To improve the efficiency, developers tend to use APIs to avoid reinventing wheels in the development of Apps. However, there are thousands of APIs for various purposes, so it is difficult for developers to identify suitable APIs according to the functionalities to be realized. App stores manage millions of products, which embody the experience and wisdom of developers, and they provide valuable data

The Clock Constraint Specification Language (CCSL) is a clock-based formalism for the specification and analysis of real-time embedded systems. The major goal of schedulability analysis of CCSL specifications is to solve the schedule problem, which is to answer ‘whether there exists a clock behaviour (also called a ‘schedule’) that conforms to a given CCSL specification'. Existing works on schedulability

We see the future of medicine as highly automated. Improvement in care-provision will be achieved by both increased clinician efficiency, as well as new computing assisted treatments and diagnoses. In other safety-critical industries, such as avionics and automotive, certification is dependability-driven. In contrast, medical certification is clinical-trial driven, which we argue will become increasingly

We present a tool chain for model-driven development of asynchronous message-passing applications. The key features of the tool allow designers to identify misbehaviour leading to unsound communications, to provide counterexamples, and to suggest possible corrections as well as to project global specifications to local models in order to generate executable implementations.

Providing effective error messages in response to type errors continues to be a challenge in functional programming. Type error messages often point to bogus error locations or lack sufficient information for removing the type error, making error debugging ineffective. Counter-factual typing (CFT) addressed this problem by generating comprehensive error messages with each message includes a rich set

Program synthesis aims to mechanise the task of programming from the user intent (using pre and post condition, examples and sketches). There are many approaches (or concepts) in program synthesis that are usually implemented in isolation: deductive, syntax-based, inductive, etc. In this paper, we present a characterisation of program synthesis as model finding, using Alloy⁎. Such a characterisation

Data-flow reactive systems (DFRSs) form a class of embedded systems whose inputs and outputs are always available as signals. Input signals can be seen as data provided by sensors, whereas the output data are provided to system actuators. In previous works, verifying well-formedness properties of DFRS models was accomplished in a programmatic way, with no formal guarantees, and test cases were generated

In this article, we revise our constraint-based abstraction refinement technique for checking temporal logic properties of concurrent software systems. Our technique employs predicate abstraction and SAT-based three-valued bounded model checking. In contrast to classical refinement techniques where a single state space model is iteratively explored and refined with predicates, our approach is as follows:

Empowering end-users to program robots is becoming more significant. Introducing software engineering principles into end-user programming could improve the quality of the developed software applications. For example, model-driven development improves technology independence and adaptive systems act upon changes in their context of use. However, end-users need to apply such principles in a non-daunting

Automatic event sequence generation tools are widely used for testing GUI applications. With these tools, developers can easily test the target GUI applications with a large number of events and collect a group of crash-triggering sequences in a short time. However, some efficiency-oriented tools generate low-level events randomly based on coordinates of the screen instead of widgets, which leads to

Problems to solve nowadays have never been so complex and are continuously increasing in complexity. In this context Systems of Systems (SoS) may be a solution but the study of such systems is far from over. An SoS is a complex system characterized by the particular nature of its components: the latter, which are systems, tend to be managerially and operationally independent as well as geographically

The CLEARSY Safety Platform (CSSP) was designed to ease the development of safety critical systems and to reduce the overall costs (development, deployment, and certification) under the pressure of the worldwide market. A smart combination of hardware features (double processor) and formal method (B method and code generators) was used to produce a SIL4-ready platform where safety principles are built-in

Monads are a mechanism for embedding and reasoning about notions of computation such as mutable state, I/O, exceptions, and many others. Even though monads are technically language-agnostic, they are mostly associated with the Haskell language. Indeed, one could argue that the use of monads is one of the defining characteristic of the Haskell language. In practical terms, monadic programming in Haskell

Replication can be used to increase the availability of a service by creating many operational copies of its data called replicas. Active replication is a form of replication that has strong consistency semantics, which are easier to reason about and program. However, creating replicated services using active replication still demands from the programmer the knowledge of subtleties of the replication

A large dataset that contains the eye movements of N=216 programmers of different experience levels captured during two code comprehension tasks is presented. Data are grouped in terms of programming expertise (from none to high) and other demographic descriptors. Data were collected through an international collaborative effort that involved eleven research teams across eight countries on four continents

This paper presents BoundWarden, a novel spatial memory safety enforcement approach that utilizes a combination of compile-time transformation and runtime concurrent monitoring techniques. The compiler extension component of BoundWarden transparently instruments source code of C programs with the code that allows the runtime component of BoundWarden to comprehensively detect and prevent buffer overflow

The verification of contemporary distributed software systems is challenging, because they are heavily parameterised, containing components whose number and connections cannot be a priori fixed. In this work, we consider the multi-parameterised verification of safety properties by refinement checking in the context of labelled transition systems (LTSs). The LTSs are parameterised by using first-order

Community Question and Answer (CQA) platforms use the power of online groups to solve problems, or gain information. While these websites host useful information, it is critical that the details provided on these platforms are of high quality, and that users can trust the information. This is particularly necessary for software development, given the ubiquitous use of software across all sections of

In the domain of model-driven engineering, patterns have emerged as a ubiquitous structuring mechanism. Patterns are used for instance at the requirement analysis level, during system design, and during the deployment and code generation phases. We focus on formalizing the operational semantics of pattern application on component-based system designs. More precisely, our ultimate goal is to provide

Complex Event Processing (CEP) is a powerful technology thoroughly used in cutting-edge software architectures to support decision-making in multiple domains. Currently, developing such CEP-enhanced software architectures is not an easy task and there are no general purpose Application Programming Interfaces (APIs) which support programming and software development for CEP-based systems. This paper

The growing complexity and diversity of models used for engineering dependable systems implies that a variety of formal methods, across differing abstractions, paradigms, and presentations, must be integrated. Such an integration requires unified semantic foundations for the various notations, and co-ordination of a variety of automated verification tools. The contribution of this paper is Isabelle/UTP

Operational and denotational are two common approaches to specify the semantics of programming languages: the former is more suitable for expressing a particular evaluation strategy and the latter is more abstract. If there are both an operational and a denotational semantics for a programming language, one expects that the operational semantics be adequate with respect to the denotational one (this

Event-B is a formal method that utilizes a stepwise development approach for system-level modeling and analysis. We are interested in reasoning about real-time deadlines and delays between trigger and response events. There is existing work on treating these properties in Event-B but it lacks a semantic treatment in terms of trace behaviors. Because timing properties require fairness assumptions, we

Software requirement analysis can undoubtedly benefit from prevention and early detection of failures, in particular by some kind of automatic analysis. Formal methods offer means to represent and analyze requirements with rigorous tools, avoiding ambiguities, and allowing automatic verification of requirement consistency. However, formalisms often clash in the culture or lack of software analysts'

Gradual typing is an effective approach to integrate static and dynamic typing, which supports the smooth transition between both extremes via the imprecision of type annotations. Gradual typing has been applied in many scenarios such as objects, subtyping, effects, ownership, typestates, information-flow typing, parametric polymorphism, etc. In particular, the combination of gradual typing and mutable

This paper presents CHOReVOLUTION, a platform for the tool-assisted realization and execution of distributed applications. CHOReVOLUTION specifically targets service-oriented systems specified through service choreographies. It offers an Integrated Development and Runtime Environment (IDRE) organized into three layers, namely, front-end, back-end, and cloud. It comprises a wizard-aided development

The RPC calculus is a simple semantic foundation for multi-tier programming languages such as Links in which located functions can be written for the client-server model. Subsequently, the typed RPC calculus is designed to capture the location information of functions by types and to drive location type-directed slicing compilations. However, the use of locations is currently limited to monomorphic

Use Case (UC) quality impacts the overall quality and defect rate of a system, as they specify the expected behavior of an implementation. In a previous work, we have defined an approach for a step-by-step translation from UCs written in natural language to a formal description in terms of Graph Transformation (GT), where each step of the UC was translated to a transformation rule. This UC formalization

Deadlock and nondeterminism may become increasingly hard to detect in concurrent and distributed systems. UML activity diagrams are flowcharts that model sequential and concurrent behavior. Although the UML community widely adopts such diagrams, there is no standard approach to verify the presence of deadlock and nondeterministic behavior in activity diagrams. Nondeterminism is usually neglected in

We provide a construction that, given a big-step semantics describing finite computations and their observations, extends it to include infinite computations as well. The basic idea is that the finite behavior uniquely determines the infinite behavior once observations and their composition operators are fixed. Technically, the construction relies on the framework of inference systems with corules

Most current programming languages do not restrict the use of the concurrency primitives they provide, leaving it to the programmer to detect data races. In this paper, we revisit the monitor model, which guards against data races by guaranteeing that accesses to shared variables occur only inside monitors, and show that this concept can be implemented in a programming language with referential semantics

Property-based testing of compilers or programming language semantics is difficult to accomplish because it is hard to design a random generator for valid programs. Most compiler test tools do not have a well-specified way for generating type-correct programs, which is a requirement for such testing activities. In this project, we formalize a type-directed procedure to generate random well-typed Java

Compositional model checking approaches attempt to limit state space explosion by iteratively combining the behaviour of the components in a concurrent system and reducing the result modulo an appropriate equivalence relation. In this article, we consider Labelled Transition Systems (LTSs), in which transitions are labelled by actions, to describe component behaviour, and LTS networks to combine the

The vast divide between the speed of CPU and RAM means that effective use of CPU caches is often a prerequisite for high performance on modern architectures. Hence, developers need to consider how to place data in memory so as to exploit spatial locality and achieve high memory bandwidth. Such manual memory optimisations are common in unmanaged languages (e.g. C, C++), but they sacrifice readability

Source code metrics extraction is a complex task that has to be done automatically given the current size of software. They are extracted using software metric tools and more generic extraction mechanisms. These mechanisms usually work by querying a source code representation model. These models are static, and the information that can be obtained from them is limited. In this work an extraction methodology

The present work describes a challenging, real-life finalization scenario that applies combined scalability and resource utilization pressure. Neither weak reference arrays nor ephemerons satisfactorily address the performance-critical demands, hence addressing these existing limitations requires a new strategy. This paper puts forward a hybrid weak arrayed container with properties from both weak

Redundancy concepts are major design drivers in fault-tolerant space systems. It can be a difficult task to decide when to activate which redundancy, and which component should be replaced. In this paper, we refine a methodology where recovery strategies are synthesized from a model of non-deterministic dynamic fault trees. The synthesis is performed by transforming non-deterministic dynamic fault

The design of complex systems involves several design models supporting different analysis techniques for validation and verification purposes. These activities lead to the definition of heterogeneous modelling languages and analysis techniques. In this setting, meeting certification standards becomes a key issue in system engineering. Reducing heterogeneity due to the presence of different modelling

Streaming APIs are becoming more pervasive in mainstream Object-Oriented programming languages and platforms. For example, the Stream API introduced in Java 8 allows for functional-like, MapReduce-style operations in processing both finite, e.g., collections, and infinite data structures. However, using this API efficiently involves subtle considerations such as determining when it is best for stream

Context: Most modern programming environments support refactorings. Although refactorings are relevant to improve the quality of software source code, they unfortunately suffer from severe usability issues. In particular, the extract method refactoring, one of the most prominent refactorings, has a failure rate of 49% when users attempt to use it. Objective: Our main objective is to improve the success

The term traits is overloaded in the literature. In this work we refer to traits as the stateless model and implementation described in Schaerli et al. articles. Traits provide a flexible way to support multiple inheritance code reuse in the context of a single inheritance language. The Pharo programming language includes the second implementation of stateless traits based on the original version of

Rewriting is a framework for reasoning about functional programming. The dependency pair criterion is a well-known mechanism to analyze termination of term rewriting systems. Functional specifications with an operational semantics based on evaluation are related, in the rewriting framework, to the innermost reduction relation. This paper presents a PVS formalization of the dependency pair criterion

Data races are often discussed in the context of lock acquisition and release, with race-detection algorithms routinely relying on vector clocks as a means of capturing the relative ordering of events from different threads. In this paper, we present a data-race detector for a language with channel communication as its sole synchronization primitive, and provide a semantics directly tied to the happens-before

Context and motivation All the research in methods and tools for avoiding, detecting, and removing ambiguities in requirements specifications assumes that doing so is necessary and that the methods and tools for doing so are worth the effort to use them. Each of two attempts by de Bruijn et al. and Philippo et al. to test these assumptions empirically with a case study examined a random sampling of

We present a formalization of bounded grids using Lean proof assistant and provide a formalized implementation along with an interface consisting of various definitions together with their proven–correct properties serving to manipulate grids in general fashion regardless of the intended use case. We then proceed to demonstrate the applicability of the grids by interpreting them as matrices, followed

Many frameworks exist for programmers to develop and deploy Big Data applications such as Hadoop Map/Reduce and Apache Spark. However, very little debugging support is currently provided in those frameworks. When an error occurs, developers are lost in trying to understand what has happened from the information provided in log files. Recently, new solutions allow developers to record & replay the application

One of the leading textbooks for formal methods is Software Foundations (SF), written by Benjamin Pierce in collaboration with others, and based on Coq. After five years using SF in the classroom, we came to the conclusion that Coq is not the best vehicle for this purpose, as too much of the course needs to focus on learning tactics for proof derivation, to the cost of learning programming language

Recent advances in machine learning and artificial intelligence are now being considered in safety-critical autonomous systems where software defects may cause severe harm to humans and the environment. Design organizations in these domains are currently unable to provide convincing arguments that their systems are safe to operate when machine learning algorithms are used to implement their software

Much recent work on type-safe extensibility for Object-Oriented languages has focused on design patterns that require modest type system features. Examples of such design patterns include Object Algebras, Extensible Visitors, Finally Tagless interpreters, or Polymorphic Embeddings. Those techniques, which often use a functional style, can solve basic forms of the Expression Problem. However, they have

A system of polynomial ordinary differential equations (odes) is specified via a vector of multivariate polynomials, or vector field, F. A safety assertion ψ⟶[F]ϕ means that the trajectory of the system will lie in a subset ϕ (the postcondition) of the state-space, whenever the initial state belongs to a subset ψ (the precondition). We consider the case when ϕ and ψ are algebraic varieties, that is

One-unambiguous regular expressions are used in DTD and XML Schema. It is known that inclusion for one-unambiguous regular expressions is in PTIME. However, there has been few studies on algorithms for the inclusion. In this paper we present algorithms for checking inclusion of one-unambiguous regular expressions. A classical way is based on automata, following which one algorithm is provided and improvements

This paper presents a framework for verifying evolving component-based software using assume-guarantee logic. The goal is to improve CDNF-based assumption generation method by having local weakest assumptions that can be used more effectively when verifying component-based software in the context of software evolution. For this purpose, we improve the technique for responding to membership queries

In this paper we propose a new language Mediator to formalize component-based concurrent and distributed system models. Mediator supports a two-step hierarchical modeling approach: Automata, which provide an interface of ports, are the basic behavior units; Systems declare components or connectors through automata, and glue them together. With the help of Mediator, components and systems can be modeled

Collective adaptive systems are new emerging computational systems consisting of a large number of interacting components and featuring complex behaviour. These systems are usually distributed, heterogeneous, decentralised and interdependent, and are operating in dynamic and possibly unpredictable environments. Finding ways to understand and design these systems and, most of all, to model the interactions

Scientific progress is increasingly dependent upon the acquisition, processing, and analysis of large volumes of data. The validity of results and the safety of applications rely upon an adequate understanding of the real-world semantics of this data: its intended interpretation, and the context in which it is acquired and processed. This presents a challenge: interpretations vary, context is infinite

One of the prominent domains of nowadays software engineering concerns on building and maintaining the so-called system-of-systems (SoS). The activity of integrating independent, potentially heterogeneous, and distributed systems has become remarkable. Designing SoS that consists on integrating independent and behaviorally unknown systems involves several difficulties, specially due to the inner dynamism

Mutation testing injects code changes to check whether tests can detect them. Mutation testing tools use mutation operators that modify program elements such as operators, names, and entire statements. Most existing mutation operators focus on imperative and object-oriented language constructs. However, many current projects use meta-programming through code annotations. In a previous work, we have

Context Software performance may suffer regressions caused by source code changes. Measuring performance at each new software version is useful for early detection of performance regressions. However, systematically running benchmarks is often impractical (e.g., long running execution, prioritizing functional correctness over non-functional). Objective In this article, we propose Horizontal Profiling

The automotive domain is rapidly changing in the last years. Among the different challenges OEMs (i.e. the vehicle manufacturers) are facing, vehicles are evolving into systems of systems. In fact, over the last years vehicles have evolved from disconnected and “blind” systems to systems that are (i) able to sense the surrounding environment and (ii) connected with other vehicles, the city, pedestrians

An important aspect in system of systems (SoS) is the realization of the capabilities in different systems that work together. Identifying and locating these capabilities are important to orchestrate the overall activities and hereby to achieve the overall goal of the SoS. System elements and capabilities in SoS however, are rarely stable and need to evolve in different ways and different times in