The document describes a pilot study conducted using the DESTECS collaborative modeling and co-simulation approach. The study involved developing models of a line-following robot using both discrete-event and continuous-time modeling formalisms. The models were integrated using the DESTECS co-simulation engine. Faults were then modeled and experiments conducted to test fault tolerance mechanisms. The results demonstrated the feasibility of the DESTECS concepts and identified areas for further work, such as model construction methods and design of experiments.

1. Collaborative Modelling and Co-Simulation
with DESTECS: A Pilot Study
Carl Gamble and Ken Pierce Yunyun Ni and Jan Broenink
Centre for Software Reliability EEMCS
Newcastle University University Twente
3rd IEEE Track on Collaborative Modeling & Simulation - CoMetS'12
Toulouse, 27th June 2012

2. Introduction
• DESTECS approach:
• Motivation
• Concepts
• Pilot study:
• Exercise tool
• Methodology
• Concluding remarks
2

3. Motivations
• Demanding requirements for:
• Rapid development in competitive markets
• Resource utilisation
• Resilience
• Complexity of error detection and recovery
• The need for coordinated engineering:
• Across disciplines (cultures, abstractions,
formalisms)
• ... and models.
3

4. DESTECS Approach
(www.destecs.org)
• Bridge disciplines through co-simulation
• Combine DE controller models and CT plant models
• Collaboration while working with familiar formalism
• Develop methods and tools
• Linking heterogeneous models, each in an appropriate formalism
• A linking co-simulation engine, based on a reconciled operational
semantics of the two simulations
• Patterns for modelling faults and fault tolerance
mechanisms
4

5. Basic Concepts (1)
Shared
• design parameters
Co-model • variables
• events
DE CT
Contract
Model Model
Co-model Interface
Ideal & Realistic Behaviours
Fault Modelling: including Runs a co-simulation
error states & faulty Scenario Forces selections and external
functionality in the model updates, e.g. set point
Fault Injection during a Multiple co-simulation runs
simulation managed by script enables design space exploration
5

6. Basic Concepts (2)
DE CT
Contract
Model Model
VDM-RT: (Overture) Bond Graph: (20-Sim)
• Formal language • Describe relevant dynamic behavior
• Object Oriented • Diagrams to show the structure
• Concurrency • Port-based approach
• Support for embedded systems: • Domain-independent
• Explicit CPUs and Busses
• Timed C
MSe 1 I
R
6

7. Pilot Study: a Line-Following Robot
servo motor
wheel encoder
IR line-follow sensors example path
7

8. Pilot Study: Top-level Model
8

9. Pilot Study: CT Model
 High-fidelity dynamics model using bond graphs
 Structuring with 20-sim constructs
9

10. Pilot Study: CT Model
l1
l1 l2 v2 v2   v1
l2
v1 l2
F2   F1
y
x
l1
 Kinematic
 TF : rotational/translational coupling
 MTF: coordinate transformation from local (body fixed) to
inertial (global) frame
10

11. Pilot Study: DE Model
 Mainly supervisory control
 Uses DE-first patterns
IRSensor
-value: int
+Read: () ==> int
Controller AbstractMode
-lfLeft: IRSensor -lfLeft: IRSensor
-lfRight: IRSensor -lfRight: IRSensor
-vLeft: SpeedServo -vLeft: SpeedServo
-vRight: SpeedServo -vRight: SpeedServo
-mode: AbstractMode
+Step: () ==>()
+Step: () ==>()
SpeedServo
Idle TwoSensor -value: real
+Step: () ==>() +Step: () ==>() +Write: real ==> ()
11

12. Pilot Study: Video with no Fault
This video may be viewed at:
http://www.youtube.com/watch?v=24FuiGPEKVI
12

13. Pilot Study: Fault Modelling (1)
 If component behaviour known, model those faults, if not..
 Guidewords used to inspire thinking on faults
 HAZOP used within CT
 SHARD used for CT-DE interface
 Early / late : timing of a message or update
 Commission / omission : was a service provided
 Subtle / coarse : can a deviation from ideal behaviour be detected or
not
13

14. Pilot Study: Fault Modelling (2)
 Line follow sensor initial model behaviour is ideal
 Add realistic and faulty behaviour
• Ambient light levels affect readings (black level)
• Realistic sensor noise
• Total failure
Ideal Ambient light Noise Total failure
White
Black
Line
14

15. Pilot Study: Fault Tolerance
 Light levels: calibration mode
 Sensor failure: one-sensor mode
IRSensor
 Noise: filtering
-value: int
+Read: () ==> int
Controller AbstractMode
-lfLeft: IRSensor Filter
-lfLeft: IRSensor
-lfRight: IRSensor -lfRight: IRSensor -sens: IRSensor
-vLeft: SpeedServo -vLeft: SpeedServo -values: seq of int
-vRight: SpeedServo -vRight: SpeedServo
-mode: AbstractMode +Read: () ==> int
+Step: () ==>()
+Step: () ==>()
SpeedServo
Idle TwoSensor -value: real
+Step: () ==>() +Step: () ==>() +Write: real ==> ()
Calibrate OneSensor
+Step: () ==>() +Step: () ==>()
15

16. Pilot Study: Video with a Sensor Fault
This video may be viewed at:
http://www.youtube.com/watch?v=jh94bL8BfyU
16

17. Modelling Story
Step Newcastle Twente Comments
*-first
c1 Diff. Encoder semantics
Co-model Diff. Robot performance
c2
No problems during this
Square path c1 step
Sensor problem, tooling
Line following c3 related, quickly solved
locally
Faults and c4
Fault tolerance Direction of rotation
c5 reversed, different
control semantics
17

18. Concluding Remarks
 Have shown
• Concepts of the DESTECS approach
• Walk through of the pilot model
• Inclusion of faults and fault tolerance
 Ongoing work:
• Model construction methods
• Model consistency
• Patterns for faults and fault tolerance
• Simulation scenario command language
• Design of experiments and analysis
18

19. Collaborative Modelling and Co-Simulation
with DESTECS: A Pilot Study
Carl Gamble and Ken Pierce Yunyun Ni and Jan Broenink
Centre for Software Reliability EEMCS
Newcastle University University Twente
3rd IEEE Track on Collaborative Modeling & Simulation - CoMetS'12
Toulouse, 27th June 2012