%
% GENERATED FROM http://acme.able.cs.cmu.edu
% by : anonymous
% IP : ec2-3-144-87-230.us-east-2.compute.amazonaws.com
% at : Wed, 02 Apr 2025 03:02:08 -0400 GMT
%
% Selection : Year = 2019
%
@Article{2019:Camara:Synthesis,
AUTHOR = {C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley},
TITLE = {Synthesizing Tradeoff Spaces of Quantitative Guarantees for Families of Software Systems},
YEAR = {2019},
MONTH = {June},
JOURNAL = {Journal of Systems and Software},
VOLUME = {152},
PAGES = {33-49},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/CGS-JSS19.pdf},
ABSTRACT = {Designing software in a way that guarantees run-time behavior while achieving an acceptable balance among multiple quality attributes is an open problem. Providing guarantees about the satisfaction of the same requirements under uncertain environments is even more challenging. Tools and techniques to inform engineers about poorly-understood design spaces in the presence of uncertainty are needed, so that engineers can explore the design space, especially when tradeoffs are crucial. To tackle this problem, we describe an approach that combines synthesis of spaces of system design alternatives from formal specifications of architectural styles with probabilistic formal verification. The main contribution of this paper is a formal framework for specification-driven synthesis and analysis of design spaces that provides formal guarantees about the correctness of system behaviors and satisfies quantitative properties (e.g., defined over system qualities) subject to uncertainty, which is treated as a first-class entity. We illustrate our approach in two case studies: a service-based adaptive system and a mobile robotics architecture. Our results show how the framework can provide useful insights into how average case probabilistic guarantees can differ from worst case guarantees, emphasizing the relevance of combining quantitative formal verification methods with structural synthesis, in contrast with techniques based on simulation and dynamic analysis that can only provide estimates about average case probabilistic properties.},
NOTE = {https://doi.org/10.1016/j.jss.2019.02.055},
KEYWORDS = {Architectural Analysis, Architectural Style, Assurance}
}
@Unpublished{2018:Pandey:Hybrid,
AUTHOR = {Pandey, Ashutosh and Ruchkin, Ivan and Schmerl, Bradley and C\'{a}mara, Javier and Garlan, David},
TITLE = {Formalizing the Hybrid Planning Problem for Self-Adaptation},
YEAR = {2019},
ABSTRACT = {Planning approaches in self-adaptation face the fundamental trade-off between quality and timeliness of
adaptation plans. Due to this trade-off, today designers often have to compromise between a planning approach
that is quick to find a plan and an approach that is slow but finds a quality plan. To deal with this trade-off,
researchers have proposed a hybrid planning approach that combines more than one planning approaches
to find a balance between quality and timeliness. However, the diversity of planning approaches makes the
problem of hybrid planning complex and multi-faceted. This paper advances the theory of hybrid planning by
formalizing the central concepts and four subproblems of hybrid planning. This formalization can serve as
a foundation for not only understanding and comparing existing hybrid planners, but also for developing
new hybrid planners in the future. Moreover, to illustrate practicality of the formal model, the paper uses
it to analyze two hybrid planning instantiations that have shown to effective in their respective contexts.
Furthermore, grounded on the formal model, the paper formalizes explicit/implicit assumptions about these
instantiations that must hold for them to be sound.},
NOTE = {Submitted for publication},
KEYWORDS = {Formal Methods, Planning, Self-adaptation}
}
@InProceedings{2019/Jamshidi/ML,
AUTHOR = {Jamshidi, Pooyan and C\'{a}mara, Javier and Schmerl, Bradley and K\"astner, Christian and Garlan, David},
TITLE = {Machine Learning Meets Quantitative Planning: Enabling Self-adaptation in Autonomous Robots},
YEAR = {2019},
MONTH = {25-26 May},
BOOKTITLE = {Proceedings of the 14th Symposium on Software Engineering for Adaptive and Self-Managing Systems},
ADDRESS = {Montreal, Canada},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/SEAMS2019-ML.pdf},
ABSTRACT = {Modern cyber-physical systems (e.g., robotics systems) are typically composed of physical and software components, the characteristics of which are likely to change over time.
Assumptions about parts of the system made at design time may not hold at run time, especially when a system is deployed for long periods (e.g., over decades).
Self-adaptation is designed to find reconfigurations of systems to handle such run-time inconsistencies. Planners can be used to find and enact optimal reconfigurations in such an evolving context. However, for systems that are highly configurable, such planning becomes intractable due to the size of the adaptation space.
To overcome this challenge, in this paper we explore an approach that (a) uses machine learning to find Pareto-optimal configurations without needing to explore every configuration, and (b) restricts the search space to such configurations to make planning tractable.
We explore this in the context of robot missions that need to consider task timeliness and energy consumption. An independent evaluation shows that our approach results in high quality adaptation plans in uncertain and adversarial environments. },
KEYWORDS = {Cyberphysical Systems, Self-adaptation}
}
@Article{2019:IEEESoftware:BRASS,
AUTHOR = {Aldrich, Jonathan and Garlan, David and K\"astner, Christian and Le Goues, Claire and Mohseni-Kabir, Anahita and Ruchkin, Ivan and Samuel, Selva and Schmerl, Bradley and Timperley, Christopher Steven and Veloso, Manuela and Voysey, Ian and Biswas, Joydeep and Guha, Arjun and Holtz, Jarrett and C\'{a}mara, Javier and Jamshidi, Pooyan},
TITLE = {Model-Based Adaptation for Robotics Software},
YEAR = {2019},
MONTH = {March},
JOURNAL = {IEEE Software},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/brass-mars-ieee-software2019.pdf},
ABSTRACT = {We have developed model-based adaptation, an approach that leverages models of software and its environment to enable automated adaptation. The goal of our approach is to build long-lasting mobile software systems that can effectively adapt to changes in their environment.},
KEYWORDS = {Self-adaptation}
}
@InProceedings{2019:Sukkerd:Explanation,
AUTHOR = {Zhao, Ellin and Sukkerd, Roykrong},
TITLE = {Interactive Explanation for Planning-Based Systems},
YEAR = {2019},
MONTH = {16-18 April},
BOOKTITLE = {Proceedings of the 10th ACM/IEEE International Conference on Cyberphysical Systems, Work-in-Progress track},
ADDRESS = {Montreal, Canada},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/zhao_iccps.pdf},
ABSTRACT = {As Cyber-Physical Systems (CPSs) become more autonomous,
it becomes harder for humans who interact with the CPSs to
understand the behavior of the systems. Particularly for CPSs
that must perform tasks while optimizing for multiple quality
objectives and acting under uncertainty, it can be difficult
for humans to understand the system behavior generated by
an automated planner. This work-in-progress presents an
approach at clarifying system behavior through interactive
explanation by allowing end-users to ask Why and Why-Not questions about specific behaviors of the system, and
providing answers in the form of contrastive explanation.},
KEYWORDS = {Explainable Software, Human-in-the-loop, Self-adaptation}
}
@Article{Bozhinoski:JSA:2019,
AUTHOR = {Bozhinoski, Darko and Garlan, David and Malavolta, Ivano and Pelliccione, Patrizio},
TITLE = {Managing safety and mission completion via collective run-time adaptation},
YEAR = {2019},
JOURNAL = {Journal of Systems Architecture},
VOLUME = {95},
PAGES = {19--35},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/SYSARC1584_201902001602722101.pdf},
ABSTRACT = {Mobile Multi-Robot Systems (MMRSs) are an emerging class of systems that are composed of a team of robots, various devices (like movable cameras, sensors) which collaborate with each other to accomplish defined missions. Moreover, these systems must operate in dynamic and potentially uncontrollable and unknown environments that might compromise the safety of the system and the completion of the defined mission. A model of the environment describing, e.g., obstacles, no-fly zones, wind and weather conditions might be available, however, the assumption that such a model is both correct and complete is often wrong. In this paper, we describe an approach that supports execution of missions at run time. It addresses collective adaptation problems in a decentralized fashion, and enables the addition of new entities in the system at any time. Moreover, it is based on two adaptation resolution methods: one for (potentially partial) resolution of mission-related issues and one for full resolution of safety-related issues.},
KEYWORDS = {Self-adaptation}
}
@InProceedings{Glazier:2019:metamanagement,
AUTHOR = {Glazier, Thomas J. and Garlan, David},
TITLE = {An Automated Approach to Management of a Collection of Autonomic Systems},
YEAR = {2019},
MONTH = {16 June},
BOOKTITLE = {Proceedings of the 4th eCAS Workshop on Engineering Collective Adaptive Systems},
ADDRESS = {Umea, Sweden},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/eCASEv1.pdf},
ABSTRACT = {Modern enterprise IT systems are increasingly becoming
compositions of many subsystems each of which is
an autonomic system. These individual autonomic systems act
independently to maintain their locally defined SLAs but can take
actions which are inconsistent with and potentially detrimental
to the global system objective. Currently, human administrators
intervene to resolve these conflicts but are challenged by
complexity in the prediction of current and future states of
the constituent systems and their managers, multiple conflicting
quality dimensions which may change over time, combinatorially
large configuration space across the set of constituent systems,
and the time critical nature of the decisions to be made to prevent
further degradation. To address these challenges, this paper
proposes an approach that enables the creation of a higher level
autonomic system, referred to as a meta-manager, that does not
subsume the control functions nor does it directly orchestrate the
actions of the sub-autonomic managers. Instead, we encapsulate
and abstract the behavior of each subsystem as a parameterized
adaptation policy which can be adjusted by the meta-manager
to tune the adaptive behavior of the subsystem adaptation. We
can effectively instantiate this idea by considering each of the
subsystems as a player in a stochastic multi-player game against
it’s local environment, and synthesize an adaptation strategy
using off-the-shelf tools for stochastic game analysis.},
KEYWORDS = {Meta-management, Self-adaptation}
}
@Unpublished{Kinneer:2019:informationreuse,
AUTHOR = {Kinneer, Cody and Garlan, David and Le Goues, Claire},
TITLE = {Information Reuse and Stochastic Search: Managing Uncertainty in Self-* Systems},
YEAR = {2019},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/irss.pdf},
ABSTRACT = {Many software systems operate in environments of change and uncertainty. Techniques for self-adaptation
allow these systems to automatically respond to environmental changes, yet they do not handle changes to the
adaptive system itself, such as the addition or removal of adaptation tactics. Instead, changes in a self-adaptive
system often require a human planner to redo an expensive planning process to allow the system to continue
satisfying its quality requirements under different conditions; automated techniques must replan from scratch.
We propose to address this problem by reusing prior planning knowledge to adapt to unexpected situations.
We present a planner based on genetic programming that reuses existing plans, and evaluate this planner on
two case study systems: a cloud-based web server, and a team of autonomous aircraft. While reusing material
in genetic algorithms has been recently applied successfully in the area of automated program repair, we find
that naively reusing existing plans for self-* planning can actually result in a utility loss. Furthermore, we
propose a series of techniques to lower the costs of reuse, allowing genetic techniques to leverage existing
information to improve utility when replanning for unexpected changes, we also find that coarsely shaped
search-spaces present profitable opportunities for reuse.},
NOTE = {Submitted for publication},
KEYWORDS = {Self-adaptation, Stochastic Search}
}
@PhdThesis{Ruchkin:2019:Thesis,
AUTHOR = {Ruchkin, Ivan},
TITLE = {Integration of Modeling Methods for Cyber-Physical Systems},
YEAR = {2019},
MONTH = {March},
SCHOOL = {Carnegie Mellon University},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ruchkin-20190328-final.pdf},
ABSTRACT = {Cyber-physical systems (CPS) incorporate digital (cyber) and mechanical (physical)
elements that interact in complex ways. Many safety-critical CPS, such as
autonomous vehicles and drones, are becoming increasingly widespread and hence
demand rigorous quality assurance. To this end, CPS engineering relies on modeling
methods, which use models to represent the system and design-time analyses to
interpret/change the models. Coming from diverse scientific and engineering fields,
these modeling methods are difficult to combine, or integrate, due to implicit relations
and dependencies between them. CPS failures can lead to substantial damage or
loss of life, and are often due to two key integration challenges: (i) inconsistencies
between models — contradictions in models that do not add up to a cohesive design,
and (ii) incorrect interactions of analyses — analyses performed out-of-order and in
mismatched contexts, leading to erroneous analysis outputs.
This thesis presents a novel approach to detect and prevent integration issues
between CPS modeling methods during the design phase. To detect inconsistencies
between models, the approach allows engineers to specify integration properties
— quantified logical statements that relate elements of multiple models — in the
Integration Property Language (IPL). IPL statements describe verifiable conditions
that are equivalent to an absence of inconsistencies. To interface with the models,
IPL relies on integration abstractions — simplified representations of models
for integration purposes. This thesis proposes two abstractions: views (annotated
component-and-connector models, inspired by software architecture) and behavioral
properties (expressions in model-specific property languages, such as the linear temporal
logic). Combining these abstractions lets engineers relate model structure and
behavior in IPL statements. To ensure correct interactions of analyses, I introduce
analysis contracts — a lightweight specification that captures inputs, outputs, assumptions,
and guarantees for each analysis, in terms of the integration abstractions.
Given these contracts, an analysis execution platform performs analyses in the order
of their dependencies, and only in the contexts that guarantee correct outputs.
My approach to integration was validated on four case studies of CPS modeling
methods in different systems: energy-aware planning in a mobile robot, collision
avoidance in a mobile robot, thread/battery scheduling in a quadrotor, and reliable/
secure sensing in an autonomous vehicle. This validation has shown that the
approach can find safety-critical errors by specifying expressive integration properties
and soundly checking them within practical constraints — all while being
customizable to heterogeneous models, analyses, and domains.},
NOTE = {Institute for Software Research Technical Report CMU-ISR-18-107},
KEYWORDS = {Cyberphysical Systems, Formal Methods}
}
@InProceedings{Kinneer:2019:observability,
AUTHOR = {Kinneer, Cody and Wagner, Ryan and Fang, Fei and Le Goues, Claire and Garlan, David},
TITLE = {Modeling Observability in Adaptive Systems to Defend Against Advanced Persistent Threats},
YEAR = {2019},
MONTH = {9-11 October},
BOOKTITLE = {Proceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for Systems Design (MEMCODE\'19)},
ADDRESS = {San Diego, USA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/memocode2019.pdf},
ABSTRACT = {Advanced persistent threats (APTs) are a particularly troubling challenge
for software systems. The adversarial nature of the security
domain, and APTs in particular, poses unresolved challenges to
the design of self-* systems, such as how to defend against multiple
types of attackers with different goals and capabilities. In
this interaction, the observability of each side is an important and
under-investigated issue in the self-* domain. We propose a model
of APT defense that elevates observability as a first-class concern.
We evaluate this model by showing how an informed approach that
uses observability improves the defender’s utility compared to a
uniform random strategy, can enable robust planning through sensitivity
analysis, and can inform observability-related architectural
design decisions.},
KEYWORDS = {Science of Security, Self-adaptation}
}
@InProceedings{2019:SEAMS:DartSim,
AUTHOR = {Moreno, Gabriel A. and Kinneer, Cody and Pandey, Ashutosh and Garlan, David},
TITLE = {DARTSim: An Exemplar for Evaluation and Comparison of Self-Adaptation Approaches for Smart Cyber-Physical Systems},
YEAR = {2019},
MONTH = {25-26 May},
BOOKTITLE = {Proceedings of the 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems},
ADDRESS = {Montreal, Canada},
ABSTRACT = {Motivated by the need for cyber-physical systems (CPS) to perform in dynamic and uncertain environments, smart CPS (sCPS) utilize self-adaptive capabilities to autonomously manage uncertainties at the intersection of the cyber and physical worlds. In this context, self-adaptation approaches face particular challenges, including (i) environment monitoring that is subject to sensing errors; (ii) adaptation actions that take time, sometimes due to physical movement; (iii) dire consequences for not adapting in a timely manner; and (iv) incomparable objectives that cannot be conflated into a single utility metric (e.g., avoiding an accident vs. providing good service). To enable researchers to evaluate and compare self-adaptation approaches aiming to address these unique challenges of sCPS, we introduce the DARTSim exemplar. DARTSim implements a high-level simulation of a team of unmanned air vehicles (UAVs) performing a reconnaissance mission in a hostile and unknown environment. Designed to be easily used by researchers, DARTSim provides a TCP-based interface for easy integration with external adaptation managers, documentation, and a fast simulation capability.},
NOTE = {Awarded Best Artifact Award for SEAMS 2019},
KEYWORDS = {Self-adaptation}
}
@InProceedings{2019:Kubow,
AUTHOR = {Aderaldo, Carlos and Mendon\c{c}a, Nabor C. and Schmerl, Bradley and Garlan, David},
TITLE = {Kubow: An Architecture-Based Self-Adaptation Service for
Cloud Native Applications},
YEAR = {2019},
MONTH = {9-13 September},
BOOKTITLE = {Proceedings of the 2019 European Conference on Software Architecture: Tools Track},
ADDRESS = {Paris, France},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ecsa2019-tools-final.pdf},
ABSTRACT = {This paper presents Kubow, an extensible architecture-based selfadaptation
service for cloud native applications. Kubow itself was
implemented by customizing and extending the Rainbow self-adaptation
framework with support for Docker containers and Kubernetes.
The paper highlights Kubow’s architecture and main design
decisions, and illustrates its use and configuration through a simple
example. An accompanying demo video is available at the project’s
web site: https://ppgia-unifor.github.io/kubow/.},
NOTE = {Awarded Best Demo},
KEYWORDS = {Self-adaptation}
}
@InProceedings{ToD:ICSE:2019,
AUTHOR = {D\"{u}rschmid, Tobias and Kang, Eunsuk and Garlan, David},
TITLE = {Trade-off-oriented Development: Making Quality Attribute Trade-offs First-class},
YEAR = {2019},
MONTH = {May},
BOOKTITLE = {Proceedings of the 41st International Conference on Software Engineering: New Ideas and Emerging Results},
ADDRESS = {Montreal, CA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/TradeoffOrientedDevelopmentToD_ICSE_2019.pdf},
ABSTRACT = {Implementing a solution for a design decision that
precisely satisfies the trade-off between quality attributes can be
extremely challenging. Further, typically quality attribute tradeoffs
are not represented as first-class entities in development
artifacts. Hence, decisions might be suboptimal and lack requirements
traceability as well as changeability. We propose Tradeoff-
oriented Development (ToD), a new concept to automate
the selection and integration of reusable implementations for
a given design decision based on quality attribute trade-offs.
Implementations that vary in quality attributes and that solve
reoccurring design decisions are collected in a design decision
library. Developers declaratively specify the quality attribute
trade-off, which is then used to automatically select the best
fitting implementation. We argue that thereby, software could
satisfy the trade-offs more precisely, requirements are traceable
and changeable, and advances in implementations automatically
improve existing software.},
KEYWORDS = {Software Architecture}
}
@Article{2019:Nabor:Microservice,
AUTHOR = {Mendon\c{c}a, Nabor C. and Jamshidi, Pooyan and Garlan, David and Pahl, Claus},
TITLE = {Developing Self-Adaptive Microservice Systems: Challenges and Directions},
YEAR = {2019},
MONTH = {26 November},
JOURNAL = {IEEE Software},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/1910.07660.pdf},
ABSTRACT = {A self-adaptive system can dynamically monitor and adapt its behavior to preserve or enhance its quality attributes under uncertain operating conditions. This article identifies key challenges for the development of microservice applications as self-adaptive systems, using a cloud-based intelligent video surveillance application as a motivating example. It also suggests potential new directions for addressing most of the identified challenges by leveraging existing microservice practices and technologies.},
KEYWORDS = {Self-adaptation}
}