Software and Systems Modeling最新文献

Stability is a fundamental requirement of dynamical systems. Most of the works concentrate on verifying stability for a given stability region. In this paper, we tackle the problem of synthesizing ({mathbb {P}})-stable abstractions. Intuitively, the ({mathbb {P}})-stable abstraction of a dynamical system characterizes the transitions between stability regions in response to external inputs. The stability regions are not given—rather, they are synthesized as their most precise representation with respect to a given set of predicates ({mathbb {P}}). A ({mathbb {P}})-stable abstraction is enriched by timing information derived from the duration of stabilization. We implement a synthesis algorithm in the framework of Abstract Interpretation that allows different degrees of approximation. We show the representational power of ({mathbb {P}})-stable abstractions that provide a high-level account of the behavior of the system with respect to stability, and we experimentally evaluate the effectiveness of the algorithm in synthesizing ({mathbb {P}})-stable abstractions for significant systems.

In our previous work, we proposed a verification framework that shifts from the “code is law” to a new “specification is law” paradigm related to the safe evolution of smart contracts. The framework proposed there relaxed the well-established requirement that, once a smart contract is deployed in a blockchain, its code is expected to be immutable. More flexibly, contracts are allowed to be created and upgraded provided they meet a corresponding formal specification that was fixed. In the current paper, we extend this framework to allow specifications to evolve, provided a refinement notion is preserved. We propose a notion of specification refinement tailored for smart contracts and a methodology for checking it. In addition to weakening preconditions and strengthening postconditions and invariants, we allow for the change of data representation and interface extension. Thus, we are able to reason about a significantly wider class of smart contract evolution histories, when contrasted with the original framework. The new framework is centred around a trusted deployer: an off-chain service that formally verifies and enforces the notions of implementation conformance and specification refinement. We have investigated its applicability to the safe deployment and upgrade of contracts implementing widely used Ethereum standards (the ERC20 Token Standard, the ERC3156 Flash Loans, the ERC1155 Multi Token Standard and The ERC721 standard for Non-Fungible Tokens); we handle evolutions possibly involving changes in data representation and interface extensions.

Abstract

When creating a software model, it is necessary that it accurately captures the desired behaviour, while at the same time ensuring that any undesired behaviour is excluded. On the one hand, formal verification tools can be used to check the internal consistency of a software system, ensuring that the behaviour of one software component does not contradict another. On the other hand, software testing is essential to check the external validity of the model more comprehensively. Unfortunately, software testing is often overlooked in curricula, resulting in graduates with inadequate software testing skills for industry. Software testing tools such as TesCaV can be used to help teachers teach software testing topics in a non-intrusive and less time-consuming way. Previous research has shown that TesCaV is easy to use and that novice users produce better quality software tests when using TesCaV. However, it has remained unclear whether learners retain the skills they gain from using TesCaV even when the tool is not offered for help. In order to understand the positive effect of TesCaV on learners’ software testing skills, this study conducted an experiment with 45 participants. The experiment used a pretest-treatment-posttest design. The results show that participants feel equally confident about the completeness of their test coverage, even though they identify more test cases. It is concluded that for course design, a capsule such as TesCaV can help students to understand the full complexity of software testing and help them to be more systematic in their approach.

The design of cyber-physical systems (CPS) is challenging due to the heterogeneity of software and hardware components that operate in uncertain environments (e.g., fluctuating workloads), hence they are prone to performance issues. Software performance antipatterns could be a key means to tackle this challenge since they recognize design problems that may lead to unacceptable system performance. This manuscript focuses on modeling and analyzing a variegate set of software performance antipatterns with the goal of quantifying their performance impact on CPS. Starting from the specification of eight software performance antipatterns, we build a baseline queuing network performance model that is properly extended to account for the corresponding bad practices. The approach is applied to a CPS consisting of a network of sensors and experimental results show that performance degradation can be traced back to software performance antipatterns. Sensitivity analysis investigates the peculiar characteristics of antipatterns, such as the frequency of checking the status of resources, that provides quantitative information to software designers to help them identify potential performance problems and their root causes. Quantifying the performance impact of antipatterns on CPS paves the way for future work enabling the automated refactoring of systems to remove these bad practices.

Abstract

The Business Process Modeling, Development and Support (BPMDS) working conference series, held in conjunction with CAiSE conferences, serve as a meeting place for researchers and practitioners in Business Process Modeling, Development, and Support. Business process analysis, design, and support, addressed by the BPMDS series, have been recognized as a central issue in information systems (IS) engineering. In 2011, BPMDS became a two-day working conference held in conjunction with CAiSE (Conference on Advanced Information Systems Engineering). The goals, format, and history of BPMDS can be found on the website http://www.bpmds.org/.

Conversational user interfaces (CUIs), such as chatbots, are becoming a common component of many software systems. Although they are evolving in many directions (such as advanced language processing features, thanks to new AI-based developments), less attention has been paid to access control and other security concerns associated with CUIs, which may pose a clear risk to the systems they interface with. In this paper, we apply model-driven techniques to model and enforce access-control policies in CUIs. In particular, we present a fully fledged framework to integrate the role-based access-control (RBAC) protocol into CUIs by: (1) modeling a set of access-control rules to specify permissions over the bot resources using a domain-specific language that tailors core RBAC concepts to the CUI domain; and (2) describing a mechanism to show the feasibility of automatically generating the infrastructure to evaluate and enforce the modeled access control policies at runtime.

Over the past few years, several software companies have emerged that offer process mining tools to assist enterprises in gaining insights into their process executions. However, the effective application of process mining technologies depends on analysts who need to be proficient in managing process mining projects and providing process insights and improvement opportunities. To contribute to a better understanding of the difficulties encountered by analysts and to pave the way for the development of enhanced and tailored support for them, this work reveals the challenges they perceive in practice. In particular, we identify 23 challenges based on interviews with 41 analysts, which we validate using a questionnaire survey. We provide insights into the relevancy of the process mining challenges and present mitigation strategies applied in practice to overcome them. While mitigation strategies exist, our findings imply the need for further research to provide support for analysts along all phases of process mining projects on the individual level, but also the technical, group, and organizational levels.