Rapport
Rapport
This internship took 6 months and commenced on the first of April 2023 within the dynamic
and research-rich environment of IRIT at ENSEEIHT Toulouse-INP. It was specially hosted
by the appreciated research teams of ACADIE and MINDS, offering a unique opportunity
to engage with advanced research in their respective domains. Notably, the internship was
financially supported by the prestigious IBCO project (CIMI 2021-2023), underscoring its
significance in furthering the research objectives of the institute and providing a valuable
platform for professional growth and academic exploration.
To my parents,
No dedication can express my deep affection, gratitude, and respect for you.
It’s with your love and your sacrifice that I could realize your wishes. Be always my light
and my source of happiness.
To my brothers,
for their love and support, I dedicate it. I wish you a long life with lots of happiness and
success.
To all my friends,
without their caring support, it would not have been made possible.
And to those who believed in me when I couldn’t,
A special thank you, I am forever grateful...
Alaeddine DAOUD
Acknowledgements
First and foremost, I would like to thank God Almighty for giving me the strength, knowl-
edge, ability, and opportunity to undertake this internship and complete it. Without his
blessing, this achievement would not have been possible.
I would like to express my deepest gratitude and appreciation to all those who have
made this internship a rewarding and enjoyable experience.
I am equally indebted to the entire Laboratory of IRIT in ENSEEIHT for the experience
and knowledge I gathered and for their warm welcome and the friendly environment pro-
vided.
Naturally, I express my sincere appreciation to the jury members: Mrs. Salma JAM-
MOUSSI and Mr. Mohamed TMAR for accepting to evaluate my work.
Finally, a special word of thanks is also expressed to my friends and family who of-
fered encouragement when needed. With their help in countless ways, I could complete this
project.
Contents
Introduction 1
Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Our main contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1 Background 8
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 Model-Based Systems Engineering (MBSE) . . . . . . . . . . . . . . . . . . . . 9
1.2.1 Structural Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2.2 Meta-models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2.3 Level of Abstraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.2.4 Domain Specific Language (DSL) . . . . . . . . . . . . . . . . . . . . . . 13
1.2.5 Models transformations . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.2.6 Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.2.7 Abstract and concrete Syntax . . . . . . . . . . . . . . . . . . . . . . . . 16
1.3 Behavioral Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.3.1 Labelled Transition System (LTS) . . . . . . . . . . . . . . . . . . . . . 18
1.3.2 LTS Interests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.4 Signal synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.4.1 Physical Clock Synchronization . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.2 Logical clocks synchronization . . . . . . . . . . . . . . . . . . . . . . . 23
1.4.3 Consistency in distributed applications . . . . . . . . . . . . . . . . . . 24
1.4.4 Synchronization in concurrent system approach . . . . . . . . . . . . . 24
1.4.5 Clock Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
1.4.6 Software as a service for signal synchronization . . . . . . . . . . . . . 26
1.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
4 Contributions 97
4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
4.2 Case study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
4.3 General architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.4 Meta-model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.5 Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
4.6 Model to Text (M2T) Transformation . . . . . . . . . . . . . . . . . . . . . . . . 105
4.6.1 Idsl2Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
4.6.2 Idsl2Lotos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
4.7 Prototype Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
4.7.1 Idsl2Python Generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
4.7.2 Idsl2LotosNT Generator . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
4.7.3 Similation-Based framework . . . . . . . . . . . . . . . . . . . . . . . . 116
4.8 Integration of AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
4.8.1 AI for MDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
4.8.2 MDE for AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
4.9 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
4.10 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
4.11 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Conclusion 121
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Achievements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Perspectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
List of Figures
3.1 Comparison of dT-Calculus with other algebras by the IoT characteristics [115] 69
3.2 Comparision of the different approaches for model generation [132] . . . . . . 83
3.3 Comparison among Architectural Proposals [138] . . . . . . . . . . . . . . . . 86
3.4 Comparison between different existing protocols with GNTP protocol [144] . 86
3.5 Comparison of synchronization RMSE (ms) values at different noise levels [144] 90
3.6 Comparison of offset error statistics under high noise level [144] . . . . . . . . 90
3.7 Sizes and run-time performance for the tests generated for the test purposes
[109] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
3.8 LOTOS NT definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Contents
Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Our main contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1
Context
In the rapidly evolving aspects of technologies, the Internet of Things (IoT) has become a pow-
erful tool that reshapes the way we interact with our surroundings, due to its ability to merge
physical devices, software, and data networks into a unified system. Moreover, the devices in
IoT systems lead to a new generation of efficiency and automation especially with the inter-
vention of Artificial Intelligence (AI) as it makes sense of the vast amount of data generated by
these devices and enables them to make intelligent decisions and take actions autonomously.
The marriage of AI and IoT creates a synergy that drives innovation across numerous domains
such as smart homes, smart cities, healthcare, and industrial automation. Within these fields,
we place particular emphasis on the healthcare domain, which necessitates a robust real-time
system due to the critical nature of patient well-being where timely responses can mean the
difference between life and death. Electronic health records (EHRs), telemedicine systems,
and surgical robots also demand strict real-time performance to maintain patient safety and
provide effective healthcare services. Additionally, in these systems, maximum precision is
required in the data collection phase, which leads to more valuable results and enhances pa-
tients’ diagnoses.
Even though these systems are very strict and vigilant against errors that could lead to catas-
trophes, healthcare systems have been revolutionized due to the suitable infrastructure and
the advancement of distributed systems, resulting nowadays a multitude of applications. A
significant application in these systems is remote patient monitoring, where smart devices like
wearable fitness trackers, blood pressure monitors, and glucose monitors continuously track
patients’ data in their homes. This data is transmitted to healthcare providers, facilitating early
intervention and improving the management of chronic conditions such as diabetes, heart dis-
ease, and asthma. Moreover, these data can be combined with artificial intelligence algorithms,
empowering healthcare systems with predictive analysis, and offering insights into disease
trends and patient outcomes for informed decision-making and future healthcare planning.
Despite the significant advancements in healthcare technologies, certain aspects still lag, and
traditional methods persist in certain areas. One notable example is how doctors interpret
electroencephalogram (EEG) and electrocardiogram (ECG) signals independently where de-
vices operate independently, and generate huge volumes of data leading to overload devices’
capabilities and inefficient resource utilization, such as energy, bandwidth, and computational
power which may make the professionals waste time in their interpretation, rather than utiliz-
ing more integrated approaches. Also, handling events and triggers in an asynchronous envi-
ronment can increase complexity and can affect automation and decision-making processes.
Consequently, the absence of synchronization between these devices in a healthcare system
can indeed be a significant problem. The misalignment of the data streams can make it chal-
lenging for professionals to correlate events or anomalies in both signals accurately.
Medical researchers often rely on the simultaneous analysis of the data of smart devices to
make informed decisions. For example, in the presented case above, knowing the exact timing
of EEG signals with ECG signals can influence whether medication or other interventions are
necessary.
Asynchronous data can lead to missed correlations between brain activity and heart rhythms,
potentially resulting in an inaccurate diagnosis and limiting the development of effective treat-
ment strategies which can prevent the creation of comprehensive patient profiles. Without
proper synchronization, this data can become inconsistent, making it difficult to analyze and
derive meaningful insights. Also, asynchronous data arriving out of synchronization might be
more susceptible to unauthorized access.
2
However, to address these issues, some attempts were implemented to have synchronization
mechanisms like timestamps, communication protocols, and data synchronization services to
ensure that data from various devices are synchronized. Yet, in healthcare systems, it is im-
portant to validate the reliability of synchronization since the data is sent from devices concur-
rently. That’s why we need to analyze the system’s behavior, typically using formal verifica-
tion, to check whether synchronization is handled correctly or not.
In particular, the integration of software engineering into IoT systems in the last few years
has proven to be a revolutionary development. This event results in the creation of software
such as desktop applications and software as a service over the internet to prototype and de-
sign IoT systems. They ensure the avoidance of the traditional IoT systems development that
requires a significant amount of time during the implementation phase.
Within this context, software engineering has evolved to employ alternative methods to en-
capsulate the vast domain of IoT. One such approach is Model-Driven Engineering (MDE),
which holds the potential to greatly assist developers in tackling complex IT challenges.
One of the key components in MDE is Domain-Specific Languages (DSLs) which are designed
to express domain-specific concepts and ensure that developers capture domain-specific knowl-
edge and requirements in a more intuitive and precise manner, facilitating a smoother transi-
tion from high-level abstractions to concrete code and system configurations. This contributes
to the effectiveness of MDE as a methodology for IoT software development by offering a
means to represent and manipulate domain-specific information effectively. Also, MDE has
proven to be a solid method for tackling various AI tasks where some developed tools are
using this approach, to facilitate the process of creating AI models. Furthermore, The usage
of Graphical User Interface (GUI) including shortcuts, charts, and graphs has significantly
enhanced the accessibility and usability of these platforms. This combination of MDE princi-
ples with user-friendly interfaces not only accelerates the AI model creation process but also
ensures a deeper understanding of the theoretical foundations leading to more robust and ef-
fective AI solutions. Unlike traditional AI implementation, which can be challenging, MDE
offers the potential for consistently achieving pure functional AI models. This advantage is
particularly beneficial in IoT systems, as it simplifies the complexities of AI integration.
In the context of using MDE for the IoT (MDE4IoT), we have identified an exciting oppor-
tunity to explore two other research domains. The first one, known as MDE for AI (MDE4AI),
introduces the capability to construct AI models and algorithms directly from the generated
code using models that are compliant with their respective meta-models. This approach holds
that MDE facilitates the integration of AI techniques into software development and allows
the automation and enhancement of various tasks in AI fields.
The second is AI for MDE (AI4MDE) which focuses on the challenging yet crucial domain
of using AI within the MDE framework. It requires a strong knowledge of algorithms and
expertise to ensure that AI can generate models that align with meta-models and possess self-
improving, self-adaptive, and context-awareness capabilities when needed. In contemporary
research, we discovered that integration of AI within MDE enhances the adaptability and in-
telligence of software that is built using MDE. Also, these research fields have found appli-
cations in various domains, and we are currently exploring their implementation in a generic
healthcare system as part of our project. Given the specific requirements and complexities of
healthcare systems, we see that these research domains have the ability to automate, optimize,
and enhance healthcare system functionalities and consequently, have a significant impact on
patient care and the healthcare field as a whole.
3
Particular problems are considered in IoT systems such as the heterogeneity of devices in terms
of different capabilities, power requirements, the diverse range of operating systems, and pro-
gramming languages that are used to develop the desired distributed applications. To over-
come these problems, DSLs can be designed to facilitate such interoperability by providing
high-level language and allowing domain experts to quickly model and test ideas without get-
ting bogged down in the complexity of general-purpose languages (GPLs).
Furthermore, in the healthcare domain, DSLs can offer numerous advantages such as enhanc-
ing patient safety by performing specific rules and constraints at the language level, enhancing
compliance, and minimizing the chances of programming errors. Additionally, they establish
standardized data formats and communication methods, ensuring effortless interoperability
with EHRs.
Besides that, DSLs can bridge the gap and enable collaboration between technical develop-
ers and healthcare professionals, making it easier for healthcare staff to define clinical proto-
cols and simplify system maintenance by expressing high-level specifications or models using
the abstraction of low-level technical details of the system. This streamlining of development
processes allows for faster response to evolving healthcare needs and ensures domain experts
work with concepts closer to their area of expertise even if they lack extensive knowledge
in development firstly thanks to the code generation techniques that automatically transform
DSLs’ specifications into reliable, error-resistant code or artifacts and secondly thanks to DSLs
explore not only textual but also graphical or visual interfaces (VDSL) options.
Building upon this foundation, the primary goal of the internship is to develop a healthcare
framework using the MDE approach and propose a robust DSL, which we believe will make a
substantial contribution to this field. Our approach includes practical implementation in real-
world case studies, with a particular emphasis on two specific medical sensors, namely, EEG
and ECG. Additionally, we aim to synchronize the data streams from these medical sensors
and validate the correctness and reliability of the framework’s behavior. As we see the great
enhancement in other research on the usage of DSLs in various contexts and domains of IoT
systems, DSL might be also, the right choice for healthcare systems regarding the specific re-
quirements that are not easily met by general-purpose languages.
For instance, in this work, we create a high-level abstract model (meta-model) of the system.
This model should capture essential aspects of the system’s functionality and interactions. We
try to enforce this model with constraints and check specifics in the healthcare domain. Also,
we try to use the DSL features such as creating specialized tooling, editors, and code generators
that make development more efficient and ensure a lower learning curve for domain experts
who may not be proficient in general-purpose programming. Our work contains the genera-
tion of Python code which is designed for medical devices, integrating data synchronization
capabilities. In addition, we create a formal verification language called LOTOS NT and uti-
lize the CADP toolbox, which can produce Labeled Transition Systems (LTS) from LOTOS NT
code, to verify the system’s behavior. This verification process ensures the correctness of the
system, including synchronization, and checks for the absence of any deadlocks.
We hold a strong sense of optimism regarding this opportunity, particularly due to the promis-
ing synergies of AI and MDE, and AI and healthcare systems. This first combination presents a
brilliant concept with the potential to address numerous challenges during software develop-
ment where the targeted systems have models that are not only based on existing knowledge
but also capable of learning and adapting to new data, improving their predictive capabilities,
updating and refining based on the incoming data and user behavior. On the other hand, the
second combination offers substantial benefits in a domain that demands AI algorithm inte-
gration, such as classification and prediction for patient services.
4
Our main contributions
In this project, we address the inherent complexities of IoT systems characterized by diverse
criteria such as technologies, programming languages, and device configurations. Our sig-
nificant contribution to this project centers around the creation of a DSL targeted specifically
for IoT systems. This language is designed to meet the unique needs of domain profession-
als, offering a more intuitive and targeted approach compared to general-purpose languages
that often deviate from specific requirements. The primary goal is to extract essential IoT sys-
tem requirements, bridging the gap between various technologies, languages, and traditional
development by using model-driven engineering principles such as meta-modeling, model
transformation, and operating at a higher level of abstraction.
Our project integrates various domains into a generic framework represented in a particular
healthcare application featuring EEG and ECG medical sensors. In the development of IoT
systems, we investigated that (MDE4IoT) can address the substantial knowledge, time, and
technology specifications these systems demand. Recognizing the extensive knowledge, time,
and technology specifications required for these systems, we have observed that abstraction
within MDE proves beneficial in simplifying the creation of complex systems. This is partic-
ularly evident in the development of graphical user interfaces (GUI), where abstraction and
the visual interface enhance the efficiency and smooth the creation of these systems. Besides
that, this approach allows for a comprehensive understanding of complex interactions and
improves overall IoT systems. Unlike previous studies, our work explores the fusion of AI
and MDE, creating a good synergy relationship that empowers users to deploy AI algorithms
seamlessly. The integration of AI into MDE (MDE4AI) facilitates user-friendly customization
of AI model settings without requiring an in-depth understanding of AI model development.
Alternately, when MDE is integrated into AI (AI4MDE), machine learning algorithms ensure
the automated generation of models that conform to their meta-models, addressing user pref-
erences effectively. Addressing the widespread challenge of synchronization within IoT sys-
tems, we identified two key synchronization aspects: data synchronization from medical de-
vices and system behavior synchronization. In the context of data synchronization, various
algorithms and protocols are typically employed. However, in our framework during the pro-
totype phase, we adopted the GALS (Globally Asynchronous Locally Synchronous) system
concept. In this approach, medical devices generate data asynchronously and independently
send it to the monitor without a common clock. Subsequently, we synchronize the data locally
on the monitor using timestamps, FIFO queues, and buffers. As for the system behavior, we
employ formal verification methods, using mathematical instructions to identify potential is-
sues such as deadlocks and avoid the wrong system behavior. To ensure reliability in systems
developed by users who lack expertise in programming, we employ the LOTOS NT formal
verification language to confirm that the created model aligns with the intended functionality,
making a way for the future evolution of the project.
In this work, we develop a meta-model in Eclipse Modeling Framework (EMF) that serves as
a foundation for instantiating models adhering to its specifications. Utilizing a meta-model
proves particularly advantageous in domains like IoT, where smart devices come with diverse
specifications such as varying technologies, legacy device compatibility issues, and program-
ming language disparities. Meta-modeling serves as an important solution, allowing us to
treat all devices as a commun entity, thereby simplifying the overall workflow. To enhance the
robustness of this meta-model, we employ the Object Constraint Language (OCL). By incor-
porating OCL, we introduce invariants and constraints that render the created models more
aligned with the specific requirements, further optimizing their suitability for the intended
purposes. Using the established meta-model, the DSL was introduced by Xtext to create the
5
concrete syntax of the language. This approach simplifies the experience for end-users, en-
abling them to seamlessly instantiate medical devices with specific parameters. Users can
easily control data flows, define system behavior, and select necessary interfacers, such as
synchronizer interfacer for data synchronization and preprocessor interfacer for data cleaning.
This streamlined DSL empowers users to efficiently configure and manage the intricate aspects
of the system, enhancing overall usability and customization.
Outline
The structure of this report is organized into four distinct chapters, each serving a specific pur-
pose in presenting our research findings and insights.
The first chapter, titled "Background" delves into the essential groundwork required to un-
derstand the core concepts of the research. In this section, we present an in-depth exploration
of MDE and signal synchronization, including its significance and relevance in the context of
the internship. Additionally, we discuss the structural and behavioral models that form the
foundation of the research, providing readers with the necessary theoretical aspects to com-
prehend the subsequent chapters.
The third chapter, titled "Synchronization and Formal Verification," delves into synchroniza-
tion techniques and formal verification methods. It explores the significance of synchroniza-
tion and formal verification in distributed systems, offering insights into current trends and
methodologies in these areas.
The fourth chapter, titled "Contribution" is the core of this thesis, where we present the origi-
nal research and contributions we have made during the internship. This chapter delves into
the innovative solutions, methodologies, and insights that have emerged from our work, high-
lighting the development of the prototype, the used meta-model, and the application of the
model to text transformation techniques. Also, we present the implementation of the formal
verification language LOTOS NT and the interpretation of the system behavior from the gen-
erated LTS and finally, we illustrate the results we found in this internship.
6
Finally, we will wrap up the thesis by summarizing the key findings, achievements, contri-
butions, and their implications. Also, we will provide insights into potential future research
directions, emphasizing the significance of the internship and its potential impact on the field.
7
Chapter 1
Background
Contents
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 Model-Based Systems Engineering (MBSE) . . . . . . . . . . . . . . . . . . . . 9
1.2.1 Structural Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2.2 Meta-models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2.3 Level of Abstraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.2.4 Domain Specific Language (DSL) . . . . . . . . . . . . . . . . . . . . . 13
1.2.5 Models transformations . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.2.6 Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.2.7 Abstract and concrete Syntax . . . . . . . . . . . . . . . . . . . . . . . 16
1.3 Behavioral Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.3.1 Labelled Transition System (LTS) . . . . . . . . . . . . . . . . . . . . . 18
1.3.2 LTS Interests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.4 Signal synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.4.1 Physical Clock Synchronization . . . . . . . . . . . . . . . . . . . . . . 21
1.4.2 Logical clocks synchronization . . . . . . . . . . . . . . . . . . . . . . 23
1.4.3 Consistency in distributed applications . . . . . . . . . . . . . . . . . 24
1.4.4 Synchronization in concurrent system approach . . . . . . . . . . . . 24
1.4.5 Clock Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
1.4.6 Software as a service for signal synchronization . . . . . . . . . . . . 26
1.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
8
1.1 Introduction
In this chapter, we lay the foundational groundwork essential for a comprehensive under-
standing of the subject matter addressed in this master thesis. We will delve into the essential
background knowledge required to navigate the complexities of our research. This includes
an exploration of structural models using meta-models within the MDE approach, an exami-
nation of behavioral models, and a rigorous analysis of signal synchronization.
9
Requirements Requirements Requirements
High level
specification
Functional and
nonfunctional
Compile Compile
may may
Source in GPLs
Generate Code Generate Code
(java, C++)
(java, C++) (java, C++)
Softwares Development. Traditional software development methods that rely on manual cod-
ing in 3rd generation languages like C++ and Java come with many drawbacks. One signifi-
cant disadvantage is the manual coding overhead, where developers have to write code line by
line, leading to potential errors and inefficiencies and slowing down the development process,
especially for large-scale projects. Learning and mastering programming languages and tools
can be time-consuming.
Moreover, the low abstraction level of manual coding makes it harder to understand the over-
all system requirements and may tie the software to a specific platform, making it challeng-
ing to migrate or adapt to new technologies. Also, maintaining and updating code manually
becomes increasingly challenging as the software grows in complexity, leading to increased
maintenance effort.
Furthermore, manual coding can result in bugs and security vulnerabilities and limited auto-
mated verification and validation tools can lead to potential issues not being detected early in
the development process. From another perspective, non-technical stakeholders might find it
harder to actively participate in the development process due to the technical complexity of
software development.
The evolution of software development [11, 12] has seen a transition from 3rd generation pro-
gramming languages, which were closer to machine code and hardware, to Structured Pro-
gramming, which introduced the concept of modular and organized code through constructs
like loops and functions. This further evolved into Component-Based Software Engineering,
emphasizing the reuse of pre-built components to enhance development efficiency and main-
tainability. MDE leveraged abstraction and independence by allowing developers to create
high-level models of software systems, which could then be automatically transformed into
executable code. This shift (c.f. Figure 1.2) emphasizes the separation of concerns, enabling
developers to focus on system design and logic while the tools handle the technical details,
ultimately streamlining software development and reducing complexity.
10
Independence
Abstraction Model-Driven
Engineering
Component-Based
Software Engineering
Structured programming
1.2.2 Meta-models
Meta-modeling in MDE (c.f. Figure 1.3), revolutionized the way software systems are designed
and developed. At its core, meta-models [13, 14] serve as the backbone of MDE and define the
structure, relationships, constraints, and semantics of models within a specific domain. They
provide a formal foundation for creating domain-specific modeling languages (DSMLs) [15]
and facilitating the construction of well-formed and consistent models. Meta-models capture
the essential concepts, entities, attributes, relationships, and constraints relevant to the specific
domain, providing a structured vocabulary that models can adhere to. They define the build-
ing blocks and rules that guide the construction of valid models, ensuring that they accurately
represent the desired system and conform to predefined standards.
Meta-models are used to create DSLs targeted to specific application domains [16], enabling
domain experts to express their ideas in a way that is closer to their problem domain. Meta-
models are used as the basis for developing model transformation rules and tools that can
automatically generate code, documentation, or other artifacts from models, facilitating the
automation of development processes. Also, they provide the criteria for validating the cor-
rectness and consistency of models to ensure they conform to the intended domain-specific
semantics [17], ensuring model quality and reliability and they can evolve to accommodate
changes in domain requirements, supporting the adaptability and maintenance of existing
models.
Meta-models ensure a valuable technique used to design novel modeling languages and ex-
pand the capabilities of existing modeling languages by defining the abstract and concrete
syntax and semantics of models (c.f. Figure 1.4). Just as models are simplified representations
of real-world entities, meta-models can be seen as simplified representations of models. They
define the structure, constraints, and semantics of lower-level models used in the software de-
velopment process [18, 19]. As mentioned in [20, 21], expanding the abstraction further leads
to the concept of meta-meta-models, which are models that encapsulate descriptions about
meta-models, including statements about their properties.
11
Meta-metamodel <<instanceOf>>
<<instanceOf>> <<instanceOf>>
Metamodel
<<instanceOf>> <<instanceOf>>
Model
<<instanceOf>>
Metamodel
12
conformsTo ▸
◂describe
Metametamodel M3 MOF
▲
describe conformsTo
▼ UML UML ...
Metamodel M2 2.0 2.0
▲
describe conformsTo
▼
UML UML ...
Model M1 model model
▲
representedBy
System M0
13
Driven Architecture (MDA) framework by OMG, serve distinct purposes.
Computation Independent Model (CIM). CIMs are high-level models that provide a concep-
tual view of the system, focusing on the requirements and environment without considering
system structure or processing details. These models are typically used for understanding the
business context, domain entities, and high-level interactions. CIMs help to ensure that the
software being developed aligns with the business goals and requirements.
Platform Independent Model (PIM). PIMs are models that specify the functionality and be-
havior of a system while remaining abstracted from any specific technology or platform. This
allows developers to capture the "what" of a system without yet defining the "how." A PIM
can later be transformed into one or more PSMs, which provide the platform-specific details
needed for actual implementation. This level of abstraction enables better reusability of the
model across different technology stacks.
Platform Specific Model (PSM). PSMs are models that combine the specifications in the PIM
with the details necessary for implementation on a specific platform. This includes platform-
specific data types, libraries, and other technology-specific constructs. The PSM is typically
what gets transformed into actual source code. It’s more closely tied to the underlying tech-
nology, making it less portable than a PIM but more straightforward to implement.
CIM Skilled
Transformation PIM Automated
Transformation PSM CODE
UML DIAGRAMS
Conceptualization Specification Realization
Transformation Process
The MDE approach typically involves transforming a CIM into a PIM where business require-
ments are turned into an independent technology model that specifies what the system should
do and then another transformation of PIM into a PSM where PSM incorporates all the tech-
nological specifics necessary for implementation. Finally, the PSM is usually used to generate
source code [29]. By examining these transformations, we can describe various aspects of
model transformations [30] below:
• Model-to-Model (M2M) transformation: This method allows the generation of new mod-
14
els from existing ones. It consists of a set of rules that define how to map elements from
one model to another, allowing the transformation of models from one level of abstrac-
tion to another
• Text-to-Model (T2M) transformation: This method allows to generate models from tex-
tual specifications. It consists of a set of rules that define how to parse a text file and
transform it into a model.
Code generation. Code generation using DSLs [31, 32] is a common technique that trans-
lates a DSL model into actual code (GPLs, customized file extensions). By defining high-level,
domain-specific abstractions, DSLs allow developers to express their purpose more clearly
with high-level DSLs specifications which are transformed into low-level code that can be ex-
ecuted on a target platform. This technique can significantly improve productivity, reduce
errors, and ensure consistency in complex projects and tasks like software modeling and con-
figuration making DSLs a valuable tool for domain experts.
According to [33], MDE4IoT currently employs translational execution, where source models
are translated into GPLs. These translated models are then executed on the target device.
1.2.6 Semantics
Semantics in MDE [34, 35] ensure the correctness and meaning of models and their transforma-
tions, which are essential for the development of complex software systems. Semantics in MDE
refers to the formal description of the meaning and behavior of modeling languages, models,
and transformations. It provides a foundation for precise reasoning, verification, and valida-
tion of MDE artifacts, helping to bridge the gap between abstract models and their concrete
implementations. The choice of semantics for a modeling language or transformation language
greatly influences the reliability and predictability of MDE processes. Several approaches and
formalisms such as Meta-model-Based Semantics, have been proposed and applied in MDE
to establish a clear understanding of how models and transformations should behave. These
semantic foundations are essential for the success of MDE and have been the focus of extensive
research in the field.
Static semantics. Meta-models are a powerful means for defining semantics in MDE, but it’s
important to clarify that they are distinct from abstract syntax [36]. While abstract syntax de-
fines the structure of a modeling language, specifying the elements and their relationships, it
does not inherently carry the meaning of these elements. This is where static semantics comes
in and acts as an intermediary between syntax and the full semantics of a language [37, 38].
Static semantics ensures that a model or program is not only syntactically well-formed but
also semantically meaningful within the context of its language. In other words, it ensures
that a program, model, or transformation conforms not only to the syntactical rules but also to
the meaningful constraints and rules of the modeling language, making it semantically valid
within the language context before execution. This verification process helps prevent unin-
tended errors and inconsistencies in MDE artifacts. Below, we present some key insights on
the role of static semantics in MDE:
• Syntax: While syntax checks if the arrangement of symbols is correct, static semantics
checks if the arrangement makes sense. For instance, in many programming languages,
it’s syntactically correct to write int x = 5 .
15
However, writing int 5 = x is syntactically correct but violates static semantics, as vari-
able names shouldn’t be numeric literals.
• Type Checking: A type checker ensures that operations and functions are applied to the
right kinds of values. For instance, it would prevent us from trying to divide a string by
a number.
• Scope and Binding: Another domain of static semantics is ensuring that identifiers (like
variable names) are used in the correct scope and are properly bound to their correspond-
ing values or functions.
• Relationship Rules: How different elements relate to each other, what kinds of relation-
ships are allowed, and so on. For instance, the meta-model may dictate that a "Teacher"
element can be related to multiple "Student" elements, forming a "teaches" relationship.
• Aids in Tooling: Static semantics help in creating better development tools. Integrated
Development Environments (IDEs) often use static semantic checks to provide real-time
feedback, auto-completion, and error highlighting to developers as they write code.
In the context of MDE, the Object Constraint Language (OCL) [39, 40] specifies constraints and
expressions on models. It provides a way to describe the invariants of models, pre-conditions,
and post-conditions for operations, as well as guard conditions. While a modeling language
primarily describes the syntax and fundamental semantics of a system, OCL enables the defi-
nition of supplementary rules and constraints that may not be visually represented within the
model itself. This functionality enhances the precision and comprehensiveness of the modeling
process by allowing the explicit description of complex constraints and logic that are essential
for the accurate representation and validation of model-based systems.
Abstract Syntax. Abstract syntax [18, 41] set the foundational structure of a language, pri-
marily focusing on its core components and semantics without being bound by any specific
representation. It primarily deals with the logical entities and their relationships. For instance,
as mentioned in [42] when considering a programming language, the abstract syntax is con-
cerned with constructs such as variables, functions, loops, and conditionals. A way to visualize
the abstract syntax is through the Abstract Syntax Tree (AST). The AST represents the hierar-
chical structure of a program, where each node corresponds to a language construct.
An expression like 4 + 2 × 10 + 3 × (5 + 1) would be broken down into an AST (c.f. Figure 1.7)
where multiplication has higher precedence, resulting in a tree with the + at the root and the
∗ operation as one of its children.
16
Figure 1.7: Abstract syntax tree example [160]
Concrete Syntax. Concrete syntax [18, 43] is all about representation. It provides the tangible
form or the "look" of the language constructs, be it in textual or graphical shape. In the con-
text of a programming language, [42] mentions that concrete syntax determines the specific
keywords, symbols, and notations. Using the earlier mathematical expression as an example,
the concrete syntax dictates the specific symbols such as ×, +, and the order in which they are
written to make the expression understandable and ensure the ability to be analyzable.
For a loop in a programming language, while the abstract syntax represents the idea of itera-
tion, the concrete syntax will decide whether it looks like:
• for i from 0 to 10
In this context, there are several frameworks available for defining the grammar of domain-
specific languages (DSLs). One such framework is xText [44, 45], which is commonly used to
define and generate concrete syntax for DSLs. In xText, we define the language’s grammar
using a formal notation. This grammar specification comprises syntax rules that outline the
structure of the language. These rules detail how various language elements, such as key-
words, identifiers, expressions, and statements, should be composed within the language.
17
parallelism in real-world systems and is particularly relevant in fields like probabilistic mod-
eling, and concurrent programming, where it allows for a more flexible and expressive repre-
sentation of complex behaviors.
LTS typically characterizes the discrete behavior of a system or protocol. In any given state
of the system, various actions are possible, each resulting in a transition to a new state. The
initial state represents the system’s state before any actions are taken.
s0 → a1 s1 → a2 s2 → a3 ... → an s g
• Deadlock: A deadlock is a state in an LTS where the system cannot make any further
progress, typically because all possible transitions are blocked. A state s ∈ S is said to be
in deadlock if:
There is no a ∈ A and s′ ∈ S such that s → a s′ , there are no outgoing transitions from
state s. Detecting and avoiding deadlocks is an important concern in system design and
verification especially for reactive systems.
18
• Safety and Liveness : An important observation is that any property can be decomposed
into a safety and a liveness part. That is:
P = Psafe ∧ Plive
Safety: Safety properties ensure that "nothing bad will happen." A property P is a safety
property if, for every finite execution sequence σ that does not satisfy P, there is a finite
prefix σ′ such that no extensions of σ′ satisfy P.
Liveness: Liveness properties guarantee that "something good will eventually happen."
A property P is a liveness property if for every finite execution sequence σ, there exists a
finite extension σ′ of σ such that σ′ satisfies P.
• Model Checking: Formal verification technique that aims to verify finite-state concurrent
systems where the behavior of a system is exhaustively explored to check whether it
satisfies specified properties.
Clock Skew. As an example, for a given two registers A and B in a digital circuit , Let :
∆T = TB − TA (1.1)
Where:
• If ∆T = 0, there’s no skew, and the clock signal reaches both registers simultaneously.
19
Skew
0 5 10 15 20
A CLK
B CLK
Jitter. Jitter, Tj , is often defined as the deviation in the period of the clock from its ideal or
intended value. If Ti is the actual time interval between successive clock edges and T is the
ideal clock period, the jitter can be defined as:
Tj = Ti − T (1.2)
The measurement of jitter is often quantified using the Root Mean Square (RMS) value which
gives an effective measure of the deviation. For n clock cycles, if ji represents the jitter in each
cycle, the RMS Jitter is given as:
s
1 n 2
n i∑
RMS Jitter = ji (1.3)
=1
Jitter
Reference
edge Ideal
event
timing
Unit interval
Clock Drift. When we talk about multiple clocks, each clock can have its drift rate due to fac-
tors such as temperature changes, and components aging. As an example, let:
t: Represents the real-time, or "true" time. It will be considered the reference or standard
against the measurements of other clocks.
C (t): Represents the reading of a clock. If the clock was ideal (perfectly synchronized with
real-time), then C (t)=t
dC (t)
dt : Represents the ticking rate of the clock (p). It’s essentially the rate at which clock (p) is
running relative to real-time.
dC (t)
• If dt = 1, the clock is ticking at the ideal rate: for every unit increase in real-time t,
clock (p) also advances by one unit.
dC (t)
• If dt > 1, the clock (p) is running faster than in real-time.
dC (t)
• If dt < 1, the clock (p) is running slower than in real-time.
20
𝐝𝐝𝑪𝑪
>1
𝐝𝐝𝑡𝑡
𝐝𝐝𝑪𝑪
=1
𝐝𝐝𝑡𝑡
𝐝𝐝𝑪𝑪
C
<1
𝐝𝐝𝑡𝑡
21
Stratum 1: Primary server (PS) synchronized directly with UTC sources.
Stratum 2: Secondary servers (SS) synchronized directly to PS.
Stratum 3: Lowest servers (LS) execute in user sites synchronized with SS.
Accuracy: the number of levers (strata).
Cristian’s and Berkeley algorithms. The core concept behind Cristian’s algorithm is that a
client initiates a time request to a server, which subsequently responds with the current times-
tamp, denoted as T. The client, in turn, receives the server’s response at time T ′ . As presented
in 1.12, the process begins with the client sending a request packet timestamped with its local
clock T1 and the server recording the reception time as T2 on its local clock. The server then
responds with a packet marked with timestamps T2 and T3 on its local clocks, and the client
registers the receipt of the server’s response as T4 on its local clock. The main goal is for the
client to adjust its clock to T3 + δresp , where δ signifies the round-trip time.
• Offset (θ):
( T2 − T1) + ( T3 − T4)
θ=
2
As we assume that δreq = δresp , the client can synchronize its clock to T3 + 12 δ.
Client Server
T1
Ꟙreq
T2
T3
Ꟙresp
T4
Time
The Berkeley algorithm (c.f. Figure 1.13) is designed for clock synchronization in distributed
systems, while its primary objective is to synchronize the time across diverse machines within
a network. It is based on a master amongst all participating machines, including the time
server, to orchestrate the synchronization process. The Berkeley Algorithm initiates the syn-
chronization process by requesting all participating machines in the network to send their
local clock times to the coordinator. Once the local times are received from all the machines,
the coordinator calculates the average time based on the collected data and determines the
deviation between this average time and the local time of each machine, including its own.
Subsequently, the coordinator distributes the calculated time differences to all machines in the
22
network. Each machine, upon receiving its respective time difference, adjusts its local clock by
incorporating this time difference, thereby contributing to the overall synchronization of the
network’s clocks.
The Berkeley Algorithm’s strength lies in its resilience through the use of average time, allow-
ing gradual clock correction, which is ideal for scenarios prioritizing relative time coherence
over precise time. However, it assumes negligible message delay between machines, which
can result in synchronization inaccuracies in real-world situations.
Time daemon
3:00 3:00 3:05 +5
0
3:00
Network
The Lamport Timestamps algorithm assigns a unique timestamp to every event in a distributed
system. This algorithm guarantees that if event e causally precedes event e′ , then the times-
tamp L(e) is less than the timestamp L(e′ ). However, the converse does not hold true; if
L(e) < L(e′ ), it does not necessarily imply that e causally precedes e′ . Thus, Lamport Times-
tamps could potentially lead to inaccurate conclusions regarding the causal order of events. To
overcome these limitations, the Vector Clock Algorithm was introduced, specifically to distin-
guish between concurrent events. Each process in a system of N processes maintains an array
of N integers, representing the vector clock. The vector clocks are updated as follows:
• VC2: Just before process pi timestamps an event, it increments its corresponding entry:
Vi [i ] := Vi [i ] + 1.
23
• VC4: Upon receiving a message with timestamp vector t, process pi updates its vector
clock by taking the componentwise maximum: Vi [ j] := max(Vi [ j], t[ j]), for 1, 2, . . . , N.
In comparison to Lamport Timestamps, Vector Clocks can deduce more accurate causal rela-
tionships between events in a distributed system. While Lamport Timestamps can only infer a
partial ordering of events, Vector Clocks can infer a more detailed partial ordering, reflecting
the actual causal dependencies between events. This makes Vector Clocks preferable when
precise information about the causal order of events.
24
Figure 1.14: Mutexes and locks [162]
Semaphores. Semaphores are introduced by computer scientist Edsger Dijkstra. [61] They
are widely used in concurrent programming to control access to shared resources and co-
ordinate the execution of multiple processes or threads. Semaphores provide a simple way
to manage the order in which processes can proceed by using "wait" (decrement) and "sig-
nal" (increment) operations[62, 63]. When a process encounters a WAIT operation with a
semaphore value of zero, it is blocked until the semaphore becomes available. On the other
hand, when a process executes a SIGNAL operation, it either wakes up a waiting process or
increments the semaphore value if no processes are waiting. The key advantage of semaphores
lies in their ability to enable efficient and non-busy-waiting synchronization, as blocked pro-
cesses are placed on a waiting list rather than continuously consuming CPU time. This makes
semaphores a foundational tool for managing concurrency and ensuring orderly access to
shared resources in multi-threaded or multi-process systems.
Monitors. monitors ensure controlled access to shared resources and automatic process syn-
chronization. This approach was introduced by Hansen [64] and further refined by Hoare
[65]. Initially, monitors enforce mutual exclusion, ensuring that only one thread or process
can actively access the monitor at a given time. This exclusivity prevents multiple entities
from concurrently modifying the shared resource, preventing data corruption and race con-
ditions. Also, they often incorporate condition variables, allowing threads to wait for specific
conditions to be met before continuing their execution. These condition variables are used for
signaling and notification, enabling threads to pause, release the monitor, and notify others
when a particular condition becomes true. Additionally, monitors maintain an entry queue,
which serves as a waiting area for threads or processes attempting to enter the locked monitor.
Threads in the queue patiently wait their turn, ensuring orderly access to the shared resource.
Together, these features make monitors a valuable tool for effective synchronization in concur-
rent programming [63]. Monitors are commonly used in languages and libraries that provide
high-level concurrency support.
Rendezvous. Rendezvous [63] ensures a controlled interaction and coordination between mul-
tiple threads or processes. In rendezvous synchronization, two or more entities agree to meet
at a predefined point in their execution, and they synchronize by exchanging data, signals, or
control flow. This mechanism ensures that tasks or threads stop at their rendezvous points
until all participating entities have arrived, and only then can they proceed. Rendezvous syn-
chronization is particularly useful for scenarios where precise coordination between concur-
rent entities is required, such as in real-time systems, inter-process communication, and con-
current algorithms. It helps avoid issues like race conditions and ensures that actions occur in
a specific order, providing a structured and orderly approach to concurrency control.
25
1.4.5 Clock Synchronization
Globally Asynchronous Locally Synchronous system. Clock synchronization primarily fo-
cuses on setting the time, while data synchronization focuses on data consistency. However,
in some cases, precise clock synchronization may be important to ensure data is processed
or recorded with the correct timestamps. Signal synchronization does not automatically syn-
chronize the clock, but, from another perspective clock synchronization is necessary to ensure
the accuracy of data timestamps. That’s why, another approach that we are considering is the
Globally Asynchronous Locally Synchronous (GALS) system [66]. GALS is a design paradigm
used in the field of electronics and integrated circuits, where modules operate synchronously
internally, with each module having its local clock, but asynchronously interacting with each
other, without a global clock. Each locally synchronous module in a GALS system operates
under its clock domain, driven by a local clock, while asynchronous interfaces are essential
for communication between different clock domains, and they handle the synchronization of
signals crossing between domains that are not synchronized to each other. While the global
clock is absent in the system design, GALS uses asynchronous FIFO (First-In-First-Out) buffers
[67] along with handshaking protocols to synchronize data transfer between different clock
domains, ensuring correct data sampling. The independence of clock domains in the GALS
concept can significantly help in problems related to clock skew, as it limits the skew-related
issues within individual domains, enabling easier management and control.
FIFO Buffers. FIFO buffers [68] are important for signal synchronization in various appli-
cations, such as digital communication and real-time systems. These buffers ensure that in-
coming data or signals are processed in the order they are received, regardless of variations
in arrival times or data rates. They bridge clock domain inconsistency, align signal timing,
and facilitate flow control, making them essential in managing the orderly flow of data and
maintaining synchronization. Additionally, FIFO buffers prevent data loss and help manage
data flow efficiently by allowing senders to operate independently of receivers, ensuring op-
timal synchronization between various system components. The adaptability and versatility
of FIFO buffers make them a fundamental building block in signal processing and synchro-
nization, contributing to the reliability and stability of numerous modern technologies and
systems.
1.5 Conclusion
In this chapter, we have laid a solid foundation by presenting the essential background knowl-
edge required for our master thesis. We’ve delved into crucial concepts such as structural
models utilizing meta-models in the context of Model Driven Engineering (MDE), behavioral
26
models, and signal synchronization. These building blocks are fundamental to the core of our
research. As we move forward, the next chapter will transition into the state of the art in
our research domain, where we will explore the current landscape and existing knowledge to
further contextualize our work.
27
Chapter 2
Contents
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.2 Model Driven Engineering for Internet of Things (MDE4IoT) . . . . . . . . . 29
2.2.1 MDE techniques for IoT concepts . . . . . . . . . . . . . . . . . . . . . 29
2.2.2 MDE for self-adaptive IoT systems . . . . . . . . . . . . . . . . . . . . 30
2.2.3 Testing SCADA Systems Using the EMF and Modelica . . . . . . . . 32
2.2.4 Service Oriented Architecture (SOA) approach . . . . . . . . . . . . . 34
2.2.5 IoT modelling tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
2.3 Model Driving Engineering for Artificial Intelligence (MDE4AI) . . . . . . . 41
2.3.1 Proposed approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.3.2 MDE for monitoring ML Models . . . . . . . . . . . . . . . . . . . . . 48
2.4 Artificial Intelligence for Model Driven Engineering (AI4MDE) . . . . . . . . 51
2.4.1 Domain modeling with ML . . . . . . . . . . . . . . . . . . . . . . . . 51
2.4.2 Model-based systems engineering and Knowledge Representation . 55
2.4.3 Crossover for Model-Driven Optimization . . . . . . . . . . . . . . . 57
2.4.4 Supporting Delay-Sensitive IoT Applications: A Machine Learning
Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
2.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
28
2.1 Introduction
The intersection of MDE, IoT, and AI has become a focal point in the field of technology inno-
vation. MDE, as a methodology for software development, emphasizes the use of models as
primary artifacts throughout the entire development process. This approach offers numerous
benefits, including abstraction, automation, and increased productivity. As IoT and AI tech-
nologies continue to evolve, the integration of MDE has become important in addressing the
complexity and challenges inherent in these domains.
This chapter provides an overview of the state of the art in MDE and its implications in the
context of IoT and AI. We delve into the emerging trends, challenges, and opportunities in this
interdisciplinary field, focusing on the advancements in MDE techniques tailored for AI and
IoT applications, namely MDE4AI, AI4MDE, and MDE4IoT.
29
Figure 2.1: Map of MDE techniques with IoT concepts [75]
30
Three different viewpoints (VP1, VP2, and VP3) are highlighted for developing logic related
to warnings, motion sensors, and actuators, respectively (c.f. Figure 2.3), allowing concur-
rent exploration by domain experts and synchronization through model transformations. The
utilization of multiple viewpoints is a fundamental aspect of the system’s design to address
different aspects of the problem domain and is concurrently exploited by various domain ex-
perts. VP1 signifies a horizontal viewpoint associated with a particular software application
domain, while VP2 represents a horizontal viewpoint for physical devices. VP3 serves as a
vertical viewpoint, encompassing both software and hardware aspects of a specific application
domain. Different viewpoints are designed to be concurrently leveraged by domain experts,
with underlying mechanisms defined in terms of model transformations ensuring consistency
among these diverse perspectives.
To support the design phase, MDE4IoT offers mechanisms for addressing evolutionary sce-
narios within the IoT through self-adaptation. When an Emergent Configuration (EC) goes
through changes and the managing system contemplates potential adaptations with two pos-
sible outcomes: The affected executable artifacts can be directly re-deployed or The system
must first re-allocate the functionality at the modeling level and subsequently execute the arti-
facts on alternative physical devices.
@design-time. In smart street lights mode (c.f. Figure 2.4), the physical devices are categorized
into three hardware components: WarningSystemSensors, LampPostHardware, and Naviga-
tionSystemHardware. These hardware components are attributed to Modeling and Analysis
of Real-Time and Embedded Systems (MARTE) stereotypes to provide essential information
about the devices.
MARTE stereotypes allow the specification of critical details about the various devices, such
as the architecture of the computation unit and the number of cores it possesses. Software
functionalities are allocated to these hardware components through MARTE allocations, rep-
resented by UML abstractions stereotyped as «Allocate». The allocation of software function-
alities to hardware components is a crucial step in the system’s design process. It involves the
transformation of software functionalities into executable artifacts through model transforma-
tion chains. These transformations, driven by the allocations defined in the model, help infer
platform-specific details to enable software functionalities to run on specific devices effectively.
31
Figure 2.4: Portion of the Smart Street Lights Model [33]
@run-time. In the runtime scenario, consider a situation where Car A is approaching a street
segment, and the red lights of four subsequent lampposts malfunction. Simultaneously, Car B
is approaching the same segment while traveling over the speed limit. The system indicates
a malfunction within part of the LampPostHardware. To address this issue, the managing
system, known as the ARU (Area Reference Unit) initiates a repair procedure by sending a
message to the maintenance service, providing details about the malfunctioning devices and
their locations. Additionally, the ARU continuously monitors the IoT and ECs. It detects the
availability of Car A and Car B, as well as their navigation systems, which can serve as alter-
native resources to replace the malfunctioning red lights.
MDE4IoT run-time adaptations. It checks that NavigationSystemHardware provides the nec-
essary features to host the functionalities previously deployed on LampPostHardware, which
require re-allocation. For example, an actuator for showing warnings (to replace the broken
red light, LPR) and routines to manage such an actuator (to replace part of the intelligence
provided by mR) are re-allocated from LampPostHardware to NavigationSystemHardware.
These reallocations are performed automatically by model transformations. Once completed,
MDE4IoT generates executable artifacts for the newly allocated devices.
32
the usage of the EMF and Modelica to integrate testing models with environmental simulation
models (c.f. Figure 2.5), which can further enhance the effectiveness of model-driven testing
for SCADA systems.
Also, It discusses the System Modeling Language (SysML) as a standard for unifying diverse
approaches in system engineering and software domains. SysML, while allowing models to
describe system behavior without complex transformations. In comparison, Modelica, de-
signed to extend object-oriented mathematical modeling languages, is better at detailing com-
ponent behavior and functionality in a declarative manner. Modelica allows the graphical
composition of models through connection diagrams but recognizes that designing complex
systems goes beyond component assembly, requiring tasks such as gathering requirements,
specifying components, defining a structure, outlining design alternatives, describing overall
behavior, and conducting validation and verification, where Modelica’s capabilities surpass
those of SysML.
The paper [78] introduces a design-time model that captures an Interface Definition Language
(IDL) and product composition. Additionally, it incorporates a run-time model that captures
system configuration along with ports linked to sensors and actuators. Furthermore, a test
model is presented, which encapsulates test steps and establishes simulator bindings.
The paper discusses the application of Modelica for modeling and simulating the complex
external environment of SCADA systems. While internal system models are comparatively
simple, SCADA systems interact with intricate external worlds. Modelica, combining object
orientation with equations, is introduced as a tool for this purpose. A Modelica model is com-
posed of objects representing physical, mechanical, control, electrical, or electronic systems. It
can be compiled into an executable that simulates the development of system properties over
time. In addition to self-contained simulation, Modelica allows the definition of connectors
for external interactions. Sensors and actuators in SCADA systems are linked to connectors
on the outermost simulation model. A testing scenario is created by connecting test scripts to
the simulated environment through writes and assertions. This scenario resembles a G-clamp,
placing the SCADA system in a controlled testing environment. During testing, a Modelica
tool translates the model into C source code, compiling it into an optimized binary for the tar-
get platform to meet near-real-time requirements. Each test step is mapped into invocations
on the system using a test framework, with information drawn from the runtime model. The
approach can be extended by specifying the expected behavior of a component within the sim-
ulator, allowing predictions and prototyping. In the last tests, the actual behavior of the live
system can be compared to its simulation within the Modelica simulator.
33
2.2.4 Service Oriented Architecture (SOA) approach
SOA is an approach to software development that employs software components known as
services to construct business applications [79]. Each service delivers a specific business ca-
pability, and these services can communicate seamlessly with one another, regardless of plat-
forms and language differences. As mentioned in [24, 28] SOA is useful for developing IoT
systems while it treats a complex system as a set of subsystems and implementation using this
approach software and hardware components can be efficiently reused and updated.
Service Oriented Architecture handle transformation. The methodology used by Sosa-Reyna
et al. [28] is supported by model transformation (c.f. Figure 2.6) which can be vertical where
it refines abstract models in more specific models, or horizontal form defining mappings be-
tween models of the same level of abstraction.
The proposed methodology uses conceptual models at various levels of abstraction and gran-
ularity to develop software solutions for IoT applications. The output of each phase in this
methodology consists of models created by applying MDE principles. These models even-
tually lead to the generation of software implementation artifacts, such as the code for IoT
applications or software systems.
IT Technological
architecture Generation of the technological solution
model solution model
Generation of IOT app
Software
implementation
artifacts
To address the complexity of the software development process, the works of [28, 80, 81] lever-
age the UML, resulting in a business requirements model that serves as an abstract represen-
tation, independent of specific technologies, and sets the foundation for a PIM. In the second
phase, the focus was on the design of business processes, which constitute the core function-
ality of the system. Then, employ the Business Process Model and Notation (BPMN) to define
the complexities of business process logic. This enhances the existing business requirements
model, leading to the creation of a PIM that offers a global perspective on the behavior and
interactions of these processes. An IT architecture model is implemented rises above platform-
specific details, effectively segregating the business logic from technical implementation con-
cerns. The final phase involves the transformation of the architectural design into executable
code, customized for a specific implementation platform, this step is in two stages the first one
is the specification of the chosen technology or platform, and the second one is the transforma-
34
tion of the PSM into a textual representation, effectively performing the executable instructions
for the application.
These model transformations (c.f. Figure 2.7) consist of sets of rules that map input models
to one or more output models or executable code. The proposed MDE methods include four
transformations. These transformations take place at different stages of the methodology and
are facilitated by using tools like the Eclipse Atlas Transformation Language (ATL).
Why SOA? In SOA, interoperability is ensured through autonomous services, each equipped
with descriptive documents outlining its functionality and associated conditions where users
interact with these services and treat them as black boxes, obtaining necessary information
through service descriptive documents [165, 166]. This allows any client system to execute
a service regardless of the implicit platform or programming language. Service coupling is
designed to be loose to minimize external dependencies such as data models. Additionally,
service granularity is important, aiming to group individual business functions into sepa-
rate services, enabling developers to create composite services for complex operations. Also,
the flexibility and adaptability of SOA compositions allow for incremental changes and rapid
adaptation to evolving IoT requirements. Additionally, they facilitate development practices
and dynamic service discovery and composition, enabling real-time adjustments.
Reactive Microservices for IoT. IoT applications can be specific to certain industries or more
general. However, challenges like deployment, scalability, and interoperability persist. Mi-
croservices have been effective in cloud computing, but their application in IoT faces unre-
solved issues. To address these challenges, the paper [82] introduces a combination of mi-
croservices and reactive systems as a solution for developing IoT applications, with a focus
on fog computing (c.f. Figure 2.8). The authors discuss the adoption of service-oriented ar-
chitecture (SOA) is considered insufficient for achieving interoperability and scalability due to
the limitations of SOA applications in IoT, including deployment difficulties, scalability issues
caused by strong service coupling, performance bottlenecks, centralized management leading
to system unavailability, and limitations in addressing physical heterogeneity due to reliance
on a single technology platform and development standards. They highlight that while SOA
has been applied to IoT projects, IoT presents unique challenges that require a different ap-
proach compared to traditional SOA. They mention that other researchers have explored SOA
solutions in IoT to achieve scalability, portability, and reusability. However, the authors sug-
gest that IoT’s specific requirements demand a different development approach. They mention
a more recent approach was proposed focusing on a service-oriented middleware and an eVo-
lution Service Bus (VSB) to interconnect IoT devices with different interaction protocols. Yet,
they point out that even the Enterprise Service Bus (ESB) approach can have faults that affect
the operation of an entire application due to strong service coupling.
35
Figure 2.8: OSGI Reactive Microservices for IoT [82]
36
The implementation of the microservices based on the model (c.f. Figure 2.9) uses the tools
provided by Vert.x [168] and Apache ServiceMix [169]. Vert.x is chosen for its advantages in
designing reactive applications in multiple languages and its superior performance compared
to other frameworks. ServiceMix allows the deployment of run-time applications with elastic-
ity characteristics suitable for reactive systems. Karaf container, a core component of Apache
ServiceMix, serves as the foundation for deploying Bundles that support reactive Microser-
vices.
Fish farm case study in Fog Computing. The implementation and application of the reactive
microservices IoT platform were in the context Fish Farm case study (c.f. Figure 2.10). The
platform is deployed on limited processing and memory capacities devices like Raspberry Pi
and Intel Galileo Gen2, utilizing components such as an Apache OSGi-based service-oriented
middleware (Karaf), a Vertx MQTT broker, and various APIs for service discovery, resiliency,
security, and elasticity support.
This architecture allows for the exchange of asynchronous messages between microservices,
with features like mobility support, authentication, and cascading failure prevention. In the
Fish Farm scenario, the platform is applied to monitor parameters like temperature, pH, and
others aiming to detect anomalies or environmental events, such as pH levels between 6 and
8. The platform is designed to provide scalability, low latency, resiliency, and elasticity in
managing complex aquatic environments.
37
Figure 2.10: Smart Water Scenario [82]
The authors analyze the results of their experiments to compare their architecture proposal
with a traditional Fog-based platform for IoT applications (c.f. Table 2.1). The analysis is based
on the factors and levels defined in their experimental design.
Real
Cloud Open- General- Tool Shared Data
S.No Name Major Domain Programming Language Maintanance Status Simulation in
Support Source Purpose Type Resources Insight
IoT Environment
Real-time task scheduling
1 STRESS No No C Language Not maintained No Yes Desktop No No
algorithms analysis
Real-time task scheduling
2 GHOST No No C Language Not maintained No Yes Desktop No No
algorithms analysis
3 MAST No Yes Scheduling Visualization Ada Not maintained No Yes Desktop Yes No
4 STORM No Yes Visualization and Simulation Java Not maintained No Yes Desktop Yes No
Maintained for
5 SimSo No Yes Simulation and Visualization Python No Yes Desktop No No
bugs only
Supply-demand matching Multiple Languages
6 SDMSim No No Unknown No No Web-based No No
simulation and analysis Support
Data intensive analysis
7 ScSF No Yes Python Actively Maintained No No Desktop Yes Partial
tool on HPC
Scheduling Algorithms
8 TaskInsight Yes No C/C++ Unknown Yes Yes Desktop Yes Yes
Memory insight
Maintained for
9 MCRTsim No Yes Visualization and Simulation Java No Yes Desktop No No
bugs only
Energy Consumption
10 Score No No Multiple Languages Unknown Yes No Web-based Yes Partial
Analysis tool
Resource-Constrained
11 iMOPSE No Java Actively Maintained No
Scheduling
12 ABEMAT No No Energy Management tool Python, C++ Unknown No No Desktop No No
Maintained for
13 Location Tracker Yes Yes IoT Context Tracker Android N/A No Mobile Application No Yes
bugs only
Fiware and
14 Yes Yes IoT API Provider JavaScript Actively Maintained Yes No Headless Backend N/A Yes
DIY testbeds
15 Proposed Tool Yes Yes IoT Scheduling Simulator Python Actively Maintained Yes Yes Web-based Yes Yes
Table 2.1: Comparative Analysis of Proposed Tool with existing state-of-the-art tools and
testbeds [82]
The results show that the use of the proposed architecture improves both the throughput pub-
lished and the throughput received in scenarios with 6 and 12 sensors. In addition, in scenarios
where data analysis at the edge of the network is performed, the approach proves to be more
efficient in terms of designing IoT applications compared to the traditional approach resulting
in lower latency and improved data throughput, making it a favorable choice for IoT applica-
tions.
38
2.2.5 IoT modelling tools
A challenge is raised in research and development in this context of IoT systems with a perva-
sive network including managing diverse applications, development environments, devices,
and communication technologies. Real-time models for reliable interworking and the identi-
fication and monitoring of critical system elements are required to overcome challenges and
advance the IoT paradigm [170].
A proposed modeling tool for IoT systems is built on the Eclipse Modeling Framework (EMF)
[24] using meta-model and Graphical Modeling Framework (GMF) to create the Model-Driven
Development (MDD) editor for the DSL. The tool’s development process begins with defining
the ECore model (c.f. Figure 2.11), which acts as the tool’s meta-model and encompasses pri-
mary and sub-containers for various components like Data Provider, Pre-Processing, Virtual
Object, and Application Interface. These containers can host multiple implementations of ab-
stract classes, serving as evaluation examples against user requirements and extensible for
future IoT technologies.
The EMF Generator Model is used to generate essential plugin projects, while GMF helps in
creating a diagram editor where serialization is supported in the XMI format. The tool’s base
classes are implemented as Eclipse plugins, providing flexibility for future component integra-
tion. The code generator uses Xpand to create Java code and essential artifacts based on cus-
tomizable templates. This generated code is organized into a Java project that includes chosen
connections (e.g., Plugwise and Arduino). In terms of workflow, users create a project, define
a domain model, design it with virtual objects, associate processing modules, data providers,
and application interfaces, and then generate a Java project that can be accessed via chosen ap-
plication interfaces. The authors agree that the proposed work outperformed (c.f. Figure 2.12)
another work including EMF Tool with UML diagrams in terms of user satisfaction.
Figure 2.12: Comparisson between EMF tool and IoT Modeling Tool [24]
39
Files generation and Integration with other systems. Integrating an IoT modeling tool with
other tools is a beneficial approach to enhance its versatility and optimize performance. Sal-
ihbegovic et al. [84] explore various tools and languages used in IoT system development,
including DiaSuite, Node-RED, PervML, and OpenHAB.
DiaSuite [85] is a tool suite designed for Sense, Compute, and Control applications, featuring
a domain-specific design language and a Java programming framework.
Node-RED [171], an open-source IBM software, is a visual tool for configuring IoT applications
by connecting hardware devices, APIs, and online services using a browser-based flow editor.
PervML [86] is a Domain Specific Language (DSL) for describing pervasive IoT systems in a
technology-independent manner. OpenHAB [172], on the other hand, is a general-purpose
framework for smart home gateways based on Eclipse SmartHome, facilitating the develop-
ment of IoT solutions in the smart home domain. It employs Java OSGi bundles to define OSGi
services, serving as middleware in wireless sensor networks.
A comprehensive gap analysis of IoT platforms [87] identified 39 distinct platforms. Despite
this diversity, several significant challenges were noted. Generally, there was a lack of support
for heterogeneous devices, leading to inefficiencies in managing various formats and models
of device data streams. Additionally, concerns were raised regarding the seamless handling of
different data formats and models associated with device data streams.
The paper [84] discusses the design of a Visual Editor named DSL-4-IoT (c.f. Figure 2.13 ).
It is a VDSL that aims to abstract many of the specific aspects of IoT applications into build-
ing blocks and library modules. To handle the heterogeneity of IoT devices, the OpenHAB
runtime engine is used for interfacing with hardware and software components and execut-
ing DSL-4-IoT configuration files including items, rules, and sitemaps. These files define the
IoT system’s topology and its associated items. Also, The DSL-4-IoT exports data into a JSON
array, which contains information about the position of items within the configuration, rela-
tionships between items and groups, and data types and can be used to restore the system’s
state for further editing. Seamlessly, The author mentions that the configuration files generated
by DSL-4-IoT are not limited to OpenHAB, but also they can be adapted for other IoT integra-
tion platforms by replacing the corresponding JavaScript files used for code generation.
Simulation-Based Approach. In this paper [88], the authors introduce the usage of MDE tech-
niques, specifically ThingML, Eclipse Modeling Project, Sirius, and Xtext, for Simulation-Based
Arduino applications. This approach is organized into four steps, the initial step was designing
and modeling IoT Applications using the ThingML language. Next, they employ the ThingML
40
code generation framework to generate code for the Arduino hardware platform, resulting in
source code known as "sketches". After generating sketches, the code is compiled into object
code (with a ".hex" file extension) that can be executed on the Arduino. This compilation is per-
formed using the Arduino IDE. The simulation is carried out using Proteus software where we
can define the parameters (Program file) of the Arduino micro-controller and launch the simu-
lation. The paper highlights the various notations available as concrete syntaxes for Domain-
Specific Languages (DSL). These notations can be textual, graphical, tabular, form-based, or a
combination of these, each offering unique advantages. Also, the authors describe the devel-
opment of three viewpoints: viewing and editing Things, state machines (c.f. Figure 2.14), and
configurations.
41
machine learning, where the development often involves iterative experimentation with vari-
ous algorithms and parameters.
A noteworthy aspect is that individuals without in-depth coding expertise in AI can still lever-
age these techniques effectively. MDE enables the generation of AI models with the incorpo-
ration of parameters and theoretical tools, reducing the reliance on manual coding.
This paper mentions how tools and libraries in DAML, such as TensorFlow [173], Keras [174],
KNIME [175], and RapidMiner [176], provide different levels of abstraction for data analytics
and machine learning tasks. In the context of MDSE, a systematic approach where models
carry comprehensive information about the entire application was suggested where model-to-
code transformations are mentioned as a way to generate software implementations from these
models. Additionally, it discusses model-interchange Formats like PMML, PFA, and ONNX,
which provide standards for exchanging machine learning models between different platforms
and frameworks. Those articles [89, 90] discuss ThingML as a foundational project, given its
integration with the EMF and the Xtext framework. The authors adapted this project to their
needs and incorporated a DA component that enables access to DAML libraries and frame-
42
works, such as Scikit-Learn [177] and Keras, at the design time and this confirms that their
ML-Quadrate method is the unique approach capable of supporting DAML, the IoT/CPS do-
main, and code generation. Furthermore, they have expanded the capabilities of the Java code
generator in ThingML to include the generation of Python code which is responsible for im-
plementing DAML functionalities by using the APIs provided by Scikit-Learn and Keras for
this purpose.
The approach’s workflow (c.f. Figure 2.15) offers numerous parameters and choices, one no-
table parameter is the switches between enabling or disabling data analytics modules, setting
the Automated ML feature to ON, trying to automatically select the best option of the desired
ML method. That would greatly benefit software developers who might be a novice in the
field of DAML.
Desired ML method
not there
Desired ML method
pre-defined
Augment software
model with
Choose an ML references to
model the pre-trained
architecture ML model &
library (black-
box ML)
«End
user»
Interact
Run the model-to-code No DAML needed with /
transformations use the
generated
IOT
Run the service
generated
No Yes build script
Software
model valid
& complete?
Deploy &
run the IOT
service
Smart energy systems case study. The authors describe a case study focused on IoT/CPS in the
context of smart energy systems within smart homes, using publicly available data from a UK
residential building available through the REFIT datasets [178]. The data covers 21 months,
capturing the power consumption of various electrical appliances and the total household
load. This study explores scenarios where ML is used to predict the state of specific appli-
ances, such as a washer and dryer, when data is missing. It considers four different scenarios:
classification, clustering, regression, and black-box machine learning. The system architecture
involves smart meters, a database server, and a DAML server to predict missing values.
• Supervised (MLP): In this experiment, precision, recall, and F1-Measure metrics were
exceptionally high at 99.9%, 100%, and 99.9%, respectively, and took 3,552 seconds for
43
training.
• Unsupervised (Clustering): Training the clustering model is notably faster, taking only
13 seconds compared to the supervised model in the previous scenario. The clustering
model achieved an accuracy of 92% on unseen test data.
• Supervised (Regression): For measuring the performance of regression, the typical error
measures, Mean Absolute Error (MAE), as well as the Mean Squared Error (MSE). the
achieved MAE was 10.1, and the MSE was 29,962.1.
ML-Quadrat evaluation. This paper mentions that the evaluation (c.f. Table 2.3) was by eval-
uators who are familiar with Java and Python programming and ML, and they have study
documentation that provides guidance and instructions for using ML-Quadrate and creating
smart IoT services using the prior work ThingML. The project includes a basic example in-
volving two things connected to the IoT: a "ping client" and a "pong server." In this scenario,
the ping client sends ping messages to the pong server, and the server responds with pong
messages. In a real-world scenario with a large number of clients, the authors suggest using
machine learning (ML) to prevent Distributed Denial of Service (DDoS) attacks. They pro-
pose the introduction of a new component responsible for DAML and designed to predict if a
client is likely to be an attacker or not. When the server receives a ping message, it consults
the DAML component to determine whether to respond with a pong message or ignore the
request. It may also involve putting the client on a blacklist for a certain period if necessary.
The evaluators have noted improved scores in comparison to both previous efforts and manual
software development in the results. The proposed approach demonstrated a significant pro-
ductivity improvement of around 25% compared to prior work (ThingML) and a substantial
236% improvement compared to manual software development. Additionally, the authors be-
lieve that the value of their approach could be even greater when dealing with heterogeneous
IoT cloud and edge platforms.
44
In another paper, A.Moin et al. [90] propose an alternative approach to model the behavior of
components, known as "things" in ThingML. This innovative perspective empowers users of
the tool to delegate the task of defining a thing’s behavior to AI algorithms, specifically ML
algorithms. These algorithms are capable of making inferences based on observed data. In
general, for complex behaviors that prove challenging to comprehend and specify using tradi-
tional state machines, ML algorithms can autonomously learn these behaviors efficiently and
effectively.
Hybrid systems. The physical world often involves continuous dynamics represented by vari-
ables changing continuously over time, and this is well captured by mathematical tools such
as differential equations and integration theory. On the other hand, digital components in
CPS are typically discrete and can be represented by finite states. This is where discrete event
systems, state machines, and Petri Nets become valuable tools for modeling. Discrete event
systems focus on events that occur at distinct points in time, and state machines provide a
way to model the behavior of a system based on its discrete states and transitions between
them. Petri Nets, a mathematical modeling language, are also commonly used to represent
and analyze the flow of events and states in systems. The challenge lies in integrating these
two distinct modeling paradigms. Hybrid systems [91], which combine both continuous and
discrete dynamics, are one approach to bridge the gap between the physical and digital aspects
of CPS. These systems may involve continuous physical processes that are influenced by dis-
crete digital control systems. To address these challenges, researchers in this paper introduce
an extension to the existing approach for specifying behaviors using state machines (c.f. Fig-
ure 2.16). This extension enables the utilization of advanced DA algorithms and methods for
event detection, the triggering of state transitions, and modifying the system’s behavior using
the data received from the sensors.
Figure 2.16: State machine modeling the behavior of a Smart Air Conditioner based on the
room temperature [90]
Comparison of MontiAnna & ML-Quadrat. Kirchhof et al. in [92] lists its contributions, which
include a case study that demonstrates the use of MontiAnna and ML-Quadrat for modeling
ML-enabled software, a functional comparison of these two model-driven tools, and an explo-
ration of how MDE can support different aspects of ML-driven software development. The
paper mentions that it uses the MNIST [179] calculator model as a common ground.
MontiAnna [93] (c.f. Table 2.4) is a textual modeling framework and build system that ensures
the creation of deep ANNs with a specific emphasis on IoT applications. It operates within
the EmbeddedMontiArc modeling language, adopting a component-based approach that en-
capsulates software functionality within well-defined components connected via input and
output ports. Each ANN is considered a component within the software architecture, with
ports directly mapped to the neural network’s input and output layers. MontiAnna stream-
lines the management of trained model weights through its build system. It automatically
detects ANNs within the software architecture and resolves model weights during the build
process. If no pre-trained weights are available or if there are changes to the network model
or training data, the build system autonomously retrains the network. This automation mini-
mizes the need for manual involvement in the machine learning life cycle.
45
Dynamic/Imperative
component interface
Layer independence
Low-level operators
Mobile deployment
Layer composition
Parameterization
C & C integration
General purpose
Static/Symbolic
Directed acyclic
Layer stacking
Deep learning
computation
computation
framework
framework
Interfaces
Type-safe
graphs
MontiAnna ✓ ✓ ✓ - ✓ ✓ ✓ ✓ MontiAnna * * - *
Theano - - ✓ ✓ ✓ ✓ ✓ ✓ Python ✓ - ✓ -
Torch - - ✓ ✓ ✓ ✓ - ✓ Lua, C - ✓ ✓ -
PyTorch - - ✓ ✓ ✓ ✓ - ✓ Python - ✓ ✓ -
Command Line,
Caffe P - ✓ - - - ✓ - C++, Matlab, ✓ - - -
Python
Caffe2 - - ✓ ✓ ✓ ✓ - ✓ Python, C++ ✓ - ✓ ✓
TensorFlow - - ✓ ✓ ✓ ✓ ✓ ✓ Python, C++ ✓ -** ✓ ✓
Python, C++,
R, Julia
MXNet P - ✓ ✓ ✓ ✓ ✓ ✓ Matlab, Go, ✓ ✓ ✓ ✓
Scala, Perl,
JavaScript
Keras - - ✓ - ✓ ✓ ✓ ✓ Python ✓ * - *
Matlab NNT ✓ - ✓ - P P ✓ ✓ Matlab ✓ - - -
Table 2.4: Comparison of established deep learning frameworks and languages, ✓: yes, P:
partially, -: no, : depending on chosen backend, *: provided by extensions. [93]
Machine learning models in MontiAnna are structured with a neural network architecture
component and a separate configuration model. These components define the desired training
scheme and encompass hyper-parameter settings. Tag models enable the association of ver-
sionable training data and weights with the ANNs.
MontiAnna also offers a library of pre-built training pipelines, including supervised learn-
ing, reinforcement learning, generative adversarial networks (GANs), and variational autoen-
coders (VAEs). Moreover, it provides the flexibility to create custom pipelines and compo-
nents using Python code, promoting modularity and adaptability. Configuration parameters
for different pipelines are managed using a modular schema system, allowing for parameter
inheritance and combination. MontiAnna’s versatility extends to IoT applications through in-
tegration with MontiThings, a DSL-based framework. This allows for the specification of IoT
component behavior, even in cases where edge devices have limited computational resources.
As an example, MontiAnna can be used to train simplified speech recognition models for IoT
devices to detect specific phrases and trigger actions. Additionally, this paper provides a com-
parison of various critical elements between MontiAnna and ML-Quadrat. The comparison
(c.f. Table 2.5) encompasses the problem domain and integration, modeling methodology, ML
methods, target ML libraries and frameworks, ML pipelines, modularity, compatibility, Au-
toML, and the management of generated artifacts.
46
Propreties MontiAnna ML-Quadrat
1 Problem domain ML self-contained (or to- ML-enabled IoT services
gether with MontiThings for
the IoT)
2 Integration Component encapsulation in Encapsulation in ThingML
EmbeddedMontiArc / Mon-
tiThings
3 Modeling methodology Multiple DSLs Single DSL
4 ML methods Various ANNs with super- Various supervised, unsuper-
vised, unsupervised, and re- vised, and semi-supervised
inforcement learning ML approaches
Target ML libraries
5 MXNet Gluon, TensorFlow, Scikit-Learn and Keras (with
& frameworks
PyTorch, Caffe2 the TensorFlow backend)
Target languages
6 Python (training and run- Python (for ML), Java, C,
for code generation
time), C++ (runtime) JavaScript, and Go
7 ML pipelines Modeled via the DSL; func- Out-of-the-box
tionality out of the box or im-
plemented by user
Modularity
8 Pre-trained networks can be Any pre-trained ML model in
and Compatibility
loaded as network layers and Sckit-Learn or Keras may be
ONNX imported/ plugged in
9 AutoML Neural Architecture Search Rule-based and through
with AdaNet, hyper- Bayesian Optimization
parameter optimization and (Hyperopt)
component-based AutoML
planned
10 Re-training Re-training only if data or Event-based automated re-
model have changed, event- training, for example, when
based automated re-training new data arrive, or timer-
based
11 Generated artifacts Full source code contain- ML models, full source code
ing ANNs (from CNNArch- (including the Python scripts
Lang models) and ML model for pre-processing, training,
training scripts (from Con- and prediction), build and
fLang), complete source code run scripts.
and dataflows or only inter-
faces (from Pipeline Model
created with EmbeddedMon-
tiArc and ConfLang)
12 Artifact management Maven-based artifact re-use Apache Maven projects gen-
(source code, trained models, erated for Java
datasets are packaged inde-
pendently)
The initial aspect under comparison concerns the problem domain and integration capabilities
of the two modeling tools. MontiAnna offers the flexibility to create standalone ML applica-
tions and ensure integration into the IoT domain through MontiThings. On the other side,
47
ML-Quadrat offers an integrated modeling language that encompasses both IoT and machine
learning, serving as a comprehensive solution for heterogeneous and distributed IoT services.
Also, The two tools differ in their modeling methodologies and the ML methods they sup-
port. Both are research prototypes in active development, We can predict that these open and
collaborative approaches will contribute to synergies and network effects within the SE and
ML communities and this will lead to the rapid adoption and extension of MDE tools for ML,
benefiting both academic research and industry applications soon.
48
Figure 2.17: Domain Meta-Model [94]
• IO: Represents inputs and outputs of the model, including the data type.
• DriftDetector: Represents the periodic execution of an algorithm to detect drift and de-
cide on corrective actions.
The domain experts can define the drift detector’s name, execution frequency, and the algo-
rithm to be executed. Two types of drift detectors are distinguished such as DataDriftDetector
which Requires unlabelled samples received over time and labeled training samples and Con-
ceptDriftDetector which Requires predicted labels and actual labels of unlabelled samples.
The provided meta-model outlines the behavior of the ML monitoring system but does not
delve into specific technical implementation details. It’s important to note that multiple valid
implementations are feasible. An example of such an implementation is based on Kubernetes
49
(c.f. Figure 2.18). Using Epsilon Generation Language (EGL) model-to-text extension in EMF,
the authors employed the transformation to generate a Kubernetes manifest. This manifest is
then used for deployment via Kubernetes’ CLI tool, facilitating the creation of ML monitoring
systems aligned with domain expert specifications. The resulting system effectively translates
the behavioral specifications provided by a domain expert within the MDE model.
• Inference Service: Provides a model server for responding to inference requests. Contains
a logger that produces events about the server’s requests and responses developed by the
Kubeflow project.
• Message Queue: Receives events from the logger and routes them to the database writer
service. Implemented using Broker and Trigger custom resources, developed by the Kna-
tive project.
50
Collects feedback about the ML model’s performance, such as ground truth labels for
inference requests. Implemented using a Service custom resource by the Knative project.
• Database: A standard MySQL database for persisting data. Implemented using Deploy-
ment, Service, and PersistentVolumeClaim resources from Kubernetes.
• Drift Detection Execution: Periodically executes the drift detection algorithm specified
by the domain expert. Implemented as a CronJob resource from Kubernetes. Uses a
containerized application that retrieves test set data from the database and training set
data from cloud storage. Passes the data to a function implementing the drift detection
algorithm. Also, sends email alerts if drift is detected.
• Proxy: Handles incoming HTTP requests and checks the request’s path. Forwards the
request to either the inference service or the database writer based on the path. Im-
plemented using a VirtualService custom resource by the Istio project. This system is
designed to implement the behavior specified by a domain expert in the MDE model
without specifying the technical implementation details.
By offering these features, the web application simplifies the deployment of ML monitoring
systems, making the process more accessible for domain experts with varying technical back-
grounds. It streamlines the definition and deployment of these systems based on MDE models,
enhancing user-friendliness and flexibility without necessitating deep technical expertise.
The authors outline various areas of improvement and development for this approach to ML
monitoring in their future work. These include enhancing scheduling capabilities to accom-
modate more complex scenarios, creating a comprehensive abstraction for drift detection al-
gorithms, expanding response actions to drift, and enabling incremental updates for deployed
ML monitoring systems. Additionally, the authors plan to conduct a comprehensive evalua-
tion, focusing on the solution’s general applicability and empirical effectiveness, to validate
the practical advantages of their approach in real-world applications.
51
Figure 2.19: Relations between a meta-model, model, and object graphs [96]
In [96] Hartmann et al. introduced a new meta–meta-model (c.f. Figure 2.20) that is based on
MOF/EMOF and includes additional concepts for directly representing ML within the domain
modeling language. These meta-classes, in turn, can have a variable number of properties that
encompass attributes, relationships, and what authors refer to as "specified properties."
Specified properties are further categorized into learned and derived properties where learned
properties refer to attributes or relationships that will be acquired through a specific ML algo-
rithm. A particular learning algorithm can be designated using the "specification" labeled as
"using," and any required algorithm parameters can be defined using the "parameter" speci-
fication and the "feature" specification permits access to properties from other metaclasses or
enums.
52
Coarse-grained vs fine-grained learning. The same paper discusses coarse-grained learning
involves extracting common patterns and behaviors from extensive datasets to address un-
known behaviors that typically focus on capturing trends and behaviors across large datasets.
On the other side, fine-grained learning requires applying learning algorithms to specific el-
ements or subsets of a dataset rather than seeking commonalities across the entire dataset.
Deciding which portions of the dataset should be considered for each learning algorithm often
requires domain knowledge, which can be structured as domain models.
Moreover, learning algorithms can deduce behavioral models based on past instances, rep-
resenting the common behaviors learned from the data. However, when datasets consist of
independent and diverse entities with significantly different behaviors, searching for a single
coarse-grained common behavior may not be effective or suitable, especially in complex do-
mains like CPSs. Coarse-grained learning can give inaccurate results for systems composed
of heterogeneous entities with distinct behaviors. Furthermore, in cases of data changes, the
entire learning process must be recomputed, which can be time-consuming.
On the other side, fine-grained learning was introduced as a contribution in this context,
regarding that it can significantly enhance efficiency such as segmenting the problem into
smaller, more manageable units, insisting that micro-learning is a good solution for addressing
the diversity of unknown behavioral models in systems composed of heterogeneous elements
with distinct behaviors believing that combining small learning units will prove effective in
constructing probabilistic prediction models.
Smart grid case study. In this approach around using micro-learning units, finely-grained
learning components are designed to break down complex learning tasks into reusable, chain-
able, and independently computable elements. For example (Figure 2.21) provides an exam-
ple featuring a SmartMeter metaclass, defining attributes and introducing both derived and
learned properties.
When specifying a learned property like "powerProbabilities" the approach automatically gen-
erates code to weave machine learning algorithms into meta-model instances, creating mi-
crolearning units. These units are associated with both object instances and states.
The authors introduce the modeling language, which is designed to enable the definition of
domain data and its structure and facilitates the integration of machine learning (via learned
properties) with domain modeling. It allows for defining relationships between learned prop-
erties, domain properties, and other learned properties, ensuring composition, reusability, and
independent computation. Additionally, microlearning units can be computed in a distributed
manner, with each unit processed on separate machines thanks to a shared model state en-
hancing efficiency through a bulk-synchronous parallel approach. The modeling language is
inspired by established meta-modeling languages such as UML, SysML, and EMF Ecore. It
extends the semantics of UML class diagrams with the concept of microlearning units.
53
Integrating machine learning into models. The authors describe patterns for integrating ML
into models, similar to design patterns that have emerged from modeling methodologies to ad-
dress common issues. They explore how the language can be applied in a concrete smart grid
use case with various combinations of ML and domain modeling. An example of SmartMeter,
which includes two attributes, activeEnergy, and reactiveEnergy, along with a relationship to
a customer was presented. These attributes are the typical domain properties of a SmartMeter
class and another attribute named anomaly to automatically detect abnormal behavior based
on the profiling of active and reactive energy using the Gaussian anomaly detection algorithm
as the learning method.
c l a s s SmartMeter {
a t t a c t i v e E n e r g y : Double
a t t r e a c t i v e E n e r g y : Double
r e l customer : Customer
l e a r n e d a t t anomaly : Boolean {
from " a c t i v e E n e r g y "
from " r e a c t i v e E n e r g y "
using " GaussianAnomalyDetection "
}
}
The generated API provides suitable methods such as train and inference for working with
the anomaly attribute. While it can be used similarly to "normal" attributes, these methods
allow for training and inference based on the ML model. Also, The template of the Gaussian
mixture model algorithm is implemented in GreyCat and used by the code generator to cre-
ate ML functionality in the domain class. This approach is realized using IntelliJ Integrated
Development Environment (IDE). The development workflow in the framework aligns with
standard MDE practices, commencing with the definition of a meta-model. The framework
includes a code generator based on Apache Velocity. This code generator is capable of produc-
ing APIs for object-oriented languages like Java and TS. The generated classes are conceptually
similar to those created by frameworks like EMF, but they extend their capabilities with ML
features. The framework offers flexibility in terms of the ML algorithms that can be integrated
such as regression, classification, clustering, and Profiling (Gaussian Mixture Models (Simple
and Multinomial)). The authors conduct an evaluation of the approach aiming to determine
whether micro-learning can offer greater accuracy compared to coarse-grained learning. All
evaluations were on an Intel Core i7 2620M CPU with 16 GB of RAM and Java version 1.8.
The accuracy of micro-learning profiling was found to be approximately 85%, whereas coarse-
grained learning achieved an accuracy of 72% while a Gaussian mixture model was used as
the profiling algorithm in both cases. The average prediction error in microlearning was 3,770
Wh, while coarse-grained learning resulted in an average error of 6,854 Wh. Microlearning
appears to be more accurate, reducing the error between prediction and actual measurement
by half, and sufficiently fast to support real-time (c.f. Figure 2.6), live learning applications by
evaluating the time required to load data and perform live profiling for different numbers of
users and power records.
54
Number of users Number of records Loading data time in s Profiling time in s
10 283,115 4.28 1.36
50 1,763,332 21.94 7.20
100 3,652,549 44.80 14.44
500 17,637,808 213.80 67.12
1000 33,367,665 414.82 128.53
5000 149,505,358 1927.21 564.61
Scalability test over 5000 users and 150 million power records
The results showed that loading the data was a time-consuming task, taking around 32 minutes
to load and parse the dataset from disk when dealing with 5,000 users and 150 million power
records. On the other hand, the time spent on profiling using micro-learning was significantly
less, taking less than 10 minutes. Both the loading and training times showed a linear relation-
ship with the number of records loaded (O(n) complexity), indicating that performance could
be improved by distributing and parallelizing the computation. The results demonstrated that
the framework could handle more than 60,000 values per second on a single computer, com-
parable to data processing frameworks like Hadoop.
General applicability of the presented approach and modeling language. The general appli-
cability of the approach is demonstrated through examples from different domains, showcas-
ing how ML can be seamlessly integrated into domain modeling. Two examples are provided,
one from the domain of recommender systems and another from the domain of transportation
systems
The recommender systems aim to provide recommendations based on users’ prior actions.
Three common types of recommender systems are user-user, item-item, and user-item recom-
menders. The proposed modeling language allows the integration of all three types within the
same model, providing flexibility for system designers. Fine-grained profiling and recommen-
dation can be achieved by attaching profiles to users and products. Profiles can be updated
in real-time after every purchase. User clustering for user-user recommenders, product clus-
tering for item-item recommenders, and fast matching between user and product profiles for
user-item recommenders can be implemented.
The transportation systems aim to optimize public transportation by suggesting different trans-
portation alternatives to users. Fine-grained profilers can be created for various aspects, such
as taxi fare pricing, road traffic, and parking availability. These profiles are independent, fine-
grained, and reusable learning units in the modeling language. A recommender system can
use the information from these learning units to calculate recommendations.
55
ontological categories relevant to robotics. Several surveys and works related to knowledge
representation in autonomous systems and UAVs are highlighted, such as KnowRob [100] for
knowledge processing, Perception and Manipulation Knowledge (PMK) for enhancing robotic
capabilities, and the "dronetology" ontology for UAVs. The authors note differences between
UML’s Closed World Assumption (CWA) and ontologies’ Open World Assumption (OWA)
and the need for addressing semantic heterogeneity in distributed systems.
The proposed solution involves integrating standardized ontologies into MBSE tools like Pa-
pyrus [180], the approach aims to enable expert knowledge reuse, enhance knowledge ac-
quisition, and refine system models. It emphasizes the potential for ontologies to provide a
consistent and computer-interpretable foundation for system design, improving the accuracy
and precision of system implementations in complex domains. The article highlights the use
of two key ontologies: the Core Ontology for CORA and the Drone Components ontology
(ODrone), developed for specific drone-related concerns. ODrone is integrated into CORA
to provide a standardized vocabulary for describing drones and their components, making
it more accessible and useful for system designers and introduces specific device types, in-
cluding ActuatorDevice, SensorDevice, CommunicationsDevice, ComputingDevice, and En-
ergySourceDevice. Each inherites properties from CORA, to facilitate a common language for
describing drone components. It also defines the roles that devices can perform within a drone
system, adding precision to the relationships.
Furthermore, the paper outlines the modeling of interactions between drone system parts us-
ing the isConnectedTo relation and its specializations (suppliesTo, bus, attachedTo). These
relations help describe how devices interact, sharing data, or physical connections within an
ArtificialSystem. The formalization of these concepts in OWL ensures a high degree of se-
mantic clarity and consistency within the ontological framework that was used to represent,
exchange, and analyze information. OML simplifies the complexities of OWL, making it more
user-friendly.
The workflow (c.f. Figure 2.22) begins with UML specification files (.uml), which contain re-
sources for modeling systems. Then, An adapter is used to convert UML specifications into
an OML vocabulary. Then, The DSL, specific to the domain of interest (UAVs), is represented
in OML format. Concepts from ODrone are mapped to UML constructs, and specific seman-
tics are defined by a knowledge engineer. After that, Using the DSL in OML format, a UML
profile is automatically generated. This profile extends the UML language and includes an-
notations from the ODrone ontology. At that point, The generated UML profile is imported
into the Papyrus UI, where system designers use it to model a system. The final step involves
transforming the annotated UML model back into OWL format using a custom UML2OWL
adapter specific to the ODrone ontology. Constraints expressed as queries, rules, or complex
concept definitions can be evaluated on the annotated UML model.
56
Figure 2.22: Workflow, resources, and actors for the implementation of the approach [97]
To ensure that the semantics of ontology concepts are preserved throughout the transformation
into UML and back to OWL, a mapping has been implemented between ODrone and UML,
targeting class diagrams and composite structure diagrams. The mapping allows for the ex-
tension of the current ontology by defining new classes in UML. These extended classes and
their definitions become part of the ontology, offering the potential for reuse in new designs
or external tools and services compatible with ODrone and CORA. Once the ODrone UML
profile is available, it can be used to stereotype UML elements in a system design.
The authors present some examples that even when certain information is not explicitly pro-
vided in the UML model, the reasoner can infer it, based on the mappings and ontology seman-
tics. In a second example, when UML instances are created and interconnected, the reasoner
evaluates whether an instance has all the necessary and sufficient parts of the required types
and whether these parts are interconnected as intended. This example highlights how inverse
roles, class inheritance, and relations inheritance are used to draw inferences about complex
concept definitions while preserving ontology semantics. As an example focuses on reusing
knowledge from the CORA standard shows how knowledge formalized in logic axioms can be
reused to draw inferences about the UML model and demonstrates how SPARQL [101] queries
and SWRL [102] rules are used to enforce compliance with the standard.
57
Figure 2.23: Meta-model for the CRA case [103]
The CRA case is important in the context of Model-Driven Optimization (MDO). which is re-
lated to creating high-level designs for object-oriented systems. In this context, the author’s
goal is to perform a crossover technique to create offspring solutions. This case study helps
demonstrate the practical application of MDO principles and tools in the software engineering
domain. This paper provides an example of a crossover between two solutions, E and F (c.f.
Figure 2.24), for the same problem instance. The crossover combines the best aspects of both
solutions to create offspring solutions O1 and O2. This example demonstrates how crossover
can lead to the creation of new solutions by recombining parts of existing ones.
Figure 2.24: Two solution models E and F of the CRA case and their offspring O1 and O2
generated by applying crossover [103]
This paper mentioned that crossover can lead to infeasible solutions, meaning they may vio-
late constraints or have low fitness. In such cases, infeasible offspring can either be repaired
after crossover or discarded. It outlines a specific splitting algorithm that serves as a funda-
mental component of the crossover operator. The algorithm’s primary objective is to divide
problem-rooted EMF models into two sub-models, E1 and E2 while ensuring that they remain
rooted EMF models and valid solutions for a given problem instance. The authors provide a
detailed algorithm for this recombination, focusing on the determination of a crossover point
(CP) that serves as a common sub-model for the split points of the parent models. This CP
includes the problem model and extends it, ensuring that the offspring models remain rooted
in EMF models with valid containment hierarchies. The strength point of this algorithm is its
configurability, allowing for domain-specific adaptations to deal with the specific needs and
58
constraints of diverse optimization tasks.
For the evaluation of the proposed algorithm (c.f. Table 2.7 and Figure 2.25 ), the authors aimed
to answer whether an evolutionary search of models could be more effective by incorporating
both mutation and crossover instead of relying only on mutation. The experiments used a
framework called MDEOptimiser [181] and the NSGA-II evolutionary algorithm [182] to opti-
mize problem instances related to CRA case, ranging from small to large models. The authors
applied Henshin transformation rules [183] as mutation operators and introduced a crossover
operator.
Algorithm Metric A B C D E
M100-C0 Mean HV 0.924 0.841 0.738 0.574 0.596
M100-C100 Mean HV 0.846 0.332 0 0 0
M100-C10 Mean HV 0.915 0.838 0.743 0.538 0.455
M100-C10-R Mean HV 0.929 0.871 0.759 0.584 0.609
M100-C20-R Mean HV 0.934 0.883 0.77 0.576 0.595
M100-C30-R Mean HV 0.933 0.879 0.779 0.583 0.579
M90-C10-R Mean HV 0.89 0.603 0.506 0.601 0.594
M80-C10-R Mean HV 0.774 0.586 0.538 0.483 0.618
Figure 2.25: Cumulative approximation sets of selected algorithm variants for model D [103]
The results demonstrated that adding crossover (along with the repair step) to the evolution-
ary search process can be more effective and enable a broader exploration of the search space
compared to using mutation alone. Notably, the evaluation revealed that lower mutation rates
can be more effective for larger models, as higher crossover rates could lead to constraint vio-
lations.
59
2.4.4 Supporting Delay-Sensitive IoT Applications: A Machine Learning Approach
The paper [104] addresses the challenge by proposing a hierarchical network architecture, such
as heterogeneous cloud radio access networks (H-CRANs) [105] and cooperative cloud-edge
computing. These architectures leverage network function virtualization and software-defined
networking to enhance network-wide management. authors mention that cloud computing is
central in processing tasks, but the increased computing demands call for strategies like task
offloading to relieve cloud servers. In parallel, edge computing processes tasks at the network
edge, ensuring low latency for delay-sensitive applications in areas like e-health, manufactur-
ing, and connected vehicles. To minimize delay, the authors propose an approach by classi-
fying the incoming tasks into delay-sensitive (e.g. biomedical sensors) and delay-insensitive
(e.g. climate monitoring) categories. In this approach supervised machine learning, particu-
larly decision trees, is employed to classify tasks efficiently. The model is trained and tested
using simulated datasets, considering the nature and category of IoT applications (c.f. Ta-
ble 2.8). Four distinct IoT types and categories are considered, and delay-sensitive tasks are
labeled as 1, while delay-insensitive tasks are labeled as 0.
Table 2.8: Simulating delay requirements of the proposed IoT applications [104]
The authors introduce a priority-based edge computing model to manage the increasing vol-
ume of IoT tasks arriving at edge devices(c.f. Figure 2.26). To prevent overloading and perfor-
mance degradation, this model incorporates the concept of an M/M/k queuing system. The
usage factor (ρ) of the M/M/k queuing system is defined as ρ = λ/(kµ), where λ represents
the task arrival rate, k is the number of servers, and µ is the service rate and is essential for ρ
to remain below 1 for system stability.
The authors mention that the user delays in a priority queuing system are attributed to three
distinct waiting periods, namely, remaining service time for users being served, users with
equal or higher priority already in the queue, and users with higher priority arriving later.
The evaluation of the model involves calculating key metrics, including accuracy, precision,
and recall, using a confusion matrix. The simulation leveraged a machine learning model
trained with Python’s libraries and a dataset created using MATLAB’s random functions. The
60
dataset contained 1000 samples, with 700 allocated for training and 300 for testing, wherein IoT
tasks were characterized by their ’IoT Type’ and ’Category.’ The model employed a decision
tree with four levels to categorize tasks based on specific conditions, resulting high accuracy
of 0.96, a precision of 0.93, and a recall of 1.
Furthermore, the study explored the advantages of prioritizing delay-sensitive tasks, reveal-
ing a substantial reduction in queuing delays for such tasks compared to delay-insensitive
ones. These findings underscore the effectiveness of machine learning in IoT task classification
and provide valuable insights for enhancing the performance of mobile computing networks
through task prioritization at the edge device.
A Labeled Dataset for Advancing ML in MDE. In [106] López et al. cite that the previous
ML applications in MDE have included using ANNs for classifying meta-models into applica-
tion domains, clustering techniques for organizing collections of models, and graph kernels for
characterizing similar models, But, one significant challenge in applying ML to MDE is the lack
of high-quality datasets for training rich ML models since the existing datasets are often small
in size or not well-organized, making them less suitable for training ML models effectively.
Even dataset labeling often involves manual intervention, which can be a time-consuming pro-
cess. It involves investigating the specifics of a model, exploring similar models, and searching
for external sources of information to assign an appropriate label. Also labeling Ecore meta-
models necessitates familiarity with EMF and its ecosystem, while annotating UML diagrams
requires an understanding of the different UML diagram types.
Traditional methods for addressing this issue involve clustering techniques, such as K-means
or hierarchical clustering, which can be used to group models that have limitations (c.f. Fig-
ure 2.27), such as the need to predefine the number of clusters, which is often unknown in
advance.
To overcome these issues, a proposed methodology to speed up the labeling process for soft-
ware models was mentioned. This methodology is supported by an Eclipse plug-in that allows
for interactive, semi-automatic labeling by grouping similar models using a search engine. The
presented methodology, referred to as Greedy Methodology for Fast Labelling (GMFL) was de-
signed to facilitate dynamic and user-driven clustering of models. This algorithm allows the
user to label models while considering their similarities, thereby minimizing the cognitive load
and streamlining the labeling process.
The strategy for determining the order in which unlabelled models are presented to the user in
the GMFL labeling methodology is by prioritizing the models with a higher likelihood of the
selected model. Therefore, this approach boosts user confidence and feel more productive. The
exploration order is by converting models into text documents. This conversion is achieved by
considering the values of string attributes, typically the names of model elements within each
model. A Term Frequency-Inverse Document Frequency (TF-IDF) [184] approach is applied
61
to transform each document (model) into a vector. This vectorization technique is commonly
used in natural language processing and information retrieval to represent documents based
on the importance of terms within them. For each document, its density is calculated. This
density is determined as the average similarity with its k nearest neighbors to measure the
similarity between models. Models with a higher density, indicating more similarity with
other models in the dataset, are selected first for exploration.
The proposed approach involves using off-the-shelf search engines (using Whoosh [185]) to
determine model similarity. Initially, a model (model a) is chosen to start a new streak. A
ranked list of unlabelled models is obtained based on their similarity to the chosen model (c.f.
Figure 2.28). Models in this list are labeled with the same category as the starting model, effec-
tively initiating a streak.
Figure 2.28: Algorithm execution starting with a fault tree model [106]
The evaluation of the GMFL algorithm (c.f. Table 2.9) was in emulating the user’s actions.
This process introduces two metrics: streak size (the number of models labeled in a row with
the same category) and repetition size (the number of times a streak with the same label reap-
pears). Additionally, three clustering approaches are compared: K-means, hierarchical cluster-
ing (HC), and DBSCAN. The number of clusters is estimated based on the number of identified
categories.
ECORE UML
Savg Smax Rcat Savg Smax Rcat
Random 1.03 5 19.53 1.06 4 29.95
K-Means 3.51 93 5.74 3.76 373 8.41
HC 3.98 165 5.06 2.57 209 12.30
DBSCAN 1.46 53 13.76 1.26 84 24.99
GMFL 4.45 183 4.52 4.58 277 6.90
The results indicate that the random method and DBSCAN perform poorly. The K-means and
HC approaches did better, assuming the number of categories is known in advance. However,
62
in situations where categories are discovered during dataset exploration, GMFL outperforms
the clustering approaches, as it enables users to label more models in a row and reduces the
cognitive load. GMFL exhibits larger average streak sizes (Savg) and smaller repetition ratios
(Rcat) compared to other methods and proves effective for labeling software models, especially
when the number of categories is not predetermined.
The paper introduces ModelSet [186], a dataset containing 5,466 Ecore meta-models and 5,120
UML models with associated labels. This dataset aims to address the lack of large, well-
organized datasets for software models in MDE. The models are collected from well-known
model repositories such as GitHub and GenMyModel and then validated and organized. This
dataset was labeled by two authors with over a decade of modeling experience. While they
performed the process individually, they established milestones to discuss labeling criteria and
unify their approach, they performed ML algorithms such as detecting dummy models and re-
moving them from the dataset. Also, the approach used to infer tags for models based on their
content. By training the model on a dataset with tags provided, it learns to associate tags with
specific features or characteristics of the models. This process is particularly useful for models
that do not have tags explicitly assigned and allows for the automatic generation of descriptive
tags to facilitate search and categorization.
To infer tags for models, a neural model is used . It is a simple neural network that learns the
weights of two layers. The Models are represented as TF-IDF vectors, which serve as input
features for the neural model. The model consists of two layers with weights and biases: W1,
b1, W2, and b2. The activation functions used are Rectified Linear Unit(ReLU) and sigmoid.
The output dimension of the neural model corresponds to the number of tags. Each output
coordinate represents the probability of a model belonging to a specific tag. The neural model
is trained using binary cross-entropy as the loss function and the Adam optimizer.
The authors discuss the results of a machine learning classification task for classifying models
based on categories. The models were evaluated using different machine-learning algorithms(
KNN (k-Nearest Neighbors), SVM (Support Vector Machine), and NN neural network mod-
els) and datasets (Ecore-555, ModelSet-Ecore, and ModelSet-UML). Cross-validation was per-
formed to select the best hyperparameters for each model. The models were trained on the
entire training set, and their performance was evaluated (c.f. Table 2.10) on the test set.
The results indicate that in Ecore-555, there were no significant differences between SVM and
the NN, while KNN performed slightly worse. In ModelSet-Ecore, SVM and the NN out-
performed KNN, with SVM being slightly better. For ModelSet-UML, SVM and the NN also
outperformed KNN. The Ecore-555 dataset had better accuracy results than ModelSet-Ecore,
likely because the classification problem in Ecore-555 was less complex (9 categories compared
to 80 in ModelSet-Ecore). The classifier was able to predict the category of an Ecore model
63
based on its content, such as recognizing concepts like StateMachine, Region, and so on. These
findings suggest that the classification problem of categorizing models can be effectively ad-
dressed using ML techniques. The choice of dataset, encoding technique, and ML algorithm
can influence the model’s performance, but overall, the task seems to be manageable, even
with a large number of categories.
2.5 Conclusion
In this chapter, we have explored the state of the art in MDE and its implications in the domains
of IoT and AI. We have observed the evolving landscape of technology, where abstraction, au-
tomation, and scalability are key drivers in addressing the complexity of modern software
systems. In the context of IoT, AI4MDE explores ways to enhance MDE with AI capabilities,
enabling intelligent decision-making and automation within the model-driven development
process. Also, MDE4AI offers promising avenues for the development of intelligent and con-
nected systems. By combining the strengths of MDE, IoT, and AI, MDE4AI enables the devel-
opment of intelligent systems using model-driven techniques, enhancing automation, scala-
bility, and reusability.
In closing, the integration of these domains holds immense promise for shaping the future of
technology, paving the way for the development of intelligent, interconnected systems that can
revolutionize various domains.
64
Chapter 3
Contents
3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
3.2 Formal Verification of IoT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
3.2.1 Formal Verification in reactive systems . . . . . . . . . . . . . . . . . 66
3.2.2 Formal instantiation of MDE. . . . . . . . . . . . . . . . . . . . . . . . 79
3.2.3 A Scalable Distributed Architecture Towards Unifying IoT Applications 84
3.3 Signal synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
3.3.1 Clock Synchronization Protocols . . . . . . . . . . . . . . . . . . . . . 86
3.3.2 Globally Asynchronous Locally Synchronous GALS systems . . . . . 90
3.3.3 Synchronous Languages . . . . . . . . . . . . . . . . . . . . . . . . . . 94
3.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
65
3.1 Introduction
In the development of complex software systems, synchronization mechanisms are fundamen-
tal to the development of concurrent and distributed systems, where multiple processes or
threads interact to achieve a common goal. These mechanisms ensure that concurrent opera-
tions occur in a coordinated manner, preventing issues such as data races and deadlocks. Over
the years, various synchronization techniques have been developed, ranging from low-level
primitives like locks and semaphores to higher-level constructs such as monitors and trans-
actions. Understanding and effectively utilizing these mechanisms are essential for building
robust and efficient concurrent software systems. Also, formal verification is a rigorous tech-
nique used to prove the correctness of a system concerning a formal specification. Unlike
testing, which only checks for correctness on a limited set of inputs, formal verification offers
mathematical certainty by exhaustively analyzing all possible behaviors of a system. This tech-
nique involves mathematical modeling of the system and its properties, followed by rigorous
verification using formal methods such as model checking, theorem proving, and abstract in-
terpretation.
This chapter aims to provide a comprehensive overview of the state of the art in synchroniza-
tion mechanisms and formal verification techniques. We will explore the underlying princi-
ples, recent advancements, and practical applications of these techniques in software engi-
neering. By understanding the current landscape and emerging trends in synchronization and
formal verification, we can gain insights into how these techniques can be effectively applied
to ensure the correctness and reliability of modern software systems.
66
Request
React to events
Continuely look for
next event
Response
A notable subdomain in reactive systems is a real-time reactive system that has time constraints
(c.f. Figure 3.2). It is designed to respond to input or events within a specific time frame, often
in a matter of milliseconds or microseconds. These real-time systems can be classified into two
main categories [187], namely, hard real-time and soft real-time systems.
• Hard real-time systems (c.f. Figure 3.2) have strict timing constraints, and if a deadline is
missed, it can result in system failure or even catastrophe (e.g. medical devices, aviation
systems, and nuclear power plants).
• Soft real-time systems have less strict timing constraints, and missing a deadline does
not usually result in system failure (e.g. multimedia applications, online gaming, and
traffic control systems).
67
non-determinism can lead to complex race conditions. These languages offer a specialized ap-
proach to developing reactive systems with strict timing demands.
We found a diversity of synchronous languages including Argos [111], which streamlines
real-time system development with accurate timing and synchronization. Atom, a DSL in
Haskell, expert in building dependable embedded systems. Averest[111] stands out for its
strong real-time support and verification capabilities, simplifying the complexities of reactive
system design. Esterel[110, 112, 113] excels in aerospace and automation applications. Lus-
tre[83] employs a dataflow-oriented approach and supports formal verification. SIGNAL[113]
specializes in multi-clock specifications, SOL[114] combines synchronous and asynchronous
concepts, and many other languages that collectively illustrate the diversity and impact of
synchronous programming paradigms across various domains.
We discovered that within these formal languages, some are more oriented toward managing
system behavior, with a lesser emphasis on data flows, and others exhibit the opposite focus
(c.f. Figure 3.3).
signals signals
Control
Data
sensors values
Esterel Lustre
Statecharts SCADE
Argos SIGNAL
EsterelStudio
Formal Method to Specify Distributed Mobile Real-Time IoT Systems. In the context of
distributed mobile real-time IoT systems, which involve the movement of physical objects in
geographical spaces and real-time communication with deadlines, the use of formal methods
during system design is essential. Process algebra is a well-suited formalism for modeling
these systems, as it can represent objects as processes and capture their movements and timed
communications. The paper [115] presents dT-Calculus, an extension of d-Calculus, as a pro-
cess algebra for specifying distributed mobile real-time IoT systems. dT-Calculus addresses
limitations in existing formal methods by providing capabilities to specify time properties,
such as ready time, timeout, execution time, and deadline, as well as priority and repetition.
dT-Calculus offers an innovative approach to modeling IoT systems, making it a valuable op-
tion for systems with complex real-time requirements. The choice of formal method should
depend on the specific needs of the IoT application being considered.
The paper discusses the use of process algebras like Timed pi-calculus, Timed Mobile Ambient,
and d-Calculus for specifying the characteristics of distributed mobile real-time IoT systems
during the design phase. However, it points out that these process algebras have limitations in
fully capturing the complexities of mobility and temporal properties in such systems. While
these formal methods offer valuable tools for modeling certain aspects of IoT systems, they
may not adequately represent the complexities of movement and precise timing requirements
often found in real-world IoT applications. Researchers and engineers in the field may need
to explore more expressive formal methods or a combination of formalisms to create more
comprehensive models for these systems. To overcome these limitations, the paper introduces
dT-Calculus which provides an advanced framework for capturing temporal properties re-
68
lated to actions and processes in IoT systems.
dT-Calculus is a process algebra designed for specifying and analyzing the movements of IoT
devices in a geographical space with temporal restrictions. It extends the capabilities of d-
Calculus by introducing five temporal properties such as ready time, timeout, execution Time,
deadline, and period. These properties help define the timing and scheduling aspects of spo-
radic and periodic actions in IoT systems. Additionally, graphical representations are provided
in the form of system and process views to aid in understanding system and process relation-
ships, making dT-Calculus a powerful tool for specifying and analyzing temporal properties in
IoT systems. In the comparison between dT-Calculus and other process algebras(c.f. Table 3.1),
dT-Calculus outperforms in expressing various forms of direct movements, both autonomous
and heteronomous, which are crucial for modeling IoT device mobility. On the other hand,
Timed pi-calculus relies only on value passing for mobility, limiting its capability to express di-
verse movement patterns. Timed Mobile Ambient provides three types of movement actions,
but it lacks support for passive or heteronomous movements. d-Calculus and dT-Calculus al-
low the specification of both autonomous and heteronomous movements.
Table 3.1: Comparison of dT-Calculus with other algebras by the IoT characteristics [115]
The paper introduces a tool called SAVE (Specification, Analysis, Verification, and Evaluation)
developed on the ADOxx meta-modeling platform. SAVE comprises four basic components,
namely, the Modeler which allows users to specify system and process views, the Execution
Model Generator (EMG) which generates an execution model for the specified views and en-
ables the selection of simulation paths, Simulator which generates a model for the selected
simulation, and Analyzer which conducts security analysis and verification by using model-
checking. SAVE offers two specification models, ITL (In-The-Large) and ITS (In-The-Small),
to support detailed specifications. From these specifications, the tool automatically generates
execution models, which show all possible execution paths and determine if each path is nor-
mal or leads to a deadlock. After generating an execution model, SAVE creates simulation
models for each execution path, representing the execution and movements. Based on these
simulation models, it becomes possible to analyze and verify the temporal requirements of IoT
systems.
Design of a Formal Verification and Evaluation Tool of RT Tasks Scheduling of IoT . RT IoT
applications are becoming increasingly important, posing challenges in terms of task schedul-
ing and communication delays. The study in [116] points out the importance of reliable com-
munication with minimal delays particularly for applications in healthcare and smart homes,
enabled by technologies like 5G. and reviews the history of simulation tools for real-time sys-
tems, highlighting their limitations and the need for web-based tools adapted to IoT contexts.
69
The authors in [116] propose a web-based tool for feasibility analysis and task scheduling in
real-time IoT systems. It leverages web technologies for remote access and tracking of real-time
tasks. The paper highlights the novelty of a web-based approach for real-time task visualiza-
tion, simulation, and tracking, with potential applications in IoT and smart cities aiming to
bridge the gap by proposing a novel tool for simulation, monitoring, and tracking in RT-IoT
applications, filling a crucial void in the field.
The proposed system architecture focuses on the development of a cloud-centric web-based
tool for simulating, visualizing, and tracking IoT tasks. This architecture aims to address the
limitations of existing tools, such as platform dependency and failure to keep up with modern
technology trends. The key modules of the architecture illustrated in 3.4 include Input, Pro-
cess, and Output.
• Input Module deals with task generation and configuration. Users can add, edit, upload
tasks, or delete them. The tasks can be of two types: periodic or event-driven. Common
task attributes include start time, execution time, period, deadline, urgency, and slack.
The input module allows users to create and configure tasks for analysis.
• Process Module applies scheduling algorithms to the input tasks. The proof of con-
cept considers two existing algorithms: Earliest Deadline First (EDF) for event-driven
tasks and Rate Monotonic (RM) for periodic tasks. The process module is responsible for
scheduling tasks based on these algorithms.
• Output Module presents the results of the scheduling algorithms in an effective user
interface. It provides various interfaces for different scheduling algorithms, focusing on
improving the user experience. The output includes performance measures like CPU
utilization, missed tasks, completed tasks, and timelines of task instances.
The interaction model involves the sequence of interactions among the task input module,
input buffer, algorithm controller, and visualization using the Model-View-Controller (MVC)
70
architecture. Users can initiate random task generation, which creates tasks based on their in-
put parameters and stores them in a CSV file. which is loaded into the input buffer, and virtual
instances of tasks are created for scheduling using the algorithm unit. Users can interact with
the visualization module to understand the response of input tasks using the specified algo-
rithms. The results are presented in HTML format through the MVC view and rendered to the
application user. The system can simulate and analyze the behavior of input task sets, evaluate
the feasibility of scheduling algorithms, and visualize results. The architecture is designed to
be cloud-centric, making it accessible remotely and leveraging modern web technologies for
improved user experience. It aims to be platform-independent and compatible with the latest
technology trends, enhancing the efficiency of real-time systems’ feasibility analysis and for-
mal proof. The system can be used in an IoT environment to schedule and monitor physical
tasks while ensuring they meet their deadlines. The system was implemented using a combi-
nation of technologies and tools for both the cloud-centric web application and the Raspberry
Pi-based IoT server. Here are the key implementation details:
The cloud-based web application communicates with the Raspberry Pi-based IoT server using
the HTTP protocol. The IoT server listens to incoming requests, processes them, and controls
various physical resources connected to it, such as LEDs, fans, sensors, etc.
The authors perform an experimental test bed for the proposed approach where the system
classifies tasks into two main types: critical tasks with a priority of 1 and non-critical tasks
with a priority of 0. For non-critical tasks, the system uses three physical IoT resources: a tem-
perature sensor, an LED actuator, and a fan actuator. On the other hand, critical tasks involve
the use of an e-Health sensor platform with two sensors, which are used to monitor the ECG
and pulse of elderly individuals under observation. The tasks are periodically simulated to
assess their response time and whether they are executed within specified deadlines. Input
parameters are provided via the web interface. The tasks associated with physical resources
communicate with a Raspberry Pi at predetermined times specified by the main algorithm.
This communication is achieved using general-purpose I/O (GPIO). The status of the algo-
rithms and tasks is displayed in real-time on the bash terminal of the Raspberry Pi and con-
71
nected devices, particularly for actuating devices like a fan. When both critical and non-critical
tasks are present in the system at the same time, the system gives priority to critical tasks. This
is indicated by unique color codes in the system (Rate-Monotonic (RM) is a priority-based
scheduling algorithm commonly used in real-time systems).
A Teleo-Reactive Node for implementing IoT Systems. A research paper [117] focuses on
addressing challenges in IoT system development by proposing the adoption of the Teleo-
Reactive (TR) approach. It highlights the importance of accommodating non-technical users
and achieving higher levels of abstraction in IoT development. TR approach was initially in-
troduced by Nilsson in [118] for autonomous agents operating in dynamic environments. The
TR approach focuses on achieving goals while constantly sensing and reacting to changes in
the environment. TR programs are structured as sets of rules, where each rule consists of a
condition based on perceptual inputs and environmental models and an associated action that
affects the environment. Rules are prioritized, with most rules taking precedence. TR pro-
grams allow for the hierarchical decomposition of goals, enabling both discrete and durative
actions, which can be started, stopped, and modified by the execution of other rules.
The extension of the original TR language, TeleoR, is introduced [119], which features a multi-
task agent architecture (c.f. Figure 3.5) with four main elements: the BeliefStore (BS) for agent
knowledge, the Percept Handler for converting sensor data into environmental information,
the Message Handler for storing inferred beliefs, and the TeleoR Evaluator for evaluating rules
based on the BS to trigger associated actions.
TeleoR extensions optimize the semantics model and enhance action specification. These ex-
tensions include actions that modify the BeliefStore, send messages for concurrent executions
with other agent actions, sequence time-limited durative actions (including procedure calls),
repeated actions within specified time intervals resulting in the firing of other rules, and ac-
tions that receive messages from other agents and update the BeliefStore. Since the authors aim
to provide a more user-friendly and abstract approach to IoT system development, making it
accessible to a broader range of users, they review approaches to IoT system development
and the result is using general-purpose programming languages, which demand substantial
72
developer expertise and MDE[120] which aim to automate model-to-code transformations. In
this context, authors found several MDE-based approaches like IoTSuite [121] which separates
concerns in IoT development and simplifies application logic using high-level languages but it
still requires general-purpose programming languages for implementing application logic, Di-
aSuite [122] pervasive systems related to IoT, simplifying the design phase with architectural
descriptions. It necessitates Java for implementing application logic, which can be burden-
some and PervML [123] that enables pervasive system development with UML-based models
but specifying services using UML diagrams may be complex and require additional effort.
The authors emphasize that these approaches often rely on UML or GPLs for behavior specifi-
cation, which can be challenging for engineers.
The authors introduce the TR Node (c.f. Figure 3.6) that comprises various hardware compo-
nents, including RF antennas for communication, power supply systems, sensors, actuators,
data conversion modules, clocks, status LEDs, and memory. These components enable the
node to sense the environment and perform actions based on its TR program. The TR Node’s
software consists of the TR code, TR interpreter, and an operating system layer with libraries.
The TR code defines the node’s behavior, while the TR interpreter translates this code into
executable instructions for the CPU. The software layer communicates with the hardware, re-
ceiving sensor data and sending commands to actuators.
Figure 3.6: Details of the hardware and software of the TR node [119]
The TR Node can be configured to operate in three different functional modes: Local Node
(LN), Local Coordination Node (LCN), and Coordination Node (CN). These modes determine
the node’s roles and hierarchical positions within the IoT network. LN nodes primarily sense
and react to the environment, LCN nodes coordinate lower-level nodes and interact with exter-
nal services, while CN nodes focus on high-level coordination and internet connectivity. The
TR Interpreter module is a critical component that translates TeleoR program rules into Erlang
code for IoT nodes. It follows a systematic process: first, it structures the TR program’s goals
in Erlang, using pattern matching to execute the first satisfied condition. Then, it evaluates
conditions based on percepts, beliefs, variables, and comparisons with values, and triggers
actions accordingly. Beliefs and variables in the BeliefStore module are updated through Er-
lang functions, and the interpreter handles remembering and forgetting beliefs. Additionally,
it manages message communication and proposes using MQTT, specifically EMQ, for inter-
node communication in IoT architectures. This approach enables customizable behavior and
communication in IoT systems.
73
Additionally, the authors have developed a tool for editing TeleoR programs, which is im-
plemented using Eclipse Xtext and Xtend (c.f. Figure 3.7). This tool offers a domain-specific
language for editing TeleoR programs, syntax validation, and automatic code generation for
Raspberry Pi devices. A configuration file is used to specify the correspondences between
device inputs/outputs and the TR agent’s percepts and actions. The combination of these
modules and the development tool provides a comprehensive framework for developing and
deploying TeleoR-based IoT systems with Erlang on Raspberry Pi devices.
Figure 3.7: TR program editor implemented using Eclipse, Xtext and Xtend [117]
Bottle collecting robot case study. The authors deployed a simulation of a bottle-collecting
robot using a Raspberry Pi as the hardware platform, Linux-based operating system support,
and an Erlang virtual machine. The hardware setup included LEDs and switches to emulate
the robot’s environment. The experiment involved running the robot simulation with differ-
ent states and events to compare the computational performance of the Erlang implementation
with a Python implementation. They measured CPU load and memory usage during the tests.
The Erlang implementation exhibited higher CPU usage due to its concurrent nature, as it has
multiple processes running concurrently. The Python implementation, being sequential, had
lower CPU usage. Memory usage was similar in both implementations, with around 550 MB
of free memory and 700 MB of available memory. The power consumption for both imple-
mentations was comparable. The Erlang implementation showed higher CPU usage, which
is expected given its concurrency features. However, memory usage and power consump-
tion were similar for both implementations. The authors concluded that developers should
consider the novel approach (Erlang) due to the facilities it provides for implementing and
evolving IoT systems and discuss the use of the TR approach for IoT nodes and its feasibility
for simplifying the specification of complex IoT systems.
Formalizing ECG signal behavior. Al-Hamadi et al. in [124] discussed some of the challenges
and issues related to the development of information and communication technology health-
care systems, with a specific focus on ECG and formal verification methods. Authors highlight
that guidelines for interpreting ECG signals may have ambiguities and inconsistencies due to
the complexity of this sensor and their informal presentation. Formal methods, which involve
74
systematic mathematical reasoning, can be used to enhance trust in healthcare systems. The
paper discusses the use of Event-B [125], a formal language for modeling and verifying reac-
tive and distributed or concurrent systems which allows for rigorous abstraction and steps of
refinement to obtain concrete specifications and verify them based on predefined invariants.
Event-B comprises two main constructs: The machine that defines the dynamic behavior of the
model, contains the system variables, events, and invariants and the context that defines the
static behavior of the model, contains carrier sets, constants, axioms, and theorems.
The authors provide detailed specifications of the ECG and how it represents the electrical ac-
tivity of the heart. It describes the fundamental components of the ECG signal and how they
are generated. The generation of the ECG signal occurs in three phases (c.f. Figure 3.8). The
first phase involves the activation of the atria, which generates the P wave. The second phase,
the activation of the ventricles, produces the QRS wave. The third phase is the recovery phase
which generates the T wave as the heart muscles recover.
Figure 3.8: ECG Waves and Their Relation to Heart Nodes [124]
There are also flat segments representing no activity between these waves during certain pe-
riods. The frequency, duration, and presence or absence of these waves and segments bring
important information about the heart’s condition, such as whether it’s functioning normally,
abnormally, quickly, or slowly. The ECG signal can be divided into active waves consisting
(c.f. Figure 3.9) of P, QRS, and T waves, each exhibiting different behaviors and durations and
idle segments include PQ-segment, ST-segment, and TP-segment, with similar behavior but
different durations.
75
Figure 3.9: ECG Signal Specifications [124]
To distinguish different ECG signals representing heart activity. These signals are divided into
segments and waves, and their sequences (c.f. Figure 3.10) are defined through a series of
labeled activities. When the heart initiates its activity from the idle segment labeled as number
1, the heart’s nodes’ functionality can result in four distinct cases:
1. Neither the sinoatrial (SA) node nor the atrioventricular (AV) node is functioning, result-
ing in a lack of pulse(Block 1).
2. Only the SA node is functional, leading to the generation of P wave signals, possibly
alternating with idle segments, This represents an abnormal behavior of the heart system
(Repeating block 2 or alternating between blocks 2 and 3).
3. Only the AV node is functional, producing QRS wave signals with the possibility of T
waves and idle segments. The first one occurs for fatigued ventricles activation, where
QRS is continuously repeated (repeating Block 5). The second situation occurs for a less
fatigued ventricles activation, where there is a segment between each successive QRS
76
waves (repeating blocks 5 and 6). The third situation occurs when the heart system has
the opportunity to recover from the activation of the ventricles, where the QRS wave
and the T wave are generated with idle segments in between(repetition of the sequence
of blocks 5, 7, 8, and 9).
4. Normal heart behavior, where both the SA and AV nodes are functional, leading to the
sequential generation of P, QRS, and T waves with idle segments (repetition of the se-
quence of blocks 2, 4, 5, 7, 8, and 10).
The ECG signal can transition between these cases depending on the functionality of the
heart’s nodes. Any interruption in the functioning of the SA or AV node or the ventricles’
activation recovery can change the ECG signal’s state.
Formalizing ECG in EVENT-B. The Event-B model encompasses several essential compo-
nents, including the context, machine, events, axioms, and invariants. The context primarily
serves to model the static aspects of the system through axioms. Meanwhile, the machine is
responsible for addressing the dynamic facets through a series of events. The desired system
properties are described using invariants, and design constraints and constants are represented
through axioms. Events feature guards, and they can only be executed when these guards are
evaluated to be true.
First, the Authors employ an Event-B context to define the fundamental parameters of the
ECG signal using sets and constants. Additionally, several axioms are used to represent facts
regarding the ECG signal within the heart system. Two main sets are defined: ECG State
and WavType. The ECGState set comprises four distinct states: Idle, Pwave, QRSwave, and
Twave. It is defined using an axiom. The WavType set is used to categorize various types of
waves within the ECG, including P, QRS, and T waves, defined in another axiom.
Moreover, various constants related to the duration of the ECG cycle, such as P duration
(PDura), QRS duration (QRSDura), and T duration (TDura), are introduced. These constants
are defined as natural numbers through different axioms. Furthermore, additional properties
about wave durations, such as QRS having the shortest duration among all waves, are speci-
fied through axioms. The formalization of the ECG context in Event-B is presented below:
CONTEXT C ECG
SETS
ECG S t a t e WavType
CONSTANTS
I d l e Pwav QRSwav Twav
PDura QRSDura TDura
P QRS T
AXIOMS
axm1 : p a r t i t i o n ( ECGState , { I d l e } , { Pwav } , {QRSwav } , { Twav } )
axm2 : p a r t i t i o n ( WavType , { P } , {QRS } , { T } )
axm3 : PDura ∈ N ∧ QRSDura ∈ N
axm4 : TDura ∈ N
axm5 : QRSDura < PDura ∧ QRSDura < TDura
END
The dynamic aspect of the system consists of several events with non-deterministic behavior.
These events can occur only when their guard conditions are met. In the Event-B model, two
record variables, ECG rec, and Wav rec, are introduced. ECG rec is responsible for recording
the history of the ECG indicates the type of the ECG signal at any given point in time and is
defined as a function from natural numbers to the set ECG State. Wav rec is responsible for
recording the history of ECG waves only and is defined as a function from natural numbers to
the set Wav Type. These two variables are used because some ECG specifications are related
to the occurrence of active waves only, while others involve the occurrence of active waves
and/or idle segments. To validate the ECG signal, the authors derived several properties from
its specifications and modeled these properties using Event-B invariants. One such property
as an example, defines that the model should have a state at any point in time. In other words,
77
ensures that for each point in time (x), there exists a corresponding state (y) in the ECG State
that is represented in the ECG record.
inv : ∀ x · ∃ y · x ∈ dom(ECG r e c ) ∧ y ∈ ECG S t a t e ⇒ ECG r e c ( x ) = y
The advantages of embedding ECG signal behavior in Event-B include the ability to verify
properties related to specifications, which are often overlooked by existing methods focused
on diagnosis. This approach ensures consistency and helps identify issues in incomplete or
incorrect interpretations of ECG behavior.
Formal language specifying the behavior of IoT devices. In [126] End-User Development
(EUD) was introduced as a solution that allows non-professional users to create, modify, or
extend software systems. The focus of this paper is on the development of the EUDroid sys-
tem for the management of pills in a therapy context, primarily aimed at older people and
caregivers. The system comprises three main components: a smartphone app, an IoT de-
vice for pill reminders, and a web server for therapy scheduling.P. Buono et al. present a
formal language (EUDroid) to define the behavior of IoT device components, including LEDs,
buzzers, and actuators. The language is divided into electronic components and another for
Event-Condition-Action (ECA) rules. Electronic components have properties like delay and
duration, which determine when and how long a component is active. Actuators are classified
as sensors or actuators and include red, blue, green, and yellow LEDs, along with a buzzer.
The buzzer operates with an inverse logic compared to LEDs. A message component allows
users to customize messages to be displayed in the mobile app. The actuator set (AT) can be
extended to accommodate additional devices.
EUDroid allows users to define custom events based on specific criteria and associate actions
with them. These elementary events can be combined to create composite events that are often
linked to the calendar, specifying start dates and execution times. Users can control the be-
havior of IoT devices by defining triggers and corresponding actions. The Arduino controller
reads and interprets commands sent from the web server, specifying pin positions and states
of elementary components. The EUDroid formal language offers a robust tool for controlling
the behavior of IoT devices and enables users to change the behavior of their systems to meet
specific needs in various contexts. The presented case study of the pill reminder IoT device
demonstrates how the EUDroid formal language is implemented in a real-world application,
emphasizing its flexibility and practicality in controlling IoT devices and improving user ex-
periences.
The user interface follows the ECA paradigm, where users define conditions, and the system
reacts by activating actions. Users can create rules step by step, and these rules are sent to the
web server and converted into commands following the formal language. The communication
between the app and the server is two-way, allowing users to check for stored events on the
server, associate multiple actions with a single specific event, such as taking multiple pills si-
multaneously, and choose which LED should be turned on for each pill. The web server acts
as a middleware, storing user-created rules in its database, checking their compliance with the
formal language in the app, and scheduling rules. The interaction between the pill reminder
box and the app is mediated by the web server, which constantly controls and schedules all
rules. When an event occurs, the server sends a command to the pill reminder box, which
activates the required actuators. If the user presses the button, the server’s rules for checking
if the pill has been taken correctly are interrupted. In case of no interaction between the user
and the pill reminder, a reminder procedure is initiated, which includes activating the buzzer
and sending a message to the user’s smartphone.
Things as a Service: Service model for IoT. The paper [127] highlights that while there’s ex-
tensive research on IoT services for various applications, there’s a lack of standardized mecha-
nisms for modeling IoT-based systems. The concept of Things as a Service (TaaS) is introduced
78
in figure 3.11, aiming to deliver IoT data as a service to end-users. However, it notes that
many IoT services lack data context, limiting interoperability and analytical capabilities. The
authors propose a formal IoT service model that includes physical properties of "things" and
context association. It suggests using the Semantic Sensor Network (SSN) ontology for context
representation. The IoT service model should also support exposing "things" physical proper-
ties and event-based interactions. The proposed approach extends a generic IoT architecture,
where "things" use gateways to communicate with enterprise back-end servers. It introduces
a cloud-based system for IoT services that includes features like discovery, selection, contract
negotiation, and composition.
This approach starts by defining devices in IoT, which can be sensors or actuators, and their
attributes. These devices are then used to model services. In the context of IoT, these devices
are named "things" which define the TaaS that allows interface-based access to the capabilities
of "things" over the internet which are defined by its unique interface address.
79
on the verification of UML/OCL class diagrams, which often involve transforming diagrams
into formalisms for efficient solvers or theorem provers. They discuss the need for mecha-
nisms to ensure the quality and absence of errors in MDE artifacts which ensure the quality
and correctness of models to maintain the reliability of the MDE-based development process.
Also, they note that formal methods have been used successfully in the verification of software
and hardware systems. These methods provide a way to rigorously verify the correctness of
systems. However, using formal methods for MDE can be challenging due to the complexity
of the problem which can make the adoption of formal methods less practical. They intro-
duce EMFtoCSP, a tool for verifying EMF models with OCL constraints. EMFtoCSP translates
models into Constraint Satisfaction Problems (CSPs) [129] for verification and supports vari-
ous correctness properties. The tool is flexible and can be used for a wide range of models,
including DSML.
EMFtoCSP (c.f. Figure 3.12) is introduced as a tool for fully automatic, decidable, and ex-
pressive verification of EMF models extended with OCL constraints. The approach follows a
bounded verification strategy, which ensures termination by limiting the search space based on
instance and attribute domain restrictions. In constraint programming, problems are framed
as CSPs, defined by a set of variables, domains for those variables, and constraints that express
relationships between variables where the goal is to find a solution that satisfies all constraints.
The primary technique for solving CSPs is backtracking, combined with constraint propaga-
tion methods. Backtracking involves attempting to assign values to variables, backtracking
when constraints are violated, and continuing until a solution is found or all possible assign-
ments are exhausted. Termination is ensured by constraining variable domains to be finite.
EMFtoCSP uses the ECLiPSe Constraint Programming System [130], which handles various
constraint types expressed as predicates in a Prolog-based language, stored in ".ecl" files, and
loaded into the solver for analysis. The verification process is divided into two subproblems
for efficiency: firstly, determine a valid population size for the model. This involves deciding
the number of instances of each class and associations that constitute a valid solution and sec-
ondly assigning legal values to all attributes of objects and association ends and checking if
the assignment constitutes a valid solution.
EMFtoCSP offers a user-friendly GUI that leads users through several steps, including speci-
fying OCL constraints, setting search space limits, choosing verification properties, and select-
ing output locations. Also, It provides feedback on whether the input model satisfies selected
properties and, if so, generates a valid model instance demonstrating the property.
80
Figure 3.12: EMFtoCSP architecture [128]
The tool’s architecture consists of the "ECL Generator" subsystem, which handles user inputs,
and a connection to the ECLiPSe. The "ECL Generator" subsystem includes three components
responsible for translating the model, constraints, and properties into ECL code for the solver
using Eclipse’s EMF and OCL parsers. The generated ECL code is sent to ECLiPSe for prop-
erty verification. ECLiPSe’s feedback is interpreted, and results are displayed to the user. If the
model satisfies the properties, EMFtoCSP uses GraphViz to visually represent the valid model
instance.
The scalability of the tool is influenced by the complexity of the model’s constraints (c.f. Fig-
ure 3.13) and the generated CSP. Two main factors are considered: The extent to which con-
straint propagation can be used to solve the CSP (minimizing backtracking), and whether the
CSP is non-trivially unsatisfiable.
Figure 3.13: Meta-model for Entity-Relationship diagrams and OCL invariants constraining
the choice of identifier names [128]
81
For satisfiable cases with reasonable ranges, EMFtoCSP efficiently finds valid instances of ER
models with several hundred objects, using linear constraint propagation for determining link
set sizes and attribute assignments. The tool’s scalability is maintained even when changing
upper multiplicity bounds. On the other hand, unsatisfiable cases, where constraints cannot
be met due to a lack of required attributes, result in worse scalability. It struggles in these cases
as it attempts all symmetrical link set assignments before reporting unsatisfiability. That’s
why the authors note that in future work, they will address this scalability challenge by us-
ing symmetry-breaking approaches during the search process. Also, they briefly compare
EMFtoCSP to other tools, such as UML2Alloy [131] and use validation tools, which employ
the satisfiability of a boolean-based solvers (SAT). These tools have limitations related to the
encoding of numbers as boolean variables and bit-level operations. EMFtoCSP is presented as
an integrated tool with more straightforward arithmetic expression encoding.
A CSP Approach for Meta-model Instantiation. This paper [132] introduces a comprehensive
approach to generating models that conform to specific meta-models using CSP. The goal is to
efficiently produce a diverse dataset of relevant models for testing model transformations and
designing new meta-models. The approach includes original constraint modeling techniques,
ensuring that the generated models adhere to meta-models and additional OCL constraints.
The paper highlights previous approaches to model generation, which had limitations.
Models represent systems using a modeling language like UML, while meta-models define the
concepts available for creating models. Models should conform to meta-models, which them-
selves conform to a meta-meta-model (Ecore). Meta-meta-models are typically unique and can
define themselves and often come with constraints, expressed as well-formed rules using the
OCL, ensuring that models adhere to the meta-model.
The authors introduce essential concepts related to models and meta-models, their confor-
mance relationships, and constraints using the case study of Petri nets presenting concepts
like places, transitions, and arcs, along with their properties. They outline the key properties
expected from a model generation mechanism: Several essential properties are expected from a
model generation mechanism such as Scalability. The mechanism should handle large models
and meta-models, crucial for testing model transformations on extensive datasets. Generated
models must adhere to their meta-model and meet OCL constraints. The model generation
process should be easily configurable for various purposes, such as testing model transforma-
tions or adapting meta-models. Generated models should be representative of the meta-model,
covering its structure while providing a wide range of model variations. The authors discuss
some related work in the field of model generation, primarily within the context of MDE such
as Random Graph Generation [133] which utilizes random tree generation to create models
but only produces skeleton models, ignores OCL constraints, and lacks flexibility, Grammar
Graph-Based Approach [134, 135] which employs elementary grammar rules for meta-model
encoding but struggles with OCL constraints and external constraints. Alloy Language Trans-
lation [136, 137] where the user needs to translate meta-models and OCL constraints into the
Alloy language and use the Alloy solver but scalability and quick solution retrieval are issues.
This paper cites Cabot et al. [128] work which proposes a model generation approach based
on CSP where they encode the meta-model and OCL constraints into CSP, using the ECLiPSe
solver but scalability issues are noted and the lack of optimization in there works. A com-
parison (c.f. table 3.2) of the presented paradigms is provided based on scalability, validity,
flexibility, and diversity criteria where none of the approaches fully satisfy all these criteria.
82
Approach Scalability Validity Diversity Flexibility
Random graphs ? No No No
Grammar graphs Yes No Yes No
Alloy No Yes No Medium
CSP No Yes Possible Yes
Table 3.2: Comparision of the different approaches for model generation [132]
Regardless of the result of this comparison, the authors suggest that CSP-based approaches
can address scalability, diversity, and flexibility challenges through improved modeling tech-
niques. In this context, a CSP model for meta-models and OCL constraints is presented. The
key points include the following classes in the meta-model are represented by instance vari-
ables and feature variables. The domains of these variables are determined based on the min-
imum and maximum instance constraints for each class. The value 0 indicates non-allocated
instances. A Global Cardinality Constraint is imposed to ensure that values assigned to in-
stances of different classes are unique. References between classes are treated as pointers from
instances of the source class to instances of the target class, reducing the number of required
variables. Constraints involving reference navigation are handled by checking the equality be-
tween reference and instance variables. Constraints related to collections are transformed into
the global constraint Alldiff for efficiency.
The authors performed a comparison to the previous CSP Model [128] and addressed limita-
tions. They employ instance variables, use global constraints, reduce disjunctive constraints,
optimize reference modeling, and provide an accurate representation of OCL constraints based
on their specific characteristics. The experiments (c.f. Figure 3.14) involved transforming
meta-models into CSP problems and writing CSP instances in the XCSP format. Several meta-
models were employed for the evaluation such as Petri-Nets, Entities and Relationships, B
language specification, and Sad software architecture meta-models.
The authors compare their solution with Cabot et al.’s EMFtoCSP tool, demonstrating the ef-
ficiency of their CSP model, with a particular focus on the Entities and Relationships meta-
model. Results indicated that their solution was eight times faster in terms of resolution time.
The authors aimed to expertise their solution’s performance scalability concerning different
meta-model sizes. The outperforming of their solution was attributed to various factors, such
83
as the use of variable sets instead of lists, the incorporation of global constraints, the repre-
sentation of class references as pointers, and the detailed modeling of OCL constraints. While
their approach remained efficient for large meta-models with numerous classes, its efficiency
was slightly reduced when generating a large number of instances for meta-models with fewer
classes due to the rapid increase in variable modeling references. This approach shows great
promise, enabling the generation of models that adhere to OCL constraints, even for large
instances, within a reasonable timeframe compared to previous methods.
This architecture consists of three main layers: Virtual Object Layer (VOL) which virtualizes
physical objects, provides semantic descriptions, and bridges the gap between the physical and
cyber worlds. Composite Virtual Object Layer (CVOL) which coordinates multiple physical
objects to achieve tasks. It creates Composite Virtual Objects (CVOs) by combining individual
Virtual Objects. It optimizes operations and handles the discovery of suitable VOs and CVOs,
and Service Layer (SL) which manages service creation and execution. It handles service re-
quests, decomposes them into subtasks, and determines how to assemble these subtasks to
achieve the final goal.
84
One of the primary tasks of the SL is Observer (c.f. Figure 3.16) which is responsible for
automating the creation of services and facilitating intelligent machine-to-machine (M2M)
communication. It continuously monitors various objects, assessing their situations based on
contextual information and knowledge. The Observer’s functionalities and workflow extend
across CVOL and the SL.
To enable automated services, the Observer relies on context awareness, a fundamental aspect
of the IoT. It evaluates the situations of both human and non-human objects and maintains
contextual information within associated vectors.
For human objects, the contextual information includes the current Location which provides
high-level information about a person’s current location, derived from low-level data. It can
indicate locations like atHome, atOffice, and more. An expected location sub-field helps iden-
tify deviations from scheduled locations, triggering relevant service requests, and operating
state that indicates a person’s current activity, such as inMeeting or watchingTV to initiate ser-
vice requests. An expected operating state sub-field helps detect inconsistencies and generate
service requests accordingly and the Next Job Queue outlines upcoming tasks derived from to-
do lists or calendar events, including notification time and complementary service sub-fields.
For non-human objects, the contextual information includes Attention Flags which indicate
anomalies or issues with non-human objects, with urgency levels dictating response times,
and Working Neighbor Group which creates groups of similar objects within specific areas
where objects within these groups can communicate, coordinate, and optimize performance.
The Observer can detect anomalies in one object by consulting with other group members and
setting the appropriate attention flag.
The three layers were presented as IoT Daemon (c.f. Figure 3.15), this IoT Daemon is present
in every device, running all three layers. It ensures interoperability, supports automatic ser-
vice creation, smart execution, and dynamic adjustments, and minimizes the need for human
intervention in end-to-end communication. This daemon aids in achieving scalability without
manual configuration, adhering to the zero-configuration requirement. It effectively addresses
device heterogeneity by creating digital representations of physical objects in the VOL through
APIs and interconnections across the three architectural layers. The Authors also provide a
comparison of DIAT with other IoT architectural efforts (c. Table 3.3), suggesting that DIAT
offers promise in addressing technical challenges and providing key IoT characteristics using
a multi-application use case.
85
IoT Characteristics DIAT Butler Compose IoT-A
Heterogeneity yes partially yes yes
Scalability yes no no -
Interoperability yes no partially yes
Automation yes yes partially yes
Zero-configuration yes no no partially
Distributiveness yes partially no -
Layered design yes no yes no
The use case encompasses various IoT applications, including smart home, smart transporta-
tion, and smart healthcare where each object is equipped with an IoT Daemon that runs the
architecture’s layers regardless of its application domain. This use case presents how IoT Dae-
mons can collaborate across various application domains to perform a complex, unified task.
Table 3.4: Comparison between different existing protocols with GNTP protocol [144]
The authors distinguish between logical time, which suffices in some cases, and the need for ac-
curate synchronization with physical time in most scenarios. The challenges of achieving high
precision in clock synchronization in complex network scenarios are addressed, with examples
86
of control algorithms designed by Li et al. [145] and synchronization methods in wireless mesh
networks by Reichman et al.[146]. Different approaches, such as the PALS [147] and the use
of physical clock signals, are introduced to enhance synchronization accuracy. In this paper,
the focus was on the effectiveness of GPS timing signals which concludes the limitations of
existing clock synchronization protocols like NTP and PTP.
The proposed approach focuses on enhancing clock synchronization by synchronizing nearby
clocks with GNTP servers (c.f. Figure 3.17). These GNTP servers, designed for high accuracy
comparable to atomic clocks, are particularly targeted for nodes requiring more precise time-
keeping than traditional NTP synchronization offers. To accomplish this synchronization, the
coordination between GNTP servers and client nodes is crucial. Synchronization is conducted
over a wide area network, such as the internet, using the well-known and effective routing
and transportation mechanism of the NTP. The regular NTP protocol is employed, with a key
modification involving fetching timing information from the highly available GPS receivers
associated with GNTP servers. Rules for proper redirection and NTP server selection are en-
forced on each NTP client. These clients maintain information about available GNTP servers
and their respective distances. This information selects the most suitable GNTP server for syn-
chronization.
Figure 3.17: A diagram of circular mapping in NTP hierarchy. The GNTP server can be in-
stalled anywhere according to the demand [144]
GNTP enhancement. The experimental results reveal significant insights into the proposed
GNTP model. The analysis of offset and drift demonstrates the non-deterministic nature of
synchronization errors with higher RTT, where increased RTT correlates with higher offset and
potential errors. The average between RTT and drift graph indicates consistent improvements
in synchronization accuracy, except for a peak caused by connection instability. Furthermore,
the comparison between the RTT of the implemented GNTP server and a traditional NTP
server shows the GNTP server’s superiority, exhibiting lower RTT and improved synchroniza-
tion accuracy. Additionally, the reduced drift in the GNTP server, compared to the NTP server,
underscores the positive impact of server proximity on minimizing synchronization errors and
enhancing precision.
Drift characteristics and Stability of clock hardware. The authors in [51] investigate the
drift characteristics of clock hardware (c.f. Figure 3.18), using Arduino devices. The ex-
periment was conducted in three different locations, each with varying ambient tempera-
tures(14°C,21°C,27.5°C). The experiments involved collecting pairs of timestamps every sec-
ond. The researchers observed that different instances of the same Arduino platform exhibited
distinct drift characteristics and drift rates, resulting in varying clock offsets over the experi-
87
ment’s duration. Furthermore, even the same hardware instance demonstrated different clock
drift rates depending on the ambient temperature. The results illustrated that the impact of
temperature variations on clock drift was noticeable even over short durations, such as 10
minutes. This variability and sensitivity to temperature fluctuations in IoT hardware have im-
plications for clock synchronization in IoT applications.
To evaluate the stability of the clock hardware, the researchers used a typical measure known
as the Allan variance [148]. This metric helps evaluate the clock’s stability. The Allan vari-
ance is calculated based on a series of consecutive offset measurements of a clock, which are
obtained at specific measurement intervals denoted as τ. Researchers often plot the square
root of the Allan variance, known as the Allan deviation. The Allan interception is an essential
statistic that influences the design of rate synchronization and polling behavior in numerous
time synchronization protocols, such as NTP and RADClock. These protocols anticipate that
the Allan intercept will typically fall within the range of τ = 1000 seconds.
The authors conducted a comparative analysis of the clock hardware stability between Ar-
duino devices and the Raspberry Pi3. Their objective was to evaluate the stability of clock
hardware on Arduino devices and compare it with the stability of Raspberry Pi3. Their goal
was to determine if the assumptions used in designing various wired and wireless time syn-
chronization protocols are widely applicable in the context of IoT devices. The observations
made regarding the variations in clock drift characteristics among inexpensive clock hardware
used in typical IoT devices are significant. While differences in manufacturing, environmental
conditions, and crystal aging are well-documented factors contributing to such variations, the
researchers noted that the differences in this case are notably large. In the worst-case scenario,
clock drift reached approximately 600 milliseconds in 10 minutes. This level of variability is
considerably higher compared to traditional PC clock hardware.
Figure 3.18: Comparison of drift characteristics of different Arduino devices (left) and the
same Arduino device under different ambient temperatures (middle) and comparison of Allan
deviation plots of Arduino devices 1 and 3 and Pi3 (right) [144]
Applicability of SPoT for IoT Deployments. These findings highlight the need for new syn-
chronization mechanisms capable of accommodating these challenges. This paper proposes a
synchronization method named Scalable Protocols for Tight Clock Synchronization on IoT De-
vices (SPoT). The SPoT is designed for diverse IoT devices with varying computational capa-
bilities, clock stability, energy constraints, and accuracy needs. It aims to provide lightweight
synchronization algorithms, minimal packet exchange, and adaptability. this method includes
two client types (thick clients and thin clients). Thick clients run synchronization algorithms
locally, while thin clients with limited computational capabilities rely on the server for syn-
chronization. Also, SPoT addresses energy constraints in IoT devices by allowing different
polling regimes and setting Error Margins accordingly. The operation of the architecture in-
volves IoT devices registering with the SPoT server, with thin clients responding to server-
initiated timestamp exchanges, and thick clients executing synchronization algorithms locally
and communicating with the server.
SPoT achieves offset synchronization by addressing forward and reverse path asymmetry er-
88
rors. It identifies the asymmetry direction by comparing computed and expected offsets. The
magnitude of the asymmetry is estimated as the difference in RTT. SPoT then corrects for these
errors using a specific algorithm, adjusting offsets when significant deviations are detected.
This approach ensures accurate offset synchronization in IoT devices. SPoT’s rate synchro-
nization algorithm is essential for estimating and updating clock skew, particularly for devices
with lower-quality clock hardware. Clock skew is needed for accurate clock offset calculations
and to correct clock drift between synchronization points. The algorithm considers the sta-
bility of the clock hardware and determines suitable polling intervals based on it. For stable
hardware, longer polling intervals are chosen, while less stable hardware requires more fre-
quent polling. The algorithm calculates the mean absolute error for a specified observation
time or after a set number of observations and adjusts the polling interval accordingly. Users
can choose between Additive Increase and Multiplicative Decrease (AIMD) or Multiplicative
Increase and Multiplicative Decrease (MIMD) polling styles, depending on their accuracy and
energy requirements. MIMD is more aggressive in increasing the polling interval for lower
energy consumption but slightly reduced accuracy, and users can also adjust the Error Margin
(EM) to trade-off accuracy for lower synchronization costs. SPoT’s implementation consists of
several components to support both thick and thin clients. It includes a core library for syn-
chronization algorithms, a reference server implementation, a reference implementation for
thin clients, and a client emulator for scalability testing. The core library is lightweight and
suitable for resource-constrained IoT platforms, maintaining only a small number of variables.
The reference server can support thick and thin clients and uses asynchronous networking. It
handles device registration, timestamp exchanges, and polling intervals for thin clients. The
client emulator can run multiple thin clients and respond to the server’s timestamp probes,
making it useful for scalability experiments.
the authors evaluate SPoT’s clock synchronization accuracy by comparing it with other syn-
chronization protocols, such as SNTP, MQTT, and MNTP’s filtering methods. The experimen-
tal setup for investigating time synchronization challenges in the IoT ecosystem includes AWS
IoT cloud used for wide-area tests with a co-located message broker, four Arduino MKR1000
devices, and one Raspberry Pi3:
• Arduino MKR1000 uses a low-power ARM MCU, a 2.4 GHz WiFi chip, and a 32.768 kHz
crystal oscillator.
• Raspberry Pi3 features a quad-core ARM CPU, 1GB LPDDR2-900 SDRAM, Ethernet,
WiFi, and Bluetooth.
The authors conducted experiments using an IoT testbed and added observational noise to
collect clock offsets (c.f. Table 3.6). The noise was generated from a normal distribution with
different standard deviations to simulate varying levels of noise. The authors compared SPoT
with other protocols under three noise levels: low, medium, and high. They measured the
RMSE, minimum, maximum, and standard deviation of offset errors for each protocol and
reported the results averaged over 100 runs (c.f. Table 3.5). They also compared SPoT with the
Consensus method and MinRTT, highlighting that thick and thin client implementations offer
the same accuracy.
89
Protocol Low noise Medium noise High noise
SPoT 10.0(35.6) 9.3(102.1) 8.9(173.4)
SNTP 36.2(36.2) 105.5(105.5) 161.7(161.7)
MQTT 162.5(162.5) 196.6(196.6) 225.7(225.7)
Consensus 9.1(34.5) 27.0(109.8) 42.5(175.7)
MinRTT 8.7(34.8) 21.8(107.0) 41.9(177.5)
Table 3.5: Comparison of synchronization RMSE (ms) values at different noise levels [144]
Table 3.6: Comparison of offset error statistics under high noise level [144]
GALS systems verification. In a real-time IoT The inherent complexity and interactions be-
tween asynchronous and synchronous domains present unique challenges in ensuring the cor-
rectness and reliability of GALS designs. To address these challenges, formal languages, ver-
ification, and validation techniques become indispensable tools in the design, analysis, and
testing of GALS systems [109]. By leveraging these formal methods, designers can rigorously
verify the behavior, interactions, and adherence to specified properties of GALS systems, pro-
viding the necessary confidence in their functionality and performance. By formalizing the
system’s design and properties using mathematical models, verification tools can explore all
90
possible scenarios, detecting potential bugs, race conditions, and deadlocks that might other-
wise remain unnoticed during traditional simulation-based testing. In safety-critical applica-
tions such as aerospace, automotive, or medical devices, the need for correctness and reliabil-
ity is important. Any unexpected failure or miscommunication in GALS systems could lead to
catastrophic consequences.
GALS language for System Level Design. The paper [150] introduces SystemJ, a system-level
programming language designed to model and synthesize multi-clock systems allowing the
increasing prevalence of multi-clock systems in hardware and software due to IP-based design
and distributed architectures, the paper cites the limitations of existing system-level languages.
SystemJ aims to fill this gap by offering a general-purpose language with the capability to
model both synchronous reactive and GALS models of computation. It specifically examines
CRP [151] for its reliance on Esterel [152] and inefficient rendezvous implementation, MC-
Esterel for its low-level design abstraction and hardware knowledge requirements, and SHIM
[153] for limitations in modeling reactivity and the need for early manual hardware-software
partitioning. The paper positions SystemJ as a more versatile solution, capable of overcoming
these limitations by offering high-level abstractions, support for data-driven operations, and
seamless integration with the Java programming language. The objectives of this language
include portability, efficient compilation into Java code, integration of control and data-driven
operations, automated formal verification, and a user-friendly syntax resembling mainstream
languages.
Physically asynchronous logically synchronous. In this paper [154], PALS was also discussed
in detail. It mentions this concept refers to the systems where components operate indepen-
dently in terms of physical timing, but they are synchronized logically to achieve a common
goal. While PALS systems may not be synchronized at the physical level, they often require
some form of logical synchronization to ensure proper functionality. Signal synchronization
mechanisms may be employed within PALS systems to coordinate the timing of signals at a
logical level, even if the components operate with different physical clocks or independently
in terms of physical timing. PALS systems have components that operate independently in
terms of timing (physically asynchronous) but exhibit synchronized behavior at a higher, log-
ical level. In this context, even though the components may not share a common clock or
operate in perfect synchronization at the physical level, they are designed to coordinate and
communicate effectively in a logically synchronous manner. This can involve the use of proto-
cols and mechanisms to ensure that data is exchanged in a coordinated way, even if the phys-
ical timing of the components is not perfectly aligned. In other words, while signal synchro-
nization focuses on aligning signals for reliable communication, PALS systems aim to achieve
coordinated behavior among components despite their independent physical timing.
91
modeling and validation, TESTOR for conformance test generation, and synchronous testing
with Lutin and Lustre.
The paper describes the GRL model of an autonomous car(c.f. Figure 3.19), which serves as an
illustration of their proposed approach. The model considers the behavior of the autonomous
car interacting with moving obstacles within its environment. The autonomous car comprises
four synchronous components: GPS, radar, decision controller, and action controller, each with
specific roles in the system. These components communicate through various channels.
GRL is used to model this GALS system, with synchronous components represented as blocks
and communication channels as media. The interactions between these blocks follow specific
constraints defined in GRL. The map is represented as a directed graph with streets and cross-
roads, and functions are defined to explore this map and compute itineraries. The GRL model
is parameterized by global constants defining the map, initial positions, destinations, obstacles,
and their movements. Each GRL block defines the code executed by the synchronous compo-
nent during each activation (clock instant). For instance, the radar block updates the percep-
tion grid based on input positions and sends it to the action controller through the medium.
GRL media facilitate asynchronous interactions between synchronous blocks and enable pre-
cise modeling of behaviors, such as message buffering and loss. Each medium is connected to
two channels, receive and send, with associated conditions. Its environments provide inputs
to blocks and receive their outputs, controlling the activation of synchronous blocks and their
relative clock speeds. The environment can also contain nondeterministic choices. This GRL
model provides a formal representation of the autonomous car’s behavior, which can be used
for analysis, testing, and validation within the proposed GALS testing methodology. The au-
thors in this paper use the GRL2LNT translator to convert the GRL model into the LNT formal
modeling language, which is compatible with the CADP verification toolbox. This translation
process resulted in a large Labeled Transition System representing the GRL model of the au-
tonomous car. The LTS had millions of states and transitions, which were significantly reduced
after strong bisimulation minimization. They then conducted model checking to verify several
safety and liveness properties that characterize the correct behavior of the autonomous car.
These properties were expressed in MCL, a temporal logic used in the CADP model checker.
One of the properties, for example, ensures that the car’s position is correctly updated after
any movement of the car. The MCL code provided in the paper illustrates this property, using
necessity modality and conditions on the actions and variables involved.
The paper discusses testing techniques for synchronous components in reactive systems, par-
ticularly the use of the testing tool Lurette. Functional testing of a reactive system involves
providing a sequence of inputs and observing the corresponding sequence of outputs. It is
essential to consider previous outputs when determining the next input, as the system may
adapt its behavior based on its environment. Lurette is a testing tool for synchronous pro-
grams. It automates the generation of appropriate inputs for the System Under Test (SUT) and
92
the decision-making process to determine the test result. Also provides an example of using
Lurette to test an implementation of radar in the C language, which is part of the GALS au-
tonomous car system. The radar component processes inputs related to the position of the car
and obstacles and produces a perception grid. Testing the radar component involves generat-
ing a sequence of inputs and observing the corresponding outputs. To define relevant input
constraints for the radar, a scenario is described in Lutin. The scenario considers the posi-
tion of the car and the movement of obstacles while adhering to the constraints of the map.
The scenario specifies how the car and obstacles evolve within the system. However, writ-
ing complex scenarios manually can be error-prone and boring, especially when representing
street names using numerical values. The oracle, implemented in Lustre, defines the expected
output (perception grid) for each input vector (positions of the car and obstacles). The oracle
verifies whether the observed outputs match the expected ones and computes coverage vari-
ables, such as "pass" and "blocked," to measure test coverage.
The paper discusses the concept of test projection and exploration 3.20, which aims to improve
the unit testing of synchronous components within this GALS system.
Figure 3.20: Overview of the derivation of synchronous test scenarios by projection and explo-
ration of an asynchronous complete test graph CTG [109]
The process involves three main steps: Initially, a conformance complete test graph (CTG) is
generated for the entire GALS system. This CTG reflects the interactions and behavior of the
system as a whole. The CTG is then projected onto the specific synchronous component de-
noted as "C" that is being tested. This projection reduces the scope of the test to focus on the
interactions and inputs relevant to the component being tested. After projection, the test graph
for component C is translated and renamed to be compatible with the synchronous testing tool
being used. In this case, Lurette is the tool employed for synchronous testing. The translation
ensures that the test graph aligns with the tool’s requirements and format. In the final step, the
test graph for component C is explored using scripts (such as XTL scripts) to generate input
constraints and the oracle for separate testing. This exploration process defines how the com-
ponent responds to various inputs and defines expected behavior through the oracle.
The benefits of this approach include providing realistic and relevant inputs to the synchronous
component, and ensuring that the generated tests cover all possible inputs leading to the goals
of test purposes. It leverages the interactions and constraints within the GALS system to create
more meaningful and comprehensive tests for the individual synchronous component.
Table 3.7: Sizes and run-time performance for the tests generated for the test purposes [109]
93
In this approach, testing synchronous components within GALS systems is distinct from other
methods that focus on different aspects and employ diverse techniques. While some method-
ologies derive test purposes for sub-systems by projecting symbolic executions of the over-
all system, this approach specifically handles GALS systems, necessitating the integration of
various formal methods and tools. One notable difference is the ability to directly handle
GRL semantics, addressing synchronous properties. Another difference exists between test-
ing synchronous and asynchronous systems in terms of abstraction levels, mutation scores,
non-determinism, and applicability to real-time systems. This approach combines an asyn-
chronous automaton with a dedicated synchronous automaton, leveraging the synchronous
components’ properties to improve overall testing. Also, it reverses the direction by specify-
ing the global aspects of a GALS system in an asynchronous language. This allows the usage
of existing asynchronous tools to enhance synchronous component testing.
Lastly, this approach is tailored to testing synchronous components in a broader range of GALS
systems and doesn’t rely on highly precise models of communication signals, making it suit-
able for more generic GALS systems beyond hardware circuits.
94
mal method that excels in designing and specifying reactive systems. Developed by Gerard
Berry, it operates on the principle of synchronized, deterministic execution, making it partic-
ularly well-suited for systems with strict timing requirements, including safety-critical and
real-time applications. Esterel enables concurrent execution of tasks, modeling systems as fi-
nite state machines, and offers automatic code generation for electronic circuits, streamlining
the implementation of complex systems while reducing the risk of errors. This language is
widely used in aerospace, automotive, medical devices, and industrial automation for its abil-
ity to ensure reliability, safety, and system behavior predictability, often integrated with other
languages like C and Ada for broader capabilities.
LOTOS NT. Process algebras, also known as process calculi, are mathematical frameworks
that provide techniques for modeling and analyzing the behavior of concurrent systems (c.f.
Table 3.8).
Definition Symboles Description
Among the most popular process algebras are the Calculus of Communicating Systems (CCS),
Communicating Sequential Processes (CSP), and Algebra of Communicating Processes (ACP).
Each of these has its specific syntax and semantics, but they all provide tools for the behavior
model of concurrent systems. In this context, it’s important to mention that Language Of Tem-
poral Ordering Specification (LOTOS), also, conforms to the principles of process algebra. LNT
(LOTOS New Technology), which represents the advanced version of LOTOS and E-LOTOS is
a formal language that has been under development since the mid-1980s and contains a wide
range of formal methods, including model-checking and simulation. It offers a rich set of op-
erators for both data and behavior, all presented in a user-friendly notation to streamline the
process of writing and expanding models.
Why LOTOS NT? In the center of many formal languages, one might wonder why LNT stands
out as a choice. A primary advantage of LNT lies in its adeptness at illustrating both non-
95
deterministic and deterministic behaviors within system specifications. On a different note,
LNT has advanced data-handling capabilities, facilitating the design and manipulation of so-
phisticated data structures and operations. Also, a common issue of traditional LOTOS and
some other formal languages was their challenging syntax. In contrast, LNT offers a more
user-friendly experience, especially for those new to the field. Furthermore, LNT’s flexibility
is evident in its applicability across diverse areas, ranging from networking protocols to dis-
tributed systems.
Complementing its features, LNT is paired with the Construction and Analysis of Distributed
Processes (CADP) toolbox. It is a comprehensive software suite developed by the National
Institute for Research in Digital Science and Technology (INRIA) and the VASY team for for-
mal verification and analysis of concurrent and distributed systems. allows the construction of
formal models that represent the behavior and interactions of concurrent and distributed pro-
cesses. These models can be used to reason about system properties such as correctness, safety,
liveness, deadlock-freedom, and fairness. By supporting various modeling languages like LO-
TOS, Promela, and Estelle, it allows users to describe their systems accurately and provides
user-friendly interfaces for easy system design and debugging. Its capabilities help engineers
and researchers detect potential issues and errors, assisting in the generation of labeled tran-
sition systems and verification such as deadlocks in system designs and protocols, finding
execution sequences, and enhancing system performance and safety. CADP consists of several
software tools that work together to provide a complete environment for system analysis. One
notable tool is BCG (Binary Coded Graph) which is an LTS compact graph representation of
system behaviors.
3.4 Conclusion
In this chapter, we explored the critical fields of formal verification and signal synchroniza-
tion in the context of IoT systems. Our investigation revealed the importance of ensuring the
correctness and reliability of IoT applications, especially in environments where numerous in-
terconnected devices interact with each other and the physical world. We talked about formal
verification, which provides a systematic approach to ensuring the correctness of IoT systems.
We discussed its application in reactive systems, emphasizing its significance in guaranteeing
the desired properties and behavior of these systems. We explored the critical issue of signal
synchronization. Clock synchronization protocols were examined, highlighting their role in
achieving precise temporal alignment among distributed devices. Furthermore, we explored
the concept of GALS systems, offering insights into achieving global coordination while al-
lowing local autonomy. Synchronous languages emerged as powerful tools for expressing
temporal constraints and facilitating verification in synchronous systems.
In conclusion, this chapter underscores the necessity of rigorous approaches to ensure the reli-
ability, safety, and efficiency of IoT applications. By leveraging formal verification techniques,
we can guarantee the correct behavior of these systems, thus enhancing their trustworthiness.
Moreover, signal synchronization is important for enabling seamless communication and co-
ordination among IoT devices, laying the foundation for dependable and scalable IoT ecosys-
tems.
96
Chapter 4
Contributions
Contents
4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
4.2 Case study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
4.3 General architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.4 Meta-model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.5 Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
4.6 Model to Text (M2T) Transformation . . . . . . . . . . . . . . . . . . . . . . . 105
4.6.1 Idsl2Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
4.6.2 Idsl2Lotos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
4.7 Prototype Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
4.7.1 Idsl2Python Generator . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
4.7.2 Idsl2LotosNT Generator . . . . . . . . . . . . . . . . . . . . . . . . . . 113
4.7.3 Similation-Based framework . . . . . . . . . . . . . . . . . . . . . . . 116
4.8 Integration of AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
4.8.1 AI for MDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
4.8.2 MDE for AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
4.9 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
4.10 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
4.11 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
97
4.1 Introduction
In this chapter, we will present a comprehensive exploration of the contributions made to our
project and delve into the core aspects. Furthermore, we will spot the lights on the challenges
we encountered, the notable achievements that we have attained, and the work that still lies
ahead. Additionally, we will provide insights into the tools and frameworks that have been
instrumental in our pursuit, offering a comprehensive overview of the technology landscape
that supports our work.
98
4.3 General architecture
Within this framework, numerous subdomains collaborate to form the overarching project.
At the outset, in the IoTFramework project (c.f figure 4.1), we utilized the Eclipse Modeling
Framework to establish an encore metamodel. This metamodel provides us with the capa-
bility to generate a dynamic XMI instance that adheres to its specifications. Additionally, we
create an OCL file containing constraints to validate the model.
Furthermore, we developed an Xtext project to create a DSL for our framework. This DSL
allows us to define models in a more intuitive and domain-specific manner. The created lan-
guage facilitates the creation of models tailored to our framework’s needs. Additionally, we
utilized a mwe2 file to generate the IDE for our language, providing developers with a seam-
less environment for modeling and development.
Moreover, we created two Acceleo projects to define model-to-language transformations. The
first project is dedicated to generating Python code, while the second one is responsible for
generating LNT code. These generated codes are integral to our approach. Firstly, the Python
code is executable on IoT devices, allowing for the implementation of the generated system.
Secondly, the LNT code is utilized in CADP to generate the LTS graph. This LTS graph is
utilized to interpret the behavioral model of the generated system, aiding in verification and
validation processes.
IoTFramework
EMF
Conform uses
to OCL file
contraints
CADP
Interpret behavioral Generate LTS files
model
Generated LTS files
4.4 Meta-model
The initial step in this research was to develop a meta-model for the IoT framework which en-
compasses classes for elements such as medical sensors (EEG, ECG), monitors, dataflows, and
various interfacers, along with all the necessary relationships between these classes and the
processes that happen like the inputs and outputs of dataflows in the interfacers. To achieve
this, we initiated an Ecore project which contained an Ecore file. This foundational Ecore file
paved the way to add a new .aird file. This file contains an editor that provides support for
quick editing of the semantic models independently of a Sirius representation. we used the
99
Sirius extension from EMF to visualize and realize the meta-model of the project.
Model::Main In this model, the dataflows class initiates the process by sending data to the monitor. Subse-
quently, the monitor acts as a central coordinator, forwarding this data to the interfacer classes
(c.f. Figure 4.2). These interfacer classes then carry out their respective processes, including
preprocessing, data processing, and synchronization. Once these operations are completed,
the interfacer classes send back the processed data to the monitor. This cyclical interaction en-
sures a systematic flow, with the data initially originating from the dataflows class and travers-
ing through the monitor to reach the interfacer classes for processing before returning to the
monitor.
Output
0..* +anomynousintputdataflowdescriptors
DataHolder
Thing DataCenter
0..* +anomynousoutputdataflowdescriptors
0..* +outputdataflowdescriptors
+dataflowdescriptor DataFlowDescriptor
0..1 1..* +inputdataflowdescriptors
0..* +dataflowdescriptors
+interfacerdescriptor InterfacerDescriptor
0..* +inputs
DataFlow 0..1
Interfacer
Synchronizer
SynchronizerDescriptor
0..* +interfacers
DataProcessor
DataProcessorDescriptor
PreProcessor
PreProcessorDescriptor
IotFramework
From an alternative perspective, this model encompasses a range of classes (c.f. Figure 4.3)
such as dataflow, dataflow descriptor, stream, stream descriptor, and others. Together, these
classes guarantee data consistency and ensure the creation of well-formed and well-configured
data streams. The model’s design focuses on maintaining the integrity of data as it traverses
through various components. Moreover, it’s worth noting that this model exhibits a certain
level of care in handling data, reflected in the multitude of classes dedicated to its manage-
ment.
100
Connexion StreamDescriptor
+parameters DomainParameter
-name: EString +parameters -name: EString
0..* -name: EString
-description: EString -samplingRate: EInt
0..*
-port: EInt -type: Type = string
0..* +parameters -description: EString
0..* +connexions
+streamdescriptors 0..* 0..* +streamdescriptors
Stream
-name: EString
DataFlowDescriptor
-name: EString IotFramework
-description: EString 0..* +dataflowdescriptors
-DataFlow_port: EInt +name: EString
0..1 +dataflowdescriptor
1..* +dataflows
Thing DataCenter
DataFlow
-name: EString
Xtext DSL. After establishing the meta-model, our next step involved the creation of a new
Xtext project. In this project, we used the Ecore file from the previous meta-model as a founda-
tion to define the DSL for our framework, named IDSL. This project includes a file dedicated
to defining the grammar for the targeted language. we start to define the concrete syntax of the
project that uses the meta-model components and their attributes. As an example, we define
the syntax of the main class IoTFramework and the Synchronizer as the following patterns :
101
1 IotFramework r e t u r n s IotFramework :
2 ’ IotFramework ’
3 name= E S t r i n g
4 ’{ ’
5 ( ’ description ’ description=EString )?
6 ( ’ port ’ p o r t = E I n t ) ?
7 ( ’ nb_ workers ’ nb_ workers= E I n t ) ?
8 ( ’ i n t e r f a c e r s ’ ’ { ’ i n t e r f a c e r s += I n t e r f a c e r ( " , "
9 i n t e r f a c e r s += I n t e r f a c e r ) * ’ } ’ ) ?
10 ’ dataflows ’ ’ { ’ d a t a f l o w s +=DataFlow ( " , "
11 d a t a f l o w s +=DataFlow ) * ’ } ’
12 ( ’ d a t a f l o w d e s c r i p t o r s ’ ’ { ’ d a t a f l o w d e s c r i p t o r s +=
13 DataFlowDescriptor ( " , " d a t a f l o w d e s c r i p t o r s +=
14 DataFlowDescriptor ) * ’ } ’ ) ?
15 ( ’ i n t e r f a c e r d e s c r i p t o r s ’ ’ { ’ i n t e r f a c e r d e s c r i p t o r s +=
16 I n t e r f a c e r D e s c r i p t o r ( " , " i n t e r f a c e r d e s c r i p t o r s +=
17 InterfacerDescriptor )* ’} ’ )?
18 ’} ’;
19 Synchronizer returns Synchronizer :
20 { S y n c h r o n i z e r } ’ Synchronizer ’
21 name= E S t r i n g
22 ’{ ’
23 ( ’ description ’ description=EString )?
24 ( ’ inputs ’ ’ ( ’ i n p u t s +=[ DataFlow| E S t r i n g ] ( " , " i n p u t s +=
25 [ DataFlow| E S t r i n g ] ) * ’ ) ’ ) ?
26 ( ’ outputs ’ ’ ( ’ outputs +=[ DataFlow| E S t r i n g ] ( " , " outputs+=
27 [ DataFlow| E S t r i n g ] ) * ’ ) ’ ) ?
28 ( ’ interfacerdescriptor ’ interfacerdescriptor=
29 [ I n t e r f a c e r D e s c r i p t o r|EString ] ) ?
30 ’} ’;
In the exploitation of Xtext for the development of IDSL language, central to this process was the "Gen-
erateIDSL.mwe2" file. This file, a Modeling Workflow Engine 2 (mwe2) artifact, was used as a workflow
description for the Xtext generator. Within this file, we describe the necessary components for the spe-
cific language, enabling the specification of code generation and configuring other essential settings. By
finishing the configuration of the ’GenerateIDSL.mwe2’ file and the deployment of XText project plug-
ins, we successfully generated a specialized editor for our custom language. This editor offers a range
of features to enhance our writing experience and code editing. It helps streamline our writing process
by offering word suggestions (c.f figure 4.4) and incorporates features like syntax highlighting, content
assist, and validation, all specifically adapted to the IDSL language. Its text coloring feature allows us
to highlight important sections, making it easier to identify key points or errors.
102
To work with the created language, we adopted the ".idsl" file extension for files created within our
project using this specialized editor. These ".idsl" files contain code written in the custom language (c.f
figure 4.5), especially adhering to the syntax and structure defined in the Xtext grammar.
4.5 Model
After defining the meta-model, we can create models that conform to it using various tools and meth-
ods, such as constructing models within the DSL we have developed or creating dynamic instances
from the Ecore meta-model as an XML Metadata Interchange (XMI) file. These models should align
with the specified relationships and guidelines set forth by the meta-model. To instantiate the model
we created an XMI file (c.f. Figure 4.6) that adheres to the previously established meta-model.
103
Figure 4.6: XMI model
However, a persistent issue arose during the validation of this model. It indicated successful valida-
tion, even when illogical meanings and configurations were established between the objects’ instances.
This issue highlighted the limitations in the validation process, presenting the need for more strict and
comprehensive validation criteria.
OCL constraints. In response to the previous limitation, we developed an OCL file, designed to incor-
porate additional constraints that the original meta-model couldn’t provide them. This implementation
of OCL constraints allowed for more accurate and meaningful validations. While the invariants may
seem simple, their implications carry significant weight particularly when considering the sensitivity
of IoT systems. As an example here are some examples of invariants for the interfacer synchronizer:
• add the pattern of the synchronizer’s name :
1 context Synchronizer
2 inv invalidSynchronizerName
3 ( ’ I n v a l i d name f o r : ’ + s e l f . name ) :
4 s e l f . name . matches ( ’ [ A−Za−z _ ] [A−Za−z 0 − 9 _ ] * ’ )
5 and s e l f . name . s i z e ( ) >= 3
1 context Synchronizer
2 inv n o t R e f l e x i v e S y n c h r o n i z e r I O :
3 s e l f . i n p u t s <> s e l f . outputs
• Each interfacer has its descriptor, in the synchronizer interfacer must match a synchronizerDe-
scriptor :
1 context Synchronizer
2 inv i n v a l i d S y n c h r o n i z e r D e s c r i p t o r :
3 s e l f . i n t e r f a c e r d e s c r i p t o r . oclIsKindOf
4 ( SynchronizerDescriptor )
104
To validate models that are newly created conform to the meta-model, we select validate the model
and then select the OCL file (c.f figure 4.7) that contains the meta-model constraints. If any mismatches
occur between the model and the specifications required in the meta-model or the constraints present
in the OCL file, an alert will appear containing errors and warnings. Errors indicate serious issues that
must be corrected before the model can be considered valid, while warnings highlight potential issues
that, while not critical, should be addressed for better model quality.
105
XMI file MTL file Output files
4.6.1 Idsl2Python
One of the main goals of the project is to generate code automatically for devices in the IoT system
without the need to have a deep knowledge of the user of how the code is implemented as the main
actors in the system are doctors who deal with medical aspects more than IT systems. The generated
Python code should comprehensively address various aspects of the system, including the definition of
monitors, interfacers, dataflows, and smart devices. Additionally, it should encompass the mechanism
through which smart devices connect to monitors, simultaneously and concurrently sending their data.
As data synchronization is the main feature we dealing with in this internship, the implemented code
of this process should follow defined streamlined steps (c.f. Figure 4.9). The synchronizer receives data
from the input dataflows of devices, directing them to the input Buffers. This input buffer concatenates
chunk data until it forms a complete buffer. Once a buffer is ready, it is added to a FIFO queue. When
the queues collectively hold at least one buffer, the synchronizer initiates a synchronization algorithm,
such as indexing, snapshot, interpolation, and rendezvous. During synchronization, the synchronized
data is redirected to an output Buffer. Once these output buffers are filled, they are redirected to output
FIFO queues. When the output FIFO queues accumulate at least one buffer, the synchronized data is
retrieved and returned to the monitor.
In this synchronization architecture, new devices can easily be integrated into the network without af-
fecting existing ones, as each device operates independently on its local clock. This makes it suitable for
dynamic environments where devices may join or leave the network frequently. This approach simpli-
fies the management and scalability of the IoT system, allowing for seamless expansion and adaptation
to changing requirements. Additionally, by abstracting the complexity of code implementation, espe-
cially for users like doctors who focus primarily on medical aspects, the system ensures a user-friendly
experience while maintaining robust functionality.
On the other side, the synchronization mechanism is targeted to be finely grained [96]. This level of
flexibility allows for the adaptation of the synchronization process to evolving requirements or the in-
corporation of additional features without disrupting the existing system. Moreover, it facilitates the
integration of advancements in synchronization algorithms or the introduction of specialized function-
alities tailored to specific use cases, ensuring the IoT system remains adaptable.
106
Synchronizer (interfacer)
3 Synchronization mechanism
Chunk synchronization
0 Interpolation function 4
Synchronizer Queues
Input Buffers 2
FIFO
Buffer 5
Queue
Output Buffers
1 Output
Queue 6 Buffer
Python Code Generation. we started by creating a new Acceleo project containing a new model to lan-
guage (.mtl) file, which served as the Acceleo template. In system development, we recognize that there
are unchanged (static) code segments, which typically encompass elements like classes from which we
instantiate objects. These static components remain constant throughout the development process, pro-
viding the foundational structure and functionality upon which the dynamic aspects of the system are
built. Alongside these static code segments, we also encounter dynamic code segments that present
variability based on the specific context in which they are employed. This dynamism may involve
modifications to variable attributes and the decision to instantiate objects from classes or not, depend-
ing on the evolving requirements and conditions.
Due to this distinction, we have divided the generated code into two categories: static templates, which
remain constant across every code generation cycle, and dynamic code which adapts based on the input
from the new model.
Static code. For instance, here is an example of a Stream object declaration class, which will be auto-
matically generated as a Python file with the ".py" extension:
1 [ f i l e ( ’ Stream ’ + ’ . py ’ , f a l s e ) ]
2 c l a s s Stream :
3 def __ i n i t _ _ ( s e l f , name , type , sample _ r a t e ) :
4 s e l f . name = name
5 s e l f . type = type
6 s e l f . sample _ r a t e = sample _ r a t e
7 [/ f i l e ]
Dynamic code. On the other side, the dynamic code presents a considerable workload. To create a
Python class for each object within the input model, It must extract these objects from the models using
queries. For example, this is how we can get the synchronizer interfacers:
107
1 [ query p u b l i c g e t S y n c h r o n i z e r
2 ( sync : OrderedSet ( I n t e r f a c e r ) ) :
3 OrderedSet ( S y n c h r o n i z e r ) = sync −>
4 s e l e c t ( e | e . oclIsKindOf ( Synchronizer ) )
5 −> c o l l e c t ( e | e . oclAsType ( S y n c h r o n i z e r ) )
6 −>asOrderedSet ( ) / ]
Subsequently, this query can serve various purposes, including its application in loops and conditional
statements.
Using the developed XMI file that accurately conforms with the meta-model and is verified using the
OCL constraints, we have effectively automated the generation of Python code. Upon executing the
generated main file and establishing connections with EEG and ECG devices, we interpreted the sim-
ulation of signals’ dataflows. The result of this process was the successful synchronization of signals
(c.f figure 4.10), evident in the transformation from asynchronized input signals to synchronized output
signals. As observed in the state of the art for this project, it became evident that the algorithms used
for signal synchronization faced significant challenges due to the computation limitations of connected
devices. These devices struggled to handle high connectivity demands for sending and receiving data.
Consequently, we chose to adopt the GALS concept [67].
GALS allows devices to operate on their local clocks without needing to overclock their computational
speed. Instead, they send data to a monitor, which synchronizes the data using buffers and FIFO queues
[67, 109, 150]. This approach effectively alleviates the charge on individual devices, enabling them to
function optimally within their computational limits while ensuring synchronized data transmission
and reception.
Implementing the GALS concept offers several advantages. First, it reduces the effort on individual
devices by allowing them to operate within their computational capabilities [154]. This prevents issues
such as bottlenecking and ensures smoother operation. Additionally, by using local clocks, devices can
perform tasks at their own speed, avoiding the need for them to synchronize their clocks with each
other, which can be challenging in large-scale networks. The use of buffers and FIFO queues by the
monitor facilitates efficient data synchronization. Buffers temporarily store data to accommodate vari-
ations in transmission rates between devices, while FIFO queues ensure that data is processed in the
order it was received, maintaining the integrity of the information. Furthermore, GALS architecture
promotes scalability and flexibility. New devices can easily be integrated into the network without af-
fecting existing ones, as each device operates independently on its local clock. This makes it suitable
for dynamic environments where devices may join or leave the network frequently.
108
Figure 4.10: Synchronization of the EEG signals and ECG signals
4.6.2 Idsl2Lotos
Synchronization with LOTOS NT. Using the CADP (Construction and Analysis of Distributed Pro-
cesses) toolbox(c.f figure 4.11), various properties of the system described in LNT can be checked. Our
focus in this project is on evaluating the behavior of the EEG and ECG components when they are con-
currently transmitting data. we aim to evaluate the system’s synchronization mechanisms and define
the relationships between the components. This analysis allows us to gain insights into how the system
manages data flow and inter-component coordination, ensuring the robustness and reliability of the
system design. Also, we can evaluate properties related to system behavior, such as detecting dead-
locks and liveness, as well as inspecting the data within the communication components of a process.
Initially, we extracted the processes present in our specification to obtain the primary LNT specification.
109
Figure 4.11: CADP Graphical User Interface
In our specification, the main process needs to synchronize with the EEG and ECG processes. These
EEG and ECG processes operate in a purely interleaved parallel manner. This interleaved parallelism
ensures that the actions of the EEG and ECG can take place simultaneously, without one process waiting
for the other to complete.
1 par
2 EEG [ c on nec t _EEG , send _ data _EEG ]
3 ||
4 ECG [ c o nne ct _ECG, send _ data _ECG ]
5 end par
However, despite this parallelism, synchronization with the monitor is crucial to ensure the sending
and receiving of data. In other words, the monitor is synchronized with EEG and ECG with send-
DataEEG and sendDataECG gates respectively and ensures the send/receive communication with the
smart devices.
110
1 par send _ data _EEG , send _ data _ECG i n
2 MONITOR [ i n i t _ Monitor , . . . , send _ data _EEG , send _ data _ECG ]
3 ||
4 par
5 EEG [ c onnec t _EEG , send _ data _EEG ]
6 ||
7 ECG [ c o nn ect _ECG , send _ data _ECG ]
8 end par
9 end par
To ensure the transfer of data through the sendDataEEG and sendDataECG gates, it’s essential to es-
tablish a channel. These gates use the channels to guarantee the passing flow of data between devices.
Additionally, the channel must be configured to handle data types that match the content sent by these
gates. For instance, the sendDataEEG and sendDataECG gates use the dataChannel, which manages the
data exchange between the monitor and smart devices, employing the variable type ’data’ for seamless
communication.
In the creation of the EEG and ECG process, we should introduce the sendData gate with a channel of
type dataChannel, which is linked between these devices and the Monitor. Here’s an example of how
to introduce the ECG process :
To ensure the monitor receives data, the work begins with the initialization of the monitor process.
Subsequently, the monitor will await incoming data from the devices (EEG and ECG). In this example,
we illustrate how the monitor manages incoming data. It employs a condition where, if the buffer is not
at full capacity, the monitor accepts the incoming data. Otherwise, when the buffer reaches its capacity,
the monitor pushes the existing chunk and then reinitializes the buffer to accept the new incoming
data.
111
1 p r o c e s s MONITOR [ i n i t _ monitor : none , . . . ,
2 send _ data _ECG : data _ channel , . . . ] is
3 var data _EEG : data , B1 : B u f f e r , Remaining : Nat , . . . i n
4 Buffer =: { } ;
5 Remaining = : 1 0 0 ;
6 i n i t _ monitor ;
7 // o t h e r behavior here
8 ( * monitor r e c i e v e EEG data * )
9 send _ data _EEG ( ? data _EEG ) ;
10 i f l e n g t h ( Remaining ) > l e n g t h ( data _EEG) then
11 B u f f e r = : i n s e r t ( data _EEG , B u f f e r ) ;
12 Remaining = : Remaining − l e n g t h ( data _EEG ) ;
13 else
14 ...
15 end i f
112
libraries. As the project progressed, it became evident that certain libraries used in the generated code
were either outdated or incompatible with other components. This necessitated revisiting the MTL file
to ensure that the appropriate libraries were being utilized, and compatibility issues were addressed
effectively. In Python, implementation is crucial for defining code blocks, and any errors in tabulation
can lead to syntax errors or unexpected behavior. The MTL file needed adjustments to ensure consistent
and correct tabulation throughout the generated code.
113
3
From these enumerations of the system processes (c.f. Figure 4.13 for the expected EEG process), we
used software developed at LAAS-CNRS, called "nd," to design the LTS for the processes, and This
increased our understanding of the system’s behavior, particularly as we observed the primary chal-
lenge of data synchronization and encountered the complexity of representing concurrency within the
system’s behavior.
114
Figure 4.13: Expected EEG process behavior
As previously mentioned, the goal of this generated code is to create the behavioral model of the system
in the form of a Labelled Transition System (LTS) graph. Initially, when we started using LOTOS NT, we
attempted to encapsulate all the specifications within a single LNT file. However, this approach resulted
in a huge number of transitions (c.f. Figure 4.14), making the generated graph complex, unclear, and
challenging to interpret.
This observation highlighted a significant issue in our prior work and led us to rethink our approach,
and we decided to decompose the specifications into distinct modules, interpreting each model sepa-
rately. After several iterations, we managed to reduce the number of transitions compared to the initial
attempt, such as the LTS of the buffer used for smart things (c.f. Figure 4.15). we realized that changing
the processes into smaller modules could be important to make the graph more comprehensive and
expressive.
Therefore, instead of consolidating the behavior specifications of the entire system into a single file,
we began to decompose the specification processes into smaller modules. This approach outcomes
in simplified results for each module for the interpretation but the same issue persisted when execut-
ing these modules as the complete system specification. Throughout this work, frequent issues also
persisted in the form of deadlocks. These deadlocks highlighted scenarios within the generated code
where processes or threads were blocked, and unable to proceed, thus adding a layer of complexity to
the development process. This code was a culmination of extensive effort. With LOTOS NT, we iterated
through five versions (c.f. Table 4.2), continually enhancing it with each revision.
115
Iteration Language N° of files N° of lines N° of transitions Completed
1 LOTOS 1 106 173598 No
2 LOTOS NT 1 411 1868754 Yes
3 LOTOS NT 1 357 278955 Yes
4 LOTOS NT 3 287 +17866 No
5 LOTOS NT 6 326 +3459 No
6 LOTOS NT 7 749 +48390 No
Upon reviewing this table, we gather that this approach requires additional time to address its chal-
lenges, particularly in minimizing transitions within the LTS. Additionally, we find that the concurrency
in the system makes it challenging to interpret the generated LTS (c.f. Figure 4.16). For each state, we
observed a significant number of transitions, mainly attributed to the non-determinism of the system,
further complicating the determination of the next transition in the sequence, resulting in an increasing
number of remaining transitions.
4.8 Integration of AI
In this state-of-the-art exploration, we delved into the bidirectional integration of AI in MDE4AI and
AI4MDE. In this project, we propose several key points to exploit the capabilities of AI.
116
to a meta-model with constraints, users can interact with a chatbot designed to understand system com-
ponents and their behaviors. By describing the system through natural language input, users provide
the AI algorithm with the necessary information. The AI algorithm then processes this data, iden-
tifying patterns and relationships, and subsequently generates models that conform to the specified
meta-model and its constraints. This approach (c.f figure ai4mde here) streamlines the model creation
process, offering an intuitive and accessible way for users to articulate their system requirements with-
out requiring explicit knowledge of modeling languages or formal specifications. The integration of a
chatbot facilitates a user-friendly experience, enabling users with diverse backgrounds to effortlessly
contribute to the model generation process.
AI
Algorithms
117
Select Hyper-parameters
Select learning M2T Generated AI
Select input data (libraries, epochs,
method Templates Model
optimizer,…)
Optimization suggestions
4.9 Evaluation
Our vision is to create a comprehensive framework that leverages MDE and extends it to accommo-
date AI for AI4MDE, MDE4AI, and MDE4IoT, along with signal synchronization, formal verification
techniques, code generation, and domain-specific language. While some aspects of this framework are
already completed, others are ongoing and will require time to be fully realized in our next phases of
work.
Our framework is currently under development, and it serves as a foundation for comparison with
existing works. In table 4.3, we outline how our approach stacks up against other frameworks in var-
ious domains, ensuring a comprehensive evaluation based on the domains they cover. Our approach
is designed to cater to all these domains, ensuring a holistic solution for Model-Driven Engineering
applications.
FORMAL CODE
MDE4AI AI4MDE MDE4IOT SYNCHRONIZATION DSL/ VDSL
VERFICATION GENERATION
ML-Quadrat YES NO YES NO NO DSL YES
Crossover for Model-
NO YES NO NO YES — NO
Driven Optimization
DSL-4-IoT GUI NO NO YES NO NO VDSL Yes
SCADA Testing
NO NO YES NO YES — NO
Framework using EMF
Our approach YES YES YES YES YES BOTH YES
Combining insights from the previous table and our literature review, it’s evident that prior works often
face challenges in specific domains and use cases. Rarely do we find combinations between different
domains, unlike what we see in the following table 4.4, which summarizes the comparison between our
work and others. This summary highlights that our work is original, particularly in signal synchroniza-
tion using MDE techniques. This represents a significant advancement in the field, filling a crucial gap
in the existing research landscape.
118
Domain Our Approach Other Works
AI4MDE Integration of AI techniques into Varies, often limited to specific
MDE processes AI-MDE integration
MDE4AI Use of MDE to support AI devel- Limited adoption, often lacks a
opment unified framework
MDE4IoT Application of MDE principles Scattered implementations,
in IoT development lacks comprehensive approach
Signal Synchronization Incorporation of signal synchro- Not addressed in other frame-
nization techniques works
Formal Verification Integration of formal verifica- Present in some, but not always
tion techniques as a core component
Code Generation Automated generation of code Common, but varies in sophisti-
from models cation and integration
DSL Development of Domain Spe- Varies, often limited or not em-
cific Languages DSLs phasized
4.10 Deployment
The project is hosted on a GitHub repository, which serves as a central platform for collaboration and
version control. Within this repository, there are three main components. First, there’s a referenced
papers folder containing all the relevant literature and documents. Second, there’s a shared text file
updated weekly, featuring work checkpoints summarizing the week’s progress and tasks completed,
along with a list of missing items to be addressed in the upcoming week. This structured approach
ensures transparency and facilitates effective collaboration among team members by providing clear
insight into the project’s status and upcoming tasks. And finally, the dealt works folder (c.f figure 4.19)
encompasses the project’s code and components such as EMF Meta-model, Acceleo projects, OCL files,
and other resources necessary for its development.
119
4.11 Conclusion
In conclusion, this work represents an extensive undertaking, requiring substantial effort to be realized
fully. Throughout our endeavor, we have established the success of our approach, primarily evidenced
by the successful execution of the generated Python code. This demonstrates the efficacy of our frame-
work and validates the direction of our research efforts. However, Our work has highlighted several
areas that require further development and refinement. The complexity of the domains we are ad-
dressing necessitates continued exploration and refinement of our methodologies. Nevertheless, our
framework has laid a solid foundation for future advancements. By demonstrating the effectiveness of
MDE techniques, particularly in signal synchronization, we have opened new avenues for research and
innovation in this field.
Moving forward, our focus will be on addressing the remaining challenges and expanding the capabili-
ties of our framework. This will involve further refinement of our techniques, as well as the integration
of additional functionalities to enhance its applicability in diverse scenarios.
120
Conclusion
Contents
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Achievements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Perspectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
121
Conclusion
The fusion of SE, AI, and IoT in this internship topic presents a promising avenue for advancing the
field of DSL development, with a focus on the future of IoT framework. This project marks a start ef-
fort in the employment of MDE within an application for a particular healthcare system, specifically
aimed at advancing the synchronization of concurrent biomedical devices data. The overall framework
under development encompasses various details, including behavioral modeling, structural modeling,
semantics, and signal handling. As another feature, this project aims to adapt AI techniques in MBSE
which will improve the system design level and avoid the complexity of implementing AI models
for the users. The clarity of the project was somewhat compromised by its ambiguity concerning the
required effort and proficiency across diverse domains including signal synchronization, formal verifi-
cation, and other relevant fields such as MDE4AI and AI4MDE.
Achievements
In this internship, we acquired extensive knowledge across diverse IT domains. Furthermore, we
delved into the evolution of software development, discovering how elevating the abstraction level
can enhance the reliability of solutions for targeted problems and handle a variety of challenges in IT
fields. Also led us to realize that abstraction opens up a new way of thinking. In this state-of-the-art,
we saw that AI extends its typical use in IoT and defines new synergy with model-based software de-
velopment. This exploration has expanded our perspective and eliminated any limited vision of tools
and their field of applications. At the start of the internship, we gained a deep understanding of Ecore
meta-modeling language. our exploration began by delving into the practical aspects of this concept
through scientific papers, documentation, and exercises provided by our supervisor, such as PetriNet
and SimplePDL (Process Description Language).
we learned the concept of abstract syntax, which involves defining the essential elements of systems
without delving into specific details. This provides a high-level structure for modeling systems. To
enforce rules and constraints within these models, we learned also the OCL and applied it to add con-
straints and invariants to meta-models. Moving on to concrete syntax, we explored DSLs and their
strengths in software development. we used Xtext to implement textual concrete syntax, enabling us
to create new languages with customized grammar and extensions. This expertise allowed us to gen-
erate and execute code efficiently. Additionally, we learned graphical concrete syntax by using the
Sirius extension within EMF. This gave us the ability to design intuitive graphical representations of
meta-models and create GUI editors. Also, we have acquired proficiency in ATL to perform model-to-
model transformations. This skill enhances our knowledge for efficiently translating and transforming
models, contributing to the versatility of our model-driving development capabilities. Besides that, we
expanded our knowledge of model-to-text transformations, such as using the Acceleo extension. This
skill enabled us to automatically generate textual files from models, streamlining the code generation
process.
The synchronization issue remains an ongoing research challenge, drawing the attention of numerous
researchers dedicated to improving various approaches. In this state, we had the opportunity to en-
counter the GALS system. As in the context of our project, where device resources are constrained,
incorporating the GALS aspect emerges as a good solution for synchronization. After reviewing papers
on signal synchronization, the selected approach involved having the bio-medical devices generate in-
terleaving data where these data are transmitted to a monitor node responsible for orchestrating them
and implementing the synchronization mechanism using its interfaces. This approach necessitated
a thorough verification of the system’s behavior, specifically checking for any potential deadlocks or
lack of synchronization. In this context, we had the opportunity to acquire knowledge in synchronous
programming and formal verification languages, we learned the fundamental concepts of formal verifi-
cation and gained the capability to implement the formal specifications of systems using LOTOS code,
as well as the enhanced version of LOTOS NT. This endeavor took much time to learn and utilize effec-
tively, especially when running the implemented code in the CADP toolbox that provides a platform
for model checking, equivalence checking, and other formal verification techniques.
This milestone demonstrates the feasibility of our approach and signifies the first step toward future
work in this domain especially when the generated Python code succeeds in synchronizing the data
stream.
122
Perspectives
At this significant milestone, We are currently concentrating on verifying and validating our system to
meet the specified requirements and behavior as intended. Since the output of the generated LTS is not
interpretable, we will explore alternative strategies to enhance the LTS outcomes. Simultaneously, we
are actively preparing and finalizing the results for submission to an international conference to share
our findings, implementations, and insights with the wider academic community and contribute to the
advancement of knowledge in this field. Additionally, we will test the scalability of the system and
its endurance to handle more numbers of connected devices and interpret the synchronization of data
flows.
In the long-term perspective, we plan to leverage AI models, encompassing both machine and deep
learning models, in our system. This aligns with the latest advancements in research areas such as
MDE4AI and AI4MDE. Using AI algorithms, such as language models, ensures the creation of models
that conform with the meta-model. This empowers users to customize the system’s components and
behavior according to their needs. In addition, users have the flexibility to reform and enhance system
configurations. This enhancement extends to defining new configurations targeted to specific needs.
Furthermore, users can dynamically modify executed algorithms and choose the preferred learning
methods for optimal performance. This customizable approach ensures a personalized and adaptable
user experience, empowering users to adjust the system according to their unique requirements and
preferences. At this point, our focus is on implementing algorithms that transform the complexity of
ML models into a seamless black-box experience where the system chooses the best parameters auto-
matically. The objective is to empower users by automating the selection and determining the most
effective parameters that can have the best evaluation metrics. Besides that, we will try to standardize
this framework in the IoT field which can encompass a diversity of devices such as Electromyography
(EMG) to enable the interpretation of the new correlations between the processed data and make the
task easier and not time-consuming like traditional interpretation.
Furthermore, we aim to enhance this framework by enabling it to possess self-healing capabilities and
the capacity to adapt to its environments. This is crucial to bridge the knowledge gap between the
system and users. This task involves modifying the model dynamically during runtime and redeploy-
ing the executed code. Another enhancement that can be done is to enforce our framework by adding
OCL constraints. This will increase the system’s robustness through rigorous verification of interactions
between system components components.
123
Bibliography
[1] Arthur M Geoffrion. “An introduction to structured modeling”. In: 33.5 (1987), pp. 547–
588.
[2] Jaeho Jeon, InGeol Chun, and WonTae Kim. “Metamodel-based CPS modeling tool”.
In: Springer. 2012, pp. 285–291.
[3] Grady Booch, Ivar Jacobson, James Rumbaugh, et al. “The unified modeling language”.
In: 14.13 (1996), p. 5.
[4] Anthony Clark and Andy Evans. “Foundations of the Unified Modeling Language.” In:
Springer. 1997.
[5] Russ Miles and Kim Hamilton. " O’Reilly Media, Inc.", 2006.
[6] Petri Kukkala et al. “UML 2.0 profile for embedded system design”. In: IEEE. 2005,
pp. 710–715.
[7] Maryam Jamal and Nazir Ahmad Zafar. “Formalizing structural semantics of UML 2.5
activity diagram in Z Notation”. In: IEEE. 2016, pp. 66–71.
[8] Parastoo Mohagheghi et al. “MDE adoption in industry: challenges and success crite-
ria”. In: Springer. 2009, pp. 54–59.
[9] Tahar Gherbi, Djamel Meslati, and Isabelle Borne. “MDE between Promises and Chal-
lenges”. In: IEEE. 2009, pp. 152–155.
[10] Emmanuelle Rouillé et al. “Bridging the Gap between Software Process and Software
Development”. In: 2011.
[11] David Ameller. “Considering non-functional requirements in model-driven engineer-
ing”. MA thesis. Universitat Politècnica de Catalunya, 2009.
[12] Arie Van Deursen, Eelco Visser, and Jos Warmer. “Model-driven software evolution: A
research agenda”. In: Citeseer. 2007, pp. 41–49.
[13] João de Sousa Saraiva and Alberto Rodrigues da Silva. “Evaluation of MDE tools from
a metamodeling perspective”. In: 19.4 (2008), pp. 21–46.
[14] Ludovico Iovino, Alfonso Pierantonio, and Ivano Malavolta. “On the Impact Signifi-
cance of Metamodel Evolution in MDE.” In: 11.3 (2012), pp. 3–1.
[15] Ulrich Frank. “Domain-specific modeling languages: requirements analysis and design
guidelines”. In: (2013), pp. 133–157.
[16] Juan de Lara, Esther Guerra, and Jesús Sánchez Cuadrado. “Model-driven engineering
with domain-specific meta-modelling languages”. In: 14 (2015), pp. 429–459.
[17] Matthew Emerson and Janos Sztipanovits. “Techniques for metamodel composition”.
In: 2006, pp. 123–139.
[18] Tony Clark, Paul Sammut, and James Willans. 2008.
[19] Douglas C Schmidt. “Model-Driven Engineering”. en. In: 39.2 (2006).
[20] Jean Bézivin. “On the unification power of models”. In: 4 (2005), pp. 171–188.
124
[21] Cornelia Caragea and Vasant Honavar. “Machine Learning in Computational Biology”.
en. In: ().
[22] Marcello Mariucci. “Introduction to OMG Modelling”. In: 15 (2000).
[23] Nicolas F Rouquette. “Simplifying OMG MOF-based metamodeling”. In: Springer. 2016,
pp. 97–118.
[24] Ferry Pramudianto, Indra Rusmita, and Mathias Jarke. “Model Driven Development
for Internet of Things Application Prototyping”. en. In: ().
[25] Eelco Visser. “WebDSL: A case study in domain-specific language engineering”. In:
(2008), pp. 291–373.
[26] Florian Heidenreich et al. “Integrating OCL and textual modelling languages”. In: Springer.
2011, pp. 349–363.
[27] Henning Heitkötter. “A Framework for Creating Domain-specific Process Modeling
Languages.” In: 2012, pp. 127–136.
[28] Claudia Maricela Sosa-Reyna et al. “A Methodology Based on Model-Driven Engineer-
ing for IoT Application Development”. en. In: (2018).
[29] Mostapha Melouk, Yassine Rhazali, and Hadi Youssef. “An Approach for Transforming
CIM to PIM up To PSM in MDA”. In: 170 (2020), pp. 869–874.
[30] Manuel Wimmer and Loli Burgueño. “Testing m2t/t2m transformations”. In: Springer.
2013, pp. 203–219.
[31] M Akif Özkan et al. “HipaccVX: wedding of OpenVX and DSL-based code generation”.
In: 18 (2021), pp. 765–777.
[32] Tomas Bures, Michal Malohlava, and Petr Hnetynka. “Using DSL for automatic gener-
ation of software connectors”. In: IEEE. 2008, pp. 138–147.
[33] Federico Ciccozzi and Romina Spalazzese. “MDE4IoT: Supporting the Internet of Things
with Model-Driven Engineering”. en. In: ed. by Costin Badica et al. Vol. 678. Series Ti-
tle: Studies in Computational Intelligence. Cham: Springer International Publishing,
2017, pp. 67–76. ISBN: 978-3-319-48829-5. DOI: 10.1007/978- 3- 319- 48829- 5_7. URL:
http://link.springer.com/10.1007/978-3-319-48829-5_7.
[34] Colin Atkinson and Thomas Kühne. “The essence of multilevel metamodeling”. In:
Springer. 2001, pp. 19–33.
[35] Barrett Bryant et al. “Challenges and Directions in Formalizing the Semantics of Mod-
eling Languages”. In: 8 (May 2011). DOI: 10.2298/CSIS110114012B.
[36] Milan Milanović et al. “Bridging concrete and abstract syntaxes in model-driven engi-
neering: a case of rule languages”. In: 39.16 (2009), pp. 1313–1346.
[37] Angelo Gargantini, Elvinia Riccobene, Patrizia Scandurra, et al. “Metamodelling a for-
mal method: applying mde to abstract state machines”. In: (2006).
[38] Suzana Andova et al. “MDE Basics with a DSL Focus”. In: Springer, 2012, pp. 21–57.
[39] Mark Richters and Martin Gogolla. “OCL: Syntax, semantics, and tools”. In: Springer,
2002, pp. 42–68.
[40] Jordi Cabot and Martin Gogolla. “Object constraint language (OCL): a definitive guide”.
In: Springer, 2012, pp. 58–90.
[41] Angelo Gargantini, Elvinia Riccobene, and Patrizia Scandurra. “Combining formal meth-
ods and MDE techniques for model-driven system design and analysis”. In: 1 (2010).
[42] Tony Clark, Paul Sammut, and James Willans. en. arXiv:1505.00149 [cs]. May 2015. URL:
http://arxiv.org/abs/1505.00149.
125
[43] Athanasios Zolotas et al. “Type Inference Using Concrete Syntax Properties in Flexible
Model-Driven Engineering.” In: 2015, pp. 22–31.
[44] Moritz Eysholdt and Heiko Behrens. “Xtext: implement your language faster than the
quick and dirty way”. In: 2010, pp. 307–309.
[45] Lorenzo Bettini. Packt Publishing Ltd, 2016.
[46] Valdivino Santiago et al. “An environment for automated test case generation from
statechart-based and finite state machine-based behavioral models”. In: IEEE. 2008,
pp. 63–72.
[47] Bartosz Jasiul, Marcin Szpyrka, and Joanna Śliwa. “Malware behavior modeling with
Colored Petri nets”. In: Springer. 2014, pp. 667–679.
[48] Roberto Gorrieri and Roberto Gorrieri. “Labeled transition systems”. In: (2017), pp. 15–
34.
[49] Thomas Stroeder and Maurice Pagnucco. “Realising deterministic behavior from mul-
tiple non-deterministic behaviors”. In: Citeseer. 2009.
[50] Ilaria Castellani. “Bisimulations for concurrency”. In: (1987).
[51] Sathiya Kumaran Mani et al. en. arXiv:1806.02474 [cs]. June 2018. URL: http://arxiv.
org/abs/1806.02474.
[52] D.L. Mills. en. Tech. rep. RFC0958. RFC Editor, 1985, RFC0958. DOI: 10.17487/rfc0958.
URL : https://www.rfc-editor.org/info/rfc0958.
[53] David L. Mills. “A Brief History of NTP Time: Memoirs of an Internet Timekeeper”.
In: 33.2 (2003), pp. 9–21. ISSN: 0146-4833. DOI: 10.1145/956981.956983. URL: https:
//doi.org/10.1145/956981.956983.
[54] Nikhil Tripathi and Neminath Hubballi. “Preventing time synchronization in NTP broad-
cast mode”. In: 102 (2021), p. 102135. ISSN: 0167-4048. DOI: https://doi.org/10.1016/
j.cose.2020.102135. URL: https://www.sciencedirect.com/science/article/pii/
S0167404820304089.
[55] Z Mahesh Kumar and R Manjula. “Performance Comparison of Phys”. In: ().
[56] DL Mills. 1985.
[57] Leslie Lamport. “Time, clocks, and the ordering of events in a distributed system”. en.
In: 21.7 (1978).
[58] K Mani Chandy and Leslie Lamport. “Distributed snapshots: Determining global states
of distributed systems”. In: 3.1 (1985), pp. 63–75.
[59] Michel Raynal and Gadi Taubenfeld. “A visit to mutual exclusion in seven dates”. In:
919 (2022), pp. 47–65.
[60] Lifu Guo. “Synchronization expressions in parallel programming languages”. In: (1995).
[61] Edsger W Dijkstra. “Cooperating sequential processes”. In: Springer, 2002, pp. 65–138.
[62] David P Reed and Rajendra K Kanodia. “Synchronization with eventcounts and se-
quencers”. In: 22.2 (1979), pp. 115–123.
[63] Ralph C Hilzer Jr. “Synchronization of the Producer/Consumer problem using semaphores,
monitors, and the Ada Rendezvous”. In: 26.3 (1992), pp. 31–39.
[64] Per Brinch Hansen. Prentice-Hall, Inc., 1973.
[65] Charles Antony Richard Hoare. “Monitors: An operating system structuring concept”.
In: 17.10 (1974), pp. 549–557.
[66] Daniel Chapiro. “Globally-asynchronous locally-synchronous systems”. In: (Sept. 1984).
126
[67] Paul Teehan, Mark Greenstreet, and Guy Lemieux. “A survey and taxonomy of GALS
design styles”. In: 24.5 (2007), pp. 418–428.
[68] Hyoung-Kook Kim et al. “Testing of synchronizers in asynchronous FIFO”. In: 29 (2013),
pp. 49–72.
[69] Moein Razavi et al. “OpenSync: An open-source platform for synchronizing multiple
measures in neuroscience experiments”. In: 369 (2022), p. 109458.
[70] Somayya Madakam et al. “Internet of Things (IoT): A literature review”. In: 3.05 (2015),
p. 164.
[71] Daniele Miorandi et al. “Internet of things: Vision, applications and research challenges”.
In: 10.7 (2012), pp. 1497–1516. ISSN: 1570-8705. DOI: https: //doi .org/10 .1016/ j.
adhoc.2012.02.016. URL: https://www.sciencedirect.com/science/article/pii/
S1570870512000674.
[72] Jayavardhana Gubbi et al. “Internet of Things (IoT): A vision, architectural elements,
and future directions”. en. In: 29.7 (2013), pp. 1645–1660. ISSN: 0167739X. DOI: 10.1016/
j.future.2013.01.010. URL: https://linkinghub.elsevier.com/retrieve/pii/
S0167739X13000241.
[73] Pankesh Patel and D. Cassou. “Enabling high-level application development for the
internet of things”. In: 103 (Jan. 2015), pp. 62–84. DOI: 10.1016/jjss.2015.01.027.
[74] P.P. Ray. “A survey on Internet of Things architectures”. en. In: 30.3 (July 2018), pp. 291–
319. ISSN: 13191578. DOI: 10.1016/j.jksuci.2016.10.003. URL: https://linkinghub.
elsevier.com/retrieve/pii/S1319157816300799.
[75] Sabine Wolny, Alexandra Mazak, and Bernhard Wally. “An Initial Mapping Study on
MDE4IoT.” In: 2018, pp. 524–529.
[76] Jörg Christian Kirchhof et al. “Model-Driven Self-Adaptive Deployment of Internet of
Things Applications with Automated Modification Proposals”. In: 3.4 (2022). DOI: 10.
1145/3549553. URL: https://doi.org/10.1145/3549553.
[77] Manuela Dalibor et al. “Tagging Model Properties for Flexible Communication.” In:
2019, pp. 39–46.
[78] J S et al. “Towards Integrated Model-Driven Testing of SCADA Systems Using the
Eclipse Modeling Framework and Modelica”. en. In: ISSN: 1530-0803. Perth, Australia:
IEEE, Mar. 2008, pp. 149–159. ISBN: 978-0-7695-3100-7. DOI: 10 . 1109 / ASWEC . 2008 .
4483203. URL: http://ieeexplore.ieee.org/document/4483203/.
[79] Nicolai M Josuttis. " O’Reilly Media, Inc.", 2007.
[80] Jose Manuel Perez, Francisco Ruiz, and Mario Piattini. “MDE for BPM: a systematic
review”. In: Springer. 2008, pp. 127–135.
[81] Niels Schot. “QoS-aware model-driven SOA using SoaML”. MA thesis. University of
Twente, 2012.
[82] Cleber Jorge Lira de Santana, Brenno de Mello Alencar, and Cássio V. Serafim Prazeres.
“Reactive microservices for the internet of things: a case study in fog computing”. en.
In: Limassol Cyprus: ACM, 2019, pp. 1243–1251. ISBN: 978-1-4503-5933-7. DOI: 10.1145/
3297280.3297402. URL: https://dl.acm.org/doi/10.1145/3297280.3297402.
[83] Paolo Francesco, Ivano Malavolta, and Patricia Lago. “Research on Architecting Mi-
croservices: Trends, Focus, and Potential for Industrial Adoption”. In: Apr. 2017, pp. 21–
30. DOI: 10.1109/ICSA.2017.24.
127
[84] A. Salihbegovic et al. “Design of a domain specific language and IDE for Internet of
things applications”. en. In: Opatija, Croatia: IEEE, May 2015, pp. 996–1001. ISBN: 978-
953-233-082-3. DOI: 10.1109/MIPRO.2015.7160420. URL: http://ieeexplore.ieee.
org/document/7160420/.
[85] Benjamin Bertran et al. “DiaSuite: A tool suite to develop Sense/Compute/Control ap-
plications”. In: 79 (2014), pp. 39–51.
[86] Carlos Cetina et al. “Tool support for model driven development of pervasive systems”.
In: IEEE. 2007, pp. 33–44.
[87] Julien Mineraud et al. “A gap analysis of Internet-of-Things platforms”. In: 89 (2016),
pp. 5–16.
[88] Abdelouahab Fortas, Elhillali Kerkouche, and Allaoua Chaoui. “Application of MDE in
the Development of IoT Systems: A Simulation-Based Approach”. en. In: Jijel, Algeria:
IEEE, Nov. 2022, pp. 93–98. ISBN: 978-1-66546-188-7. DOI: 10.1109/I3CIS56626.2022.
10075784. URL: https://ieeexplore.ieee.org/document/10075784/.
[89] Armin Moin et al. “A Model-Driven Approach to Machine Learning and Software Mod-
eling for the IoT”. en. In: 21.3 (June 2022). arXiv:2107.02689 [cs], pp. 987–1014. ISSN:
1619-1366, 1619-1374. DOI: 10.1007/s10270- 021- 00967- x. URL: http://arxiv.org/
abs/2107.02689.
[90] Armin Moin, Stephan Rössler, and Stephan Günnemann. “Augmenting Model-Driven
Software Engineering for the Internet of Things with Machine Learning”. en. In: ().
[91] Rajeev Alur. “Formal verification of hybrid systems”. en. In: Taipei Taiwan: ACM, Oct.
2011, pp. 273–278. ISBN: 978-1-4503-0714-7. DOI: 10 . 1145 / 2038642 . 2038685. URL:
https://dl.acm.org/doi/10.1145/2038642.2038685.
[92] Jörg Christian Kirchhof et al. en. arXiv:2209.07282 [cs]. 2022. DOI: 10.1145/3550356.
3561576. URL: http://arxiv.org/abs/2209.07282.
[93] Evgeny Kusmenko et al. “Modeling and Training of Neural Processing Systems”. en.
In: Munich, Germany: IEEE, 2019, pp. 283–293. ISBN: 978-1-72812-536-7. DOI: 10.1109/
MODELS.2019.00012. URL: https://ieeexplore.ieee.org/document/8906978/.
[94] Panagiotis Kourouklidis et al. “A Model-Driven Engineering Approach for Monitor-
ing Machine Learning Models”. en. In: Fukuoka, Japan: IEEE, Oct. 2021, pp. 160–164.
ISBN: 978-1-66542-484-4. DOI : 10.1109/MODELS- C53483.2021.00028. URL : https://
ieeexplore.ieee.org/document/9643788/.
[95] Stuart Kent. “Model Driven Engineering”. In: ed. by Michael J. Butler, Luigia Petre, and
Kaisa Sere. Vol. 2335. Lecture Notes in Computer Science. Springer, 2002, pp. 286–298.
DOI : 10.1007/3-540-47884-1\_16. URL : https://doi.org/10.1007/3-540-47884-
1%5C_16.
[96] Thomas Hartmann et al. “The next evolution of MDE: a seamless integration of machine
learning into domain modeling”. en. In: 18.2 (2019), pp. 1285–1304. ISSN: 1619-1366,
1619-1374. DOI: 10.1007/s10270-017-0600-2. URL: http://link.springer.com/10.
1007/s10270-017-0600-2.
[97] Luis Palacios Medinacelli, Florian Noyrit, and Chokri Mraidha. “Augmenting model-
based systems engineering with knowledge”. en. In: Montreal Quebec Canada: ACM,
Oct. 2022, pp. 351–358. ISBN: 978-1-4503-9467-3. DOI: 10.1145/3550356.3561548. URL:
https://dl.acm.org/doi/10.1145/3550356.3561548.
[98] Matthias Althoff. “An Introduction to CORA 2015.” In: 34 (2015), pp. 120–151.
[99] Grigoris Antoniou and Frank van Harmelen. “Web ontology language: Owl”. In: (2009),
pp. 91–110.
128
[100] Michael Beetz et al. “Know Rob 2.0 — A 2nd Generation Knowledge Processing Frame-
work for Cognition-Enabled Robotic Agents”. In: 2018, pp. 512–519. DOI: 10 . 1109 /
ICRA.2018.8460964.
[101] Jorge Pérez, Marcelo Arenas, and Claudio Gutierrez. “Semantics and complexity of
SPARQL”. In: 34.3 (2009), pp. 1–45.
[102] Martin O’connor et al. “Writing rules for the semantic web using SWRL and Jess”. In:
(2005).
[103] Stefan John. “Towards a Configurable Crossover Operator for Model-Driven Optimiza-
tion”. en. In: (2022).
[104] Ali Alnoman. “Supporting Delay-Sensitive IoT Applications: A Machine Learning Ap-
proach”. en. In: London, ON, Canada: IEEE, Aug. 2020, pp. 1–4. ISBN: 978-1-72815-442-
8. DOI: 10.1109/CCECE47787.2020.9255800. URL: https://ieeexplore.ieee.org/
document/9255800/.
[105] Yuzhou Li et al. “Green Heterogeneous Cloud Radio Access Networks: Potential Tech-
niques, Performance Tradeoffs, and Challenges”. In: 55 (Nov. 2017), pp. 33–39. DOI:
10.1109/MCOM.2017.1600807.
[106] José Antonio Hernández López, Javier Luis Cánovas Izquierdo, and Jesús Sánchez
Cuadrado. “ModelSet: a dataset for machine learning in model-driven engineering”.
en. In: 21.3 (June 2022), pp. 967–986. ISSN: 1619-1366, 1619-1374. DOI: 10.1007/s10270-
021-00929-3. URL: https://link.springer.com/10.1007/s10270-021-00929-3.
[107] Albert Benveniste and Gérard Berry. “The Synchronous Approach to Reactive and Real-
Time Systems”. In: 79 (Oct. 1991), pp. 1270–1282. DOI: 10.1109/5.97297.
[108] Stuart Bennett. en. 1. print. Prentice Hall International series in systems and control
engineering. New York: Prentice Hall, 1988. ISBN: 978-0-13-762485-0.
[109] Lina Marsso et al. “Asynchronous Testing of Synchronous Components in GALS Sys-
tems”. en. In: ed. by Wolfgang Ahrendt and Silvia Lizeth Tapia Tarifa. Vol. 11918. Se-
ries Title: Lecture Notes in Computer Science. Cham: Springer International Publish-
ing, 2019, pp. 360–378. DOI: 10.1007/978- 3- 030- 34968- 4_20. URL: http://link.
springer.com/10.1007/978-3-030-34968-4_20.
[110] Nicolas Halbwachs. “Synchronous Programming of Reactive Systems”. en. In: ().
[111] Florence Maraninchi. “Modélisation et validation des systèmes réactifs: un langage syn-
chrone à base d’automates”. en. In: (1997).
[112] Albert Benveniste, Michel Borgne, and Paul Guernic. “SIGNAL as a model for real-
time and hybrid systems”. In: ed. by Gerhard Goos, Juris Hartmanis, and Bernd Krieg-
Brückner. Vol. 582. Series Title: Lecture Notes in Computer Science. Berlin, Heidelberg:
Springer Berlin Heidelberg, 1992, pp. 20–38. ISBN: 978-3-540-55253-6. DOI: 10.1007/3-
540-55253-7_2. URL: http://link.springer.com/10.1007/3-540-55253-7_2.
[113] Albert Benveniste et al. “The Synchronous Languages Twelve Years Later”. en. In: ().
[114] Ramesh Bharadwaj. “SOL: A verifiable synchronous language for reactive systems”. In:
65.5 (2002), pp. 140–154.
[115] Sunghyeon Lee, Yeongbok Choe, and Moonkun Lee. “dT-Calculus: A Formal Method
to Specify Distributed Mobile Real-Time IoT Systems”. en. In: ed. by Jaydip Sen. InTech,
Aug. 2018. ISBN: 978-1-78923-548-7. DOI: 10.5772/intechopen.75138. URL: http://
www . intechopen . com / books / internet - of - things - technology - applications -
and- standardization/dt- calculus- a- formal- method- to- specify- distributed-
mobile-real-time-iot-systems.
129
[116] Shabir Ahmad et al. “Towards the Design of a Formal Verification and Evaluation Tool
of Real-Time Tasks Scheduling of IoT Applications”. en. In: 11.1 (Jan. 2019), p. 204. ISSN:
2071-1050. DOI: 10.3390/su11010204. URL: https://www.mdpi.com/2071-1050/11/1/
204.
[117] Pedro Sánchez et al. “A Teleo-Reactive Node for Implementing Internet of Things Sys-
tems”. en. In: 18.4 (2018), p. 1059. ISSN: 1424-8220. DOI: 10 . 3390 / s18041059. URL:
https://www.mdpi.com/1424-8220/18/4/1059.
[118] Nils Nilsson. “Teleo-reactive programs for agent control”. In: 1 (1993), pp. 139–158.
[119] Jose Luis Morales, Pedro Sánchez, and Diego Alonso. “A systematic literature review
of the Teleo-Reactive paradigm”. en. In: 42.4 (Dec. 2014), pp. 945–964. ISSN: 0269-2821,
1573-7462. DOI: 10.1007/s10462-012-9350-2. URL: http://link.springer.com/10.
1007/s10462-012-9350-2.
[120] S Kent. 2002.
[121] Pankesh Patel and Damien Cassou. “Enabling high-level application development for
the Internet of Things”. In: 103 (2015), pp. 62–84.
[122] Damien Cassou et al. “Toward a tool-based development methodology for pervasive
computing applications”. In: 38.6 (2011), pp. 1445–1463.
[123] Estefanía Serral, Pedro Valderas, and Vicente Pelechano. “Towards the model driven
development of context-aware pervasive systems”. In: 6.2 (2010), pp. 254–280.
[124] Hussam Al-Hamadi, Amjad Gawanmeh, and Mahmoud Al-Qutayri. “Formalizing elec-
trocardiogram (ECG) signal behavior in event-B”. en. In: Natal: IEEE, Oct. 2014, pp. 55–
60. ISBN: 978-1-4799-6644-8. DOI: 10 . 1109 / HealthCom . 2014 . 7001813. URL: http : / /
ieeexplore.ieee.org/document/7001813/.
[125] Jean-Raymond Abrial. Cambridge University Press, 2010.
[126] Paolo Buono et al. “EUDroid: a formal language specifying the behaviour of IoT de-
vices”. In: 12.5 (2018), pp. 425–429. DOI: https://doi.org/10.1049/iet- sen.2017.
0347. eprint: https://ietresearch.onlinelibrary.wiley.com/doi/pdf/10.1049/
iet- sen.2017.0347. URL: https://ietresearch.onlinelibrary.wiley.com/doi/
abs/10.1049/iet-sen.2017.0347.
[127] Amit Kr Mandal et al. “Things as a Service: Service model for IoT”. en. In: Helsinki, Fin-
land: IEEE, July 2019, pp. 1364–1369. ISBN: 978-1-72812-927-3. DOI: 10.1109/INDIN41052.
2019.8972241. URL: https://ieeexplore.ieee.org/document/8972241/.
[128] Carlos A. Gonzalez et al. “EMFtoCSP: A tool for the lightweight verification of EMF
models”. en. In: Zurich, Switzerland: IEEE, June 2012, pp. 44–50. ISBN: 978-1-4673-1906-
5. DOI: 10 . 1109 / FormSERA . 2012 . 6229788. URL: http : / / ieeexplore . ieee . org /
document/6229788/.
[129] Vipin Kumar. “Algorithms for constraint-satisfaction problems: A survey”. In: 13.1 (1992),
pp. 32–32.
[130] Mark Wallace, Stefano Novello, and Joachim Schimpf. “ECLiPSe: A platform for con-
straint logic programming”. In: 12.1 (1997), pp. 159–200.
[131] Kyriakos Anastasakis et al. “UML2Alloy: A challenging model transformation”. In:
Springer. 2007, pp. 436–450.
[132] Adel Ferdjoukh et al. “A CSP Approach for Metamodel Instantiation”. en. In: Hern-
don, VA, USA: IEEE, Nov. 2013, pp. 1044–1051. ISBN: 978-1-4799-2972-6. DOI: 10.1109/
ICTAI.2013.156. URL: http://ieeexplore.ieee.org/document/6735367/.
[133] Alix Mougenot et al. “Uniform random generation of huge metamodel instances”. In:
Springer. 2009, pp. 130–145.
130
[134] Karsten Ehrig, Jochen Malte Küster, and Gabriele Taentzer. “Generating instance mod-
els from meta models”. In: 8 (2009), pp. 479–500.
[135] Karsten Ehrig et al. “Generating instance models from meta models”. In: Springer. 2006,
pp. 156–170.
[136] Sagar Sen, Benoit Baudry, and Jean-Marie Mottu. “On combining multi-formalism knowl-
edge to select models for model transformation testing”. In: IEEE. 2008, pp. 328–337.
[137] Sagar Sen, Benoit Baudry, and Jean-Marie Mottu. “Automatic model generation strate-
gies for model transformation testing”. In: Springer. 2009, pp. 148–164.
[138] Chayan Sarkar et al. “A scalable distributed architecture towards unifying IoT appli-
cations”. en. In: Seoul, Korea (South): IEEE, Mar. 2014, pp. 508–513. ISBN: 978-1-4799-
3459-1. DOI: 10.1109/WF- IoT.2014.6803220. URL: http://ieeexplore.ieee.org/
document/6803220/.
[139] Angelo P Castellani et al. “Architecture and protocols for the internet of things: A case
study”. In: IEEE. 2010, pp. 678–683.
[140] Steve Beier et al. “Discovery Services-Enabling RFID Traceability in EPCglobal Net-
works.” In: vol. 6. 1. 2006, pp. 214–217.
[141] Novi Ineke et al. “Address autoconfiguration in wireless ad hoc networks: Protocols
and techniques”. In: 15.1 (2008), pp. 70–80.
[142] Dominique Guinard et al. “Interacting with the soa-based internet of things: Discovery,
query, selection, and on-demand provisioning of web services”. In: 3.3 (2010), pp. 223–
235.
[143] Patrik Spiess et al. “SOA-based integration of the internet of things in enterprise ser-
vices”. In: IEEE. 2009, pp. 968–975.
[144] Md Shohel Khan, Ratul Sikder, and Muhammad Abdullah Adnan. “A Hybrid Ap-
proach for Synchronizing Clocks in Distributed Systems”. en. In: ed. by Dilma Da
Silva, Qingyang Wang, and Liang-Jie Zhang. Vol. 11513. Series Title: Lecture Notes in
Computer Science. Cham: Springer International Publishing, 2019, pp. 271–286. DOI:
10.1007/978-3-030-23502-4_19. URL: http://link.springer.com/10.1007/978-3-
030-23502-4_19.
[145] Li Gun et al. “A novel method of clock synchronization in distributed systems”. In: 41.2
(2017), pp. 263–281.
[146] Arie Reichman, Miri Priesler, and Shahaf Wayer. “Distributed network synchroniza-
tion”. In: IEEE. 2015, pp. 1–5.
[147] Jeman Park and Taeho Kim. “A method of logically time synchronization for safety-
critical distributed system”. In: IEEE. 2016, pp. 356–359.
[148] Patrik Spiess et al. “SOA-based integration of the internet of things in enterprise ser-
vices”. In: IEEE. 2009, pp. 968–975.
[149] Abdullah Al-Nayeem. University of Illinois at Urbana-Champaign, 2013.
[150] Avinash Malik et al. “SystemJ: A GALS language for system level design”. en. In: 36.4
(Dec. 2010), pp. 317–344. ISSN: 14778424. DOI: 10 . 1016 / j . cl . 2010 . 01 . 001. URL:
https://linkinghub.elsevier.com/retrieve/pii/S1477842410000023.
[151] S Ramesh. “Communicating reactive state machines: Design, model and implementa-
tion”. In: 31.32 (1998), pp. 105–110.
[152] Gérard Berry. “The Esterel v5 language primer version 5.21 release 2.0”. In: 36 (1999).
[153] Olivier Tardieu and Stephen A Edwards. “Scheduling-independent threads and excep-
tions in SHIM”. In: 2006, pp. 142–151.
131
[154] Jose Meseguer. “Formalization and Correctness of the PALS Architectural Pattern for
Distributed Real-Time Systems”. en. In: ().
[155] Albert Benveniste. “Synchronous Languages and Reactive System Design”. In: 31.15
(1998). 9th IFAC Symposium on Information Control in Manufacturing 1998 (INCOM
’98), Nancy, France, 24-26 June, pp. 35–46. ISSN: 1474-6670. DOI: https://doi.org/10.
1016 / S1474 - 6670(17 ) 40526 - X. URL: https : / / www . sciencedirect . com / science /
article/pii/S147466701740526X.
[156] Zhibin Yang, Jean-Paul Bodeveix, and Mamoun Filali. “A comparative study of two for-
mal semantics of the SIGNAL language”. en. In: 7.5 (Oct. 2013), pp. 673–693. ISSN: 2095-
2228, 2095-2236. DOI: 10.1007/s11704-013-3908-2. URL: http://link.springer.com/
10.1007/s11704-013-3908-2.
[157] Frédéric Boussinot and Robert De Simone. “The ESTEREL language”. In: ().
[158] Nicholas Halbwachs et al. “The synchronous data flow programming language LUS-
TRE”. In: 79.9 (1991), pp. 1305–1320.
[159] Albert Benveniste, Paul Le Guernic, and Christian Jacquemot. “Synchronous program-
ming with events and relations: the SIGNAL language and its semantics”. In: 16.2
(1991), pp. 103–149. ISSN: 0167-6423. DOI: https://doi.org/10.1016/0167-6423(91)
90001-E. URL: https://www.sciencedirect.com/science/article/pii/016764239190001E.
132
Webography
133
[186] . URL: https://modelset.github.io/.
[187] . URL: https://byjus.com/gate/difference-between-hard-real-time-and-soft-
real-time-system/.
134