Composing domain-specific physical models with general-purpose software modules in embedded control software


A considerable portion of software systems today are adopted in the embedded control domain. Embedded control software deals with controlling a physical system, and as such models of physical characteristics become part of the embedded control software. In current practices, usually general-purpose languages (GPL), such as C/C++ are used for embedded systems development. Although a GPL is suitable for expressing general-purpose computation, it falls short in expressing the models of physical characteristics as desired. This reduces not only the readability of the code but also hampers reuse due to the lack of dedicated abstractions and composition operators. Moreover, domain-specific static and dynamic checks may not be applied effectively. There exist domain-specific modeling languages (DSML) and tools to specify models of physical characteristics. Although they are commonly used for simulation and documentation of physical systems, they are often not used to implement embedded control software. This is due to the fact that these DSMLs are not suitable to express the general-purpose computation and they cannot be easily composed with other software modules that are implemented in GPL. This paper presents a novel approach to combine a DSML to model physical characteristics and a GPL to implement general-purpose computation. The composition filters model is used to compose models specified in the DSML with modules specified in the GPL at the abstraction level of both languages. As such, this approach combines the benefits of using a DSML to model physical characteristics with the freedom of a GPL to implement general-purpose computation. The approach is illustrated using two industrial case studies from the printing systems domain.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10


  1. 1.

    There are some small differences with the execution semantics of physical models in the 20-Sim simulation tooling. These differences are discussed in Sect. 9.5.

  2. 2.

    See also Appendix A for more information about the Composition Filters model.

  3. 3.

    See also Appendix A.

  4. 4.

    The word ‘constant’ refers in this case to a fixed value in the physical relationship for one specific design. Therefore, if the design changes, the value of constants can also change.


  1. 1.

    The 20-sim tooling. Accessed April 2012

  2. 2.

    Web services business process execution language version 2.0. OASIS Standard (2007)

  3. 3.

    Abreu, R., Zoeteweij, P., van Gemund, A.: Spectrum-based multiple fault localization. In: 24th IEEE/ACM International Conference on Automated Software Engineering, 2009. ASE ’09, pp. 88–99. (2009). doi:10.1109/ASE.2009.25

  4. 4.

    Akşit, M., Bergmans, L., Vural, S.: An object-oriented language-database integration model: the composition-filters approach. In: Madsen, O.L. (ed.) Proceedings of the 7th European Conference on Object-Oriented Programming, pp. 372–395 (1992).

  5. 5.

    Akşit, M., Tripathi, A.: Data abstraction mechanisms in sina/st. In: Proceedings of the Conference on Object-Oriented Systems, Languages and Applications. ACM Sigplan Notices, vol. 23, pp. 267–275 (1988)

  6. 6.

    Aksit, M., Wakita, K., Bosch, J., Bergmans, L., Yonezawa, A.: Abstracting object interactions using composition filters. In: Proceedings of the Workshop on Object-Based Distributed Programming. pp. 152–184. Springer, London (1994)

  7. 7.

    Allan, C., Avgustinov, P., Christensen, A.S., Hendren, L., Kuzins, S., Lhoták, O., de Moor, O., Sereni, D., Sittampalam, G., Tibble, J.: Adding trace matching with free variables to aspectj. In: OOPSLA ’05: Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications. pp. 345–364. ACM, New York, NY, USA (2005). doi:10.1145/1094811.1094839

  8. 8.

    Bapty, T., Neema, S., Scott, J., Sztipanovits, J., Asaad, S.: Model-integrated tools for the design of dynamically reconfigurable systems. Tech. Rep. ISIS-99-01, Institute for Software Integrated Systems, Vanderbilt University (1999)

  9. 9.

    Barringer, H., Goldberg, A., Havelund, K., Sen, K.: Rule-based runtime verification. In: Steffen, B., Levi, G. (eds.) VMCAI. Lecture Notes in Computer Science, pp. 44–57. Springer, Berlin (2004)

  10. 10.

    Berbers, Y., Rigole, P., Vandewoude, Y., Baelen, S.V.: CoConES: CoConES: an approach for components and contracts in embedded systems. Lecture Notes in Computer Science, vol. 3778, pp. 209–231 (2005)

  11. 11.

    van den Berg, K., Conejero, J.: A conceptual formalization of crosscutting in aosd. In: Proceedings of the Desarrollo de Software Orientado a Aspectos (DSOA2005). Granada, Spain (2005)

  12. 12.

    Bergmans, L., Akşit, M.: Principles and design rationale of composition filters. In: Aspect-Oriented Software Development, pp. 63–95. Addison-Wesley, Boston (2005)

  13. 13.

    Bishop, R.H.: Modern Control Systems Analysis and Design Using MATLAB and SIMULINK. Addison Wesley, Boston (1996)

    Google Scholar 

  14. 14.

    Bockisch, C.M.: An efficient and flexible implementation of aspect-oriented languages. Ph.D. thesis, Technische Universität Darmstadt, Germany (2008)

  15. 15.

    Bouraqadi, N., Ledoux, T.: Supporting AOP using reflection. In: Aspect-Oriented Software Development, pp. 261–282. Addison-Wesley, Boston (2005)

  16. 16.

    Broenink, J.: Modelling, simulation and analysis with 20-sim. Journal A 38(3), 22–25 (1997)

    Google Scholar 

  17. 17.

    Brooks, F.: No silver bullet essence and accidents of software engineering. Computer 20(4), 10–19 (1987). doi:10.1109/MC.1987.1663532

    Article  MathSciNet  Google Scholar 

  18. 18.

    Chen, F., Roşu, G.: Mop: an efficient and generic runtime verification framework. In: OOPSLA ’07: Proceedings of the 22nd Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems and Applications. pp. 569–588. ACM, New York, NY, USA (2007). doi:10.1145/1297027.1297069

  19. 19.

    Delgado, N., Gates, A., Roach, S.: A taxonomy and catalog of runtime software-fault monitoring tools. IEEE Trans. Softw. Eng. 30(12), 859–872 (2004). doi:10.1109/TSE.2004.91

    Article  Google Scholar 

  20. 20.

    van Deursen, A., Klint, P.: Little languages: little maintenance. J. Softw. Maint. 10, 75–92 (1998)

    Article  Google Scholar 

  21. 21.

    van Dijk, W., Mordhorst, J.: CFIST. Composition Filters in Smalltalk. Graduation Report, HIO Enschede, The Netherlands (1995)

  22. 22.

    Eker, J., Janneck, J., Lee, E., Liu, J., Liu, X., Ludvig, J., Neuendorffer, S., Sachs, S., Xiong, Y.: Taming heterogeneity—the ptolemy approach. Proc. IEEE 91(1), 127–144 (2003). doi:10.1109/JPROC.2002.805829

    Article  Google Scholar 

  23. 23.

    Feldman, A., Provan, G., van Gemund, A.: The Lydia approach to combinational model-based diagnosis. In: Proceedings of the Twentieth International Workshop on Principles of Diagnosis (DX’09), Stockholm Sweden. pp. 403–408. Erik Frisk and Mattias Nyberg and Mattias Krysander and Jan slund (2009)

  24. 24.

    Filman, R.E., Elrad, T., Clarke, S., Akşit, M. (eds.): Aspect-Oriented Software Development. Addison-Wesley, Boston (2005)

  25. 25.

    Forbus, K.D.: Qualitative process theory. Artif. Intell. 24(1–3), 85–168 (1984). doi:10.1016/0004-3702(84)90038-9

    Article  Google Scholar 

  26. 26.

    Francez, N., Hailpern, B., Taubenfeld, G.: Script: a communication abstraction mechanism and its verification. Sci. Comput. Program. 6, 35–88 (1986)

    Article  MATH  Google Scholar 

  27. 27.

    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley, Boston (1995)

    Google Scholar 

  28. 28.

    Glandrup, M.: Extending C++ using the concepts of composition filters. Master’s thesis, University of Twente (1995).

  29. 29.

    Gray, J., Bapty, T., Neema, S., Schmidt, D.C., Gokhale, A., Natarajan, B.: An approach for supporting aspect-oriented domain modeling. In: Proceedings of the 2nd international Conference on Generative Programming and Component Engineering, GPCE ’03, pp. 151–168. Springer, New York (2003)

  30. 30.

    Helm, R., Holland, I.M., Gangopadhyay, D.: Contracts: specifying behavioral compositions in object-oriented systems. ACM SIGPLAN Notices 25(10), 169–180 (1990)

    Article  Google Scholar 

  31. 31.

    Henzinger, T., Kirsch, C., Sanvido, M., Pree, W.: From control models to real-time code using giotto. Control Systems, IEEE 23(1), 50–64 (2003). doi:10.1109/MCS.2003.1172829

  32. 32.

    Holland, I.M.: Specifying reusable components using contracts. In: Proceedings of the European Conference on Object-Oriented Programming. pp. 287–308. Springer-Verlag, London, UK (1992)

  33. 33.

    Kiczales, G., Rivieres, J.D.: The Art of the Metaobject Protocol. MIT Press, Cambridge (1991)

    Google Scholar 

  34. 34.

    Kieburtz, R.B., McKinney, L., Bell, J.M., Hook, J., Kotov, A., Lewis, J., Oliva, D.P., Sheard, T., Smith, I., Walton, L.: A software engineering experiment in software component generation. In: Proceedings of the 18th International Conference on Software Engineering, ICSE ’96, pp. 542–552. IEEE Computer Society, Washington, DC, USA (1996)

  35. 35.

    Kitchin, D., Quark, A., Cook, W.R., Misra, J.: The Orc programming language. In: Lee, D., Lopes, A., Poetzsch-Heffter, A. (eds.) Proceedings of FMOODS/FORTE 2009. Lecture Notes in Computer Science, vol. 5522, pp. 1–25. Springer, Berlin (2009). doi:10.1007/978-3-642-02138-1-1

  36. 36.

    de Kleer, J., Williams, B.C.: Diagnosing multiple faults. Artif. Intell. 32(1), 97–130 (1987).doi:10.1016/0004-3702(87)90063-4

    Google Scholar 

  37. 37.

    Kleijn, C.: 20-sim 4.1 Reference Manual (2009)

  38. 38.

    Koopman, P.: Embedded system design issues (the rest of the story). In: Proceedings of the 1996 IEEE International Conference on Computer Design: VLSI in Computers and Processors, 1996. ICCD ’96, pp. 310–317 (1996). doi:10.1109/ICCD.1996.563572

  39. 39.

    Maes, P.: Concepts and experiments in computational reflection. ACM SIGPLAN Notices 22(12), 147–155 (1987)

    Article  Google Scholar 

  40. 40.

    Malakuti Khah Olun Abadi, S., Bockisch, C.M., Akşit, M.: Applying the composition filter model for runtime verification of multiple-language software. In: The 20th annual International Symposium on Software Reliability Engineering, ISSRE 2009, Mysore, India, pp. 31–40. IEEE Computer Society Press (2009)

  41. 41.

    Markovski, J., van Beek, D., Theunissen, R., Jacobs, K., Rooda, J.: A state-based framework for supervisory control synthesis and verification. In: 49th IEEE Conference on Decision and Control (CDC), 2010. pp. 3481–3486 (2010). doi:10.1109/CDC.2010.5717095

  42. 42.

    Octopus project, ESI (2010).

  43. 43.

    Papadopoulos, G.A., Arbab, F.: Coordination models and languages. In: Advances in Computers. pp. 329–400. Academic Press, London (1998).

  44. 44.

    Passerone, R., Damm, W., Ben Hafaiedh, I., Graf, S., Ferrari, A., Mangeruca, L., Benveniste, A., Josko, B., Peikenkamp, T., Cancila, D., Cuccuru, A., Gerard, S., Terrier, F., Sangiovanni-Vincentelli, A.: Metamodels in Europe: languages, tools, and applications. IEEE Des. Test Comput. 26(3), 38–53 (2009)

  45. 45.

    Reiter, R.: A theory of diagnosis from first principles. Artif. Intell. 32(1), 57–95 (1987). doi:10.1016/0004-3702(87)90062-2

  46. 46.

    de Roo, A.: Towards more robust advice: Message flow analysis for composition filters and its application. Master’s thesis (2007).

  47. 47.

    de Roo, A.: Managing software complexity of adaptive systems. Ph.D. thesis, Enschede (2012).

  48. 48.

    de Roo, A., Hendriks, M., Havinga, W., Durr, P., Bergmans, L.: Compose*: a language- and platform-independent aspect compiler for composition filters. In: First International Workshop on Advanced Software Development Tools and Techniques, WASDeTT 2008, Paphos, Cyprus (2008)

  49. 49.

    de Roo, A., Sözer, H., Akşit, M.: An architectural style for optimizing system qualities in adaptive embedded systems using multi-objective optimization. In: Joint Working IEEE/IFIP Conference on Software Architecture, 2009 and European Conference on Software Architecture, WICSA/ECSA 2009, pp. 349–352. Cambridge, UK (2009)

  50. 50.

    de Roo, A., Sözer, H., Akşit, M.: Runtime verification of domain-specific models of physical characteristics in control software. In: Proceedings of the 5th IEEE International Conference on Secure Software Integration and Reliability Improvement, Korea (2011)

  51. 51.

    Theunissen, R., Schiffelers, R., van Beek, D., Rooda, J.: Supervisory control synthesis for a patient support system. In: Proceedings of the European Control Conference (2009)

  52. 52.

    University of Twente: Compose* Annotated Reference Manual. (2012)

  53. 53.

    University of Twente: Compose*. Accessed April 2012

  54. 54.

    VDC Research: The embedded software and tools market intelligence service (2010)

  55. 55.

    Wichman, J.C.: The development of a preprocessor to facilitate composition filters in the Java language. Master’s thesis, University of Twente (1999).

  56. 56.

    Yoshioka, M., Umeda, Y., Takeda, H., Shimomura, Y., Nomaguchi, Y., Tomiyama, T.: Physical concept ontology for the knowledge intensive engineering framework. Advanced Engineering Informatics 18(2), 95–113 (2004). doi:10.1016/j.aei.2004.09.004

  57. 57.

    Zoeteweij, P., Pietersma, J., Abreu, R., Feldman, A., van Gemund, A.: Automated fault diagnosis in embedded systems. In: Second International Conference on Secure System Integration and Reliability Improvement, 2008. SSIRI ’08, pp. 103–110 (2008). doi:10.1109/SSIRI.2008.48

Download references


This work has been carried out as part of the OCTOPUS project under the responsibility of the Embedded Systems Institute. This project is partially supported by the Netherlands Ministry of Economic Affairs under the Embedded Systems Institute program. We thank Jacques Verriet from ESI for reviewing this paper and providing useful feedback.

Author information



Corresponding author

Correspondence to Arjan de Roo.

Additional information

Communicated by Dr. Jeff Gray, Juha-Pekka Tolvanen, and Matti Rossi.

Appendix A: Background: the composition filters model

Appendix A: Background: the composition filters model

In this appendix we give a short introduction in the Composition Filters modeland the Compose* language that implements the Composition Filters model. For further information on the Composition Filters modeland the Compose* language, we refer to [40, 48, 52, 53].

A.1 Introduction into the composition filters model

A key design goal of the Composition Filters model is to improve the composability of programs written in object-based programming languages. The Composition Filters modelhas evolved from the first (published) version of the Sina language in the late 1980s [4, 5], to a version that supports language independent composition of crosscutting concerns [12, 53].

The Composition Filters modelcan be applied to object-based systems. In such a system, objects can send messages between each other, e.g., in the form of method calls or events. In the Composition Filters model, these messages can be filtered using a set of filters, as shown in Fig. 11.

Fig. 11

Overview of the Composition Filters model

Each filter has a filter type, which defines the behavior that should be executed if the filter accepts the message and the behavior that should be executed if the filter rejects the message. The matching behavior of a filter is specified by filter expressions, which offer a simple declarative language for state and message matching. Filters defining related functionality are grouped in so-called filter modules. Such filter modules can also encapsulate some internal state or share state with other objects.

To indicate which filter modules should be applied (superimposed) to which objects, we use superimposition selectors. A superimposition selector selects a set of classes using a Prolog-based selector language. A specified filter module is applied to this selected set of classes. The result is that all messages sent to and received by all instances of those selected classes, have to pass through the filters within the filter module.

The Composition Filters modelcan be applied to many different languages, and we have done so e.g., to SmallTalk [21], Java [55] and C++ [28]. The most recent implementation of the Composition Filters modelis the Compose* language and toolset, which not only supports .NET, but also Java and C. The next subsection introduces the Compose* language.

A.2 The compose* language

This section introduces the Compose* language using an example in which the Composition Filters modelis applied to implement scoring functionality in a Pacman game.

Figure 12 shows the class diagram of part of a Pacman implementation. The diagram contains the classes Game and Level, which manage respectively the game and the levels in the game. Game contains method gameStart, which initializes a new game, and method nextLevel, which initializes a new level after a previous level has been completed. The class Level contains methods eatFood, eatVitamin and eatGhost, which manage, respectively, Pacman eating a piece of food, Pacman eating a vitamin and Pacman eating a ghost.

Fig. 12

Some classes in a Pacman game

The game includes an option to maintain a score. The class Settings contains a flag that indicates whether a score should be maintained. Scores are given for various actions of Pacman: eating a piece of food, eating a vitamin, eating a ghost and finishing a level. Furthermore, scoring should be initialized/reset at the start of a new game. The class Score contains a method to initialize scoring (initScore()) and methods to add a score when a certain action has happened (scoreLevelComplete(), scoreFood(), scoreVitamin() and scoreGhost()). Because of the crosscutting nature of scoring functionality with the classes Game and Level, composition filters are used to compose Score with these classes.

Listing 12 shows the composition filters specification that composes the scoring functionality with the Pacman game. The listing shows the definition of the concern ScoringConcern. This concern consists of one filter module definition and one superimposition definition.


Filter Module Definition Lines 2 to 19 show the definition of the filtermodule scoring. Two external objects, score and settings, are referenced in the definition of the externals on Lines 3 to 5. Line 7 defines a condition, which is used in the filter specification. The filter module defines one filter, on Lines 9 to 18. The filter consists of several different parts, as indicated below:

$$ \begin{aligned} \overbrace{scoreF}^{identifier}:\overbrace{After}^{filter\,type}&= \overbrace{(enabled\, \& \,selector==\text{``}gameStart\text{''})}^{matching\,part}\\&\overbrace{\{target=score; selector= \text{``}initScore\text{''}\}}^{substitution\,part}\\&cor\,\overbrace{(\ldots )\,\{\ldots \}}^{filter\,element} \\&\ldots \\ \end{aligned}$$

The identifier is the name of the filter in the filter module. The filter type specifies the type of the filter. In this example, the type is After, which means that an additional message is sent after the original message has been further processed. In this way behavior can be added after the original behavior. In the example, this behavior is to perform scoring. Examples of other filter types are Dispatch, which performs a dispatch of the message to a given target instead of the original target, and Logging, which performs logging of the given message.

Filters contain one or more filter elements. The filter scoreF contains five filter elements. Filter elements define message matching and substitution. The five filter elements in the example are composed with a conditional-or (cor) operator, meaning that if a filter element accepts, the filter accepts without evaluating the next filter elements. If a filter element rejects, the next filter element is processed.

A filter elements consists of a matching part and a substition part. The matching part defines a matching condition on the messages. Only if the matching condition is satisfied, the filter element accepts and the substitution part is executed. The substitution part changes certain properties of the message. When a filter element accepts a message, the filter of which the filter element is part accepts the message, and the behavior corresponding to the filter type is executed.

The example filter on Lines 9 to 18 of Listing 12 show five filter elements. Each of these filter elements only match when the condition enabled is true. Furthermore, each of these filter elements match a different selector (i.e., method call) and specifies a different selector in score to which a message is sent after the execution of the original message. For example, when a message with selector “eatVitamin” is processed, first Level.eatVitamin executes, followed by a call to the method scoreVitamin in Score (as shown on Lines 13 and 14), to apply the scoring that corresponds to eating a vitamin.

Superimposition Definition Lines 21 to 26 show the superimposition definition. A superimposition definition specifies which filter modules are placed (i.e., superimposed) on which artifacts (e.g., classes). The given superimposition definition places the filter module scoring on classes Game and Level.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

de Roo, A., Sözer, H. & Akşit, M. Composing domain-specific physical models with general-purpose software modules in embedded control software. Softw Syst Model 13, 55–81 (2014).

Download citation


  • Domain specific languages
  • Embedded systems
  • Software composition
  • Composition filters
  • Aspect-oriented programming