industriels, à Airbus. Comme des différents systèmes de diagnostic Airbus, souffrant d'anomalies variées, peuvent calculer des diagnostics différents, un ensemble de méthodes et outils et développé pour: 1) déterminer la cohérence entre diagnostics et 2) valider et comparer la performance de ces systèmes de diagnostic. Ce travail dépend d'un pont original entre le cadre de diagnostic Airbus et son équivalent académique. Finalement, la théorie de méta-diagnostic est généralisée pour prendre en compte des méta-systèmes autres que des systèmes de diagnostic implémentés.In Model-Based Diagnosis, a set of inference rules is typically used to compute diagnoses using a scientific and mathematical theory about a system under study and some observations. Contrary to the classical hypothesis, it is often the case that these Models are abnormal with respect to a series of required properties, hence affecting the quality of the computed diagnoses with possibly huge economical consequences, in particular at Airbus. A thesis on reality and cognition is firstly used to redefine the classic framework of model-based diagnosis from a formal model-theoretic perspective. This, in turn, enables the formalisation of abnormalities and of their relation with the properties diagnoses. With such material and the idea that an implemented diagnostic system can be seen a real-world artefact to be diagnosed, a theory of meta-diagnosis is developed, enabling the detection and isolation of abnormalities in Models of diagnostic systems and explanation in general. Such theory is then encoded in a tool, called MEDITO, and successfuly tested against Airbus real-world industrial problems. Moreover, as different heterogeneous implemented Airbus diagnostic systems, suffering from distinct abnormalities, may compute different diagnoses, methods and tools are developed for: 1) checking the consistency between subsystem-level diagnoses and 2) validating and comparing the performance of these diagnostic systems. Such work relies on an original bridge between the Airbus framework of diagnosis and its academic counterpart. Finally, meta-diagnosis is generalised to handle meta-systems other than implemented diagnostic systems

Combining behavioural types with security analysis

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties

Towards a concurrency theory for supervisory control

In this paper we propose a process-theoretic concurrency model to express supervisory control properties. In light of the present importance of reliable control software, the current work ow of direct conversion from informal specication documents to control software implementations can be improved. A separate modeling step in terms of controllable and uncontrollable behavior of the device under control is desired. We consider the control loop as a feedback model for supervisory control, in terms of the three distinct components of plant, requirements and supervisor. With respect to the control ow, we consider event-based models as well as state-based ones. We study the process theory TCP as a convenient modeling formalism that includes parallelism, iteration, communication features and non-determinism. Via structural operational semantics, we relate the terms in TCP to labeled transition systems. We consider the partial bisimulation preorder to express controllability that is better suited to handle non-determinism, compared to bisimulation-based models. It is shown how precongruence of partial bisimulation can be derived from the format of the deduction rules. The theory of TCP is studied under nite axiomatization for which soundness and ground-completeness (modulo iteration) is proved with respect to partial bisimulation. Language-based controllability, as the neccesary condition for event-based supervisory control is expressed in terms of partial bisimulation and we discuss several drawbacks of the strict event-based approach. Statebased control is considered under partial bisimulation as a dependable solution to address non-determinism. An appropriate renaming operator is introduced to address an issue in parallel communication. A case for automated guided vehicles (AGV) is modeled using the theory TCP. The latter theory is henceforth extended to include state-based valuations for which partial bisimulation and an axiomatization are dened. We consider an extended case on industrial printers to show the modeling abilities of this extended theory. In our concluding remarks, we sketch a future research path in terms of a new formal language for concurrent control modeling

Interaction and Experience in Enactive Intelligence and Humanoid Robotics

We overview how sensorimotor experience can be operationalized for interaction scenarios in which humanoid robots acquire skills and linguistic behaviours via enacting a “form-of-life”’ in interaction games (following Wittgenstein) with humans. The enactive paradigm is introduced which provides a powerful framework for the construction of complex adaptive systems, based on interaction, habit, and experience. Enactive cognitive architectures (following insights of Varela, Thompson and Rosch) that we have developed support social learning and robot ontogeny by harnessing information-theoretic methods and raw uninterpreted sensorimotor experience to scaffold the acquisition of behaviours. The success criterion here is validation by the robot engaging in ongoing human-robot interaction with naive participants who, over the course of iterated interactions, shape the robot’s behavioural and linguistic development. Engagement in such interaction exhibiting aspects of purposeful, habitual recurring structure evidences the developed capability of the humanoid to enact language and interaction games as a successful participant

The discipline of Natural Design

If we define design work as those cognitive and practical things to which designers give their valuable effort, then our Natural Design framework allows the recording and replaying of design work. Natural Design provides a meta-structural framework that has developed through our observations of engineering design in safety and mission critical industries, such as aircraft design. Our previous work has produced parametrisable models of design work for software intensive systems, and we now look to make an initial assessment of our natural design framework for its fit to the more creative design practices. In this paper we briefly sketch the framework and subsequently attempt to locate ‘creativity’ in it. We find that, although there are good strong hooks for what the designer does, we are forced to find a role for the community of the designer in the creative process in our framework, something that was only implicit in our previous work. Keywords: Natural design; Engineering design; Creativity</p

Dagstuhl News January - December 2001

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic