3.2.1 Model-Driven Engineering

Model-Driven Engineering (MDE) aims at reducing the accidental complexity associated with developing complex software-intensive systems (e.g., use of abstractions of the problem space rather than abstractions of the solution space)  121. It provides DIVERSE with solid foundations to specify, analyze and reason about the different forms of diversity that occur throughout the development life cycle. A primary source of accidental complexity is the wide gap between the concepts used by domain experts and the low-level abstractions provided by general-purpose programming languages  93. MDE approaches address this problem through modeling techniques that support separation of concerns and automated generation of major system artifacts from models (e.g., test cases, implementations, deployment and configuration scripts). In MDE, a model describes an aspect of a system and is typically created or derived for specific development purposes  77. Separation of concerns is supported through the use of different modeling languages, each providing constructs based on abstractions that are specific to an aspect of a system. MDE technologies also provide support for manipulating models, for example, support for querying, slicing, transforming, merging, and analyzing (including executing) models. Modeling languages are thus at the core of MDE, which participates in the development of a sound Software Language Engineering, including a unified typing theory that integrates models as first class entities  123.

Incorporating domain-specific concepts and a high-quality development experience into MDE technologies can significantly improve developer productivity and system quality. Since the late nineties, this realization has led to work on MDE language workbenches that support the development of domain-specific modeling languages (DSMLs) and associated tools (e.g., model editors and code generators). A DSML provides a bridge between the field in which domain experts work and the implementation (programming) field. Domains in which DSMLs have been developed and used include, among others, automotive, avionics, and cyber-physical systems. A study performed by Hutchinson et al.  98 indicates that DSMLs can pave the way for wider industrial adoption of MDE.

More recently, the emergence of new classes of systems that are complex and operate in heterogeneous and rapidly changing environments raises new challenges for the software engineering community. These systems must be adaptable, flexible, reconfigurable and, increasingly, self-managing. Such characteristics make systems more prone to failure when running and thus the development and study of appropriate mechanisms for continuous design and runtime validation and monitoring are needed. In the MDE community, research is focused primarily on using models at the design, implementation, and deployment stages of development. This work has been highly productive, with several techniques now entering a commercialization phase. As software systems are becoming more and more dynamic, the use of model-driven techniques for validating and monitoring runtime behavior is extremely promising 107.

3.2.2 Variability modeling

While the basic vision underlying Software Product Lines (SPL) can probably be traced back to David Parnas' seminal article  114 on the Design and Development of Program Families, it is only quite recently that SPLs have started emerging as a paradigm shift towards modeling and developing software system families rather than individual systems  111. SPL engineering embraces the ideas of mass customization and software reuse. It focuses on the means of efficiently producing and maintaining multiple related software products, exploiting what they have in common and managing what varies among them.

Several definitions of the software product line concept can be found in the research literature. Clements et al. define it as a set of software-intensive systems sharing a common, managed set of features that satisfy the specific needs of a particular market segment or mission and are developed from a common set of core assets in a prescribed way  112. Bosch provides a different definition 83: A SPL consists of a product line architecture and a set of reusable components designed for incorporation into the product line architecture. In addition, the PL consists of the software products developed using the mentioned reusable assets. In spite of the similarities, these definitions provide different perspectives of the concept: market-driven, as seen by Clements et al., and technology-oriented for Bosch.

SPL engineering is a process focusing on capturing the commonalities (assumptions true for each family member) and variability (assumptions about how individual family members differ) between several software products  89. Instead of describing a single software system, a SPL model describes a set of products in the same domain. This is accomplished by distinguishing between elements common to all SPL members, and those that may vary from one product to another. Reuse of core assets, which form the basis of the product line, is key to productivity and quality gains. These core assets extend beyond simple code reuse and may include the architecture, software components, domain models, requirements statements, documentation, test plans or test cases.

The SPL engineering process consists of two major steps:

1. Domain Engineering, or development for reuse, focuses on core assets development.
2. Application Engineering, or development with reuse, addresses the development of the final products using core assets and following customer requirements.

Central to both processes is the management of variability across the product line  95. In common language use, the term variability refers to the ability or the tendency to change. Variability management is thus seen as the key feature that distinguishes SPL engineering from other software development approaches  84. Variability management is thus increasingly seen as the cornerstone of SPL development, covering the entire development life cycle, from requirements elicitation  125 to product derivation  129 to product testing  110, 109.

Halmans et al.  95 distinguish between essential and technical variability, especially at the requirements level. Essential variability corresponds to the customer's viewpoint, defining what to implement, while technical variability relates to product family engineering, defining how to implement it. A classification based on the dimensions of variability is proposed by Pohl et al.  116: beyond variability in time (existence of different versions of an artifact that are valid at different times) and variability in space (existence of an artifact in different shapes at the same time) Pohl et al. claim that variability is important to different stakeholders and thus has different levels of visibility: external variability is visible to the customers while internal variability, that of domain artifacts, is hidden from them. Other classification proposals come from Meekel et al.  104 (feature, hardware platform, performance and attributes variability) or Bass et al.  75 who discusses about variability at the architectural level.

Central to the modeling of variability is the notion of feature, originally defined by Kang et al. as: a prominent or distinctive user-visible aspect, quality or characteristic of a software system or systems  100. Based on this notion of feature, they proposed to use a feature model to model the variability in a SPL. A feature model consists of a feature diagram and other associated information: constraints and dependency rules. Feature diagrams provide a graphical tree-like notation depicting the hierarchical organization of high level product functionalities represented as features. The root of the tree refers to the complete system and is progressively decomposed into more refined features (tree nodes). Relations between nodes (features) are materialized by decomposition edges and textual constraints. Variability can be expressed in several ways. Presence or absence of a feature from a product is modeled using mandatory or optional features. Features are graphically represented as rectangles while some graphical elements (e.g., unfilled circle) are used to describe the variability (e.g., a feature may be optional).

Features can be organized into feature groups. Boolean operators exclusive alternative (XOR), inclusive alternative (OR) or inclusive (AND) are used to select one, several or all the features from a feature group. Dependencies between features can be modeled using textual constraints: requires (presence of a feature requires the presence of another), mutex (presence of a feature automatically excludes another). Feature attributes can be also used for modeling quantitative (e.g., numerical) information. Constraints over attributes and features can be specified as well.

Modeling variability allows an organization to capture and select which version of which variant of any particular aspect is wanted in the system  84. To implement it cheaply, quickly and safely, redoing by hand the tedious weaving of every aspect is not an option: some form of automation is needed to leverage the modeling of variability 79. Model Driven Engineering (MDE) makes it possible to automate this weaving process  99. This requires that models are no longer informal, and that the weaving process is itself described as a program (which is as a matter of fact an executable meta-model  108) manipulating these models to produce for instance a detailed design that can ultimately be transformed to code, or to test suites  115, or other software artifacts.

3.2.3 Component-based software development

Component-based software development  124 aims at providing reliable software architectures with a low cost of design. Components are now used routinely in many domains of software system designs: distributed systems, user interaction, product lines, embedded systems, etc. With respect to more traditional software artifacts (e.g., object oriented architectures), modern component models have the following distinctive features  90: description of requirements on services required from the other components; indirect connections between components thanks to ports and connectors constructs  102; hierarchical definition of components (assemblies of components can define new component types); connectors supporting various communication semantics  87; quantitative properties on the services  82.

In recent years component-based architectures have evolved from static designs to dynamic, adaptive designs (e.g., SOFA  87, Palladio  80, Frascati  105). Processes for building a system using a statically designed architecture are made of the following sequential lifecycle stages: requirements, modeling, implementation, packaging, deployment, system launch, system execution, system shutdown and system removal. If for any reason after design time architectural changes are needed after system launch (e.g., because requirements changed, or the implementation platform has evolved, etc) then the design process must be reexecuted from scratch (unless the changes are limited to parameter adjustment in the components deployed).

Dynamic designs allow for on the fly redesign of a component based system. A process for dynamic adaptation is able to reapply the design phases while the system is up and running, without stopping it (this is different from a stop/redeploy/start process). Dynamic adaptation processes support chosen adaptation, when changes are planned and realized to maintain a good fit between the needs that the system must support and the way it supports them  101. Dynamic component-based designs rely on a component meta-model that supports complex life cycles for components, connectors, service specification, etc. Advanced dynamic designs can also take platform changes into account at runtime, without human intervention, by adapting themselves  88, 127. Platform changes and more generally environmental changes trigger imposed adaptation, when the system can no longer use its design to provide the services it must support. In order to support an eternal system  81, dynamic component based systems must separate architectural design and platform compatibility. This requires support for heterogeneity, since platform evolution can be partial.

The Models@runtime paradigm denotes a model-driven approach aiming at taming the complexity of dynamic software systems. It basically pushes the idea of reflection one step further by considering the reflection layer as a real model “something simpler, safer or cheaper than reality to avoid the complexity, danger and irreversibility of reality  119”. In practice, component-based (and/or service-based) platforms offer reflection APIs that make it possible to introspect the system (to determine which components and bindings are currently in place in the system) and dynamic adaptation (by applying CRUD operations on these components and bindings). While some of these platforms offer rollback mechanisms to recover after an erroneous adaptation, the idea of Models@runtime is to prevent the system from actually enacting an erroneous adaptation. In other words, the “model at run-time” is a reflection model that can be uncoupled (for reasoning, validation, simulation purposes) and automatically resynchronized.

Heterogeneity is a key challenge for modern component based systems. Until recently, component based techniques were designed to address a specific domain, such as embedded software for command and control, or distributed Web based service oriented architectures. The emergence of the Internet of Things paradigm calls for a unified approach in component based design techniques. By implementing an efficient separation of concern between platform independent architecture management and platform dependent implementations, Models@runtime is now established as a key technique to support dynamic component based designs. It provides DIVERSE with an essential foundation to explore an adaptation envelope at run-time. The goal is to automatically explore a set of alternatives and assess their relevance with respect to the considered problem. These techniques have been applied to craft software architecture exhibiting high quality of services properties  94. Multi Objectives Search based techniques  92 deal with optimization problem containing several (possibly conflicting) dimensions to optimize. These techniques provide DIVERSE with the scientific foundations for reasoning and efficiently exploring an envelope of software configurations at run-time.

3.2.4 Validation and verification

Validation and verification (V&V) theories and techniques provide the means to assess the validity of a software system with respect to a specific correctness envelope. As such, they form an essential element of DIVERSE's scientific background. In particular, we focus on model-based V&V in order to leverage the different models that specify the envelope at different moments of the software development lifecycle.

Model-based testing consists in analyzing a formal model of a system (e.g., activity diagrams, which capture high-level requirements about the system, statecharts, which capture the expected behavior of a software module, or a feature model, which describes all possible variants of the system) in order to generate test cases that will be executed against the system. Model-based testing  126 mainly relies on model analysis, constraint solving  91 and search-based reasoning  103. DIVERSE leverages in particular the applications of model-based testing in the context of highly-configurable systems and 128 interactive systems  106 as well as recent advances based on diversity for test cases selection  97.

Nowadays, it is possible to simulate various kinds of models. Existing tools range from industrial tools such as Simulink, Rhapsody or Telelogic to academic approaches like Omega 113, or Xholon. All these simulation environments operate on homogeneous environment models. However, to handle diversity in software systems, we also leverage recent advances in heterogeneous simulation. Ptolemy  86 proposes a common abstract syntax, which represents the description of the model structure. These elements can be decorated using different directors that reflect the application of a specific model of computation on the model element. Metropolis  76 provides modeling elements amenable to semantically equivalent mathematical models. Metropolis offers a precise semantics flexible enough to support different models of computation. ModHel'X  96 studies the composition of multi-paradigm models relying on different models of computation.

Model-based testing and simulation are complemented by runtime fault-tolerance through the automatic generation of software variants that can run in parallel, to tackle the open nature of software-intensive systems. The foundations in this case are the seminal work about N-version programming   74, recovery blocks  118 and code randomization  78, which demonstrated the central role of diversity in software to ensure runtime resilience of complex systems. Such techniques rely on truly diverse software solutions in order to provide systems with the ability to react to events, which could not be predicted at design time and checked through testing or simulation.

3.2.5 Empirical software engineering

The rigorous, scientific evaluation of DIVERSE's contributions is an essential aspect of our research methodology. In addition to theoretical validation through formal analysis or complexity estimation, we also aim at applying state-of-the-art methodologies and principles of empirical software engineering. This approach encompasses a set of techniques for the sound validation contributions in the field of software engineering, ranging from statistically sound comparisons of techniques and large-scale data analysis to interviews and systematic literature reviews  122, 120. Such methods have been used for example to understand the impact of new software development paradigms  85. Experimental design and statistical tests represent another major aspect of empirical software engineering. Addressing large-scale software engineering problems often requires the application of heuristics, and it is important to understand their effects through sound statistical analyses  73.

3.3.1 Axis #1: Software Language Engineering

Overall objective.

The disruptive design of new, complex systems requires a high degree of flexibility in the communication between many stakeholders, often limited by the silo-like structure of the organization itself (cf. Conway’s law). To overcome this constraint, modern engineering environments aim to: (i) better manage the necessary exchanges between the different stakeholders; (ii) provide a unique and usable place for information sharing; and (iii) ensure the consistency of the many points of view. Software languages are the key pivot between the diverse stakeholders involved, and the software systems they have to implement. Domain-Specific (Modeling) Languages enable stakeholders to address the diverse concerns through specific points of view, and their coordinated use is essential to support the socio-technical coordination across the overall software system life cycle.

Our perspectives on Software Language Engineering over the next period is presented in Figure 2 and detailed in the following paragraphs.

Show image description

Perspectives on Software Language Engineering (axis #1)

3.3.2 Axis #2: Spatio-temporal Variability in Software and Systems

Overall objective.

Leveraging our longstanding activity on variability management for software product lines and configurable systems covering diverse scenarios of use, we will investigate over the next period the impact of such a variability across the diverse layers, incl. source code, input/output data, compilation chain, operating systems and underlying execution platforms. We envision a better support and assistance for the configuration and optimisation (e.g., non-functional properties) of software systems according to this deep variability. Moreover, as software systems involve diverse artefacts (e.g., APIs, tests, models, scripts, data, cloud services, documentation, deployment descriptors...), we will investigate their continuous co-evolution during the overall lifecycle, including maintenance and evolution. Our perspectives on spatio-temporal variability over the next period is presented in Figure 3 and is detailed in the following paragraphs.

Show image description

Perspectives on Spatio-temporal Variability in Software and Systems (axis #2)

3.3.3 Axis #3: DevSecOps and Resilience Engineering for Software and Systems

Overall objective.

The production and delivery of modern software systems involves the integration of diverse dependencies and continuous deployment on diverse execution platforms in the form of large distributed socio-technical systems. This leads to new software architectures and programming models, as well as complex supply chains for final delivery to system users. In order to boost cybersecurity, we want to provide strong support to software engineers and IT teams in the development and delivery of secure and resilient software systems, ie. systems able to resist or recover from cyberattacks. Our perspectives on DevSecOps and Resilience Engineering over the next period are presented in Figure 4 and detailed in the following paragraphs.

Show image description

Perspectives on DevSecOps and Resilience Eng. for Software and Systems (axis #3)

7.1.1 GEMOC Studio

• Name:
  GEMOC Studio
• Keywords:
  DSL, Language workbench, Model debugging
• Scientific Description:

  The language workbench put together the following tools seamlessly integrated to the Eclipse Modeling Framework (EMF):

  1) Melange, a tool-supported meta-language to modularly define executable modeling languages with execution functions and data, and to extend (EMF-based) existing modeling languages. 2) MoCCML, a tool-supported meta-language dedicated to the specification of a Model of Concurrency and Communication (MoCC) and its mapping to a specific abstract syntax and associated execution functions of a modeling language. 3) GEL, a tool-supported meta-language dedicated to the specification of the protocol between the execution functions and the MoCC to support the feedback of the data as well as the callback of other expected execution functions. 4) BCOoL, a tool-supported meta-language dedicated to the specification of language coordination patterns to automatically coordinates the execution of, possibly heterogeneous, models. 5) Monilog, an extension for monitoring and logging executable domain-specific models 6) Sirius Animator, an extension to the model editor designer Sirius to create graphical animators for executable modeling languages.

• Functional Description:
  The GEMOC Studio is an Eclipse package that contains components supporting the GEMOC methodology for building and composing executable Domain-Specific Modeling Languages (DSMLs). It includes two workbenches: The GEMOC Language Workbench: intended to be used by language designers (aka domain experts), it allows to build and compose new executable DSMLs. The GEMOC Modeling Workbench: intended to be used by domain designers to create, execute and coordinate models conforming to executable DSMLs. The different concerns of a DSML, as defined with the tools of the language workbench, are automatically deployed into the modeling workbench. They parametrize a generic execution framework that provides various generic services such as graphical animation, debugging tools, trace and event managers, timeline.
• URL:
  http://­gemoc.­org/­studio.­html
• Publications:
  hal-00850770, hal-01355391, hal-01609576, hal-01651801, hal-01152342, hal-03374955, hal-01614561, hal-01616154
• Contact:
  Benoît Combemale
• Participants:
  Didier Vojtisek, Erwan Bousse, Julien Deantoni
• Partners:
  I3S, Université de Nantes

7.1.2 Interacto

• Functional Description:
  Interacto is a framework for developing user interfaces and user interactions. It complements other general graphical framework by providing a fluent API specifically designed to process user interface event and develop complex user interactions. Interacto is currently developped in Java and TypeScript to target both Java desktop applications (JavaFX) and Web applications (Angular).
• URL:
  https://­interacto.­github.­io
• Publications:
  hal-03231669, tel-02354530, inria-00590891, inria-00477627
• Contact:
  Arnaud Blouin
• Participants:
  Arnaud Blouin, Olivier Beaudoux

7.1.3 HyperAST

• Keywords:
  Code analysis, Git svn
• Functional Description:

  The HyperAST is an AST structured as a Direct Acyclic Graph (DAG) (similar to MerkleDAG used in Git). An HyperAST is efficiently constructed by leveraging Git and TreeSitter.

  It reimplements the Gumtree algorithm in Rust while using the HyperAST as the underlying AST structure.

  It implements a use-def solver, that uses a context-free indexing of references present in subtrees (each subtree has a bloom filter of contained references).

• Contact:
  Olivier Barais

7.1.4 CorrectExam

• Name:
  CorrectExam: GRADE YOUR ASSESSMENTS MORE EFFICIENTLY
• Keyword:
  Digital pedagogy
• Functional Description:
  The first objective of the correctexam project is pedagogical. The aim is to be able to send feedback to students as quickly as possible on the marking of their papers, to easily generate a standard answer key from answers marked as excellent by the marker, and to facilitate a constructive exchange between students and the teaching team. This helps to overcome a shortcoming at university where, as examinations generally take place partly at the end of the course, students are not strongly encouraged to look at their marked papers in order to understand their mistakes. The second objective is to seek to increase the efficiency of exam marking and the administrative aspects associated with an exam by using AI techniques to mark certain questions, and by factoring standard comments added to an exam paper, generating documents in the format expected by the school, and so on. Finally, the last notable element of the project that could be discussed concerns the choice of technical architecture. Even though an application server is used to store the students' results, all the processing of the scans (pdf), images and AI is carried out completely on the browser side, using the possibilities offered by modern browsers such as WASM or worker services. This is an opportunity to significantly limit the power required on the server side.
• Release Contributions:
  See https://correctexam.github.io/#about
• Contact:
  Olivier Barais
• Partner:
  Université de Rennes 1

7.1.5 PolyglotAST

• Name:
  PolyglotAST
• Keywords:
  Code analysis, Static analysis
• Functional Description:
  Framework to facilitate the static analysis of multilingual programs on GraalVM, by providing a unified representation of the various sub-programs via a single AST
• Contact:
  Olivier Barais

7.1.6 HydroPredictUI

• Name:
  Jupyter graphical interface for HydroModPy
• Keywords:
  GUI (Graphical User Interface), Jupyter, Simulator, Scientific computing, Distributed Applications
• Functional Description:
  HydroModPy is a Python tool for running numerical simulations of groundwater flow. The aim of the HydroPredictUi software is to provide a graphical interface in the form of a Jupyter notebook to make it easier to learn and run simulations on a remote server.
• Contact:
  Johann Bourcier

7.1.7 Magpie

• Keywords:
  Artificial intelligence, Evolutionary Algorithms, Code optimisation, Automatic software repair
• Functional Description:

  Magpie is a tool for automated software improvement. It uses the genetic improvement methodology to traverse the search space of different software variants to find improved software.

  Magpie provides support for improvement of both functional (automated bug fixing) and non-functional (e.g., execution time) properties of software. Two types of language-agnostic source code representations are supported: line-by-line, and XML trees. For the latter we recommend the srcML tool with out-of-the-box support for C/C++/C# and Java. Finally, Magpie also enables parameter tuning and algorithm configuration, both independently and concurrently of the source code search process.

• Contact:
  Aymeric Blot

8.1.1 Polyglot Programming

8.1.2 Language Workbenches

8.1.3 Language (co-)evolution

8.1.4 Digital Twin

Options Matter: Documenting and Fixing Non-Reproducible Builds in Highly-Configurable Systems

55 A critical aspect of software development, build reproducibility, ensures the dependability, security, and maintainability of software systems. Although several factors, including the build environment, have been investigated in the context of non-reproducible builds, to the best of our knowledge the precise influence of configuration options in configurable systems has not been thoroughly investigated. This work aims at filling this gap. This work thus proposes an approach for the automatic identification of configuration options causing non-reproducibility of builds. It begins by building a set of builds in order to detect non-reproducible ones through binary comparison. We then develop automated techniques that combine statistical learning with symbolic reasoning to analyze over 20,000 configuration options. Our methods are designed to both detect options causing non-reproducibility, and remedy non-reproducible configurations, two tasks that are challenging and costly to perform manually. We evaluate our approach on three case studies, namely Toybox, Busybox, and Linux, analyzing more than 2,000 configurations for each of them. Toybox and Busybox come exempt from nonreproducibility. In contrast, 47% of Linux configurations lead to non-reproducible builds. The approach we propose in this work is capable of identifying 10 configuration options that caused this non-reproducibility. When confronted to the Linux documentation, none of these are documented as non-reproducible. Thus, our identified non-reproducible configuration options are novel knowledge and constitutes a direct, actionable information improvement for the Linux community. Finally, we demonstrate that our methodology effectively identifies a set of undesirable option values, enabling the enhancement and expansion of the Linux kernel documentation while automatically rectifying 96% of encountered non-reproducible builds.

Un ordinateur, ça ne calcule jamais juste

71 Un ordinateur ne calcule jamais parfaitement. Par exemple, si on additionne trois nombres de différentes façons, le résultat peut changer selon le langage de programmation ou l'ordinateur utilisé. Cela peut même amener des robots, voitures ou avions à prendre des chemins différents selon les conditions. Ou à votre application préférée de retourner une réponse, une image ou une vidéo différente ! En informatique, comme dans toutes les sciences, il est important de comprendre que les calculs ont toujours une petite marge d'erreur. Ce qui compte, ce n'est pas la perfection, mais d'en être conscient, de savoir s'adapter et corriger le tir quand c'est nécessaire ! <div>Un ordinateur, ça ne calcule jamais juste…<p>Ou pourquoi les ordinateurs nous trompent parfoisFête de la science, INSA Rennes </p></div>

Deep Software Variability and Frictionless Reproducibility

69 The ability to recreate computational results with minimal effort and actionable metrics provides a solid foundation for scientific research and software development. When people can replicate an analysis at the touch of a button using open-source software, open data, and methods to assess and compare proposals, it significantly eases verification of results, engagement with a diverse range of contributors, and progress. However, we have yet to fully achieve this; there are still many sociotechnical frictions.Inspired by David Donoho's vision, this talk aims to revisit the three crucial pillars of frictionless reproducibility (data sharing, code sharing, and competitive challenges) with the perspective of deep software variability. Our observation is that multiple layers - hardware, operating systems, third-party libraries, software versions, input data, compile-time options, and parameters - are subject to variability that exacerbates frictions but is also essential for achieving robust, generalizable results and fostering innovation. I will first review the literature, providing evidence of how the complex variability interactions across these layers affect qualitative and quantitative software properties, thereby complicating the reproduction and replication of scientific studies in various fields.I will then present some software engineering and AI techniques that can support the strategic exploration of variability spaces. These include the use of abstractions and models (e.g., feature models), sampling strategies (e.g., uniform, random), cost-effective measurements (e.g., incremental build of software configurations), and dimensionality reduction methods (e.g., transfer learning, feature selection, software debloating). I will finally argue that deep variability is both the problem and solution of frictionless reproducibility, calling the software science community to develop new methods and tools to manage variability and foster reproducibility in software systems.

Taming uncertainty with MDE: an historical perspective

37 Uncertainty in Informatics can stem from various sources, whether ontological (inherent unpredictability, such as aleatory factors) or epistemic (due to insufficient knowledge). Effectively handling uncertainty, encompassing both ontological and epistemic aspects, to create predictable systems is a key objective for a significant portion of the software engineering community, particularly within the model-driven engineering (MDE) realm. Numerous techniques have been proposed over the years, leading to evolving trends in model-based software development paradigms. This work revisits the history of MDE, aiming to pinpoint the primary aspects of uncertainty that these paradigms aimed to tackle upon their introduction. Our claim is that MDE progressively came after more and more aspects of uncertainty, up to the point that it could now help fully embrace it.

A Demonstration of End-User Code Customization Using Generative AI

41 Producing a variant of code is highly challenging, particularly for individuals unfamiliar with programming. This demonstration introduces a novel use of generative AI to aid end-users in customizing code. We first describe how generative AI can be used to customize code through prompts and instructions, and further demonstrate its potential in building end-user tools for configuring code. We showcase how to transform an undocumented, technical, low-level TikZ into a user-friendly, configurable, Web-based customization tool written in Python, HTML, CSS, and JavaScript and itself configurable. We discuss how generative AI can support this transformation process and traditional variability engineering tasks, such as identification and implementation of features, synthesis of a template code generator, and development of end-user configurators. We believe it is a first step towards democratizing variability programming, opening a path for end-users to adapt code to their needs.

Embracing Deep Variability For Reproducibility and Replicability

42 Reproducibility (aka determinism in some cases) constitutes a fundamental aspect in various fields of computer science, such as floating-point computations in numerical analysis and simulation, concurrency models in parallelism, reproducible builds for third parties integration and packaging, and containerization for execution environments. These concepts, while pervasive across diverse concerns, often exhibit intricate inter-dependencies, making it challenging to achieve a comprehensive understanding. In this work we delve into the application of software engineering techniques, specifically variability management, to systematically identify and explicit points of variability that may give rise to reproducibility issues (eg language, libraries, compiler, virtual machine, OS, environment variables, etc). The primary objectives are: i) gaining insights into the variability layers and their possible interactions, ii) capturing and documenting configurations for the sake of reproducibility, and iii) exploring diverse configurations to replicate, and hence validate and ensure the robustness of results. By adopting these methodologies, we aim to address the complexities associated with reproducibility and replicability in modern software systems and environments, facilitating a more comprehensive and nuanced perspective on these critical aspects.

Generative AI for Generative Programming: Automating Code Variants and Exploring the Boundaries of LLMs

70 Large language models (LLMs) can be used to automate software engineering tasks, with the hope of boosting developers' productivity without sacrificing reliability. In this talk, I will briefly present two initiatives: the défi Inria LLM4Code and the CodeCommons project around SoftwareHeritage, exemplifying ongoing research efforts. Then, I will show how LLMs can automatically generate software variants across different technological spaces (Python, Rust, JavaScript, etc.) and implement new features from simple prompts. I will also highlight how LLMs can assist in modernizing legacy applications, such as those written in COBOL or in deprecated technologies. I will further discuss the concept of programming without directly manipulating programs, relying almost entirely on AI to manage technical details and customize code. For all their potential, I will also demonstrate that LLMs can dramatically fail at times, making mistakes that human developers need to carefully verify and correct. I will conclude with an illustration of LLM prompt sensitivity in chess, showcasing how LLMs can be used both to generate variants (e.g., prompts, hypotheses, ideas) and to accelerate scientific discovery through software-based exploration and analysis. 28 november 2024 @ Caen, invited talk at Normastic.

Symfinder: Identifying and visualizing variability implementations in variability-rich Java systems

72 In many variability-intensive systems, variability is implemented in code units provided by a host language, such as classes or functions, which do not align well with the domain features. Annotating or creating an orthogonal decomposition of code in terms of features implies extra effort, as well as massive and cumbersome refactoring activities. Symfinder implements an approach for identifying and visualizing the variability implementation places within the main decomposition structure of object-oriented code assets in a single variability-rich Java system. We use symmetry, as a common property of some main implementation techniques, such as inheritance or overloading, to identify uniformly these places. We use such symmetries to find variation points with variants. Symfinder automatically identifies and visualizes places with symmetry.

FairPipes: Data Mutation Pipelines for Machine Learning Fairness

54 Machine Learning (ML) models are ubiquitous in decisionmaking applications impacting citizens' lives: credit attribution, crime recidivism, etc. In addition to seeking high performance and generalization abilities, ensuring that ML models do not discriminate against citizens regarding their age, gender, or race is essential. To this end, researchers developed various fairness assessment techniques, comprising fairness metrics and mitigation approaches, notably at the model level. However, the sensitivity of ML models to fairness data perturbations has been less explored. This work presents mutation-based pipelines to emulate fairness variations in the data once the model is deployed. FairPipes implements mutation operators that shuffle sensitive attributes, add new values, or affect their distribution. We evaluated FairPipes on seven ML models over three datasets. Our results highlight different fairness sensitivity behaviors across models, from the most sensitive perceptrons to the insensitive support vector machines. We also consider the role of model optimization in fairness performance, being variable across models. FairPipes automates fairness testing at deployment time, informing researchers and practitioners on the fairness sensitivity evolution of their ML models.

VaryMinions: Leveraging RNNs to Identify Variants in Variability-intensive Systems' Logs

64 From business processes to course management, variability-intensive software systems (VIS) are now ubiquitous. One can configure these systems’behaviour by activating options, e.g., to derive variants handling building permits across municipalities or implementing different functionalities (quizzes, forums) for a given course. These customisation facilities allow VIS to support distinct relevant customer requirements while taking advantage of reuse for common parts. Customisation thus allows realising both scope and scale economies. Behavioural differences amongst variants manifest themselves in event logs. To re-engineer this kind of system, one must know which variant(s) have produced which behaviour. Since variant information is barely present in logs, this work supports this task by employing machine learning techniques to classify behaviours (event sequences) among variants. Specifically, we train Long Short Term Memory (LSTMs) and Gated Recurrent Units (GRUs) recurrent neural networks to relate event sequences with the variants they belong to on six different datasets issued from the configurable process and VIS domains.After having evaluated 20 different architectures of LSTM/GRU, our results demonstrate that it is possible to effectively learn the trace-to-variant mapping with high accuracy (at least 80

HeROcache: Storage-Aware Scheduling in Heterogeneous Serverless Edge - The Case of IDS

51 Intrusion Detection Systems (IDS) are time-sensitive applications that aim to classify potentially malicious network traffic. IDSs are part of a class of applications that rely on short-lived functions that can be run reactively and, as such, could be deployed on edge resources, to offload processing from energy-constrained battery-backed devices. The serverless service model could fit the needs of such applications, given that the platform allows adequate levels of Quality of Service (QoS) for a variety of users, since the criticality of IDS applications depends on several parameters.Deploying serverless functions on unreserved edge resources requires to pay particular attention to (1) initialization delays that could be significant on low resources platforms, (2) inter-function communication between edge nodes, and (3) heterogeneous devices. In this work, we propose both a storage-aware allocation and scheduling policy that seek to minimize task placement costs for service providers on edge devices while optimizing QoS for IDS users.To do so, we propose a caching and consolidation strategy that minimizes cold starts and inter-function communication delays while satisfying QoS by leveraging heterogeneous edge resources.We evaluated our platform in a simulation environment using characterization data from real-world IDS tasks and execution platforms and compared it with a vanilla Knative orchestrator and a storage-agnostic policy. Our strategy achieves 18% fewer QoS penalties while consolidating applications across 80% fewer edge nodes.

Taming the Variability of Browser Fingerprints

50 Browser fingerprinting has become a prevalent technique for trackingand identifying users online, posing significant privacy risks. The increasing variability in web browser configurations, coupled with the continuous evolution of browser features, presents complex challenges in understanding and mitigating the impact of fingerprinting. In this work, we introduce a novel approach that combines feature modeling techniques with tree-based representations to capture the intricate relationships and constraints within browser fingerprints. By translating 22, 773 fingerprints into a feature model with 34, 557 nodes, we enable a comprehensive analysis of their variability and uniqueness across 1, 519 switches and 596 flags on 7 headless and headful browser versions. Our methodology facilitates various use cases, such as generating representative fingerprints for testing, detecting anomalies, and identifying discriminating attributes. We aim to provide developers and researchers with a powerful tool for studying browser fingerprints and developing effective strategies to enhance user privacy in the face of evolving tracking techniques.

Software Frugality in an Accelerating World: the Case of Continuous Integration

67 The acceleration of software development and delivery requires rigorous continuous testing and deployment of software systems, which are being deployed in increasingly diverse, complex, and dynamic environments. In recent years, the popularization of DevOps and integrated software forges like GitLab and GitHub has largely democratized Continuous Integration (CI) practices for a growing number of software. However, this trend intersects significantly with global energy consumption concerns and the growing demand for frugality in the Information and Communication Technology (ICT) sector. CI pipelines typically run in data centers which contribute significantly to the environmental footprint of ICT, yet there is little information available regarding their environmental impact. This article aims to bridge this gap by conducting the first large-scale analysis of the energy footprint of CI pipelines implemented with GitHub Actions and to provide a first overview of the energy impact of CI. We collect, instrument, and reproduce 838 workflows from 396 Java repositories hosted on GitHub to measure their energy consumption. We observe that the average unitary energy cost of a pipeline is relatively low, at 10 Wh. However, due to repeated invocations of these pipelines in real settings, the aggregated energy consumption cost per project is high, averaging 22 kWh. When evaluating CO2 emissions based on regional Wh-to-CO2 estimates, we observe that the average aggregated CO2 emissions are significant, averaging 10.5 kg. To put this into perspective, this is akin to the emissions produced by driving approximately 100 kilometers in a typical European car (110 gCO2/km). In light of our results, we advocate that developers should have the means to better anticipate and reflect on the environmental consequences of their CI choices when implementing DevOps practices.

Large Scale Heap Dump Embedding for Machine Learning: Predicting OpenSSH Key Locations

68 With the evolving landscape of cybersecurity, forensic analysis has become increasingly pivotal, especially with the integration of machine learning (ML) techniques. However, the use of ML in cybersecurity, and especially in heap dump analysis is still in its infancy,both due to the lack of quality datasets and the difficulty of processing large-scale heap dumps collections. Another complex task lies in the transition from raw byte heap dump data into dense vector representations, or embeddings, that can be used with ML models. This work addresses these challenges by introducing a novel methodology and the Mem2Graph tool for processing large-scale heap dumps collections. This method has been introduced while developing a novel approach to enhance the detection of session keys in OpenSSH heap dumps. Such a novel approach has significantly advanced the state of the art in predicting the location of keys in OpenSSH heap dumps. Importantly, it paves the way for automated ML applications that leverage the structure and embeddings from reconstructed memory graphs, opening new frontiers in both cybersecurity and data science.—The current document is the preprint of a peer-reviewed and published paper under embargo period: ”This preprint has not undergone peer review (when applicable) or any post-submission improvements or corrections. The Version of Record of this contribution is published in ”ICT Systems Security and Privacy Protection: 39th IFIP International Conference, SEC 2024, Edinburgh, UK, June 12–14, 2024, Proceedings”, and is available online.

Semi-Automated and Easily Interpretable Side-Channel Analysis for Modern JavaScript

47 Over the years, developers have become increasingly reliant on web technologies to build their applications, raising concerns about side-channel attacks, especially on cryptographic libraries. Despite the efforts of researchers to ensure constant-time security by proposing tools and methods to find vulnerabilities, challenges remain due to inadequate tools and integration issues in development processes.We tackle the main limitations of state-of-the-art detection tools. While Microwalk is the first and, to the best of our knowledge, only tool to find side-channel vulnerabilities in JavaScript libraries, the instrumentation framework it relies on does not support modern JavaScript features. Moreover, and common to most state-of-the-art detection tools not aimed at JavaScript, writing tests is a tedious process due to the complexity of libraries, the lack of information about test coverage, and the rudimentary interpretability of the report. Furthermore, recent studies show that developers do not use these tools due to compatibility issues, poor usability, and a lack of integration into workflows.We extend Microwalk in several directions. First, we design a generic AST-level tracing technique that is tailored to source-based dynamic side-channel leakage analysis, providing support for the latest language features. Second, we bring semi-automation to Microwalk analysis templates, considerably reducing the manual effort necessary to integrate side-channel analyses into development workflows. Third, we are the first to combine leakage reporting with coverage visualization. We evaluate the new toolchain on a set of cryptographic libraries and show that it can quickly and comprehensively uncover more vulnerabilities while writing tests with half as many lines of code as the previous Microwalk version. By open sourcing our new tracer and analysis template, we hope to increase the adoption of automated side-channel leakage analyses in cryptographic library development.

Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services

53 Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising their lists comprised of hundreds of readily available free proxies. However, while paid proxy services advertise the support of encrypted connections and high stability, free proxies often lack such guarantees, making them prone to malicious activities such as eavesdropping or modifying content. Furthermore, there's a market that encourages exploiting devices to install proxies. In this work, we present a 30-month longitudinal study analyzing the stability, security, and potential manipulation of free web proxies that we collected from 11 providers. Our collection resulted in over 640, 600 proxies, that we cumulatively tested daily. We find that only 34.5% of proxies were active at least once during our tests, showcasing the general instability of free proxies. Geographically, a majority of proxies originate from the US and China. Leveraging the Shodan search engine, we identified 4, 452 distinct vulnerabilities on the proxies' IP addresses, including 1, 755 vulnerabilities that allow unauthorized remote code execution and 2, 036 that enable privilege escalation on the host device. Through the software analysis on the proxies' IP addresses, we find that 42, 206 of them appear to run on MikroTik routers. Worryingly, we also discovered 16, 923 proxies that manipulate content, indicating potential malicious intent by proxy owners. Ultimately, our research reveals that the use of free web proxies poses significant risks to users' privacy and security. The instability, vulnerabilities, and potential for malicious actions uncovered in our analysis lead us to strongly caution users against relying on free proxies.

CESAR'23: Cybersecurity of Smart Peripheral Devices (Mobiles / IoT / Edge)

52 C&ESAR is an educational, professional and scientific conference on cybersecurity whose specific topic changes every year. This year C&ESAR is focused the cybersecurity of "Smart Peripheral Devices", i.e. mobiles, IoT and Edge devices. The scope covers all issues related to the cybersecurity of semi-autonomous connected devices deployed at the periphery of an information system close to its data sources and sinks. Those devices include mobiles, smartphones, IoT devices, and lightweight Edge devices. Those devices often have less computation power than devices in the core of an IT or OT network, and are more exposed to external threats. Hence, attacking or securing them may require different means that for attacking r securing the core of an IT or OT network. C&ESAR 2023 received 18 submissions for peer-review. Out of these, 9 papers were accepted for presentation at the conference. After the conference, 4 were short listed for inclusion in this volume.

BCOM

Participants: Olivier Barais.

• Coordinator: UR1
• Dates: 2018-2024
• Abstract: The aim of the Falcon project is to investigate how to improve the resale of available resources in private clouds to third parties. In this context, the collaboration with DiverSE mainly aims at working on efficient techniques for the design of consumption models and resource consumption forecasting models. These models are then used as a knowledge base in a classical autonomous loop.

Test4Science

Participants: Benoît Combemale, Arnaud Blouin.

• Partners: Inria/CEA DAM
• Dates: 2023-2026
• Abstract: Test4Science aims to propose a disciplined and tool-supported approach for scientific software testing. Test4Science is a bilateral collaboration (2023-2026), between the CEA DAM/DIF and the DiverSE team at Inria (follow-up of the previous collaboration, aka. Debug4Science, from 2020 to 2022).

Obeo

Participants: Benoît Combemale, Arnaud Blouin.

• Partners: UR1/Obéo
• Dates: 2022-2025
• Abstract: Low-code language workbench, Theo Giraudet's PhD Cifre project.

SAP

Participants: Olivier Barais.

• Partners: UR1/SAP
• Dates: 2021-2024
• Abstract: Research focusing on Open-source software Supply Chain security. Piergiorgio Ladisa's PhD Cifre project.

CGI

Participants: Olivier Barais, Mathieu Acher, Jean-Marc Jézéquel.

• Partners: UR1/CGI
• Dates: 2023-2026
• Abstract: Research focusing on legacy source code reeingineering using LLM.

10.1.1 Associate Teams in the framework of an Inria International Lab or in the framework of an Inria International Program

10.1.2 Inria associate team not involved in an IIL or an international program

10.1.3 STIC/MATH/CLIMAT AmSud projects

CAPES/COFECUB: Nº 202/2017

Participants: Mathieu Acher, Heraldo Pimenta Borges Filho.

10.2.1 Visits of international scientists

10.2.2 Visits to international teams

10.3.1 Horizon Europe

10.3.2 Other european programs/initiatives

10.4.1 ANR

10.4.2 DGA

10.4.3 DGAC

10.4.4 PEPR

10.4.5 Campus Cyber

10.5.1 Allocation d'Installation Scientifique (AIS) - Rennes Métropole

11.1.1 Scientific events: organisation

11.1.2 Scientific events: selection

11.1.3 Journal

11.1.4 Invited talks

Benoît Combemale has been invited to give a keynote at the ACM SIGPLAN conference SLE 2024, the SEMTL 2024 (Software Engineering at Montréal), and the EIT Summer School Green IT and IT for Green. He has been also invited to give an invited talk at Université de Montréal and UQAM. Finally, he has been invited to give a keynote and to attend the following panel in the online TCS/ACM India event dedicated to digital twins.

Aymeric Blot has been invited to give a tutorial at the GI@ICSE'24 workshop.

Quentin Perez has been invited to give a talk at the EIT Summer School Green IT and IT for Green.

11.1.5 Leadership within the scientific community

Jean-Marc Jézéquel is President of Informatics Europe. He is a member of the Luxembourg's NCER Fintech Steering Commitee.

Benoît Combemale is a member of the steering committees for the conference series MODELS, SLE, EDTconf and ICT4S.

Olivier Zendra is founder of ICOOOLPS (International Workshop on Implementation, Compilation, Optimization of OO Languages, Programs and Systems) and a member of its Steering Committee.

Olivier Zendra is a Member of the EU HiPEAC CSA project Steering Committee, and a Member of the HiPEAC Vision Editorial Board.

Olivier Zendra has been invited to co-chair a session on the impact of regulations at Inria's foresight semainar of security and privacy (15/10/2024).

Arnaud Blouin: Founding member and co-organiser of the French GDR-GPL research action on Software Engineering and Human-Computer Interaction (GL-IHM). Co-founder and co-leader of the GDR-IHM group: engineering interactive systems.

11.1.6 Scientific expertise

Stéphanie Challita is a member of the Conference Activities Committee (CAC) at IEEE Computer Society.

Olivier Zendra is scientific CIR/JEI expert for the Ministry of Research.

Olivier Zendra is cybersecurity officer ("chargé de mission cybersécurité") for Inria Rennes Bretagne Atlantique, representing it in regional and national cybersecurity fora like EUR CyberSchool, Bretagne Cyber Alliance (Brittany's CyberCampus), CreachLabs, etc.

Arnaud Blouin: expert for the CIR agency (research tax credit, "crédit d'impôt recherche"); external reviewer for the ANR (French national research agency).

Olivier Barais: expert for the following call for projects:

• PHC TASSILI 2025
• PHC SAKURA 2025
• SSHN-Court Séjour territoires Palestiniens 2025
• PHC MERLION CHERCHEURS 2025
• COFECUB - CAPES 2025
• PHC PROCOPE 2025
• PHC ORCHID 2025
• PHC PROCORE 2025
• PHC CAI YUANPEI PhD 2025
• PHC GERMAINE DE STAEL 2025
• PHC CAI YUANPEI PhD 2025
• PHC GALILEE 2025
• PHC CEDRE 2025
• PHC PARROT 2025
• PHC UTIQUE 2025
• PHC AL MAQDISI 2025
• ECOS NORD PEROU 2024
• PHC BRANCUSI 2024
• PHC STAR 2025
• Bourses Laplace Tunisie 2024
• VINCI 2024
• PHC MAGHREB 2025
• PHC TOUBKAL 2025
• Chateaubriand STEM 2024
• ECOS NORD MEXIQUE 2023-2024
• PHC BANTOU 2024
• MOPGA Jeunes cherheurs 2024
• SSHN-Court Séjour territoires Palestiniens 2024
• PHC JULES VERNE ISLANDE 2024
• PHC TONLE SAP CAMBODGE 2024

Olivier Barais: member of the scientific board of Pole de compétitivité Image et Réseau

11.1.7 Research administration

Olivier Barais is a new member of the CNU 27.

11.2.1 Teaching

The DIVERSE team bears the bulk of the teaching on Software Engineering at the University of Rennes and at INSA Rennes, for the first year of the Master of Computer Science (Project Management, Object-Oriented Analysis and Design with UML, Design Patterns, Component Architectures and Frameworks, Validation & Verification, Human-Computer Interaction, Sustainable Software Engineering) and for the second year of the MSc in software engineering (Model driven Engineering, DevOps, DevSecOps, Validation & Verification, etc.).

Each of Jean-Marc Jézéquel, Noël Plouzeau, Olivier Barais, Benoît Combemale, Johann Bourcier, Arnaud Blouin, Aymeric Blot, Quentin Perez, Stéphanie Challita, Paul Temple, and Mathieu Acher teaches about 250h in these domains for a grand total of about 2000 hours, including several courses at IMT, ENS Rennes and ENSAI Rennes engineering school.

Olivier Barais is deputy director of the electronics and computer science teaching department of the University of Rennes.

Olivier Barais is the head of the Master in Computer Science at the University of Rennes.

Arnaud Blouin is in charge of the 3rd year at the CS dep at INSA Rennes (around 75 students). He is: an elected member of the research council INSA-IRISA; a member of the CS dep admission council; an elected member of the CS dep council.

Quentin Perez is in charge of industrial relationships for the computer science department at INSA Rennes.

The DIVERSE team also hosts several MSc and summer trainees every year.

11.2.2 Supervision

Theo Giraudet, CIFRE with Obéo (defense in 2025). Benoît Combemale and Arnaud Blouin are co-supervisors of this thesis.

Kaouter Zohra Kebaili (defense in 2025). Djamel Eddine Khelladi and Mathieu Acher and Olivier Barais are co-supervisors of this thesis.

Georges Aaron Randrianaina (defense in 2025). Mathieu Acher, Djamel Eddine Khelladi and Olivier Zendra are co-supervisors of this PhD thesis.

Lina Bilal (defense in 2026). Benoît Combemale and Jean-Marc Jézéquel are co-supervisors of this thesis.

Ewen Brune (defense in 2026). Benoît Combemale and Arnaud Blouin are co-supervisors of this thesis.

Philémon Houdaille (defense in 2026). Benoît Combemale and Djamel Eddine Khelladi are co-supervisors of this thesis.

N’Guessan Hermann Kouadio (defense in 2026). Olivier Barais and Mathieu Acher are co-supervisors of this thesis.

Clément Lahoche (defense in 2026). Olivier Barais and Olivier Zendra are co-supervisors of this PhD thesis.

Romain Lefeuvre (defense in 2026). Benoît Combemale and Quentin Perez are co-supe rvisors of this thesis.

Chiara Relevat (defense in 2026). Benoît Combemale and Gurvan Le Guernic are co-supervisors of this thesis.

Sterenn Roux (defense in 2026). Johann Bourcier and Walter Rudametkin are co-supervisors of this thesis.

Camille Molinier (defense in 2027). Olivier Zendra, Olivier Barais and Paul Temple are co-supervisors of this thesis.

Charly Reux ((defense in 2027). Mathieu Acher, Djamel Eddine Khelladi and Olivier Barais are co-supervisors of this thesis.

Nicolò Cavalli (defense in 2027). Arnaud Blouin, Olivier Barais and Djamel Eddine Khelladi are co-supervisors of this thesis.

Haitam El Hayani (defense in 2027). Enrichissement des plateformes et des langages d'approvisionnement et de configuration à l'aide des données collectées en tests et à l'éxécution pour un support avancée au développement de code d'infrastructure. Olivier Barais and Benoît Combemale are co-supervisors of this thesis.

11.2.3 Juries

Olivier Barais was in the PhD jury (reviewer) of Manele Ait Habouche (University of Brest, France), Une infrastructure performante de services distribués pour la collecte et la visualisation de séries temporelles issues de drones marins

Olivier Barais was in the PhD jury (reviewer) of Sébastien Bertrand (University of Bordeaux, France), Modèle de maintenabilité logicielle par analyse statique du graphe de code du programme

Olivier Barais was in the PhD jury (president) of Mathieu Gestin (University of Rennes, France), Privacy Preserving and fully Distributed Identity Management Systems

Olivier Barais was in the PhD jury (president) of Josselin Enet (University of Nantes, France), Protocol-Based Debugging for Domain-Specific Languages

Olivier Barais was in the PhD jury (PhD advisor) of Vincent Lannurien (Ensta Brest, France), Ordonnancement sur ressources hétérogènes pour le Cloud

Olivier Barais was in the PhD jury (PhD advisor) of Piergiorgio Ladisa (Univ Rennes, France), Understanding and Preventing Open-Source Software Supply Chain Attacks

Olivier Barais, Benoît Combemale and Gunter Mussbacher was in the PhD jury (PhD advisor) of Gwendal Jouneaux (Univ Rennes, France), Self-Adaptable Operational Semantics

Olivier Barais has been a member of three recruiting committees for MCF at Univ Montpellier, Univ Brest, and IMT Atlantique.

Jean-Marc Jézéquel has been President of a recruiting committee at INSA Rennes.

Stéphanie Challita has been a member of a PhD students recruiting committee at Inria Rennes.

Djamel Khelladi has been a member of two recruiting committees for MCF at Paris Nanterre University, and at Nice university.

11.3.1 Productions (articles, videos, podcasts, serious games, ...)

Mathieu Acher provided a talk to the "fête de la sciences"71 Un ordinateur, ça ne calcule jamais juste: Ou pourquoi les ordinateurs nous trompent parfois (Fête de la science, INSA Rennes).

Mathieu Acher took part in the video of the famous youtuber (science populariser) Monsieur Phi: "ChatGPT rêve-t-il de cavaliers électriques ?" video

International journals

• 29 articleA.Arnaud Blouin. A Type System for Flexible User Interactions Handling.Proceedings of the ACM on Human-Computer Interaction March 2024, 27HALback to text
• 30 articleS.Stéphanie Challita, B.Benoît Combemale, H.Huseyin Ergin, J.Jeff Gray, B.Bernhard Rumpe and M.Martin Schindler. Report on the state of the SoSyM journal (2023 summary).Software and Systems Modeling23February 2024, 1 - 5HALDOIback to text
• 31 articleB.Benoît Combemale, J.Jeff Gray, J.-M.Jean-Marc Jézéquel and B.Bernhard Rumpe. How does your model represent the system? A note on model fidelity, underspecification, and uncertainty.Software and Systems Modeling23September 2024, 1053 - 1054HALDOIback to text
• 32 articleB.Benoît Combemale, J.Jeff Gray and B.Bernhard Rumpe. Model modularity for reuse, libraries and composition: symbol management is key.Software and Systems Modeling233June 2024, 525-526HALDOIback to text
• 33 articleB.Benoît Combemale, J.Jeff Gray and B.Bernhard Rumpe. Model-based code generation works: But how far does it go?—on the role of the generator.Software and Systems Modeling23April 2024, 267 - 268HALDOIback to text
• 34 articleB.Benoît Combemale, J.Jeff Gray and B.Bernhard Rumpe. Modeling for sustainability: Sustainable Development Goals (SDG) of the United Nations.Software and Systems Modeling23July 2024, 799 - 800HALDOIback to text
• 35 articleT.Théo Giraudet, M.Mélanie Bats, A.Arnaud Blouin, B.Benoît Combemale and P.-C.Pierre-Charles David. Sirius Web: Insights in Language Workbenches - An Experience Report.The Journal of Object Technology2312024, 1-20HALDOIback to text
• 36 articleP.Philémon Houdaille, D. E.Djamel Eddine Khelladi, B.Benoit Combemale, G.Gunter Mussbacher and T.Tijs van Der Storm. PolyDebug: a Framework for Polyglot Debugging.The Art, Science, and Engineering of Programming932025HALDOI
• 37 articleJ.-M.Jean-Marc Jézéquel. Taming uncertainty with MDE: an historical perspective.Software and Systems ModelingOctober 2024, 1-22HALDOIback to text
• 38 articleZ. K.Zohra Kaouter Kebaili, D. E.Djamel Eddine Khelladi, M.Mathieu Acher and O.Olivier Barais. An Empirical Study on Leveraging LLMs for Metamodels and Code Co-evolution.The Journal of Object Technology233August 2024, 1-14HALDOIback to text
• 39 articleW. B.William B Langdon, G.Gabin An, A.Aymeric Blot, V.Vesna Nowack, J.Justyna Petke, S.Shin Yoo, O.Oliver Krauss, E. M.Erik M Fredericks and D.Daniel Blackwell. The 13th International Workshop on Genetic Improvement: (GI @ ICSE 2024).Software Engineering Notes493July 2024, 42 - 50HALDOI
• 40 articleG.Gunter Mussbacher, B.Benoit Combemale, J.Jörg Kienzle, L.Lola Burgueño, A.Antonio Garcia-Dominguez, J.-M.Jean-Marc Jézéquel, G.Gwendal Jouneaux, D.-E.Djamel-Eddine Khelladi, S.Sébastien Mosser, C.Corinne Pulgar, H.Houari Sahraoui, M.Maximilian Schiedermeier and T.Tijs van der Storm. Polyglot Software Development: Wait, What?IEEE Software2024, 1-8HALDOIback to text

International peer-reviewed conferences

• 41 inproceedingsM.Mathieu Acher. A Demonstration of End-User Code Customization Using Generative AI.VAMOS 2024 - 18th International Working Conference on Variability Modelling of Software-Intensive SystemsBern, Switzerland2024, 1-6HALDOIback to text
• 42 inproceedingsM.Mathieu Acher, B.Benoît Combemale, G. A.Georges Aaron Randrianaina and J.-M.Jean-Marc Jézéquel. Embracing Deep Variability For Reproducibility and Replicability.REP 2024 - ACM Conference on Reproducibility and ReplicabilityRennes, France2024, 1-7HALback to text
• 43 inproceedingsA.Alessio Bucaioni, R.Romina Eramo, L.Luca Berardinelli, H.Hugo Bruneliere, B.Benoît Combemale, D. E.Djamel Eddine Khelladi, V.Vittoriano Muttillo, A.Andrey Sadovykh and M.Manuel Wimmer. Multi-Partner Project: A Model-Driven Engineering Framework for Federated Digital Twins of Industrial Systems (MATISSE).Design, Automation and Test in Europe Conference (DATE 2025)Lyon, France2025HALback to text
• 44 inproceedingsL.Lola Burgueño, D.Damien Foures, B.Benoît Combemale, J.Jörg Kienzle and G.Gunter Mussbacher. Global Decision Making Support for Complex System Development.RE 2024 - IEEE 32nd International Requirements Engineering ConferenceReykjavik, IcelandIEEE2024, 252-263HALDOIback to text
• 45 inproceedingsB.Benoît Combemale. There Is Only One Time in Software (Language) Engineering! (Keynote).SLE 2024 - 17th ACM SIGPLAN International Conference on Software Language EngineeringPasadena CA, United StatesACM2024, 1-1HALDOIback to text
• 46 inproceedingsA.Asmaa El fraihi, N.Nardjes Amieur, W.Walter Rudametkin and O.Oana Goga. Client-side and Server-side Tracking on Meta: Effectiveness and Accuracy.Proceedings on Privacy Enhancing TechnologiesPETS 2024 - 24th Privacy Enhancing Technologies Symposium20243Bristol, United KingdomJuly 2024, 431-445HALDOI
• 47 inproceedingsI.Iliana Fayolle, J.Jan Wichelmann, A.Anja Köhl, W.Walter Rudametkin, T.Thomas Eisenbarth and C.Clémentine Maurice. Semi-Automated and Easily Interpretable Side-Channel Analysis for Modern JavaScript.CANS 2024 - 23rd International Conference on Cryptology And Network SecurityCambridge, United Kingdom2024, 1-22HALback to text
• 48 inproceedingsF.Francois Fouquet, T.Thomas Hartmann, C.Cyril Cecchinel and B.Benoît Combemale. GreyCat: A Framework to Develop Digital Twins at Large Scale.EDTConf 2024 - 1st International Conference on Engineering Digital TwinsMODELS Companion '24: ACM/IEEE 27th International Conference on Model Driven Engineering Languages and SystemsLinz, AustriaACM2024, 492-495HALDOIback to text
• 49 inproceedingsP.Philémon Houdaille, D. E.Djamel Eddine Khelladi, B.Benoît Combemale and G.Gunter Mussbacher. On Polyglot Program Testing.FSE 2024 - 32nd ACM International Conference on the Foundations of Software EngineeringPorto de Galinhas, Brazil2024, 1-5HALDOIback to text
• 50 inproceedingsM.Maxime Huyghe, C.Clément Quinton and W.Walter Rudametkin. Taming the Variability of Browser Fingerprints.SPLC'24 - 28th ACM International Systems and Software Product Lines ConferenceLuxembourg, LuxembourgSeptember 2024, 1-6HALback to text
• 51 inproceedingsV.Vincent Lannurien, C.Camélia Slimani, L.Laurent d'Orazio, O.Olivier Barais, S.Stéphane Paquelet and J.Jalil Boukhobza. HeROcache: Storage-Aware Scheduling in Heterogeneous Serverless Edge - The Case of IDS.CCGrid 2024 - 24th IEEE/ACM international Symposium on Cluster, Cloud and Internet ComputingPhiladelphia, United States2024, 1-11HALback to text
• 52 inproceedingsG.Gurvan Le Guernic. C&amp;ESAR'23: Cybersecurity of Smart Peripheral Devices (Mobiles / IoT / Edge).C&ESAR 2023 - Cybersecurity of Smart Peripheral Devices (Mobiles / IoT / Edge)3610Rennes, FranceJanuary 2024HALback to text
• 53 inproceedingsN.Naif Mehanna, W.Walter Rudametkin, P.Pierre Laperdrix and A.Antoine Vastel. Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services.Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb'24)MADWeb 2024 - Workshop on Measurements, Attacks, and Defenses for the WebSan Diego (CA), United States2024, 1-12HALDOIback to text
• 54 inproceedingsC.Camille Molinier, P.Paul Temple and G.Gilles Perrouin. FairPipes: Data Mutation Pipelines for Machine Learning Fairness.AST 2024 - 5th ACM/IEEE International Conference on Automation of Software TestLisbonne, PortugalACM2024, 1-11HALDOIback to text
• 55 inproceedingsG. A.Georges Aaron Randrianaina, D. E.Djamel Eddine Khelladi, O.Olivier Zendra and M.Mathieu Acher. Options Matter: Documenting and Fixing Non-Reproducible Builds in Highly-Configurable Systems.MSR 2024 - 21th International Conference on Mining Software RepositoryLisbon, Portugal2024, 1-11HALback to text
• 56 inproceedingsB. P.Brell Peclard Sanwouo, C.Clément Quinton and P.Paul Temple. Toward AI-based Complex Self-Adaptive Systems.CEUR Workshop ProceedingsBENEVOL 2024 - 23rd Belgium-Netherlands Software Evolution WorkshopNamur, BelgiumNovember 2024, 1-2HAL

Scientific books

• 57 bookM.Marc Duranton, P.Paul Carpenter, K.Koen de Bosschere, T.Thomas Hoberg, C.Charles Robinson, T.Tullio Vardanega and O.Olivier Zendra. HiPEAC Vision 2024 - Rationale.January 2024, 226HALback to text
• 58 bookM.Marc Duranton, P.Paul Carpenter, K.Koen de Bosschere, T.Thomas Hoberg, C.Charles Robinson, T.Tullio Vardanega and O.Olivier Zendra. HiPEAC Vision 2024.January 2024, 24HALback to text

Scientific book chapters

• 59 inbookB.Bart Coppens and O.Olivier Zendra. More data for the NCP implies more privacy risks.HiPEAC Vision 2024 RationaleJanuary 2024, 1-6HALback to text
• 60 inbookW.Walter Rudametkin and O.Olivier Zendra. The browser: the key to your privacy on the Web.HiPEAC Vision 2024 RationaleJanuary 2024, 5HALback to text
• 61 inbookO.Olivier Zendra and B.Bart Coppens. The NCP cybersecurity challenges.HiPEAC Vision 2024 RationaleJanuary 2024, 7HALback to text
• 62 inbookO.Olivier Zendra and B.Bart Coppens. The race for NCP cybersecurity.HiPEAC Vision 2024 RationaleJanuary 2024, 3HALback to text

Edition (books, proceedings, special issue of a journal)

• 63 proceedingsProceedings of the ACM/IEEE 27th International Conference on Model Driven Engineering Languages and Systems, MODELS 2024, Linz, Austria, September 22-27, 2024.MODELS '24: ACM/IEEE 27th International Conference on Model Driven Engineering Languages and SystemsACM2024HALDOIback to text
• 64 periodicalVaryMinions: Leveraging RNNs to Identify Variants in Variability-intensive Systems' Logs.Empirical Software Engineering2024. In press. HALback to text
• 65 proceedingsProceedings of the ACM/IEEE 27th International Conference on Model Driven Engineering Languages and Systems, MODELS Companion 2024, Linz, Austria, September 22-27, 2024.MODELS Companion '24: ACM/IEEE 27th International Conference on Model Driven Engineering Languages and SystemsACM2024HALDOIback to text

Doctoral dissertations and habilitation theses

• 66 thesisQ.Quentin Le Dilavrec. Precise temporal analysis of source code histories at scale.Université de RennesFebruary 2024HAL

Reports & preprints

• 67 miscQ.Quentin Perez, R.Romain Lefeuvre, T.Thomas Degueule, O.Olivier Barais and B.Benoît Combemale. Software Frugality in an Accelerating World: the Case of Continuous Integration.2024HALDOIback to text
• 68 miscF.Florian Rascoussier and L.Lise Lahoche. Large Scale Heap Dump Embedding for Machine Learning: Predicting OpenSSH Key Locations.July 2024, 396-409HALDOIback to text

Other scientific publications

• 69 miscM.Mathieu Acher. Deep Software Variability and Frictionless Reproducibility.June 2024, 1-121HALback to text
• 70 miscM.Mathieu Acher. Generative AI for Generative Programming: Automating Code Variants and Exploring the Boundaries of LLMs.November 2024HALback to text
• 71 miscM.Mathieu Acher. Un ordinateur, ça ne calcule jamais juste: Ou pourquoi les ordinateurs nous trompent parfois (Fête de la science, INSA Rennes).October 2024HALback to textback to text

Software

• 72 softwareJ.Johann Mortara, P.Philippe Collet and X.Xhevahire Tërnava. Symfinder: Identifying and visualizing variability implementations in variability-rich Java systems.February 2024 lic: GNU Lesser General Public License v3.0 only.HALSoftware HeritageVCSback to text