2023Activity reportProject-TeamDIVERSE

3.2.1 Model-Driven Engineering

Model-Driven Engineering (MDE) aims at reducing the accidental complexity associated with developing complex software-intensive systems (e.g., use of abstractions of the problem space rather than abstractions of the solution space)  131. It provides DIVERSE with solid foundations to specify, analyze and reason about the different forms of diversity that occur throughout the development life cycle. A primary source of accidental complexity is the wide gap between the concepts used by domain experts and the low-level abstractions provided by general-purpose programming languages  103. MDE approaches address this problem through modeling techniques that support separation of concerns and automated generation of major system artifacts from models (e.g., test cases, implementations, deployment and configuration scripts). In MDE, a model describes an aspect of a system and is typically created or derived for specific development purposes  86. Separation of concerns is supported through the use of different modeling languages, each providing constructs based on abstractions that are specific to an aspect of a system. MDE technologies also provide support for manipulating models, for example, support for querying, slicing, transforming, merging, and analyzing (including executing) models. Modeling languages are thus at the core of MDE, which participates in the development of a sound Software Language Engineering, including a unified typing theory that integrates models as first class entities  133.

Incorporating domain-specific concepts and a high-quality development experience into MDE technologies can significantly improve developer productivity and system quality. Since the late nineties, this realization has led to work on MDE language workbenches that support the development of domain-specific modeling languages (DSMLs) and associated tools (e.g., model editors and code generators). A DSML provides a bridge between the field in which domain experts work and the implementation (programming) field. Domains in which DSMLs have been developed and used include, among others, automotive, avionics, and cyber-physical systems. A study performed by Hutchinson et al.  108 indicates that DSMLs can pave the way for wider industrial adoption of MDE.

More recently, the emergence of new classes of systems that are complex and operate in heterogeneous and rapidly changing environments raises new challenges for the software engineering community. These systems must be adaptable, flexible, reconfigurable and, increasingly, self-managing. Such characteristics make systems more prone to failure when running and thus the development and study of appropriate mechanisms for continuous design and runtime validation and monitoring are needed. In the MDE community, research is focused primarily on using models at the design, implementation, and deployment stages of development. This work has been highly productive, with several techniques now entering a commercialization phase. As software systems are becoming more and more dynamic, the use of model-driven techniques for validating and monitoring runtime behavior is extremely promising  117.

3.2.2 Variability modeling

While the basic vision underlying Software Product Lines (SPL) can probably be traced back to David Parnas' seminal article  124 on the Design and Development of Program Families, it is only quite recently that SPLs have started emerging as a paradigm shift towards modeling and developing software system families rather than individual systems  121. SPL engineering embraces the ideas of mass customization and software reuse. It focuses on the means of efficiently producing and maintaining multiple related software products, exploiting what they have in common and managing what varies among them.

Several definitions of the software product line concept can be found in the research literature. Clements et al. define it as a set of software-intensive systems sharing a common, managed set of features that satisfy the specific needs of a particular market segment or mission and are developed from a common set of core assets in a prescribed way  122. Bosch provides a different definition 92: A SPL consists of a product line architecture and a set of reusable components designed for incorporation into the product line architecture. In addition, the PL consists of the software products developed using the mentioned reusable assets. In spite of the similarities, these definitions provide different perspectives of the concept: market-driven, as seen by Clements et al., and technology-oriented for Bosch.

SPL engineering is a process focusing on capturing the commonalities (assumptions true for each family member) and variability (assumptions about how individual family members differ) between several software products  98. Instead of describing a single software system, a SPL model describes a set of products in the same domain. This is accomplished by distinguishing between elements common to all SPL members, and those that may vary from one product to another. Reuse of core assets, which form the basis of the product line, is key to productivity and quality gains. These core assets extend beyond simple code reuse and may include the architecture, software components, domain models, requirements statements, documentation, test plans or test cases.

The SPL engineering process consists of two major steps:

1. Domain Engineering, or development for reuse, focuses on core assets development.
2. Application Engineering, or development with reuse, addresses the development of the final products using core assets and following customer requirements.

Central to both processes is the management of variability across the product line  105. In common language use, the term variability refers to the ability or the tendency to change. Variability management is thus seen as the key feature that distinguishes SPL engineering from other software development approaches  93. Variability management is thus increasingly seen as the cornerstone of SPL development, covering the entire development life cycle, from requirements elicitation  135 to product derivation  139 to product testing  120, 119.

Halmans et al.  105 distinguish between essential and technical variability, especially at the requirements level. Essential variability corresponds to the customer's viewpoint, defining what to implement, while technical variability relates to product family engineering, defining how to implement it. A classification based on the dimensions of variability is proposed by Pohl et al.  126: beyond variability in time (existence of different versions of an artifact that are valid at different times) and variability in space (existence of an artifact in different shapes at the same time) Pohl et al. claim that variability is important to different stakeholders and thus has different levels of visibility: external variability is visible to the customers while internal variability, that of domain artifacts, is hidden from them. Other classification proposals come from Meekel et al.  114 (feature, hardware platform, performance and attributes variability) or Bass et al.  84 who discusses about variability at the architectural level.

Central to the modeling of variability is the notion of feature, originally defined by Kang et al. as: a prominent or distinctive user-visible aspect, quality or characteristic of a software system or systems  110. Based on this notion of feature, they proposed to use a feature model to model the variability in a SPL. A feature model consists of a feature diagram and other associated information: constraints and dependency rules. Feature diagrams provide a graphical tree-like notation depicting the hierarchical organization of high level product functionalities represented as features. The root of the tree refers to the complete system and is progressively decomposed into more refined features (tree nodes). Relations between nodes (features) are materialized by decomposition edges and textual constraints. Variability can be expressed in several ways. Presence or absence of a feature from a product is modeled using mandatory or optional features. Features are graphically represented as rectangles while some graphical elements (e.g., unfilled circle) are used to describe the variability (e.g., a feature may be optional).

Features can be organized into feature groups. Boolean operators exclusive alternative (XOR), inclusive alternative (OR) or inclusive (AND) are used to select one, several or all the features from a feature group. Dependencies between features can be modeled using textual constraints: requires (presence of a feature requires the presence of another), mutex (presence of a feature automatically excludes another). Feature attributes can be also used for modeling quantitative (e.g., numerical) information. Constraints over attributes and features can be specified as well.

Modeling variability allows an organization to capture and select which version of which variant of any particular aspect is wanted in the system  93. To implement it cheaply, quickly and safely, redoing by hand the tedious weaving of every aspect is not an option: some form of automation is needed to leverage the modeling of variability  88. Model Driven Engineering (MDE) makes it possible to automate this weaving process  109. This requires that models are no longer informal, and that the weaving process is itself described as a program (which is as a matter of fact an executable meta-model  118) manipulating these models to produce for instance a detailed design that can ultimately be transformed to code, or to test suites  125, or other software artifacts.

3.2.3 Component-based software development

Component-based software development  134 aims at providing reliable software architectures with a low cost of design. Components are now used routinely in many domains of software system designs: distributed systems, user interaction, product lines, embedded systems, etc. With respect to more traditional software artifacts (e.g., object oriented architectures), modern component models have the following distinctive features  99: description of requirements on services required from the other components; indirect connections between components thanks to ports and connectors constructs  112; hierarchical definition of components (assemblies of components can define new component types); connectors supporting various communication semantics  96; quantitative properties on the services  91.

In recent years component-based architectures have evolved from static designs to dynamic, adaptive designs (e.g., SOFA  96, Palladio  89, Frascati  115). Processes for building a system using a statically designed architecture are made of the following sequential lifecycle stages: requirements, modeling, implementation, packaging, deployment, system launch, system execution, system shutdown and system removal. If for any reason after design time architectural changes are needed after system launch (e.g., because requirements changed, or the implementation platform has evolved, etc) then the design process must be reexecuted from scratch (unless the changes are limited to parameter adjustment in the components deployed).

Dynamic designs allow for on the fly redesign of a component based system. A process for dynamic adaptation is able to reapply the design phases while the system is up and running, without stopping it (this is different from a stop/redeploy/start process). Dynamic adaptation processes support chosen adaptation, when changes are planned and realized to maintain a good fit between the needs that the system must support and the way it supports them  111. Dynamic component-based designs rely on a component meta-model that supports complex life cycles for components, connectors, service specification, etc. Advanced dynamic designs can also take platform changes into account at runtime, without human intervention, by adapting themselves  97, 137. Platform changes and more generally environmental changes trigger imposed adaptation, when the system can no longer use its design to provide the services it must support. In order to support an eternal system  90, dynamic component based systems must separate architectural design and platform compatibility. This requires support for heterogeneity, since platform evolution can be partial.

The Models@runtime paradigm denotes a model-driven approach aiming at taming the complexity of dynamic software systems. It basically pushes the idea of reflection one step further by considering the reflection layer as a real model “something simpler, safer or cheaper than reality to avoid the complexity, danger and irreversibility of reality  129”. In practice, component-based (and/or service-based) platforms offer reflection APIs that make it possible to introspect the system (to determine which components and bindings are currently in place in the system) and dynamic adaptation (by applying CRUD operations on these components and bindings). While some of these platforms offer rollback mechanisms to recover after an erroneous adaptation, the idea of Models@runtime is to prevent the system from actually enacting an erroneous adaptation. In other words, the “model at run-time” is a reflection model that can be uncoupled (for reasoning, validation, simulation purposes) and automatically resynchronized.

Heterogeneity is a key challenge for modern component based systems. Until recently, component based techniques were designed to address a specific domain, such as embedded software for command and control, or distributed Web based service oriented architectures. The emergence of the Internet of Things paradigm calls for a unified approach in component based design techniques. By implementing an efficient separation of concern between platform independent architecture management and platform dependent implementations, Models@runtime is now established as a key technique to support dynamic component based designs. It provides DIVERSE with an essential foundation to explore an adaptation envelope at run-time. The goal is to automatically explore a set of alternatives and assess their relevance with respect to the considered problem. These techniques have been applied to craft software architecture exhibiting high quality of services properties  104. Multi Objectives Search based techniques  101 deal with optimization problem containing several (possibly conflicting) dimensions to optimize. These techniques provide DIVERSE with the scientific foundations for reasoning and efficiently exploring an envelope of software configurations at run-time.

3.2.4 Validation and verification

Validation and verification (V&V) theories and techniques provide the means to assess the validity of a software system with respect to a specific correctness envelope. As such, they form an essential element of DIVERSE's scientific background. In particular, we focus on model-based V&V in order to leverage the different models that specify the envelope at different moments of the software development lifecycle.

Model-based testing consists in analyzing a formal model of a system (e.g., activity diagrams, which capture high-level requirements about the system, statecharts, which capture the expected behavior of a software module, or a feature model, which describes all possible variants of the system) in order to generate test cases that will be executed against the system. Model-based testing  136 mainly relies on model analysis, constraint solving  100 and search-based reasoning  113. DIVERSE leverages in particular the applications of model-based testing in the context of highly-configurable systems and 138 interactive systems  116 as well as recent advances based on diversity for test cases selection  107.

Nowadays, it is possible to simulate various kinds of models. Existing tools range from industrial tools such as Simulink, Rhapsody or Telelogic to academic approaches like Omega  123, or Xholon. All these simulation environments operate on homogeneous environment models. However, to handle diversity in software systems, we also leverage recent advances in heterogeneous simulation. Ptolemy  95 proposes a common abstract syntax, which represents the description of the model structure. These elements can be decorated using different directors that reflect the application of a specific model of computation on the model element. Metropolis  85 provides modeling elements amenable to semantically equivalent mathematical models. Metropolis offers a precise semantics flexible enough to support different models of computation. ModHel'X  106 studies the composition of multi-paradigm models relying on different models of computation.

Model-based testing and simulation are complemented by runtime fault-tolerance through the automatic generation of software variants that can run in parallel, to tackle the open nature of software-intensive systems. The foundations in this case are the seminal work about N-version programming   83, recovery blocks  128 and code randomization  87, which demonstrated the central role of diversity in software to ensure runtime resilience of complex systems. Such techniques rely on truly diverse software solutions in order to provide systems with the ability to react to events, which could not be predicted at design time and checked through testing or simulation.

3.2.5 Empirical software engineering

The rigorous, scientific evaluation of DIVERSE's contributions is an essential aspect of our research methodology. In addition to theoretical validation through formal analysis or complexity estimation, we also aim at applying state-of-the-art methodologies and principles of empirical software engineering. This approach encompasses a set of techniques for the sound validation contributions in the field of software engineering, ranging from statistically sound comparisons of techniques and large-scale data analysis to interviews and systematic literature reviews  132, 130. Such methods have been used for example to understand the impact of new software development paradigms  94. Experimental design and statistical tests represent another major aspect of empirical software engineering. Addressing large-scale software engineering problems often requires the application of heuristics, and it is important to understand their effects through sound statistical analyses  82.

3.3.1 Axis #1: Software Language Engineering

Overall objective.

The disruptive design of new, complex systems requires a high degree of flexibility in the communication between many stakeholders, often limited by the silo-like structure of the organization itself (cf. Conway’s law). To overcome this constraint, modern engineering environments aim to: (i) better manage the necessary exchanges between the different stakeholders; (ii) provide a unique and usable place for information sharing; and (iii) ensure the consistency of the many points of view. Software languages are the key pivot between the diverse stakeholders involved, and the software systems they have to implement. Domain-Specific (Modeling) Languages enable stakeholders to address the diverse concerns through specific points of view, and their coordinated use is essential to support the socio-technical coordination across the overall software system life cycle.

Our perspectives on Software Language Engineering over the next period is presented in Figure 2 and detailed in the following paragraphs.

Perspectives on Software Language Engineering (axis #1)

3.3.2 Axis #2: Spatio-temporal Variability in Software and Systems

Overall objective.

Leveraging our longstanding activity on variability management for software product lines and configurable systems covering diverse scenarios of use, we will investigate over the next period the impact of such a variability across the diverse layers, incl. source code, input/output data, compilation chain, operating systems and underlying execution platforms. We envision a better support and assistance for the configuration and optimisation (e.g., non-functional properties) of software systems according to this deep variability. Moreover, as software systems involve diverse artefacts (e.g., APIs, tests, models, scripts, data, cloud services, documentation, deployment descriptors...), we will investigate their continuous co-evolution during the overall lifecycle, including maintenance and evolution. Our perspectives on spatio-temporal variability over the next period is presented in Figure 3 and is detailed in the following paragraphs.

Perspectives on Spatio-temporal Variability in Software and Systems (axis #2)

3.3.3 Axis #3: DevSecOps and Resilience Engineering for Software and Systems

Overall objective.

The production and delivery of modern software systems involves the integration of diverse dependencies and continuous deployment on diverse execution platforms in the form of large distributed socio-technical systems. This leads to new software architectures and programming models, as well as complex supply chains for final delivery to system users. In order to boost cybersecurity, we want to provide strong support to software engineers and IT teams in the development and delivery of secure and resilient software systems, ie. systems able to resist or recover from cyberattacks. Our perspectives on DevSecOps and Resilience Engineering over the next period are presented in Figure 4 and detailed in the following paragraphs.

Perspectives on DevSecOps and Resilience Eng. for Software and Systems (axis #3)

7.1.1 GEMOC Studio

• Name:
  GEMOC Studio
• Keywords:
  DSL, Language workbench, Model debugging
• Scientific Description:

  The language workbench put together the following tools seamlessly integrated to the Eclipse Modeling Framework (EMF):

  1) Melange, a tool-supported meta-language to modularly define executable modeling languages with execution functions and data, and to extend (EMF-based) existing modeling languages. 2) MoCCML, a tool-supported meta-language dedicated to the specification of a Model of Concurrency and Communication (MoCC) and its mapping to a specific abstract syntax and associated execution functions of a modeling language. 3) GEL, a tool-supported meta-language dedicated to the specification of the protocol between the execution functions and the MoCC to support the feedback of the data as well as the callback of other expected execution functions. 4) BCOoL, a tool-supported meta-language dedicated to the specification of language coordination patterns to automatically coordinates the execution of, possibly heterogeneous, models. 5) Monilog, an extension for monitoring and logging executable domain-specific models 6) Sirius Animator, an extension to the model editor designer Sirius to create graphical animators for executable modeling languages.

• Functional Description:
  The GEMOC Studio is an Eclipse package that contains components supporting the GEMOC methodology for building and composing executable Domain-Specific Modeling Languages (DSMLs). It includes two workbenches: The GEMOC Language Workbench: intended to be used by language designers (aka domain experts), it allows to build and compose new executable DSMLs. The GEMOC Modeling Workbench: intended to be used by domain designers to create, execute and coordinate models conforming to executable DSMLs. The different concerns of a DSML, as defined with the tools of the language workbench, are automatically deployed into the modeling workbench. They parametrize a generic execution framework that provides various generic services such as graphical animation, debugging tools, trace and event managers, timeline.
• URL:
  http://­gemoc.­org/­studio.­html
• Publications:
  hal-00850770, hal-01355391, hal-01609576, hal-01651801, hal-01152342, hal-03374955, hal-01614561, hal-01616154
• Contact:
  Benoît Combemale
• Participants:
  Didier Vojtisek, Erwan Bousse, Julien Deantoni
• Partners:
  I3S, Université de Nantes

7.1.2 Interacto

• Keywords:
  GUI (Graphical User Interface), User Interfaces, HCI, Software engineering
• Functional Description:
  Interacto is a framework for developing user interfaces and user interactions. It complements other general graphical framework by providing a fluent API specifically designed to process user interface event and develop complex user interactions. Interacto is currently developped in Java and TypeScript to target both Java desktop applications (JavaFX) and Web applications (Angular).
• URL:
  https://­interacto.­github.­io
• Publications:
  hal-03231669, tel-02354530, inria-00590891, inria-00477627
• Contact:
  Arnaud Blouin
• Participants:
  Arnaud Blouin, Olivier Beaudoux

7.1.3 HyperAST

• Keywords:
  Code analysis, Git svn
• Functional Description:

  The HyperAST is an AST structured as a Direct Acyclic Graph (DAG) (similar to MerkleDAG used in Git). An HyperAST is efficiently constructed by leveraging Git and TreeSitter.

  It reimplements the Gumtree algorithm in Rust while using the HyperAST as the underlying AST structure.

  It implements a use-def solver, that uses a context-free indexing of references present in subtrees (each subtree has a bloom filter of contained references).

• Author:
  Quentin Le Dilavrec
• Contact:
  Olivier Barais

7.1.4 CorrectExam

• Name:
  CorrectExam: GRADE YOUR ASSESSMENTS MORE EFFICIENTLY
• Keyword:
  Digital pedagogy
• Functional Description:
  The first objective of the correctexam project is pedagogical. The aim is to be able to send feedback to students as quickly as possible on the marking of their papers, to easily generate a standard answer key from answers marked as excellent by the marker, and to facilitate a constructive exchange between students and the teaching team. This helps to overcome a shortcoming at university where, as examinations generally take place partly at the end of the course, students are not strongly encouraged to look at their marked papers in order to understand their mistakes. The second objective is to seek to increase the efficiency of exam marking and the administrative aspects associated with an exam by using AI techniques to mark certain questions, and by factoring standard comments added to an exam paper, generating documents in the format expected by the school, and so on. Finally, the last notable element of the project that could be discussed concerns the choice of technical architecture. Even though an application server is used to store the students' results, all the processing of the scans (pdf), images and AI is carried out completely on the browser side, using the possibilities offered by modern browsers such as WASM or worker services. This is an opportunity to significantly limit the power required on the server side.
• Release Contributions:
  See https://correctexam.github.io/#about
• Contact:
  Olivier Barais
• Partner:
  Université de Rennes 1

7.1.5 PolyglotAST

• Name:
  PolyglotAST
• Keywords:
  Code analysis, Static analysis
• Functional Description:
  Framework to facilitate the static analysis of multilingual programs on GraalVM, by providing a unified representation of the various sub-programs via a single AST
• Author:
  Philemon Houdaille
• Contact:
  Olivier Barais

7.1.6 HydroPredictUI

• Name:
  Jupyter graphical interface for HydroModPy
• Keywords:
  GUI (Graphical User Interface), Jupyter, Simulator, Scientific computing, Distributed Applications
• Functional Description:
  HydroModPy is a Python tool for running numerical simulations of groundwater flow. The aim of the HydroPredictUi software is to provide a graphical interface in the form of a Jupyter notebook to make it easier to learn and run simulations on a remote server.
• Contact:
  Johann Bourcier

8.1.1 Modeling: From CASE Tools to SLE and Machine Learning

Finding better ways to handle software complexity (both inherent and accidental) is the holy grail for a significant part of the software engineering community, and especially for the Model Driven Engineering (MDE) one. To that purpose, plenty of techniques have been proposed, leading to a succession of trends in model based software developments paradigms in the last decades. While these trends seem to pop out from nowhere, we claim in 65 that most of them actually stem from trying to get a better grasp on the variability of software. We revisit the history of MDE trying to identify the main aspect of variability they wanted to address when they were introduced. We conclude on what are the variability challenges of our time, including variability of data leading to machine learning of models.

8.1.2 A Generic Framework for Representing and Analysing Model Concurrency

Recent results in language engineering simplify the development of tool-supported executable domain-specific modelling languages (xDSMLs), including editing (e.g., completion and error checking) and execution analysis tools (e.g., debugging, monitoring and live modelling). However, such frameworks are currently limited to sequential execution traces, and cannot handle execution traces resulting from an execution semantics with a concurrency model supporting parallelism or interleaving. This prevents the development of concurrency analysis tools, like debuggers supporting the exploration of model executions resulting from different interleavings. In 41, we present a generic framework to integrate execution semantics with either implicit or explicit concurrency models, to explore the possible execution traces of conforming models, and to define strategies for helping in the exploration of the possible executions. This framework is complemented with a protocol to interact with the resulting executions and hence to build advanced concurrency analysis tools. The approach has been implemented within the GEMOC Studio. We demonstrate how to integrate two representative concurrent meta-programming approaches (MoCCML/Java and Henshin), which use different paradigms and underlying foundations to define an xDSML’s concurrency model. We also demonstrate the ability to define an advanced concurrent omniscient debugger with the proposed protocol. The work, thus, contributes key abstractions and an associated protocol for integrating concurrent meta-programming approaches in a language workbench, and dynamically exploring the possible executions of a model in the modelling workbench.

8.1.3 Adaptive Structural Operational Semantics

Software systems evolve more and more in complex and changing environments, often requiring runtime adaptation to best deliver their services. When self-adaptation is the main concern of the system, a manual implementation of the underlying feedback loop and trade-off analysis may be desirable. However, the required expertise and substantial development effort make such implementations prohibitively difficult when it is only a secondary concern for the given domain. In 49, we present ASOS, a metalanguage abstracting the runtime adaptation concern of a given domain in the behavioral semantics of a domain-specific language (DSL), freeing the language user from implementing it from scratch for each system in the domain. We demonstrate our approach on RobLANG, a procedural DSL for robotics, where we abstract a recurrent energy-saving behavior depending on the context. We provide formal semantics for ASOS and pave the way for checking properties such as determinism, completeness, and termination of the resulting self-adaptable language. We provide first results on the performance of our approach compared to a manual implementation of this selfadaptable behavior. We demonstrate, for RobLANG, that our approach provides suitable abstractions for specifying sound adaptive operational semantics while being more efficient.

8.1.4 Testing Metamodel and Code Co-evolution

Models play a significant role in Model-Driven Engineering (MDE) and metamodels are commonly transformed into code. Developers intensively rely on the generated code to build language services and tooling, such as editors and views which are also tested to ensure their behavior. The metamodel evolution between releases updates the generated code, and this may impact the developers’ additional, client code. Accordingly, the impacted code must be co-evolved too, but there is no guarantee of preserving its behavior correctness. In 50, we envision an automatic approach for ensuring code co-evolution correctness. It first aims to trace the tests impacted by the metamodel evolution before and after the code co-evolution, and then compares them to analyze the behavior of the code. Preliminary evaluation on two implementations of OCL and Modisco Eclipse projects showed that we can successfully trace the impacted tests automatically by selecting 738 and 412 tests, before and after co-evolution respectively, based on 303 metamodel changes. By running these impacted tests, we observed both behaviorally correct and incorrect code co-evolution.

8.1.5 Practical Runtime Instrumentation of Software Languages: The Case of SciHook

Software languages have pros and cons, and are usually chosen accordingly. In this context, it is common to involve different languages in the development of complex systems, each one specifically tailored for a given concern. However, these languages create de facto silos, and offer little support for interoperability with other languages, be it statically or at runtime. In 56, we report on our experiment on extracting a relevant behavioral interface from an existing language, and using it to enable interoperability at runtime. In particular, we present a systematic approach to define the behavioral interface and we discuss the expertise required to define it. We illustrate our work on the case study of SciHook, a C++ library enabling the runtime instrumentation of scientific software in Python. We present how the proposed approach, combined with SciHook, enables interoperability between Python and a domain-specific language dedicated to numerical analysis, namely NabLab, and discuss overhead at runtime.

8.1.6 Polyglot Software Development and Code Analysis

The notion of polyglot software development refers to the fact that most software projects nowadays rely on multiple languages to deal with widely different concerns, from core business concerns to user interface, security, and deployment concerns among many others. Many different wordings around this notion have been proposed in the literature, with little understanding of their differences. In 39, we propose a concise and unambiguous definition of polyglot software development including a conceptual model and its illustration on a well-known, open-source project. We further characterize the techniques used for the specification and operationalization of polyglot software development with a feature model, concentrating on polyglot programming. Finally, we outline the many challenges and perspectives raised by polyglot software development.

In this contexts, GraalVM and PolyNote are examples of runtimes allowing polyglot programming. However, there is a striking lack of support at design time for building and analyzing polyglot code. To the best of our knowledge, there is no uniform language-agnostic way of reasoning over multiple languages to provide seamless code analysis, since each language comes with its own form of Abstract Syntax Trees (AST). In 48, we present an approach to build a uniform yet polyglot AST over polyglot code, so that it is easier to perform global analysis. We first motivate this challenge and identify the main requirements for building a polyglot AST. We then propose a proof of concept implementation of our solutions on GraalVM’s polyglot API. On top of the polyglot AST, we demonstrate the ability to implement several polyglot-specific analysis services, namely auto-completion, consistency checking, type inference, and rename refactoring. Our evaluation on three polyglot projects taken from GitHub, and involving JavaScript and Python code, shows that we can build a polyglot AST without significant overhead. We also demonstrate the usefulness of the polyglot analysis services through the provided automation, as well as their scalability.

8.1.7 Pull Requests Integration Process Optimization: An Empirical Study

Pull-based Development (PbD) is widely used in collaborative development to integrate changes into a project codebase. In this model, contributions are notified through Pull Request (PR) submissions. Project administrators are responsible for reviewing and integrating PRs. In the integration process, conflicts occur when PRs are concurrently opened on a given target branch and propose different modifications for a same code part. In a previous work, we proposed an approach, called IP Optimizer, to improve the Integration Process Efficiency (IPE) by prioritizing PRs. In this work 67, we conduct an empirical study on 260 open-source projects hosted by GitHub that use PRs intensively in order to quantify the frequency of conflicts in software projects and analyze how much the integration process can be improved. Our results indicate that regarding the frequency of conflicts in software projects, half of the projects have a moderate and high number of pairwise conflicts and half have a low number of pairwise conflicts or none. Futhermore, on average 18.82% of the time windows have conflicts. On the other hand, regarding how much the integration process can be improved, IP Optimizer improves the IPE in 94.16% of the time windows and the average improvement percentage is 146.15%. In addition, it improves the number of conflict resolutions in 67.16% of the time windows and the average improvement percentage is 134.28%.

8.2.1 Generative AI and Large Language Models for Variability

LLM for programming variability Programming variability is central to the design and implementation of software systems that can adapt to a variety of contexts and requirements, providing increased flexibility and customization. Managing the complexity that arises from having multiple features, variations, and possible configurations is known to be highly challenging for software developers. In this work, we explore how large language model (LLM)-based assistants can support the programming of variability. In 43 we report on new approaches made possible with LLM-based assistants, like: features and variations can be implemented as prompts; augmentation of variability out of LLM-based domain knowledge; seamless implementation of variability in different kinds of artefacts, programming languages, and frameworks, at different binding times (compile-time or run-time).

LLM for re-engineering variants We are interested in the following problem: given a set of variants (Java, C, SVG, UML, state charts, etc.) how to build a configurable program (a software product line aka SPL) that allows you to retrieve/derive them? For instance let us say you have three variants written in Java. What would be the Java program that can be configured to retrieve them? You can do it manually but it is error-prone and time-consuming. In 45 we explore the use of LLM and ChatGPT for this problem. We revisit four illustrative cases of the literature where the challenge is to migrate variants written in a different formalism (UML class diagrams, Java, GraphML, statecharts). We systematically report on our experience with ChatGPT-4, describing our strategy to prompt LLMs and documenting positive aspects but also failures. We compare the use of LLMs with a state-of-the-art approach, BUT4Reuse. While LLMs offer potential in assisting domain analysts and developers in transitioning software variants into SPLs, their intrinsic stochastic nature and restricted ability to manage large variants or complex structures necessitate a semiautomatic approach, complete with careful review, to counteract inaccuracies.

End-user customization with generative AI Producing a variant of code is highly challenging, particularly for individuals unfamiliar with programming. In 42, we introduce a novel use of generative AI to aid end-users in customizing code. We first describe how generative AI can be used to customize code through prompts and instructions, and further demonstrate its potential in building end-user tools for configuring code. We showcase how to transform an undocumented, technical, low-level TikZ into a user-friendly, configurable, Web-based customization tool written in Python, HTML, CSS, and JavaScript and itself configurable. We discuss how generative AI can support this transformation process and traditional variability engineering tasks, such as identification and implementation of features, synthesis of a template code generator, and development of end-user configurators. We believe it is a first step towards democratizing variability programming, opening a path for end-users to adapt code to their needs.

8.2.2 Reverse Engineering Variability

Software Product Lines (SPLs) are families of systems that share common assets allowing disciplined software reuse. The adoption of SPLs practices has been shown to enable significant technical and economic benefits for the companies that employ them. However, successful SPLs rarely start from scratch. Instead, they usually start from a set of existing legacy systems that must undergo a well-defined re-engineering process.

Many approaches to conduct such re-engineering processes have been proposed and documented in the literature. This handbook is the result of the collective community expertise and knowledge acquired in conducting theoretical and empirical research also in partnership with industry. The topic discussed in this handbook is a recurrent and challenging problem faced by many companies. Conducting a reengineering process could unlock new levels of productivity and competitiveness. The chapter authors are all experts in different topics of the re-engineering process, which brings valuable contributions to the content of this handbook. Additionally, organizing the international workshop on REverse Variability Engineering (REVE) has contributed to this topic during the last decade. REVE has fostered research collaborations between Software Re-engineering and SPL Engineering (SPLE) communities. Thus, this handbook is also a result of our expertise and knowledge acquired from the fruitful discussions with the attendants of REVE. Our handbook aims to bring together into a single, comprehensive, and cohesive reference the wealth of experience and expertise in the area of re-engineering software intensive systems into SPLs. We cover the entire re-engineering life-cycle, from requirements gathering to maintenance and evolution tasks. Also, we provide future directions and perspectives.

We released the book "Handbook of Re-Engineering Software Intensive Systems into Software Product Lines". It is the result of a collective effort over the last 3 years. It underwent a rigorous and careful selection and edition process. The selected contributors are worldwide experts in their field, and all chapters were peer reviewed.

We also contributed with a chapter "Machine Learning for Feature Constraints Discovery" that provides an overview of methods and applications of automatically extracting unspecified constraints out of a software system (e.g., Linux, 3D printing models, video generator).

8.2.3 A Specialized Language to Realize Variability at Airbus

In software product line (SPL) engineering, feature models are the de facto standard for modeling variability. A user can derive products out of a base model by selecting features of interest. Doing it automatically, however, requires a realization model, which is a description of how a base model should be modified when a given feature is selected/unselected. A realization model then necessarily depends on the base metamodel, asking for ad hoc solutions that have flourished in recent years. In 47, we propose Greal, a generic solution to this problem in the form of (1) a generic declarative realization language that can be automatically composed with one or more base metamodels to yield a domain-specific realization language and (2) a product derivation algorithm applying a realization model to a base model and a resolved model to yield a derived product. We describe how, on top of Greal, we specialized a realization language to support both positive and negative variability, fit the syntax and semantics of the targeted language (BPMN) and take into account modeling practices at Airbus. We report on lessons learned of applying this approach on Program Development Plans based on business process models and discuss open problems.

We won a best paper at the ACM/IEEE 26th International Conference on Model-Driven Engineering Languages and Systems. link

8.2.4 Debloating Variability

A call to remove variability. Software variability is largely accepted and explored in software engineering and seems to have become a norm and a must, if only in the context of product lines. Yet, the removal of superfluous or unneeded software artefacts and functionalities is an inevitable trend. It is frequently investigated in relation to software bloat. In 44 we call the community on software variability to devise methods and tools that will facilitate the removal of unneeded variability from software systems. The advantages are expected to be numerous in terms of functional and non-functional properties, such as maintainability (lower complexity), security (smaller attack surface), reliability, and performance (smaller binaries).

Specializing configuration space through debloating. Numerous software systems are highly configurable through runtime options (e.g., command-line parameters). Users can tune some of the options to meet various functional and non-functional requirements such as footprint, security, or execution time. However, some options are never set for a given system instance, and their values remain the same whatever the use cases of the system. In 62, we design a controlled experiment in which the system's run-time configuration space can be specialized at compile-time and combinations of options can be removed on demand. We perform an in-depth study of the well-known x264 video encoder and quantify the effects of its specialization to its non-functional properties, namely on binary size, attack surface, and performance while ensuring its validity. Our exploratory study suggests that the configurable specialization of a system has statistically significant benefits on most of its analysed non-functional properties, which benefits depend on the number of the debloated options. While our empirical results and insights show the importance of removing code related to unused run-time options to improve software systems, an open challenge is to further automate the specialization process.

8.2.5 Software Build Variability

Software engineers are acutely aware that the building of software is an essential but resource-intensive step in any software development process. This is especially true when building large systems or highly configurable systems whose vast number of configuration options results in a space explosion in the number of versions that should ideally be built and evaluated. Linux is precisely one such large and highly configurable system with thousands of options that can be combined. A previous study showed the benefit of incremental build, however, only on small-sized configurable software systems, unlike Linux. In 78, we show preliminary results of our ongoing work on enabling efficient exploration of the Linux configuration space with incremental builds. Although incremental compilation for post-commit is used in Linux, we show that the build of large numbers of random Linux configurations does not benefit from incremental build. Thus, we introduce and detail PyroBuildS, our new approach to efficiently explore, with incremental builds, the very large configuration space of Linux. Very much like fireworks, PyroBuildS starts from several base configurations ("rockets") and generates mutated configurations ("sparks") derived from each of the base ones. This enables exploring the configuration space with an efficient incremental build of the mutants, while keeping a good amount of diversity. We show on a total of 2520 builds that our PyroBuildS approach does trigger synergies with the caching capabilities of Make, hence significantly decreasing builds time with gains up to 85%, while having a diversity of 33% of options and 15 out of 17 subsystems. Overall, individual contributors and continuous integration services can leverage PyroBuildS to efficiently augment their configuration builds, or reduce the cost of building numerous configurations.

8.2.6 Deep Variability

Deep software variability refers to the interaction of all external layers (hardware, operating system, compiler, versions, etc.) modifying the behavior of software. Configuring software is a powerful means to reach functional and performance goals of a system, but many layers of variability can make this difficult.

One dimension of the problem is of course that performance depends on the input data: e.g., a video as input to an encoder like x264 or a file fed to a tool like xz . To achieve good performance, users should therefore take into account both dimensions of (1) software variability and (2) input data. In 37 we detail a large study over 8 configurable systems that quantifies the existing interactions between input data and configurations of software systems. The results exhibit that (1) inputs fed to software systems can interact with their configuration options in non-monotonous ways, significantly impacting their performance properties (2) input sensitivity can challenge our knowledge of software variability and question the relevance of performance predictive models for a field deployment. Given the results of our study, we call researchers to address the problem of input sensitivity when tuning, predicting, understanding, and benchmarking configurable systems.

Owing to the significance of the input-configuration interplay, we propose solutions and methods to address the problem. In 38, we empirically evaluate how supervised and transfer learning methods can be leveraged to efficiently learn performance models based on configuration options and input data. Our study over 1,941,075 data points empirically shows that measuring the performance of configurations on multiple inputs allows one to reuse this knowledge and train performance models robust to the change of input data. To the best of our knowledge, this is the first domain-agnostic empirical evaluation of machine learning methods addressing the input-aware performance prediction problem.

This line of work is a fruitful collaboration between Simula and Inria through RESIST-EA associate team RESIST

8.2.7 Variability-Aware debugging

Business processes have to manage variability in their execution, e.g., to deliver the correct building permit in different municipalities. This variability is visible in event logs, where sequences of events are shared by the core process (building permit authorisation) but may also be specific to each municipality. To rationalise resources (e.g., derive a configurable business process capturing all municipalities' permit variants) or to debug anomalous behaviour, it is mandatory to identify to which variant a given trace belongs. Manually providing this whole mapping is labour-intensive. 102 experimented with variant-based mapping using supervised machine learning (ML) to identify the variants responsible of the production of a given execution trace, and demonstrated that recurrent neural networks (RNNs) work well ($\ge 80\%$ accuracy) when trained on datasets in which we label execution traces with variants. However, this mapping (i) may not scale to large VIS because of combinatorial explosion and (ii) makes the internal ML representation hard to understand. In 77, we discuss the design of a novel approach: feature-based mapping learning; where contrarily to our previous work, we do not want to map execution traces to configurations directly but to features composing the configurations.

8.2.8 Representation of variability

Building on this idea of changing the perspective of the addressed problems and representation in variability; 60 discusses the differences in practices regarding feature engineering in the ML community and in the software variability community. While initiatives in applying ML models to software variability has increased, we noticed that the representation space in which ML models work and the ones used in software variability differ. ML models like their representation spaces to be continuous and differentiable while software variability practitioners usually work on the features used to describe software configurations. These features can be heterogeneous (i.e., some may be numerical values like integers or float values, while other may be Boolean) preventing the space from being continuous and requiring being extra-careful when using ML models since they may have trouble coping with heterogeneity. 60 discusses the fact that to be able to use deep learning models in the world of software variability, we need to think differently to create a representation space that is continuous and derivable but at the cost of interpretability; or we stick to machine learning models that are less efficient but on which we can have a better control and better understanding.

8.2.9 Scaling Diff computation in temporal variability

With the advent of fast software evolution and multistage releases, temporal code analysis is becoming useful for various purposes, such as bug cause identification, bug prediction or code evolution analysis. Temporal code analyses can consist in analyzing multiple Abstract Syntax Trees (ASTs) extracted from code evolutions, e.g. one AST for each commit or release. Core feature to temporal analysis is code differencing: the computation of the so-called Diff or edit script between two given versions of the code. However, jointly analyzing and computing the difference on thousands versions of code faces scalability issues. Mainly because of the cost of: 1) parsing the original and evolved code in two source and target ASTs; 2) wasting resources by not reusing intermediate computation results that can be shared between versions. In 55, we detail a novel approach based on time-oriented data structures that makes code differencing scale up to large software codebases. In particular, we leverage on the HyperAST, a novel representation of code histories, to propose an incremental and memory efficient approach by lazifying the well known GumTree diffing algorithms, a mainstream code differencing algorithm and tool. We evaluated our approach on a curated list of 19 large software projects and compared it to GumTree. Our approach outperforms it in scalability both in time and memory. We observed an order-of-magnitude difference: 1) in CPU time from x1.2 to x12.7 for the total time of diff computation and up to x226 in intermediate phases of the diff computation, and 2) in memory footprint of x4.5 per AST node. The approach produced 99.3% of identical diffs with respect to GumTree.

8.2.10 Benchmarking platform for uniform random sampling

In 26, we present BURST, a benchmarking platform for uniform random sampling techniques. With BURST, researchers have a flexible, controlled environment in which they can evaluate the scalability and uniformity of their sampling. BURST comes with an extensive — and extensible — benchmark dataset comprising 128 feature models, including challenging, real-world models of the Linux kernel. BURST takes as inputs a sampling tool, a set of feature models and a sampling budget. It automatically translates any feature model of the set in DIMACS and invokes the sampling tool to generate the budgeted number of samples. To evaluate the scalability of the sampling tool, BURST measures the time the tool needs to produce the requested sample. To evaluate the uniformity of the produced sample, BURST integrates the state-of-the-art and proven statistical test Barbarik. We envision BURST to become the starting point of a standardisation initiative of sampling tool evaluation. Given the huge interest of research for sampling algorithms and tools, this initiative would have the potential to reach and crosscut multiple research communities including AI, ML, SAT and SPL.

8.3.1 Fingerprinting and Building Large Reproducible Datasets

Obtaining a relevant dataset is central to conducting empirical studies in software engineering. However, in the context of mining software repositories, the lack of appropriate tooling for large scale mining tasks hinders the creation of new datasets. Moreover, limitations related to data sources that change over time (e.g., code bases) and the lack of documentation of extraction processes make it difficult to reproduce datasets over time. This threatens the quality and reproducibility of empirical studies. In 74, we propose a tool-supported approach facilitating the creation of large tailored datasets while ensuring their reproducibility. We leveraged all the sources feeding the Software Heritage append-only archive which are accessible through a unified programming interface to outline a reproducible and generic extraction process. We propose a way to define a unique fingerprint to characterize a dataset which, when provided to the extraction process, ensures that the same dataset will be extracted. We demonstrate the feasibility of our approach by implementing a prototype. We show how it can help reduce the limitations researchers face when creating or reproducing datasets.

8.3.2 Caught in the Game: On the History and Evolution of Web Browser Gaming

Web browsers have come a long way since their inception, evolving from a simple means of displaying text documents over the network to complex software stacks with advanced graphics and network capabilities. As personal computers grew in popularity, developers jumped at the opportunity to deploy cross-platform games with centralized management and a low barrier to entry. Simply going to the right address is now enough to start a game. From text-based to GPU-powered 3D games, browser gaming has evolved to become a strong alternative to traditional console and mobile-based gaming, targeting both casual and advanced gamers. Browser technology has also evolved to accommodate more demanding applications, sometimes even supplanting functions typically left to the operating system. Today, websites display rich, computationally intensive, hardware-accelerated graphics, allowing developers to build ever-more impressive applications and games. In this work 57, we present the evolution of browser gaming and the technologies that enabled it, from the release of the first text-based games in the early 1990s to current open-world and game-engine-powered browser games. We discuss the societal impact of browser gaming and how it has allowed a new target audience to access digital gaming. Finally, we review the potential future evolution of the browser gaming industry.

8.3.3 On Understanding Context Modelling for Adaptive Authentication Systems

In many situations, it is of interest for authentication systems to adapt to context ( e.g., when the user’s behavior differs from the previous behavior). Hence, representing the context with appropriate and well-designed models is crucial. In 27, we provide a comprehensive overview and analysis of research work on Context Modelling for Adaptive Authentication systems (CM4AA) . To this end, we pursue three goals based on the Systematic Mapping Study (SMS) and Systematic Literature Review (SLR) research methodologies. We first present a SMS to structure the research area of CM4AA ( goal 1 ). We complement the SMS with a SLR to gather and synthesise evidence about context information and its modelling for adaptive authentication systems ( goal 2 ). From the knowledge gained from goal 2, we determine the desired properties of the context information model and its use for adaptive authentication systems ( goal 3 ). Motivated to find out how to model context information for adaptive authentication, we provide a structured survey of the literature to date on CM4AA and a classification of existing proposals according to several analysis metrics. We demonstrate the ability of capturing a common set of contextual features that are relevant for adaptive authentication systems independent from the application domain. We emphasise that despite the possibility of a unified framework, no standard for CM4AA exists.

8.3.4 Uncertainty-aware Simulation of Adaptive Systems

Adaptive systems manage and regulate the behavior of devices or other systems using control loops to automatically adjust the value of some measured variables to equal the value of a desired set-point. These systems normally interact with physical parts or operate in physical environments, where uncertainty is unavoidable. Traditional approaches to manage that uncertainty use either robust control algorithms that consider bounded variations of the uncertain variables and worst-case scenarios, or adaptive control methods that estimate the parameters and change the control laws accordingly. In this work 35 we propose to include the sources of uncertainty in the system models as first-class entities using random variables, in order to simulate adaptive and control systems more faithfully, including not only the use of random variables to represent and operate with uncertain values, but also to represent decisions based on their comparisons. Two exemplar systems are used to illustrate and validate our proposal.

8.3.5 Open-source software supply chain security

Open-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect such attacks is ongoing research. Despite its popularity, the Java ecosystem is the less explored one in the context of supply chain attacks. In this work 36, we study simple-yet-effective indicators of malicious behavior that can be observed statically through the analysis of Java bytecode. Then we evaluate how such indicators and their combinations perform when detecting malicious code injections. We do so by injecting three malicious payloads taken from real-world examples into the Top-10 most popular Java libraries from libraries.io. We found that the analysis of strings in the constant pool and of sensitive APIs in the bytecode instructions aids in the task of detecting malicious Java packages by significantly reducing the information, thus, making also manual triage possible.

In this context of Supply chain attacks on open-source projects, recent work systematized the knowledge about such attacks and proposed a taxonomy in the form of an attack tree  51. We propose a visualization tool called Risk Explorer 36 for Software Supply Chains, which allows inspecting the taxonomy of attack vectors, their descriptions, references to real-world incidents and other literature, as well as information about associated safeguards. Being open-source itself, the community can easily reference new attacks, accommodate for entirely new attack vectors or reflect the development of new safeguards. This tool is also available online 1

Current software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing malicious code. Recent works apply machine learning techniques to detect malicious packages in the npm ecosystem. However, the scarcity of samples poses a challenge to the application of machine learning techniques in other ecosystems. Despite the differences between JavaScript and Python, the open-source software supply chain attacks targeting such languages show noticeable similarities (e.g., use of installation scripts, obfuscated strings, URLs). In this work 52, we present a novel approach that involves a set of language-independent features and the training of models capable of detecting malicious packages in npm and PyPI by capturing their commonalities. This methodology allows us to train models on a diverse dataset encompassing multiple languages, thereby overcoming the challenge of limited sample availability. We evaluate the models both in a controlled experiment (where labels of data are known) and in the wild by scanning newly uploaded packages for both npm and PyPI for 10 days. We find that our approach successfully detects malicious packages for both npm and PyPI. Over an analysis of 31,292 packages, we reported 58 previously unknown malicious packages (38 for npm and 20 for PyPI), which were consequently removed from the respective repositories.

The increasing popularity of certain programming languages has spurred the creation of ecosystem-specific package repositories and package managers. Such repositories (e.g., npm, PyPI) serve as public databases that users can query to retrieve packages for various functionalities, whereas package managers automatically handle dependency resolution and package installation on the client side. These mechanisms enhance software modularization and accelerate implementation. However, they have become a target for malicious actors seeking to propagate malware on a large scale. In this work 53, we show how attackers can leverage capabilities of popular package managers and languages to achieve arbitrary code execution on victim machines, thereby realizing open-source software supply chain attacks. Based on the analysis of 7 ecosystems, we identify 3 install-time and 4 runtime techniques, and we provide recommendations describing how to reduce the risk when consuming third-party dependencies. We will provide proof-of-concepts that demonstrate the identified techniques. Furthermore, we describe evasion strategies employed by attackers to circumvent detection mechanisms.

8.3.6 Efficient Resource Management for Adaptive Software

Serverless is a trending service model for cloud computing. It shifts a lot of the complexity from customers to service providers. However, current serverless platforms mostly consider the provider's infrastructure as homogeneous, as well as the users' requests. This limits possibilities for the provider to leverage heterogeneity in their infrastructure to improve function response time and reduce energy consumption. We propose a heterogeneity-aware serverless orchestrator for private clouds that consists of two components: the autoscaler allocates heterogeneous hardware resources (CPUs, GPUs, FPGAs) for function replicas, while the scheduler maps function executions to these replicas. Our objective is to guarantee function response time, while enabling the provider to reduce resource usage and energy consumption. This work 54 considers a case study for a deepfake detection application relying on CNN inference. We devised a simulation environment that implements our model and a baseline Knative orchestrator, and evaluated both policies with regard to consolidation of tasks, energy consumption and SLA penalties. Experimental results show that our platform yields substantial gains for all those metrics, with an average of 35% less energy consumed for function executions while consolidating tasks on less than 40% of the infrastructure's nodes, and more than 60% less SLA violations.

We also demonstrated that by proactively caching functions from the same application using adequate storage on the same nodes, we seek to minimize cold starts and data movement to improve total response times. We evaluate our platform in a simulation environment using workload traces derived from Microsoft’s Azure Functions, enriched with measurements from a deepfake detection project at the B<>com Institute of Research and Technology 79.

8.3.7 GDPR Enforcement By The Operating System

Currently, it is very hard for companies driven by personal data to make their applications GDPR-compliant, especially if those applications were developed before the GDPR was established. In 59, we present rgpdOS, a GDPR-aware operating system that aims to bring GDPR-compliance to every application, while requiring minimal changes to application code.

8.3.8 Model-Based DevOps: Foundations and Challenges

Time-to-market and continuous improvement are key success indicators to deliver for Industry 4.0 Cyber-Physical Systems (CPSs). There is thus a growing interest in adapting DevOps approaches coming from software systems to CPSs. However, CPSs are made not only of software but also of physical parts that need to be monitored at runtime. In 46, we claim that Model-Driven Engineering can facilitate DevOps for CPSs by automatically connecting a CPS design model to its runtime monitoring, in the form of a digital twin.

BCOM

Participants: Olivier Barais.

• Coordinator: UR1
• Dates: 2018-2024
• Abstract: The aim of the Falcon project is to investigate how to improve the resale of available resources in private clouds to third parties. In this context, the collaboration with DiverSE mainly aims at working on efficient techniques for the design of consumption models and resource consumption forecasting models. These models are then used as a knowledge base in a classical autonomous loop.

Test4Science

Participants: Benoît Combemale, Arnaud Blouin.

• Partners: Inria/CEA DAM
• Dates: 2023-2026
• Abstract: Test4Science aims to propose a disciplined and tool-supported approach for scientific software testing. Test4Science is a bilateral collaboration (2023-2026), between the CEA DAM/DIF and the DiverSE team at Inria (follow-up of the previous collaboration, aka. Debug4Science, from 2020 to 2022).

Orange

Participants: Olivier Barais, Benoît Combemale, Stéphanie Chalita.

• Partners: Inria/Orange
• Dates: 2020-2023
• Abstract: We aim at working on the context of adaptive authentification for trying to go beyond risk Scores : Context-Aware Adaptive Authentication

Obeo

Participants: Benoît Combemale, Arnaud Blouin.

• Partners: UR1/Obéo
• Dates: 2022-2025
• Abstract: Low-code language workbench, Theo Giraudet's PhD Cifre project.

SAP

Participants: Olivier Barais.

• Partners: UR1/SAP
• Dates: 2021-2024
• Abstract: Research focusing on Open-source software Supply Chain security. Piergiorgio Ladisa's PhD Cifre project.

CGI

Participants: Olivier Barais, Mathieu Acher, Jean-Marc Jézéquel.

• Partners: UR1/CGI
• Dates: 2023-2026
• Abstract: Research focusing on legacy source code reeingineering using LLM.

10.1.1 Associate Teams in the framework of an Inria International Lab or in the framework of an Inria International Program

10.1.2 Inria associate team not involved in an IIL or an international program

10.2.1 Visits of international scientists

10.2.2 Visits to international teams

10.3.1 Horizon Europe

10.4.1 ANR

10.4.2 DGA

10.4.3 DGAC

10.4.4 PEPR

10.4.5 Campus Cyber

IPSCo

Participants: Benoît Combemale, Didier Vojtisek, Olivier Barais.

• Coordinator: Jamespot
• Partners: Jamespot, UR1, Logpickr.
• Dates: 2022-2023
• Abstract: The IPSCo project aims at investigating new tools and methods to bring intelligence into processes and communities.

SAD CoEvoMP

Participants: Djamel Eddine Khelladi, Benoît Combemale, Arnaud Blouin.

• Coordinator: Djamel E. Khelladi
• Partners: CNRS, UR1.
• Dates: 12/2022-12/2024
• Abstract: The CoEvoMP project aims at investigating polyglot co-evolution in parallel of the MC-Evo2 project.

Privacy Bugs

Participants: Johann Bourcier, Walter Rudametkin.

• Coordinator: Johann Bourcier
• Partners: UR1, DGA.
• Dates: 2023-2026
• Creach labs funding
• Abstract: The Privacy Bugs project aims at investigating new tools and methods to detect and quantify privacy bugs in frontend web applications.

11.1.1 Scientific events: organisation

11.1.2 Scientific events: selection

11.1.3 Journal

11.1.4 Invited talks

Benoit Combemale gave a talk entitled "Expériences et défis scientifiques des jumeaux numériques." at the network Aristote (21/09/23).

11.1.5 Leadership within the scientific community

Arnaud Blouin: Founding member and co-organiser of the French GDR-GPL research action on Software Engineering and Human-Computer Interaction (GL-IHM).

Jean-Marc Jézéquel has been Vice-President of Informatics Europe, and elected as the new President starting 2024.

Olivier Zendra is:

• Founder and a member of the Steering Committee of ICOOOLPS (International Workshop on Implementation, Compilation, Optimization of OO Languages, Programs and Systems).
• Member of the EU HiPEAC CSA project Steering Committee
• Member of the HiPEAC Vision Editorial Board

Benoit Combemale is a founding member of the GEMOC initiative, an international effort to develop techniques, frameworks, and environments to facilitate the creation, integration, and automated processing of heterogeneous modeling languages. He is currently the scientific leader of the Research Consortium GEMOC at the Eclipse Foundation.

Benoit Combemale is also a member of the steering committees of the ACM/IEEE Intl. Conference on Model-Driven Engineering Languages and Systems (member since 2023), the ACM SIGPLAN Intl. Conference on Software Language Engineering (member since 2014, and chair of the steering committee from 2018 to 2022), the Intl. Conference on Information and Communications Technology for Sustainability (member since 2022), the Modeling Language Engineering and Execution (MLE) workshop (founding member, since 2019) and the Model-Driven Engineering of Digital Twins (ModDiT) workshop (founding member, since 2021).

11.1.6 Scientific expertise

Arnaud Blouin: expert for the CIR agency (research tax credit, "crédit d'impôt recherche").

Olivier Barais: expert for the following call for projects:

• PHC FRANCE - GRECE 2023
• STIC AmSud 2023
• CONTRAT DOCTORAL UFA 2023
• VINCI 2023 Chapitre 2 – Aides à la mobilité pour thèses en cotutelle
• Bourses Irlande 2023
• SAMUEL DE CHAMPLAIN - Formation 2023
• PHC ALLIANCE GRANDE BRETAGNE 2023
• PHC CARLOS J. FINLAY CUBA 2023
• PHC ALLIANCE GRANDE BRETAGNE 2023
• Workshops Maupertuis Finlande 2023
• PHC FASIC ECPD AUSTRALIE 2023
• PHC BOSPHORE TURQUIE 2023
• PHC CEDRE LIBAN 2023
• PHC GALILEE ITALIE 2023
• PHC UTIQUE TUNISIE 2023
• PHC BOSPHORE TURQUIE 2023
• PHC TOUBKAL MAROC 2023
• PHC UTIQUE TUNISIE 2023

Olivier Barais: member of the scientific board of Pole de compétitivité Image et Réseau

Stéphanie Challita has been a member of the Conference Activities Committee (CAC) at IEEE Computer Society.

Olivier Zendra: scientific CIR/JEI expert for the MESR.

Johann Bourcier: expert for the CIR agency (research tax credit, "crédit d'impôt recherche") and reviewer for an ANR JCJC.

11.1.7 Research administration

Olivier Barais is a new member of the CNU 27.

Olivier Zendra was a member of Inria Evaluation Committee (CE) till September 2023.

11.2.1 Teaching

The DIVERSE team bears the bulk of the teaching on Software Engineering at the University of Rennes 1 and at INSA Rennes, for the first year of the Master of Computer Science (Project Management, Object-Oriented Analysis and Design with UML, Design Patterns, Component Architectures and Frameworks, Validation & Verification, Human-Computer Interaction, Sustainable Software Engineering) and for the second year of the MSc in software engineering (Model driven Engineering, DevOps, DevSecOps, Validation & Verification, etc.).

Each of Jean-Marc Jézéquel, Noël Plouzeau, Olivier Barais, Benoît Combemale, Johann Bourcier, Arnaud Blouin, Aymeric Blot, Quentin Perez, Stéphanie Challita and Mathieu Acher teaches about 250h in these domains for a grand total of about 2000 hours, including several courses at IMT, ENS Rennes and ENSAI Rennes engineering school.

Olivier Barais is deputy director of the electronics and computer science teaching department of the University of Rennes 1.

Olivier Barais is the head of the Master in Computer Science at the University of Rennes 1.

Arnaud Blouin is in charge of industrial relationships for the computer science department at INSA Rennes and elected member of this CS department council.

The DIVERSE team also hosts several MSc and summer trainees every year.

11.2.2 Supervision

• Piergiorgio Ladisa, CIFRE with SAP (defense in 2024). Olivier Barais is the supervisor of this thesis.
• Anne Bumiller, CIFRE with Orange (defense in 2023). Benoît Combemale, Stéphanie Chalita and Olivier Barais are co-supervisors of this thesis.
• Theo Giraudet, CIFRE with Obéo (defense in 2025). Benoît Combemale and Arnaud Blouin are co-supervisors of this thesis.
• Georges Aaron Randrianaina, (defense in 2024). Mathieu Acher, Djamel Eddine Khelladi and Olivier Zendra are co-supervisors of this thesis.
• Quentin Le Dilavrec, (defense in 2024). Djamel Eddine Khelladi and Aranaud Blouin are co-supervisors of this thesis.
• Gwendal Jouneaux, (defense in 2024). Benoît Combemale and Olivier Barais are co-supervisors of this thesis.
• Lina Bilal (defense in 2026). Benoît Combemale and Jean-Marc Jézéquel are co-supervisors of this thesis.
• Romain Lefeuvre (defense in 2026). Benoît Combemale and Quentin Perez are co-supervisors of this thesis.
• Houdaille Philémon (defense in 2026). Benoît Combemale and Djamel Eddine Khelladi are co-supervisors of this thesis.
• Sterenn Roux (defense in 2026). Johann Bourcier and Walter Rudametkin are co-supervisors of this thesis.
• Kaouter Zohra Kebaili (defense in 2025). Djamel Eddine Khelladi and Mathieu Acher and Olivier Barais are co-supervisors of this thesis.
• Ewen Brune (defense in 2026). Benoît Combemale and Arnaud Blouin are co-supervisors of this thesis.
• Clément Lahoche (defense in 2026). Olivier Barais and Olivier Zendra are co-supervisors of this thesis.
• N'Guessan Hermann Kouadio (defense in 2026). Olivier Barais and Mathieu Acher are co-supervisors of this thesis.
• Chiara Relevat (defense in 2026). Benoit Combemale and Gurvan Le Guernic are co-supervisors of this thesis.

11.2.3 Juries

Benoit Combemale was in the PhD jury (reviewer) of Hamza Bourbouh (ISAE-Supaéro), "Static analyses and model checking of mixed data-flow/control-flow models for critical systems."

Arnaud Blouin was in the PhD jury (reviewer) of Philippe Schmid (University of Lille, Inria Lille, France), "Développement d'historiques de commandes avancés pour améliorer le processus d'édition numérique"

Olivier Barais was in the PhD jury (reviewer) of Romain Fouquet (University of Lille, Inria Lille, France), "Improving Web User Privacy Through Content Blocking"

Olivier Barais was in the PhD jury (reviewer) of Santiago Bragagnolo (University of Lille, Inria Lille, France), "An Holistic Approach to Migrate Industrial Legacy Systems"

Walter Rudametkin was in the PhD jury (reviewer) of Vero Sosnovik (University of Grenoble, France), "Detection and analysis of online issue and political ads".

Walter Rudametkin was in the PhD jury (reviewer) of Anne Josiane Kouam (Institut polytechnique de Paris) Bypass frauds in cellular networks : Understanding and Mitigation

Mathieu Acher was in the PhD jury (president/examiner) of Adrien GOUGEON (Université de Rennes) "Optimizing a Dynamic and Energy Efficient Network Piloting the Electrical Grid".

Mathieu Acher was invited in the PhD jury (invited) of César Soto Valero (KTH, Sweden) "Debloating Java Dependencies".

11.3.1 Internal or external Inria responsibilities

Olivier Zendra, as a member of the HiPEAC Vision Editorial Board, contributed to the writing of the overall HiPEAC Vision 2023  63, also leading the writing of the cybersecurity chapter 69.

11.3.2 Articles and contents

11.3.3 Education

In the field of education, the team is applying some of its research results to develop a test scoring platform for Universities: CorrectExam. This platform is gaining users, with more than 150 exams marked on the platform. Discussions are underway to incubate the platform within the esup-portail association.

Olivier Barais gave several talks on the use of ChatGPT for education in front of a set of high-school professors and the dean.

11.3.4 Interventions

As Professors, we introduce into our course a set of shared slides raising awareness of the academic community and associated discipline. We might regret that a laboratory like the one in Rennes is not easily open to our Masters students. This does not help in reducing the gap between academia and industry. Indeed, many students can follow university or engineering degrees without going to the laboratory.

International journals

• 26 articleM.Mathieu Acher, G.Gilles Perrouin and M.Maxime Cordy. BURST: Benchmarking Uniform Random Sampling Techniques.Science of Computer Programming226January 2023, 1-10HALDOIback to text
• 27 articleA.Anne Bumiller, S.Stéphanie Challita, B.Benoit Combemale, O.Olivier Barais, N.Nicolas Aillery and G.Gael Le Lan. On Understanding Context Modelling for Adaptive Authentication Systems.ACM Transactions on Autonomous and Adaptive SystemsJanuary 2023, 1-36HALDOIback to text
• 28 articleS.Stéphanie Challita, B.Benoit Combemale, H.Huseyin Ergin, J.Jeff Gray, B.Bernhard Rumpe and M.Martin Schindler. Report on the State of the SoSyM Journal end of 2022.Software and Systems Modeling221February 2023, 1-7HALDOIback to text
• 29 articleB.Benoît Combemale, R.Romina Eramo and J.Juan de Lara. Guest editorial for the theme section on modeling language engineering.Software and Systems Modeling223March 2023, 795-796HALDOIback to text
• 30 articleB.Benoit Combemale, J.Jeff Gray and B.Bernhard Rumpe. Adopting the concept of a function as an underlying semantic paradigm for modeling languages.Software and Systems Modeling226November 2023, 1733-1735HALDOIback to text
• 31 articleB.Benoit Combemale, J.Jeff Gray and B.Bernhard Rumpe. ChatGPT in software modeling.Software and Systems Modeling223May 2023, 777-779HALDOIback to text
• 32 articleB.Benoit Combemale, J.Jeff Gray and B.Bernhard Rumpe. How to define modeling languages?Software and Systems Modeling2222023, 449-451HALDOIback to text
• 33 articleB.Benoit Combemale, J.Jeff Gray and B.Bernhard Rumpe. Large language models as an “operating” system for software and systems modeling.Software and Systems Modeling225September 2023, 1391-1392HALDOIback to text
• 34 articleB.Benoit Combemale, J.Jeff Gray and B.Bernhard Rumpe. Research software engineering and the importance of scientific models.Software and Systems Modeling224August 2023, 1081-1083HALDOIback to text
• 35 articleJ.-M.Jean-Marc Jézéquel and A.Antonio Vallecillo. Uncertainty-aware Simulation of Adaptive Systems.ACM Transactions on Modeling and Computer SimulationMarch 2023, 1-18HALDOIback to text
• 36 articleP.Piergiorgio Ladisa, S. E.Serena Elisa Ponta, A.Antonino Sabetta, M.Matias Martinez and O.Olivier Barais. Journey to the Center of Software Supply Chain Attacks.IEEE Security and Privacy Magazine216November 2023, 34-49HALDOIback to textback to text
• 37 articleL.Luc Lesoil, M.Mathieu Acher, A.Arnaud Blouin and J.-M.Jean-Marc Jézéquel. Input Sensitivity on the Performance of Configurable Systems: An Empirical Study.Journal of Systems and Software2023, 1-18HALDOIback to text
• 38 articleL.Luc Lesoil, H.Helge Spieker, A.Arnaud Gotlieb, M.Mathieu Acher, P.Paul Temple, A.Arnaud Blouin and J.-M.Jean-Marc Jézéquel. Learning input-aware performance models of configurable systems: An empirical evaluation.Journal of Systems and SoftwareNovember 2023, 111883HALDOIback to text
• 39 articleG.Gunter Mussbacher, B.Benoit Combemale, J.Jörg Kienzle, L.Lola Burgueño, A.Antonio Garcia-Dominguez, J.-M.Jean-Marc Jézéquel, G.Gwendal Jouneaux, D.-E.Djamel-Eddine Khelladi, S.Sébastien Mosser, C.Corinne Pulgar, H.Houari Sahraoui, M.Maximilian Schiedermeier and T.Tijs van der Storm. Polyglot Software Development: Wait, What?IEEE Software2024, 1-8HALDOIback to text
• 40 articleL.Ludovic Pailler, A.Alain Tchana and B.Benoit Combemale. Protéger les données jusqu’à l’OS.Dalloz IP/IT : droit de la propriété intellectuelle et du numérique2023HALback to text
• 41 articleS.Steffen Zschaler, E.Erwan Bousse, J.Julien Deantoni and B.Benoit Combemale. A Generic Framework for Representing and Analysing Model Concurrency.Software and Systems Modeling222023, 1319–1340HALDOIback to text

International peer-reviewed conferences

• 42 inproceedingsM.Mathieu Acher. A Demonstration of End-User Code Customization Using Generative AI.18th International Working Conference on Variability Modelling of Software-Intensive SystemsBern, SwitzerlandFebruary 2024HALDOIback to text
• 43 inproceedingsM.Mathieu Acher, J. G.José Galindo Duarte and J.-M.Jean-Marc Jézéquel. On Programming Variability with Large Language Model-based Assistant.SPLC 2023 - 27th ACM International Systems and Software Product Lines ConferenceTokyo, JapanACMAugust 2023, 1-7HALDOIback to text
• 44 inproceedingsM.Mathieu Acher, L.Luc Lesoil, G. A.Georges Aaron Randrianaina, X.Xhevahire Tërnava and O.Olivier Zendra. A Call for Removing Variability.VaMoS 2023 - 17th International Working Conference on Variability Modelling of Software-Intensive SystemsOdense, DenmarkJanuary 2023, 3HALDOIback to text
• 45 inproceedingsM.Mathieu Acher and J.Jabier Martinez. Generative AI for Reengineering Variants into Software Product Lines: An Experience Report.SPLC 2023 - 27th ACM International Systems and Software Product Lines ConferenceBBTokyo, JapanACMAugust 2023, 1-9HALDOIback to text
• 46 inproceedingsB.Benoit Combemale, J.-M.Jean-Marc Jézéquel, Q.Quentin Perez, D.Didier Vojtisek, N.Nico Jansen, J.Judith Michael, F.Florian Rademacher, B.Bernhard Rumpe, A.Andreas Wortmann and J.Jingxi Zhang. Model-Based DevOps: Foundations and Challenges.2023 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C)Västerås, FranceIEEEOctober 2023, 429-433HALDOIback to text
• 47 inproceedingsD.Damien Foures, M.Mathieu Acher, O.Olivier Barais, B.Benoit Combemale, J.-M.Jean-Marc Jézéquel and J.Jörg Kienzle. Experience in Specializing a Generic Realization Language for SPL Engineering at Airbus.MODELS 2023 - 26th International Conference on Model-Driven Engineering Languages and SystemsVästerås, SwedenIEEE2023, 1-12HALback to textback to text
• 48 inproceedingsP.Philémon Houdaille, D. E.Djamel Eddine Khelladi, R.Romain Briend, R.Robbert Jongeling and B.Benoit Combemale. Polyglot AST: Towards Enabling Polyglot Code Analysis.ICECCS 2023 - 27th International Conference on Engineering of Complex Computer SystemsToulouse, France2023, 1-10HALback to text
• 49 inproceedingsG.Gwendal Jouneaux, D.Damian Frölich, O.Olivier Barais, B.Benoit Combemale, G.Gurvan Le Guernic, G.Gunter Mussbacher and L. T.L. Thomas van Binsbergen. Adaptive Structural Operational Semantics.SLE 2023: Proceedings of the 16th ACM SIGPLAN International Conference on Software Language EngineeringSLE 2023 - 16th ACM SIGPLAN International Conference on Software Language EngineeringCascais, PortugalACMOctober 2023, 29-42HALDOIback to text
• 50 inproceedingsZ. K.Zohra Kaouter Kebaili, D. E.Djamel Eddine Khelladi, M.Mathieu Acher and O.Olivier Barais. Towards Leveraging Tests to Identify Impacts of Metamodel and Code Co-evolution.CAiSE 2023 - 35th International Conference on Advanced Information Systems Engineering477Lecture Notes in Business Information ProcessingZaragoza, SpainSpringer International Publishing; Springer International PublishingJune 2023, 129-137HALDOIback to text
• 51 inproceedingsP.Piergiorgio Ladisa, H.Henrik Plate, M.Matias Martinez and O.Olivier Barais. Taxonomy of Attacks on Open-Source Software Supply Chains.2023 IEEE Symposium on Security and Privacy (SP)San Francisco, FranceIEEEMay 2023, 1509-1526HALDOIback to text
• 52 inproceedingsP.Piergiorgio Ladisa, S. E.Serena Elisa Ponta, N.Nicola Ronzoni, M.Matias Martinez and O.Olivier Barais. On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI.ACSAC '23: Annual Computer Security Applications ConferenceAustin TX USA, FranceACMDecember 2023, 71-82HALDOIback to text
• 53 inproceedingsP.Piergiorgio Ladisa, M.Merve Sahin, S. E.Serena Elisa Ponta, M.Marco Rosa, M.Matias Martinez and O.Olivier Barais. The Hitchhiker's Guide to Malicious Third-Party Dependencies.CCS '23: ACM SIGSAC Conference on Computer and Communications SecurityCopenhagen Denmark, FranceACMNovember 2023, 65-74HALDOIback to text
• 54 inproceedingsV.Vincent Lannurien, L.Laurent d'Orazio, O.Olivier Barais, E.Esther Bernard, O.Olivier Weppe, L.Laurent Beaulieu, A.Amine Kacete, S.Stéphane Paquelet and J.Jalil Boukhobza. HeROfake: Heterogeneous Resources Orchestration in a Serverless Cloud – An Application to Deepfake Detection.CCGrid 2023 - IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet ComputingBangalore, IndiaIEEEMay 2023, 154-165HALDOIback to text
• 55 inproceedingsQ.Quentin Le Dilavrec, D. E.Djamel Eddine Khelladi, A.Arnaud Blouin and J.-M.Jean-Marc Jézéquel. HyperDiff: Computing Source Code Diffs at Scale.ESEC/FSE 2023 - 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software EngineeringSan Francisco (CA, USA), United StatesACM2023, 1-12HALDOIback to text
• 56 inproceedingsD.Dorian Leroy, B.Benoit Combemale, B.Benoît Lelandais and M.-P.Marie-Pierre Oudot. Practical Runtime Instrumentation of Software Languages: The Case of SciHook.SLE 2023 - 16th ACM SIGPLAN International Conference on Software Language EngineeringCascais, Lisbon, PortugalACM2023, 1-6HALback to text
• 57 inproceedingsN.Naif Mehanna and W.Walter Rudametkin. Caught in the Game: On the History and Evolution of Web Browser Gaming.Companion Proceedings of the ACM Web Conference 2023 (WWW ’23 Companion),The Web Conference 2023Austin (TX), United States2023, 1-9HALback to text
• 58 inproceedingsB.Benjamin Rouxel, C.Christopher Brown, E.Emad Ebeid, K.Kerstin Eder, H.Heiko Falk, C.Clemens Grelck, J.Jesper Holst, S.Shashank Jadhav, Y.Yoann Marquer, M. M.Marcos Martinez De Alejandro, K.Kris Nikov, A.Ali Sahafi, U. P.Ulrik Pagh Schultz Lundquist, A.Adam Seewald, V.Vangelis Vassalos, S.Simon Wegener and O.Olivier Zendra. The TeamPlay Project: Analysing and Optimising Time, Energy, and Security for Cyber-Physical Systems.DATE 2023 - Design, Automation and Test in Europe Conference (MPP - Multi-Partner Projects Track )Antwerp, BelgiumMay 2023, 1-6HAL
• 59 inproceedingsA.Alain Tchana, R.Raphael Colin, A. L.Adrien Le Berre, V.Vincent Berger, B.Benoît Combemale and L.Ludovic Pailler. rgpdOS: GDPR Enforcement By The Operating System.2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S)Porto, FranceIEEEJune 2023, 100-104HALDOIback to text
• 60 inproceedingsP.Paul Temple and G.Gilles Perrouin. Explicit or Implicit? On Feature Engineering for ML-based Variability-intensive Systems.VaMoS '23: Proceedings of the 17th International Working Conference on Variability Modelling of Software-Intensive SystemsVaMoS 2023 - 17th International Working Conference on Variability Modelling of Software-Intensive SystemsOdense, Denmark2023, 1-3HALDOIback to textback to text

National peer-reviewed Conferences

• 61 inproceedingsT.Théo Giraudet and P.-C.Pierre-Charles David. Fonctions d'utilisabilité dans les studios de conception de langages dédiés graphiques.IHM 2023 - 34e Conférence Francophone sur l'Interaction Homme-MachineTroyes, FranceApril 2023, 1-2HALDOI

Conferences without proceedings

• 62 inproceedingsX.Xhevahire Tërnava, M.Mathieu Acher and B.Benoit Combemale. Specialization of Run-time Configuration Space at Compile-time: An Exploratory Study.SAC 2023 - The 38th ACM/SIGAPP Symposium on Applied ComputingTallinn, EstoniaACMMarch 2023, 1-10HALback to text

Scientific books

• 63 bookM.Marc Duranton, K. D.Koen De Bosschere, B.Bart Coppens, C.Christian Gamrat, M.Madeleine Gray, T.Thomas Hoberg, H.Harm Munk, C.Charles Robinson, T.Tullio Vardanega and O.Olivier Zendra. HiPEAC Vision 2023: High Performance Embedded Architecture And Compilation.January 2023, 1-238HALback to textback to text

Scientific book chapters

• 64 inbookB.Bart Coppens and O.Olivier Zendra. Is privacy possible in a digital world?The HiPEAC Vision 2023January 2023, 145-162HALDOIback to text
• 65 inbookJ.-M.Jean-Marc Jézéquel. Modeling: From CASE Tools to SLE and Machine Learning.The French School of ProgrammingSpringerSeptember 2023, 1-22HALback to text
• 66 inbookH.Hugo Martin, P.Paul Temple, M.Mathieu Acher, J. A.Juliana Alves Pereira and J.-M.Jean-Marc Jézéquel. Machine Learning for Feature Constraints Discovery.Handbook of Re-Engineering Software Intensive Systems into Software Product LinesSpringer International PublishingJuly 2023, 175-196HALDOI
• 67 inbookA.Agustín Olmedo, G.Gabriela Arévalo, I.Ignacio Cassol, Q.Quentin Perez, C.Christelle Urtado and S.Sylvain Vauttier. Pull Requests Integration Process Optimization: An Empirical Study.1829Evaluation of Novel Approaches to Software EngineeringCommunications in Computer and Information ScienceSpringerJuly 2023, 155-178HALDOIback to text
• 68 inbookO.Olivier Zendra and B.Bart Coppens. From cybercrime to cyberwarfare, nobody can overlook cybersecurity any more.The HiPEAC Vision 2023January 2023, 130-144HALDOIback to text
• 69 inbookO.Olivier Zendra and B.Bart Coppens. THE RACE FOR CYBERSECURITY.The HiPEAC Vision 2023January 2023, 127-129HALback to textback to text

Edition (books, proceedings, special issue of a journal)

• 70 proceedingsT.Thais BatistaB.Birgit PenzenstadlerB.Benoit CombemaleG.Gunter MussbacherPreface: ICT4S 2023.2023 International Conference on ICT for Sustainability (ICT4S)IEEE2023, viii-xHALDOIback to text
• 71 proceedingsB.Benoit CombemaleG.Gunter MussbacherS.Stefanie BetzA.Adrian FridayI.Irit HadarJ.June SallouI.Iris GroherH.Henry MucciniO.Olivier Le MeurC.Christian HerglotzE.Elina ErikssonB.Birgit PenzenstadlerA.-K.Anne-Kathrin PetersC. C.Colin C VentersJoint Proceedings of ICT4S 2023 Doctoral Symposium, Demonstrations & Posters Track and Workshopsco-located with 9th International Conference on Information and Communications Technology for Sustainability (ICT4S 2023).9th International Conference on Information and Communications Technology for Sustainability (ICT4S 2023)2023HALback to text
• 72 proceedingsG.Gurvan Le GuernicC&ESAR'22: Ensuring Trust in a Decentralized World.Computer & Electronics Security Application Rendezvous 20223329CEUR-WS.orgJanuary 2023HAL
• 73 proceedingsG.Gurvan Le GuernicC&ESAR'23: Cybersecurity of Smart Peripheral Devices (Mobiles / IoT / Edge).Computer & Electronics Security Application Rendezvous 20233610CEUR-WS.orgJanuary 2024HAL
• 74 proceedingsR.Romain LefeuvreJ.Jessie GalassoB.Benoit CombemaleH.Houari SahraouiS.Stefano ZacchiroliFingerprinting and Building Large Reproducible Datasets.ACM REP '23: Proceedings of the 2023 ACM Conference on Reproducibility and ReplicabilityJune 2023HALDOIback to textback to text

Doctoral dissertations and habilitation theses

• 75 thesisC.Christophe Genevey-Metat. Apprentissage automatique pour les attaques par canaux auxiliaires.Université de RennesSeptember 2023HAL
• 76 thesisL.Luc Lesoil. Deep software variability for resilient performance models of configurable systems.Université de RennesApril 2023HAL

Reports & preprints

• 77 miscS.Sophie Fortz, P.Paul Temple, X.Xavier Devroey and G.Gilles Perrouin. Towards Feature-based ML-enabled Behaviour Location.November 2023HALback to text
• 78 miscG. A.Georges Aaron Randrianaina, D. E.Djamel Eddine Khelladi, O.Olivier Zendra and M.Mathieu Acher. PyroBuildS: Enabling Efficient Exploration of Linux Configuration Space with Incremental Build.June 2023HALback to text

Other scientific publications

• 79 inproceedingsV.Vincent Lannurien, L.Laurent D’orazio, O.Olivier Barais, S.Stephane Paquelet and J.Jalil Boukhobza. Distributed Function Cache for Heterogeneous Serverless Cloud.Per3S - Performance and Scalability of Storage SystemsParis, France2023, 1-1HALback to text
• 80 miscQ.Quentin Le Dilavrec, D. E.Djamel Eddine Khelladi, A.Arnaud Blouin and J.-M.Jean-Marc Jézéquel. Analyser efficacement de grands historiques de code avec HyperAST : une démonstration.July 2023, 2HAL

Educational activities

• 81 unpublishedM.Mathieu Acher, P.Paul Temple and O.Olivier Barais. Reproducible Science and Software Engineering.July 2023, DoctoralFranceHAL