Professional Documents
Culture Documents
Textbook Software Technologies Applications and Foundations Staf 2018 Collocated Workshops Toulouse France June 25 29 2018 Revised Selected Papers Manuel Mazzara Ebook All Chapter PDF
Textbook Software Technologies Applications and Foundations Staf 2018 Collocated Workshops Toulouse France June 25 29 2018 Revised Selected Papers Manuel Mazzara Ebook All Chapter PDF
Textbook Software Technologies Applications and Foundations Staf 2018 Collocated Workshops Toulouse France June 25 29 2018 Revised Selected Papers Manuel Mazzara Ebook All Chapter PDF
https://textbookfull.com/product/software-technologies-
applications-and-foundations-staf-2017-collocated-workshops-
marburg-germany-july-17-21-2017-revised-selected-papers-1st-
edition-martina-seidl/
https://textbookfull.com/product/high-performance-computing-isc-
high-performance-2018-international-workshops-frankfurt-main-
germany-june-28-2018-revised-selected-papers-rio-yokota/
https://textbookfull.com/product/web-and-big-data-apweb-
waim-2018-international-workshops-mwda-bah-kgma-dmmooc-ds-macau-
china-july-23-25-2018-revised-selected-papers-leong-hou-u/
https://textbookfull.com/product/present-and-ulterior-software-
engineering-manuel-mazzara/
Manuel Mazzara
Iulian Ober
Gwen Salaün (Eds.)
LNCS 11176
Software Technologies:
Applications and Foundations
STAF 2018 Collocated Workshops
Toulouse, France, June 25–29, 2018
Revised Selected Papers
123
Lecture Notes in Computer Science 11176
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen
Editorial Board
David Hutchison
Lancaster University, Lancaster, UK
Takeo Kanade
Carnegie Mellon University, Pittsburgh, PA, USA
Josef Kittler
University of Surrey, Guildford, UK
Jon M. Kleinberg
Cornell University, Ithaca, NY, USA
Friedemann Mattern
ETH Zurich, Zurich, Switzerland
John C. Mitchell
Stanford University, Stanford, CA, USA
Moni Naor
Weizmann Institute of Science, Rehovot, Israel
C. Pandu Rangan
Indian Institute of Technology Madras, Chennai, India
Bernhard Steffen
TU Dortmund University, Dortmund, Germany
Demetri Terzopoulos
University of California, Los Angeles, CA, USA
Doug Tygar
University of California, Berkeley, CA, USA
Gerhard Weikum
Max Planck Institute for Informatics, Saarbrücken, Germany
More information about this series at http://www.springer.com/series/7408
Manuel Mazzara Iulian Ober
•
Software Technologies:
Applications and Foundations
STAF 2018 Collocated Workshops
Toulouse, France, June 25–29, 2018
Revised Selected Papers
123
Editors
Manuel Mazzara Gwen Salaün
Innopolis University Grenoble Alpes University
Innopolis, Russia Montbonnot, France
Iulian Ober
University of Toulouse
Toulouse Cedex 9, France
This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Workshop Editors
CoSim-CPS 2018
DataMod 2018
FMIS 2018
FOCLASA 2018
GCM 2018
Hans-Jörg Kreowski
Universität Bremen
Germany
MDE@DeRun 2018
MSE 2018
SecureMDE 2018
This volume contains the technical papers presented at the eight workshops collocated
with the 2018 edition of the STAF (Software Technologies: Applications and
Foundations) federation of conferences on software technologies. The workshops took
place at ENSEEIHT (National Higher School of Engineering in Electrical Engineering,
Hydraulics, and Digital Sciences) in Toulouse, France, during June 25–29, 2018.
The STAF 2018 conferences and workshops brought together leading researchers and
practitioners from academia and industry to advance the state of the art in practical and
foundational advances in software technology. They address all aspects of software
technology, from object-oriented design, testing, mathematical approaches to mod-
elling and verification, transformation, model-driven engineering, aspect-oriented
techniques, and tools. The satellite workshops provided a highly interactive and
collaborative environment to discuss emerging areas of software engineering, software
technologies, model-driven engineering, and formal methods.
The eight workshops whose papers are included in this volume are (organizers are
indicated too):
– CoSim-CPS 2018 – Second International Workshop on Formal Co-Simulation of
Cyber-Physical Systems, June 26, 2018
• Cinzia Bernardeschi (University of Pisa, Italy)
• Peter Gorm Larsen (Aarhus University, Denmark)
• Paolo Masci (HASLab/INESC TEC and Universidade do Minho, Portugal)
– DataMod 2018 – 7th International Symposium “From Data to Models and Back,”
June 25–26, 2018
• Antonio Cerone (Nazarbayev University, Kazakhstan)
• Riccardo Guidotti (KDDLab, ISTI-CNR, Pisa, Italy)
• Oana Andrei (University of Glasgow, UK)
– FMIS 2018 – 7th International Workshop on Formal Methods for Interactive
Systems, June 25–26, 2018
• Yamine Aït Ameur (IRIT, Université de Toulouse, France)
• Philippe Palanque (IRIT, Université de Toulouse, France)
– FOCLASA 2018 – 16th International Workshop on Foundations of Coordination
Languages and Self-Adaptative Systems, June 26, 2018
• Jean-Marie Jacquet (University of Namur, Belgium)
• Jacopo Soldani (University of Pisa, Italy)
– GCM 2018 – 9th International Workshop on Graph Computation Models, June 27,
2018
VIII Preface
Hélène Waeselynck
Paolo Masci
User interface software in medical devices is responsible for smooth and safe use of a
device. In advanced systems such as robotic-assisted surgery, user interface functions
can be highly sophisticated, e.g., involve the detection and translation of doctors’ hands
movements into micro-movements of robotic arms, allowing doctors to perform
complex surgeries that were not possible before.
Developing sophisticated software with zero defects is notoriously a hard problem.
In the medical domain the problem is particularly delicate, as software defects can
ultimately result in patient harm. Recent estimates on incidents with medical devices
indicate an escalating trend, with software defects being constantly one of the top
causes of incidents since 2016, and accounting for 22.8% of medical device recalls in
the first quarter of 20181. To date, several studies have been carried out providing an
aggregate view of software defects in medical devices. A detailed analysis of the nature
and impact of user interface software defects has not been performed yet. Such detailed
analysis would bring powerful insights that can be used by developers to better
understand latent software defects and identify them in advance, before incidents
happen.
In this talk, I will present a study conducted in collaboration with the US Food and
Drug Administration that aims to quantify and classify user interface software defects
in the current generation of medical devices. The study involved a systematic and
detailed analysis of nearly 8,000 medical devices recall records published by the FDA
from September 2012 to August 2015. A medical device recall is a corrective action
initiated by the manufacturer to fix critical defects in a device already in the market.
Each recall record includes a semi-structured description of the reason for the recall and
the corrective action performed by the manufacturer. I will discuss the analyzed dataset,
including analysis method, challenges faced while performing the analysis, obtained
results, and opportunities for improvement.
1
https://www.stericycleexpertsolutions.com/wp-content/uploads/2018/08/ExpertSolutions_
RecallIndex_Q22018.pdf.
Safe Composition of Software Services
Gwen Salaün
Giulio Caravagna
Cancer is a disease responsible for around 8 million deaths per year (around 13% of all
deaths in 2008), and whose worldwide impact is projected to continue rising, with an
estimated 13 million deaths in 2030 (as of an estimate by the World Health Organi-
sation). Finding a cure to cancer is definitely challenging, as there are as many different
types of cancer as human cells, and the progression of the disease is heterogenous
across individuals. Often, histologically identical tumours have few genetic features in
common, and thus reconciling heterogeneity across tumour types and patients is one
of the main areas of research in the community.
In the last years, thanks to the development of new high throughput sequencing
technologies that measure the genomic content of cancer cells at different resolutions,
the new field of Cancer Evolution has emerged. In this field, carcinogenesis is
described as an evolutionary process driven by the accumulation of genomic aberra-
tions, and complex methodologies are used to retrieve the life history of analysed
tumours. At a broad level, this opens up for the opportunity to create models that
recapitulate heterogeneity, and that elucidate how genomic events orchestrate diseases
initiation and progression. So doing, we can anticipate a cancer’s next step, and
eventually implement personalised treatment strategies that are tailored to each patient.
Computational modelling is one of the key methodologies used in Cancer Evolu-
tion. In this talk, I will give a brief introduction to the problems in the filed, from a
computer science perspective. I will overview some of the major computational
challenges, and the kind of data can be used to approach them. The talk will span from
(very basic) cell/cancer biology, to a discussion of what types of mathematical models
can be used to describe cancer growth/therapy, and what Data Science challenges we
have to face to implement successful strategies for cancer data analysis.
Microservices, Microservices, Microservices?
Antonio Brogi
Abstract. In this talk, we first tried to critically discuss some of the motivations
and characteristics of microservices and some of the potentially huge advantages
offered by their adoption for managing enterprise applications.
One of the main motivations for adopting microservices is the need to
shorten the lead time for new features and updates, by accelerating rebuild and
redeployment and by reducing chords across functional silos. Another main
motivation for adopting microservices is the need to scale, quickly and effec-
tively.
Microservices architectures define applications as sets of services, each
running in its own container, communicating with lightweight mechanisms,
built around business capabilities, decentralizing data management, indepen-
dently deployable, horizontally scalable, and fault resilient.
In the second part of the talk, we showed how a simple formalization of the
main properties of microservices can be frutifully exploited to drive the refac-
toring of existing applications.
After introducing a simple modelling of microservices architectures as
graphs fromed by services, databases, and connectors, we discussed how some
distinguishing properties of microservices can be associated with antipatterns,
and how such antipatterns can be associated with refactoring patterns.
The last part of the talk was devoted to discuss how the complexity and
overhead introduced by microservices can make their adoption truly effective
only for a certain scale of applications and enterprises.
Contents
1
https://sites.google.com/view/cosimcps18.
2nd Workshop on Formal Co-Simulation 3
Organization
1 Introduction
Engineered systems are becoming increasingly complex while market pressure
shortens the available development time [26]. There are many causes for the
increase in complexity, but to a large extent, it is caused by the number of
interacting subsystems and differences between their domains [33]. Thus, there
is a need for an improved development cycle with better tools, techniques,
and methodologies [34]. While modelling and simulation have been successfully
applied to reduce development costs, these fall short in fostering more integrated
development processes [5].
A promising concept for the simulation of systems consisting of coupled com-
ponents is collaborative simulation (co-simulation) [19,21,25], which is based on
the idea that interacting subsystems are best modelled and simulated by dedi-
cated tools and formalisms [35]. Each subsystem is then modelled by a specialised
team using mature tools, tailored to the domain of the allocated subsystem. Fur-
ther, each subsystem internally uses its own simulation engine, so that the most
appropriate approximation techniques can be employed. The behaviour of the
coupled system is computed by having the simulation tools communicate with
one another by exchanging their outputs over time.
In order to run a co-simulation, all that is required is that the participating
simulation tools consume the inputs and expose the outputs, of the allocated
subsystem, over time. A co-simulation engine then synchronises the interface
values of the different subsystems. This powerful approach eases the integration
of subsystems simulated by different tools, but also poses some difficulties. In
particular, subsystems are modelled and treated as black boxes, and it is dif-
ficult in some cases to understand how the coordination of the subsystems—a
functionality provided by the co-simulation engine—affects the behaviour of the
co-simulated system [20].
One might expect that the behaviour computed via co-simulation matches
the behaviour of the coupled system. In practice, however, this expectation turns
out overly optimistic, and significant deviations may become visible, which could,
for example, be caused by discretization or the timing in which the inputs are set.
This is not only due to the inherent limitations of approximate simulations [10],
but also due to the internals of the subsystem simulations. It is therefore impor-
tant to study how a faulty co-simulation can be identified. If a co-simulation
preserves specific properties of a system, we then say that the properties of the
system are preserved under co-simulation. To serve as a reference for correctness,
we consider the properties of the implemented system, i.e. with no co-simulation
effects.
This paper contributes to this line of research as follows:
(FMI) standard [6]. Our method can be utilised to decide whether a given
co-simulation satisfies this property for a restricted class of coupled systems.
– We show how, exemplified using FMI, to adapt the co-simulation master
algorithm to preserve the event order, if the property is not preserved.
One of the strengths of our approach is that it yields a counterexample when
the property is violated. The counter example includes a co-simulation scenario
and an execution trace of the co-simulation, which provide valuable insight into
how the co-simulation violates the event ordering property. The Maestro [32]
master algorithm serves as a case study for our approach.
The remainder of this paper is structured as follows. First, Sect. 3 presents
a primer on co-simulation and co-simulation properties. Afterwards, in Sect. 4,
the event ordering property is demonstrated and described along with an encod-
ing of the problem as a model-checking instance. Finally, the paper presents a
discussion and perspective on future work in Sect. 5.
2 Background: Co-simulation
In this section, we present some background concepts
in an informal manner. We adopt the definitions and
nomenclature introduced in [20] and refer the reader
to it for a more rigorous exposition.
A co-simulation is the behaviour trace of a coupled
system, produced by the coordination of simulation
units. The behaviour trace is a function mapping val-
ues to time, representing the outputs generated from
each simulation unit and their timestamps. An exam-
ple behaviour trace is shown in the bottom of Fig. 1.
A simulation unit is an executable software entity
responsible for simulating a part of the system. To
communicate with other simulation units, each sim-
ulation unit implements a predefined interface. This
allows an orchestrator, described below, to communi-
cate with it.
One such communication interface is prescribed by
the Functional Mock-up Interface (FMI) standard [6]. Fig. 1. Behaviour trace
A simulation unit implementing the FMI interface is example.
called a Functional Mock-up Unit (FMU). The main functionality of an FMU
concerns calculating outputs based on inputs and time. This is represented in
FMI as three C functions: a function to set inputs, a function to perform a step
with a given step size, and a function to get outputs.
In the FMI Standard, there is an important restriction [13, p. 104]:
Energy Conservation. Systems whose models account for the flow of energy fol-
low the principle of conservation of energy. That is, no energy is lost when flow-
ing between subsystems. This property is not preserved in näive co-simulation
algorithms because of the input approximations, and the non-negligible commu-
nication step size. The work in [4], extended in [29], demonstrates a co-simulation
algorithm that monitors the power flow between simulators and employs a correc-
tion scheme to account for the artificial energy introduced by the co-simulation.
The work in [28] complements the above work by showing how the energy resid-
ual can be used as an error indicator to control the communication step size.
The FMI Standard partially supports master algorithms that preserve the event
synchrony property. Each FMU is allowed to advance to a time prior to the one
requested by the orchestrator, and supports state saving/restoring functional-
ities. However, making use of these capabilities in practice may be impossible
due to lack of implementation (these are not mandatory), or simply due to the
performance degradation entailed by saving/restoring the state multiple times.
As such, the event synchrony property might be too strong. Instead, it might
be more useful to require that the sequence of events be preserved, even if
the timestamps do not coincide. For example, suppose that the real/correct
behaviour of a coupled system, comprised of a software and a physical compo-
nent, yields 3 events: (t1 , e1 ), (t2 , e2 ), and (t3 , e3 ), with the timestamps satisfying
t1 < t2 < t3 . The co-simulation satisfies the event ordering property if it exhibits
the events (t1 , e1 ), (t2 , e2 ), and (t3 , e3 ), with the timestamps satisfying the same
order, that is, t1 < t2 < t3 , but not necessarily equal to t1 , t2 , t3 .
Address,
Motor Text Book Dept. ROBERT SMITH PTG. CO., Lansing,
Mich., U. S. A.
“THE HOW AND WHY OF THE AUTOMOBILE”
A book of practical information for seekers after the fundamental facts regarding the
gasoline engine and its application to the motor car.
Interesting and instructive to both the beginner and the expert—the former for
information, the latter for reference.
Written by Fay L. Faurote, B. S. (M. E.), for five years closely associated with the
Experimental Department of a pioneer automobile factory, for two years instructor in the
Detroit Motor School.
The book, which is handsomely bound in full cloth, printed on high-grade enameled
paper, contains over 200 pages and 250 illustrations and covers the following subjects:
CONTENTS
General Theory of Gas Engines—Simple explanation of cycle—The four-
stroke cycle—The two-stroke cycle—Advantages and disadvantages of each.
Motor Design—Cylinder, what it is and its use. Valves, mechanical and
automatic—Forms of valves—Valve timing and its influence on the motor—
Valve grinding, how to do it—Valve nomenclature. Crank Case—The
construction Bearings—Accessibility—Working parts—Uses. A crank case
oiling system. Crank Shafts—What they are—One, two, four and six-cylinder
crank shafts—Crank case diagram, showing instantly conditions in all cylinders
—Diagram showing firing points and sequence of same. Connecting Rods—
Construction and material—Bearings and lubrication. Pistons—Piston rings—
Piston pins.
The Carburetor—A very simple explanation of carburetion—The mixing valve—
A few of the first types—Some of the modern carburetors—Foreign carburetors.
Ignition—The make and break system—A simple explanation of the apparatus
used. The Jump Spark System—Electrical units. Sources of Electricity—
The dry cell—The storage cell—Dynamos and magnetos—The spark coil—
Commutators and timing devices—Spark plugs—Wiring diagrams.
Cooling System—Air Cooling. Water Cooling—Direction of circulation—
Radiators—Water pumps—Fans—Anti-freezing solutions.
The Transmission—Reason for and use of transmission. Simple Explanation
of Action—Individual clutch type—The sliding gear—The three speed
progressive—The three speed selective—The four speed selective—Planetary
gear—Friction drive.
Methods of Driving—Single chain drive—Double chain drive—Bevel gear drive.
Running Gear—Front Axle—Construction of—Steering Gear. Rear Axle—
Differential gear—The live axle—The dead axle—Wheel construction—
Bearings.
Horse Power Determinations—Engine testing—Indicated horse power—Brake
horse power—Mechanical and heat efficiency—Road testing.
What a Prominent Trade Paper Says About It.
A Handbook of Practical Value—The latest addition to the popular type of
automobile handbook. “The How and Why of the Automobile,” by Fay L. Faurote, fulfills
what its author has set himself to achieve, namely, to present a plain, easily understood
description of the modern automobile. Assuming that his reader knows nothing about the
subject, the author introduces the automobile in as simple and untechnical a manner as
possible. The entire field is covered and covered so completely that the work can be
recommended as a handbook for beginners or those with only a limited knowledge of this
subject.—Automobile, April 18.
Send in your order at once—don’t delay. The price is $1.00 postage pre-paid, and the
address is
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside
the United States, check the laws of your country in addition to
the terms of this agreement before downloading, copying,
displaying, performing, distributing or creating derivative works
based on this work or any other Project Gutenberg™ work. The
Foundation makes no representations concerning the copyright
status of any work in any country other than the United States.
1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if
you provide access to or distribute copies of a Project
Gutenberg™ work in a format other than “Plain Vanilla ASCII” or
other format used in the official version posted on the official
Project Gutenberg™ website (www.gutenberg.org), you must, at
no additional cost, fee or expense to the user, provide a copy, a
means of exporting a copy, or a means of obtaining a copy upon
request, of the work in its original “Plain Vanilla ASCII” or other
form. Any alternate format must include the full Project
Gutenberg™ License as specified in paragraph 1.E.1.
• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”
• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.
1.F.
Most people start at our website which has the main PG search
facility: www.gutenberg.org.