Daniela Cancila

Toward Correctness in the Specification and Handling of Non-Functional Attributes of High-Integrity Real-Time Embedded Systems

In high-integrity systems, the focus of the development process is geared to assuring that the assertions made on the system are both correct (i.e., semantically sustainable) and feasible (i.e., true at run time). Some of those assertions take effect in the non-functional domain, that is, in how the system is realized and behaves in time, space and communication during execution; others in the functional domain, and thus concern what outputs the system produces for its inputs. In this paper, we address the problem of achieving correct specification and handling of non-functional attributes, with particular regard to the concurrent structure of the system, the safeness of the interaction protocols engaged in it, and the guarantee that its timing feasibility can be statically verified. Our approach is based on a Model-Driven Engineering methodology, in which correctness can be ensured by construction or verified at a high level of abstraction, while the runtime implementation structure and code are automatically generated. We employ the Ravenscar Computation Model (RCM) and focus, in particular, on aerospace applications, which impose stringent requirements on correctness properties. We discuss an algebraic formalization of our model based on graph theory which we use to prove safe termination in systems compliant with RCM, and show how to use the MAST+ static analyzer to verify the timing aspects. We finally illustrate the results of a prototype tool that was developed for evaluation by major industrial players in the European space industry.

Metamodels in Europe: Languages, Tools, and Applications

This article provides an overview of current efforts in Europe for using metamodeling in the integrated development of critical systems such as automotive electronics. It distinguishes between lightweight versus heavyweight approaches, surveys a number of related current European projects, and gives details about the Speeds project to illustrate the role of metamodeling-driven system engineering.

Generalized Coiteration Schemata

Abstract Coiterative functions can be explained categorically as final coalgebraic morphisms, once coinductive types are viewed as final coalgebras. However, the coiteration schema which arises in this way is too rigid to accommodate directly many interesting classes of circular specifications. In this paper, building on the notion of T-coiteration introduced by the third author and capitalizing on recent work on bialgebras by Turi-Plotkin and Bartels, we introduce and illustrate various generalized coiteration patterns. First we show that, by choosing the appropriate monad T, T-coiteration captures naturally a wide range of coiteration schemata, such as the duals of primitive recursion and course-of-value iteration, and mutual coiteration. Then we show that, in the more structured categorical setting of bialgebras, T-coiteration captures guarded coiterations schemata, i.e. specifications where recursive calls appear guarded by predefined algebraic operations.

Do text transcoders improve usability for disabled users

Text transcoders are web--server systems that produce, on the fly, a text-only version of a web page requested by a user of a browser. Although the potential benefits of text transcoders axe multifaceted and discussions on appropriateness of text transcoders to produce accessible versions of web sites are still ongoing, at the moment the impact of transcoded pages on disabled web users has not been scientifically studied yet.This paper describes an experiment aimed at evaluating usability of web pages processed by a text transcoder and used by 29 disabled persons. Results based on subjective and objective data show how usability changes, and which results can be generalized to a wider population.

An Industrial Case Study Using an MBE Approach: From Architecture to Safety Analysis

We discuss the initial phases of software development of a real industrial safety-related device in the railway application domain. In particular, to achieve greater confidence in the system, we illustrate the development of the system architecture (using a standard model domain-specific language), the computation of the safety integrity level and the calculation of the reliability of the whole system. We reiterate the safety analysis on the sub-systems. The proposed methodology has found immediate industrial applications.

Functional and structural properties in the Model-Driven Engineering approach

In this paper we discuss the separation between attributes on functionality and on structure following an approach based on model driven engineering (MDE). We adopt a methodological approach based on correctness-by-construction for modeling high-integrity real-time embedded systems. We illustrate how this separation is implemented by a prototype, recently realized by our research team. Software reuse is incremented by using the prototype. This has been confirmed by the evaluation of two teams from major European space industry. We conclude our work by discussing some open problems.

Cyber-Physical System and Contract-Based Design: A Three Dimensional View

This work reports on the experience arising from the master internship contract-based design tailored to safety issues for cyber-physical systems (CPS). The main educational goal is to confront the student with realistic mixed-critical smart CPS systems, using the railway domain and autonomous trains as a case study. The results show that, for this class of systems, education should transition from a 2D to a 3D modeling design space, which is much better suited to visualizing the evolution and the underlying properties of the system. We use contract-based design to properly deal with the integration and composition of heterogeneous components, where safety aspects require special attention. The main scientific and technical results concern the implementation of contract-based design in a 3D tool. Finally, we discuss the teaching methodology underlying the internship and the competences required to address the design of a (critical) CPS by the new generation of students.

Some Properties and Some Problems on Set Functors

We study properties of functors on categories of sets (classes) together with set (class) functions. In particular, we investigate the notion of inclusion preserving functor, and we discuss various monotonicity and continuity properties of set functors. As a consequence of these properties, we show that some classes of set operators do not admit functorial extensions. Then, starting from Aczel’s Special Final Coalgebra Theorem, we study the class of functors uniform on maps, we present and discuss various examples of functors which are not uniform on maps but still inclusion preserving, and we discuss simple characterization theorems of final coalgebras as fixpoints. We present a number of conjectures and problems.

Experiences and reflections on three years of CPS summer schools within EIT digital

This article provides an overview of current European Commission effort in term of educational innovation to reduce the gap between research and industry which still is a barrier to the economic development. Entrepreneurial innovation & education driving Europes digital transformation (EIT Digital for short) is an European-based initiative fostering I&E (innovation and entrepreneurship) by integrating education, research and business at different educational levels. For instance in EIT master programmes, students work together with industries and academics to have a faster go-to-market of research results. Summer schools are part of the master programs; three of them have been organised related to CPS (cyber-physical systems), critical infrastructure and, more recently, Industry 4.0. Past and present events are discussed and the experience from these events is reported. It is further analysed how the general setup of the summer school program is affecting the educational aspects and achievement of the intended learning outcomes.

Properties of Set Functors

We prove that any endofunctor on a class-theoretic category has a final coalgebra. Moreover, we characterize functors on set-theoretic categories which are identical on objects, and functors which are constant on objects.