Skip to content
BY 4.0 license Open Access Published by De Gruyter Open Access May 25, 2023

SMACS: A framework for formal verification of complex adaptive systems

  • Ilyas Fakhir EMAIL logo , Asad Raza Kazmi , Awais Qasim and Atif Ishaq
From the journal Open Computer Science


Self-adaptive systems (SASs) have the capability to evaluate and change their behavior according to changes occurring in the environment. Research in this field is being held since mid-60, and over the last decade, the importance of self-adaptivity is being increased. In the proposed research, colored petri nets (CPN) formal language is being used to model self-adaptive multiagent system. CPN is increasingly used to model self-adaptive complex concurrent systems due to its flexible formal specification and formal verification behavior. CPN being visually more expressive than simple, Petri Nets enable diverse modeling approaches and provides a richer framework for such a complex formalism. The main goal of this research is to apply self-adaptive multi-agent concurrent system (SMACS) for complex architectures. In our previous research, the SMACS framework is proposed and verified through traffic monitoring system. All agents of SMACS are also known as intelligent agents due to their self-adaptation behavior. Due to decentralized approach in this framework, each agent will intelligently adapt its behavior in the environment and send updates to other agents. In this research, we are choosing smart computer lab (SCL) as a case study. For internal structure of each agent modal, μ -calculus will be used, and then a model checker TAPAs: a tool for the analysis of process algebras will be applied to verify these properties. CPN-based state space analysis will also be done to verify the behavioral properties of the model. The general objective of the proposed system is to maximize the utility generated over some predetermined time horizon.

1 Introduction

The system adaptivity has been studied extensively since mid-60s, and new approaches to explicate the elementary principles of self-adaptivity are being found with significant efforts of scientific community. Over the last decade, the literature about self-adaptivity has been extensively used, and different types of concepts and interpretations are being proposed by different researchers. In any evolving scientific research field, there is a chance of instability, the conceptual evolution of the system under investigation. That is, the instability may get induced when the model under study evolves conceptually. The investigation links with the development of the model at different stages rather than the treatment of the subject as whole. However, every scientific research may play an important role to support uniform global understanding theory.

The importance of self-adaptivity in various related areas is being progressively more acknowledged over the past decades. Software engineering and other related fields like requirements engineering [1,2], middleware [3,4], software architecture [57], and component-based architecture development [8,9] are very common features to introduce self-adaptivity successfully. For the development of self-adaptive systems (SASs), software engineering approaches would perfectly be applicable across multiple domains [10]. The consistency of the system must be assured during the adaptation process [11]. Assurance is required for both functional and nonfunctional properties, i.e., [12]. Guaranteeing these properties at runtime in SASs is particularly challenging due to the varying assurance needs posed by a changing system or execution environment, both fraught with uncertainty [13,14]. Nevertheless, the properties specified in the system requirements need to hold before, during, and after adaptation [11,15]. Cheng et al. proposed a model to address assurance of SAS with name M@RT [16]. Recent approaches recognize the need to produce, manage, and maintain software models all along the software’s life time to assist the realization and validation of system adaptations while the system executes [1719].

A SAS is an improved version of software-intensive system having the ability to quickly respond to changes occurring in their environment or autonomously system can adapt its structure and behavior at run-time [20]. This idea presents shifting the human role from operational to strategic because high level policies of human state how a system should react if changes occur and then system adapt these changes at run-time autonomously [21]. Similarly, in 2011, Weiss et al. proposed a self-adaptive embedded system having ability to make decisions at runtime on adaptivity in [22].

From the area of control theory, Müller et al. proposed feedback control loops in [23], which are very important features in engineering self-adaptive software systems. Such control loops are being organized by four components that are responsible for the fundamental functions of self-adaptation: Monitor, Analyze, Plan, and Execute (MAPE), often stated as the MAPE loop as in the IBM architecture blueprint. These functions are referred to as collect, analyze, decide, and act by Dobson et al. in [24].

Colored Petri Nets (CPNs) [25] are powerful mathematical modeling language to model complex systems. A brief introduction to the complex system is presented in ref. [26]. Due to graphical notation and very powerful analysis methodology, CPN play, an intensive role to model SASs as well as concurrent systems and biological systems [27,28]. Through CPN tool, small modules can be constructed for the specification of large one. By the help of well-defined set of interfaces, all these modules interact with each other. Context adaptation is a new perspective in the field of self-adaptation. Context-awareness is a significant part of today’s research of ubiquitous computing applications. The behavior of such applications is generally described by implanting the clarification of contextual information inside applications and having facility to reuse this information by other applications. Such type of applications also behaves like multi-agent system (MAS), where each context can be represented as an agent having its own behavior as discussed in ref. [29]. To model context-aware systems by using ordinary Petri Net (PN) and showing more expressiveness by other extended PN classes is proposed in ref. [30]. These agents update their behavior by their internal contextual information and update their neighboring agents, too. PN is relatively more suitable to model such type of complex systems. Due to the uncertainty of computational environments and complex software systems, new motivations occur to explore new modeling and managing techniques of systems and services in the fields such as control theory, artificial intelligence, and biology. In this regards, the self-adaptivity is the most intensive research direction. Macías-Escrivá et al. provides some well-known definitions in their recent survey in [31].

Two types of approaches are used for modeling SASs; top-down approach; and bottom-up approach. In the top-down SASs the control is centralized and behave with guidance of central controller, which evaluates its surroundings behavior and adapts itself accordingly. While, bottom-up SASs having decentralized phenomena, such type of systems having self-adaptive cooperation or self-organization. Bottom-up approach behaves like MAS, because in MAS, each agent updates its own behavior and also updates the environment that guides other agents. The key features of MAS in the engineering of SASs are, specifically, loose coupling, context sensitivity, robustness in response to failure, and unexpected concurrent events. Weyns and Georgeff proposed goal-oriented loose coupling of agents in [32], which provides the flexibility for modeling self-adaptivity and reuse.

In this research work, we are trying to check our self-adaptive multi-agent concurrent system (SMACS) framework proposed in [33] for more complex system than previous one. For implementing SMACS framework, we chose smart computer lab (SCL) as a case study. In proposed work, we are trying to improve an idea of MAPE-K-based self-adaptive framework in a more expressive way by the help of formal specification and verification [34]. PNs are being used for modeling concurrent systems for the last few decades, but according to our knowledge, PNs are not commonly used for self-adaptive-based concurrent systems. So we have been using CPN for modeling self-adaptive MAS, because CPN is more expressive than simple PNs to model such complex systems having concurrent behavior. For example, the processes are represented as tokens in PNs, and in complex systems, processes are distinguishable with respect to their properties and behaviors. So, it only possible to model such systems with CPN, because we can differentiate the processes to assign different colors to them, and it is not possible in simple PN. All agents of SMACS are also known as intelligent agents due to their self-adaptive behavior. So, to verify self-adaptive behavior of each agent, we applied modal μ -calculus ( μ ).

In the complex system, components are physically and functionally interconnected in heterogeneous way. This heterogeneity of components is based on structural or dynamic complexity as proposed in ref. [35], by which highly interconnected dependent and interdependent components integrate with each other. Moreover, the dynamic complexity leads to abrupt change in the system’s behavior due to the change in the operational and environmental conditions of the interconnected systems. The main idea behind this work is to achieve true concurrency of multiple interconnected self-adaptive agents with their dynamic behavior. Here, true concurrency means multiple atomic computing tasks can take place at one step, on contrary an interleaving-based concurrent behavior enforce that only a single task in a parallel composition can execute an atomic action. A more appropriate mathematical rule for measuring true concurrency is represented in equation (1). By the help of true concurrency fairness, property can be measured easily. PNs is one of the best formal approaches to express true concurrent systems. Formal modeling approach is more expressive because the traditional approaches like activity diagrams and transition systems may be the candidates to express our system, but these methods fail to generate counter example due to their nonexhaustiveness. While, on the other hand, the formal modeling approaches are more suitable to model the dynamical systems like SMACS. Using full expressive power of a logic often leads to more direct and concise statements of properties but requires more human interaction to guide the proofs. So, formal modeling approach is more expressive for proving liveness and safety properties of true concurrent systems, as well as to verify correctness and consistency of concurrent systems. A CPN-based model having concurrent behavior is proposed in [36], in which safety and bounded properties are verified through intuitionistic linear time μ calculus ( I μ TL ) [37].

(1) P 1 P 1 , P 2 P 2 , , P n P n P 1 P 2 P n P 1 P 2 P n .

This equation shows that a process interface executes multiple processes from P 1 to P n in parallel, where the fractional part is represented as Input port Output port and the parallel composition of all processes to execute an atomic action is represented as P 1 P 2 P n .

The remaining article is organized as follows: in Section 2, preliminaries for proposed modeling techniques are discussed; in Section 3, a case study for implementing proposed model is discussed; in Section 4, analysis and results are discussed; and finally, conclusion and future work are discussed in Section 5.

2 Preliminaries

SASs having dynamic concurrent behavior presented in ref. [38], by which systems adapt behavior dynamically. So, PNs are relatively better formal approach for modeling systems, which simulate dynamically as in ref. [39]. PNs combine a well-defined mathematical theory with a graphical representation of the dynamic behavior of systems. The theoretic aspect of PNs allows precise modeling and analysis of system behavior, while the graphical representation of PNs enable visualization of the modeled system state changes. This combination is the main reason for the use of PNs. While the static logic based approaches including prepositional and predicate logics do not express dynamical systems. The dynamical and temporal logics-based methods like linear temporal logic, computation tree logic (CTL) or μ -calculus could model dynamical systems by using their mathematical techniques. These methods lack in expressing the system behavior figuratively, while PNs have both capabilities of expression. CPN having flexibility to model complex dynamic system and to attaining true concurrency during execution of such complex model is also possible by CPN, which having all basic properties of simple PN including its color sets and guard functions. In this section, we will discuss terminologies use to help for formal modeling, specification, and analysis of self-adaptive MAS.

2.1 Multi-agent system

MAS is an important field of software engineering that comprises two main concepts of agents’ interaction. All agents interact with each other either through top-down approach or bottom-up approach. In top-down approach, all agents interact with each other by a centralized mechanism indirectly, on contrary through bottom-up approach, the interaction between agents is decentralized, and each agent is directly interacted to each other agent during any change in their environment. An agent can be composed of reactive, deliberative, or a hybrid architecture of both. In the indirect approach, an agent can modify the environment of other agents through initialization of an action. In this approach, some agents can share a subpart of the environment. In MAS, every agent occupies their own environment, and somehow, it is related to the Meta-level environment as shown in Figure 1. This phenomenon is also known as open environment, and a complex situation is created in this environment due to dynamic behavior of unknown components in future. This structure presented in [40] changes over time and becomes heterogeneous in nature. Qasim et al. provide an idea of formal specification and verification of real-time MAS using Timed-Arc PN in [41].

Figure 1 
                  Interaction between agents in MAPE-K based meta-level environment.
Figure 1

Interaction between agents in MAPE-K based meta-level environment.

An intelligent agent by Wooldridge in [42] is another important basic element of MAS, having classical characteristics such as reactivity, pro-activeness, and social ability. In reactivity, agents have ability to response timely according to design objectives if any change occurs in their environment. In pro-activeness, agents demonstrate their goal-oriented behavior to satisfy design objectives. Negotiation between agents is their social ability according to design objectives. So, these characteristics represent the significance of MAS to develop a system for complex architecture. In the engineering of SASs, MASs have some key features such as context-sensitivity, loose coupling, unexpectedness, and robustness in response to failure.

2.2 Self-adaptive system

SASs have ability to adapt its behavior according to change in its environment as discussed in [43]. It is the behavior of SAS to organize itself autonomously by accommodating changes in its environment and context. Some SASs may have ability to adapt changes in environment without human interaction through some higher-level policies as presented in [10]. Just like agents in MAS, adaptation is a process for switching between models in the multi-model system. So it is the capability of a system to adapt the behavior of the environment by selectively switching and executing between models. Formal verification of MAPE-K-based real-time MAS is proposed in ref. [44]. In order to improve the performance of a complex system, self-adaptivity plays a key role as the system learns to change behavior on its own. High-level dependability, adaptivity, robustness, and availability for developing self-adaptive software are proposed in ref. [45].

The adaptation mechanism is decomposed by Selehie and Tahvildari in 2011 into several processes: monitoring the environment and software objects (i.e., context-awareness and self-awareness), analyzing substantial variations, planning of reaction, and executing the decisions.

For the specification of SASs, monitoring, and switching between adaptive behaviors, goal-oriented models have proven their effectiveness. The ability to reason about partial goal satisfaction is a strength of goal-oriented modeling. Most of the existing self-adaptive models are taking benefits of the Sensor-Plan-Act model, extensively used in modeling traditional robotic systems presented in ref. [46]. In such systems, events are collected, analyzed, and attached to update the global model, and then in updated situation, each entity plans its strategy.

2.3 Colored PNs

In CPNs [25], tokens are in the form of colors denoting specific data types. Any transition is called enabled for firing when all of its input places having valid colored tokens, and valid arc bindings are used to produce the necessary colored tokens to its output places. The firing of transitions in CPN can modify the data values of these coloured tokens and change the behavior of model.

The formal definition of CPN is as follows: CPN = ( Σ , P , T , A , V , C , G , E , I ) , where:

  1. Σ is a finite set of nonempty color sets.

  2. P is a finite set of places.

  3. T is a finite set of transitions.

  4. A is a set of directed arcs such that: A P × T T × P .

  5. V is a typed finite variables set such that: Type [ ν ] Σ , ν V .

  6. C is a color function (nonempty color set). It is defined as follows: C : P Σ .

  7. G is a guard function defined as: G : T EXPR ν . It assigns a guard to each transition t such that: t T : [ Type ( G ( t ) ) = Bool ] .

  8. E is an arc expression function, defined as E : A EXPR ν such that a A : [ Type ( E ( a ) ) = C ( p ) M S ] , where p is the place connected to arc a.

  9. I is an initialization function, defined as I : P EXPR ϕ such that: p P : [ T y p e ( I ( p ) ) = C ( p ) M S ] .

CPN Meta language (ML) is a Standard ML (SML)-based functional programming language. CPN ML having all characteristics SML language with extension of defining color set and declaring variables. SML having more expressiveness to model interconnected systems in complex environment. It is also a best approach for state space analysis and performance analysis. In the present research, we will first applied SMACS framework to more complex real-time self-adaptive concurrent model and then verify behavioral properties through the state-space analysis.

2.4 Modal μ -calculus ( μ )

Modal μ -calculus is the extension of Hennessy-Milner Logic [47] with least fixed-point operator “ μ ” and greatest fixed-point operator “ ν ,” and it is more suitable to achieve true concurrency. Modal μ -calculus is also a fundamental temporal logic applied to model the context of temporal properties of systems and to model infinite behavior of concurrent systems. Many expressive temporal logics such as propositional dynamic logic, CTL, and CTL* are also the fragments of Modal μ -calculus [48]. Intuitively, μ -calculus has the capability to express the modalities into recursive patterns. The syntax of modal μ -calculus is given in equation (2):

(2) μ : Z μ μ μ ¬ μ μ 1 μ 2 μ 1 μ 2 μ 1 μ 2 β μ [ β ] μ μ Z μ . μ ν Z μ . μ .

The aforementioned syntax of μ represents that μ is a formula that satisfies different modalities, where Z μ is a set of states also called propositional variables and β A c t , also known as β -transition. μ is the formula that holds universally, μ holds nowhere, and negation, conjunction, disjunction, and implication have their usual meaning. Modalities are expressed by transitions, as formula β μ holds if there is an outgoing β -transition to some states satisfy μ , similarly formula [ β ] μ holds if there are all outgoing β -transition states satisfy μ . μ Z μ . μ and ν Z μ . μ represents the least fixed point and greatest fixed-point for Z μ set of states by applying μ formulas.

2.4.1 Semantics of μ

Let N be a label transition system, which represents a PN model, and δ : Z μ 2 S is a firing sequence in the environment ( Z μ S ).

[ [ μ ] ] N δ = S [ [ μ ] ] N δ = ϕ [ [ Z μ ] ] N δ = δ ( Z μ ) [ [ ¬ μ ] ] N δ = S \ [ [ μ ] ] N δ [ [ μ 1 μ 2 ] ] N δ = [ [ μ 1 ] ] N δ [ [ μ 2 ] ] N δ [ [ μ 1 μ 2 ] ] N δ = [ [ μ 1 ] ] N δ [ [ μ 2 ] ] N δ [ [ μ 1 μ 2 ] ] N δ = ( S \ [ [ μ 1 ] ] N δ ) [ [ μ 2 ] ] N δ [ [ β μ ] ] N δ = { s S t S , σ [ [ β ] ] s σ t t [ [ μ ] ] N δ } [ [ [ β ] μ ] ] N δ = { s S t S , σ [ [ β ] ] s σ t t [ [ μ ] ] N δ } [ [ μ Z μ . μ ] ] N δ = { T μ S T μ [ [ φ δ ( T μ ) ] ] } [ [ ν Z μ . μ ] ] N δ = { T μ S T μ [ [ φ δ ( T μ ) ] ] } ,

where φ δ : 2 S 2 S is a function defined as φ δ ( T μ ) = [ [ μ ] ] N δ [ Z μ T μ ] .

If φ δ ( M ) φ δ ( N ) , where M N S , then φ δ is monotone operator on S . If φ δ ( M ) = M , then M is a fixed point of φ δ . By a well-known Knaster–Tarski theorem, we know that any monotone operator φ δ on a set S has a least fixed point and a greatest fixed point within the ordering ( 2 S , ) .

The minimal fixed point is the intersection of prefixed points, { M S φ δ ( M ) M } , and the maximal fixed point is the union of postfixed points, { M S M φ δ ( M ) } . So we could extend our basic logic with a minimal fixed-point operator μ , so that μ Z μ . μ is a formula whose semantics is the least fixed point of φ δ , and similarly, a maximal fixed point operator ν , so that ν Z μ . μ is a formula whose semantics is the greatest fixed point of φ δ .

2.5 Self-adaptive multi-agent concurrent framework

SMACS as shown in Figure 2 is suitable for systems having complex behavior. To model such concurrent systems, formal techniques are being used for many decades, and fruitful results are being achieved by the researchers. In the proposed framework, an agent can perform multiple high-level tasks concurrently to complete the goal derives for the system or agent in a certain time span. These high-level concurrent tasks can be generated either by internal sensing of agents or by receiving updates by the support of external agents. An agent is self-directed, intelligent, and cooperative enough to collaborate with other agents to perform tasks in highly complicated environment. In this formal specification framework, we will use bottom-up approach for achieving true concurrency, as it is the best approach for modeling multi-agent-based systems to cover important concurrent aspects of agents. When a change in the environment will be observed, the Sensor channel intelligently sensed the request and notify to MAPE-K agents also known as internal-agents (Int-Agents) to complete the task. Each agent is composed of MAPE-K-based internal architecture. MAPE agents complete the request based on their knowledge and send back their decision to environment. These internal agents are directly connected to the CPN ML-based managed system and knowledge-based system updates for sending and receiving updates. Based on the results forwarded from the upper layer, these agents will act to complete the task and send updates to the environment through reactor channel for other agents.

Figure 2 
                  SMACS framework.
Figure 2

SMACS framework.

All agents are also directly connected with each other for sharing updates, and each agent individually receive and share updates through Emitter and Consenter channels, respectively. In some situations, there may be interaction between same type Int-Agents, i.e., monitor to monitor, analyzer to analyzer, planner to planner, and execute to execute. These internal-agents are directly connected to the knowledge based system updates for sending and receiving updated queries. Due this framework, n numbers of agents can communicate concurrently to complete a task.

In the multi-agent environment, each internal agent of Agent-1 is directly connected with other agents’ internal agents. Figure 3 represents the hierarchical structure of the SMACS framework, where all internal agents are grouped together from Sensor Int-Agent to Effector Int-Agent. As we know that in a MAS environment each agent’s internal architecture is almost same, so we want to compact model, and the repeated portion of net will be compact to the hierarchical structure. All internal agents are grouped as a MAPE-K Agent.

Figure 3 
                  Hierarchical architecture of the SMACS framework.
Figure 3

Hierarchical architecture of the SMACS framework.

3 Case study

To implement the SMACS framework, a SCL of any educational institution is chosen as a case study. The lab consists of limited number of computers. When a candidate wants to do some job, he generates a lab request (LR) through finger print device or by swapping a smart card for opening the lab. If there will be capacity inside the lab the door will open, otherwise a message will be printed on a screen attached outside the door that the lab is full. This working will be done through a sensor for checking seats availability, and updating status to the sensor attached with door opening lock. On the other hand, when a candidate will be able to enter in the lab, he will occupy a seat. As soon as he will sit on the seat, a message is forwarded by the sensor attached with seat to the sensor checking status of the system. If the system is off, it will become on. The status of a system will be checked after a specific time, and updates will be forwarded to all other sensors attached with it.

Concurrently, each agent will generate updates to the environment for other agents. Each agent is composed of MAPE-K-based architecture, and each agent can adapt the behavior either through changes in the environment or can forward updates to other agents. Similarly, other sensors (agents) will work concurrently for checking light status, fan status, temperature status, and humidity status. If there will be no candidate in the lab, all agents will send signal after a specific time to turning off the device attached with them. Printer is also a part of this Smart-Lab and will also be controlled through a sensor agent. This agent will receive updates from systems’ agents for updating on or off status.

CPN is a powerful modeling and analysis mathematical language with its graphical representations. By using CPN, we construct small modules, and finally, these small modules will combine to develop complete model through the bottom-up approach. Figure 4 represents the entrance and exit behavior of first agent. This agent adapts behavior on changing the capacity of SCL. ON/OFF is shown in Figure 5. Initially, the room temperature is set at 18°C, temperature will be increased 2° after every 60 min due to heat produced by the computer system. If temperature will rise up to 30°C or more, a signal is sent to AC controller agents and the AC switch will become ON. When the AC will start working, then after every 20 min, the temperature will become down to 1°. And if the temperature will become down to 18°C or less, the AC switch will become OFF by its agent. Similarly, the humidity measuring agent will control exhaust fan ON/OFF functions on the basis of humidity level of lab, when AC will be in the OFF mode. Finally, we will compose all modules to develop meta-model of Smart-Lab. When a candidate forwards his request through Entrance transition, a token is generated for LR place. Then environment transition may or may not be enabled according to the condition y n , where n is the maximum number of candidates and y is associated with Job Completed place for counter. If the condition is true, the lab will open and candidate will occupy his seat, and at the same time, the system behavior will be updated. On the contrary, a signal of waiting is generated by the agent, which is monitoring lab capacity with its self-adaptive behavior. Initially, light is off, and a token is presented in L-OFF place, and at the same time, L_ON agent continuously check its status associated with Job Sensed place. If a seat is occupied by a candidate, the status of light will be changed to on and a token will be presented in the place Lab ON until all seats will become empty. This status will be updated by using inhibitor arc associated with Job Sensed place, i.e., the transition attached with the inhibitor arc will become fireable if the associated place will become empty. Similarly, all other agents associated with fan, systems, printer, temperature controller, and humidity controller will begin work as their status being updated by the environment. A timer of 15 min is set to all entities of the model with their idle status, and if during this interval there become no candidate in the lab, all running entities will be coming off their status through their agents. Temperature controller for air conditioner ON/OFF is shown in Figure 6. Initially, the room temperature is set at 18°C, temperature will be increased 2° after every 60 min due to heat produced by the computer system. If the temperature will rise up to 30°C or more, a signal is sent to AC controller agents and the AC switch will become ON. When the AC will start working, then after every 20 min, the temperature will become down to 1°C. And if the temperature decreases to 18°C or less, the AC switch will become OFF by its agent. Similarly, the humidity measuring agent will control exhaust fan ON/OFF functions on the basis of the humidity level of lab, when AC will be in the OFF mode. Finally, we will compose all modules to develop meta-model of Smart-Lab. Figure 7 represents the meta-model of SCL, where the transitions naming Warming, L_ON, S_ON, and F_Temp & H_Check are composed of MAPE-K internal agents.

Figure 4 
               CPN module for entrance and exit.
Figure 4

CPN module for entrance and exit.

Figure 5 
               CPN module for light ON-OFF.
Figure 5

CPN module for light ON-OFF.

Figure 6 
               CPN module for AC controller.
Figure 6

CPN module for AC controller.

Figure 7 
               A meta-model of smart-lab using SMACS framework.
Figure 7

A meta-model of smart-lab using SMACS framework.

4 Results and discussion

The results of the applying SMACS framework are briefly discussed in Sections 4.1 and 4.2. Liveness, safeness, and deadlock freedom properties are verified through the TAPA model checker. Moreover, some properties are also discussed by applying the state-space analysis of the SCL model.

4.1 Verification of SCL

For the verification of all internal agents’ working of the SCL, we apply μ and TAPA model checker. All equipment of SCL including entrance/exit monitoring, computer/printer monitoring, lights/fans monitoring, atmosphere monitoring, and AC control monitoring cameras are working as internal agents. These agents are modeled through CPN and then verified through μ with its corresponding TAPA model checker. The properties given in equations (3)–(8) show the lab capacity, lab on/off, lab’s AC controller, liveness, safeness, and deadlock freedom. These properties show the formally correctness of the system. In formal methods, the system correctness lies in the verification of Assumption Guarantee paradigm for system’s input/output functionality, liveness, and safety properties. The properties enlisted in Table 1 fall under these categories and therefore their correctness leads to the correctness of the system at large. Therefore, the formulation of these properties is being done in the modal μ -calculus one of the formal methods. The purpose of this research work is to verify the soundness and completeness of the SMACS framework with the help of SCL case study.

(3) [ [ [ X i ? ] ( Ent? true Capacity? true R _ F ? true Wait? false ) ] ] N δ

(4) [ [ [ X i ] ( Wait? true Ent? false Capacity? false R _ F ? false ) ] ] N δ

(5) [ [ [ LAB_OFF! ] ( ¬ Xi? true Empty? true LAB_OFF? true ) [ LAB_OFF! ] ( P_OFF! true S_OFF! true FH_OFF! true L_OFF! true AC_OFF! true ) ] ] N δ

(6) [ [ ¬ μ Z μ . ( ( X i Z μ Ent Z μ ) R _ F Z μ S _ ON Z μ L _ ON Z μ FH_C AC_Control Z μ ) Y μ ( [ tau ] false ) ( tau true ) ( [ tau ] Y μ ) ] ] N δ

(7) [ [ μ Z μ . ( [ Ent ] false [ R _ F ] false [ S _ ON ] false [ L _ ON ] flase [ FH_C ] false [ AC_Control ] flase ) Z μ ] ] N δ

(8) [ [ ν Z μ . ( [ Xi ] [ Ent ] ( R _ F true S _ ON true L_ON t r u e FH_C true AC_Control true ) [ ] Z μ ] ] N δ .

These properties explained in Table 1 are written according to the TAPA model checker.

Table 1

Modified μ formulae for TAPA model checker to monitor lab atmosphere including liveness, safeness, and deadlock-freedom properties of SCL

Property name Modified formula for TAPA Description
SCL1 [Xi?][Capacity?](! S_ON? true & L_ON? true & ( FH_C? true & ( F_ON? true ∣ Ex_ON? true)) & AC_Control? true) Lab is open and empty, candidates can enter
SCL2 [LAB_OFF!]((! Xi? true & Empty? true & LAB_OFF? true ) ∣ ( P_OFF! true & S_OFF! true & FH_OFF! true & L_OFF! true & AC_OFF! true)) Lab will close after leaving all candidates
SCL3 [Xi?]( Ent? true & Capacity? true & R_F? true & Wait? false) Lab has capacity to accommodate more candidates
SCL4 [Xi?]( Wait? true & Ent? false & Capacity? false & R_F? false) Lab is full and candidate can wait until a slot being empty
SCL5 [Xi?][Capacity?][AC_Control?]((! AC_ON? true ( Temp? true & ! AC_OFF? true) & E_OFF? ∣ ( Warm? true & Warm! true)) ∣ ( AC_OFF? ( Temp? true & ! AC_ON? true) ∣ ( Cool? true & Cool! true))) AC control mechanism for Lab
Liveness, safeness, and deadlock-freedom properties for SCL’s internal agents
SCL_L !min Z. (( Xi Z & Ent Z) & R_F Z ∣ S_ON Z ∣ L_ON Z ∣ FH_C Z ∣ AC_Control Z) ∣ max Y.([-tau]false) & ( tau true) & ([tau]Y) Liveness property is checked for SCL
SCL_S min Z. ([Ent]false ∣ [R_F]false ∣ [S_ON]false) ∣ [L_ON]false ∣ [FH_C]false ∣ [AC_Control]false ∣ Z Safety property is checked for SCL
SCL_D max Z. ([Xi][Ent]( R_F true & S_ON true L_ON true & FH_C true & AC_Control true)& [ ] Z ) Deadlock freedom property is checked for SCL

4.2 State space analysis for SCL

The graph size of the state space analysis of SCL is very huge, and it is impossible to show the whole graph. Table 2 represents that there are 97,020 nodes and 596,904 arcs, and it took about 47 min to generate the full state space report. Similarly, the strongly connected component (SCC) graph has four nodes and 43,890 arcs and took 11 s to generate this report. Four nodes of SCC graph mean that there are four strongly connected components to cover the all 97,020 nodes of the state space graph. Here, it is proved that the system will run in the infinite number of occurrences, and for termination of the system, we have to limiting the cycles. The best integer bound report represents the maximum and minimum integral value of any place, and the results show that no any place exists with the unbounded status. The best upper multiset bound shows that the maximum number of tokens exists in place during execution, and the best lower multiset bounds means all places have empty status other than initialized places. There are 27,720 markings represented as home marking, and the description of two home markings 30,621 and 30,662 is shown in Figure 8. The liveness property shows that there is no dead marking in the state space graph of the system and also no dead transition instances. A marking is dead if it does not have an outgoing arc. A dead transition instance means a transition is disabled to fire in all of its reachable markings. There are a number of live transitions exist in the graph. A partial state space graph shown in Figure 9 represents the description some arcs and some markings, e.g., M 1 , M 5 , and M 888 , the arcs also describes through equations (9)–(11).

(9) [ 6 : 3 1 SAS_PN’Exit 1 : { x = 2 , y = 1 , e = 2 } ] ,

(10) [ 12 : 5 11 SAS_PN’Entrance 1 : { x = 2 } ] ,

(11) [ 2286 : 314 792 SAS_PN’Request_Forwarded 1 : { c = 1 , y = 2 } ] .

The details of three arcs represented in equations (9)–(11), e.g., in equation (11) the arc-2286 shows that a transition Request_Forward is fired from marking M 314 to marking M 792 when the values of variables are c = 1 & y = 2 . As the system contains infinite occurrence sequence, so the fairness property shows that the system runs correctly and all transitions fire independently. A fairness property is imposed on the system that it fairly selects the process to be executed next. Technically, a fairness constraint is a condition on executions of the system model.

Table 2

State space analysis for CPN model of SCL

State space
Node 97,020
Arcs 596,904
Secs 2,808
Status Full
SCC graph
Node 4
Arcs 43,890
Secs 11
Boundedness properties
Best integer bounds
Place name Upper Lower
SAS_PN’C1 1 1 0
SAS_PN’DEC 1 1 1
SAS_PN’EON 1 1 0
SAS_PN’Environment 1 1 1
SAS_PN’FON 1 1 0
SAS_PN’Humidity 1 1 0
SAS_PN’INC 1 1 1
SAS_PN’Job Completed 1 1 1
SAS_PN’Job Sensed 1 10 0
SAS_PN’LON 1 1 0
SAS_PN’LR 1 10 0
SAS_PN’PON 1 1 0
SAS_PN’S1 1 1 0
SAS_PN’S ON 1 1 0
SAS_PN’Temp 1 1 0
Home properties
Home markings 27,720 [30,621, 36,282, 41, 942, 36,287, 25,154, …]
Liveness properties
Dead markings None
Dead transition instances None
Fairness properties
Impartial transition instances None
Fair transition instances None
Just transition instances None
Figure 8 
                  The details of node 3,0621 and 30,662 in the state space graph for SCL.
Figure 8

The details of node 3,0621 and 30,662 in the state space graph for SCL.

Figure 9 
                  Partial state space graph for SCL.
Figure 9

Partial state space graph for SCL.

5 Conclusions and future work

In this research, we tried to introduce a multi-agent-based framework for complex concurrent systems, where each agent is composed of MAPE-K-based internal structure. To ensure high level of reliability and accuracy of SMACS framework, we used a complex architecture of multi-agent-based SCL, as a case study. CPN is used as a modeling and verifying approach for SCL by using the SMACS framework, because CPN is more expressive than simple PNs to model such complex systems having concurrent behavior. Multi-agent-based and self-adaptive-based architectures are key features of our proposed work. Presently, these two fields having a key role for modeling such real-time complex architectures. It is verified that no deadlock occurs during the interaction between agents and internal agents. All agents interacted with each other through CPN ML-based managed system and knowledge-based updates. So due to any changes in the environment or any internal change of an individual agent, different agents adapted their behavior. It is formally verified that the proposed work is suitable to prove correctness of the system having complex concurrent behavior. It is also verified that there is no any dead marking, all transitions are live, and the net also hold safety property. The internal self-adaptive structure of SCL agents is verified through Modal μ -calculus and then checked through the TAPA model checker. In our future work, we will try to add time stamp to verify the correctness of timed-based complex systems. We will also improve performance of the proposed architecture by using CPN-based statistical performance analysis tool and will try to use CPN monitors to analyze model based on statistical data. We also want to use temporal logic-based formal languages to handle the constraints of the proposed work with time variants in our future work.

  1. Funding information: The authors state no funding involved.

  2. Author contributions: All authors have accepted responsibility for the entire content of this manuscript and approved its submission.

  3. Conflict of interest: Authors state no conflict of interest.

  4. Data availability statement: Data sharing is not applicable to this article as no datasets were generated or analysed during the current study.


[1] P. Sawyer, N. Bencomo, J. Whittle, E. Letier, and A. Finkelstein, “Requirements-aware systems: A research agenda for re for self-adaptive systems,” In: 2010 18th IEEE International Requirements Engineering Conference (RE), IEEE, 2010, pp. 95–103. 10.1109/RE.2010.21Search in Google Scholar

[2] M. Hinchey, Requirements Engineering for Adaptive and Self-adaptive Systems. 2018. Search in Google Scholar

[3] J. Schmitt, M. Roth, R. Kiefhaber, F. Kluge, and T. Ungerer, “Realizing self-x properties by an automated planner,” In: Proceedings of the 8th ACM International Conference on Autonomic Computing, ACM, 2011, pp. 185–186. 10.1145/1998582.1998620Search in Google Scholar

[4] G. Lilis and M. Kayal, “A secure and distributed message oriented middleware for smart building applications,” Autom. Constr., vol. 86, pp. 163–175, 2018. 10.1016/j.autcon.2017.10.030Search in Google Scholar

[5] P. denHamer and T. Skramstad, “Autonomic service-oriented architecture for resilient complex systems,” In: 2011 30th IEEE Symposium on Reliable Distributed Systems Workshops (SRDSW), IEEE, 2011, pp. 62–66. 10.1109/SRDSW.2011.25Search in Google Scholar

[6] H. Schmeck, C. Müller-Schloer, E. Čakar, M. Mnif, and U. Richter, “Adaptivity and self-organization in organic computing systems,” ACM Trans. Autonom. Adaptive Syst. (TAAS), vol. 5, no. 3, p. 10, 2010. 10.1145/1837909.1837911Search in Google Scholar

[7] N. Villegas, G. Tamura, and H. Müller, “Architecting software systems for runtime self-adaptation: Concepts, models, and challenges,” In: Managing Trade-Offs in Adaptable Software Architectures, Elsevier, 2017, pp. 17–43. 10.1016/B978-0-12-802855-1.00002-2Search in Google Scholar

[8] C. Peper and D. Schneider, “Component engineering for adaptive ad-hoc systems,” In: Proceedings of the 2008 International Workshop on Software Engineering for Adaptive and Self-managing Systems, ACM, 2008, pp. 49–56. 10.1145/1370018.1370028Search in Google Scholar

[9] M. Gula and K. Žáková, “Proposal of component based architecture for internet of things: online laboratory case study,” IFAC-PapersOnLine, vol. 50, no. 1, pp. 337–342, 2017. 10.1016/j.ifacol.2017.08.153Search in Google Scholar

[10] Y. Brun, G. D. M. Serugendo, C. Gacek, H. Giese, H. Kienle, M. Litoiu, et al., “Engineering self-adaptive systems through feedback loops,” In: Software Engineering for Self-adaptive Systems, Springer, 2009, pp. 48–70. 10.1007/978-3-642-02161-9_3Search in Google Scholar

[11] F. M. Favarò and J. H. Saleh, “Application of temporal logic for safety supervisory control and model-based hazard monitoring,” Reliabil. Eng. Syst. Safety, vol. 169, pp. 166–178, 2018. 10.1016/j.ress.2017.08.012Search in Google Scholar

[12] A. O. de Sousa, C. I. Bezerra, R. M. Andrade, and J. M. Filho, “Quality evaluation of self-adaptive systems: Challenges and opportunities,” In: Proceedings of the XXXIII Brazilian Symposium on Software Engineering, ACM, 2019, pp. 213–218. 10.1145/3350768.3352455Search in Google Scholar

[13] A. J. Ramirez, A. C. Jensen, and B. H. Cheng, “A taxonomy of uncertainty for dynamically adaptive systems,” In: Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, IEEE Press, 2012, pp. 99–108. 10.1109/SEAMS.2012.6224396Search in Google Scholar

[14] N. Esfahani and S. Malek, “Uncertainty in self-adaptive software systems,” In: Software Engineering for Self-Adaptive Systems II, Springer, Berlin, Heidelberg, 2013, pp. 214–238. 10.1007/978-3-642-35813-5_9Search in Google Scholar

[15] M. Krichen, “Improving formal verification and testing techniques for internet of things and smart cities,” Mobile Netw. Appl., pp. 1–12, 2019. 10.1007/s11036-019-01369-6Search in Google Scholar

[16] B. H. Cheng, K. I. Eder, M. Gogolla, L. Grunske, M. Litoiu, H. A. Müller, et al., “Using models at runtime to address assurance for self-adaptive systems,” In: Models@run.time, Springer, 2014, pp. 101–136. 10.1007/978-3-319-08915-7_4Search in Google Scholar

[17] L. Castannneda, N. M. Villegas, and H. A. Müller, “Self-adaptive applications: On the development of personalized web-tasking systems,” In: Proceedings of the 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, ACM, 2014, pp. 49–54. 10.1145/2593929.2593942Search in Google Scholar

[18] H. Müller and N. Villegas, “Runtime evolution of highly dynamic software,” In: Evolving Software Systems, Springer, 2014. pp. 229–264. 10.1007/978-3-642-45398-4_8Search in Google Scholar

[19] N. Villegas, G. Tamura, H. Müller, L. Duchien, and R. Casallas, “Dynamico: A reference model for governing control objectives and context relevance in self-adaptive software systems,” Software Engineering for Self-Adaptive Systems II, 2012. 10.1007/978-3-642-35813-5_11Search in Google Scholar

[20] J. Cámara, R. de Lemos, N. Laranjeiro, R. Ventura, and M. Vieira, “Testing the robustness of controllers for self-adaptive systems,” J. Brazilian Comput. Soc., vol. 20, no. 1, p. 1, 2014. 10.1186/1678-4804-20-1Search in Google Scholar

[21] R. De Lemos, H. Giese, H. Müller, M. Shaw, J. Andersson, L. Baresi, et al., “Software engineering for self-adaptive systems: A second research roadmap,” In: Dagstuhl Seminar Proceedings, Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2011. Search in Google Scholar

[22] G. Weiss, K. Becker, B. Kamphausen, A. Radermacher, and S. Gerard, “Model-driven development of self-describing components for self-adaptive distributed embedded systems,” In: 2011 37th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA), IEEE, 2011, pp. 477–484. 10.1109/SEAA.2011.78Search in Google Scholar

[23] H. Müller, M. Pezzè, and M. Shaw, “Visibility of control in adaptive systems,” In: Proceedings of the 2nd International Workshop on Ultra-large-scale Software-intensive Systems, ACM, 2008, pp. 23–26. 10.1145/1370700.1370707Search in Google Scholar

[24] S. Dobson, S. Denazis, A. Fernández, D. Gaíti, E. Gelenbe, F. Massacci, et al., “A survey of autonomic communications,” ACM Trans. Autonom. Adaptive Syst. (TAAS), vol. 1, no. 2, pp. 223–259, 2006. 10.1145/1186778.1186782Search in Google Scholar

[25] K. Jensen. Coloured Petri Nets: Basic Concepts, Analysis Methods and Practicaluse, 2013, Search in Google Scholar

[26] M. A. Niazi. Introduction to the modeling and analysis of complex systems: a review, 2016, 10.1186/s40294-016-0015-xSearch in Google Scholar

[27] K. Jensen, L. M. Kristensen, and L. Wells, “Coloured petri nets and cpn tools for modelling and validation of concurrent systems,” Int. J. Softw. Tools Technol. Transf., vol. 9, no. 3–4, pp. 213–254, 2007. 10.1007/s10009-007-0038-xSearch in Google Scholar

[28] F. Liu, M. Heiner, and D. Gilbert, “Coloured petri nets for multilevel, multiscale and multidimensional modelling of biological systems,” Briefings Bioinform., vol. 20, no. 3, pp. 877–886, 2017. 10.1093/bib/bbx150Search in Google Scholar PubMed PubMed Central

[29] A. Qasim and S. A. R. Kazmi, “Mape-k interfaces for formal modeling of real-time self-adaptive multi-agent systems,” IEEE Access, vol. 4, pp. 4946–4958, 2016. Search in Google Scholar

[30] W. Wusheng, L. Weiping, W. Zhonghai, and Z. Zhichao, “Petri net-based context-aware service system modelling: an overview,” In: 2014 International Conference on Service Sciences (ICSS), IEEE, 2014, pp. 60–65. 10.1109/ICSS.2014.14Search in Google Scholar

[31] F. D. Macías-Escrivá, R. Haber, R. delToro, and V. Hernandez, “Self-adaptive systems: A survey of current approaches, research challenges and applications,” Expert Systems with Applications, vol. 40, no. 18, pp. 7267–7279, 2013. 10.1016/j.eswa.2013.07.033Search in Google Scholar

[32] D. Weyns and M. Georgeff, “Self-adaptation using multiagent systems,” IEEE Software, vol. 27, no. 1, 2010. 10.1109/MS.2010.18Search in Google Scholar

[33] M. I. Fakhir and S. A. R. Kazmi, “Formal specification and verification of self-adaptive concurrent systems,” IEEE Access, vol. 6, pp. 34790–34803, 2018. 10.1109/ACCESS.2018.2849821Search in Google Scholar

[34] Y. Abuseta and K. Swesi, Design Patterns for Self Adaptive Systems Engineering, 2015, arXiv: 10.5121/ijsea.2015.6402Search in Google Scholar

[35] W. Kröger and E. Zio, “Vulnerable Systems,” Springer, London, 2011. 10.1007/978-0-85729-655-9Search in Google Scholar

[36] I. Fakhir, S. A. R. Kazmi, A. Qasim, and I. Rafique, “Concurrency in intuitionistic linear-time μ-calculus: A case study of manufacturing system,” Indian J. Sci. Technol., vol. 9, no. 6, pp. 1–7, 2016. 10.17485/ijst/2016/v9i6/82655Search in Google Scholar

[37] S. A. R. Kazmi and W. H. Zhang, “Compositional reasoning in intuitionistic linear time mu-calculus,”, J. Softw., vol. 20, no. 8, pp. 2026–2036, 2009. 10.3724/SP.J.1001.2009.00569Search in Google Scholar

[38] M. Garcia-Constantino, A. Konios, and C. Nugent “Modelling activities of daily living with petri nets,” In: 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2018, pp. 866–871. 10.1109/PERCOMW.2018.8480225Search in Google Scholar

[39] A. Kayes, W. Rahayu, T. Dillon, S. Mahbub, E. Pardede, and E. Chang, “Dynamic transitions of states for context-sensitive access control decision,” In: International Conference on Web Information Systems Engineering, Springer, 2018, pp. 127–142. 10.1007/978-3-030-02922-7_9Search in Google Scholar

[40] F.-S. Hsieh, “A hybrid and scalable multi-agent approach for patient scheduling based on petri net models,” Appl. Intell., vol. 47, no. 4, pp. 1068–1086, 2017. 10.1007/s10489-017-0935-ySearch in Google Scholar

[41] A. Qasim, A. Kazmi, and I. Fakhir, “Formal specification and verification of real-time multi-agent system using timed arc petri nets,” Adv. Electr. Comput. Eng., vol. 15, no. 3, pp. 73–8, 2015. 10.4316/AECE.2015.03010Search in Google Scholar

[42] M. Wooldridge and N. R. Jennings, “Intelligent agents: Theory and practice,” Knowl. Eng. Rev., vol. 10, no. 2, pp. 115–152, 1995. 10.1017/S0269888900008122Search in Google Scholar

[43] D. Weyns, “Software engineering of self-adaptive systems,” In: Handbook of Software Engineering, Springer, 2019, pp. 399–443. 10.1007/978-3-030-00262-6_11Search in Google Scholar

[44] A. Qasim and S. A. R. Kazmi, “Mape-k interfaces for formal modeling of real-time self-adaptive multi-agent systems,” IEEE Access, vol. 4, pp. 4946–4958, 2016. 10.1109/ACCESS.2016.2592381Search in Google Scholar

[45] D. Weyns, M. U. Iftikhar, S. Malek, and J. Andersson, “Claims and supporting evidence for self-adaptive systems: A literature study,” In: Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, IEEE Press, 2012, pp. 89–98. 10.1109/SEAMS.2012.6224395Search in Google Scholar

[46] M. Salehie and L. Tahvildari, “Towards a goal-driven approach to action selection in self-adaptive software,” Software: Practice and Experience, vol. 42, no. 2, pp. 211–233, 2012. 10.1002/spe.1066Search in Google Scholar

[47] M. Hennessy and R. Milner, “Algebraic laws for nondeterminism and concurrency,” J. ACM (JACM), vol. 32, no. 1, pp. 137–161, 1985. 10.1145/2455.2460Search in Google Scholar

[48] P. Blackburn, J. F. van Benthem, and F. Wolter, Handbook of Modal Logic, vol. 3, Elsevier, UK, 2006. Search in Google Scholar

Received: 2021-05-06
Revised: 2022-12-08
Accepted: 2023-04-14
Published Online: 2023-05-25

© 2023 the author(s), published by De Gruyter

This work is licensed under the Creative Commons Attribution 4.0 International License.

Downloaded on 31.5.2023 from
Scroll to top button