Pub Date : 2025-04-19DOI: 10.1016/j.scico.2025.103317
Xiangyu Mu , Xuan Zhang , Chenlu Zhu , Ning Li , Peng Zhang , Lei Liu
With the continuous development of the MapReduce programming model, it is necessary to ensure the reliability of MapReduce programs. In practice, the non-commutativity of Reduce functions seriously affects the reliability of the MapReduce program, which is difficult to debug and even causes errors. Current researches on the non-commutability detection of Reduce function consider the case that the input value is a single attribute. However, such researches ignore the situation where inputs to most reduce functions in practical applications consist of multiple columns (such as a table). To test the commutativity of reduce functions where each input record may contain several input attributes, a new testing method is proposed. This approach uses symbolic execution tools to help generate a few input records, and breaks their data dependencies to generate an original test case t0, with a dynamic program slicing technique to lessen the scale of t0. And the ultimate test suite is consisted of different permutations of records in t0. In the end, experiments demonstrate the effectiveness of our testing method and that the permutation method Gm is helpful to reduce its complexity.
{"title":"Testing non-commutativity of reduce functions with multi-column inputs","authors":"Xiangyu Mu , Xuan Zhang , Chenlu Zhu , Ning Li , Peng Zhang , Lei Liu","doi":"10.1016/j.scico.2025.103317","DOIUrl":"10.1016/j.scico.2025.103317","url":null,"abstract":"<div><div>With the continuous development of the MapReduce programming model, it is necessary to ensure the reliability of MapReduce programs. In practice, the non-commutativity of Reduce functions seriously affects the reliability of the MapReduce program, which is difficult to debug and even causes errors. Current researches on the non-commutability detection of Reduce function consider the case that the input value is a single attribute. However, such researches ignore the situation where inputs to most reduce functions in practical applications consist of multiple columns (such as a table). To test the commutativity of reduce functions where each input record may contain several input attributes, a new testing method is proposed. This approach uses symbolic execution tools to help generate a few input records, and breaks their data dependencies to generate an original test case t<sub>0</sub>, with a dynamic program slicing technique to lessen the scale of t<sub>0</sub>. And the ultimate test suite is consisted of different permutations of records in t<sub>0</sub>. In the end, experiments demonstrate the effectiveness of our testing method and that the permutation method Gm is helpful to reduce its complexity.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103317"},"PeriodicalIF":1.5,"publicationDate":"2025-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143856028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The complexity of Autonomous Vehicles imposes significant challenges to their formal specification and verification, especially when incorporating AI controllers based on quantized neural networks (QNNs), which use fixed-point arithmetic to accommodate the limited computational capabilities of embedded systems. Despite the advantages of QNNs, verification of these networks, whether using integers or bit vectors, has proven to be PSPACE-hard.
Our approach focuses on exhaustively verifying abstract scenarios expressed as Satisfiability Modulo Theories (SMT) proof objectives. We propose a formal verification method for QNNs that involves analyzing a rational approximation of the network with perturbations to ensure that the output sets of the perturbed rational neural network include those of both the QNN and its rational neural network approximation.
The distance between these output sets is computed using the p-norm. To evaluate our methodology, we used the Highway-env autonomous vehicle simulator and z3 SMT solver.
{"title":"Formal specification and SMT verification of quantized neural network for autonomous vehicles","authors":"Wahiba Bachiri , Yassamine Seladji , Pierre-Loïc Garoche","doi":"10.1016/j.scico.2025.103316","DOIUrl":"10.1016/j.scico.2025.103316","url":null,"abstract":"<div><div>The complexity of Autonomous Vehicles imposes significant challenges to their formal specification and verification, especially when incorporating AI controllers based on quantized neural networks (QNNs), which use fixed-point arithmetic to accommodate the limited computational capabilities of embedded systems. Despite the advantages of QNNs, verification of these networks, whether using integers or bit vectors, has proven to be <span>PSPACE</span>-hard.</div><div>Our approach focuses on exhaustively verifying abstract scenarios expressed as Satisfiability Modulo Theories (SMT) proof objectives. We propose a formal verification method for QNNs that involves analyzing a rational approximation of the network with perturbations to ensure that the output sets of the perturbed rational neural network include those of both the QNN and its rational neural network approximation.</div><div>The distance between these output sets is computed using the <em>p</em>-norm. To evaluate our methodology, we used the <span>Highway-env</span> autonomous vehicle simulator and z3 SMT solver.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103316"},"PeriodicalIF":1.5,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143856029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-04DOI: 10.1016/j.scico.2025.103312
Stefan Hallerstede , John Hatcliff
Many visions for model-driven component-based development emphasize models as the “single source of truth” by which different forms of analysis, specification, verification, and code generation are integrated. Such visions depend strongly on a clear modeling language semantics that provides different tools and stakeholders with a common understanding of a model's meaning. In this paper, we report on a mechanization in the Isabelle theorem prover of a formal semantics for key aspects of the SAE standard AADL modeling language. A primary goal of this semantics is to support component-oriented contract specification and verification as well as code generation implemented in the HAMR AADL model-driven development tool chain. We provide formal definitions of run-time system state, execution steps, reachable states, and property verification. Use of the mechanization for real-world applications is supported by automated HAMR translation from AADL models into the Isabelle specifications. In addition to general verification support, we define well-formedness properties and associated proofs for models, system states, and traces that are automatically proven for HAMR-generated Isabelle models.
{"title":"A mechanized semantics for component-based systems in the HAMR AADL runtime","authors":"Stefan Hallerstede , John Hatcliff","doi":"10.1016/j.scico.2025.103312","DOIUrl":"10.1016/j.scico.2025.103312","url":null,"abstract":"<div><div>Many visions for model-driven component-based development emphasize models as the “single source of truth” by which different forms of analysis, specification, verification, and code generation are integrated. Such visions depend strongly on a clear modeling language semantics that provides different tools and stakeholders with a common understanding of a model's meaning. In this paper, we report on a mechanization in the Isabelle theorem prover of a formal semantics for key aspects of the SAE standard AADL modeling language. A primary goal of this semantics is to support component-oriented contract specification and verification as well as code generation implemented in the HAMR AADL model-driven development tool chain. We provide formal definitions of run-time system state, execution steps, reachable states, and property verification. Use of the mechanization for real-world applications is supported by automated HAMR translation from AADL models into the Isabelle specifications. In addition to general verification support, we define well-formedness properties and associated proofs for models, system states, and traces that are automatically proven for HAMR-generated Isabelle models.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103312"},"PeriodicalIF":1.5,"publicationDate":"2025-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143799712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-04DOI: 10.1016/j.scico.2025.103314
Sascha Lehmann , Antje Rogalla , Maximilian Neidhardt , Alexander Schlaefer , Sibylle Schupp
Autonomous systems often address complex planning problems, which require both prospective action planning and retrospective data evaluation. Timed games could aid since they automatically synthesize strategies that, provably correct, solve those planning problems; yet, they assume a static model of the environment, which is not realistic for autonomous systems. However, many autonomous systems are control applications, which employ sensors that capture system behavior at run time and can thus compensate for incomplete knowledge at modeling time. In this paper, we propose an online strategy synthesis, which, based on offline strategy synthesis on the one hand and on sensor information about the current state of the physical world on the other hand, derives formal safety guarantees while reacting and adapting to environment changes. We formalize the needle-steering problem from medical robotics, i.e., the problem of navigating a (flexible and beveled) needle through partially unknown tissue towards a target without damaging its surroundings, by interpreting it as a timed game. Further, we introduce a new representation of its environment through different region types that determine the acceptance of action plans and trigger local correcting actions. We present an algorithm for online strategy synthesis and, for the given region representation, formally prove that it returns safe online controllers. The algorithm is implemented on top of Uppaal Stratego. For two medical applications of needle steering, peridural anesthesia and predefined needle trajectory, we demonstrate the necessity of online adjustments in a series of simulations with various degrees of initial knowledge about the environment, and show that the overhead of online synthesis remains practical.
{"title":"A provably safe controller for the needle-steering problem using online strategy synthesis","authors":"Sascha Lehmann , Antje Rogalla , Maximilian Neidhardt , Alexander Schlaefer , Sibylle Schupp","doi":"10.1016/j.scico.2025.103314","DOIUrl":"10.1016/j.scico.2025.103314","url":null,"abstract":"<div><div>Autonomous systems often address complex planning problems, which require both prospective action planning and retrospective data evaluation. Timed games could aid since they automatically synthesize strategies that, provably correct, solve those planning problems; yet, they assume a static model of the environment, which is not realistic for autonomous systems. However, many autonomous systems are control applications, which employ sensors that capture system behavior at run time and can thus compensate for incomplete knowledge at modeling time. In this paper, we propose an <em>online strategy synthesis</em>, which, based on offline strategy synthesis on the one hand and on sensor information about the current state of the physical world on the other hand, derives formal safety guarantees while reacting and adapting to environment changes. We formalize the needle-steering problem from medical robotics, i.e., the problem of navigating a (flexible and beveled) needle through partially unknown tissue towards a target without damaging its surroundings, by interpreting it as a timed game. Further, we introduce a new representation of its environment through different region types that determine the acceptance of action plans and trigger local correcting actions. We present an algorithm for online strategy synthesis and, for the given region representation, formally prove that it returns safe online controllers. The algorithm is implemented on top of Uppaal Stratego. For two medical applications of needle steering, <em>peridural anesthesia</em> and <em>predefined needle trajectory</em>, we demonstrate the necessity of online adjustments in a series of simulations with various degrees of initial knowledge about the environment, and show that the overhead of online synthesis remains practical.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103314"},"PeriodicalIF":1.5,"publicationDate":"2025-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143799713","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-03DOI: 10.1016/j.scico.2025.103313
Cheng-Hao Cai , Jing Sun , Gillian Dobbie
A design model is the abstract representation of an actual process or software product. Although some software faults can be found by diagnosing design models before implementation, repairing the design models is time-consuming to software developers. To achieve faster software development, this paper introduces an automated approach to generally repair design models diagnosed by model checking. Model checkers are used to detect faults such as unreachable goals and violated properties in design models. Such faults are eliminated in parallel by insertion, modification and deletion operators found by constraint solving and predictive models. The outcomes of model repair are evaluated using the ISO/IEC 25010 software quality metrics. Experimental results have demonstrated that the proposed approach can eliminate unreachable goals and invariant violations in various design models while preserving their model quality. The effectiveness and performance of such design model repair processes depend mainly on the complexity of design model, the efficiency of constraint solver and the accuracy of predictive model. This study indicates that model-driven software development can be more efficient by automating model diagnosis, fault elimination and quality evaluation.
{"title":"The automation of design model repair","authors":"Cheng-Hao Cai , Jing Sun , Gillian Dobbie","doi":"10.1016/j.scico.2025.103313","DOIUrl":"10.1016/j.scico.2025.103313","url":null,"abstract":"<div><div>A design model is the abstract representation of an actual process or software product. Although some software faults can be found by diagnosing design models before implementation, repairing the design models is time-consuming to software developers. To achieve faster software development, this paper introduces an automated approach to generally repair design models diagnosed by model checking. Model checkers are used to detect faults such as unreachable goals and violated properties in design models. Such faults are eliminated in parallel by insertion, modification and deletion operators found by constraint solving and predictive models. The outcomes of model repair are evaluated using the ISO/IEC 25010 software quality metrics. Experimental results have demonstrated that the proposed approach can eliminate unreachable goals and invariant violations in various design models while preserving their model quality. The effectiveness and performance of such design model repair processes depend mainly on the complexity of design model, the efficiency of constraint solver and the accuracy of predictive model. This study indicates that model-driven software development can be more efficient by automating model diagnosis, fault elimination and quality evaluation.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103313"},"PeriodicalIF":1.5,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143786229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Signal Temporal Logic (STL) is a convenient formalism to express bounded horizon properties of autonomous critical systems. STL allows to express real-valued signal properties and associates a non-singleton bound interval to each temporal operators. In the case of critical autonomous systems, it may be necessary to check the validity of an STL property in real-time. To that end, we provide a rigorous encoding of non-nested discrete-time STL formulas into Lustre synchronous observers.
Our encoding provides a three-valued online semantics for the observers and therefore enables both the verification of the property and the search of counter-examples. A key contribution of this work is an instrumented proof of the validity of the implementation with respect to the original STL semantics. All of the experiments are automated with the Kind2 model checker and the Z3 SMT solver.
{"title":"Formally proved specification of non-nested STL formulas as synchronous observers","authors":"Céline Bellanger , Pierre-Loic Garoche , Matthieu Martel , Celia Picard","doi":"10.1016/j.scico.2025.103315","DOIUrl":"10.1016/j.scico.2025.103315","url":null,"abstract":"<div><div>Signal Temporal Logic (STL) is a convenient formalism to express bounded horizon properties of autonomous critical systems. STL allows to express real-valued signal properties and associates a non-singleton bound interval to each temporal operators. In the case of critical autonomous systems, it may be necessary to check the validity of an STL property in real-time. To that end, we provide a rigorous encoding of non-nested discrete-time STL formulas into Lustre synchronous observers.</div><div>Our encoding provides a three-valued online semantics for the observers and therefore enables both the verification of the property and the search of counter-examples. A key contribution of this work is an instrumented proof of the validity of the implementation with respect to the original STL semantics. All of the experiments are automated with the Kind2 model checker and the Z3 SMT solver.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103315"},"PeriodicalIF":1.5,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143837897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-01DOI: 10.1016/j.scico.2025.103311
Jianqiang Lv , Cai Fu , Liangheng Chen , Ming Liu , Shuai He , Shuai Jiang , Lansheng Han
Many methods have been proposed to utilize software obfuscation techniques to steganographically embed certain code logic within a program, thereby enhancing the protection of software intellectual property. Currently, the protective effect of software obfuscation primarily focuses on safeguarding the native semantics of the target program, with little attention paid to the obfuscation of steganographic semantics. For instance, in the context of software copyright protection, code watermarks need to be embedded into the target program, and the ability to localize the watermark code becomes a critical means for attackers to bypass copyright protection. However, existing watermark code suffers from several shortcomings, such as low integration with the target program, weak resistance to dynamic reverse analysis, poor concealment, and ease of localization. This paper proposes a novel code semantic steganography scheme, DopSteg. The scheme leverages the principles of data-oriented programming, first determining the data-safe zones and semantic execution zones. Based on the semantic execution zones, the intermediate representation of the target software is partitioned. Through control flow flattening, reusable code fragments are encapsulated within the ‘switch’ branches of loop structures, thereby achieving code semantic steganography. A Turing completeness analysis of DopSteg demonstrates its capability to steganographically embed complex semantics. Experimental evaluations show that DopSteg increases instruction entropy by an average of approximately 140%, enabling deeper semantic steganography. Reverse analysis requires additional effort to analyze the steganographic semantic logic, significantly enhancing resistance to dynamic analysis while maintaining stable overhead. DopSteg provides a novel approach to software copyright protection.
{"title":"DopSteg: Program steganography using data-oriented programming","authors":"Jianqiang Lv , Cai Fu , Liangheng Chen , Ming Liu , Shuai He , Shuai Jiang , Lansheng Han","doi":"10.1016/j.scico.2025.103311","DOIUrl":"10.1016/j.scico.2025.103311","url":null,"abstract":"<div><div>Many methods have been proposed to utilize software obfuscation techniques to steganographically embed certain code logic within a program, thereby enhancing the protection of software intellectual property. Currently, the protective effect of software obfuscation primarily focuses on safeguarding the native semantics of the target program, with little attention paid to the obfuscation of steganographic semantics. For instance, in the context of software copyright protection, code watermarks need to be embedded into the target program, and the ability to localize the watermark code becomes a critical means for attackers to bypass copyright protection. However, existing watermark code suffers from several shortcomings, such as low integration with the target program, weak resistance to dynamic reverse analysis, poor concealment, and ease of localization. This paper proposes a novel code semantic steganography scheme, DopSteg. The scheme leverages the principles of data-oriented programming, first determining the data-safe zones and semantic execution zones. Based on the semantic execution zones, the intermediate representation of the target software is partitioned. Through control flow flattening, reusable code fragments are encapsulated within the ‘switch’ branches of loop structures, thereby achieving code semantic steganography. A Turing completeness analysis of DopSteg demonstrates its capability to steganographically embed complex semantics. Experimental evaluations show that DopSteg increases instruction entropy by an average of approximately 140%, enabling deeper semantic steganography. Reverse analysis requires additional effort to analyze the steganographic semantic logic, significantly enhancing resistance to dynamic analysis while maintaining stable overhead. DopSteg provides a novel approach to software copyright protection.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103311"},"PeriodicalIF":1.5,"publicationDate":"2025-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143791249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-26DOI: 10.1016/j.scico.2025.103303
Xinjie Wei , Chang-ai Sun , Pengpeng Yang , Xiao-Yi Zhang , Dave Towey
Microservice architecture has been increasingly adopted to develop various distributed systems due to, amongst other things, its flexibility and scalability. A microservice system often involves numerous invocations among services, making it vulnerable to potential anomalies such as improper configurations of services and improper coordination among services. Existing anomaly detection techniques either identify inter-service anomalies by constructing distributed traces or identify intra-service anomalies by mining features from system logs. However, the intra-service and inter-service behaviors may couple with each other, leading to complex anomalies that may escape detection through the individual examination of traces or logs. In this paper, we propose TraLogAnomaly, an approach for microservice-system anomaly detection. TraLogAnomaly proposes hybrid event vector sequences (HVSs) integrating both inter-service traces and intra-service logs and then identifies the anomalies' patterns from these HVSs. It extracts the patterns of anomalies with the help of a Transformer model. Term frequency-inverse document frequency (TF-IDF) is applied to weighted features learned from hybrid sequences. By integrating information from diverse data sources, the HVSs enhance the ability of these patterns to capture complex system behavior, cover multiple layers of system information, and have higher context-awareness. In addition, TraLogAnomaly also integrates a module that employs agglomeration hierarchical clustering to mine trace patterns of performance anomalies. Empirical results based on widely-used benchmarks show that TraLogAnomaly achieves a high F1-score for detecting anomalies of different types.
{"title":"TraLogAnomaly: A microservice system anomaly detection approach based on hybrid event sequences","authors":"Xinjie Wei , Chang-ai Sun , Pengpeng Yang , Xiao-Yi Zhang , Dave Towey","doi":"10.1016/j.scico.2025.103303","DOIUrl":"10.1016/j.scico.2025.103303","url":null,"abstract":"<div><div>Microservice architecture has been increasingly adopted to develop various distributed systems due to, amongst other things, its flexibility and scalability. A microservice system often involves numerous invocations among services, making it vulnerable to potential anomalies such as improper configurations of services and improper coordination among services. Existing anomaly detection techniques either identify inter-service anomalies by constructing distributed traces or identify intra-service anomalies by mining features from system logs. However, the intra-service and inter-service behaviors may couple with each other, leading to complex anomalies that may escape detection through the individual examination of traces or logs. In this paper, we propose TraLogAnomaly, an approach for microservice-system anomaly detection. TraLogAnomaly proposes hybrid event vector sequences (HVSs) integrating both inter-service traces and intra-service logs and then identifies the anomalies' patterns from these HVSs. It extracts the patterns of anomalies with the help of a Transformer model. Term frequency-inverse document frequency (TF-IDF) is applied to weighted features learned from hybrid sequences. By integrating information from diverse data sources, the HVSs enhance the ability of these patterns to capture complex system behavior, cover multiple layers of system information, and have higher context-awareness. In addition, TraLogAnomaly also integrates a module that employs agglomeration hierarchical clustering to mine trace patterns of performance anomalies. Empirical results based on widely-used benchmarks show that TraLogAnomaly achieves a high F1-score for detecting anomalies of different types.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103303"},"PeriodicalIF":1.5,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143716327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Autonomous driving functions (ADFs) are becoming more relevant and complex. Still, their safe and correct operation must be guaranteed. Scenario-based testing, i.e. confronting the ADF under test with other traffic in specified scenarios is an established approach for the validation and verification of ADFs, but tests currently often only consider simple technical requirements. Safe and correct operation is not only the absence of collisions but involves complex spatio-temporal requirements on the externally observable, functional driving behaviour in traffic.
In this work, we consider Traffic Sequence Charts (TSCs) as a visual formalism for the specification of complex, functional ADF requirements. We define a monitoring problem for TSCs and finite, sampled observations of ADF behaviour and discuss how monitor verdicts contribute to requirements testing. We show that such monitors can effectively be constructed for realistic requirements and that they can contribute to efficient testing by assessing ADF behaviour at runtime.
{"title":"Runtime monitoring of complex scenario-based requirements for autonomous driving functions","authors":"Ralf Stemmer, Ishan Saxena, Lukas Panneke, Dominik Grundt, Anna Austel, Eike Möhlmann, Bernd Westphal","doi":"10.1016/j.scico.2025.103301","DOIUrl":"10.1016/j.scico.2025.103301","url":null,"abstract":"<div><div>Autonomous driving functions (ADFs) are becoming more relevant and complex. Still, their safe and correct operation must be guaranteed. Scenario-based testing, i.e. confronting the ADF under test with other traffic in specified scenarios is an established approach for the validation and verification of ADFs, but tests currently often only consider simple technical requirements. Safe and correct operation is not only the absence of collisions but involves complex spatio-temporal requirements on the externally observable, functional driving behaviour in traffic.</div><div>In this work, we consider Traffic Sequence Charts (TSCs) as a visual formalism for the specification of complex, functional ADF requirements. We define a monitoring problem for TSCs and finite, sampled observations of ADF behaviour and discuss how monitor verdicts contribute to requirements testing. We show that such monitors can effectively be constructed for realistic requirements and that they can contribute to efficient testing by assessing ADF behaviour at runtime.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"244 ","pages":"Article 103301"},"PeriodicalIF":1.5,"publicationDate":"2025-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143696676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-20DOI: 10.1016/j.scico.2025.103302
Lucas Carvalho , Tayana Conte
In the development of modern software solutions, architecture plays a crucial role in the success of the solution, as it comprises structural and behavioral features of the system, along with critical decisions about the system. Given this, several studies have been conducted in the literature about architecture decision-making process, but these studies are normally conducted with professionals outside of the Brazilian perspective or restricted to a specific company. Although architecture knowledge is the same, differences, like cultural behaviors, professional experiences and academic background, may arise. For this reason, this study presents the architecture decision-making from the view of Brazilian software practitioners. The results are a compilation of findings from 12 semi-structured interviews with senior practitioners from different companies and provide insights about the decision-making process. Regarding the context in which decisions are made, it is found that practitioners often guide and influence decisions and use experience as their main foundation, and the process is normally influenced by features of the company, like its domain and size. Concerning the decision-making process, practitioners in most cases use PoCs, organizational patterns or requirements to define the architecture. Group decision-making is often followed, although no systematic approach is used. Also, no tools are employed to support decision-making, and the decisions are documented and revised frequently.
{"title":"Software architecture decision-making process: The practitioners' view from the Brazilian industry","authors":"Lucas Carvalho , Tayana Conte","doi":"10.1016/j.scico.2025.103302","DOIUrl":"10.1016/j.scico.2025.103302","url":null,"abstract":"<div><div>In the development of modern software solutions, architecture plays a crucial role in the success of the solution, as it comprises structural and behavioral features of the system, along with critical decisions about the system. Given this, several studies have been conducted in the literature about architecture decision-making process, but these studies are normally conducted with professionals outside of the Brazilian perspective or restricted to a specific company. Although architecture knowledge is the same, differences, like cultural behaviors, professional experiences and academic background, may arise. For this reason, this study presents the architecture decision-making from the view of Brazilian software practitioners. The results are a compilation of findings from 12 semi-structured interviews with senior practitioners from different companies and provide insights about the decision-making process. Regarding the context in which decisions are made, it is found that practitioners often guide and influence decisions and use experience as their main foundation, and the process is normally influenced by features of the company, like its domain and size. Concerning the decision-making process, practitioners in most cases use PoCs, organizational patterns or requirements to define the architecture. Group decision-making is often followed, although no systematic approach is used. Also, no tools are employed to support decision-making, and the decisions are documented and revised frequently.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"244 ","pages":"Article 103302"},"PeriodicalIF":1.5,"publicationDate":"2025-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143682185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号