TY - JOUR A1 - Bandyopadhyay, Soumyadip A1 - Sarkar, Dipankar A1 - Mandal, Chittaranjan A1 - Giese, Holger T1 - Translation validation of coloured Petri net models of programs on integers JF - Acta informatica N2 - Programs are often subjected to significant optimizing and parallelizing transformations based on extensive dependence analysis. Formal validation of such transformations needs modelling paradigms which can capture both control and data dependences in the program vividly. Being value-based with an inherent scope of capturing parallelism, the untimed coloured Petri net (CPN) models, reported in the literature, fit the bill well; accordingly, they are likely to be more convenient as the intermediate representations (IRs) of both the source and the transformed codes for translation validation than strictly sequential variable-based IRs like sequential control flow graphs (CFGs). In this work, an efficient path-based equivalence checking method for CPN models of programs on integers is presented. Extensive experimentation has been carried out on several sequential and parallel examples. Complexity and correctness issues have been treated rigorously for the method. Y1 - 2022 U6 - https://doi.org/10.1007/s00236-022-00419-z SN - 0001-5903 SN - 1432-0525 VL - 59 IS - 6 SP - 725 EP - 759 PB - Springer CY - New York ER - TY - BOOK A1 - Meinel, Christoph A1 - Döllner, Jürgen Roland Friedrich A1 - Weske, Mathias A1 - Polze, Andreas A1 - Hirschfeld, Robert A1 - Naumann, Felix A1 - Giese, Holger A1 - Baudisch, Patrick A1 - Friedrich, Tobias A1 - Böttinger, Erwin A1 - Lippert, Christoph A1 - Dörr, Christian A1 - Lehmann, Anja A1 - Renard, Bernhard A1 - Rabl, Tilmann A1 - Uebernickel, Falk A1 - Arnrich, Bert A1 - Hölzle, Katharina T1 - Proceedings of the HPI Research School on Service-oriented Systems Engineering 2020 Fall Retreat N2 - Design and Implementation of service-oriented architectures imposes a huge number of research questions from the fields of software engineering, system analysis and modeling, adaptability, and application integration. Component orientation and web services are two approaches for design and realization of complex web-based system. Both approaches allow for dynamic application adaptation as well as integration of enterprise application. Service-Oriented Systems Engineering represents a symbiosis of best practices in object-orientation, component-based development, distributed computing, and business process management. It provides integration of business and IT concerns. The annual Ph.D. Retreat of the Research School provides each member the opportunity to present his/her current state of their research and to give an outline of a prospective Ph.D. thesis. Due to the interdisciplinary structure of the research school, this technical report covers a wide range of topics. These include but are not limited to: Human Computer Interaction and Computer Vision as Service; Service-oriented Geovisualization Systems; Algorithm Engineering for Service-oriented Systems; Modeling and Verification of Self-adaptive Service-oriented Systems; Tools and Methods for Software Engineering in Service-oriented Systems; Security Engineering of Service-based IT Systems; Service-oriented Information Systems; Evolutionary Transition of Enterprise Applications to Service Orientation; Operating System Abstractions for Service-oriented Computing; and Services Specification, Composition, and Enactment. N2 - Der Entwurf und die Realisierung dienstbasierender Architekturen wirft eine Vielzahl von Forschungsfragestellungen aus den Gebieten der Softwaretechnik, der Systemmodellierung und -analyse, sowie der Adaptierbarkeit und Integration von Applikationen auf. Komponentenorientierung und WebServices sind zwei Ansätze für den effizienten Entwurf und die Realisierung komplexer Web-basierender Systeme. Sie ermöglichen die Reaktion auf wechselnde Anforderungen ebenso, wie die Integration großer komplexer Softwaresysteme. "Service-Oriented Systems Engineering" repräsentiert die Symbiose bewährter Praktiken aus den Gebieten der Objektorientierung, der Komponentenprogrammierung, des verteilten Rechnen sowie der Geschäftsprozesse und berücksichtigt auch die Integration von Geschäftsanliegen und Informationstechnologien. Die Klausurtagung des Forschungskollegs "Service-oriented Systems Engineering" findet einmal jährlich statt und bietet allen Kollegiaten die Möglichkeit den Stand ihrer aktuellen Forschung darzulegen. Bedingt durch die Querschnittstruktur des Kollegs deckt dieser Bericht ein weites Spektrum aktueller Forschungsthemen ab. Dazu zählen unter anderem Human Computer Interaction and Computer Vision as Service; Service-oriented Geovisualization Systems; Algorithm Engineering for Service-oriented Systems; Modeling and Verification of Self-adaptive Service-oriented Systems; Tools and Methods for Software Engineering in Service-oriented Systems; Security Engineering of Service-based IT Systems; Service-oriented Information Systems; Evolutionary Transition of Enterprise Applications to Service Orientation; Operating System Abstractions for Service-oriented Computing; sowie Services Specification, Composition, and Enactment. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 138 KW - Hasso Plattner Institute KW - research school KW - Ph.D. retreat KW - service-oriented systems engineering KW - Hasso-Plattner-Institut KW - Forschungskolleg KW - Klausurtagung KW - Service-oriented Systems Engineering Y1 - 2021 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-504132 SN - 978-3-86956-513-2 SN - 1613-5652 SN - 2191-1665 IS - 138 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - BOOK A1 - Barkowsky, Matthias A1 - Giese, Holger T1 - Triple graph grammars for multi-version models N2 - Like conventional software projects, projects in model-driven software engineering require adequate management of multiple versions of development artifacts, importantly allowing living with temporary inconsistencies. In the case of model-driven software engineering, employed versioning approaches also have to handle situations where different artifacts, that is, different models, are linked via automatic model transformations. In this report, we propose a technique for jointly handling the transformation of multiple versions of a source model into corresponding versions of a target model, which enables the use of a more compact representation that may afford improved execution time of both the transformation and further analysis operations. Our approach is based on the well-known formalism of triple graph grammars and a previously introduced encoding of model version histories called multi-version models. In addition to showing the correctness of our approach with respect to the standard semantics of triple graph grammars, we conduct an empirical evaluation that demonstrates the potential benefit regarding execution time performance. N2 - Ähnlich zu konventionellen Softwareprojekten erfordern Projekte im Bereich der modellgetriebenen Softwareentwicklung eine adäquate Verwaltung mehrerer Versionen von Entwicklungsartefakten. Eine solche Versionsverwaltung muss es insbesondere ermöglichen, zeitweise mit Inkonsistenzen zu leben. Im Fall der modellgetriebenen Softwareentwicklung muss ein verwendeter Ansatz zusätzlich mit Situationen umgehen können, in denen verschiedene Entwicklungsartefakte, das heißt verschiedene Modelle, durch automatische Modelltransformationen verknüpft sind. In diesem Bericht schlagen wir eine Technik für die integrierte Transformation mehrerer Versionen eines Quellmodells in entsprechende Versionen eines Zielmodells vor. Dies ermöglicht die Verwendung einer kompakteren Repräsentation der Modelle, was zu verbesserten Laufzeiteigenschaften der Transformation und weiterführender Operationen führen kann. Unser Ansatz basiert auf dem bekannten Formalismus der Tripel-Graph-Grammatiken und einer in früheren Arbeiten eingeführten Kodierung von Versionshistorien von Modellen. Neben einem Beweis der Korrektheit des Ansatzes in Bezug auf die standardmäßige Semantik von Tripel-Graph-Grammatiken führen wir eine empirische Evaluierung durch, die den potenziellen Performancevorteil der Technik demonstriert. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 155 KW - triple graph grammars KW - multi-version models KW - Tripel-Graph-Grammatiken KW - Modelle mit mehreren Versionen Y1 - 2023 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-573994 SN - 978-3-86956-556-9 SN - 1613-5652 SN - 2191-1665 IS - 155 SP - 28 EP - 28 ER - TY - BOOK A1 - Barkowsky, Matthias A1 - Giese, Holger T1 - Modular and incremental global model management with extended generalized discrimination networks T1 - Modulares und inkrementelles Globales Modellmanagement mit erweiterten Generalized Discrimination Networks N2 - Complex projects developed under the model-driven engineering paradigm nowadays often involve several interrelated models, which are automatically processed via a multitude of model operations. Modular and incremental construction and execution of such networks of models and model operations are required to accommodate efficient development with potentially large-scale models. The underlying problem is also called Global Model Management. In this report, we propose an approach to modular and incremental Global Model Management via an extension to the existing technique of Generalized Discrimination Networks (GDNs). In addition to further generalizing the notion of query operations employed in GDNs, we adapt the previously query-only mechanism to operations with side effects to integrate model transformation and model synchronization. We provide incremental algorithms for the execution of the resulting extended Generalized Discrimination Networks (eGDNs), as well as a prototypical implementation for a number of example eGDN operations. Based on this prototypical implementation, we experiment with an application scenario from the software development domain to empirically evaluate our approach with respect to scalability and conceptually demonstrate its applicability in a typical scenario. Initial results confirm that the presented approach can indeed be employed to realize efficient Global Model Management in the considered scenario. N2 - Komplexe Projekte, die unter dem Paradigma der modellgetriebenen Entwicklung entwickelt werden, nutzen heutzutage oft mehrere miteinander in Beziehung stehende Modelle, die durch eine Vielzahl von Modelloperationen automatiscsh verarbeitet werden. Die modulare und inkrementelle Konstruktion und Ausführung solcher Netzwerke von Modelloperationen ist eine Voraussetzung für effiziente Entwicklung mit potenziell sehr großen Modellen. Das zugrunde liegende Forschungsproblem heißt auch Globales Modellmanagement. In diesem Bericht schlagen wir einen Ansatz für modulares und inkrementelles Globales Modellmanagement vor, der auf einer Erweiterung der existierenden Technik der Generalized Discrimination Networks (GDNs) basiert. Neben einer weiteren Verallgemeinerung des Konzepts der Anfrageoperationen in GDNs erweitern wir den zuvor rein lesenden Mechanismus auf Operationen mit Seiteneffekten, um Modelltransformationen und Modellsynchronisationen zu integrieren. Wir präsentieren inkrementelle Algorithmen für die Ausführung der resultierenden erweiterten GDNs (eGDNs) sowie eine prototypische Implementierung von Beispieloperationen für eGDNs. Mithilfe dieser prototypischen Implementierung evaluieren wir unsere Lösung hinsichtlich ihrer Skalierbarkeit in einem Anwendungsszenario aus dem Bereich der Softwareentwicklung. Außerdem demonstrieren wir die Anwendbarkeit der entwickelten Technik konzeptionell anhand eines typischen Anwendugsszenario. Unsere ersten Ergebnisse bestätigen, dass die Lösung genutzt werden kann, um effizientes Globales Modellmanagement im betrachteten Szenario zu realisieren. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 154 KW - global model management KW - generalized discrimination networks KW - globales Modellmanagement KW - Generalized Discrimination Networks Y1 - 2023 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-573965 SN - 978-3-86956-555-2 SN - 1613-5652 SN - 2191-1665 IS - 154 SP - 63 EP - 63 ER - TY - JOUR A1 - Ghahremani, Sona A1 - Giese, Holger A1 - Vogel, Thomas T1 - Improving scalability and reward of utility-driven self-healing for large dynamic architectures JF - ACM transactions on autonomous and adaptive systems N2 - Self-adaptation can be realized in various ways. Rule-based approaches prescribe the adaptation to be executed if the system or environment satisfies certain conditions. They result in scalable solutions but often with merely satisfying adaptation decisions. In contrast, utility-driven approaches determine optimal decisions by using an often costly optimization, which typically does not scale for large problems. We propose a rule-based and utility-driven adaptation scheme that achieves the benefits of both directions such that the adaptation decisions are optimal, whereas the computation scales by avoiding an expensive optimization. We use this adaptation scheme for architecture-based self-healing of large software systems. For this purpose, we define the utility for large dynamic architectures of such systems based on patterns that define issues the self-healing must address. Moreover, we use pattern-based adaptation rules to resolve these issues. Using a pattern-based scheme to define the utility and adaptation rules allows us to compute the impact of each rule application on the overall utility and to realize an incremental and efficient utility-driven self-healing. In addition to formally analyzing the computational effort and optimality of the proposed scheme, we thoroughly demonstrate its scalability and optimality in terms of reward in comparative experiments with a static rule-based approach as a baseline and a utility-driven approach using a constraint solver. These experiments are based on different failure profiles derived from real-world failure logs. We also investigate the impact of different failure profile characteristics on the scalability and reward to evaluate the robustness of the different approaches. KW - self-healing KW - adaptation rules KW - architecture-based adaptation KW - utility KW - reward KW - scalability KW - performance KW - failure profile model Y1 - 2020 U6 - https://doi.org/10.1145/3380965 SN - 1556-4665 SN - 1556-4703 VL - 14 IS - 3 PB - Association for Computing Machinery CY - New York ER - TY - BOOK A1 - Schneider, Sven A1 - Maximova, Maria A1 - Giese, Holger T1 - Probabilistic metric temporal graph logic N2 - Cyber-physical systems often encompass complex concurrent behavior with timing constraints and probabilistic failures on demand. The analysis whether such systems with probabilistic timed behavior adhere to a given specification is essential. When the states of the system can be represented by graphs, the rule-based formalism of Probabilistic Timed Graph Transformation Systems (PTGTSs) can be used to suitably capture structure dynamics as well as probabilistic and timed behavior of the system. The model checking support for PTGTSs w.r.t. properties specified using Probabilistic Timed Computation Tree Logic (PTCTL) has been already presented. Moreover, for timed graph-based runtime monitoring, Metric Temporal Graph Logic (MTGL) has been developed for stating metric temporal properties on identified subgraphs and their structural changes over time. In this paper, we (a) extend MTGL to the Probabilistic Metric Temporal Graph Logic (PMTGL) by allowing for the specification of probabilistic properties, (b) adapt our MTGL satisfaction checking approach to PTGTSs, and (c) combine the approaches for PTCTL model checking and MTGL satisfaction checking to obtain a Bounded Model Checking (BMC) approach for PMTGL. In our evaluation, we apply an implementation of our BMC approach in AutoGraph to a running example. N2 - Cyber-physische Systeme umfassen häufig ein komplexes nebenläufiges Verhalten mit Zeitbeschränkungen und probabilistischen Fehlern auf Anforderung. Die Analyse, ob solche Systeme mit probabilistischem gezeitetem Verhalten einer vorgegebenen Spezifikation entsprechen, ist essentiell. Wenn die Zustände des Systems durch Graphen dargestellt werden können, kann der regelbasierte Formalismus von probabilistischen gezeiteten Graphtransformationssystemen (PTGTSs) verwendet werden, um die Strukturdynamik sowie das probabilistische und gezeitete Verhalten des Systems geeignet zu erfassen. Die Modellprüfungsunterstützung für PTGTSs bzgl. Eigenschaften, die unter Verwendung von probabilistischer zeitgesteuerter Berechnungsbaumlogik (PTCTL) spezifiziert wurden, wurde bereits entwickelt. Darüber hinaus wurde das gezeitete graphenbasierte Laufzeitmonitoring mittels metrischer temporaler Graphlogik (MTGL) entwickelt, um metrische temporale Eigenschaften auf identifizierten Untergraphen und ihre strukturellen Änderungen über die Zeit zu erfassen. In diesem Artikel (a) erweitern wir MTGL auf die probabilistische metrische temporale Graphlogik (PMTGL), indem wir die Spezifikation probabilistischer Eigenschaften zulassen, (b) passen unseren MTGL-Prüfungsansatz auf PTGTSs an und (c) kombinieren die Ansätze für PTCTL-Modellprüfung und MTGL-Prüfung, um einen beschränkten Modellprüfungsansatz (BMC-Ansatz) für PMTGL zu erhalten. In unserer Auswertung wenden wir eine Implementierung unseres BMC-Ansatzes in AutoGraph auf ein Beispiel an. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 140 KW - cyber-physische Systeme KW - probabilistische gezeitete Systeme KW - qualitative Analyse KW - quantitative Analyse KW - Bounded Model Checking KW - cyber-physical systems KW - probabilistic timed systems KW - qualitative analysis KW - quantitative analysis KW - bounded model checking Y1 - 2021 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-515066 SN - 978-3-86956-517-0 SN - 1613-5652 SN - 2191-1665 IS - 140 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - JOUR A1 - Barkowsky, Matthias A1 - Giese, Holger T1 - Hybrid search plan generation for generalized graph pattern matching JF - Journal of logical and algebraic methods in programming N2 - In recent years, the increased interest in application areas such as social networks has resulted in a rising popularity of graph-based approaches for storing and processing large amounts of interconnected data. To extract useful information from the growing network structures, efficient querying techniques are required. In this paper, we propose an approach for graph pattern matching that allows a uniform handling of arbitrary constraints over the query vertices. Our technique builds on a previously introduced matching algorithm, which takes concrete host graph information into account to dynamically adapt the employed search plan during query execution. The dynamic algorithm is combined with an existing static approach for search plan generation, resulting in a hybrid technique which we further extend by a more sophisticated handling of filtering effects caused by constraint checks. We evaluate the presented concepts empirically based on an implementation for our graph pattern matching tool, the Story Diagram Interpreter, with queries and data provided by the LDBC Social Network Benchmark. Our results suggest that the hybrid technique may improve search efficiency in several cases, and rarely reduces efficiency. KW - graph pattern matching KW - search plan generation Y1 - 2020 U6 - https://doi.org/10.1016/j.jlamp.2020.100563 SN - 2352-2208 VL - 114 PB - Elsevier CY - New York ER - TY - BOOK A1 - Flotterer, Boris A1 - Maximova, Maria A1 - Schneider, Sven A1 - Dyck, Johannes A1 - Zöllner, Christian A1 - Giese, Holger A1 - Hély, Christelle A1 - Gaucherel, Cédric T1 - Modeling and Formal Analysis of Meta-Ecosystems with Dynamic Structure using Graph Transformation T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam N2 - The dynamics of ecosystems is of crucial importance. Various model-based approaches exist to understand and analyze their internal effects. In this paper, we model the space structure dynamics and ecological dynamics of meta-ecosystems using the formal technique of Graph Transformation (short GT). We build GT models to describe how a meta-ecosystem (modeled as a graph) can evolve over time (modeled by GT rules) and to analyze these GT models with respect to qualitative properties such as the existence of structural stabilities. As a case study, we build three GT models describing the space structure dynamics and ecological dynamics of three different savanna meta-ecosystems. The first GT model considers a savanna meta-ecosystem that is limited in space to two ecosystem patches, whereas the other two GT models consider two savanna meta-ecosystems that are unlimited in the number of ecosystem patches and only differ in one GT rule describing how the space structure of the meta-ecosystem grows. In the first two GT models, the space structure dynamics and ecological dynamics of the meta-ecosystem shows two main structural stabilities: the first one based on grassland-savanna-woodland transitions and the second one based on grassland-desert transitions. The transition between these two structural stabilities is driven by high-intensity fires affecting the tree components. In the third GT model, the GT rule for savanna regeneration induces desertification and therefore a collapse of the meta-ecosystem. We believe that GT models provide a complementary avenue to that of existing approaches to rigorously study ecological phenomena. N2 - Die Dynamik von Ökosystemen ist von entscheidender Bedeutung. Es gibt verschiedene modellbasierte Ansätze, um ihre internen Effekte zu verstehen und zu analysieren. In diesem Beitrag modellieren wir die Raumstrukturdynamik und ökologische Dynamik von Metaökosystemen mit der formalen Technik der Graphtransformation (kurz GT). Wir bauen GT-Modelle, um zu beschreiben, wie sich ein Meta-Ökosystem (modelliert als Graph) im Laufe der Zeit entwickeln kann (modelliert durch GT-Regeln) und analysieren diese GT-Modelle hinsichtlich qualitativer Eigenschaften wie das Vorhandensein struktureller Stabilitäten. Als Fallstudie bauen wir drei GT-Modelle, die die Dynamik der Raumstruktur und die ökologische Dynamik von drei verschiedenen Savannen-Meta-Ökosystemen beschreiben. Das erste GT-Modell betrachtet ein Savannen-Meta-Ökosystem, das räumlich auf zwei Ökosystem-Abschnitte begrenzt ist, während die anderen beiden GT-Modelle zwei Savannen-Meta-Ökosysteme betrachten, die in der Anzahl von Ökosystem-Abschnitten uneingeschränkt sind und sich nur in einer GT-Regel unterscheiden, die beschreibt, wie die Raumstruktur des Meta-Ökosystems wächst. In den ersten beiden GT-Modellen zeigen die Raumstrukturdynamik und die ökologische Dynamik des Metaökosystems zwei Hauptstrukturstabilitäten: die erste basiert auf Grasland-Savannen-Wald-Übergängen und die zweite basiert auf Grasland-Wüsten-Übergängen. Der Übergang zwischen diesen beiden strukturellen Stabilitäten wird durch hochintensive Brände angetrieben, die die Baumkomponenten beeinträchtigen. Beim dritten GT-Modell führt die Savannenregeneration beschreibende GT-Regel zur Wüstenbildung und damit zum Kollaps des Meta-Ökosystems. Wir glauben, dass GT-Modelle eine gute Ergänzung zu bestehenden Ansätzen darstellen, um ökologische Phänomene rigoros zu untersuchen. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 147 KW - dynamic systems KW - discrete-event model KW - qualitative model KW - savanna KW - trajectories KW - desertification KW - dynamische Systeme KW - diskretes Ereignismodell KW - qualitatives Modell KW - Savanne KW - Trajektorien KW - Wüstenbildung Y1 - 2022 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-547643 SN - 978-3-86956-533-0 SN - 1613-5652 SN - 2191-1665 IS - 147 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - BOOK A1 - Schneider, Sven A1 - Maximova, Maria A1 - Giese, Holger T1 - Probabilistic metric temporal graph logic N2 - Cyber-physical systems often encompass complex concurrent behavior with timing constraints and probabilistic failures on demand. The analysis whether such systems with probabilistic timed behavior adhere to a given specification is essential. When the states of the system can be represented by graphs, the rule-based formalism of Probabilistic Timed Graph Transformation Systems (PTGTSs) can be used to suitably capture structure dynamics as well as probabilistic and timed behavior of the system. The model checking support for PTGTSs w.r.t. properties specified using Probabilistic Timed Computation Tree Logic (PTCTL) has been already presented. Moreover, for timed graph-based runtime monitoring, Metric Temporal Graph Logic (MTGL) has been developed for stating metric temporal properties on identified subgraphs and their structural changes over time. In this paper, we (a) extend MTGL to the Probabilistic Metric Temporal Graph Logic (PMTGL) by allowing for the specification of probabilistic properties, (b) adapt our MTGL satisfaction checking approach to PTGTSs, and (c) combine the approaches for PTCTL model checking and MTGL satisfaction checking to obtain a Bounded Model Checking (BMC) approach for PMTGL. In our evaluation, we apply an implementation of our BMC approach in AutoGraph to a running example. N2 - Cyber-physische Systeme umfassen häufig ein komplexes nebenläufiges Verhalten mit Zeitbeschränkungen und probabilistischen Fehlern auf Anforderung. Die Analyse, ob solche Systeme mit probabilistischem gezeitetem Verhalten einer vorgegebenen Spezifikation entsprechen, ist essentiell. Wenn die Zustände des Systems durch Graphen dargestellt werden können, kann der regelbasierte Formalismus von probabilistischen gezeiteten Graphtransformationssystemen (PTGTSs) verwendet werden, um die Strukturdynamik sowie das probabilistische und gezeitete Verhalten des Systems geeignet zu erfassen. Die Modellprüfungsunterstützung für PTGTSs bzgl. Eigenschaften, die unter Verwendung von Probabilistic Timed Computation Tree Logic (PTCTL) spezifiziert wurden, wurde bereits entwickelt. Darüber hinaus wurde das gezeitete graphenbasierte Laufzeitmonitoring mittels metrischer temporaler Graphlogik (MTGL) entwickelt, um metrische temporale Eigenschaften auf identifizierten Untergraphen und ihre strukturellen Änderungen über die Zeit zu erfassen. In diesem Artikel (a) erweitern wir MTGL auf die probabilistische metrische temporale Graphlogik (PMTGL), indem wir die Spezifikation probabilistischer Eigenschaften zulassen, (b) passen unseren MTGL-Prüfungsansatz auf PTGTSs an und (c) kombinieren die Ansätze für PTCTL-Modellprüfung und MTGL-Prüfung, um einen beschränkten Modellprüfungsansatz (BMC-Ansatz) für PMTGL zu erhalten. In unserer Auswertung wenden wir eine Implementierung unseres BMC-Ansatzes in AutoGraph auf ein Beispiel an. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 146 KW - cyber-physical systems KW - probabilistic timed systems KW - qualitative analysis KW - quantitative analysis KW - bounded model checking KW - cyber-physische Systeme KW - probabilistische gezeitete Systeme KW - qualitative Analyse KW - quantitative Analyse KW - Bounded Model Checking Y1 - 2022 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-545867 SN - 978-3-86956-532-3 SN - 1613-5652 SN - 2191-1665 IS - 146 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - BOOK A1 - Schneider, Sven A1 - Maximova, Maria A1 - Giese, Holger T1 - Invariant Analysis for Multi-Agent Graph Transformation Systems using k-Induction N2 - The analysis of behavioral models such as Graph Transformation Systems (GTSs) is of central importance in model-driven engineering. However, GTSs often result in intractably large or even infinite state spaces and may be equipped with multiple or even infinitely many start graphs. To mitigate these problems, static analysis techniques based on finite symbolic representations of sets of states or paths thereof have been devised. We focus on the technique of k-induction for establishing invariants specified using graph conditions. To this end, k-induction generates symbolic paths backwards from a symbolic state representing a violation of a candidate invariant to gather information on how that violation could have been reached possibly obtaining contradictions to assumed invariants. However, GTSs where multiple agents regularly perform actions independently from each other cannot be analyzed using this technique as of now as the independence among backward steps may prevent the gathering of relevant knowledge altogether. In this paper, we extend k-induction to GTSs with multiple agents thereby supporting a wide range of additional GTSs. As a running example, we consider an unbounded number of shuttles driving on a large-scale track topology, which adjust their velocity to speed limits to avoid derailing. As central contribution, we develop pruning techniques based on causality and independence among backward steps and verify that k-induction remains sound under this adaptation as well as terminates in cases where it did not terminate before. N2 - Die Analyse von Verhaltensmodellen wie Graphtransformationssystemen (GTSs) ist von zentraler Bedeutung im Model Driven Engineering. GTSs führen jedoch häufig zu unhanhabbar großen oder sogar unendlichen Zustandsräumen und können mit mehreren oder sogar unendlich vielen Startgraphen ausgestattet sein. Um diese Probleme abzumildern, wurden statische Analysetechniken entwickelt, die auf endlichen symbolischen Darstellungen von Mengen von Zuständen oder Pfaden basieren. Wir konzentrieren uns auf die Technik der k-Induktion zur Ermittlung von Invarianten, die unter Verwendung von Graphbedingungen spezifiziert sind. Zum Zweck der Analyse erzeugt die k-Induktion symbolische Rückwärtspfade von einem symbolischen Zustand, der eine Verletzung einer Kandidateninvariante darstellt, um Informationen darüber zu sammeln, wie diese Verletzung erreicht werden konnte, wodurch möglicherweise Widersprüche zu angenommenen Invarianten gefunden werden. GTSs, bei denen mehrere Agenten regelmäßig unabhängig voneinander Aktionen ausführen, können derzeit jedoch nicht mit dieser Technik analysiert werden, da die Unabhängigkeit zwischen Rückwärtsschritten das Sammeln von relevantem Wissen möglicherweise verhindert. In diesem Artikel erweitern wir die k-Induktion auf GTSs mit mehreren Agenten und unterstützen dadurch eine breite Palette zusätzlicher GTSs. Als laufendes Beispiel betrachten wir eine unbegrenzte Anzahl von Shuttles, die auf einer großen Tracktopologie fahren und die ihre Geschwindigkeit an Geschwindigkeitsbegrenzungen anpassen, um ein Entgleisen zu vermeiden. Als zentralen Beitrag entwickeln wir Beschneidungstechniken basierend auf Kausalität und Unabhängigkeit zwischen Rückwärtsschritten und verifizieren, dass die k-Induktion unter dieser Anpassung korrekt bleibt und in Fällen terminiert, in denen sie zuvor nicht terminierte. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 143 KW - k-inductive invariant checking KW - causality KW - parallel and sequential independence KW - symbolic analysis KW - bounded backward model checking KW - k-induktive Invariantenprüfung KW - Kausalität KW - parallele und Sequentielle Unabhängigkeit KW - symbolische Analyse KW - Bounded Backward Model Checking Y1 - 2022 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-545851 SN - 978-3-86956-531-6 SN - 1613-5652 SN - 2191-1665 IS - 143 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - JOUR A1 - Ghahremani, Sona A1 - Giese, Holger T1 - Evaluation of self-healing systems BT - An analysis of the state-of-the-art and required improvements JF - Computers N2 - Evaluating the performance of self-adaptive systems is challenging due to their interactions with often highly dynamic environments. In the specific case of self-healing systems, the performance evaluations of self-healing approaches and their parameter tuning rely on the considered characteristics of failure occurrences and the resulting interactions with the self-healing actions. In this paper, we first study the state-of-the-art for evaluating the performances of self-healing systems by means of a systematic literature review. We provide a classification of different input types for such systems and analyse the limitations of each input type. A main finding is that the employed inputs are often not sophisticated regarding the considered characteristics for failure occurrences. To further study the impact of the identified limitations, we present experiments demonstrating that wrong assumptions regarding the characteristics of the failure occurrences can result in large performance prediction errors, disadvantageous design-time decisions concerning the selection of alternative self-healing approaches, and disadvantageous deployment-time decisions concerning parameter tuning. Furthermore, the experiments indicate that employing multiple alternative input characteristics can help with reducing the risk of premature disadvantageous design-time decisions. KW - self-healing KW - failure model KW - performance KW - simulation KW - evaluation Y1 - 2020 U6 - https://doi.org/10.3390/computers9010016 SN - 2073-431X VL - 9 IS - 1 PB - MDPI CY - Basel ER - TY - GEN A1 - Giese, Holger ED - Kouchnarenko, Olga ED - Khosravi, Ramtin T1 - Formal models and analysis for self-adaptive cyber-physical systems BT - (extended abstract) T2 - Lecture notes in computer science N2 - In this extended abstract, we will analyze the current challenges for the envisioned Self-Adaptive CPS. In addition, we will outline our results to approach these challenges with SMARTSOS [10] a generic approach based on extensions of graph transformation systems employing open and adaptive collaborations and models at runtime for trustworthy self-adaptation, self-organization, and evolution of the individual systems and the system-of-systems level taking the independent development, operation, management, and evolution of these systems into account. Y1 - 2017 SN - 978-3-319-57666-4 SN - 978-3-319-57665-7 U6 - https://doi.org/10.1007/978-3-319-57666-4_1 SN - 0302-9743 SN - 1611-3349 VL - 10231 SP - 3 EP - 9 PB - Springer CY - Cham ER - TY - JOUR A1 - Schneider, Sven A1 - Maximova, Maria A1 - Sakizloglou, Lucas A1 - Giese, Holger T1 - Formal testing of timed graph transformation systems using metric temporal graph logic JF - International journal on software tools for technology transfer N2 - Embedded real-time systems generate state sequences where time elapses between state changes. Ensuring that such systems adhere to a provided specification of admissible or desired behavior is essential. Formal model-based testing is often a suitable cost-effective approach. We introduce an extended version of the formalism of symbolic graphs, which encompasses types as well as attributes, for representing states of dynamic systems. Relying on this extension of symbolic graphs, we present a novel formalism of timed graph transformation systems (TGTSs) that supports the model-based development of dynamic real-time systems at an abstract level where possible state changes and delays are specified by graph transformation rules. We then introduce an extended form of the metric temporal graph logic (MTGL) with increased expressiveness to improve the applicability of MTGL for the specification of timed graph sequences generated by a TGTS. Based on the metric temporal operators of MTGL and its built-in graph binding mechanics, we express properties on the structure and attributes of graphs as well as on the occurrence of graphs over time that are related by their inner structure. We provide formal support for checking whether a single generated timed graph sequence adheres to a provided MTGL specification. Relying on this logical foundation, we develop a testing framework for TGTSs that are specified using MTGL. Lastly, we apply this testing framework to a running example by using our prototypical implementation in the tool AutoGraph. KW - formal testing KW - typed attributed symbolic graphs KW - timed graph KW - transformation KW - graph conditions KW - metric temporal graph logic Y1 - 2021 U6 - https://doi.org/10.1007/s10009-020-00585-w SN - 1433-2779 SN - 1433-2787 VL - 23 IS - 3 SP - 411 EP - 488 PB - Springer CY - Heidelberg ER - TY - BOOK A1 - Maximova, Maria A1 - Schneider, Sven A1 - Giese, Holger T1 - Compositional analysis of probabilistic timed graph transformation systems N2 - The analysis of behavioral models is of high importance for cyber-physical systems, as the systems often encompass complex behavior based on e.g. concurrent components with mutual exclusion or probabilistic failures on demand. The rule-based formalism of probabilistic timed graph transformation systems is a suitable choice when the models representing states of the system can be understood as graphs and timed and probabilistic behavior is important. However, model checking PTGTSs is limited to systems with rather small state spaces. We present an approach for the analysis of large scale systems modeled as probabilistic timed graph transformation systems by systematically decomposing their state spaces into manageable fragments. To obtain qualitative and quantitative analysis results for a large scale system, we verify that results obtained for its fragments serve as overapproximations for the corresponding results of the large scale system. Hence, our approach allows for the detection of violations of qualitative and quantitative safety properties for the large scale system under analysis. We consider a running example in which we model shuttles driving on tracks of a large scale topology and for which we verify that shuttles never collide and are unlikely to execute emergency brakes. In our evaluation, we apply an implementation of our approach to the running example. N2 - Die Analyse von Verhaltensmodellen ist für cyber-physikalische Systeme von hoher Bedeutung, da die Systeme häufig komplexes Verhalten umfassen, das z.B. parallele Komponenten mit gegenseitigem Ausschluss oder probabilistischen Fehlern bei Bedarf umfasst. Der regelbasierte Formalismus probabilistischer zeitgesteuerter Graphtransformationssysteme ist eine geeignete Wahl, wenn die Modelle, die Zustände des Systems darstellen, als Graphen verstanden werden können und zeitgesteuertes und probabilistisches Verhalten wichtig ist. Modelchecking von PTGTSs ist jedoch auf Systeme mit relativ kleinen Zustandsräumen beschränkt. Wir präsentieren einen Ansatz zur Analyse von Großsystemen, die als probabilistische zeitgesteuerte Graphtransformationssysteme modelliert wurden, indem ihre Zustandsräume systematisch in überschaubare Fragmente zerlegt werden. Um qualitative und quantitative Analyseergebnisse für ein Großsystem zu erhalten, überprüfen wir, ob die für seine Fragmente erhaltenen Ergebnisse als Überannäherungen für die entsprechenden Ergebnisse des Großsystems dienen. Unser Ansatz ermöglicht es daher, Verstöße gegen qualitative und quantitative Sicherheitseigenschaften für das untersuchte Großsystem zu erkennen. Wir betrachten ein Beispiel, in dem wir Shuttles modellieren, die auf Gleisen einer großen Topologie fahren, und für die wir überprüfen, dass Shuttles niemals kollidieren und wahrscheinlich keine Notbremsungen ausführen. In unserer Auswertung wenden wir eine Implementierung unseres Ansatzes auf das Beispiel an. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 133 KW - cyber-physical systems KW - graph transformation systems KW - qualitative analysis KW - quantitative analysis KW - probabilistic timed systems KW - compositional analysis KW - model checking KW - Cyber-physikalische Systeme KW - Graphentransformationssysteme KW - qualitative Analyse KW - quantitative Analyse KW - probabilistische zeitgesteuerte Systeme KW - Modellprüfung KW - kompositionale Analyse Y1 - 2020 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-490131 SN - 978-3-86956-501-9 SN - 1613-5652 SN - 2191-1665 IS - 133 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - BOOK A1 - Maximova, Maria A1 - Schneider, Sven A1 - Giese, Holger T1 - Interval probabilistic timed graph transformation systems N2 - The formal modeling and analysis is of crucial importance for software development processes following the model based approach. We present the formalism of Interval Probabilistic Timed Graph Transformation Systems (IPTGTSs) as a high-level modeling language. This language supports structure dynamics (based on graph transformation), timed behavior (based on clocks, guards, resets, and invariants as in Timed Automata (TA)), and interval probabilistic behavior (based on Discrete Interval Probability Distributions). That is, for the probabilistic behavior, the modeler using IPTGTSs does not need to provide precise probabilities, which are often impossible to obtain, but rather provides a probability range instead from which a precise probability is chosen nondeterministically. In fact, this feature on capturing probabilistic behavior distinguishes IPTGTSs from Probabilistic Timed Graph Transformation Systems (PTGTSs) presented earlier. Following earlier work on Interval Probabilistic Timed Automata (IPTA) and PTGTSs, we also provide an analysis tool chain for IPTGTSs based on inter-formalism transformations. In particular, we provide in our tool AutoGraph a translation of IPTGTSs to IPTA and rely on a mapping of IPTA to Probabilistic Timed Automata (PTA) to allow for the usage of the Prism model checker. The tool Prism can then be used to analyze the resulting PTA w.r.t. probabilistic real-time queries asking for worst-case and best-case probabilities to reach a certain set of target states in a given amount of time. N2 - Die formale Modellierung und Analyse ist für Softwareentwicklungsprozesse nach dem modellbasierten Ansatz von entscheidender Bedeutung. Wir präsentieren den Formalismus von Interval Probabilistic Timed Graph Transformation Systems (IPTGTS) als Modellierungssprache auf hoher abstrakter Ebene. Diese Sprache unterstützt Strukturdynamik (basierend auf Graphtransformation), zeitgesteuertes Verhalten (basierend auf Clocks, Guards, Resets und Invarianten wie in Timed Automata (TA)) und intervallwahrscheinliches Verhalten (basierend auf diskreten Intervallwahrscheinlichkeitsverteilungen). Das heißt, für das probabilistische Verhalten muss der Modellierer, der IPTGTS verwendet, keine genauen Wahrscheinlichkeiten bereitstellen, die oft nicht zu bestimmen sind, sondern stattdessen einen Wahrscheinlichkeitsbereich bereitstellen, aus dem eine genaue Wahrscheinlichkeit nichtdeterministisch ausgewählt wird. Tatsächlich unterscheidet diese Funktion zur Erfassung des probabilistischen Verhaltens IPTGTS von den zuvor vorgestellten PTGTS (Probabilistic Timed Graph Transformation Systems). Nach früheren Arbeiten zu Intervall Probabilistic Timed Automata (IPTA) und PTGTS bieten wir auch eine Analyse-Toolkette für IPTGTS, die auf Interformalismus-Transformationen basiert. Insbesondere bieten wir in unserem Tool AutoGraph eine Übersetzung von IPTGTSs in IPTA und stützen uns auf eine Zuordnung von IPTA zu probabilistischen zeitgesteuerten Automaten (PTA), um die Verwendung des Prism-Modellprüfers zu ermöglichen. Das Werkzeug Prism kann dann verwendet werden, um den resultierenden PTA bezüglich probabilistische Echtzeitabfragen (in denen nach Worst-Case- und Best-Case-Wahrscheinlichkeiten gefragt wird, um einen bestimmten Satz von Zielzuständen in einem bestimmten Zeitraum zu erreichen) zu analysieren. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 134 KW - cyber-physical systems KW - graph transformation systems KW - interval timed automata KW - timed automata KW - qualitative analysis KW - quantitative analysis KW - probabilistic timed systems KW - interval probabilistic timed systems KW - model checking KW - cyber-physikalische Systeme KW - Graphentransformationssysteme KW - Interval Timed Automata KW - Timed Automata KW - qualitative Analyse KW - quantitative Analyse KW - probabilistische zeitgesteuerte Systeme KW - interval probabilistische zeitgesteuerte Systeme KW - Modellprüfung Y1 - 2021 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-512895 SN - 978-3-86956-502-6 SN - 1613-5652 SN - 2191-1665 IS - 134 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - JOUR A1 - Maximova, Maria A1 - Giese, Holger A1 - Krause, Christian T1 - Probabilistic timed graph transformation systems JF - Journal of Logical and Algebraic Methods in Programming N2 - Today, software has become an intrinsic part of complex distributed embedded real-time systems. The next generation of embedded real-time systems will interconnect the today unconnected systems via complex software parts and the service-oriented paradigm. Due to these interconnections, the architecture of systems can be subject to changes at run-time, e.g. when dynamic binding of service end-points is employed or complex collaborations are established dynamically. However, suitable formalisms and techniques that allow for modeling and analysis of timed and probabilistic behavior of such systems as well as of their structure dynamics do not exist so far. To fill the identified gap, we propose Probabilistic Timed Graph Transformation Systems (PTGTSs) as a high-level description language that supports all the necessary aspects of structure dynamics, timed behavior, and probabilistic behavior. We introduce the formal model of PTGTSs in this paper as well as present and formally verify a mapping of models with finite state spaces to probabilistic timed automata (PTA) that allows to use the PRISM model checker to analyze PTGTS models with respect to PTCTL properties. (C) 2018 Elsevier Inc. All rights reserved. KW - Graph transformations KW - Probabilistic timed automata KW - PTCTL KW - PRISM model checker KW - HENSHIN Y1 - 2018 U6 - https://doi.org/10.1016/j.jlamp.2018.09.003 SN - 2352-2208 VL - 101 SP - 110 EP - 131 PB - Elsevier CY - New York ER - TY - GEN A1 - Brand, Thomas A1 - Giese, Holger T1 - Generic adaptive monitoring based on executed architecture runtime model queries and events T2 - IEEE Xplore N2 - Monitoring is a key functionality for automated decision making as it is performed by self-adaptive systems, too. Effective monitoring provides the relevant information on time. This can be achieved with exhaustive monitoring causing a high overhead consumption of economical and ecological resources. In contrast, our generic adaptive monitoring approach supports effectiveness with increased efficiency. Also, it adapts to changes regarding the information demand and the monitored system without additional configuration and software implementation effort. The approach observes the executions of runtime model queries and processes change events to determine the currently required monitoring configuration. In this paper we explicate different possibilities to use the approach and evaluate their characteristics regarding the phenomenon detection time and the monitoring effort. Our approach allows balancing between those two characteristics. This makes it an interesting option for the monitoring function of self-adaptive systems because for them usually very short-lived phenomena are not relevant. Y1 - 2019 SN - 978-1-7281-2731-6 U6 - https://doi.org/10.1109/SASO.2019.00012 SN - 1949-3673 SP - 17 EP - 22 PB - IEEE CY - New York ER - TY - GEN A1 - Ghahremani, Sona A1 - Giese, Holger T1 - Performance evaluation for self-healing systems BT - Current Practice & Open Issues T2 - 2019 IEEE 4th International Workshops on Foundations and Applications of Self* Systems (FAS*W) N2 - Evaluating the performance of self-adaptive systems (SAS) is challenging due to their complexity and interaction with the often highly dynamic environment. In the context of self-healing systems (SHS), employing simulators has been shown to be the most dominant means for performance evaluation. Simulating a SHS also requires realistic fault injection scenarios. We study the state of the practice for evaluating the performance of SHS by means of a systematic literature review. We present the current practice and point out that a more thorough and careful treatment in evaluating the performance of SHS is required. KW - self-healing KW - failure profile KW - evaluation KW - simulator KW - performance Y1 - 2019 SN - 978-1-7281-2406-3 U6 - https://doi.org/10.1109/FAS-W.2019.00039 SP - 116 EP - 119 PB - IEEE CY - New York ER - TY - JOUR A1 - Dyck, Johannes A1 - Giese, Holger A1 - Lambers, Leen T1 - Automatic verification of behavior preservation at the transformation level for relational model transformation JF - Software and systems modeling N2 - The correctness of model transformations is a crucial element for model-driven engineering of high-quality software. In particular, behavior preservation is an important correctness property avoiding the introduction of semantic errors during the model-driven engineering process. Behavior preservation verification techniques show some kind of behavioral equivalence or refinement between source and target model of the transformation. Automatic tool support is available for verifying behavior preservation at the instance level, i.e., for a given source and target model specified by the model transformation. However, until now there is no sound and automatic verification approach available at the transformation level, i.e., for all source and target models. In this article, we extend our results presented in earlier work (Giese and Lambers, in: Ehrig et al (eds) Graph transformations, Springer, Berlin, 2012) and outline a new transformation-level approach for the sound and automatic verification of behavior preservation captured by bisimulation resp.simulation for outplace model transformations specified by triple graph grammars and semantic definitions given by graph transformation rules. In particular, we first show how behavior preservation can be modeled in a symbolic manner at the transformation level and then describe that transformation-level verification of behavior preservation can be reduced to invariant checking of suitable conditions for graph transformations. We demonstrate that the resulting checking problem can be addressed by our own invariant checker for an example of a transformation between sequence charts and communicating automata. KW - Relational model transformation KW - Formal verification of behavior preservation KW - Behavioral equivalence and refinement KW - Bisimulation and simulation KW - Graph transformation KW - Triple graph grammars KW - Invariant checking Y1 - 2018 U6 - https://doi.org/10.1007/s10270-018-00706-9 SN - 1619-1366 SN - 1619-1374 VL - 18 IS - 5 SP - 2937 EP - 2972 PB - Springer CY - Heidelberg ER - TY - JOUR A1 - Hebig, Regina A1 - Giese, Holger T1 - On the complex nature of MDE evolution and its impact on changeability JF - Software and systems modeling KW - Model-driven engineering KW - Evolution KW - Empirical research Y1 - 2017 U6 - https://doi.org/10.1007/s10270-015-0464-2 SN - 1619-1366 SN - 1619-1374 VL - 16 SP - 333 EP - 356 PB - Springer CY - Heidelberg ER -