Formal Modeling and Verification of Self-* Systems Based on Observer/Controller-Architectures

  • Florian Nafz
  • Jan-Philipp Steghöfer
  • Hella Seebach
  • Wolfgang Reif
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7740)


Self-* systems have the ability to adapt to a changing environment and to compensate component failures by reorganizing themselves. However, as these systems make autonomous decisions, their behavior is hard to predict. Without behavioral guarantees their acceptance, especially in safety critical applications, is arguable. This chapter presents a rigorous specification and verification approach for self-* systems that allows giving behavioral guarantees despite of the unpredictability of self-* properties. It is based on the Restore Invariant Approach that allows the developer to define a corridor of correct behavior in which the system shows the expected properties.

The approach defines relies (behavior the components can expect) and guarantees (behavior that each component will provide) to specify the general requirements on the interaction between the components of the system on a formal basis. If heterogeneous multi-agent systems with self-* properties are modeled so that relies are implied by the other components’ guarantees, it is possible to formally verify correct system behavior. When using observer/controller architectures the approach also allows systematic decomposition and modular verification. We illustrate the approach by applying it to two different case studies – an adaptive production cell and autonomous virtual power plants.


Adaptive Systems Self-* Properties Formal Methods Verification Multi-Agent Systems Observer/Controller 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anders, G., Seebach, H., Nafz, F., Steghofer, J.-P., Reif, W.: Decentralized reconfiguration for self-organizing resource-flow systems based on local knowledge. In: 2011 8th IEEE International Conference and Workshops on Engineering of Autonomic and Autonomous Systems (EASe), pp. 20–31 (April 2011)Google Scholar
  2. 2.
    Anders, G., Siefert, F., Steghöfer, J.P., Seebach, H., Nafz, F., Reif, W.: Structuring and Controlling Distributed Power Sources by Autonomous Virtual Power Plants. In: Proc. of the Power & Energy Student Summit 2010 (PESS 2010), pp. 40–42 (October 2010)Google Scholar
  3. 3.
    Anders, G., Hinrichs, C., Siefert, F., Behrmann, P., Reif, W., Sonnenschein, M.: On the influence of inter-agent variation on multi-agent algorithms solving a dynamic task allocation problem under uncertainty. In: Proceedings of the 2012 Sixth IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO), IEEE Computer Society, Los Alamitos (2012)Google Scholar
  4. 4.
    Balser, M.: Verifying Concurrent System with Symbolic Execution – Temporal Reasoning is Symbolic Execution with a Little Induction. Ph.D. thesis, University of Augsburg, Augsburg, Germany (2005)Google Scholar
  5. 5.
    Balser, M., Reif, W., Schellhorn, G., Stenzel, K.: KIV 3.0 for Provably Correct Systems. In: Hutter, D., Traverso, P. (eds.) FM-Trends 1998. LNCS, vol. 1641, pp. 330–337. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Bauer, A., Leucker, M., Schallhart, C.: Runtime Verification for LTL and TLTL. ACM Trans. Softw. Eng. Methodol. 20(4), 14 (2011)CrossRefGoogle Scholar
  7. 7.
    Bäumler, S., Schellhorn, G., Tofan, B., Reif, W.: Proving linearizability with temporal logic. In: Formal Aspects of Computing, FAC (2009)Google Scholar
  8. 8.
    Bäumler, S., Balser, M., Nafz, F., Reif, W., Schellhorn, G.: Interactive verification of concurrent systems using symbolic execution. European Journal on Artificial Interlligence (AI Communication) 23(2-3), 285–307 (2010)MathSciNetzbMATHGoogle Scholar
  9. 9.
    Becker, B., Beyer, D., Giese, H., Klein, F., Schilling, D.: Symbolic Invariant Verification for Systems with Dynamic Structural Adaptation. In: Proc. of the 28th International Conference on Software Engineering (ICSE), Shanghai, China. ACM Press (2006)Google Scholar
  10. 10.
    Blum, M., Kanna, S.: Designing programs that check their work. In: STOC 1989: Proceedings of the Twenty-first Annual ACM Symposium on Theory of Computing, pp. 86–97. ACM, New York (1989)CrossRefGoogle Scholar
  11. 11.
    Branke, J., Mnif, M., Müller-Schloer, C., Prothmann, H.: Organic Computing - Addressing Complexity by Controlled Self-organization. In: Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation, ISoLA 2006, pp. 185–191. IEEE (2008)Google Scholar
  12. 12.
    Brun, Y., Di Marzo Serugendo, G., Gacek, C., Giese, H., Kienle, H., Litoiu, M., Müller, H., Pezzè, M., Shaw, M.: Engineering Self-Adaptive Systems through Feedback Loops. In: Cheng, B.H.C., de Lemos, R., Giese, H., Inverardi, P., Magee, J. (eds.) Software Engineering for Self-Adaptive Systems. LNCS, vol. 5525, pp. 48–70. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Chandy, M., Misra, J.: An example of stepwise refinement of distributed programs: quiescence detection. ACM Trans. Program. Lang. Syst. 8, 326–343 (1986)CrossRefzbMATHGoogle Scholar
  14. 14.
    De Wolf, T., Holvoet, T.: Designing self-organising emergent systems based on information flows and feedback-loops. In: First International Conference on Self-Adaptive and Self-Organizing Systems, SASO 2007, pp. 295–298 (July 2007)Google Scholar
  15. 15.
    Dechter, R.: Constraint processing. Elsevier Morgan Kaufmann (2003)Google Scholar
  16. 16.
    Fischer, P., Nafz, F., Seebach, H., Reif, W.: Ensuring correct self-reconfiguration in safety-critical applications by verified result checking. In: Proceedings of the 2011 Workshop on Organic Computing, OC 2011, pp. 3–12. ACM, New York (2011)Google Scholar
  17. 17.
    Gärtner, F.C.: Fundamentals of fault-tolerant distributed computing in asynchronous environments. ACM Comput. Surv. 31, 1–26 (1999)CrossRefGoogle Scholar
  18. 18.
    Giese, H.: Modeling and Verification of Cooperative Self-adaptive Mechatronic Systems. In: Kordon, F., Sztipanovits, J. (eds.) Monterey Workshop 2005. LNCS, vol. 4322, pp. 258–280. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Güdemann, M., Ortmeier, F., Reif, W.: Safety and Dependability Analysis of Self-Adaptive Systems. In: Proceedings of ISoLA 2006. IEEE CS Press (2006)Google Scholar
  20. 20.
    IBM: An architectural blueprint for autonomic computing. Tech. rep., IBM Corporation (2006)Google Scholar
  21. 21.
    Jones, C.B.: Tentative steps toward a development method for interfering programs. ACM Trans. Program. Lang. Syst. 5(4), 596–619 (1983)CrossRefzbMATHGoogle Scholar
  22. 22.
    Kramer, J., Magee, J.: The Evolving Philosophers Problem: Dynamic Change Management. IEEE Trans. Softw. Eng. 16, 1293–1306 (1990)CrossRefGoogle Scholar
  23. 23.
    Kramer, J., Magee, J.: Analysing dynamic change in distributed software architectures. IEE Proceedings Software 145(5), 146–154 (1998)CrossRefGoogle Scholar
  24. 24.
    Kramer, J., Magee, J.: Analysing dynamic change in software architectures: A case study, pp. 91–100 (1998)Google Scholar
  25. 25.
    Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Log. Algebr. Program. 78(5), 293–303 (2009)CrossRefzbMATHGoogle Scholar
  26. 26.
    Misra, J., Chandy, K.M.: Proofs of Networks of Processes. IEEE Transactions on Software Engineering SE-7(4), 417–426 (1981)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Müller-Schloer, C., Sick, B.: Controlled emergence and self-organization. In: Organic Computing. Understanding Complex Systems, vol. 21, pp. 81–103. Springer, Heidelberg (2008)Google Scholar
  28. 28.
    Murch, R.: Autonomic Computing. IBM Press (2004)Google Scholar
  29. 29.
    Nafz, F., Ortmeier, F., Seebach, H., Steghöfer, J.-P., Reif, W.: A Universal Self-Organization Mechanism for Role-Based Organic Computing Systems. In: González Nieto, J., Reif, W., Wang, G., Indulska, J. (eds.) ATC 2009. LNCS, vol. 5586, pp. 17–31. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Nafz, F., Ortmeier, F., Seebach, H., Steghöfer, J.P., Reif, W.: A generic software framework for role-based Organic Computing systems. In: SEAMS 2009: ICSE 2009 Workshop Software Engineering for Adaptive and Self-Managing Systems (2009)Google Scholar
  31. 31.
    Nafz, F., Seebach, H., Steghöfer, J.P., Anders, G., Reif, W.: Constraining Self-organisation Through Corridors of Correct Behaviour: The Restore Invariant Approach. In: Müller-Schloer, C., Schmeck, H., Ungerer, T. (eds.) Organic Computing - A Paradigm Shift for Complex Systems. Autonomic Systems, vol. 1, pp. 79–93. Springer, Basel (2011)CrossRefGoogle Scholar
  32. 32.
    Nafz, F., Seebach, H., Steghöfer, J.-P., Bäumler, S., Reif, W.: A Formal Framework for Compositional Verification of Organic Computing Systems. In: Xie, B., Branke, J., Sadjadi, S.M., Zhang, D., Zhou, X. (eds.) ATC 2010. LNCS, vol. 6407, pp. 17–31. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  33. 33.
    Pissias, P., Coulson, G.: Framework for quiescence management in support of reconfigurable multi-threaded component-based systems. Iet Software/IEE Proceedings - Software 2, 348–361 (2008)CrossRefGoogle Scholar
  34. 34.
    Richter, U., Mnif, M., Branke, J., Müller-Schloer, C., Schmeck, H.: Towards a generic observer/controller architecture for Organic Computing. In: INFORMATIK 2006 – Informatik für Menschen!, vol. P-93, pp. 112–119 (2006)Google Scholar
  35. 35.
    Rochner, F., Müller-Schloer, C.: Emergence in Technical Systems. it - Information Technology 47(4), 195–200 (2005)CrossRefGoogle Scholar
  36. 36.
    Schellhorn, G., Tofan, B., Ernst, G., Reif, W.: Interleaved programs and rely-guarantee reasoning with ITL. In: Proc. of Temporal Representation and Reasoning (TIME). IEEE, CPS (2011)Google Scholar
  37. 37.
    Schmeck, H., Müller-Schloer, C., Çakar, E., Mnif, M., Richter, U.: Adaptivity and self-organization in organic computing systems. ACM Trans. Auton. Adapt. Syst. 5, 10:1–10:32 (September 2010)Google Scholar
  38. 38.
    Seebach, H., Nafz, F., Steghöfer, J.P., Reif, W.: A software engineering guideline for self-organizing resource-flow systems. In: IEEE International Conference on Self-Adaptive and Self-Organizing System (SASO), pp. 194–203. IEEE Computer Society, Los Alamitos (2010)Google Scholar
  39. 39.
    Seebach, H., Nafz, F., Steghöfer, J.P., Reif, W.: How to Design and Implement Self-organising Resource-Flow Systems. In: Müller-Schloer, C., Schmeck, H., Ungerer, T. (eds.) Organic Computing - A Paradigm Shift for Complex Systems, Autonomic Systems, vol. 1, pp. 145–161. Springer, Basel (2011)CrossRefGoogle Scholar
  40. 40.
    Shehory, O., Kraus, S.: Methods for task allocation via agent coalition formation. Artificial Intelligence 101(1-2), 165–200 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  41. 41.
    Smith, G., Sanders, J.W.: Formal Development of Self-organising Systems. In: González Nieto, J., Reif, W., Wang, G., Indulska, J. (eds.) ATC 2009. LNCS, vol. 5586, pp. 90–104. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  42. 42.
    Sterman, J.D.: Business Dynamics – Systems Thinking and Modeling for a Complex World. McGraw-Hill (2000)Google Scholar
  43. 43.
    Tofan, B., Bäumler, S., Schellhorn, G., Reif, W.: Temporal Logic Verification of Lock-Freedom. In: Bolduc, C., Desharnais, J., Ktari, B. (eds.) MPC 2010. LNCS, vol. 6120, pp. 377–396. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  44. 44.
    Tsang, E.: Foundations of Constraint Satisfaction. Computation in Cognitive Science. Academic Press, Inc., London and San Diego, USA (1993)Google Scholar
  45. 45.
    Vandewoude, Y., Ebraert, P., Berbers, Y., D’Hondt, T.: An alternative to quiescence: Tranquility. In: 22nd IEEE International Conference on Software Maintenance, ICSM 2006, pp. 73–82 (September 2006)Google Scholar
  46. 46.
    Wasserman, H., Blum, M.: Software reliability via run-time result-checking. J. ACM 44(6), 826–849 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  47. 47.
    Wooldridge, M.J., Dunne, P.E.: The Computational Complexity of Agent Verification. In: Meyer, J.-J.C., Tambe, M. (eds.) ATAL 2001. LNCS (LNAI), vol. 2333, pp. 115–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  48. 48.
    Zhang, J., Cheng, B.H.C.: Model-based development of dynamically adaptive software. In: Proceedings of the 28th International Conference on Software Engineering, ICSE 2006, pp. 371–380. ACM, New York (2006)Google Scholar
  49. 49.
    Zhang, J., Goldsby, H.J., Cheng, B.H.: Modular verification of dynamically adaptive systems. In: Proceedings of the 8th ACM International Conference on Aspect-oriented Software Development, AOSD 2009, pp. 161–172. ACM, New York (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Florian Nafz
    • 1
  • Jan-Philipp Steghöfer
    • 1
  • Hella Seebach
    • 1
  • Wolfgang Reif
    • 1
  1. 1.Institute for Software & Systems EngineeringUniversity of AugsburgAugsburgGermany

Personalised recommendations