POLITECNICO DI MILANO
Industrial and Information Engineering
Department of Electronics, Information and Bioengineering
AUTOMATED RULE CONFLICT DETECTION FOR BUILDING MANAGEMENT SYSTEMS
Relatore: Prof. Matteo Giovanni Rossi
Tesi di laurea di: Davide Camurani Matr. 841977
A.A. 2015/2016
Sommario
L’Internet of Things (IoT) è considerato uno dei cambiamenti più profondi dell’era moderna, esso ha portato la possibilità di poter connettere oggetti di uso comune alla rete, e di raccogliere enormi quantità di dati. Uno dei campi di applicazione, che ha avuto il maggiore sviluppo nell’ultimo decennio, è quello degli smart building. Gli smart building più moderni sono composti da centinaia di dispositivi in grado di raccogliere informazioni dall’ambiente (tramite i sensori) e di modificarne il suo comportamento (tramite gli attuatori).
La loro coordinazione è gestita da un Building Management System (BMS) che definisce come agire sul comportamento del sistema, in base ai dati provenienti dal sistema stesso. Le scelte che compie un BMS vengono delineate tramite delle regole; tali regole utilizzano una logica di programmazione del tipo trigger-action: se la condizione di attivazione è verificata, allora viene eseguita l'azione ad esso collegata. L’evoluzione dei dispositivi ha portato con sé anche una maggiore semplicità di utilizzo, permettendo ad utenti senza elevate conoscenze tecniche di poter creare la propria rete di sensori e attuatori, e di definire delle regole di controllo. Essendo questi sistemi utilizzati da più persone contemporaneamente, nasce la necessità di verificare se le regole create possano generare conflitti tra loro; questa possibilità nasce dal fatto che utenti diversi, desiderino comportamenti diversi dallo stesso sistema. Con il termine conflitto vogliamo definire tutti quei casi in cui i dati, che il BMS vuole imporre su un parametro di un attuatore, siano inconsistenti. A tale scopo, sono disponibili alcuni
III
strumenti di diagnostica che ci permettono di rilevare e in alcuni casi di risolvere, i possibili conflitti. Tali strumenti sono utilizzabili solo per realizzare controlli run-time, quindi non ci permetto a priori (durante la fase di design del sistema) di rilevare possibili comportamenti pericolosi.
In questa tesi abbiamo cercato di trovare una soluzione a questo problema realizzando uno strumento in grado di rilevare conflitti di tipo Error e Warning, con un approccio offline di analisi. I conflitti di tipo Error sono derivati dalla simultanea attivazione di due regole, mentre quelli di tipo Warning da una sovrapposizione dei periodi di attivazione di due regole. L’idea per la sua implementazione si basa sulla teoria dei Satisfiability Modulo Theories (SMT).
Infine, tale strumento è stato implementato in un programma atto a riprodurre virtualmente uno smart building; in particolare, le parti che abbiamo implementato sono: gli utenti, gli spazi che compongono un edificio, gli oggetti che vi possono essere all’interno e le regole che lo governano.
IV
Abstract
The Internet of Things (IoT) is considered one of the most profound changes of the modern era, it brought the possibility to connect everyday objects to the network and to collect huge amounts of data. One of the application fields which had the greatest growth in the last decade, it is the field of the smart buildings. Modern smart buildings are composed of hundreds of devices able to collect information from the environment through the sensors) and to modify its state (by the actuators).
Their coordination is managed by a Building Management System (BMS) that defines how to act on the behavior of the system, according to the data coming from the system itself. The choices made by a BMS are delineated by the rules; these rules use a trigger-action programming: if the trigger condition has verified, then the action associated with it is executed. The evolution of the devices has also brought greater ease of use, allowing users without advanced technical knowledge to be able to create their own network of sensors and actuators, and to define the control rules. Since these systems are used by several people simultaneously, it becomes necessary to check whether the rules created may conflict with each other; this possibility arises because different users may desire different behavior from the same system. With the conflict term, we want to define all those cases in which the data, which the BMS wants to impose on a parameter of an actuator, are inconsistent. For this purpose, there are some diagnostic tools that allow us to detect, and in some cases to solve, the possible conflicts. However, these tools are only used to realize real-time controls, therefore their not allow us to detect possible problems during the design phase of the system.
V
In this thesis, we tried to find a solution to this problem with an instrument able to detect the Error and Warning conflicts with an offline analysis approach. The error-type conflicts are derived from the simultaneous activation of two rules, while those of warning-type by an overlap of the activation period of the two rules. The idea for its implementation is based on the theory of Satisfiability Modulo Theories (SMT).
Finally, this tool has been implemented in a program that virtually reproduces a smart building; in particular, the parts that we have implemented are: the users, the spaces that compose a building, the objects can be inside and the rules governing it.
VI
Content
AUTOMATED RULE CONFLICT DETECTION FOR BUILDING MANAGEMENT SYSTEMS ...... I
RINGRAZIAMENTI ...... ERRORE. IL SEGNALIBRO NON È DEFINITO.
SOMMARIO ...... III
ABSTRACT ...... V
CONTENT ...... 7
FIGURE INDEX ...... 11
TABLE INDEX ...... 14
CHAPTER 1 INTRODUCTION ...... 15
1.1 OVERVIEW OF SMART BUILDINGS ...... 15
1.2 BUILDING MANAGEMENT SYSTEMS ...... 17
1.3 CRITICAL ISSUES AND CONTROVERSIES ...... 19
1.4 PROBLEM DEFINITION ...... 20
1.5 OUTLINE ...... 21
CHAPTER 2 STATE OF THE ART ...... 25
2.1 CONFLICT DETECTION APPROACHES ...... 25
Multi-Agent System Approach ...... 25
Interest/Intention Approach ...... 26
Policy-Based Approach ...... 27
7
2.2 CURRENT CONFLICT TOOLS ...... 27
Low-Level Approaches ...... 27
High-Level Approaches ...... 28
Discussion ...... 29
2.3 RULE STRUCTURE ...... 29
Trigger-Action Programming Techniques Analysis ...... 30
Basic and Advanced Structure of Rules ...... 31
2.4 FRONTENDS ...... 32
Samsung® SmartThings ...... 33
Apple® HomeKit...... 34
ETS by KoNneX® ...... 36
PC Access by HAI® ...... 37
CHAPTER 3 BACKGROUND ...... 39
3.1 SMT PROBLEMS ...... 39
Available SMT Solvers ...... 40
3.2 THE Z3 SMT SOLVER ...... 42
SMT-LIB ...... 43
Z3 Solver API ...... 46
CHAPTER 4 MECHANISMS FOR RULE MANAGEMENT ...... 49
4.1 OVERVIEW ...... 49
4.2 INFORMAL DESCRIPTION OF RULES ...... 50
Data Handled by Rules ...... 53
A Further Improvement: WIFTTT Model ...... 55
4.3 FORMALIZATION OF CONFLICTS AS SMT PROBLEM ...... 56
8
Conflicts Producing Errors ...... 56
Conflicts Producing Warnings ...... 59
Conflict Formalization Output ...... 62
4.4 SMT INPUT DATA IMPROVEMENT ...... 63
WHEN Filter ...... 65
ACTUATOR Filter ...... 66
4.5 POSSIBLE ADDITIONAL CONSTRAINTS ...... 67
Physics Simulation ...... 67
Actuators Environment Manipulation ...... 68
CHAPTER 5 DESIGN OF SMART BUILDING CONCEPTS ...... 71
5.1 OVERVIEW ...... 71
5.2 ACTORS ...... 72
Use Cases ...... 75
5.3 SPACES ...... 76
Security Levels ...... 78
5.4 OBJECTS ...... 80
Datapack ...... 81
5.5 RULES ...... 82
CHAPTER 6 IMPLEMENTATION ...... 85
6.1 PROGRAM OVERVIEW ...... 85
6.2 USER MANAGER ...... 87
6.3 SPACE MANAGER ...... 89
6.4 OBJECT MANAGER ...... 90
6.5 RULES MANAGER ...... 91
9
How to Add a New Rule ...... 92
How to Perform a Conflict Detection ...... 95
CHAPTER 7 CONCLUSION ...... 97
7.1 OBTAINED RESULTS ...... 97
7.2 FUTURE DEVELOPMENTS ...... 98
APPENDIX A JAVA CODE ...... 99
A.1 ERROR FORMALIZATION METHOD ...... 99
A.2 WARNING FORMALIZATION METHOD ...... 99
A.3 METHODS FOR MAKE ASSERTIONS ...... 101
A.3.1 Boolean Constraints ...... 101
A.3.2 Numerical Constraints ...... 101
A.3.3 Range Constraint ...... 102
A.3.4 Tristate Constraint ...... 102
REFERENCES ...... 103
10
Figure Index
Figure 1.1 - Standard IT Architecture of a Smart Building 17
Figure 1.2 – Centralized (a) and Distributed (b) BMS Architecture 18
Figure 2.1 – SmartThings App View 33
Figure 2.2 – MyHome App View 35
Figure 2.3 – ETS Program View 36
Figure 2.4 – PC Access Program View 37
Figure 3.1 – Z3: Core System Components 42
Figure 4.1 – Example of a Rule that Evolves in the Time 54
Figure 4.2 – WIFTTT Rule Concept 56
Figure 4.3 – Example of a Possible Simultaneous Activation Between Two Rules 57
Figure 4.4 –List of Sensor of Two Rules 58
Figure 4.5 - Sampling of The Time Horizon to Analyze 58
Figure 4.6 – Zones Which Define the Constraints to Apply on the Variables 59
Figure 4.7 – Possible Warning Condition between Two Rules 59
Figure 4.8 – Warning Detection Iteration 60
Figure 4.9 – Constraint Zones in Warning Detection 61
Figure 4.10 – Trend of the Number of SMT Problems in function of the Number of Rules the Acting on a Room 65
11
Figure 4.11 – Example of Two Rules Which Are Filtered by the When Filter 66
Figure 5.1 – Special Actions Allowed only to Administrators 73
Figure 5.2 – UML Scheme of the Users Typologies in the Model 74
Figure 5.3 – Spaces Structure Expressed Through Set Theory 76
Figure 5.4 - Example of the Structure of a Home 77
Figure 5.5 – Security Levels 78
Figure 5.6 – Example of a Security Level Assignment Based On the Roles 79
Figure 5.7 – Example of The Use of Security Levels 79
Figure 5.8 – Sensor Class 80
Figure 5.9 – DataPack Class 81
Figure 5.10 – Rule Class 83
Figure 6.1 – Program’s Logic Structure 86
Figure 6.2 – Main View of the Program 87
Figure 6.3 – Login Procedure: (a) Menu Button, (b) Login Popup 87
Figure 6.4 – Role Manager’s Menu 88
Figure 6.5 – User Manager (Admin View): (a) Menu Button, (b) User Manipulation Tab 88
Figure 6.6 – Tree Structure of a Building 89
Figure 6.7 – Add New Room Space Procedure 89
Figure 6.8 – Room’s Shape and Planimetry Visualization 90
Figure 6.9 – Objects Manager Menu Option 91
Figure 6.10 – Object Manager View 91
Figure 6.11 – Rules Manager Menu Option 92
12
Figure 6.12 – Rules Manager View 92
Figure 6.13 – Rule Editor View 93
Figure 6.14 – Editing Panels: (a) Trigger Event, (b) Actuator Setting 94
Figure 6.15 – When Condition’s Editing Panel 94
Figure 6.16 – Rule Editor View: Rule Defined 95
Figure 6.17 – Offline Analysis Results: Error Conflict 96
Figure 6.18 - Offline Analysis Results: Warning Conflict 96
Figure 7.1 – System Interfacing Menu 98
13
Table Index
Table 2.1 – Basic and Advanced Requirements of a Rule 32
Table 3.1 – List of the Most Used SMT Solver in Last Years 41
Table 5.1 - Action Allowed per User Typology (Part 1 of 2) 75
Table 5.2 – Action Allowed per User Typology (per 2 of 2) 76
14
CHAPTER 1 INTRODUCTION
In this chapter we provide an overview about smart buildings. First, we define what the term “smart” means in this thesis and which are the main features of a smart building. Then we analyze the structure of the current building management systems and which are the most critical aspects of these systems, both from the point of view of their rule management and conflict resolution. Finally, we define the goals of this thesis.
1.1 Overview of Smart Buildings
Smart Buildings have been explored and developed over the last three decades, but they have gained more and more interest in the last few years, indeed the term smart has started to appear more frequently in roadmaps and industrial reports [21].
Having a clear statement of what a smart building is within this thesis is a fundamental step, since the term smart has not a shared meaning for all the different stakeholders interested in this topic [20]. In fact, the potential final users could call smart a building that can be remotely accessed to turn devices on and off. Otherwise, from the researchers and IT experts point of view, a building is smart when it is responsive to its inhabitants and it is able to adapt autonomously in sophisticated ways, e.g., using intelligent machine learning algorithms to predict user occupancy and control the heating system.
15 Chapter 1
In our thesis we define smart a building that permits the cooperation between objects (e.g., sensors, devices, appliances) and systems that have the capability to self-organize according to some policies [19] and which are able to deal with different fields.
In particular, it should guarantee:
. The users comfort: that means improving the wellness of the occupants of a building by controlling different aspects of the home environment as: the temperature, the humidity, the brightness, the air quality of the ambience and so on.
. The user safety: that means improving the user security both in case of system failures (fire, short circuit, etc.) and in case of intrusions.
. The energy efficiency: that means reducing the waste (e.g., do not irrigate if is raining) and use the resources as economically as possible (e.g., do not cool an empty room) without impacting negatively on the user experience.
. The user life: that means adapting the system’s behaviors in way to meet the user’s needs.
From a technological point of view, a smart building is a distributed control system, where dozens of modules [19] are exploited to increase the safety, the comfort and the efficiency of the construction itself. The Figure 1.1 shows a basic scheme of the standard IT architecture of a smart building.
The standard IT architecture of a smart building is divided into several parts. In the lowest level part of the structure, we find the hardware level that includes: a network of sensors, which are distributed throughout the control area and that collect data, and a network of actuators, which change the behavior of the system. Sensors and Actuator networks interact with a controller called Building Management System (BMS, the middle layer of Figure 1.1) that, based on the information coming from the sensors, decides how acting on the actuators. Finally, in order to easily interact with this
16 Introduction
system, there is an additional level (the highest layer of Figure 1.1) that provides a communication interface between the user and the system.
Figure 1.1 - Standard IT Architecture of a Smart Building
1.2 Building Management Systems
As introduced in the previous section, the core of each smart building is its Building Management System (BMS).
A BMS, otherwise known as a Building Automation System (BAS), is a computer-based system that controls and monitors the building’s mechanical and electrical equipment, such as: ventilation, lighting, power systems, fire systems, and security systems.
Figure 1.2 shows two possible alternatives for the architecture of a BMS, these can be:
17 Chapter 1
Centralized: this type of structure has all the system components (sensors and actuators) connected to a single central module which control directly each element of the system. Even if this solution is simple to implement it suffers of a lack scalability and requires a central unit with a high-capacity computing.
Distributed: this type of structure has the main BMS connected to several gateways, which also implement the BMS’s capabilities, which manage the information coming from the sensors and actuators connected to them. The purpose of these gateways is to decentralize the decision process, in order to cut down the computational tasks performed by the main BMS. This kind of architecture has a much more complex design but it provides also a higher level of scalability and can manage larger buildings without the need of a central powerful machine.
Figure 1.2 – Centralized (a) and Distributed (b) BMS Architecture
18 Introduction
Gartner has predicted that a typical family home could contain more than 500 smart devices by 2022 [25], due to the lower price of the components and the users’ desire to expand the features of their buildings; indeed, the distributed architecture is the solution adopted in future systems.
1.3 Critical Issues and Controversies
In the current practice, the number of manufactures which produces hardware technologies for the smart buildings is increasing. Actually, we have different hardware solutions which we can use for transform a building into a “smart building”, at least from a theoretical point of view. Unfortunately, its implementation in a real context is not so simple; since the variety of home automation devices, in terms of both hardware variations and differences in the software running on them, makes the task of coordinate all these components very difficult. As a consequence of these differences, the field of home automation suffers from platform fragmentation and lack of technical standards.
Furthermore, a smart home is comparable to an amorphous computational system. With the term amorphous computing we refer to computational systems that use very large numbers of identical, parallel processors each having limited computational ability and local interactions [22]. As amorphous computing, a smart home can be composed by dozens of sensors and actuator which are characterized by: limited memory and computational capabilities, and a lack of knowledge of the system in which they are positioned.
Since sensors and actuators are unable to understand their purpose within a system, it is necessary to define management policies. The coordination of all these rules is not trivial; moreover, the rule creation is no longer carried out by a limited number of technical people, but it can involve more and more people with different backgrounds and know-how. In addition, involving more users in the rule definition introduces the possibility to generate
19 Chapter 1
conflicts, due to the fact that each user defines the rules with different purpose. This possibility increases especially in a shared environment. In conclusion, these problems must be recognized by the system.
Currently, there exist different tools that allow the system designers to verify possible inconsistent states, but they can work only at run-time, hence only after that the system has been deployed (see Section 2.1). Besides, in order to verify beforehand if some rules do not affect negatively the user’s experience, these approaches are not sufficient.
Finally, the survey of frontends presented in Section 2.1 shows that current BMSs do not provide any solution to carry out a preliminary investigation of possible conflicts.
1.4 Problem Definition
The discussion above highlights that a first problem concerning BMSs regards the definition of models which describe all the different aspects of a smart building. In particular, we need to define a model for:
. The spaces: it is necessary to define a space manager which allows the system designers to describe the physical structures that compose a building.
. The objects: the use of different brands also leads to create a model with a high level of abstraction so as to be able to describe the greatest number of objects; moreover, it is necessary to define an object manager that allows system developers to organize objects based on their physical locations and not on the network structure.
Then, as shown in Section 1.3, it is no longer possible to assume that only few users with technical backgrounds interact with the system. This requires to model a further element:
. The users: we need to identify who is manipulating the system and the role that (s)he has in it.
20 Introduction
Furthermore, since a smart building autonomously decides its behavior, and, consequently, it influences the life of its occupants, people are generally worried about the fact that their life is strongly influenced by something they cannot understand or directly control. It is then necessary to simplify the human-machine interface of smart buildings in order to allow people, even without a technical background, to interact with the control system.
Finally, it is necessary to find the right abstraction level for the policies’ model which control a system, in order to be compatible with the rule’s structure of the current service providers. Moreover, the rule definition process must be simple and intuitive, since, as demonstrated in [26], inexperienced users are not able to directly interact with sensors and actuators (see also Section 4.1).
A first goal of this thesis is to develop an application that manages spaces, objects, users and rules and which permits designers to:
. define the physical structure of a building;
. manage the users who are part of it;
. define the position of objects in the system;
. define the rules which act on devices.
In addition, a second goal of this work is to realize a tool which, possibly in collaboration with the current run-time conflict detectors, allows system configurators to execute, at design time, a preliminary analysis of the system in order to find possible conflicts and behaviors that can negatively impact the user’s experience.
1.5 Outline
Given the concept and the problems exposed above, the next chapters provide an overview of the work done with this thesis. In particular, this thesis aims at realize a tool able provide a preliminary analysis of the system’s rules in order to avoid beforehand possible logic-based conflicts. Moreover, we aim
21 Chapter 1
also to implement this tool into an application which manages spaces, users, abject and rules.
In Chapter 2, we introduce the state of the art. The first part of this chapter is dedicated to an overview of the current detections approaches. Then we analyze the tools for the conflict detection by discussing their positive and negative features. Next, we proceed by considering the actual rule’s structure by defining the basics and advanced rules’ requirements. Finally, we analyze the current applications which allow users to interact with smart buildings.
In Chapter 3, we provide a theoretical explanation of the SMT problems and how they can be solved. Then, we introduce the tools which allow us to implement the techniques for the SMT problem resolution by discussing their pros and cons. Finally, we discuss about the Z3 solver, the one which we have used in our thesis, and how we can generate its input data.
In Chapter 4, the details about our approach for the conflict detection are introduced. First, we present how we have structured the rule model in order to satisfy the advanced requirements defined in the Chapter 2 and how their data are described inside our application. Then, we proceed by explaining the formalization procedure. Finally, we show some improvement0s for the conflict detection’s procedure.
In Chapter 5, we describe through the use of the UML language, how we have defined the other classes used in our application: Actors, Spaces and Object; and how they work together.
In Chapter 6, we show how we have implemented the elements defined in the Chapter 5. In particular, we describe the different managers which compose our application and how they permit to design the various parts of a smart building: users, spaces, objects and rules. Finally, we focus on the Rule Manager, especially on the procedure for the rule definition and on the use of the conflict detector.
22 Introduction
In Chapter 7, we report our conclusions about the obtained results respect the initial objectives defined in the previous section, and the possible future developing
23
CHAPTER 2 STATE OF THE ART
In this chapter we present a survey about the state of the art of smart building management systems. First, we focus on some frontends used for modeling and managing the system structures and the rules. After that, we concentrate on the rule structure by introducing the trigger-action programming technique. Finally, we describe a first approach concerning how detect and solve conflicts.
2.1 Conflict Detection Approaches
Since conflict resolution in smart environments is still a relatively new topic; this section introduces different theoretical approaches for the conflicts detection and resolution, which have been developed by the scientific community. By the term conflict, we define a case in which there is an inconsistency in the data of a system’s element.
Multi-Agent System Approach
A first technique for the conflict detection (and resolution) is based on the idea of treating a smart building as a multi-agent system.
Alshabi et al. [32] have proposed a solution where each system’s object can independently decide whether to cooperate or not with the other agents of the
25 Chapter 2
system. In case of conflict, the agents try to solve it by adopting one of these three negotiation strategies: arbitrary leader election, chaining or cloning (these strategies are detailed in [33]).
Jacak and Proll have proposed a heuristic approach [34]. In their solution each agent is able to: perceive and react to the environment, plan and execute an action and negotiate with other agents; this allows agents to coordinate their actions in order to achieve a common global goal, trying to avoid conflicts.
Interest/Intention Approach
This approach involves to define goals for each users and uses this information in order to avoid or resolve conflicts.
Tuttlies et al [38] define a conflict as a context change that leads to a state of the environment which is considered inadmissible by the user. Their solution is based on the information available in a database with a context model representing the environment state, and a database of conflicting situations.
Armac et al [39] propose to specify components as services, where each service consists of actions that denote state transitions on resources; then, the admissible state transitions are captured by an automaton associated with each resource. A conflict situation is detected when a service attempts to transition a resource from a state previously set by another service. Conflict resolution is handled by a rule-based mechanism and handled with priorities.
Park et al. [40] propose a dynamic conflict resolution scheme for resolving conflicts between different context-aware applications in smart environments, which incorporates users’ intentions and preferences. They model the user intentions and preferences as cost functions. Based on this information, the solution to a conflict is determined by minimizing the overall cost of all users’ cost functions involved in the conflict.
26 State of the Art
Policy-Based Approach
This types of approaches are the most modern, and those that are closer to the idea is smart building; they define a Rule as a description of a well- defined behavior, which the system runs in certain situations; actually the rules’ structure is based on the trigger-action programming; its details are analyzed in Section 2.3. Since different users, which have different intentions, interact with the system by creating distinct rules, the conflict possibility of conflict increase, especially in large-scale systems [8].
These resolution techniques are still not very advanced. The idea shared by them is a run-time approach that involves the users in the conflict resolution process, allowing them to define how the system should operate in case of conflict.
2.2 Current Conflict Tools
As introduced in the previous section, the conflict detection and resolution techniques in a smart building systems are based on two main ideas. The first does not involve the end-user during the resolution phase, we call the set of these solutions: Low-Level Approach; the second idea requires the end-user intervention, the set of these solutions is named High-Level Approach.
Low-Level Approaches
This category of tools resolve conflicts based on predefined settings, which are defined by the system designers that have not a priori knowledge of the system structure. In particular, all the following solutions are priority-based. Indeed, each action is characterized by a priority level and in case of conflict the ones with the highest priority is executed. Therefore, the user is not directly involved into the resolution procedure but can only decide beforehand the importance of an action respect to another.
27 Chapter 2
BACNet [28] is a data communication protocol for Building Automation and Control Networks. A data communication protocol is a set of rules governing the exchange of data over a computer network. The rules take the form of a written specification that spells out what is required to conform to the protocol. All the devices on a BACNet network can write to the writable properties of another device's objects, this can generate conflicting commands. The conflict resolving mechanism is based on a priority table. All the rules are sorted according to their importance then it is executed the one with the highest priority.
SensorAct [10] manages permissions through a combination of priority and guard-rules; it is a script that specifies validation conditions based on time, date, duration, location and the frequency of operation.
BOSS [11] treats each command as a transaction and save them in order of arrival (priority based on the order of arrival). Each transaction has a lease time during which actions are valid and can be executed. When the lease expires, a revert sequence restores the control of the system to the next scheduled controller. Actions may also be reverted on a partial failure, depending on the error policy.
Finally, BuildingDepot [27] proposes a solution similar to BACNet by incorporating a priority array and adding a conflict-default value, used as a fallback in case there are two or more users with the same priority level.
High-Level Approaches
Since the actual system’s models cannot fully describe the behavior of a smart building, a better approach for the conflict resolution is to involve the users into the resolution process itself, thereby taking advantage of his/her greater knowledge of system.
CARISMA [12] supports runtime dynamic policy conflict detection and resolution. Conflicts are defined as the inconsistencies that arise when contradictory behaviors are requested by the same application as a reaction
28 State of the Art
to a context change, or when cooperating applications don’t agree on a common behavior to be applied. Its creators argue that conflicts cannot be resolved statically at the applications’ design time, but rather need to be resolved at run-time by the user.
Discussion
From the analysis above, we can assert that the choice of the approach to use is based on the decision to include or not the end-user during the resolving procedure. Moreover, the above approaches do not find a permanent solution to the conflicts such that they cannot happen again, but they only avoid that the system does not have inconsistent data in case of conflict. Another important point is the fact that both approaches are run-time so, they do not allow us to perform a preventive analysis of the possible conflicts.
A better approach is to define an offline solution, that can be executed without a running system. In this way, errors can be found in advance and not only when they occur.
Another aspect that should be improved is the interaction between users and solver. As mentioned in Section 2.2.2, the users know better the behavior of the system with respect to the model, so their intervention in the resolution of a conflict must be more incisive; moreover, it would be useful to direct the user to a possible solution.
The approach implemented in this thesis follows the idea to analyze pairs of rules that govern the same environment, and based on their information (described in Section 4.1), it defines a SMT problem with the objective to verify if there exists at least one case in which the rules are in conflict.
2.3 Rule Structure
The initial technologies, that enable home automation and smart homes, have been around for decades, they have been expensive and complex [4]. As
29 Chapter 2
a result, smart homes have mostly been embraced by a small community of affluent and technically proficient early adopters [5]. In the last years, however, companies have begun to market “smart devices” to average consumers at much lower price points. As a result, an increasing number of users have the possibility to create their own smart systems. Moreover, as shown in Section 2.4.1 and in Section 2.4.2 the tools, which are used for define the system behaviors, are becoming more and more easy to use, simplifying the interaction with the end-users. The logics behind these programming tools often takes the form:
If trigger Then action which we define as trigger-action programming.
Trigger-Action Programming Techniques Analysis
Despite the literature and nascent real-world implementations of trigger- action programming for smart devices, a key question remains. Where should we find the balance between expressiveness and ease of use? For example, IFTTT [7] restricts users to a single trigger and single actions. Do users need more flexibility? Can they handle more flexibility? Does additional programming experience change this equation? Are important elements missing from the model?
All the above questions have been analyzed. Based on a study conducted on a sample of 318 workers on Mechanical Turk [6], we can try to find the answers to previous questions. The study has evolved in these steps:
STEP 1: In way to determine whether trigger-action programming captures smart-home behaviors that users actually desire, they have investigated the following hypotheses about smart-home behaviors:
. H1: Many desired behaviors for a smart home are expressible using trigger-action programming;
. H2: Some behaviors require multiple triggers or actions;
30 State of the Art
Unlike the affordances of IFTTT, 22% of programming behaviors required more than one trigger or action. This result means that the one-to-one rule’s structure is not sufficient flexible.
STEP 2: With to purpose to test whether customizability is even necessary for smart home programming, they have investigated the following hypothesis:
. H3: In practice, users combine triggers and actions in a large number of unique ways;
From this step they have been able to define that the complexity of the rules created is highly diversified.
STEP 3: Participants were randomly assigned to use either an interface that supports only a single trigger and a single action (simple interface) or one that supports multiple triggers and multiple actions (complex interface). Then, they have investigated the following hypotheses:
. H4: Participants perform with equivalent accuracy and speed using either the simple or complex interface;
. H5: Prior programming experience and experience using trigger- action programming increase speed and accuracy;
They found no significant differences in participants’ performance or satisfaction between the simple and complex interfaces, supporting H4. Furthermore, participants using the complex interface were able to complete complex tasks at a similar rate of success. H5 was only partially confirmed; programming experience did not provide a significant advantage.
Basic and Advanced Structure of Rules
Based on the observations of the strong and weakness points of the main service provider’s solutions (see Section 2.4) and the results of the study discussed in the previous section, we have concluded that use the classical
31 Chapter 2
form of IFTTT logic is not always sufficient to describe the rules that control our system.
In way to define a starting point for our rule model, we need to delineate the basic requirements that must be satisfied by the rules. Moreover, we define also the advanced requirements that the rule model should reach in order to satisfy even more complex problems and provides more flexibility and freedom action to user.
The following table collects the basic and advanced requirements for different rule’s attributes.
Field Basic Advanced *Number of Elements One-to-One Many-to-Many **Time in which the Rule is Active Only one Range Multi Range ***Behavior of the Rule Instantaneous Dynamic Trigger Event Single Data Multi Elements Table 2.1 – Basic and Advanced Requirements of a Rule
* It indicates how many sensors and actuators are involved in the rule.
** It indicates the time periods in which it is possible to make the rule valid.
*** It indicates whether the result or event control of the rule trigger is instant or can evolve.
2.4 Frontends
In this section we analyze some programs that allow users to have almost a full control of every aspect of their home, such as: energy management, lighting control, security, entertainment, watering and so on.
In order to define how the current service providers on the market have structured their solutions. In the following, we have analyzed four different applications: two of these are mobile applications, while the other two are desktop solutions which are adapt to more professional purpose. These choices were made in order to analyze the simplicity of the mobile applications, and how complex projects are handled in the most professional solutions.
32 State of the Art
In order to define a rule’s model, which can be compatible with the larger number of existent solutions, a particular attention has been given to the analysis of the rule’s structure. Moreover, we analyze also the system’s model in order to also define a structure for our program.
Samsung® SmartThings
SmartThings [1] is building an open platform for smart building management developed by Samsung®.
(a) (b) (c) Figure 2.1 – SmartThings App View
The SmartThings native mobile application allows users to control, automate, and monitor their home environment using their mobile device. The area called “SmartSetup” into the app, that is accessible from the app's dashboard, facilitates the procedure that allow the users to add a new device. Customers can use the app to connect multiple devices through the use of an “auto-search procedure” or follow a dedicated path to configure one device at time.
33 Chapter 2
The devices compatible with the SmartThings’s app are: motion sensors, presence sensors, moisture sensors, locks, electrical outlets, garage door openers, speakers and thermostats.
The user interface of the program is very simple and intuitive. Through the "My Home" view (Figure 2.1 (a)) you can see the rooms list of the system; and, by pressing the menu button on the top right corner, is possible to add new rooms. Moreover, a user can be added through the menu called “Family”. The items connected to the system can be chosen using the “Marketplace” view (Figure 2.1 (b)) and assigned to a specific room.
This solution does not permit directly to setup rules; this procedure is possible through the use of third-part applications installable from the menu “SmartApps”. Some routines, which contains a list of commands, can be created in way to define lists of commands to execute quickly by clicking the corresponding routine icon (Figure 2.1 (c)). Finally, we have noted that any conflict detector is implemented.
Apple® HomeKit
HomeKit [2] is an app developed by Apple®. Users can control and configure the connected accessories in their homes, regardless of the manufacturer. The app helps the users in the following tasks:
. Setting up a Home;
. Managing users;
. Adding and removing sensors and actuators;
. Defining Scenes;
34 State of the Art
Figure 2.2 – MyHome App View
The HomeKit space structure is based on three type of locations: Rooms, Zones, and Homes. In particular, the rooms, such as "Living Room” or “Bedroom,” are the main space descriptors and they may contain any number of sensors and actuators. Moreover, zones are collections of Rooms, such as “Children Rooms”. All the rooms and the zones (optional) are contained within a home. Users must specify at least one Home to use as base location of their accessories.
Regarding the user managing, the app provides different ways to manage them, in particular, the admin can decide who is allowed to control the accessories in a home. When a new account is added to a home, the account holder is able to adjust the characteristics of the accessories. Moreover, when an account holder is specified as an admin, it is also able to add new accessories, set up homes and spaces, and create scenes.
The application automatically searches for new accessories and present them in the main program view. The configuration of a new element includes
35 Chapter 2
assigning a name, home, room, and optionally a zone. In way to conclude the adding procedure an admin must enter the accessory’s setup code (included with the hardware documentation or packaging).
Finally, the settings of new rules follow the IFTTT logic (see section 2.3). Also in this case, a conflict detector is not present.
ETS by KoNneX®
ETS stands for Engineering Tool Software; this program is a manufacturer independent configuration software tool, used to design and configure intelligent home and building control installations based on the KNX technology [3].
Figure 2.3 – ETS Program View
As shown in Figure 2.3, this program has not a user-friendly GUI due to the fact that it was created for expert user and for business purpose. On other hand, it permits to define more settings respect the previous mobile applications.
The building structure is composed by buildings, floors and rooms; rooms are contained into a floor, then, a set of floors is contained into a building. Inside
36 State of the Art
each one of this spaces, is possible to set up different objects. The information related to each element, that can be added into the project, comes from an internal database. These elements can be edited in way to setting up: name, address, location, connection type and many other data.
In the program is not present a user manager.
The procedure for defining a new rule appears complex and not intuitive for novice users, but, as in the previous cases, the logic behind them is the trigger- action programming. Also in this program, a conflict detector has not been implemented.
PC Access by HAI®
PC Access is the software used to program all HAI Omni and Lumina family home control systems. It provides to us different features as: a user set up, the programming and monitoring appliance over a network, serial or modem connection.
Figure 2.4 – PC Access Program View
This program allows users to manage very larger project. Strong points of this program are: the user manager and the rule creator.
37 Chapter 2
Regarding the user manager, it is important to denote how the users are descripted. Each user is characterized by particular attributes that define their personal routine and preferences. In particular, a user is described by personal data, many numerical data (e.g. preferred temperature or preferred humidity level), times data related to personal routines (e.g. working hours), dates (e.g. birth date), days of the week (e.g. define the free days), etc.. All this information can be used during the rule definition for programming wake-up times, lighting scenes, comfort temperatures and other conditions in way to improve the user comfort. Each of these user settings can then be easily modified by the user.
Concerning the rule creation, it consists of several features and structures that allow you to take full advantage of the powerful programming capabilities of this solution. In particular, the rules:
. May have multiple triggers, multiple conditions, and multiple actions;
. Can be triggered cyclically by defining a period of time which can last minutes, seconds or hours;
. Conditions can be created by using Boolean operator;
. Conditions can reference properties of zones, units, thermostats, temperature/humidity sensors, messages, security status, time/date, audio, access control, constants as well as user settings.
As in the others programs, also this application does not offer a diagnostic tool.
38
CHAPTER 3 BACKGROUND
In this chapter we introduce the concept of decision problems, in particular we discuss the SMT problems. Then, we give an overview about the actual SMT solvers and their resolution techniques. The second part is focused on the Z3 solver: we provide a description of the tool and an explanation of how define its input data through the use of two different input methods.
3.1 SMT Problems
A Boolean Satisfiability Problem (denoted as SAT) is a problem which determines if there exists an interpretation that satisfies a given Boolean formula. In other words, it asks whether the variables of a given Boolean formula can be consistently replaced by the values TRUE or FALSE in such a way that the formula evaluates to TRUE. If this is the case, the formula is called satisfiable. On the other hand, if no such assignment exists, the function expressed by the formula is FALSE for all possible variable assignments and the formula is unsatisfiable.
Satisfiability Modulo Theories (SMT) generalizes SAT problems by extending to the first-logic equality reasoning, arithmetic, fixed-size bit- vectors, arrays, quantifiers, and other useful first-order theories.
SMT problems that use linear arithmetic (LA) will typically involve two types of variables: the traditional SAT (Boolean) variables as well as real-valued variables. An LA formula is defined as a collection of Boolean formulas where
39 Chapter 3
each literal is either a Boolean variable or a linear inequality over the real- valued variables.
The procedure for solve SMT problems is generally based on two levels. The background theory sentences are treated as SAT variables, which leads to a SAT problem that is solved with standard SAT solving techniques. When a solution is found for the SAT problem, the consistency of the set of sentences that were assigned to TRUE is tested by an external solver (depending of the strategy of the SMT solver). If this external solver finds this set inconsistent, it returns a subset of incompatible sentence that are turned into a clause that is added to the SAT problem. This process is repeated until a solution is founded or until the problem is considered unsatisfiable.
Available SMT Solvers
An SMT solver is a tool for deciding the satisfiability (or dually the validity) of formulas. Moreover, SMT solvers can be used in different applications, such as: extended static checking, predicate abstraction, test case generation, and bounded model checking over infinite domains, to mention a few.
Currently, many tools are avaiable to solve SMT problems. The Table 3.1 summarizes some of the most used SMT solvers. In particular, the first two columns of the table contain information about the platform: the name of the solver and the list of the compatible operational systems respectively. Then, the other columns define the features: the columns named "SMT-LIB", “CVC” and “DIMACS” indicate the compatibility of the solver with the corresponding languages, the column “Bulit-in Theories” shows which type of data can be handle and the last column defines for which programming language there exist an API.
40 Background
Platform Features SMT- Name OS LIB CVC DIMACS Built-In Theories API Rational and integer linear arithmetic, arrays, tuples, records, Linux, Mac inductive data CVC4 OS, Yes Yes types, bitvectors, C++ Microsoft strings, and equality over uninterpreted function symbols Linux, Mac C/C++, MathSAT OS, Yes Yes Python, Microsoft Java Partial Non-Linear MiniSMT Linux v2.0 arithmetic Empty theory, Linux, Mac Partial differences, linear OpenSMT OS, Yes C++ v2.0 arithmetic, Microsoft bitvectors Real and integer raSAT Linux v2.0 nonlinear arithmetic Uninterpreted Linux, Mac functions, linear SMTInterpol OS, V2.0 real arithmetic, Java Microsoft and linear integer arithmetic Linux, C/C++, OpenBSD, Partial Python, STP Yes Bitvectors, arrays Windows, v2.0 OCaml, Mac OS Java Empty theory, C/C++, linear arithmetic, Linux, Mac .NET, nonlinear OS, OCaml, Z3 V2.0 Yes arithmetic, Windows, Python, bitvectors, arrays, FreeBSD Java, datatypes, Haskell quantifiers, strings Table 3.1 – List of the Most Used SMT Solver in Last Years
41 Chapter 3
From the list of SMT Solvers, we filter those that are compatible with our working conditions: Java Environment and Microsoft OS. These conditions reduce the possible choices to the solvers: MathSAT [13], SMTInterpol [14], STP [15] and Z3 [16]. We have decided to use the Z3 SMT solver.
3.2 The Z3 SMT Solver
Z3 is a very popular SMT Solver from Microsoft Research. It is targeted at solving problems that arise in software verification and software analysis. Consequently, it integrates support for a variety of theories. Users can interact with Z3 by using either a textual format or a binary API. Three textual input- formats are supported: The SMT-LIB [17], the Simplify [18], and a low-level native format in the spirit of the DIMACS format for propositional SAT formulas.
Figure 3.1 – Z3: Core System Components
The structure of the Z3 integrates a modern DPLL-based SAT solver [35][36], a core theory solver that handles equalities and uninterpretable functions,
42 Background
satellite solvers (for arithmetic, arrays, etc.), and an E-matching abstract machine (for quantifiers). A schematic overview of Z3 is shown in the Figure 3.1.
Therefore, in order to meet the needs of this project we have decided to use the solution offered by the solver Z3 [16]. Moreover, this solution is continuously developed by different communities for improving its performance and compatibility, furthermore, it has always achieved high results into the SMT-competition of the last three years [29][30][31].
SMT-LIB
As introduced in the previous section the Z3 solver supports different input formats, in this paragraph we analyze the SMT-LIB format. This choice is due to the fact that this format incorporates all the theories that are handled by the other two.
In particular, the supported Z3 input format is an extension of the classic form and it is descripted by the SMT-LIB 2.0 standard [17]. In the following, we try to describe how create a basic script, by introducing the syntax of the most important commands that are used for define variable, functions and constraints. Then, we will use them in an example.
Let’s start from the declaration of variables and functions. The commands that consent the declaration actions are the following:
. declare-const: It is used for declare a new variable, the syntax of this command require to insert a name and a sort (type).
For example, the following code line declares a new integer variable named a:
(declare-const a Int)
. declare-fun: It is used to declare a new function; the syntax of this command requires to define a name, the parameters’ types and the returned type.
43 Chapter 3
As an example, the following line declares a new function named f which takes as input two parameters (one integer and one Boolean) and returns an integer value:
(declare-fun f (Int Bool) Int)
Note that the declaration of a function does not permit us to define the behaviors of the function itself. A function defined in this way is used into problems with a different purpose. In particular, the solver tries to search a function’s structure that can satisfy the constraints in which the function is used.
We proceed by introducing another way that can be used for create a function. This approach uses the command define-fun; through which it is possible to declare a function and to provide a definition for the function’s structure. For example, by recovering the form of the function f introduced in the last example, we define a function which returns 21 if the integer value and the Boolean value, passed as parameters, are equal to 21 and false respectively.
Before show the syntax of the command define-fun, it is necessary to introduce the ite (if-then-else) command, which has the following structure:
(ite (logic_condition) true_result false_result)
Now, we can define the function as:
(define-fun f ((x!1 Int) (x!2 Bool)) Int (ite (and (= x!1 11) (= x!2 false)) 21 0) ) Once defined how create variables and functions, we show how define the constraints that govern them. The command for introducing a new constraint is based on a single parameter. This command is named assert; its syntax is the following:
(assert (logical_condition))
Once defined variables and constraints, in order to check the satisfiability of the problem, we use the command check-sat; which returns a value equal to
44 Background
sat if the problem is satisfiable, unsat otherwise. In addition, if the problem is satisfiable, we can also use the command get-model, that shows which values were assigned to the variables. Moreover, in the case where we have declared (not defined) functions, the get-model command shows also how they have been initialized.
In the following, we show a basic script the can help the reader to better understand how define a problem through the SMT-LIB textual-format.
Example
The variables of the problem are composed by two declarations: the first is a variable (line 1), the second is a function (line 2). Then, we define two constraints: the first is related to the variable a, which must be greater than 10; the second is about the function, which must return a value lower than 100 when we pass as input a (can vary), and true (fixed). Finally, we ask to the solver if there is a solution to this SMT problem.
1. (declare-const a Int) 2. (declare-fun f (Int Bool) Int) 3. (assert (> a 10)) 4. (assert (< (f a true) 100)) 5. (check-sat)
The result of this problem is positive: the value sat is returned. In way to know which values have allowed to satisfy the problem, we add the command get- model; and we relaunch the script. The obtained result is:
(model (define-fun a () Int 11) (define-fun f ((x!1 Int) (x!2 Bool)) Int (ite (and (= x!1 11) (= x!2 true)) 0 0)) )
45 Chapter 3
Z3 Solver API
Since our application has been developed using the Java language, the previous input method cannot be used. In order to be able to create variables, function and constraints of a SMT problem in Java, we must use the Z3’s Java API.
On the line of the previous section, we introduce the main aspect of the problem construction through the use of the Java API. Below, we first introduce the main objects that are necessary. All the methods showed below have been used in our application (see Appendix A).
The object Context offers the main interaction with the solver. It permits define: a new solver, variables and constraints. The methods which we can call up from it and that need a particular attention are related to:
. The initialization of new solvers; in which we can choose between two methods:
mkSolver: this method is used for create a new solver, in other words, it permits to initialize an empty solver;
mkOptimize: similar to the previous one, this method initializes a new solver that can be used for solve problems which have an objective function (min-max problems).
. The variables and function definition, in which the methods are:
mkBoolConst: define a new Boolean variable;
mkRealConst: define a new Real variable;
mkFuncDecl: define a new Function.
It is also possible define other types of variables or create new ones, the three showed before are those used in the application.
. The logical conditions, we are able to create both logical and mathematical conjunctions:
46 Background
mkAnd, mkOr, mkNot: define logical conjunctions;
mkEq, mkGe, mkGt, mkLe, mkLt: define mathematical conjunctions.
All the previous conjunctions can be concatenated; in this way it is possible define any type of constraint.
In way to better understand how handling these methods, we use them in an example by comparing the java code with the syntax introduced in the previous section.
Example
In this example, we define a problem that contains two integer variables, and , and three constrains. The goal is to maximize the values of the two variables. The problem, in mathematical form, is: + = 10 ≥0 ℎ , ∈ℤ ≥0
The Java source code for defining this problem is the following: 1. //Define an optimization problem 2. Context ctx = new Context(); 3. Optimize opt = ctx.mkOptimize(); 4. 5. //Define the variables 6. IntExpr xExp = ctx.mkIntConst("x"); 7. IntExpr yExp = ctx.mkIntConst("y"); 8. 9. //Define the constraints 10. opt.Add(ctx.mkEq(ctx.mkAdd(xExp, yExp)),ctx.mkInt(10))); 11. opt.Add(ctx.mkGe(xExp, ctx.mkInt(0))); 12. opt.Add(ctx.mkGe(yExp, ctx.mkInt(0))); 13. 14. //Set objectives functions 15. Optimize.Handle mx = opt.MkMaximize(xExp); 16. Optimize.Handle my = opt.MkMaximize(yExp); 17. 18. //Print on the console the results 19. System.out.println(opt.Check()); while, the SMT-LIB source code is
47 Chapter 3
1. ;Define the variables 2. (declare-const x Int) 3. (declare-const y Int) 4. 5. ;Define the constraints 6. (assert (>= x 0)) 7. (assert (>= y 0)) 8. (assert (= (+ x y) (10))) 9. 10. ;Check the satisfiability, and find the max of x and y 11. (check-sat) 12. (maximize x) 13. (maximize y) the result of this problem exists, so the problem is satisfiable. The output showed are the same for both the problem and equals to:
sat (model (define-fun y () Int = 10 10) ↔ =0 (define-fun x () Int 0) )
48
CHAPTER 4 MECHANISMS FOR RULE MANAGEMENT
In this chapter we introduce the concept of rule: describing its features and information that brings with it. Next, we explain how we have formalized conflict resolution in the form of a SMT problem. Finally, we analyze the constraints that compose these problems.
4.1 Overview
As introduced in Section 2.2.3, the current solutions are limited to the decision to include or not the user in their resolution process. In addition, these solutions are designed to perform only a run-time analysis, whereby; we cannot perform an offline analysis. Moreover, these approaches do not find a permanent solution to conflicts but only prevents an inconsistency in the system’s data; therefore, the same problem may occur again. By analyzing the limits of the current conflict detectors, we have decided to create a tool that can perform a conflict detection at design level.
Then, we have delineated two goals of our solution:
1. Since the actual solutions capture a data inconsistency only when they happen (run-time approach), some potential conflicts may not be detected due to the fact that the triggering of a rule depends on the system, which we cannot directly control. An approach that identifies potential conflicts before they happen enables us to avoid all the
49 Chapter 4
harmful situations beforehand (offline approach) and does not require a running system.
2. The conflict resolution technique should involve users; in particular, by informing them of the problem and by allowing them to add or change rules.
In the first part of this chapter we explore the concept of Rule, by describing how we have evolved its structure and the data that describe it (see Section 4.2). In the Section 4.3, we analyze the formalization process, by defining the variables and constraints that compose the SMT problem. Finally, in the Sections 4.4 and 4.5, we show some possible improvement and additional features.
4.2 Informal Description of Rules
In this section we show how we have modeled the Rules. Starting from the form introduced in the section 2.3, we have enhanced it in order to satisfy more advanced requirements (see Table 2.1).
The starting model is the IFTTT, which is characterized by the following features:
. One trigger event
. One action (also called actuator setting)
. Enabled in a single period of time
. Static behavior
The simple structure of these policies allows users to easily create basic control rules even without an advanced knowledge of the trigger-action programming. However, even if the simple structure of the rules allows users to easily define rules, it is more complicated (or impossible) to implement a resolution process that does not involve the deleting of one of the two conflicting rules.
50 Mechanism for Rule Management
As an example, considering the following rules acting on the same room, which are defined using the IFTTT logic:
“If someone in the room then turn on the light”
“If brightness is sufficient then turn off the light”
These two rules might conflict when a person enters the room and this is lit. The most intuitive solution is to add the trigger “and the room is dark” to the first rule, but it is not feasible for this model.
Therefore, we need to increase the number of sensors and actuators which compose a single rule. In this model, the features of a rule become:
. n trigger events
. n actuator settings
. Enabled in a single period of time
. Static behavior
In particular, the increased number of trigger events allows us to extend the complexity of the rules and give more flexibility to the users without affecting their experience [6].
On the other hand, the increasing number of actuator settings has been necessary to avoid redundancy of rules. For example, if in a room there are multiple light points, with the previous model of rule it would have been necessary to define one rule for each lamp, which are characterized by the same triggers; increasing the number of actuators allows users to create only one rule that controls all lamps (as actuators). Moreover, also this improvement gives more flexibility to the users and reduces the number of SMT problems to formalize.
51 Chapter 4
Using this model, it is possible to solve the conflict of the previous example, obtaining the following rules:
“If someone in the room AND the room is dark then turn on the light”
“If brightness is sufficient then turn off the light”
After extending rule patterns as above, we pursuit the following research questions: is the level of abstraction of our model enough? Can it satisfy the structure of the rules implemented in modern systems?
At first, the answer was yes, but with the creation of increasingly complex rules we have realized that conditions and settings like
“If someone is in the room for 10 minutes then …” or
“If the window is open for at least 15 minutes then …” or
“… then keep the light on for 30 minutes” or
“… then keep the AC on for 10 minutes”, could not be controlled using the current rules model.
Therefore, it has been necessary to further refine the rule model by introducing new parameters that specify a range of time, both for the trigger events and actuator settings.
For the trigger events, this time value indicates for how long the related trigger event’s condition must be satisfied before it can be considered verified. Instead, for the actuator setting, the time value identifies how long we want that this setting remains active after its activation.
Consequently, in this third form, the features of the rules are:
. n trigger events;
. n actuator setting;
. Enable in a single period of time;
52 Mechanism for Rule Management
. Dynamic behavior;
These rule patterns allow the system developer to define dynamic conditions and settings, and not only instantaneous changes.
Some examples of rules definable with this model are:
“If the window is open for 10 minutes then turn off the heating”
“If someone is in the room then keep the light on for 30 minutes”
Data Handled by Rules
Since the final rule model defined above embeds differ kinds of data, before introducing the encoding techniques for the SMT problem formalization it is necessary to have a clear statement of what is a rule. In particular, in this section we provide: a description of the trigger events and the actuator settings which compose a rule, a description of the data which describe a rule and a definition of two sets which will be useful for the subsequent formalization procedure.
A rule is made up of trigger events and actuator settings. An actuator setting (AS) describes the action that manipulates the system status; in particular, it describes the value to be imposed to an actuator’s parameter and for how long this value must be held. Moreover, an AS is characterized by: an actuator that it is composed of different parameters, the value to impose on each parameter and a time duration. A trigger event (TE) describes the condition that must occur, before performing the corresponding ASs. In particular, a TE is characterized by: a sensor that it is composed of different parameter and a time duration. A further analysis of the rules is presented in Section 5.5.
Therefore, we define a rule as a tuple = 〈 , , , , , 〉 where:
. is the rule’s actuator set;