End-to-End Rationale Reconstruction

The logic behind design decisions, called design rationale, is very valuable. In the past, researchers have tried to automatically extract and exploit this information, but prior techniques are only applicable to specific contexts and there is insufficient progress on an end-to-end rationale information extraction pipeline. Here we outline a path towards such a pipeline that leverages several Machine Learning (ML) and Natural Language Processing (NLP) techniques. Our proposed context-independent approach, called Kantara, produces a knowledge graph representation of decisions and of their rationales, which considers their historical evolution and traceability. We also propose validation mechanisms to ensure the correctness of the extracted information and the coherence of the development process. We conducted a preliminary evaluation of our proposed approach on a small example sourced from the Linux Kernel, which shows promising results

Full contract verification for ATL using symbolic execution

The Atlas Transformation Language (ATL) is currently one of the most used model transformation languages and has become a de facto standard in model-driven engineering for implementing model transformations. At the same time, it is understood by the community that enhancing methods for exhaustively verifying such transformations allows for a more widespread adoption of model-driven engineering in industry. A variety of proposals for the verification of ATL transformations have arisen in the past few years. However, the majority of these techniques are either based on non-exhaustive testing or on proof methods that require human assistance and/or are not complete. In this paper, we describe our method for statically verifying the declarative subset of ATL model transformations. This verification is performed by translating the transformation (including features like filters, OCL expressions, and lazy rules) into our model transformation language DSLTrans. As we handle only the declarative portion of ATL, and DSLTrans is Turing-incomplete, this reduction in expressivity allows us to use a symbolic-execution approach to generate representations of all possible input models to the transformation. We then verify pre-/post-condition contracts on these representations, which in turn verifies the transformation itself. The technique we present in this paper is exhaustive for the subset of declarative ATL model transformations. This means that if the prover indicates a contract holds on a transformation, then the contract’s pre-/post-condition pair will be true for any input model for that transformation. We demonstrate and explore the applicability of our technique by studying several relatively large and complex ATL model transformations, including a model transformation developed in collaboration with our industrial partner. As well, we present our ‘slicing’ technique. This technique selects only those rules in the DSLTrans transformation needed for contract proof, thereby reducing proving timeComisión Interministerial de Ciencia y Tecnología TIN2015-70560-RJunta de Andalucía P10-TIC-5906Junta de Andalucía P12-TIC-186

Fully Verifying Transformation Contracts for Declarative ATL

The Atlas Transformation Language (ATL) is today a de-facto standard in model-driven development. It is understood by the community that methods for exhaustively verifying such transformations provide an important pillar for achieving a stronger adoption of model-driven development in industry. In this paper we propose a method for verifying ATL model transformations by translating them into DSLTrans, a transformation language with limited expressiveness. Pre-/postcondition contracts are then verified on the resulting DSLTrans specification using a symbolic-execution property prover. The technique we present in this paper is exhaustive for the declarative ATL subset, meaning that if a contract holds, it will hold when any input model is passed to the ATL transformation being checked. We explore the scalability of our technique using a set of examples, including a model transformation developed in collaboration with our industrial partner.European Commission ICT Policy Support Programme 31785

Fault localization in DSLTrans model transformations by combining symbolic execution and spectrum-based analysis

The verification of model transformations is important for realizing robust model-driven engineering technologies and quality-assured automation. Many approaches for checking properties of model transformations have been proposed. Most of them have focused on the effective and efficient detection of property violations by contract checking... While there exist fault localization approaches in the model transformation verification literature, these require the creation and maintenance of test cases, which imposes an additional burden on the developer. In this paper, we combine transformation verification based on symbolic execution with spectrum-based fault localization techniques for identifying the faulty rules in DSLTrans model transformations. This fault localization approach operates on the path condition output of symbolic transformation checkers instead of requiring a set of test input models. In particular, we introduce a workflow for running the symbolic execution of a model transformation, evaluating the defined contracts for satisfaction, and computing different measures for tracking the faulty rules. We evaluate the effectiveness of spectrum-based análisis techniques for tracking faulty rules and compare our approach to previous works. We evaluate our technique by introducing known mutations into five model transformations. Our results show that the best spectrum-based analysis techniques allow for effective fault localization, showing an average EXAM score below 0.30 (less than 30% of the transformation needs to be inspected). These techniques are also able to locate the faulty rule in the top-three ranked rules in 70% of all cases. The impact of the model transformation, the type of mutation and the type of contract on the results is discussed. Finally, we also investigate the cases where the technique does not work properly, including discussion of a potential pre-check to estimate the prospects of the technique for a certain transformation.Funding for open access charge: Universidad de Málaga / CBUA Funding for open access publishing: Universidad Málaga / CBU

General anaesthetic and airway management practice for obstetric surgery in England: a prospective, multi-centre observational study

There are no current descriptions of general anaesthesia characteristics for obstetric surgery, despite recent changes to patient baseline characteristics and airway management guidelines. This analysis of data from the direct reporting of awareness in maternity patients' (DREAMY) study of accidental awareness during obstetric anaesthesia aimed to describe practice for obstetric general anaesthesia in England and compare with earlier surveys and best-practice recommendations. Consenting patients who received general anaesthesia for obstetric surgery in 72 hospitals from May 2017 to August 2018 were included. Baseline characteristics, airway management, anaesthetic techniques and major complications were collected. Descriptive analysis, binary logistic regression modelling and comparisons with earlier data were conducted. Data were collected from 3117 procedures, including 2554 (81.9%) caesarean deliveries. Thiopental was the induction drug in 1649 (52.9%) patients, compared with propofol in 1419 (45.5%). Suxamethonium was the neuromuscular blocking drug for tracheal intubation in 2631 (86.1%), compared with rocuronium in 367 (11.8%). Difficult tracheal intubation was reported in 1 in 19 (95%CI 1 in 16-22) and failed intubation in 1 in 312 (95%CI 1 in 169-667). Obese patients were over-represented compared with national baselines and associated with difficult, but not failed intubation. There was more evidence of change in practice for induction drugs (increased use of propofol) than neuromuscular blocking drugs (suxamethonium remains the most popular). There was evidence of improvement in practice, with increased monitoring and reversal of neuromuscular blockade (although this remains suboptimal). Despite a high risk of difficult intubation in this population, videolaryngoscopy was rarely used (1.9%)

Examining model qualities and their impact on digital twins

International audienceDigital Twins (DTs) are built using modelling and simulation techniques in complex domains such as cyberphysical systems. However, further formal investigation is required for how a DT and the services it provides relate to the qualities of the models used by a service. Specifically, this article examines when a DT service can be said to have the qualities of relevant, verifiable, substitutable, and faithful based on the results of checking properties in comparison to the actual system. Using an incubator system as our running example, we show how a DT service relies on multiple models, present the consequences when these qualities are violated, and discuss strategies for adapting models to ensure these qualities