Chapter 5

Methods for the Design and Development

Harald Anacker, Michael Dellnitz, Kathrin Flaßkamp, Stefan Groesbrink, Philip

Hartmann, Christian Heinzemann, Christian Horenkamp, Bernd Kleinjohann, Lisa
Kleinjohann, Sebastian Korf, Martin Krüger, Wolfgang Müller, Sina Ober-Blöbaum,
Simon Oberthür, Mario Porrmann, Claudia Priesterjahn, Rafael Radkowski, Chris-
toph Rasche, Jan Rieke, Maik Ringkamp, Katharina Stahl, Dominik Steenken, Jörg
Stöcklein, Robert Timmermann, Ansgar Trächtler, Katrin Witting, Tao Xie, and
Steffen Ziegert

Abstract. After the domain-spanning conceptual design, engineers from different

domains work in parallel and apply their domain-specific methods and modeling
languages to design the system. Vital for the successful design, are system opti-
mization methods and the design of the reconfiguration behavior. The former meth-
ods enable the parametric adaption of the system’s behavior, e.g. an adaption of
controller parameters, according to a current selection of the system’s objectives.
The latter realizes structural adaption of the system’s behavior, e.g. the exchange
of software or hardware parts. Altogether, this leads to a complex system behavior
that is hard to overview. In addition, self-optimizing systems are used in safety-
critical environments. Consequently, the system’s safety-critical behavior has to un-
dergo a rigorous verification and testing process. Existing design methods do not
address all of these challenges together. Indeed, a combination of established de-
sign methods for traditional technical systems with novel methods that focus on
these challenges is necessary. In this chapter, we will focus on such new methods.
We will introduce new system optimization and design methods to develop recon-
figurations of the software and the microelectronics. In order to ensure the correct-
ness of safety-critical functionality, we propose new testing methods and formal
methods to ensure safety-properties of the software. We show how to apply virtual
prototyping to deal with the complexity of self-optimizing systems and perform an
early analysis of the overall system. As each domain applies its own modeling lan-
guages, the result of these methods are several overlapping models. In order to keep
these domain-specific models consistent among all domains, we will introduce a

J. Gausemeier et al. (eds.), Design Methodology for Intelligent Technical Systems, 183
Lecture Notes in Mechanical Engineering,
DOI: 10.1007/978-3-642-45435-6_5,  c Springer-Verlag Berlin Heidelberg 2014
184 H. Anacker et al.

new semi-automatic model synchronization technique. Each of these design meth-

ods are integrated with the reference process for the development of self-optimizing
systems.

The principle solution forms the basis of the design and development. Engineers
of the involved domains derive their domain-specific models from the it. This is,
however, an error-prone and tedious task. Therefore, we will introduce a semi-
automatic model transformation techniques (cf. Sect. 5.1) that enables engineers
to, e.g. derive an initial controller hierarchy or an initial software architecture. Af-
terwards, each domain details these models. This may involve changes that have an
impact on the other domains. In order to keep the models of all domains consistent,
we will propose a model synchronization technique (cf. Sect. 5.1.3).
The system must consider several concurrent objectives in different Application
Scenarios.
This requires methods for optimizing the system with respect to these objectives
and appropriate adaption methods. System optimization methods origin from the
research areas of applied mathematics and artificial intelligence. The methods de-
termine the optimal system behavior or a set of optimal compromises for several
concurrent objectives. Practically, this is a formalism to compute optimal controller
parameters or optimal configurations of the system structure (cf. Sect. 5.3). Then,
it is the task of engineers from the domains mechanical, electrical/electronic, con-
trol, and software engineering to specify the corresponding change of the system’s
behavior, i.e. the reconfiguration of the system.
The system can perform reconfigurations on every system level (cf. Sect. 1.4.3).
In particular, this requires new design methods for the application software, the
system software, and the hardware modules to specify reconfiguration. Furthermore,
reconfiguration is often safety-critical and must fulfill hard real-time constraints.
Consider the RailCab’s reconfiguration behavior to build a convoy as an example (cf.
Sect. 2.1.7): The RailCab must reconfigure the controller behavior to consider the
distance to the preceding RailCab if the RailCab joins a convoy as a member. In
fact, if this function is not free from design faults or the system cannot execute the
reconfiguration within a certain time, a crash may happen. Therefore testing and
formal verification methods are crucial to ensure the safety of the system’s complex
behavior and its real-time properties.
On the level of the application software, software engineers specify the com-
munication behavior and the switching between alternative behavior implementa-
tions. We apply a component-based design method called M ECHATRONIC UML
that considers hard-real time constraints for the communication behavior, the re-
configuration of controllers, and the reconfiguration of software components. In
M ECHATRONIC UML, formal verification techniques are applied to ensure safety
constraints and the real-time properties of the system.
As a consequence of reconfigurations of the application software, the software’s
resource and performance demands changes. Usually, the system must reconfig-
ure hardware modules to meet the changed requirements of the application software