A DSPL Design Framework for SASs: A Smart Building Example

The Internet of Things is a land of opportunity for believers and supporters of Smart Cities. Experience already shows that smartphones, smart appliances, wearables, sensors and actuators can be brought together to deliver advanced services like smart markets, smart parking, smart buildings or smart energy. But in order to do so in a complex, dynamic, rapidly changing and resource constrained environment, adapting fleets of devices to align with context fluctuations becomes a necessity. This paper describes the framework established to tackle the problem. It represents the dimensions for building Self-adaptive fleets for IoT applications, based on the foundations of the DSPL paradigm and the RE principles. The paper also allocates a model for each dimension of the framework, and through a preliminary proof of concept Smart Building example, confirms the usability of the proposal.


Introduction
The Internet of things (IoT) enables advanced services by interconnecting fleets of connected device. These smart devices can provide basic knowledge about an environment, but can also support complex tasks like business automation, real-time reporting, and optimization operations. Smart health, smart energy or smart cities are examples of the applications that are today possible, thanks to the IoT.
Connected objects can monitor and track environment indicators in real-time. This monitoring and tacking activity helps collect information about the surrounding, and prepare smart solutions that answer the needs of the affected customers. Therefore, it is important to take into consideration the mutual dependency between objects and their surroundings (i.e., system and context): changes in the surrounding have repercussions on the proper functioning of devices and the reconfiguration of the fleet can change the state and behaviour of the surrounding.
Hence, three main dimensions are important to consider while designing an application for the IoT: The (1) system, the (2) context and the (3) environment. (1) The system is the fleet, it is represented by the embedded devices and their configurations and is managed in a way that its outcome allows the achievement of goals specified by the domain expert. (2) The context is everything that surrounds the systems, and has an impact on it. Context is represented by measurements captured by devices that surround the system. Context data can also originate from the user, and it can be time or space bound. Finally, (3) the environment illustrates knowledge related to a domain. It holds universal information that might not have a direct impact on the system at a time being. However, it could be significant in other dispositions.
When a fleet is implemented, it bears a configuration that is characterized by the set of corresponding devices along with their respective configuration. However, the IoT systems are complex; they are rapidly changing, highly variable, heterogeneous, prone to risks and failure, and extremely dynamic. Self-adaptation capabilities are thus required. In other words, from design time, the dynamic properties of IoT systems should be considered, specified and properly handled. Dynamic proactive adaptation in particular is required to provide adjustments at runtime [1].

EAI Endorsed Transactions
It is important to note that the three dimensions are dynamic as well. Devices that form the system at a particular configuration might not be the same involved in another instance of the same fleet. They could become part of the context. Similarly, information that had an impact on the system in a configuration, might become irrelevant in another, and be part of the environment instead. This confirms the need for variability management.
Undoubtedly, IoT management platforms should provide engineers and practitioners with the necessary tools to define capture and reason about variability at different levels of concerns. Until today, building similar platforms has been problematic, mainly for the lack of standards, reference architectures and design frameworks.
In this paper, we intend to fill this gap by proposing a design framework which tackles the problem of dynamic variability, and takes into account the specificities of a fleet of IoT systems. The usability of our framework was validated through a preliminary proof of concept case in which we used a Smart Building example to illustrate the main challenges discussed before, and how this framework tackles these challenges.
The paper is structured as follows: Section 2 overviews the mechanisms for self-adaptation and presents our DSPL based Framework for Self-adaptive IoT systems. Section 3 presents a Smart Building motivational example, and identifies the requirements for the management of fleets of connected objects. Section 4 depicts the specificities and steps of domain engineering, as it serves as inputs to the activities for engineering single products, discussed in Section 5, as the focus of Application engineering. And finally, section 6 presents the related works before concluding.

A Self-Adaptation Framework
Building self-adaptive systems is not a completely new concern in research. In fact, several paradigms and approaches have been developed throughout the years to support the self-properties of complex systems. In this section, we overview the most notable -but not allapproaches for designing self-adaptive systems in order to decide on the approach that best qualifies for Smart Cities. Then, depending on the decided approach, we propose a design Framework accordingly.

Key requirements for SASs
An IoT smart management platform is required to provide the necessary mechanisms to monitor IoT devices, to propose best-fit adaptions, to manage different levels of variability and to support a large number of connected devices. Therefore, to carry out these functions, the following properties must be taken into account.
 Variability management: in a fleet of connected devices, variability can be captured at different levels.
The platform should be able to manage this separately throughout the system's lifecycle.
 Context awareness: in order to support self-adaptation, IoT applications should be aware of change in their surroundings. The events and circumstances that have repercussions on the overall performance of the application should be known and addressed.
 Uncertainty management: It is not always possible to predict the events that will trigger a reconfiguration. Thus, the platform is required to evaluate the qualities the system offers in comparison with the ones requested by users.
 Smart proactive self-adaptation: the platform should provide the necessary mechanisms to analyze collected data and adapt the system in problematic situations. In a resources constrained environment like ours, every planned adaptation should be subject to validation to prove its necessity.
 Physical abstraction: the platform should support communication with heterogeneous devices and various technologies in order to monitor and actuate. This requirement will not be discussed in this paper.
Only preliminary concepts will be introduced.

DSPL : A Self-Adaptation Mechanism
A Self-Adaptive Software (SAS) is a system that can automatically modify itself in the face of a changing context, to best answer a set of requirements. The Selfadaption capacity can be provided by programming languages in the form of exceptions, parameters or conditions. However, adaptation through these mechanisms is application specific, error prone and poorly scalable.
In contrast to these mechanisms, numerous external approaches contribute to the development of runtime adaptation of software, like architecture-based techniques which formulate and process changes in an architectural model [2] [3] [4], agent-based approaches which model systems as a collection of autonomous agents [5], reflective approaches, which can observe and modify the composition of a system at runtime [6] [7], and modeldriven engineering (MDE) which shifts the focus to the  [9]. Dynamic Software Product Line Engineering (DSPLE) is under the umbrella of MDE, as it uses models at runtime to address variability and context changes during system execution.
DSPL uses software product lines principles to build systems that can adapt to context fluctuation, new user requirements and variant QoS states. These principles include software reuse, variability modelling and management, and automatic product derivation.
We consider the DSPL paradigm the most fitting approach to provide autonomic scalable support for a fleet of connected devices, from design to execution [10]. First, DSPLs provide a systematic and non-restrictive way to deal with SASs [11], also they successfully realize the MAPE-K loop [12] as tested by Bencomo et al. in [13]. Besides, on the one hand, monitoring and controlling are the main activities for the fleet management. On the other hand, these same two activities are central tasks in DSPLs, which makes the paradigm a good fit for the selfadaptation of the fleet. Also, with regards to uncertainty, the quality of a product can be measured against user requirements by the mean of Goal-based approaches. Goal models can represent the system requirements at the domain level of (D)SPLs, in the form of variable reusable components. Furthermore, variability is a key challenge in the management of a fleet of connected things; it takes place at different levels. Static variability is concerned with similarities and variations between fleets, while dynamic variability is dealing with the runtime reconfiguration, and temporal variability, describes the alterations of the three dimensions. Dealing with variability is by far the greatest asset of DSPL, since it adopts essential concepts from SPL [14].

Design principles
The first level in the process is the creation of assets. As described in Figure 1, a meticulous study of the domain in question helps define the qualities the system should satisfy, while specifying the variability and the variation points. The result of a domain study is the specification of the fleet's requirements (a). The second level is the creation of the final product. The requirements of each customer are described in formal language. The selection of features is carried out accordingly, and then adjusted to fit the exact needs of the customer. Features are finally derived, linked, tested and deployed in order to instantiate the Product-the fleet (d).
DSPLE takes the SPL process one phase further. Each product is thoroughly monitored (c) to determine the structural or behavioural state that dissatisfies requirements. When these are no longer fulfilled, a new configuration is planned (b). This one achieves the optimal satisfaction of primary goals. Features are then reselected, re-adjusted, re-derived and re-linked (re-tested and re-deployed) to create a new product-a new configuration for the fleet. This process is repeated whenever the system fails to fulfil requirements, in light of contextual change.  From one engineering process to the other, the fleet's three dimensions, the system, the context and the environment, have different designations, as described and illustrated in Figure 2. At the domain engineering level, each one of the concepts contributes to the creation of assets. With regards to the system (1), a domain expert thoroughly studies the domain in order to determine the functionalities the system should provide and qualities to comply with. In this sense, the system is where domains requirements are extracted, which are then translated to goals, features, components or assets. Context (2) is where the events that can arise after the deployment of the fleet are abstracted, in order to determine when a reconfiguration is needed. Environment (3) holds more generic information about domains and devices. It can contribute to the evolution and extensibility of the system by supporting an open Marketplace. This one could supply the system with new components, device specifications, documentation, and other related information.
At the application engineering level, deployment, monitoring and controlling aspects take place. In relation to the system (4), for each set of requirements, a product is derived. It reflects the nature of devices involved in the configuration, and their setup. Context (5) on the other hand deals with internal change, events and stakeholders that surround the system, and that have an impact on it. Devices are monitored in order to determine situations when reconfiguration is required. Sensed or calculated information, feedbacks, battery level, computational performance, network and data accessibility, and other characteristics are relevant. Devices that are not part of the system, but contribute to its activity are part of the context, user activity and logs also matter, the time and space of the fleet is also responsible of how it is configured. The environment (6), finally, is place to generic information about the surroundings of the system, that might, but still do not have an impact on the fulfilment of requirements. Devices around the fleet can be in this category, laws, rules or conditions constrained by a time or place are too, part of the environment. Monitoring the environment gives the platform proactive qualities, this helps avoid waste of resources in unnecessary adaptations.

A Smart Building Motivational Example
To cope with the challenges that IoT applications face, like heterogeneity, variability and resource constrained environments, the system should have the ability to adapt itself in order to continue offering the needed performance. This is illustrated through the following Smart Building example: The Forester's family owns a summerhouse, one to which they only go on vacation. The house is equipped with devices that help secure and maintain it in their absence, and provide comfort and convenience in their presence. Some of the devices involved in this process work permanently, and others depend on the circumstances in the surroundings.
The fleet is composed of the following: To detect and monitor events and changes within or in the surroundings, a collection of sensors are installed around the building. They include smoke detectors and motion sensors, which should always stay active, and temperature sensors, fall detectors and Light sensors which are only active when the house is occupied. To react to changes, various actuators were also deployed. They include sprinklers, ACs and a noise canceling devices. Light that can be controlled manually or automatically, or by opening or closing curtains for natural light. The security is provided by an exterior camera, which can work permanently, or record when motion is detected. Water and electricity consumption are also monitored using smart meters, and can be controlled thanks to the switch between the Mains provider and the rainwater or battery bank, respectively for water and electricity consumption optimization. And, finally, a control panel is provided to administrators, on premise, locally in the house, or through the smartphone's app.
Moreover, in order to serve the different needs of its users, under different circumstances, in a smart proactive manner, the fleet should be self-adaptive. The following scenario can be considered: a. The house is equipped with fall detection sensors, noise canceling devices and in-Room Cameras. They are not always needed, and should only be activated when the Grandmother's smartphone is detected in the house, in order to monitor her activity, and guarantee her comfort.
b. If no one is in the house after coming back from vacation, the everyday features, responsible for adding comfort to the family, by automating certain tasks, are deactivated. Only maintenance and security features should be kept active in the fleet.
c. To preserve the overall consumption in the building, certain features can be deactivated when not needed, to avoid an overpriced bill.
The fleet is considered as a DSPL. Each configuration of the fleet is a product that shares common characteristics with other configurations, but still answers the specific needs of the customer it serves. Figure 3 highlights examples of the various products that can be derived from the DSPL, which arise under the different circumstances described above.

Domain Engineering
Domain engineering (DE) lays the groundwork for engineering single software systems. At this level, the requirements of the fleet are defined in terms of common and variable features (devices and their respective configurations). The result of this phase is the dynamic product line, meaning all the possible configurations the fleet can take, along with the rules to manage arising changes in the environment. This section introduces the DE related models, and the nature of requirements that can be specified at this level, depending on the dimension they relate to.

Variability model
A Variability Model [15] is responsible for documenting and describing variability. It is an abstraction of the system's requirements in the form of common and variable features. Variability Models can be represented in different forms: Feature models, goal models, decision models, variation points or in the form of constraints.
Variability models are a pertinent choice in the context of IoT applications, as they represent the (1) system dimension in our Framework. They are responsible for describing the various devices that compose the fleet, as well as their configurations (the available options, the activated modes, the embedded devices or sensors, and the parameters and values that are important for its functioning). For instance, the configuration of each device in the Smart Building fleet is commanded by the following constraints:

Req1
Sensors should always monitor motion and smoke, and could monitor temperature and fall in particular setups.

Req2
The AC can only function if the Temperature Sensor is selected

Req3
The camera can record permanently, or it can be on hibernate mode and only be wakened when motion is detected. A camera installed in the guest room can be activated under certain circumstances.

Req4
The lightning in the house can either be controlled manually through light switches, or automatically. Curtains can be selected, along with one of these modes to avoid unnecessary usage.

Req5
Consumption Control can be activated. In might include Water Control or Energy Control.

Req6
Controlling the water involves choosing a water source; it can be provided from the Mains or from the Rainwater reservoir. For a more meticulous monitoring, the water control can track the exact amount through a water meter.

Req7
Controlling the electricity involves choosing a power source; it can be provided from the Mains or from the home battery bank. For a more meticulous monitoring, the Electricity control can track the exact amount through an electricity meter.

Req8
The administrators can control the fleet through a local control panel or using their Smartphone Apps, or both.
Req9 The fleet should be energy efficient Req10 The fleet should be efficient with water consumption Req11 The fleet should provide accurate results

Context models
Context models [16] are central for building selfadaptive systems, as they characterize the status of the different entities that compose the PL. They are used to model the elements of the (2) context dimension of the Framework. Not only does a context model allow the acquisition and abstraction of context elements, but it also delignates the adaptation logic that links a context to its ideal configuration. Today, thanks to the insight that smart sensors bring about their surroundings, we can realistically imagine scenarios like starting a car when the conductor's smartphone is close or preparing the conference room for a meeting by turning on the lights, opening the curtains, and lunching the appropriate presentation when it is in the agenda.
Context models are a combination of all context variables, which are abstractions over a part of the system's context. The values of a context variable are monitored at runtimes, by reporting on events, by sensing change in the context, or by catching device exception.
In the case of the Smart building fleet, several context elements have an impact on the final product. An example of context elements is presented in the following:

ID Context Requirements
Req12  Context models that include spatial and temporal constraints can be used to model the (3) environment dimension of our framework. Other models like prediction models and forecast models [17] are also relevant. In the case of the Smart building Example, Environment related information may include statements like: Recording a street view is forbidden or Water consumption should not succeed 400l per habitant in periods of drought.

Asset Marketplace
Services provided by the fleet are portrayed in the implementation model. They are represented as a collection of reusable programs that provide the functionalities described in the variability model. Furthermore, in a fleet of connected objects, managed devices are unknown and unanticipated. Therefore, to allow the extensibility of the system, it should be possible to introduce new functions by adding components from the outside, through a secure regulated platform. Every operationalization is implemented through a collection of assets. They are reusable components that gather the logic for the implementations in the connected objects.
However, in order to properly fit in the framework, this view should provide the means to link the operationalization to a collection of assets, in order to guarantee the extensibility of the system. Different assets might correspond to different implementations of an operationalisation; different standards, different algorithms, or different languages. A developer's open marketplace could host the various components responsible for enabling various services. And interfacing capabilities could link the modelled assets with their respective implementations.

Application Engineering
Application engineering (AE) starts with the elicitation of requirements for each customer in formal language. Features and components are selected accordingly. The list of components is readjusted in case it doesn't correspond to the exact demands of the customer. The final components are derived, linked, tested and deployed in the form of a product, which can change if and when any change in the context occurs. This section introduces the AE related activities, depending on the dimension they relate to.

Configuration
The configuration process corresponds to the selection of features and their corresponding components, in accordance with the users' requirements. The list of assets is readjusted in case it doesn't correspond to the exact demands of the customer (by adding or suppressing some of the automatically selected features), then linked. The final components are derived; tested and deployed in the form of a product, which corresponds to the new configuration of the fleet.

Context Data
The context model is exploited at this level, along with a monitoring platform, which supervises the fleet, captures change that occurs in the surroundings of the devices, and analyzes it. Furthermore, it keeps track of the state and physical conditions of devices individually; if an unusual behavior, a contradiction, or an unhealthy pattern is observed, the context model coordinates with the variability model, in accordance with the constraints that bind then, to plan and execute a new set of configurations.

EAI Endorsed Transactions
on Smart Cities 02 2018 -06 2018 | Volume 2 | Issue 8 | e1 Likewise, a user context model and a behavior monitor could be used to observe the actions of users, and learn their routines and patterns. This learning process could update the requirements at the application level to propose configurations that are more aligned with the realistic preferences of the user.
Provided as input to the model implementation, context data are the instances that context variables take under certain circumstances.

Environment Data
Unlike context data, which represent information that has a direct impact on the fulfillment of user's requirements, environment data refers to information and knowledge related to the domain. It does not have a direct impact on the system at a specific time, but might bright insight in particular situations. It is important to grasp and implement such information to make use of it when necessary.

Model implementation
In the following section, we propose an implementation of the models described in the previous section, in the form of a declarative constraint program.
Each feature in the variability model is defined as a Boolean variable [18]. When selected in the final product, the value of the variable is 1, when it is not, the value is 0. The variables are constrained with expressions [19]; they translate the predicates expressed in Table 1. The collection of variables form a constraint satisfaction problem that can be solved, in order to determine the valuable valid configurations. WaterMeter #= 1), (Battery #= 1 -> ElectricityMeter #= 1), (AC1 #= 1 -> Temperature1 #= 1 ; AC1 #= 0 ), (AC2 #= 1 -> Temperature2 #= 1 ; AC2 #= 0 ), (AC3 #= 1 -> Temperature3 #= 1 ; AC3 #= 0 ), Non-functional requirements (NFR) are represented as variables that can take several values (from 0 to 4), each value represents a satisficing level, which corresponds to the importance of the NFR for the user. Context and environment models are also translated to variables. Depending on the value they take during application engineering, they have various repercussions.  On the other hand, they define how the satisfaction of NFR is bound by context and environment conditions.  Finally, after instantiating the context variables, and depending on the wishes of the user, which might be, for example, (i) any valid product, (ii) the best product, (iii) the product that satisfies most the NFR Energy Efficiency, a configuration can be obtained by lunching a function that solves all the constraints, and proposes (i) a random result, (ii) the best result or (iii) the result for a EnergyEfficiency=4.

Related Works
To face the growing complexity of IoT environments, several researchers have identified the need for Frameworks and architectures that support the management of fleets of cooperative devices, considering self-adaptation a core requirement. Inox [20] combines IoT and service architectures to provide enhanced application and service deployment capabilities. The architecture enables the service and network infrastructure with self-management capabilities. In [21], the authors propose an architecture, where agents collect data about protocol operations, measurement-based learning assess the optimality of the control parameter and if necessary, adaptation is realized by applying the new policies to agents. The Focale project [22] introduces an architecture for orchestrating the behavior of heterogeneous distributed resources. Data models support the derivation of different models from a core model, and ontologies reason about the change. The ACE model, proposed in the Cascadas Project [23], defines a agent-based architecture that enables service components to dynamically adapt their behavior based on their context. In [24], a cognitive management framework finds the optimal way to deliver an application in different contexts by enabling the reuse of virtual objects.
With the exception of the Focale Project, none of the above frameworks realize proactive adaptation. Furthermore, in the discussed architectures, no mechanism was proposed to validate the need for intelligent adaptation. Finally, variability is not considered a fundamental concern, thus not managed.
Several DSPL based architectures can also be found in the literature. In [25], a DSPL based architecture, combined with preference based reasoning, provides the necessary mechanisms for reasoning about change; this allows the realization of decentralized self-managed system. Gaia-PL [26] is an extension of the Gaia platform for the analysis and design of multi-agent systems in active spaces. A requirement specification pattern captures the behavior of a system in dynamic conditions, and reuses the software assets for future similar systems. In [27], the author proposes a multi-view blueprint architecture, a basis for future smart city projects, based on the SoaSPLE [28] framework for run-time variability management of service-oriented software product lines. Finally, authors in [29] propose a SPL based process for the development of connected devices, defined by the means of CVL, to provide reuse mechanisms for the development of a family of agents.
In contrast with the aforementioned (D)SPL based approaches, our framework introduces variability EAI Endorsed Transactions on Smart Cities 02 2018 -06 2018 | Volume 2 | Issue 8 | e1 management at different stages of the process, as explained previously, including static (devices), dynamic (configurations) and time-bound (dimensions alterations) variability. None of the proposed SPL based approaches introduce the environment dimension, necessary for a smart proactive adaptation.

Conclusion and Future Work
The IoT paradigm enables advanced applications by interconnecting multiple devices that interact with their environment, and coordinate to provide the needed services. The smart city is one of the major targets of the IoT, as it gathers countless devices that constantly collect information, and thus can provide various cutting-edge benefits. However, the needs of end-users are divergent and the context conditions fluctuant. Therefore, supplying connected devices with the necessary mechanisms to answer the complex needs of each customer, and readjust their behaviour in the face of resource shortage, internet interruptions or service unavailability becomes essential.
Implementing fleets of connected devices as SASs is not completely new in research nor in industry, the design of such platforms however, remains problematic. This paper proposes a framework to design adaptable applications for the IoT, in order to tackle the problem of dynamic variability. On the one hand, it takes into account the specificities of requirements for a fleet of IoT systems, which can be related to the system, the context or the environment. And, on the other hand, it follows the fundamentals of DSPLE; domain engineering and application engineering. A preliminary proof of concept Smart Building example was used to illustrate the requirements concerned by each dimension of the framework. And finally, a constraint program implements the example, in order to demonstrate how each model can be analysed and resolved.
Nonetheless, some of the framework's main concepts are still not represented using the existing models. Prediction, behavioural learning, model auto-update, among other capabilities, are still not formulated.
REFAS [30], is a Goal-based modeling language implemented in Variamos [31]. It allows modeling requirements for self-adaptive software systems as DSPLs, from different points of view. As it implements most of the concepts to instantiate our framework, our future work includes extending its notation, with the missing concepts that allow the specification of all the needed requirements.