Software Technologies Applications

and Foundations STAF 2018 Collocated

Workshops Toulouse France June 25
29 2018 Revised Selected Papers
Manuel Mazzara
Visit to download the full and correct content document:
https://textbookfull.com/product/software-technologies-applications-and-foundations-s
taf-2018-collocated-workshops-toulouse-france-june-25-29-2018-revised-selected-pa
pers-manuel-mazzara/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Software Technologies Applications and Foundations STAF

2017 Collocated Workshops Marburg Germany July 17 21
2017 Revised Selected Papers 1st Edition Martina Seidl

https://textbookfull.com/product/software-technologies-
applications-and-foundations-staf-2017-collocated-workshops-
marburg-germany-july-17-21-2017-revised-selected-papers-1st-
edition-martina-seidl/

Intelligent Technologies and Applications First

International Conference INTAP 2018 Bahawalpur Pakistan
October 23 25 2018 Revised Selected Papers Imran Sarwar
Bajwa
https://textbookfull.com/product/intelligent-technologies-and-
applications-first-international-conference-
intap-2018-bahawalpur-pakistan-october-23-25-2018-revised-
selected-papers-imran-sarwar-bajwa/

High Performance Computing ISC High Performance 2018

International Workshops Frankfurt Main Germany June 28
2018 Revised Selected Papers Rio Yokota

https://textbookfull.com/product/high-performance-computing-isc-
high-performance-2018-international-workshops-frankfurt-main-
germany-june-28-2018-revised-selected-papers-rio-yokota/

Simulation and Modeling Methodologies Technologies and

Applications 8th International Conference SIMULTECH
2018 Porto Portugal July 29 31 2018 Revised Selected
Papers Mohammad S. Obaidat
https://textbookfull.com/product/simulation-and-modeling-
methodologies-technologies-and-applications-8th-international-
conference-simultech-2018-porto-portugal-july-29-31-2018-revised-
Trends and Applications in Knowledge Discovery and Data
Mining PAKDD 2018 Workshops BDASC BDM ML4Cyber PAISI
DaMEMO Melbourne VIC Australia June 3 2018 Revised
Selected Papers Mohadeseh Ganji
https://textbookfull.com/product/trends-and-applications-in-
knowledge-discovery-and-data-mining-pakdd-2018-workshops-bdasc-
bdm-ml4cyber-paisi-damemo-melbourne-vic-australia-
june-3-2018-revised-selected-papers-mohadeseh-ganji/

High-Performance Computing Applications in Numerical

Simulation and Edge Computing: ACM ICS 2018
International Workshops, HPCMS and HiDEC, Beijing,
China, June 12, 2018, Revised Selected Papers Changjun
Hu
https://textbookfull.com/product/high-performance-computing-
applications-in-numerical-simulation-and-edge-computing-acm-
ics-2018-international-workshops-hpcms-and-hidec-beijing-china-
june-12-2018-revised-selected-papers-changj/

Web and Big Data APWeb WAIM 2018 International

Workshops MWDA BAH KGMA DMMOOC DS Macau China July 23
25 2018 Revised Selected Papers Leong Hou U

https://textbookfull.com/product/web-and-big-data-apweb-
waim-2018-international-workshops-mwda-bah-kgma-dmmooc-ds-macau-
china-july-23-25-2018-revised-selected-papers-leong-hou-u/

Current Trends in Web Engineering ICWE 2018

International Workshops MATWEP EnWot KD WEB WEOD
TourismKG Cáceres Spain June 5 2018 Revised Selected
Papers Cesare Pautasso
https://textbookfull.com/product/current-trends-in-web-
engineering-icwe-2018-international-workshops-matwep-enwot-kd-
web-weod-tourismkg-caceres-spain-june-5-2018-revised-selected-
papers-cesare-pautasso/

Present and Ulterior Software Engineering Manuel

Mazzara

https://textbookfull.com/product/present-and-ulterior-software-
engineering-manuel-mazzara/
 Manuel Mazzara
Iulian Ober
Gwen Salaün (Eds.)
LNCS 11176

Software Technologies:
Applications and Foundations
STAF 2018 Collocated Workshops
Toulouse, France, June 25–29, 2018
Revised Selected Papers

123
Lecture Notes in Computer Science 11176
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board
David Hutchison
Lancaster University, Lancaster, UK
Takeo Kanade
Carnegie Mellon University, Pittsburgh, PA, USA
Josef Kittler
University of Surrey, Guildford, UK
Jon M. Kleinberg
Cornell University, Ithaca, NY, USA
Friedemann Mattern
ETH Zurich, Zurich, Switzerland
John C. Mitchell
Stanford University, Stanford, CA, USA
Moni Naor
Weizmann Institute of Science, Rehovot, Israel
C. Pandu Rangan
Indian Institute of Technology Madras, Chennai, India
Bernhard Steffen
TU Dortmund University, Dortmund, Germany
Demetri Terzopoulos
University of California, Los Angeles, CA, USA
Doug Tygar
University of California, Berkeley, CA, USA
Gerhard Weikum
Max Planck Institute for Informatics, Saarbrücken, Germany
More information about this series at http://www.springer.com/series/7408
Manuel Mazzara Iulian Ober
•

Gwen Salaün (Eds.)

Software Technologies:
Applications and Foundations
STAF 2018 Collocated Workshops
Toulouse, France, June 25–29, 2018
Revised Selected Papers

123
Editors
Manuel Mazzara Gwen Salaün
Innopolis University Grenoble Alpes University
Innopolis, Russia Montbonnot, France
Iulian Ober
University of Toulouse
Toulouse Cedex 9, France

Workshop Editors see next page

ISSN 0302-9743 ISSN 1611-3349 (electronic)

Lecture Notes in Computer Science
ISBN 978-3-030-04770-2 ISBN 978-3-030-04771-9 (eBook)
https://doi.org/10.1007/978-3-030-04771-9

Library of Congress Control Number: 2018962486

LNCS Sublibrary: SL2 – Programming and Software Engineering

© Springer Nature Switzerland AG 2018

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors, and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, express or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
 Workshop Editors

CoSim-CPS 2018

Cinzia Bernardeschi Paolo Masci

University of Pisa HASLab/INESC TEC
Italy and Universidade do Minho
Portugal
Peter Gorm Larsen
Aarhus University
Denmark

DataMod 2018

Antonio Cerone Oana Andrei

Nazarbayev University University of Glasgow
Kazakhstan UK
Riccardo Guidotti
KDDLab, ISTI-CNR
Pisa, Italy

FMIS 2018

Yamine Aït Ameur Philippe Palanque

IRIT, Université de Toulouse IRIT, Université de Toulouse
France France

FOCLASA 2018

Jean-Marie Jacquet Jacopo Soldani

University of Namur University of Pisa
Belgium Italy
VI Workshop Editors

GCM 2018

Hans-Jörg Kreowski
Universität Bremen
Germany

MDE@DeRun 2018

Hugo Bruneliere Abel Gomez

IMT Atlantique and LS2N Universitat Oberta de Catalunya
Nantes, France Spain
Romina Eramo
University of L’Aquila
Italy

MSE 2018

Antonio Bucchiarone Florian Galinier

Fondazione Bruno Kessler IRIT, Université de Toulouse
Trento, Italy Toulouse, France
Sophie Ebersold
IRIT, Université de Toulouse
Toulouse, France

SecureMDE 2018

Salvador Martinez Domenico Bianculli

CEA-LIST, LISE laboratory University of Luxembourg
Paris, France Luxembourg
Jordi Cabot
SOM Research Lab, ICREA-UOC
Barcelona, Spain
 Preface

This volume contains the technical papers presented at the eight workshops collocated
with the 2018 edition of the STAF (Software Technologies: Applications and
Foundations) federation of conferences on software technologies. The workshops took
place at ENSEEIHT (National Higher School of Engineering in Electrical Engineering,
Hydraulics, and Digital Sciences) in Toulouse, France, during June 25–29, 2018.
The STAF 2018 conferences and workshops brought together leading researchers and
practitioners from academia and industry to advance the state of the art in practical and
foundational advances in software technology. They address all aspects of software
technology, from object-oriented design, testing, mathematical approaches to mod-
elling and verification, transformation, model-driven engineering, aspect-oriented
techniques, and tools. The satellite workshops provided a highly interactive and
collaborative environment to discuss emerging areas of software engineering, software
technologies, model-driven engineering, and formal methods.
The eight workshops whose papers are included in this volume are (organizers are
indicated too):
– CoSim-CPS 2018 – Second International Workshop on Formal Co-Simulation of
Cyber-Physical Systems, June 26, 2018
• Cinzia Bernardeschi (University of Pisa, Italy)
• Peter Gorm Larsen (Aarhus University, Denmark)
• Paolo Masci (HASLab/INESC TEC and Universidade do Minho, Portugal)
– DataMod 2018 – 7th International Symposium “From Data to Models and Back,”
June 25–26, 2018
• Antonio Cerone (Nazarbayev University, Kazakhstan)
• Riccardo Guidotti (KDDLab, ISTI-CNR, Pisa, Italy)
• Oana Andrei (University of Glasgow, UK)
– FMIS 2018 – 7th International Workshop on Formal Methods for Interactive
Systems, June 25–26, 2018
• Yamine Aït Ameur (IRIT, Université de Toulouse, France)
• Philippe Palanque (IRIT, Université de Toulouse, France)
– FOCLASA 2018 – 16th International Workshop on Foundations of Coordination
Languages and Self-Adaptative Systems, June 26, 2018
• Jean-Marie Jacquet (University of Namur, Belgium)
• Jacopo Soldani (University of Pisa, Italy)
– GCM 2018 – 9th International Workshop on Graph Computation Models, June 27,
2018
VIII Preface

• Hans-Jörg Kreowski (Universität Bremen, Germany)

– MDE@DeRun 2018 – Model-Driven Engineering for Design-Runtime Interaction
in Complex Systems, June 28, 2018
• Hugo Bruneliere (IMT Atlantique and LS2N, Nantes, France)
• Romina Eramo (University of L’Aquila, Italy)
• Abel Gomez (Universitat Oberta de Catalunya, Spain)
– MSE 2018 – Third International Workshop on Microservices: Science and Engi-
neering, June 25, 2018
• Antonio Bucchiarone (Fondazione Bruno Kessler, Trento, Italy)
• Sophie Ebersold (IRIT, Université de Toulouse, Toulouse, France)
• Florian Galinier (IRIT, Université de Toulouse, Toulouse, France).
– SecureMDE 2018 – First International Workshop on Security for and by
Model-Driven Engineering, June 25, 2018
• Salvador Martinez (CEA-LIST, LISE laboratory, Paris, France)
• Jordi Cabot (SOM Research Lab, ICREA-UOC, Barcelona, Spain)
• Domenico Bianculli (University of Luxembourg, Luxembourg).
We would like to thank each organizer of the eight workshops at STAF 2018 for the
interesting topics and resulting talks, as well as the respective Program Commitee
members and external reviewers who carried out thorough and careful reviews, created
the program of each workshop, and made the compilation of this high-quality volume
possible. We also thank the paper contributors and attendees of all workshops. We
would like to extend our thanks to all keynote speakers for their excellent presentations.
We also thank the developers and maintainers of the EasyChair conference
management system, which was of great help in handling the paper submission,
reviewing, and discussion for all workshops, and in the preparation of this volume.
Finally, we would like to thank the organizers of STAF 2018, Jean-Michel Bruel and
Marc Pantel, for their help during the organization of all workshops, as well as
ENSEEIHT and the IRIT laboratory that hosted the workshops.

October 2018 Manuel Mazzara

Iulian Ober
Gwen Salaün
Abstracts of Invited Talks
Testing Autonomous Robots in Virtual Worlds

Hélène Waeselynck

LAAS-CNRS, Université de Toulouse, 7 Av. du Colonel Roche,

31077 Toulouse, France
Helene.Waeselynck@laas.fr

Abstract. Autonomous robots have decisional capabilities allowing them to

accomplish missions in diverse and previously unknown environments. The
mission-level validation of such systems typically involves test campaigns in the
field, which are costly and potentially risky in case of misbehavior. In this talk, I
will discuss an alternative approach based on simulation: the robot is immersed
in virtual worlds, and can be tested in a wide variety of situations without
incurring damage. I will take the example of testing the autonomous navigation
of outdoor robots. I will share the insights and results gained from two case
studies: Mana, an academic rough-terrain robot developed at LAAS-CNRS, and
Oz, an agricultural robot for autonomous weeding developed by Naïo
Technologies.

Keywords: Autonomous systems
Software testing
Simulation

 Data-Driven Analysis of User Interface
Software in Medical Devices

Paolo Masci

INESC TEC and Universidade do Minho, Portugal

paolo.masci@inesctec.pt

User interface software in medical devices is responsible for smooth and safe use of a
device. In advanced systems such as robotic-assisted surgery, user interface functions
can be highly sophisticated, e.g., involve the detection and translation of doctors’ hands
movements into micro-movements of robotic arms, allowing doctors to perform
complex surgeries that were not possible before.
Developing sophisticated software with zero defects is notoriously a hard problem.
In the medical domain the problem is particularly delicate, as software defects can
ultimately result in patient harm. Recent estimates on incidents with medical devices
indicate an escalating trend, with software defects being constantly one of the top
causes of incidents since 2016, and accounting for 22.8% of medical device recalls in
the first quarter of 20181. To date, several studies have been carried out providing an
aggregate view of software defects in medical devices. A detailed analysis of the nature
and impact of user interface software defects has not been performed yet. Such detailed
analysis would bring powerful insights that can be used by developers to better
understand latent software defects and identify them in advance, before incidents
happen.
In this talk, I will present a study conducted in collaboration with the US Food and
Drug Administration that aims to quantify and classify user interface software defects
in the current generation of medical devices. The study involved a systematic and
detailed analysis of nearly 8,000 medical devices recall records published by the FDA
from September 2012 to August 2015. A medical device recall is a corrective action
initiated by the manufacturer to fix critical defects in a device already in the market.
Each recall record includes a semi-structured description of the reason for the recall and
the corrective action performed by the manufacturer. I will discuss the analyzed dataset,
including analysis method, challenges faced while performing the analysis, obtained
results, and opportunities for improvement.

1
https://www.stericycleexpertsolutions.com/wp-content/uploads/2018/08/ExpertSolutions_
RecallIndex_Q22018.pdf.
 Safe Composition of Software Services

Gwen Salaün

Univ. Grenoble Alpes, Inria, CNRS, Grenoble INP, LIG,

F-38000 Grenoble, France

Composition of software is a crucial topic in many different computer science areas

such as Software Architectures, Component-Based Software Engineering, Web ser-
vices, cloud computing, Internet of Things, etc. Composition is however a difficult task
for several reasons. There is a need first for models of the services and of the way these
services interact together. Several levels of expressiveness can be considered in this
model (signature, behaviour, semantics, quality of service). Each facet brings different
issues from a composition perspective. In this talk, we have a specific focus on
behavioural models for service composition. Once a model is properly defined, one can
design a composition by defining connections or bindings among the involved services.
Building such a composition is error-prone and several kinds of mismatch can arise.
Analysis techniques are thus required in order to validate the composition and ensure
that before the composition is deployed it works correctly. Beyond models and auto-
mated verification techniques for validating service composition, we also present in this
talk two different ways to develop composition of services, namely, top-down and
bottom-up development processes. Last but not least, we illustrate these techniques for
supporting the modelling and composition of services with a concrete approach
developed in the context of the Internet of Things.
 Computational Oncology: From Biomedical
Data to Computational Models, and Back

Giulio Caravagna

Centre for Evolution and Cancer,

The Institute of Cancer Research, London, UK

Keynote Speaker of DataMod 2018

Cancer is a disease responsible for around 8 million deaths per year (around 13% of all
deaths in 2008), and whose worldwide impact is projected to continue rising, with an
estimated 13 million deaths in 2030 (as of an estimate by the World Health Organi-
sation). Finding a cure to cancer is definitely challenging, as there are as many different
types of cancer as human cells, and the progression of the disease is heterogenous
across individuals. Often, histologically identical tumours have few genetic features in
common, and thus reconciling heterogeneity across tumour types and patients is one
of the main areas of research in the community.
In the last years, thanks to the development of new high throughput sequencing
technologies that measure the genomic content of cancer cells at different resolutions,
the new field of Cancer Evolution has emerged. In this field, carcinogenesis is
described as an evolutionary process driven by the accumulation of genomic aberra-
tions, and complex methodologies are used to retrieve the life history of analysed
tumours. At a broad level, this opens up for the opportunity to create models that
recapitulate heterogeneity, and that elucidate how genomic events orchestrate diseases
initiation and progression. So doing, we can anticipate a cancer’s next step, and
eventually implement personalised treatment strategies that are tailored to each patient.
Computational modelling is one of the key methodologies used in Cancer Evolu-
tion. In this talk, I will give a brief introduction to the problems in the filed, from a
computer science perspective. I will overview some of the major computational
challenges, and the kind of data can be used to approach them. The talk will span from
(very basic) cell/cancer biology, to a discussion of what types of mathematical models
can be used to describe cancer growth/therapy, and what Data Science challenges we
have to face to implement successful strategies for cancer data analysis.
 Microservices, Microservices, Microservices?

Antonio Brogi

Department of Computer Science

University of Pisa, Pisa, Italy
brogi@di.unipi.it

Abstract. In this talk, we first tried to critically discuss some of the motivations
and characteristics of microservices and some of the potentially huge advantages
offered by their adoption for managing enterprise applications.
One of the main motivations for adopting microservices is the need to
shorten the lead time for new features and updates, by accelerating rebuild and
redeployment and by reducing chords across functional silos. Another main
motivation for adopting microservices is the need to scale, quickly and effec-
tively.
Microservices architectures define applications as sets of services, each
running in its own container, communicating with lightweight mechanisms,
built around business capabilities, decentralizing data management, indepen-
dently deployable, horizontally scalable, and fault resilient.
In the second part of the talk, we showed how a simple formalization of the
main properties of microservices can be frutifully exploited to drive the refac-
toring of existing applications.
After introducing a simple modelling of microservices architectures as
graphs fromed by services, databases, and connectors, we discussed how some
distinguishing properties of microservices can be associated with antipatterns,
and how such antipatterns can be associated with refactoring patterns.
The last part of the talk was devoted to discuss how the complexity and
overhead introduced by microservices can make their adoption truly effective
only for a certain scale of applications and enterprises.
 Contents

Formal Co-Simulation of Cyber-Physical Systems (CoSim-CPS)

Towards the Verification of Hybrid Co-simulation Algorithms . . . . . . . . . . . 5

Casper Thule, Cláudio Gomes, Julien Deantoni, Peter Gorm Larsen,
Jörg Brauer, and Hans Vangheluwe

A Flexible Framework for FMI-Based Co-Simulation of Human-Centred

Cyber-Physical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Maurizio Palmieri, Cinzia Bernardeschi, and Paolo Masci

Towards Stochastic FMI Co-Simulations: Implementation of an FMU

for a Stochastic Activity Networks Simulator . . . . . . . . . . . . . . . . . . . . . . . 34
Cinzia Bernardeschi, Andrea Domenici, and Maurizio Palmieri

Demo: Stabilization Technique in INTO-CPS . . . . . . . . . . . . . . . . . . . . . . . 45

Cláudio Gomes, Casper Thule, Kenneth Lausdahl,
Peter Gorm Larsen, and Hans Vangheluwe

Demo: Co-simulation of UAVs with INTO-CPS and PVSio-web . . . . . . . . . 52

Maurizio Palmieri, Cinzia Bernardeschi, Andrea Domenici,
and Adriano Fagiolini

Towards a Co-simulation Based Model Assessment Process

for System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Benjamin Bossa, Benjamin Boulbene, Sébastien Dubé, and Marc Pantel

Co-simulation of Physical Model and Self-Adaptive Predictive

Controller Using Hybrid Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Imane Lamrani, Ayan Banerjee, and Sandeep K. S. Gupta

From Data to Models and Back (DataMod)

Formalizing a Notion of Concentration Robustness

for Biochemical Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Lucia Nasti, Roberta Gori, and Paolo Milazzo

Explaining Successful Docker Images Using Pattern Mining Analysis . . . . . . 98

Riccardo Guidotti, Jacopo Soldani, Davide Neri, and Antonio Brogi

Analyzing Privacy Risk in Human Mobility Data . . . . . . . . . . . . . . . . . . . . 114

Roberto Pellungrini, Luca Pappalardo, Francesca Pratesi,
and Anna Monreale
XVIII Contents

Generating Synthetic Data for Real World Detection of DoS Attacks

in the IoT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Luca Arnaboldi and Charles Morisset

Annotated BPMN Models for Optimised Healthcare Resource Planning . . . . . 146

Juliana Bowles, Ricardo M. Czekster, and Thais Webber

Using Formal Methods to Validate Research Hypotheses:

The Duolingo Case Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Antonio Cerone and Aiym Zhexenbayeva

Personality Gaze Patterns Unveiled via Automatic Relevance

Determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Vittorio Cuculo, Alessandro D’Amelio, Raffaella Lanzarotti,
and Giuseppe Boccignone

FormalMiner: A Formal Framework for Refinement Mining . . . . . . . . . . . . . 185

Antonio Cerone

Formal Methods for Interactive Systems (FMIS)

Exploring Applications of Formal Methods in the INSPEX Project . . . . . . . . 205

Joseph Razavi, Richard Banach, Olivier Debicki, Nicolas Mareau,
Suzanne Lesecq, and Julie Foucault

Towards a Cognitive Architecture for the Formal Analysis of Human

Behaviour and Learning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Antonio Cerone

Towards Handling Latency in Interactive Software . . . . . . . . . . . . . . . . . . . 233

Sébastien Leriche, Stéphane Conversy, Celia Picard, Daniel Prun,
and Mathieu Magnaudet

Refinement Based Formal Development of Human-Machine Interface . . . . . . 240

Romain Geniet and Neeraj Kumar Singh

Using Abstraction with Interaction Sequences for Interactive

System Modelling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Jessica Turner, Judy Bowen, and Steve Reeves

Formal Modelling as a Component of User Centred Design . . . . . . . . . . . . . 274

Michael D. Harrison, Paolo Masci, and José Creissac Campos
 Contents XIX

Foundations of Coordination Languages and Self-adaptative

Systems (FOCLASA)

Coordination of Complex Socio-Technical Systems: Challenges

and Opportunities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Stefano Mariani

Reo Coordination Model for Simulation of Quantum Internet Software . . . . . 311

Ebrahim Ardeshir-Larijani and Farhad Arbab

Computing the Parallelism Degree of Timed BPMN Processes . . . . . . . . . . . 320

Francisco Durán, Camilo Rocha, and Gwen Salaün

ReoLive: Analysing Connectors in Your Browser . . . . . . . . . . . . . . . . . . . . 336

Rúben Cruz and José Proença

Multi-agent Systems with Virtual Stigmergy. . . . . . . . . . . . . . . . . . . . . . . . 351

Rocco De Nicola, Luca Di Stefano, and Omar Inverso

Towards a Hybrid Verification Approach . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Nahla Elaraby, Eva Kühn, Anita Messinger,
and Sophie Therese Radschek

Using Reinforcement Learning to Handle the Runtime Uncertainties

in Self-adaptive Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Tong Wu, Qingshan Li, Lu Wang, Liu He, and Yujie Li

Graph Computation Models (GCM)

Model Based Development of Data Integration in Graph Databases

Using Triple Graph Grammars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Abdullah Alqahtani and Reiko Heckel

Short-Cut Rules: Sequential Composition of Rules Avoiding

Unnecessary Deletions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Lars Fritsche, Jens Kosiol, Andy Schürr, and Gabriele Taentzer

Graph Repair by Graph Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

Annegret Habel and Christian Sandmann

Double-Pushout Rewriting in Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Michael Löwe

From Hyperedge Replacement Grammars to Decidable

Hyperedge Replacement Games . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Christoph Peuser
XX Contents

Verifying a Copying Garbage Collector in GP 2 . . . . . . . . . . . . . . . . . . . . . 479

Gia S. Wulandari and Detlef Plump

Model-Driven Engineering for Design-Runtime Interaction

in Complex Systems (MDE@DeRun)

From Modeling to Test Case Generation in the Industrial Embedded

System Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Aliya Hussain, Saurabh Tiwari, Jagadish Suryadevara,
and Eduard Enoiu

Automated Consistency Preservation in Electronics Development

of Cyber-Physical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Daniel Zimmermann and Ralf H. Reussner

A System Modeling Approach to Enhance Functional

and Software Development. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Saurabh Tiwari, Emina Smajlovic, Amina Krekic,
and Jagadish Suryadevara

Embedded UML Model Execution to Bridge the Gap Between

Design and Runtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Valentin Besnard, Matthias Brun, Frédéric Jouault, Ciprian Teodorov,
and Philippe Dhaussy

Sketching a Model-Based Technique for Integrated Design and Run Time

Description: Short Paper - Tool Demonstration . . . . . . . . . . . . . . . . . . . . . . 529
Andreas Kästner, Martin Gogolla, Khanh-Hoang Doan,
and Nisha Desai

Model-Driven Engineering for Design-Runtime Interaction in Complex

Systems: Scientific Challenges and Roadmap: Report
on the MDE@DeRun 2018 Workshop . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Hugo Bruneliere, Romina Eramo, Abel Gómez, Valentin Besnard,
Jean Michel Bruel, Martin Gogolla, Andreas Kästner, and Adrian Rutle

Microservices: Science and Engineering (MSE)

Design and Implementation of a Remote Care Application Based

on Microservice Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549
Philip Nils Wizenty, Florian Rademacher, Jonas Sorgalla,
and Sabine Sachweh

Ambient Intelligence Users in the Loop: Towards

a Model-Driven Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
Maroun Koussaifi, Sylvie Trouilhet, Jean-Paul Arcangeli,
and Jean-Michel Bruel
 Contents XXI

Integrity Protection Against Insiders in Microservice-Based Infrastructures:

From Threats to a Security Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
Mohsen Ahmadvand, Alexander Pretschner, Keith Ball,
and Daniel Eyring

The Aspect of Resilience in Microservices-Based Software Design . . . . . . . . 589

Vaidas Giedrimas, Samir Omanovic, and Dino Alic

On Collaborative Model-Driven Development of Microservices . . . . . . . . . . 596

Jonas Sorgalla, Florian Rademacher, Sabine Sachweh,
and Albert Zündorf

Security for and by Model-Driven Engineering (MDE)

A UML Profile for Privacy Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . 609

Javier Luis Cánovas Izquierdo and Julián Salas

Specification of Information Flow Security Policies in Model-Based

Systems Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
Christopher Gerking

Towards Scenario-Based Security Requirements Engineering

for Cyber-Physical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 633
Thorsten Koch

Towards Model-Based Communication Control for the Internet of Things . . . 644

Imad Berrouyne, Mehdi Adda, Jean-Marie Mottu, Jean-Claude Royer,
and Massimo Tisi

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657

Formal Co-Simulation of Cyber-Physical
Systems (CoSim-CPS)
 2nd Workshop on Formal Co-Simulation
of Cyber-Physical Systems (CoSim-CPS-18)

The 2nd edition of the workshop on Formal Co-Simulation of Cyber-Physical Systems

(CoSim-CPS-18)1 was held in Toulouse, France, on June 26, 2018, as a satellite event
of STAF/SEFM-18.
The workshop focuses on the integrated application of formal methods and co-
simulation technologies in the development of software for Cyber-Physical Systems.
Co-simulation is an advanced simulation technique that allows developers to generate a
global simulation of a complex system by orchestrating and composing the concurrent
simulation of individual components or aspects of the system. Formal methods link
software specifications and program code to logic theories, providing developers with
means to analyse program behaviours in a way that is demonstrably exhaustive. These
two technologies complement each other. Using co-simulation, developers can create
prototypes suitable to validate hypotheses embedded in formal models and formal
properties to be analysed of the software. This is fundamental to ensure that the right
system is being developed. Using formal methods, developers can extend test results
obtained with co-simulation runs, and ensure that the same results apply to all program
states for all possible program inputs. This enables early detection of design anomalies.
We solicited contributions were welcome on all aspects of system development,
including specification, design, analysis, implementation and documentation of soft-
ware for CPS. This year’s edition was a one-day event with 8 technical presentation (5
peer-reviewed papers, 2 invited demonstrations, and 1 keynote talk), offering an
excellent view on a variety of different approaches and tools for formal co-simulation
of cyber-physical systems. Each submission was evaluated by at least three reviewers.
The keynote talk “Testing autonomous robots in virtual worlds” was given by Helene
Waeselynck (LAAS-CNRS).
We would like to thank all authors who submitted their work to CoSim-CPS-18, as
well as our PC members for doing an excellent job in writing high-quality reviews in a
timely manner. We would also like to thank the STAF/SEFM event organizers, who
have accepted to host our workshop, and supported us for the publication of the
workshop post-proceedings with Springer LNCS.

September 2018 Paolo Masci

Cinzia Bernardeschi
Peter Gorm Larsen

1
https://sites.google.com/view/cosimcps18.
 2nd Workshop on Formal Co-Simulation 3

Organization

CoSim-CPS-18 – Program Committee

Giovanna Broccia University of Pisa, Italy

Josè Creissac Campos INESC TEC and Universidade do Minho, Portugal
Paul Curzon Queen Mary University of London, UK
Fabio Cremona United Technologies Research Center, Italy
Andrea Domenici University of Pisa, Italy
Adriano Fagiolini University of Palermo, Italy
Leo Freitas Newcastle University, UK
Claudio Gomes University of Antwerp, Belgium
Maurizio Palmieri University of Pisa, Italy
Mario Porrmann Bielefeld University, Germany
Akshay Rajhans MathWorks, USA
Matteo Rossi Politecnico di Milano, Italy
Neeraj Singh INPT-ENSEEIHT/IRIT, University of Toulouse, France
Marjan Sirjani Malardalen University, Sweden and Reykjavik University,
Iceland
Frank Zeyda University of York, UK
Yi Zhang Center for Devices and Radiological Health, US Food
and Drug Administration (CDRH/FDA), USA
Mo Zhao MathWorks, USA
 Towards the Verification of Hybrid
Co-simulation Algorithms

Casper Thule1(B) , Cláudio Gomes2,6 , Julien Deantoni3 , Peter Gorm Larsen1 ,

Jörg Brauer4 , and Hans Vangheluwe2,5,6
1
DIGIT, Department of Engineering, Aarhus University, Aarhus, Denmark
{casper.thule,pgl}@eng.au.dk
2
University of Antwerp, Antwerp, Belgium
{claudio.gomes,hans.vangheluwe}@uantwerp.be
3
Polytech Nice Sophia, Biot, France
julien.deantoni@polytech.unice.fr
4
Verified Systems International GmbH, Bremen, Germany
brauer@verified.de
5
McGill University, Montreal, Canada
6
Flanders Make, Lommel, Belgium

Abstract. Engineering modern systems is becoming increasingly diffi-

cult due to the heterogeneity between different subsystems. Modelling
and simulation techniques have traditionally been used to tackle com-
plexity, but with increasing heterogeneity of the subsystems, it becomes
impossible to find appropriate modelling languages and tools to specify
and analyse the system as a whole.
Co-simulation is a technique to combine multiple models and their
simulators in order to analyse the behaviour of the whole system over
time. Past research, however, has shown that the naı̈ve combination of
simulators can easily lead to incorrect simulation results, especially when
co-simulating hybrid systems.
This paper shows: (i) how co-simulation of a family of hybrid systems
can fail to reproduce the order of events that should have occurred (event
ordering); (ii) how to prove that a co-simulation algorithm is correct
(w.r.t. event ordering), and if it is incorrect, how to obtain a counterex-
ample; and (iii) how to correct an incorrect co-simulation algorithm. We
apply the above method to two well known co-simulation algorithms used
with the FMI Standard, and we show that one of them is incorrect for
the family of hybrid systems under study, under the restrictions of the
standard. The conclusion is that either the standard needs to be revised,
or one of the algorithms should be avoided.

Keywords: Hybrid co-simulation · Hybrid systems · Model checking

This work was started in the CAMPaM 2017 Workshop, executed under the framework
of the COST Action IC1404 – Multi-Paradigm Modelling for Cyber-Physical Systems
(MPM4CPS), and partially supported by: Flanders Make vzw, the strategic research
centre for the manufacturing industry; and PhD fellowship grants from the Agency for
Innovation by Science and Technology in Flanders (IWT, dossier 151067).
c Springer Nature Switzerland AG 2018
M. Mazzara et al. (Eds.): STAF 2018 Workshops, LNCS 11176, pp. 5–20, 2018.
https://doi.org/10.1007/978-3-030-04771-9_1
6 C. Thule et al.

1 Introduction
Engineered systems are becoming increasingly complex while market pressure
shortens the available development time [26]. There are many causes for the
increase in complexity, but to a large extent, it is caused by the number of
interacting subsystems and differences between their domains [33]. Thus, there
is a need for an improved development cycle with better tools, techniques,
and methodologies [34]. While modelling and simulation have been successfully
applied to reduce development costs, these fall short in fostering more integrated
development processes [5].
A promising concept for the simulation of systems consisting of coupled com-
ponents is collaborative simulation (co-simulation) [19,21,25], which is based on
the idea that interacting subsystems are best modelled and simulated by dedi-
cated tools and formalisms [35]. Each subsystem is then modelled by a specialised
team using mature tools, tailored to the domain of the allocated subsystem. Fur-
ther, each subsystem internally uses its own simulation engine, so that the most
appropriate approximation techniques can be employed. The behaviour of the
coupled system is computed by having the simulation tools communicate with
one another by exchanging their outputs over time.
In order to run a co-simulation, all that is required is that the participating
simulation tools consume the inputs and expose the outputs, of the allocated
subsystem, over time. A co-simulation engine then synchronises the interface
values of the different subsystems. This powerful approach eases the integration
of subsystems simulated by different tools, but also poses some difficulties. In
particular, subsystems are modelled and treated as black boxes, and it is dif-
ficult in some cases to understand how the coordination of the subsystems—a
functionality provided by the co-simulation engine—affects the behaviour of the
co-simulated system [20].
One might expect that the behaviour computed via co-simulation matches
the behaviour of the coupled system. In practice, however, this expectation turns
out overly optimistic, and significant deviations may become visible, which could,
for example, be caused by discretization or the timing in which the inputs are set.
This is not only due to the inherent limitations of approximate simulations [10],
but also due to the internals of the subsystem simulations. It is therefore impor-
tant to study how a faulty co-simulation can be identified. If a co-simulation
preserves specific properties of a system, we then say that the properties of the
system are preserved under co-simulation. To serve as a reference for correctness,
we consider the properties of the implemented system, i.e. with no co-simulation
effects.
This paper contributes to this line of research as follows:

– We identify a novel property called event ordering, which is often implicitly

required to be preserved by co-simulations of systems that combine software
with physical subsystems.
– We present a characterisation of the event ordering property as a model check-
ing problem [11] based on the Functional Mock-up Interface for co-simulation
 Towards the Verification of Hybrid Co-simulation Algorithms 7

(FMI) standard [6]. Our method can be utilised to decide whether a given
co-simulation satisfies this property for a restricted class of coupled systems.
– We show how, exemplified using FMI, to adapt the co-simulation master
algorithm to preserve the event order, if the property is not preserved.
One of the strengths of our approach is that it yields a counterexample when
the property is violated. The counter example includes a co-simulation scenario
and an execution trace of the co-simulation, which provide valuable insight into
how the co-simulation violates the event ordering property. The Maestro [32]
master algorithm serves as a case study for our approach.
The remainder of this paper is structured as follows. First, Sect. 3 presents
a primer on co-simulation and co-simulation properties. Afterwards, in Sect. 4,
the event ordering property is demonstrated and described along with an encod-
ing of the problem as a model-checking instance. Finally, the paper presents a
discussion and perspective on future work in Sect. 5.

2 Background: Co-simulation
In this section, we present some background concepts
in an informal manner. We adopt the definitions and
nomenclature introduced in [20] and refer the reader
to it for a more rigorous exposition.
A co-simulation is the behaviour trace of a coupled
system, produced by the coordination of simulation
units. The behaviour trace is a function mapping val-
ues to time, representing the outputs generated from
each simulation unit and their timestamps. An exam-
ple behaviour trace is shown in the bottom of Fig. 1.
A simulation unit is an executable software entity
responsible for simulating a part of the system. To
communicate with other simulation units, each sim-
ulation unit implements a predefined interface. This
allows an orchestrator, described below, to communi-
cate with it.
One such communication interface is prescribed by
the Functional Mock-up Interface (FMI) standard [6]. Fig. 1. Behaviour trace
A simulation unit implementing the FMI interface is example.
called a Functional Mock-up Unit (FMU). The main functionality of an FMU
concerns calculating outputs based on inputs and time. This is represented in
FMI as three C functions: a function to set inputs, a function to perform a step
with a given step size, and a function to get outputs.
In the FMI Standard, there is an important restriction [13, p. 104]:

Restriction 1. There is the additional restriction in “slaveInitialized” state

that it is not allowed to call fmi2GetXXX functions after fmi2SetXXX functions
without an fmi2DoStep call in between.
8 C. Thule et al.

As we show later, this restriction has important consequences on the co-

simulation of hybrid systems.
An orchestrator is a software component that set-
s/gets inputs/outputs of each simulation unit, and
asks it to estimate the state of its allocated subsystem
at a future time. For example, in Fig. 1, the orches-
trator sets an input to the unit at time ti , and asks
the unit to compute the state at time ti + H. The
unit in turn might perform multiple micro-steps and
employ an input approximation scheme (this is unex-
posed to the orchestrator). Then, once the unit is at
time ti +H, the orchestrator requests an output, illus-
trated at the bottom of the figure.
Fig. 2. Co-simulation The orchestrator follows the co-simulation sce-
architecture. nario to know the order in which to ask the simulation
unit to simulate and where to copy their outputs. A
co-simulation scenario is a description of how the subsystems are interconnected
and properties of the co-simulation, e.g. step size. For example, the orchestrator
box contains an illustration of how the subsystems are connected, in Fig. 2.
There are three main master algorithms: Jacobi, Gauss-Seidel, and Strong-
coupling [27]. We focus on the Jacobi and Gauss-Seidel, illustrated in Fig. 3a and
b. The Jacobi algorithm proceeds by asking all simulators to produce outputs,
then it computes and sets the inputs that all simulators need (illustrated by data
transfer arrows in Fig. 3a). Afterwards, it asks all simulators to simulate their
corresponding subsystem until the next communication time, after which the
process repeats. This is represented by simulation step arrows in Fig. 3a, where
the next communication time is ti + H.
The Gauss-Seidel algorithm assigns an order to each simulator, and, in that
order, computes the inputs of the simulator, then asks the same simulator to
simulate to the next time point, obtains its output, and uses that output to
compute the input to the next simulator. These steps are repeated until all
simulators have simulated until the next time point, and then the process starts
over again. See Fig. 3b.

3 Related Work: Property Preservation in Co-simulation

In this section, we introduce intuitively the notion of property preservation, and
cover examples from the state of the art, where it is studied.
Given a property P that is satisfied by a coupled system, we say that the
co-simulation (of the coupled system) preserves P if it also satisfies P . For exam-
ple, a coupled system representing chemical kinetics always has positive concen-
trations. Clearly, this property (every concentration variable must be positive)
should be preserved in co-simulations.
In general it is a challenge to ensure that any property of interest is preserved
by co-simulations. The following paragraphs provide other examples of property
preservation from the state of the art.
 Towards the Verification of Hybrid Co-simulation Algorithms 9

Fig. 3. Coupling algorithms.

Stability. A coupled system is stable when it eventually comes to a rest. Since

many systems are engineered to be stable [3], it is important that this property is
preserved under co-simulation. The works in [1,9,17,24,30] study the conditions
under which the stability property is conserved for selected physical coupled sys-
tems. The same works also provide insight into how the co-simulation algorithm
can preserve this property.

Energy Conservation. Systems whose models account for the flow of energy fol-
low the principle of conservation of energy. That is, no energy is lost when flow-
ing between subsystems. This property is not preserved in näive co-simulation
algorithms because of the input approximations, and the non-negligible commu-
nication step size. The work in [4], extended in [29], demonstrates a co-simulation
algorithm that monitors the power flow between simulators and employs a correc-
tion scheme to account for the artificial energy introduced by the co-simulation.
The work in [28] complements the above work by showing how the energy resid-
ual can be used as an error indicator to control the communication step size.

Event Synchrony. A co-simulation preserves event synchrony when any event

happening at a specific time in the original hybrid system is also reproduced
by the co-simulation at the same time. A hybrid system is a system comprising
software and physical subsystems. This is one of the properties studied in [15],
in the context of co-simulations involving two simulation units: one responsi-
ble for the software subsystem, and the other for a continuous subsystem. In
order to enable an easier comparison of event timestamps, [12] proposes the
use of integers, instead of floating point numbers, to represent time. Accurately
detecting—and locating the time of—events is paramount to the preservation
of the energy and stability properties in a co-simulation. As such, the work in
[16] explores how the energy of a hybrid system can be increased when state
events are not accurately reproduced by the co-simulation. It presents a way to
find the maximum event detection delay so that the stability is preserved in the
co-simulation.
10 C. Thule et al.

4 Verification of Master Algorithms

The previous section introduced multiple properties that should be preserved in
a co-simulation. In particular, it introduced the event synchrony property.
The event synchrony property states that every event happening in a hybrid
system, happens at the exact same time in the corresponding co-simulation. An
event is a value in the co-simulation whose timestamp should be approximated
as closely as possible. For example, the time at which the output of a simulation
unit crosses the zero; of the time at which a state machine based FMU changes
its output because of a change in its internal discrete state.
In order to detect an event, because its exact time is often difficult to predict
without actually asking the units to compute, the master algorithm only detects
it after it occurs. Then, to find the exact time of the event, the orchestrator
restores the co-simulation to a prior state (where the event has not yet hap-
pened) and proceeds with more caution (that is, smaller communication step
size). This is repeated until the time of the event is known with sufficiently high
accuracy [36]. A consequence is that this property can only be preserved up to
some tolerance level, dictated by the precision required for the co-simulation
experiment.

4.1 Relaxing Event Synchrony: Event Ordering

The FMI Standard partially supports master algorithms that preserve the event
synchrony property. Each FMU is allowed to advance to a time prior to the one
requested by the orchestrator, and supports state saving/restoring functional-
ities. However, making use of these capabilities in practice may be impossible
due to lack of implementation (these are not mandatory), or simply due to the
performance degradation entailed by saving/restoring the state multiple times.
As such, the event synchrony property might be too strong. Instead, it might
be more useful to require that the sequence of events be preserved, even if
the timestamps do not coincide. For example, suppose that the real/correct
behaviour of a coupled system, comprised of a software and a physical compo-
nent, yields 3 events: (t1 , e1 ), (t2 , e2 ), and (t3 , e3 ), with the timestamps satisfying
t1 < t2 < t3 . The co-simulation satisfies the event ordering property if it exhibits
the events (t1 , e1 ), (t2 , e2 ), and (t3 , e3 ), with the timestamps satisfying the same
order, that is, t1 < t2 < t3 , but not necessarily equal to t1 , t2 , t3 .

4.2 Problem Formulation

We focus on a restricted class of hybrid systems in order to study an essential

challenge related to preserving the event synchrony property. The system under
study is illustrated in Fig. 4. It consists of a software part, and a physical part.
The software part is represented as a Statechart [22], and the physical part is
represented by a differential equation.
Another random document with
no related content on Scribd:
Valves 19
Valves—mechanism 21
Water cooling system 37
Water pump 38
Wiring diagram—four-cylinder 34
Wiring diagrams—single-cylinder 32
 ANOTHER BOOK BY THE SAME AUTHOR
A bigger and more comprehensive work
on the same subject.

“The How and Why of the Automobile”

DID you ever read a book which gave you just
the information you wanted without being
compelled to go through page after page of
introduction and history?
¶ Did you ever talk to a man who came over on
your side of the fence and talked WITH you and
not AT you—who explained things in such a way
that you laughed at yourself afterwards for not
understanding the subject before—it was really
so simple?
Do you remember when you used to study by outlines—how difficult problems unfolded
themselves—how the logical sequence of facts seemed to make what you expected to find
hard, readily understandable?
Do you remember the innumerable times you have said to yourself “If I only had somebody
here to explain things—someone who would go through this proposition with me until I
understood it—someone who would use homely and familiar examples to explain things,
instead of talking over my head by using technical terms?”
The author realized all these difficulties himself, because he has been through it all. Not only
that, but his experience as an instructor of a large motor school taught him the way to
explain the various parts of a motor vehicle in simple language, so that even the boy of
fifteen could understand and appreciate them.
For instance, did you ever think that the physician uses a form of carburetor whenever he
gives chloroform or ether—do you realize that a shotgun is a form of gas engine whose
action is almost identical with that of an automobile motor?
Do you want to know what a sliding gear transmission is—explained in such simple
language that anyone can understand it?
Would you like to see what’s inside of an automobile engine—would you like to know the
name of every part—be able to talk intelligently about it and be your own mechanic—tell
your chauffeur what to do—know when he is bluffing you?
In a word, would you like to know all about a motor car—how it works—how to drive it and
how to take care of it? Then subscribe for a copy of

“THE HOW AND WHY OF THE AUTOMOBILE”

By FAY L. FAUROTE
PRICE, $1.00 PREPAID
Don’t delay—send in your order to-day. Get the complete story of a motor car—the advanced course of which
the book you have just finished is only the beginning.

Address,
Motor Text Book Dept. ROBERT SMITH PTG. CO., Lansing,
Mich., U. S. A.
 “THE HOW AND WHY OF THE AUTOMOBILE”
A book of practical information for seekers after the fundamental facts regarding the
gasoline engine and its application to the motor car.
Interesting and instructive to both the beginner and the expert—the former for
information, the latter for reference.
Written by Fay L. Faurote, B. S. (M. E.), for five years closely associated with the
Experimental Department of a pioneer automobile factory, for two years instructor in the
Detroit Motor School.
The book, which is handsomely bound in full cloth, printed on high-grade enameled
paper, contains over 200 pages and 250 illustrations and covers the following subjects:
CONTENTS
General Theory of Gas Engines—Simple explanation of cycle—The four-
stroke cycle—The two-stroke cycle—Advantages and disadvantages of each.
Motor Design—Cylinder, what it is and its use. Valves, mechanical and
automatic—Forms of valves—Valve timing and its influence on the motor—
Valve grinding, how to do it—Valve nomenclature. Crank Case—The
construction Bearings—Accessibility—Working parts—Uses. A crank case
oiling system. Crank Shafts—What they are—One, two, four and six-cylinder
crank shafts—Crank case diagram, showing instantly conditions in all cylinders
—Diagram showing firing points and sequence of same. Connecting Rods—
Construction and material—Bearings and lubrication. Pistons—Piston rings—
Piston pins.
The Carburetor—A very simple explanation of carburetion—The mixing valve—
A few of the first types—Some of the modern carburetors—Foreign carburetors.
Ignition—The make and break system—A simple explanation of the apparatus
used. The Jump Spark System—Electrical units. Sources of Electricity—
The dry cell—The storage cell—Dynamos and magnetos—The spark coil—
Commutators and timing devices—Spark plugs—Wiring diagrams.
Cooling System—Air Cooling. Water Cooling—Direction of circulation—
Radiators—Water pumps—Fans—Anti-freezing solutions.
The Transmission—Reason for and use of transmission. Simple Explanation
of Action—Individual clutch type—The sliding gear—The three speed
progressive—The three speed selective—The four speed selective—Planetary
gear—Friction drive.
Methods of Driving—Single chain drive—Double chain drive—Bevel gear drive.
Running Gear—Front Axle—Construction of—Steering Gear. Rear Axle—
Differential gear—The live axle—The dead axle—Wheel construction—
Bearings.
Horse Power Determinations—Engine testing—Indicated horse power—Brake
horse power—Mechanical and heat efficiency—Road testing.
 What a Prominent Trade Paper Says About It.
A Handbook of Practical Value—The latest addition to the popular type of
automobile handbook. “The How and Why of the Automobile,” by Fay L. Faurote, fulfills
what its author has set himself to achieve, namely, to present a plain, easily understood
description of the modern automobile. Assuming that his reader knows nothing about the
subject, the author introduces the automobile in as simple and untechnical a manner as
possible. The entire field is covered and covered so completely that the work can be
recommended as a handbook for beginners or those with only a limited knowledge of this
subject.—Automobile, April 18.
Send in your order at once—don’t delay. The price is $1.00 postage pre-paid, and the
address is

Motor Text Book Dept., ROBERT SMITH PTG. CO., Lansing,

Mich., U. S. A.
 Transcriber’s Notes
Punctuation, hyphenation, and spelling were made
consistent when a predominant preference was found in the
original book; otherwise they were not changed.
Simple typographical errors were corrected; unbalanced
quotation marks were remedied when the change was
obvious, and otherwise left unbalanced.
Illustrations in this eBook are shown as close as possible
to their original positions in the printed book, so several of
them actually are mid-paragraph. This was done because
some of them are referenced only by their content, not by their
names.
The index was not in good alphabetical order; Transcriber
re-sorted it. It was not checked for correct page references.
*** END OF THE PROJECT GUTENBERG EBOOK A BOY'S TEXT
BOOK ON GAS ENGINES ***

Updated editions will replace the previous one—the old editions

will be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright
in these works, so the Foundation (and you!) can copy and
distribute it in the United States without permission and without
paying copyright royalties. Special rules, set forth in the General
Terms of Use part of this license, apply to copying and
distributing Project Gutenberg™ electronic works to protect the
PROJECT GUTENBERG™ concept and trademark. Project
Gutenberg is a registered trademark, and may not be used if
you charge for an eBook, except by following the terms of the
trademark license, including paying royalties for use of the
Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such
as creation of derivative works, reports, performances and
research. Project Gutenberg eBooks may be modified and
printed and given away—you may do practically ANYTHING in
the United States with eBooks not protected by U.S. copyright
law. Redistribution is subject to the trademark license, especially
commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the

free distribution of electronic works, by using or distributing this
work (or any other work associated in any way with the phrase
“Project Gutenberg”), you agree to comply with all the terms of
the Full Project Gutenberg™ License available with this file or
online at www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand,
agree to and accept all the terms of this license and intellectual
property (trademark/copyright) agreement. If you do not agree to
abide by all the terms of this agreement, you must cease using
and return or destroy all copies of Project Gutenberg™
electronic works in your possession. If you paid a fee for
obtaining a copy of or access to a Project Gutenberg™
electronic work and you do not agree to be bound by the terms
of this agreement, you may obtain a refund from the person or
entity to whom you paid the fee as set forth in paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only

be used on or associated in any way with an electronic work by
people who agree to be bound by the terms of this agreement.
There are a few things that you can do with most Project
Gutenberg™ electronic works even without complying with the
full terms of this agreement. See paragraph 1.C below. There
are a lot of things you can do with Project Gutenberg™
electronic works if you follow the terms of this agreement and
help preserve free future access to Project Gutenberg™
electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright
law in the United States and you are located in the United
States, we do not claim a right to prevent you from copying,
distributing, performing, displaying or creating derivative works
based on the work as long as all references to Project
Gutenberg are removed. Of course, we hope that you will
support the Project Gutenberg™ mission of promoting free
access to electronic works by freely sharing Project
Gutenberg™ works in compliance with the terms of this
agreement for keeping the Project Gutenberg™ name
associated with the work. You can easily comply with the terms
of this agreement by keeping this work in the same format with
its attached full Project Gutenberg™ License when you share it
without charge with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside
the United States, check the laws of your country in addition to
the terms of this agreement before downloading, copying,
displaying, performing, distributing or creating derivative works
based on this work or any other Project Gutenberg™ work. The
Foundation makes no representations concerning the copyright
status of any work in any country other than the United States.

1.E. Unless you have removed all references to Project

Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project
Gutenberg™ work (any work on which the phrase “Project
Gutenberg” appears, or with which the phrase “Project
Gutenberg” is associated) is accessed, displayed, performed,
viewed, copied or distributed:

This eBook is for the use of anyone anywhere in the United

States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it
away or re-use it under the terms of the Project Gutenberg
License included with this eBook or online at
www.gutenberg.org. If you are not located in the United
States, you will have to check the laws of the country where
you are located before using this eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is

derived from texts not protected by U.S. copyright law (does not
contain a notice indicating that it is posted with permission of the
copyright holder), the work can be copied and distributed to
anyone in the United States without paying any fees or charges.
If you are redistributing or providing access to a work with the
phrase “Project Gutenberg” associated with or appearing on the
work, you must comply either with the requirements of
paragraphs 1.E.1 through 1.E.7 or obtain permission for the use
of the work and the Project Gutenberg™ trademark as set forth
in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is

posted with the permission of the copyright holder, your use and
distribution must comply with both paragraphs 1.E.1 through
1.E.7 and any additional terms imposed by the copyright holder.
Additional terms will be linked to the Project Gutenberg™
License for all works posted with the permission of the copyright
holder found at the beginning of this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files
containing a part of this work or any other work associated with
Project Gutenberg™.
 1.E.5. Do not copy, display, perform, distribute or redistribute
this electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1
with active links or immediate access to the full terms of the
Project Gutenberg™ License.

1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if
you provide access to or distribute copies of a Project
Gutenberg™ work in a format other than “Plain Vanilla ASCII” or
other format used in the official version posted on the official
Project Gutenberg™ website (www.gutenberg.org), you must, at
no additional cost, fee or expense to the user, provide a copy, a
means of exporting a copy, or a means of obtaining a copy upon
request, of the work in its original “Plain Vanilla ASCII” or other
form. Any alternate format must include the full Project
Gutenberg™ License as specified in paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™
works unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or

providing access to or distributing Project Gutenberg™
electronic works provided that:

• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
 about donations to the Project Gutenberg Literary Archive
Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of receipt that
s/he does not agree to the terms of the full Project Gutenberg™
License. You must require such a user to return or destroy all
copies of the works possessed in a physical medium and
discontinue all use of and all access to other copies of Project
Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full refund of

any money paid for a work or a replacement copy, if a defect in
the electronic work is discovered and reported to you within 90
days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project

Gutenberg™ electronic work or group of works on different
terms than are set forth in this agreement, you must obtain
permission in writing from the Project Gutenberg Literary
Archive Foundation, the manager of the Project Gutenberg™
trademark. Contact the Foundation as set forth in Section 3
below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on,
transcribe and proofread works not protected by U.S. copyright
law in creating the Project Gutenberg™ collection. Despite
these efforts, Project Gutenberg™ electronic works, and the
medium on which they may be stored, may contain “Defects,”
such as, but not limited to, incomplete, inaccurate or corrupt
data, transcription errors, a copyright or other intellectual
property infringement, a defective or damaged disk or other
medium, a computer virus, or computer codes that damage or
cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES -

Except for the “Right of Replacement or Refund” described in
paragraph 1.F.3, the Project Gutenberg Literary Archive
Foundation, the owner of the Project Gutenberg™ trademark,
and any other party distributing a Project Gutenberg™ electronic
work under this agreement, disclaim all liability to you for
damages, costs and expenses, including legal fees. YOU
AGREE THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE,
STRICT LIABILITY, BREACH OF WARRANTY OR BREACH
OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH
1.F.3. YOU AGREE THAT THE FOUNDATION, THE
TRADEMARK OWNER, AND ANY DISTRIBUTOR UNDER
THIS AGREEMENT WILL NOT BE LIABLE TO YOU FOR
ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE
OR INCIDENTAL DAMAGES EVEN IF YOU GIVE NOTICE OF
THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If

you discover a defect in this electronic work within 90 days of
receiving it, you can receive a refund of the money (if any) you
paid for it by sending a written explanation to the person you
received the work from. If you received the work on a physical
medium, you must return the medium with your written
explanation. The person or entity that provided you with the
defective work may elect to provide a replacement copy in lieu
of a refund. If you received the work electronically, the person or
entity providing it to you may choose to give you a second
opportunity to receive the work electronically in lieu of a refund.
If the second copy is also defective, you may demand a refund
in writing without further opportunities to fix the problem.

1.F.4. Except for the limited right of replacement or refund set

forth in paragraph 1.F.3, this work is provided to you ‘AS-IS’,
WITH NO OTHER WARRANTIES OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR
ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of
damages. If any disclaimer or limitation set forth in this
agreement violates the law of the state applicable to this
agreement, the agreement shall be interpreted to make the
maximum disclaimer or limitation permitted by the applicable
state law. The invalidity or unenforceability of any provision of
this agreement shall not void the remaining provisions.

1.F.6. INDEMNITY - You agree to indemnify and hold the

Foundation, the trademark owner, any agent or employee of the
Foundation, anyone providing copies of Project Gutenberg™
electronic works in accordance with this agreement, and any
volunteers associated with the production, promotion and
distribution of Project Gutenberg™ electronic works, harmless
from all liability, costs and expenses, including legal fees, that
arise directly or indirectly from any of the following which you do
or cause to occur: (a) distribution of this or any Project
Gutenberg™ work, (b) alteration, modification, or additions or
deletions to any Project Gutenberg™ work, and (c) any Defect
you cause.

Section 2. Information about the Mission of

Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new
computers. It exists because of the efforts of hundreds of
volunteers and donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project
Gutenberg™’s goals and ensuring that the Project Gutenberg™
collection will remain freely available for generations to come. In
2001, the Project Gutenberg Literary Archive Foundation was
created to provide a secure and permanent future for Project
Gutenberg™ and future generations. To learn more about the
Project Gutenberg Literary Archive Foundation and how your
efforts and donations can help, see Sections 3 and 4 and the
Foundation information page at www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-
profit 501(c)(3) educational corporation organized under the
laws of the state of Mississippi and granted tax exempt status by
the Internal Revenue Service. The Foundation’s EIN or federal
tax identification number is 64-6221541. Contributions to the
Project Gutenberg Literary Archive Foundation are tax
deductible to the full extent permitted by U.S. federal laws and
your state’s laws.

The Foundation’s business office is located at 809 North 1500

West, Salt Lake City, UT 84116, (801) 596-1887. Email contact
links and up to date contact information can be found at the
Foundation’s website and official page at
www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission
of increasing the number of public domain and licensed works
that can be freely distributed in machine-readable form
accessible by the widest array of equipment including outdated
equipment. Many small donations ($1 to $5,000) are particularly
important to maintaining tax exempt status with the IRS.

The Foundation is committed to complying with the laws

regulating charities and charitable donations in all 50 states of
the United States. Compliance requirements are not uniform
and it takes a considerable effort, much paperwork and many
fees to meet and keep up with these requirements. We do not
solicit donations in locations where we have not received written
confirmation of compliance. To SEND DONATIONS or
determine the status of compliance for any particular state visit
www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states

where we have not met the solicitation requirements, we know
of no prohibition against accepting unsolicited donations from
donors in such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot

make any statements concerning tax treatment of donations
received from outside the United States. U.S. laws alone swamp
our small staff.

Please check the Project Gutenberg web pages for current

donation methods and addresses. Donations are accepted in a
number of other ways including checks, online payments and
credit card donations. To donate, please visit:
www.gutenberg.org/donate.

Section 5. General Information About Project

Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could
be freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose
network of volunteer support.

Project Gutenberg™ eBooks are often created from several

printed editions, all of which are confirmed as not protected by
copyright in the U.S. unless a copyright notice is included. Thus,
we do not necessarily keep eBooks in compliance with any
particular paper edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg
Literary Archive Foundation, how to help produce our new
eBooks, and how to subscribe to our email newsletter to hear
about new eBooks.