Abstract: Mechatronic systems reconfigure the structure of their software architecture, e.g., to avoid hazardous situations or to optimize operational conditions like minimizing their energy consumption. As software architectures are typically build on components, reconfiguration actions need to respect the component structure. This structure should be hierarchical to enable encapsulated components. While many reconfiguration approaches for embedded real-time systems allow the use of hierarchically embedded components, i.e., horizontal composition, none of them offers a modeling and verification solution to take hierarchical composition, i.e., encapsulation, into account. In this paper, we present an extension to our existing modeling language, muml, to enable safe hierarchical reconfigurations. The two main extensions are (a) an adapted variant of the two-phase commit protocol to initiate reconfigurations which maintain component encapsulation and (b) a timed model checking verification approach for instances of our model. We illustrate our approach on a case study in the area of smart railway systems by showing two different use cases of our approach and the verification of their safety properties.

Abstract: In the last decades, development turned from monolithic software products towards more flexible software components that can be provided on world-wide markets in form of services. Customers request such services or compositions of several services. However, in many cases, discovering the best services to address a given request is a tough challenge and requires expressive, gradual matching results, considering different aspects of a service description, e.g., inputs/ouputs, protocols, or quality properties. Furthermore, in situations in which no service exactly satisfies the request, approximate matching which can deal with a certain amount of fuzziness becomes necessary. There is a wealth of service matching approaches, but it is not clear whether there is a comprehensive, fuzzy matching approach which addresses all these challenges. Although there are a few service matching surveys, none of them is able to answer this question. In this paper, we perform a systematic literature survey of 35 (out of 504) service matching approaches which consider fuzzy matching. Based on this survey, we propose a classification, discuss how different matching approaches can be combined into a comprehensive matching method, and identify future research challenges.

Abstract: The challenge of developing dynamically-evolving resilient distributed systems that are composed of autonomous components has been partially addressed by introducing the concept of component ensembles Nevertheless, systematic design of complex ensemble-based systems is still a pressing issue This stems from the fact that contemporary design methods do not scale in terms of the number and complexity of ensembles and components, and do not efficiently cope with the dynamism involved To address this issue, we present a novel method - Invariant Refinement Method (IRM) - for designing ensemble-based component systems by building on goal-based requirements elaboration, while integrating component architecture design and software control system design

Abstract: The IEC 61499 standard provides a possibility to develop industrial embedded systems in a component-based manner. Besides alleviating the efforts of system design, the component-based approach also allows analysis of various system characteristics using system models even before the actual deployment. One of the crucial characteristics in the domain of safety-critical and real-time systems is timing: a failure to execute a specific task on time can have severe consequences. This paper presents a method for compositional model-level analysis of worst-case execution time of IEC 61499 software models. The analysis is performed on one hierarchical level of composition at a time, and the results can be stored together with the software artefact to be used when analysis is performed on the higher hierarchical level, or when the unit is reused in another system. The analysis has been implemented as a plug-in for the 4DIAC tool.

Abstract: Synergies between model-driven and component-based software engineering have been indicated as promising to mitigate complexity in development of embedded systems. In this work we evaluate the usefulness of a model-driven round-trip approach to aid deployment optimization in the development of embedded component-based systems. The round-trip approach is composed of the following steps: modelling the system, generation of full code from the models, execution and monitoring the code execution, and finally back-propagation of monitored values to the models.We illustrate the usefulness of the round-trip approach exploiting an industrial case-study from the telecom-domain. We use a code-generator that can realise different deployment strategies, as well as special monitoring code injected into the generated code, and monitoring primitives defined at operating system level. Given this infrastructure we can evaluate extra-functional properties of the system and thus compare different deployment strategies.

Abstract: Recent studies give empirical evidence that much of today's software is to a large extent built on preexisting software, such as commercial-off-the-shelf (COTS) and open source software components. In this exploratory study we want to contribute to this small but increasing body of knowledge by investigating third party component reuse in 36 Java web applications that are open source and are meant to be used in an enterprise context. Our goal is to get a better understanding on how third party components are reused in web applications and how to better support it.The results are in line with existing research in this field. 70 third party components are being reused on average. 50 percent of the 40 most reused third party components are maintained by the Apache Foundation. Further research questions based on the study results were generated and are presented at the end of this paper.

Abstract: Modern scientific software is daunting in its diversity and complexity. From massively parallel simulations running on the world's largest supercomputers, to visualizations and user support environments that manage ever growing complex data collections, the challenges for software engineers are plentiful. While high performance simulators are necessarily specialized codes to maximize performance on specific supercomputer architectures, we argue the vast majority of supporting infrastructure, data management and analysis tools can leverage commodity open source and component-based technologies. This approach can significantly drive down the effort and costs of building complex, collaborative scientific user environments, as well as increase their reliability and extensibility. In this paper we describe our experiences in creating an initial user environment for scientists involved in modeling the detailed effects of climate change on the environment of selected geographical regions. Our approach composes the user environment using the Velo scientific knowledge management platform and the MeDICi Integration Framework for scientific workflows. These established platforms leverage component-based technologies and extend commodity open source platforms with abstractions and capabilities that make them amenable for broad use in science. Using this approach we were able to deliver an operational user environment capable of running thousands of simulations in a 7 month period, and achieve significant software reuse.

Abstract: Component-Based Software Engineering has been deemed a suitable technique for the development of complex embedded systems, as component reuse makes it easier to manage software complexity. Another way of reducing software complexity is by partitioning system behavior into different operational modes. Such a multi-mode system can change its behavior by switching between modes. For a multi-mode system built by components, a challenge is its mode switch handling.In this paper, a novel approach is presented to integrate our mechanism for handling mode switch (the Mode Switch Logic), in ProCom, which is a component model designed for the development of real-time embedded systems. The outcome is a slightly extended version of ProCom which not only supports the development of multi-mode applications, but also is able to handle mode switch.

Abstract: Resilient computing is defined as the ability of a system to stay dependable when facing changes. To mitigate faults at runtime, dependable systems are augmented with fault tolerance mechanisms such as replication techniques. These mechanisms have to be systematically and rigorously applied in order to guarantee the conformance between the application runtime behavior and its dependability requirements.The main contribution of this paper is to propose a design-driven development methodology for resilient computing systems. Our approach consists of refining the design with specifications dedicated to the dependability concerns. This design is then leveraged to support the development of the application while ensuring the traceability of the dependability requirements along the application life-cycle, including runtime adaptation.

Abstract: New hardware architectures and custom coprocessor extensions are introduced to the market on a regular basis. While it is relatively easy to port a proprietary software stack to a new platform, FOSS distributions face major challenges. Bootstrapping distributions proved to be a yearlong manual process in the past due to a large amount of dependency cycles which had to be broken by hand.In this paper we propose an heuristic-based algorithm to remove build dependency cycles and to create a build order for automatically bootstrapping a binary based software distribution on a new platform.

Abstract: The number of connected devices in the home is growing dramatically, increasing the part of the Digital Home in the electric power demand. Reducing the overall energy consumption of the Digital Home becomes a concern in everyday life. Moving applications to the smaller set of devices enables to increase the number of devices that can be put into low power state, and thus reduce energy consumption. However, the application deployment constraints and the Digital Home heterogeneity limit the choice in deployment solutions onto available devices. We propose to consider distributed component-based applications to overcome this limitation. The distribution of applications constraints over its components improves their mobility, i.e., increasing the number of devices on which a component can be deployed. This approach is optimized to reduce the set of processed solutions. Moreover, the proposed architecture reacts continuously to relevant modifications in the Digital Home software architecture (connection and disconnection of devices, start and stop of applications) to always meet energy efficiency. The architecture is also designed to limit its own energy consumption impact. The feasibility of the approach is assessed with Digital Home applications and migration policies between devices.

Abstract: In this paper we describe the design and implementation of the generalized alternative construct for the Erasmus programming language. The alternative construct is a generalization of the familiar if-then-else statement that allows a process to non-deterministically choose between possible communications on several channels. Previous algorithms put restrictions on the use of the alternative construct that prevent both input/output operations to be used in an alternation. Our design removes previous restrictions on the use of the alternative construct. In order to support our design and to prove its correctness, we build models based on the ACP algebra, and we use the mCRL2 model checker to analyze and verify our models.

Abstract: A dynamic mixin is a code fragment that is meant to be dynamically bound to an object. Dynamic mixins support more flexible code composition than class inheritance and can be used to implement roles that objects acquire dynamically. We propose a theory, based on data refinement, for reasoning about the correctness of programs with mixins. The theory is suited for applications of mixins to intrusive data structures, where the data structure is spread over existing objects. We illustrate this with two examples, one-to-one association and union-find data structures.

Abstract: Current trends in computing include building distributed systems out of autonomous adaptive components. Communication between the components may be local and communication channels may change over time. This emergent behaviour of communication may be seen as the creation and dissolution of component ensembles. Clearly, correctness of such systems is an important issue. We provide a verification-oriented modelling language for describing these component-ensemble systems as well as a verification tool. The processes of the components as well as the ensemble communication are described in a C++-like fashion. The tool is an extension of the parallel and distributed verification environment DiVinE. We also describe several demonstrative examples and use them to experimentally evaluate our approach.

Abstract: Online repositories provide components available for reuse, but this does not mean all such components are equally reusable. Components might be unreliable, overly specialized, or otherwise inappropriate for reuse. Repositories collect reviews, ratings, and other data intended to help software engineers choose components. But do these data actually provide any information related to reusability? If so, then how can such information be extracted from the data?To address this question, we analyzed online ratings, reviews and other data for nearly 1200 online components, computed statistics for each component based on these data, and used factor analysis to identify three groups of statistics (factors) that were each internally correlated. We then interviewed software engineers about the reusability of 36 other components and used linear regression to test how well the 3 factors actually corresponded to component reusability.We found that 2 of the 3 factors were indeed related to reusability. Specifically, the reusability of components could be predicted on the basis of component authors' prior work and the documentation provided about components. This result could be used in future work to develop enhanced search engines that highlight components which are potentially reusable and perhaps worthy of more time-consuming evaluation such as by applying formal methods. Additionally, our results reveal opportunities to improve online repositories through specific simplifications as well as enhancements.

Abstract: In recent years, thanks to new IP protocols like SIP, telephony applications and services have evolved to offer and combine a variety of communication forms including presence status, instant messaging and videoconference. As a result, advanced telephony applications now consist of distributed entities that are involved into multiple heterogeneous, stateful and long-running interactions (sessions). This evolution complicated significantly applications development and calls for more effective solutions. In this paper, we explore the adoption of components for addressing this issue, focusing specifically on the management and coordination of the numerous and various sessions occurring in such applications. The paper presents CIAO, a domain-specific and hierarchical component model for SIP applications. CIAO combines three kinds of component that are Actor, SessionPart and Role and manage them dynamically in accordance with real SIP sessions. By using these features, we are able to break the complexity of SIP entities and provide flexibility for their development. CIAO is implemented above OSGi to experiment the building of concrete SIP applications and enable their dynamic adaptation.

Abstract: Software introduces new kinds of agents: artificial software agents (ASA), including, for example, driverless trains and cars. To create these devices responsibility, engineers need an ethics of software agency. However, this pragmatic professional need for guidance and regulation conflicts with the weakness of moral science. We do not know much about how ethics informs interactions with artificial agents. Most importantly, we don't know how people will regard ASA as agents: their agents (strictly speaking) and also their competitive and cooperative partners. Naturally, we want to deal with these new problems with our old ethical tools, but this conservative strategy may not work, and if not, may lead to catastrophic failure to anticipate the emerging moral landscape. (Just ask the creators of genetically modified foods.)1. This lecture will look at the box or frame of traditional ethics and some ways to use experimental data to get outside it. The lecture uses some quick and nasty clicker experiments to point us to disturbing evidence from recent cognitive moral psychology about the form and content of our ethical apparatus (Haidt 2012) and its universality (Mikhail 2007). Then we turn to some new evidence on the ethics of human-ASA interaction. We focus on three surprising features of human-ASA interaction that disturb received ethical paradigms: 1) Overactive deontology: the tendency to seek out a culprit to blame, even it it's the victim. 2) Utopian consequentialism: denying the constraints of acting in the imperfect real world by shifting to wishful perfectionism. 3) Embracing mechanical exploitation: accepting worse behavior from a program than one would accept from a person in Ultimatum Game experiments.2. Next, we show how an experimental, cognitive and game theoretic approach to ethics can situate and explain these problems. We play some games based on policy decisions for the emerging technology of driverless cars that remind us of the strategic dimension of ethics. We also examine weak experimental evidence that engineers think differently about ethics and technology from other moral tribes or types.3. However we argue that theory cannot solve our ethical problems. Neither ethical nor game theory has resources powerful enough to discover and hopefully to bridge our moralized divisions. For these formidable, scientific and political (respectively) tasks we need new empirical methods. We offer two examples from our current research program: 1) Anonymous input of moral and value data: clickers for face-to-face interaction. 2) Democratic scale deliberation: N-Reasons web based experimental prototype. Both of these methods challenge our research ethics, which experimental ethics shares with experimental software engineering.As some of the data discussed in the lecture comes from the Robot Ethics survey, you will be better informed and represented if you visit http://your-views.org/D7/Robot_Ethics_Welcome. The "class" for the conference is "CompArch".

Abstract: The recent increase in the ubiquity and connectivity of computing devices allows forming large-scale distributed systems that respond to and influence activities in their environment. Engineering of such systems is very complex because of their inherent dynamicity, open-endedness, and autonomicity. In this paper we propose a new class of component systems (Ensemble-Based Component Systems - EBCS) which bind autonomic components with cyclic execution via dynamic component ensembles controlling data exchange. EBCS combine the key ideas of agents, ensemble-oriented systems, and control systems into software engineering concepts based on autonomic components. In particular, we present an instantiation of EBCS - the DEECo component model. In addition to DEECo main concepts, we also describe its computation model and mapping to Java. Lastly, we outline the basic principles of the EBCS/DEECo development process.

Abstract: Cloud computing presents a unique opportunity for science and engineering with benefits compared to traditional high-performance computing, especially for smaller compute jobs and entry-level users to parallel computing. However, doubts remain for production high-performance computing in the cloud, the so-called science cloud, as predictable performance, reliability and therefore costs remain elusive for many applications.This paper uses parameterised architectural patterns to assist with fault tolerance and cost predictions for science clouds, in which a single job typically holds many virtual machines for a long time, communication can involve massive data movements, and buffered streams allow parallel processing to proceed while data transfers are still incomplete. We utilise predictive models, simulation and actual runs to estimate run times with acceptable accuracy for two of the most common architectural patterns for data-intensive scientific computing: MapReduce and Combinational Logic. Run times are fundamental to understand fee-for-service costs of clouds. These are typically charged by the hour and the number of compute nodes or cores used. We evaluate our models using realistic cloud experiments from collaborative physics research projects and show that proactive and reactive fault tolerance is manageable, predictable and composable, in principle, especially at the architectural level.

Abstract: We present Active Continuous Quality Control (ACQC), a novel approach that employs incremental active automata learning technology periodically in order to infer evolving behavioral automata of complex applications accompanying the development process. This way we are able to closely monitor and steer the evolution of applications throughout their whole life-cycle with minimum manual effort. Key to this approach is to establish a stable level for comparison via an incrementally growing behavioral abstraction in terms of a user-centric communication alphabet: The letters of this alphabet, which may correspond to whole use cases, are intended to directly express the functionality from the user perspective. At the same time their choice allows one to focus on specific aspects, which establishes tailored abstraction levels on demand, which may be refined by adding new letters in the course of the systems evolution. This way ACQC does not only allow us to reveal serious bugs simply by inspecting difference views of the (tailored) models, but also to visually follow and control the effects of (intended) changes, which complements our model-checking-based quality control. All this will be illustrated along real-life scenarios that arose during the component-based development of a commercial editorial system.