Grand Challenges of Traceability: The Next Ten Years

In 2007, the software and systems traceability community met at the first Natural Bridge symposium on the Grand Challenges of Traceability to establish and address research goals for achieving effective, trustworthy, and ubiquitous traceability. Ten years later, in 2017, the community came together to evaluate a decade of progress towards achieving these goals. These proceedings document some of that progress. They include a series of short position papers, representing current work in the community organized across four process axes of traceability practice. The sessions covered topics from Trace Strategizing, Trace Link Creation and Evolution, Trace Link Usage, real-world applications of Traceability, and Traceability Datasets and benchmarks. Two breakout groups focused on the importance of creating and sharing traceability datasets within the research community, and discussed challenges related to the adoption of tracing techniques in industrial practice. Members of the research community are engaged in many active, ongoing, and impactful research projects. Our hope is that ten years from now we will be able to look back at a productive decade of research and claim that we have achieved the overarching Grand Challenge of Traceability, which seeks for traceability to be always present, built into the engineering process, and for it to have "effectively disappeared without a trace". We hope that others will see the potential that traceability has for empowering software and systems engineers to develop higher-quality products at increasing levels of complexity and scale, and that they will join the active community of Software and Systems traceability researchers as we move forward into the next decade of research

AMon: A domain-specific language and framework for adaptive monitoring of Cyber–Physical Systems

Cyber–Physical Systems (CPS) are increasingly used in safety–critical scenarios where ensuring their correct behavior at runtime becomes a crucial task. Therefore, the behavior of the CPS needs to be monitored at runtime so that violations of requirements can be detected. With the inception of edge devices that facilitate runtime analysis at the edge and the increasingly diverse environments that CPS operate in, flexible monitoring approaches are needed that consider the data that needs to be monitored and the analyses performed on that data. In this paper, we propose AMon, a flexible adaptive monitoring framework that supports the specification and validation of monitoring adaptation rules, using a domain-specific language. Based on these rules, AMon automatically generates code for direct deployment onto devices. We evaluated AMon by applying it to TurtleBot Robots and a fleet of Unmanned Aerial Vehicles. Furthermore, we conducted a user study assessing the understandability and ease of use of our language. Results show that creating multiple adaptation rules with our DSL is feasible with minimal effort, and that adaptive monitoring can reduce the amount of runtime data transmitted from the edge device according to the current state of the system and its monitoring needs

Evolution in Dynamic Software Product Lines

International audienceMany software systems today provide support for adaptation and reconfiguration at runtime, in response to changes in their environment. Such adaptive systems are designed to run continuously and may not be shut down for reconfiguration or maintenance tasks. The variability of such systems has to be explicitly managed, together with mechanisms that control their runtime adaptation and reconfiguration. Dynamic software product lines (DSPLs) can help to achieve this. However, dealing with evolution is particularly challenging in a DSPL, as changes made at run-time can easily lead to inconsistencies. This paper describes the challenges of evolving DSPLs using an example cyber-physical system for home automation. We discuss the shortcomings of existing work and present a reference architecture to support DSPL evolution. To demonstrate its feasibility and flexibility, we implemented the proposed reference architecture for two different DSPLs: the aforementioned cyber-physical system, which uses feature models to describe its variability, and a runtime monitoring infrastructure, which is based on decision models. To assess the industrial applicability of our approach, we also implemented the reference architecture for a real-world DSPL, an automation software system for injection molding machines. Our results provide evidence on the flexibility, performance and industrial applicability of our approach

Towards Cost-Benefit-Aware Adaptive Monitoring for Cyber-Physical Systems

Cyber-Physical Systems (CPS) are becoming ubiquitous in many different domains, for example, in the form of Unmanned Aerial Vehicles (UAVs), (semi-)autonomous systems, or robotic applications. Given that CPS frequently operate in a safety-critical context, and interact and collaborate with humans, ensuring that these systems behave as intended and adhere to their specified security and safety requirements at runtime is essential. Providing automated support for monitoring is a fundamental part of collecting information about the system, and facilitating subsequent analysis and reasoning. However, while advances have been made, particularly in self-adaptation and self-management, the monitoring aspect is often neglected, resulting in suboptimal data collection that does not consider associated monitoring costs, changing environments, or varying benefits of the collected data. Such benefits range from accountability in the aftermath of a security incident, up to proactive defense against risks if connected to alarming. In this paper, we outline our initial concept for cost-benefit-aware adaptive runtime monitoring, for (but not limited to) safety and security requirements. As part of this work, we identify relevant monitoring aspects and create a Cost-Benefit-Aware Adaptive Model (CBAAM), conceptualizing the costs and benefits of adaptive monitoring. This is also especially relevant for security, saving resources, e.g., budget and computational. We further present an architecture for defining and executing these adaptations and discuss our research roadmap and next steps

A comparison framework for runtime monitoring approaches

The full behavior of complex software systems often only emerges during operation. They thus need to be monitored at run time to check that they adhere to their requirements. Diverse runtime monitoring approaches have been developed in various domains and for different purposes. Their sheer number and heterogeneity, however, make it hard to find the right approach for a specific application or purpose. The aim of our research therefore was to develop a comparison framework for runtime monitoring approaches. Our framework is based on an analysis of the literature and existing taxonomies for monitoring languages and patterns. We use examples from existing monitoring approaches to explain the framework. We demonstrate its usefulness by applying it to 32 existing approaches and by comparing 3 selected approaches in the light of different monitoring scenarios. We also discuss perspectives for researchers