Analytical Determination of Interoperability between Distributed Simulations I: Models of Physical Processes

S. Y. Harmon
Advanced Telecommunications, Inc.
harmon@ati-sd.com

[NOTICE: HTML does not currently support all of the mathematic symbols used in this paper. The HTML version is provided for casual browsing, but serious readers must refer to the Postscript or MS Word 6.0 version of the paper.]

ABSTRACT

The basis of an analytical technique has been developed which determines if two simulations can interoperate together. Two functionally correct simulations can interoperate correctly only if no artifacts occur simply because the simulations interact. Four artifact classes have been defined: accuracy inconsistencies, timing inconsistencies, sequencing inconsistencies, and registration inconsistencies. These artifacts create simulation results which do not correspond with outcomes of the corresponding physical processes with exactly the same initial states and boundary conditions.

A simulation of a physical process consists of two separate descriptions: an abstract representation or model of the physical process and an implementation of that model within a computing environment. Each description has different generic characteristics which affect interoperability differently. Two simulations interact directly when a subset of the values of the dependent variable set from one simulation becomes a subset of the values for the independent variable set of the other simulation. The two interacting simulations interoperate correctly when their interactions do not create any of the interoperability artifacts described above. Constraints on the relationships between the generic characteristics of the models and their implementations have been derived from propositions defining the nature of artifacts and simulation characteristics.

This work represents a simple beginning of a theory to analytically describe the phenomenon of interoperability between distributed simulations. All of the propositions upon which this work is founded are empirically testable and have a well defined general scope. All of the constraints which have been derived from these propositions form empirically testable hypotheses. Additional effort is ongoing to extend this analytical definition in order to gain completeness.

INTRODUCTION

The rapid evolution of computing and communications technologies has created the opportunity for large scale distributed simulations to be developed for a variety of purposes. While still in its infancy, distributed simulation is expected to become widespread and a mainstay resource of both military and commercial engineering communities. Yet, relatively little is understood about the effects of interoperability on the generation of exercise data with distributed simulations beyond the communications and database issues [1]. Without a fundamental understanding of interoperability the construction of large scale distributed simulation exercises is and will continue to be complicated and unreliable. As a result, risk will be hard to predict and manage and the benefits of distributed simulation will be difficult, if not impossible in some cases, to realize. This is primarily true when distributed simulation is applied to domains where decisions made from the exercise results can affect human life such as engineering and operational planning.

This paper describes one simple step toward developing a comprehensive theory of interoperability between distributed simulations. It attempts to rigorously characterize the properties of models and their implementations and from these properties analyze the interactions between these components of simulation.

THEORY

All simulations are approximations of phenomena in the physical world. Even attempts to approximate human behavior with computers try to represent those poorly understood physical phenomena which manifest our conscious and unconscious activities. This work begins by characterizing, in the most abstract terms, the attributes of all physical processes. Then, the characteristics of models of those physical processes are defined. These models can take any form ranging from succinct mathematical representations to vast tables of data. Simulations of physical processes are defined as implementations on the models of those processes. Simulations are then described in terms of the properties of their computing environments. Next, the nature of a class of simulation artifacts is described. These artifacts are the occurrences of simulation results which cannot occur under the same conditions in the physical world and, therefore, are undesirable. Finally, theorems describing the properties and limitations of interacting models are derived from the definitions and propositions provided in the previous four sections. Most of the limitations define the necessary conditions to avoid simulation artifacts.

Physical Processes

The entire physical world of interest can be represented by a collection of interacting objects. Each object in the world consists of a set of properties which characterize the state of the object and a set of processes which characterize the behavior of the object. Object processes change the values of the object's own properties or the values of the properties of other objects or both. The value of an object property cannot change without a responsible physical process. The propositions and definitions which follow formalize this picture of the physical world.

Proposition 1: The entire physical world, W, can be represented by a set of N interacting objects:

W = {O1, ..., Oi, ..., ON}

where Oi = the ith object in W.

Proposition 2: An object, Oi, in the physical world can be completely described by the values of a set of properties and the members of a set of processes which change the values of those properties:

Oi = {Pi, Ri}

where

Pi = {pi1, ..., pij, ..., pim} and

Ri = {ri1, ..., rij, ..., rin}

and where

pij = the value of the jth property of Oi and

rij = the jth process of Oi.

Definition 1: The state of an object is defined by the set of values of all of its properties such that for Oi its state is given by the set of values Pi.

Definition 2: The state of the world, W, is defined by the set of values of all of the properties of all of the objects such that W = {P1, ..., PN}.

Proposition 3: Object states can only change as a result of the world processes such that the value of a single property, pij, of Oi is given by the relation

pij = rkl(Ql)

where

rkl {R1, ..., RN} and

Ql = {q1, ..., qlm} {P1, ..., PN}.

Definition 3: A process of Oi is said to be internal to Oi when

pij = rik(Qk)

and rik Ri and Qk Pi.

Definition 4: A process of Oi is said to act upon another object Ok when

pkl = rij(Qj)

and i k, rij Ri and Qj Pi.

Definition 5: A process of Oi is said to respond to another object Ok when

pij = ril(Ql)

and ril Ri, Ql {Pi, Pk} and Ql Pk .

Proposition 4: No object property can change its value without a responsible process.

The remainder of this discussion explores the interactions between objects in the world. For notational simplicity the world is assumed to consist of only two objects, Oi and Oj. Each object has a single property and a single process such that

Oi = {pi, ri} and

Oj = {pj, rj}.

This is the simplest possible world necessary to develop a detailed description of the interoperability between simulations. The generalization of this description to multiple objects with multiple properties and multiple processes is a straightforward step. However, this generalization only complicates the notation.

Proposition 5: The interaction of two processes, pi = ri(qi) and pj = rj(qj), can be described by the relation

pi = ri(rj(qj)) = ri(pj).

The processes represented by ri and rj can be either two processes within a single object or the processes in two different objects. These functions are mathematical representations of the actual physical processes which govern the changes of object state. Most of such processes have been reasonably well characterized by their corresponding scientific or engineering disciplines. As a result, the entire body of scientific and engineering literature can be used to provide these functions.

Models of Physical Processes

A physical process can be represented abstractly by a mathematical model. In general, any mathematical model of a physical process can do no better than approximate the results of that process. Some models are very good approximations which are often assumed (incorrectly) to be exact.

Definition 6: The abstract representation, fi(xi), which approximates the behavior of the physical process, ri(qi), such that

when xi = qi then yi = fi(xi) pi = ri(qi)

is a model of that physical process.

Proposition 6: Any physical process, ri(pi), for the object Oi can be approximated by a model of that process, fi(xi), such that if xi = qi then

fi(xi) ri(qi) and yi pi.

In general, any model of a physical process can do no better than approximate the results of that physical process. Some models offer excellent approximations which are often incorrectly assumed to be exact.

Definition 7: Correspondence is a property of a model, fi, of modeling the effects of a physical process, ri, which requires that

yi = fi(xi) pi = ri(qi)

when xi = qi.

Definition 8: The independent variable set is a property of a model, fi, defined by the set of all of the variables upon which fi depends and, in the case of the simplified representation used herein, is given by xi.

The input variables are the representations of the properties upon which the model depends. In this discussion only a single independent variable is used, xi, which corresponds to the property qi in the physical world for each object Oi. However, the generalization to a set of independent variables, X, is straightforward.

Definition 9: The dependent variable set is a property of a model, fi, defined by the set of all of variables which are generated by fi and, in the case of the simplified representation used herein, is given by yi.

The output variables are what the model produces and represent the properties which are changed by the model of the physical process. They are the dependent variables of the model. As with the independent variables, in the following discussion uses only a single dependent variable, yi, which corresponds to the property pi in the physical world for each object Oi. As with the independent variables, the dependent variable set, Y, can easily be generalized to include memberships greater than one. The output variable set, Y, can be a subset of the input variable set, X.

Some models have limited sensitivity to changes in the independent variables.

Definition 10: The sensitivity, xi, of the independent variable, xi, for the model, fi(xi), of a physical process is defined by the relation

if |xi - xi| < xi then fi(xi) = fi(xi) for given values of xi and xi

where xi xi and xi > 0.

Proposition 7: A value, xi, exists for each independent variable, xi, of the model, fi(xi), of a physical process for the object Oi such that

if |xi - xi| < xi then fi(xi) = fi(xi) and xi xi for all values of xi and xi.

Definition 11: The model, fi(xi), of a physical process, ri(qi), for the object Oi is considered to have sufficient sensitivity for a particular application if and only if the maximum sensitivity, xi, meets the constraint

xi [[twosuperior]] xai over the entire range of independent variable values of interest

wherexai = a constant specified by the user of the model fi(xi) and this value is a measure of a model[[Otilde]]s sensitivity.

This property is characteristic of models which are constructed using finite element and finite difference representations.

Often time is an independent variable of models of physical processes. Although time is strictly no different than any other independent variable, a view of a model's response to the passing of time is sometimes important. As a result, a separate property is defined which represents a model's temporal sensitivity.

Definition 12: The temporal sensitivity, ti, of the dependent variable, yi, for the model, fi(xi), of a physical process is defined by the relation

if t - t0 < ti then fi(xi, t) = fi(xi, t0) for given values of xi and xi

where t > t0 and ti > 0.

Proposition 8: A value, ti, exists for each dependent variable, yi, of the model, fi(xi), of a physical process for the object Oi such that

if t - t0 < ti then fi(xi, t) = fi(xi, t0) and ti ti for all values of xi and xi and t and t0

where t > t0.

Definition 13: The model, fi(xi), of a physical process, ri(qi), for the object Oi is considered to have sufficient temporal sensitivity for a particular application if and only if the maximum sensitivity, ti, meets the constraint

ti [[twosuperior]] tai over the entire range of dependent variable values of interest

where tai = a constant specified by the user of the model fi(xi) and this value is a measure of a model[[Otilde]]s temporal sensitivity.

The separation of the effects of time on the model enables the distinction between time and the properties of the objects of the world whose values may, and probably do, vary with time. However, for some models, the values of the dependent variables may vary with time even though the values of the independent variables do not change (e.g., the dispersion of a smoke cloud). In short, the dependence upon time may be a characteristic of the function which represents the physical process.

Some models have limited resolution in their dependent variables.

Definition 14: The resolution, yi, of the dependent variable, yi, for the model, fi(xi), of a physical process is defined by the relation

yi = yi + nyi for given values of xi and xi

where xi xi and n = integer and yi 0.

Proposition 9: A value, yi, exists for each dependent variable, yi, of the model, fi(xi), of a physical process for the object Oi such that

yi = yi + nyi and yi [[twosuperior]] yi for all values of xi and xi

where n = integer.

Similarly, a model can have a limiting resolution of the dependent variables. This property is characteristic of models represented by tables of data which cannot be safely interpolated such as terrain databases.

Definition 15: The model, fi(xi), of a physical process, ri(qi), for the object Oi is considered to have sufficient resolution for a particular application if and only if the maximum resolution, yi, meets the constraint

yi [[twosuperior]] yai over the entire range of dependent variable values of interest

where yai = a constant specified by the user of the model fi(xi) and this value is a measure of a model[[Otilde]]s resolution.

Definition 16: The approximation error, i, for each dependent variable, yi, of the model fi(xi) of the physical process ri(qi) for the object Oi is defined by the relation

i = ri(xi) - fi(xi) = pi - yi for a given value of xi.

Proposition 10: A value, i, exists for each dependent variable, yi, of the model, fi(xi), of the physical process, ri(qi), for the object Oi such that

if xi = qi then |ri(xi) - fi(xi)| = |pi - yi| |i| for all values of qi.

Ideally, fi(xi) will be exact and i = 0 but this is seldom the case. The property |i| is a measure of how well the model represents the physical process to which it corresponds over a range of independent variable values. For a specific application, a user of the model would specify the acceptable limits of the approximation error for each dependent variable of interest for each object (or object class) of interest.

Definition 17: The model, fi(xi), of a physical process, ri(qi), of the object Oi is considered sufficiently accurate for a particular application if and only if the maximum value of i meets the constraint

|i| [[twosuperior]] |ai| over the entire range of independent variable values of interest

where ai = a constant specified by the user of the model fi(xi) and this value is an inverse measure of a model[[Otilde]]s accuracy.

Some types of models representing complex physical processes or components of complex physical processes are stochastic functions. In this type of representation the dependent variable, yi, varies randomly around an expected value, yei, such that for a given xi.

Definition 18: The random deviation, i, for each dependent variable, yi, of the stochastic model fi(xi) of the physical process ri(qi) of object Oi is defined by the relation

yei - i [[twosuperior]] yi [[twosuperior]] yei + i for a given value of xi

where yei = the expected value of yi for the value of xi.

Proposition 11: A positive value, i, exists for each dependent variable, yi, of the stochastic model, fi(xi), of a physical process for the object Oi such that

if xi = qi then yei - i [[twosuperior]] yi [[twosuperior]] yei + i and i [[twosuperior]] i for all values of xi.

Ideally, fi(xi) will be an exact deterministic representation of ri(qi) and then i = 0 but this is seldom the case when representing complex and poorly understood physical processes. Stochastic models provide the means to estimate the essential behavior of a physical process within certain limits. The property i is another measure of how well the model represents the physical process to which it corresponds over a range of independent variable values. For a specific application, a user of the stochastic model would specify the acceptable limits of the random deviation for each dependent variable of interest for each object (or object class) of interest.

Some applications of simulation, such as training, encourage a certain amount of nondeterministic behavior in order to enhance training value by exposing the student to a predictable amount of situation variability. Other applications can tolerate no stochastic behavior, e.g., testing and evaluation, because of the need for absolute repeatability of experiments. However, in the most general case a user would specify the limits of random behavior of each stochastic function by providing a constant which would not be exceeded for each stochastic variable.

Definition 19: The stochastic model, fi(xi), of a physical process for the object Oi is considered sufficiently predictable for a particular application if and only if the maximum random deviation, i, meets the constraint

i [[twosuperior]] ai over the entire range of independent variable values of interest

where ai = a constant specified by the user of the model fi(xi) and this value is an inverse measure of a model[[Otilde]]s stochasticality.

Definition 20: The stochastic model, fi(xi), of a physical process, ri(qi) for the object Oi is considered well behaved for a particular application if and only if it is sufficiently accurate and sufficiently predictable.

Generally, mathematical models are only well behaved over a limited range of independent variables. This fact leads to the next proposition.

Proposition 12: A range of values, xil and xiu, exists for the independent variable, xi, of the model, fi(xi), of a physical process, ri(qi), for the object Oi such that

if xli [[twosuperior]] xi [[twosuperior]] xui then |pi - yi| = |i| [[twosuperior]] |ai|

where xli [[twosuperior]] xui.

Definition 21: The range of values, xli and xui, of the independent variable, xi, over which the model, fi(xi), of a physical process is sufficiently accurate for a particular application is defined as the accurate range for that application.

Definition 22: The range of values, xli and xui, of the independent variable, xi, over which the model, fi(xi), of a physical process is sufficiently stable for a particular application is defined as the stable range for that application.

Definition 23: The range of values, xli and xui, of the independent variable, xi, over which the model, fi(xi), of a physical process is well behaved for a particular application is defined as the suitable range for that application.

Simulations of Physical Processes

The discussion above examines only the characteristics interacting models. No assumptions are made about how these models are implemented. This discussion continues by exploring the effects of the computing and communications environment within which the models are implemented and executed.

Definition 24: The computational process, di(ui), which approximates the behavior of the model of a physical process, fi(xi), such that

when ui = xi then vi = di(ui) yi = fi(xi)

is an implementation of that model or a simulation of the physical process represented by that model.

Definition 25: The implementation, di(ui), of a model, fi(xi), which approximates the behavior of a physical process, ri(qi), such that

when ui = qi then vi = di(ui) pi = ri(qi)

is a simulation of the physical process ri(qi).

Proposition 13: Any model of a physical process, fi(xi), for the object Oi can be approximated by an implementation of that model, di(ui), such that if ui = xi then

di(ui) fi(xi) and vi yi.

Like the models of physical processes, any simulation of a physical process can do no better than approximate the behavior of that process. Also like models, some implementations provide excellent approximations which are often incorrectly assumed to be exact representations.

The term computing environment refers to the collection of the computer, its peripherals, its communications support and its system software. The computing environment includes everything except the executable programs which represent the models. This lumped representation has been chosen to simplify the analysis by avoiding the detailed and complex interactions of the computing environment components. In general, real simulations consist of many models and the implementations of these models may be executed within different computing environments which are connected through a communications link. Like models, computing environments have characteristics which are reasonably independent of their specific function and construction. These characteristics are described below.

Proposition 14: Every computing environment, K, has a property whose value, , describes the total size of the all of the memory within K and where

M > 0.

Proposition 15: If an implementation, di(ui), of a model resides within a computing environment, K, which has a total memory of size M then the value of a variable, ui, occupies a portion of K[[Otilde]]s memory such that the total remaining unused memory, M, is given by the relation

M = M - i

where i = a constant which is the amount of memory required to represent the value ui and

0 < i < M.

Definition 26: For a given implementation, di(ui), within a given computing environment, K, the value, i, associated with each variable, ui, is the representation size of that variable.

Computing environments introduce two sources of errors. One is the error in representing a value within a computing environment. This limitation leads to the well known roundoff errors. The other error source is limitation in representing a actual function within a computing environment. Many of the mathematical functions executed in computers are only approximations of the actual functions. The errors introduced by these approximations are often independent of those introduced by value representation limits.

Definition 27: Within a given computing environment, K, the variable representation error, i, for each dependent variable, vi, of an implementation, di(ui), of a model, fi(xi), of a physical process for object Oi is defined by the relation

i = fi(xi) - fi(ui) for a given value of ui.

The variable representation error is the error which results from the limitations on representing the value of a variable. Thus, this error is defined for a dependent variable by using the exact functions upon the precise variable value and the imprecise representation of the independent variable value.

Proposition 16: For a given variable value, vi, its variable representation error, i, is related to the representation size, i, of that variable such that

lim(i) i = 0.

This proposition states that the representation size controls the variable representation error and that that error is inversely proportional to the representation size (i.e., the more memory which is dedicated to the representation of a value the closer that value approximates the analytical value).

Proposition 17: A value, i, exists for each dependent variable, vi, of the implementation, di(ui), of the model, fi(xi), of a physical process for the object Oi such that

|fi(xi) - fi(ui)| |i| for all values of xi and ui.

Ideally, the representation of ui will be exact and i = 0 but this is seldom the case. The property |i| is a measure of how well the simulation represents the values of the dependent variables over a range of independent variable values.

Definition 28: Within a given computing environment, K, the function representation error, i, for each dependent variable, vi, of an implementation, di(ui), of a model, fi(xi), of a physical process for object Oi is defined by the relation

i = fi(xi) - di(xi) for a given value of xi.

The function representation error is the error which results from the limitations on representing a function. Thus, this error is defined for a dependent variable by using the exact value of the independent variable within both the precise function and the imprecise representation of that function.

Proposition 18: A value, i , exists for each dependent variable, vi, of the implementation, di(ui), of the model, fi(xi), of a physical process for the object Oi such that

if ui = xi then |fi(xi) - di(ui)| |i| for all values of xi and ui.

Ideally, the representation of di(ui) will be exact and i = 0 but this is seldom the case. The property |i| is a measure of how well the simulation represents the functions in the simulation over a range of independent variable values.

Definition 29: Within a given computing environment, the total representation error, i for each dependent variable, vi, of an implementation, di(ui), of a model, fi(xi), of a physical process for the object Oi is defined by the relation

i = fi(xi) - di(ui) = yi - vi for a given value of ui.

The total representational error combines both the variable and the function representation sources of computational error. This lumped representation error may be more accessible and, thus, more useful than the individual components. This definition leads to the following proposition.

Proposition 19: For a given dependent variable value, vi, the total representation error, i, for that variable is related to the variable representation error, i, and the function representation error, i, such that

i = i + i.

Proposition 20: A value, i, exists for each dependent variable, vi, of the implementation, di(ui), of the model, fi(xi), of a physical process for the object Oi such that

if ui = xi then |fi(xi) - di(ui)| = |yi - vi| |i| for all values of xi.

Ideally, di(ui) will be exact and i = 0 but this is seldom the case. The property |i| is a measure of how well the simulation represents the model which it represents over a range of independent variable values.

Definition 30: If at time t the physical process, ri(qi), begins to act upon the state of its dependent property and at time t + tri it has changed that state from pi to pi + pi then the process latency for that state change is tri(pi, pi).

Proposition 21: The process latency, tri(pi, pi), is always greater than zero for any physical process where pi 0.

Definition 31: If at time t the simulation of a physical process, di(ui), begins to compute, for a given total representational error, the state of its dependent variable and at time t + tdi it has changed that state from vi to vi + vi then the computational latency for that state change is tdi(vi, vi).

This definition has suggested a dependency between the computational latency and the representation error. This dependency suggests the following proposition.

Proposition 22: For a given implementation, di(ui), its function representation error, i, is related to the computational latency, tdi, for computing a dependent variable state change such that

lim(tdi ) i = 0.

This proposition states that the computational latency controls the function representation error and that that error is inversely proportional to the computational latency (i.e., the more time spent computing the results of a function the better that value approximates the analytical result).

Definition 32: If the simulation, di(ui), of a physical process, ri(qi), has a computational latency, tdi, such that

tdi = tri when vi = pi and vi = pi

for all vi and vi then di has temporal correspondence with ri.

In general, some considerable effort is required to construct a simulation which has temporal correspondence with the physical process which it represents because the time required to execute the simulation of a physical process is completely unrelated to the time required for the actual physical process to act. No physical constraints exist which can guarantee this property other than an implementor[[Otilde]]s diligence. The lack of this correspondence is a particularly crucial problem when computing environments are coupled to actual physical processes.

Definition 33: The temporal deviation, i, for each dependent variable, vi, of the simulation, di(ui), of a physical process, ri(qi), of the object Oi is defined by the relation

i = tri - tdi for given values of vi and vi.

Proposition 23: A value, i, exists for each dependent variable, vi, of the simulation, di(ui), of the physical process, ri(qi), for the object Oi such that

if vi = pi and vi = pi then |tri - tdi| |i| for all values of pi and pi

and for a value of vi with a given representational error.

Ideally, i = 0 but this is seldom the case. The property |i| is a measure of how well the simulation represents the timing of the physical process to which it corresponds over a range of independent variable values. For a specific application, a user of the simulation would specify the acceptable limits of the temporal deviation for each dependent variable of interest for each object (or object class) of interest.

Definition 34: The simulation, di(ui), of a physical process, ri(qi), of the object Oi is considered to have sufficient temporal correspondence for a particular application and for a given representational error if and only if the maximum value of |i| meets the constraint

|i| [[twosuperior]] ai over the entire range of independent variable values of interest

where ai = a constant specified by the user of the simulation di(ui) and ai 0.

Proposition 24: There exists a time interval, tdi, such that, within a given computing environment and for a given representational error, if a simulation, di(ui), produces the state change from vi to vi + vi with a computational latency of tdi, then that computational latency always obeys the relation

tdi tdi for all values of ui.

Definition 35: The value of computational latency, tdi, is the minimum computational latency for the simulation di(ui).

Definition 36: If process latency of ri(qi) is tri and the computational latency of the corresponding simulation, di(ui), for a given representational error is tdi then the value, i, defined by the relation

i = tdi/tri

is the temporal deformation of the simulation di(ui).

Interconnectivity refers to the ability to communicate information meaningfully from one computing environment to another. In some computing topologies communication from all of the computers to all of the other computers is not physically possible. This would prevent two models from interacting. In addition, the appropriate representational translators must be available which guarantee that the information which is communicated between simulation programs can be accurately and consistently interpreted. If such interpretation is not possible then the individual computing environments might as well not be physically connected (in fact, it would probably be better if they were not to prevent the illusion of interconnectivity). All of these issues which are traditionally associated with interoperability are included within the characteristics described below.

Definition 37: Given two separate computing environments, Ki and Kj, which are connected by a communication link, Cij, and given that Ki and Kj both represent the value of a property, uk, so if at time t

uk = uk on Ki and uk = uk + uk on Kj

and at that same time Kj communicates through Cij a new value, uk + uk, to Ki such that at time t + tCij

uk = uk + uk on Ki

then the time interval tCij is the communication latency between Ki and Kj over Cij.

Proposition 25: A time interval, tCij, exists for a given communication link, Cij, between two given computing environments, Ki and Kj, and a minimum representation size, Cij, of a property value, uk, such that the communication latency, tCij, required to communicate the state changes of uk from Kj to Ki will always obey the relation

tCij tCij for all values of uk where k Cij.

Definition 38: The value of the time interval tCij for the communication link Cij between two computing environments, Ki and Kj, is the transmission latency between Ki and Kj over Cij.

Definition 39: The value of the representation size Cij for the communication link Cij between two computing environments, Ki and Kj, is the unit representation size for Cij.

Proposition 26: Given a communication link, Cij, between two given computing environments, Ki and Kj, a nonnegative value, Cij, exists such that if

tCij = 0

then the total time, tCij, required to transmit the value of a property, uk, with a representation size, k, between Ki and Kj is given by the relation

tCij = k/Cij for k > Cij.

Definition 40: The quantity Cij representing the rate at which a communication link, Cij, transmits information between two computing environments, Ki and Kj, is the communication bandwidth of Cij.

Proposition 27: A nonnegative value, Cij, exists for a given communication link, Cij, between two given computing environments, Ki and Kj, such that the communications bandwidth, Cij, required to communicate the state changes of uk from Kj to Ki will always obey the relation

Cij Cij for all values of uk where k Cij.

Definition 41: The value of the communication bandwidth Cij for the communications link Cij between two computing environments, Ki and Kj, is the maximum communication bandwidth which is possible between Ki and Kj over Cij.

Most computing environments introduce some randomness in execution time. This is especially true of environments which are coupled to unpredictable sources of interrupts such as local and wide area networks.

Definition 42: The random execution variation, Kj, of the computational latency, tdi, of computing the state change in vi from an implementation, di(ui), in the computing environment Kj is defined by the relation

tdi* - Ki [[twosuperior]] tdi [[twosuperior]] tdi* + Ki

where tdi* = the expected value of tdi for a given vi and vi.

This characteristic includes the effects of both random computing delays as well as those introduced by nondeterministic communications process (e.g., ethernet backoff).

Proposition 28: A positive value, Ki, exists for each implementation, di(ui), of a model for object Oi such that

tdi* - Ki [[twosuperior]] tdi [[twosuperior]] tdi* + Ki and Ki [[twosuperior]] Ki for all values of vi and vi.

Some applications require that the amount of unpredictable performance must be controlled. Randomness in execution time of a simulation can also lead to a lack of repeatability and must be constrained.

Definition 43: The execution implementation, di(ui), of a model of a physical process for object Oi within the computing environment Kj is considered to sufficiently predictable if and only if the maximum random execution variation, Ki, meets the constraint

Ki [[twosuperior]] Ki over the entire range of dependent variable values and state changes

where Ki = a constant specified by the user of the implementation di(ui).

The very strict condition where Ki = 0 may only be achievable under very special circumstances (such as those seen in systems for testing and evaluation) where the execution conditions of the application software are strictly controlled by eliminating operating systems and nondeterministic communications processes.

Simulation Artifacts

Artifacts are undesirable occurrences that cause simulations to deviate from their representations of the physical world. In other words, artifacts are conditions which arise in models which could not arise in the actual physical processes under the corresponding circumstances.

Definition 44: An accuracy artifact is said to occur from a simulation, di(ui), of a physical process, ri(qi), when

|ri(qi) - di(ui)| = |pi - vi| > |ia|.

Definition 45: A timing artifact is said to occur from a simulation, di(ui), of a physical process, ri(qi), when that simulation does not have sufficient temporal correspondence or

|i| > |ia|.

Definition 46: A sequence of states is said to occur when the behavior of the object Oi can be described by an ordered set of successive states, {pi, pi}, where

pi = ri(qi) = ri(qi + qi) = pi + pi

and

pi 0

and, thus,

pi pi.

Definition 47: A sequencing artifact is said to occur when a simulation, di(ui), generates the sequence of successive states {vi, vi}and the physical process, ri(qi), which di(ui) simulates generates the sequence of successive states {pi, pi} such that

vi = pi but vi pi

when

ui = qi and ui = qi.

Definition 48: A registration artifact occurs when two simulations, di(ui) and dj(uj), of the same physical process, rk(qk), produce results such that

if ui = uj = qk then vi = di(ui) vj = dj(uj).

Interacting Models of Physical Processes

Interacting models can be used to represent the interactions of physical processes. Like the physical processes described above, two models interact when the variables which are output from one model are provided as input variables to another model.

Only the theorems derived for interacting models of physical processes are presented below. Their proofs have been provided in the Appendix. Further, this collection of theorems is incomplete and represents work ongoing. Additional theorems for interacting models can be derived from the propositions presented above and theorems for interacting implementations have yet to be derived.

Theorem 1: Two physical processes, ri(qi) and rj(qj), are approximated by two models, fi(xi) and fj(xj), and the two processes interact such that

pi = ri(pj)

then the two models must also interact such that

yi = fi(yj)

in order to approximate the interactions between those two physical processes.

Several theorems constraining the interactions between interacting models can be derived from a requirement that no accuracy artifacts exist as a result of their interactions.

Proposition 29: If two interacting physical processes, ri(qi) and rj(qj), are modeled by fi(xi) and fj(xj) such that

yi = fi(fj(xj)) = fi(yj)

then yi can only be guaranteed to be sufficiently accurate if and only if yj is sufficiently accurate.

Theorem 2: If two interacting physical processes, ri(qi) and rj(qj), are approximated by two interacting models, fi(xi) and fj(xj), such that

yi = fi(yj)

then the interactions of these models must produce values of yi such that

|i| |ia| over the entire range of xj of interest

in order to guarantee that the outcome of the interactions between the models maintains sufficient accuracy over the entire range of independent variables of interest.

This theorem expresses the need for the two models of interacting physical processes to exchange information in such a way as to still accurately, at least within the limits of acceptability of the models[[Otilde]] user, represents the outcome of the interactions between the real physical processes which they represent. This constraint implicitly encompasses the problems associated with mapping the output of one function to the input of another (e.g., unit consistency, coordinate system consistency).

Theorem 3: If two interacting physical processes, ri(qi) and rj(qj), are approximated by two interacting models, fi(xi) and fj(xj), such that

yi = fi(yj)

and the models, fi(xi) and fj(xj), have an independent variable ranges of xli and xui and xli and xui, respectively, then the outcomes from the interactions between these models can be guaranteed to maintain sufficient accuracy if and only if

xli [[twosuperior]] fj(xj) [[twosuperior]] xui

for all values of xj such that

xlj [[twosuperior]] xj [[twosuperior]] xuj.

Theorem 3 simply states that the output of the independent function, fj(xj) must be within the acceptable range of input variables of the dependent function, fi(xi).

Two concerns related to statistical consistency arise for interacting models with stochastic components: (1) random variations which may drive the independent variable outside the acceptable range of the dependent function and (2) stochastic functions which are sensitive enough to the random variations of their input variables that the output variables are driven outside the range of acceptable accuracy. These concerns will be addressed separately in the theorems given below.

Theorem 4: If two interacting physical processes, ri(qi) and rj(qj), are approximated by two interacting stochastic models, fi(xi) and fj(xj), such that

yi = fi(yj)

and the models, fi(xi) and fj(xj), have an independent variable ranges such that

xli xi xui and

xlj xj xuj,

respectively, and these models have random deviations such that

i ai for xli xi xui and

j aj for xlj xj xuj

then the outcomes from the interactions between these models can be guaranteed to maintain sufficient accuracy if and only if

xli + aj [[twosuperior]] yj [[twosuperior]] xui - aj

for all values of xj such that

xlj [[twosuperior]] xj [[twosuperior]] xuj.

This constraint guarantees that if the dependent function, fi(xi), receives input from a function with a stochastic component then that input will always be within the acceptable range despite the effects of the random variations. In other words, if this condition is obeyed then the existence of random variations will never cause excursions outside of which the dependent function is well behaved.

Theorem 5: If two interacting physical processes, ri(qi) and rj(qj), are approximated by two interacting stochastic models, fi(xi) and fj(xj), such that

yi = fi(yj)

and the models, fi(xi) and fj(xj), have an independent variable ranges such that

xli xi xui and

xlj xj xuj,

respectively, and these models have random deviations such that

i ai for xli xi xui and

j aj for xlj xj xuj

then the outcomes from the interactions between these models can be guaranteed to maintain sufficient predictability if and only if

|([[paragraph]]fei (yej)/[[paragraph]]yej) j)| + ci ai

for all values of xj such that

xlj [[twosuperior]] xj [[twosuperior]] xuj

and where

fei(xi) = yei = the deterministic component of fi(xi) and

ci = a random variation in fi(xi) which is independent of independent variables.

Theorems 4 and 5 both constrain the random deviation in the interactions of models. Theorem describes the constraint which arises from the need to maintain sufficient accuracy in the results of those interactions. Therefore, violation of the conditions given by Theorem 4 could lead directly to artifacts as a result of operating a model outside its acceptable range. Theorem 5 describes the constraint which arises from the need to maintain sufficient predictability in the results of those interactions. The constraint in Theorem 5 becomes considerably more complicated for models which are dependent upon the dependent variables from multiple stochastic models. The condition described by Theorem 5 is not a constraint which is derived from the conditions for artifacts and its violation would not necessarily lead to unacceptable artifacts. However, its violation would lead to operating the combined models outside the user specified limits of acceptable behavior. However, formulation of the statistical components is not intractable unless the subject models cannot be differentiated over the ranges of interest.

Theorem 6: A model, fi(xi), of a physical process, ri(qi), from which a simulation, di(ui), has been constructed can be guaranteed to avoid producing any accuracy artifacts if and only if

|i| |ai| - |i|.

Theorem 7: A simulation, di(ui), of a physical process, ri(qi), can be guaranteed to generate no sequencing artifacts if and only if the model, fi(xi) from which it is derived also generates no sequencing errors.

Theorems 6 and 7 establish that a simulation can do no better at representing a physical process than its underlying models.

Theorem 8: If two models, fi(xi) and fj(xj), representing two interacting physical processes, ri(qi) and rj(qj), have the independent variable sensitivities of xi and xj and interact such that

yi = fi(yj)

then those sensitivities must maintain a relationship such that

xai [[twosuperior]] |fj(xj + xaj) - fj(xj)|

in order to guarantee that no sequencing artifacts will occur as a result of the interactions between the two models fi(xi) and fj(xj).

Theorem 9: If two models, fi(xi) and fj(xj), representing two interacting physical processes, ri(qi) and rj(qj), have the independent variable sensitivities of xi and xj and dependent variable resolutions of yi and yj and these models interact such that

yi = fi(yj)

then the condition

xai [[twosuperior]] yaj

must be true in order to guarantee that no sequencing artifacts occur as a result of the interactions between the two models fi(xi) and fj(xj).

Theorem 10: A simulation, di(ui), of a physical process, ri(qi), can never produce a result better than its underlying model, fi(xi).

Theorem 11: If a model, fi(xi), of a physical process, ri(qi), has a maximum acceptable temporal sensitivity, tai, and the minimum state change of interest generated by that physical process can occur in no less than tri then

tai tri + ai

to prevent timing artifacts.

Theorem 12: If two models, fi(xi) and fj(xj), representing two interacting physical processes, ri(qi) and rj(qj), have the minimum acceptable temporal sensitivities of tai and taj and interact such that

yi(xi, t) = fi(yj, t)

then those sensitivities must obey the relationship such that

tai + taj tri + trj + ai.

where ai = acceptable temporal deviation for the last event in the causal chain

in order to guarantee that no timing artifacts will occur as a result of the interactions between the two models fi(xi, t) and fj(xj, t).

Theorem 13: Two physical processes, ri(qi) and rj(qj), are approximated by two simulations, di(ui) and dj(uj), and the two processes interact such that

pi = ri(pj)

then the two models must also interact such that

vi = di(vj)

in order to approximate the interactions between those two physical processes.

CONCLUSIONS

Distributed simulation is not new. Many highly complex distributed simulations have been constructed and exercises have been executed with them. Thus, the question arises, "Have the artifacts which are predicted when the above constraints are violated ever been observed?" The answer is a qualified yes. In general, the observed artifacts have been limited for several reasons. Most past exercises with high connectivity between execution environments have had relatively limited interactions between simulation objects. Many of the large scale exercises have been executed for demonstration purposes and any subtle inconsistencies with the physical world have gone largely unnoticed. In addition, many artifacts have been observed (e.g., flying tanks, invisible concealment) but ignored for various reasons. Finally, exercise developers have been very clever and devised several techniques to resolve most of the interoperability constraint violations without knowing exactly why the problems have occurred. The approach described herein begins to provide a robust foundation from which distributed simulation designs can be developed with confidence.

In summary, a systematic view of the interactions between mathematical models has been developed which provides insights into the limitations of models of interacting processes. Interacting models and their implementations present distinctly different limitations on representing interacting physical processes. Careful analysis of the limitations imposed by the differences introduced between modeling and simulation provides clearly defined constraints on the interoperability between models and implementations of models of physical processes. Nevertheless, the scope of this work is currently very limited and neither the characteristics nor the constraints form a sufficient set. Considerably more work is needed to derive the theorems describing the interactions between distributed implementations. Other theorems can likely be derived to better describe the interactions between interacting models as well. Furthermore, interactions between interoperability constraints clearly exist and these must be better understood. Research is currently ongoing to derive a more encompassing set of characteristics and constraints from the foundation presented here and to better understand the interactions between constraints. As mentioned in the introduction, this paper represents a simple beginning to quantifiably, rigorously and verifiably describing the phenomena controlling the interoperability of distributed simulations.

REFERENCES

[1] D. C. Miller, ÒInteroperability Issues for Distributed Interactive Simulation,Ó Proc. of the 1992 Summer Computer Simulation Conference, pp. 1015-1018.

[2] A. W. Smith & M. L. Wiedenbeck, Electrical Measurements, McGraw-Hill Book Co., Inc., New York, NY, 1959, p. 11.

APPENDIX: PROOFS OF THEOREMS

Theorem 1: Two physical processes, ri(qi) and rj(qj), are approximated by two models, fi(xi) and fj(xj), and the two processes interact such that

pi = ri(pj)

then the two models must also interact such that

yi = fi(yj)

in order to approximate the interactions between those two physical processes.

Proof:

From Proposition 5, two interacting physical processes can be described by

pi = ri(pj)

where pj = rj(xj).

From Proposition 6, the two physical processes, ri(qi) and rj(qj) can be approximated by the functions

yi = fi(xi) pi = ri(qi) when xi = qi and

yj = fj(xj) pj = rj(qj) when xj = qj.

By substitution of Proposition 6 into Proposition 5, the result of the two interacting processes can be approximated by

pi yi = fi(fj(xj)) = fi(yj) when xj = qj.

Theorem 2: If two interacting physical processes, ri(qi) and rj(qj), are approximated by two interacting models, fi(xi) and fj(xj), such that

yi = fi(yj)

then the interactions of these models must produce values of yi such that

|i| |ia| over the entire range of xj of interest

in order to guarantee that the outcome of the interactions between the models maintains sufficient accuracy over the entire range of independent variables of interest.

Proof:

From Theorem 1, if two physical processes, ri(qi) and rj(qj), interact such that

pi = ri(pj)

then the outcome of their interactions can be determined by two functions, fi(xi) and fj(xj), such that

yi = fi(yj).

By substitution of the definition, yj = fj(xj),

yi(xj) = fi(fj(xj)).

From Definition 16, the approximation error of the outcome of these interactions is defined by

i(yi) = pi - yi

and by substitution from above, for the two interacting models

i(xj) = i(yi) = pi - fi(fj(xj)).

By combining Proposition 10 and Definition 17, the definition of sufficient accuracy is

|i(yi)| |i| |ia| over the entire range of xi of interest

where

xi = yj = fj(xj).

Therefore, by substitution from above, for interacting models of interacting physical processes the condition for sufficient accuracy requires that

|i(xj)| |ia| over the entire range of xj of interest.

Theorem 3: If two interacting physical processes, ri(qi) and rj(qj), are approximated by two interacting models, fi(xi) and fj(xj), such that

yi = fi(yj)

and the models, fi(xi) and fj(xj), have an independent variable ranges of xli and xui and xli and xui, respectively, then the outcomes from the interactions between these models can be guaranteed to maintain sufficient accuracy if and only if

xli [[twosuperior]] fj(xj) [[twosuperior]] xui

for all values of xj such that

xlj [[twosuperior]] xj [[twosuperior]] xuj.

Proof:

Combining Proposition 10 with Definitions 16 and 17 creates the requirement for sufficient accuracy that

|pi - yi| |ia| over the entire range of xi of interest.

Proposition 12 states that if

xli [[twosuperior]] xi [[twosuperior]] xui

then

|pi - yi| |ia|.

Substituting into this condition the result from Theorem 1 thus requires that

xli [[twosuperior]] fj(xj) [[twosuperior]] xui.

Proposition 12 requires that for fj(xj) to be sufficiently accurate then

xlj [[twosuperior]] xj [[twosuperior]] xuj

and, from Proposition 29, if fj(xj) is not sufficiently accurate then yi = fi(fj(xj)) cannot be guaranteed to be sufficiently accurate.

Thus,

xli [[twosuperior]] fj(xj) [[twosuperior]] xui for all values of xj such that xlj [[twosuperior]] xj [[twosuperior]] xuj

for

|pi - yi| |ia|

or meet the requirement for sufficient accuracy.

Theorem 4: If two interacting physical processes, ri(qi) and rj(qj), are approximated by two interacting stochastic models, fi(xi) and fj(xj), such that

yi = fi(yj)

and the models, fi(xi) and fj(xj), have an independent variable ranges such that

xli xi xui and

xlj xj xuj,

respectively, and these models have random deviations such that

i ai for xli xi xui and

j aj for xlj xj xuj

then the outcomes from the interactions between these models can be guaranteed to maintain sufficient accuracy if and only if

xli + aj [[twosuperior]] yj [[twosuperior]] xui - aj

for all values of xj such that

xlj [[twosuperior]] xj [[twosuperior]] xuj.

Proof:

From Theorem 3, in order for yi = fi(yj) to have sufficient accuracy then

xli yj xui.

For a stochastic function this relation becomes

xli yej xui.

Combining Definitions 18 and 19 with Proposition 11, yj can vary within a range such that

yej - aj [[twosuperior]] yj [[twosuperior]] yej + aj

or, restated,

yj = yej aj.

Rearranging and substituting this result into the result from Theorem 3 given above gives

xli yj aj xui.

Rearranging this result and recognizing that only the narrowing of the range is important gives

xli + aj yj xui - aj

for all values of xj such that

xlj [[twosuperior]] xj [[twosuperior]] xuj.

Theorem 5: If two interacting physical processes, ri(qi) and rj(qj), are approximated by two interacting stochastic models, fi(xi) and fj(xj), such that

yi = fi(yj)

and the models, fi(xi) and fj(xj), have an independent variable ranges such that

xli xi xui and

xlj xj xuj,

respectively, and these models have random deviations such that

i ai for xli xi xui and

j aj for xlj xj xuj

then the outcomes from the interactions between these models can be guaranteed to maintain sufficient predictability if and only if

|([[paragraph]]fei (yej)/[[paragraph]]yej) j)| + ci ai

for all values of xj such that

xlj [[twosuperior]] xj [[twosuperior]] xuj

and where

fei(xi) = yei = the deterministic component of fi(xi) and

ci = a random variation in fi(xi) which is independent of independent variables.

Proof:

Combining Definitions 18 and 19 with Proposition 11 gives the condition for sufficient predictability as

i [[twosuperior]] ai.

Also from Definition 18,

yi = yei i and

yj = yej j.

For yi, this relation can be rewritten in the form

yi = fei(xi) i(xi).

where fei(xi) can be interpreted as the deterministic component of fi(xi) and si(xi) is the nondeterministic component of fi(xi).

The nondeterministic component can be described by

i(xi) = |fsi(xi)| + csi

where csi = a random variation which is independent of input variables.

From classical error analysis [2] where for interacting models xi = yj, fsi(xi) is defined by

fsi(yj) = ([[paragraph]]fei(yej)/[[paragraph]]yej) j

and

i = |([[paragraph]]fei(yej)/[[paragraph]]yej) j| + csi.

By substituting this result into the relation describing the condition for sufficient predictability

|([[paragraph]]fei(yej)/[[paragraph]]yej) j| + csi [[twosuperior]] ai.

Theorem 6: A model, fi(xi), of a physical process, ri(qi), from which a simulation, di(ui), has been constructed can be guaranteed to avoid producing any accuracy artifacts if and only if

|i| |ai| - |i|.

Proof:

If the user has defined a constant approximation error, |ai|, above which the results of the simulation must not deviate to continue to be of value, as is prescribed by Definition 44, then

| ri(qi) - di(ui)| = |pi - vi| |ai|.

The total representation error of an implementation of a model is given by Definition 29 as

i = yi - vi.

Rearranging Definition 29, substituting it into Definition 44 and collecting the values within the absolute value operator to assure a maximum value gives

|pi - yi| + |i| |ai|.

Substituting into this relation the definition for the approximation error of a model given by Definition 16 and rearranging gives

|i| + |i| |ai|.

Finally, rearranging this once again gives

|i| |ai| - |i|.

Theorem 7: A simulation, di(ui), of a physical process, ri(qi), can be guaranteed to generate no sequencing artifacts if and only if the model, fi(xi) from which it is derived also generates no sequencing errors.

Proof:

Definition 24, which characterizes a simulation in terms of its component model, can easily be extended to represent processes which represent sequences of states so that

when ui = xi and vi = yi then vi = di(ui, vi) yi = fi(xi, yi).

Similarly, Proposition 6, which characterizes a model in terms of the physical process which it represents, can be extended to represent sequences of state so that

when xi = qi and yi = pi then yi = fi(xi, yi) pi = ri(qi, pi).

If di(ui) is considered a perfect implementation of the model fi(xi) then

vi = di(ui) = yi = fi(xi) for all xi, ui, vi and yi

and all other implementations will do no better than this implementation.

Thus, if, for this perfect situation

when xi = qi and yi = pi then yi = fi(xi, yi) pi = ri(qi, pi)

then

when ui = qi and vi = pi then vi = di(ui, vi) = yi pi = ri(qi, pi)

and a sequencing artifact will have resulted.

Theorem 8: If two models, fi(xi) and fj(xj), representing two interacting physical processes, ri(qi) and rj(qj), have the independent variable sensitivities of xi and xj and interact such that

yi = fi(yj)

then those sensitivities must maintain a relationship such that

xai [[twosuperior]] |fj(xj + xaj) - fj(xj)|

in order to guarantee that no sequencing artifacts will occur as a result of the interactions between the two models fi(xi) and fj(xj).

Proof:

If two physical processes ri(qi) and rj(qj) interact such that, from Proposition 5, the initial state of pi is given by

pi = ri(pj)

and the state of qj changes such that after that change

qj = qj + qj

then Proposition 5 also requires that the state of pi change such that

pi = ri(pj) = ri(rj(qj + qj))

and, from Definition 46, the sequence of states describing the effects of this interaction are given by the ordered set {pi, pi}

where pi pi.

If two models, fi(xi) and fj(xj), of these physical processes also interact such that, from Theorem 1, the initial state of yi is given by

yi = fi(yj)

and this state has, from Definition 7, perfect correspondence with its corresponding physical state such that

yi = pi

and the state of xj changes to reflect the corresponding change in qj such that after the change

xj = xj + xj

where

xj = qj and xj = qj

then, from Theorem 1, after the state change and the interaction the final state of yi is given by

yi = fi(yj) = fi(fj(xj + xj)).

Definition 47 and Theorem 7 require that

yi = pi and yi yi.

to avoid the occurrence of a sequencing artifact.

However, from Theorem 1 and Definition 10, for the interacting models fi(xi) and fj(xj) if

xi > |yj - yj| = |fj(xj) - fj(xj)|

then

fi(yj) = fi(yj)

and, thus,

yi = yi.

As a result, the condition

xi |yj - yj| = |fj(xj + xj) - fj(xj)|

must be true for any single value of xj for sequencing artifacts to be prevented and, by combining Proposition 7 and Definition 11, the condition

xai |fj(xj + xj) - fj(xj)|

must be true to guarantee that no sequencing artifacts will occur for all values of xj.

Those cases of sequencing artifacts which arise only due to the interactions between the two models occur when

xj xaj.

Therefore, the condition

xai |fj(xj + xaj) - fj(xj)|

must be true to guarantee that no sequencing artifacts will occur as a result of the interactions between the two models fi(xi) and fj(xj) for all values of xj.

Theorem 9: If two models, fi(xi) and fj(xj), representing two interacting physical processes, ri(qi) and rj(qj), have the independent variable sensitivities of xi and xj and dependent variable resolutions of yi and yj and these models interact such that

yi = fi(yj)

then the condition

xai [[twosuperior]] yaj

must be true in order to guarantee that no sequencing artifacts occur as a result of the interactions between the two models fi(xi) and fj(xj).

Proof:

From the proof of Theorem 8, the condition

xai |fj(xj + xj) - fj(xj)| = |yj - yj|

must be true to guarantee that no sequencing artifacts will occur for all values of xj.

Substituting Definition 14 into this relation gives the condition

xai |nyj|

for any given values of xj and xj.

The smallest change which could occur (except for n = 0, which would definite violate this condition) is for n = 1. Therefore, the condition

xai |yj|

must be true to guarantee the prevention of sequencing artifacts for given values of xj. By combining Proposition 9 and Definition 15, the condition

xai |yaj|

must be true to guarantee that no sequencing artifacts occur as a result of the interactions between the two models fi(xi) and fj(xj) for all values of xj.

Theorem 10: A simulation, di(ui), of a physical process, ri(qi), can never produce a result better than its underlying model, fi(xi).

Proof:

Definition 24 and Proposition 13, characterize a simulation, di(ui), as an implementation of a component model, fi(xi), such that

when ui = xi then vi = di(ui) yi = fi(xi).

If di(ui) is considered a perfect implementation of the model fi(xi) then

when ui = xi then vi = di(ui) = yi = fi(xi).

Thus, it will be constrained in all of the ways in which the underlying model is constrained regardless of the performance of the implementation. This means that the implementation of a model inherits all of the model characteristics since a perfect implementation is an exact duplication of the underlying model. Therefore, in no way can an implementation of a model produce a result better than that model.

Theorem 11: If a model, fi(xi), of a physical process, ri(qi), has a maximum acceptable temporal sensitivity, tai, and the minimum state change of interest generated by that physical process can occur in no less than tri then

tai tri + ai

to prevent timing artifacts.

Proof:

Consider that at t = t0 the value of the independent property, qi, instantaneously changes from qi0 to qi, where qi0 qi, and the physical process, ri(qi), responds by changing the value of the dependent property, pi, from pi0 to pi, where pi0 pi, at t = t0 + tri. The model, fi(xi), representing that physical process should have corresponding behavior so that when, at t = t0, the value of the independent variable, xi, instantaneously changes from xi0 to xi, where xi0 = qi0, xi = qi and xi0 = xi, then the value of the dependent variable, yi, should change from yi0 to yi at t = t = t0 + tri. However, from Definitions 12 and 13 and Proposition 8, if fi(xi) has a minimum acceptable temporal sensitivity, tai, and if

tri < tai

then yi0 = yi and, as a result, yi pi. From Theorem 10, this implies that the implementation of that model will manifest a similar behavior so that, for a perfect implementation, the latency for simulation of the state change from pi0 to pi will be

tdi = tai.

Substituting this value into Definition 33 makes the temporal deviation of vi

i = tri - tai.

Substituting this result into Definition 45 gives the relation

|tri - tai| > |ai|.

From this relation, the condition to avoid temporal artifacts is given by

|tri - tai| |ai|.

Since all of the variables in this relation are positive quantities and recognizing that temporal mismatches occurring because the temporal sensitivity is finer than needed to represent the physical situation can be resolved computationally, this relation can be rewritten as

tai tri + ai

to prevent the occurrence of timing artifacts.

Theorem 12: If two models, fi(xi) and fj(xj), representing two interacting physical processes, ri(qi) and rj(qj), have the minimum acceptable temporal sensitivities of tai and taj and interact such that

yi(xi, t) = fi(yj, t)

then those sensitivities must obey the relationship such that

tai + taj tri + trj + ai.

where ai = acceptable temporal deviation for the last event in the causal chain

in order to guarantee that no timing artifacts will occur as a result of the interactions between the two models fi(xi, t) and fj(xj, t).

Proof:

When two physical processes ri(qi) and rj(qj) interact such that, from Proposition 5, the initial state of pi is given by

pi(qi, t) = pi0 = ri(pj) = ri(rj(qj, t)) at t = t0

and qj changes state to qj such that

qj = qj + qj

then, also from Proposition 5, the final state of pi is given by

pi = pi + pi = ri(rj(qj)) = ri(rj(qj + qj)) at t = t.

The time for the combined state changes of the two coupled processes to occur, t, from Definition 30, is given by

t = t0 + trj + tri.

The two processes latencies are added, even for continuous processes (because for discrete processes this is obvious), because, from Definition 30, it takes the interval trj for the value of the dependent property, pj, (which because of the coupling xi = pj) to change from pj0 to pj and once pj has reached pj it takes the coupled dependent property pi the interval tri to change from pi0 to pi.

If two models, fi(xi) and fj(xj), of these physical processes also interact such that, from Theorem 1, the initial state of yi is given by

yi(xi, t) = fi(yj, t)

and this state has, from Definition 7, perfect correspondence with its corresponding physical state such that

xi0 = qi0 at t = t0

and the state of xj changes to reflect the corresponding change in qj such that after the change

xj = xj + xj

where

xj = qj and xj = qj

then, from Theorem 1, after the state change and the interaction the final state of yi is given by

yi = fi(yj) = fi(fj(xj + xj)) at t = t

where

t = t0 + tfj + tfi.

The shortest intervals which can be guaranteed to be represented are given by the minimum acceptable temporal sensitivities, tai and taj, so the best that could be represented is given by the relation

t = t0 + taj + tai.

From Theorem 11, in order to sufficiently accurately represent the physical processes, ri(qi) and rj(qj), the models, fi(xi) and fj(xj), must have minimum acceptable temporal sensitivities, tai and taj, such that

tai tri + ai and taj trj + aj.

This would imply from Theorem 10 and Definition 45 that the condition to avoid timing artifacts would be given by

|(tri + trj) - (tai + taj)| ai + aj.

However, this condition for a large chain of causal events would lead to very large temporal deviations. In actuality, designers of simulations desire that temporal deviations be limited to a single value such that

|(tri + trj) - (tai + taj)| ai

even for causal event chains. This relation leads to the much stronger constraint upon the temporal sensitivities of two interacting models of

tai + taj tri + trj + ai.

where ai = acceptable temporal deviation for the last event in the causal chain.

Theorem 13: Two physical processes, ri(qi) and rj(qj), are approximated by two simulations, di(ui) and dj(uj), and the two processes interact such that

pi = ri(pj)

then the two models must also interact such that

vi = di(vj)

in order to approximate the interactions between those two physical processes.

Proof:

From Theorem 1, two interacting physical processes, ri(qi) and rj(qj), can be approximated by two interacting models, fi(xi) and fj(xj), such that

yi = fi(yj).

From Definition 25 and Proposition 13, the two models, fi(xi) and fj(xj), can be approximated by the two implementations, di(ui) and dj(uj),

vi = di(ui) yi = fi(xi) when ui = xi and

vj = dj(uj) yj = fj(xj) when uj = xj.

By substitution of Proposition 13 into Theorem 1, the result of two interacting physical processes can be approximated by

pi vi = di(dj(uj)) = di(vj) when uj = qj.