Recent Publications

Silva A, Moon Y-J, Krause C, Arbab F.  2014.  A Compositional Model to Reason About End- to- End QoS in Stochastic Reo Connectors. Science of Computer Programming. 80:3-24. Abstract1-s2.0-s0167642311002073-main.pdf

In this paper, we present a compositional semantics for the channel-based coordination language Reo that enables the analysis of quality of service (QoS) properties of service compositions. For this purpose, we annotate Reo channels with stochastic delay rates and explicitly model data-arrival rates at the boundary of a connector, to capture its interaction with the services that comprise its environment. We propose Stochastic Reo Automata as an extension of Reo automata, in order to compositionally derive a QoS-aware semantics for Reo. We further present a translation of Stochastic Reo Automata to Continuous-Time Markov Chains (CTMCs). This translation enables us to use third-party CTMC verification tools to do an end-to-end performance analysis of service compositions. In addition, we discuss to what extent Interactive Markov Chains (IMCs) can serve as an alternative semantic model for Stochastic Reo. We show that the semantics of Stochastic Reo cannot be specified compositionally using the product operator provided by IMCs.
Silva A, Bonchi F, Bonsangue M, Hansen HH, Panangaen P, Rutten J.  2014.  Algebra- Coalgebra Duality in Brzozowski's Minimization Algorithm. ACM Transactions on Computacional Logic. 15(1):1-29. Abstractbonchi_algebra.pdf

Duality plays a fundamental role in many areas of mathematics, computer science, systems
theory and even physics. For example, the familiar concept of Fourier transform is essentially a duality result: an instance of Pontryagin duality, see, for example the standard textbook [Rudin 1962]. Another basic instance, known to undergraduates, is the duality of a finite-dimensional vector spaces V over some field k, and the space of linear maps from V to k, which is itself a finite-dimensional vector space. Building on this self-duality, a fundamental principle in systems theory due to [Kalman 1959] captures the duality between the concepts of observability and controllability (to be explained below). The latter was further extended to automata theory (where controllability amounts to reachability) in [Arbib and Zeiger 1969], and in various papers [Arbib and Manes 1974; 1975a; 1975c; 1975b; 1980a; 1980b] where Arbib and Manes explored algebraic automata theory in a categorical framework; see also the excellent collection of papers [Kalman et al. 1969] where both automata theory and systems theory is presented.
Furniss D, Masci P, Curzon P, Mayer A, Blandford A.  2014.  7 Themes for guiding situated ergonomic assessments of medical devices: A case study of an inpatient glucometer. Applied Ergonomics. 45(6):1668-1677. Abstracthttps://doi.org/10.1016/j.apergo.2014.05.012

There is relatively little guidance on the situated ergonomic assessment of medical devices, and few case studies that detail this type of evaluation. This paper reports results of a detailed case study that focuses on the design and use of a modern blood glucose meter on an oncology ward. We spent approximately 150 h in-situ, over 11 days and 4 nights, performing observations and interviews with users. This was complemented by interviews with two staff with oversight and management responsibility related to the device. We identified 19 issues with the design and use of this device. These issues were grouped into 7 themes which can help guide the situated study of medical devices: usability, knowledge gaps and mental models, workarounds, wider tasks and equipment, the patient, connection between services, and policy.
Di Giandomenico F, Itria ML, Masci P, Nostro N.  2014.  Automated synthesis of dependable mediators for heterogeneous interoperable systems. Reliability Engineering & System Safety. 132:220-232. Abstractress.pdf

Approaches to dependability and performance are challenged when systems are made up of networks of heterogeneous applications/devices, especially when operating in unpredictable open-world settings. The research community is tackling this problem and exploring means for enabling interoperability at the application level. The EU project CONNECT has developed a generic interoperability mechanism which relies on the on-the-fly synthesis of CONNECTors, that is software bridges that enable and adapt communication among heterogeneous devices. Dependability and Performance are relevant aspects of the system. In our previous work, we have identified generic dependability mechanisms for enhancing the dependability of CONNECTors. In this work, we introduce a set of generic strategies for automating the selection and application of an appropriate dependability mechanism. A case study based on a global monitoring system for environment and security (GMES) is used as a means for demonstrating the approach.
Macedo N, Cunha A, Pacheco H.  2014.  Towards a Framework for Multidirectional Model Transformations. CEUR Workshop Proceedings. 1133 AbstractWebsite
n/a
Rocha FB, Silva RS, Avelino ÁM, Costa CM.  2014.  PLATAFORMA DE COMUNICAÇÃO SEM FIO APLICADA A SISTEMAS DE IRRIGAÇÃO. 2014HOLOS. 5(DOI: http://dx.doi.org/10.15628/holos.2014.1945):14. AbstractWebsite

A utilização de novas tecnologias para projetos de automação é hoje uma tendência nos grandes centros urbanos. Porém, no campo, a agricultura carece do uso dessas tecnologias, inclusive, em sistemas e métodos de irrigação e de monitoramento de lavouras, dos quais são em sua grande maioria ultrapassados e inadequados. Consequentemente, isso afeta diretamente todo o setor econômico de uma sociedade. Com isso, faz-se necessário o desenvolvimento de um mecanismo automatizado de controle de irrigação, possibilitando uma maior eficiência e eficácia no processo de irrigação. Para tanto, o objetivo deste trabalho foi o desenvolvimento de um sistema de hardware e software capaz de tornar o processo de irrigação mais simples para o agricultor. Esse sistema consiste no controle e monitoramento da irrigação por meio de uma aplicação desenvolvida para computadores pessoais e através da internet, tendo em vista a mobilidade proporcionada para acesso do sistema em qualquer lugar do mundo. Além das vantagens práticas e econômicas, o sistema automatizado de irrigação possui um simples desenvolvimento, e utiliza materiais de baixo custo, o que torna viável sua implantação em grandes, médias e, inclusive, em pequenas lavouras.
Harrison M, Campos JC, Masci P.  2013.  Reusing models and properties in the analysis of similar interactive devices. Innovations in Systems and Software Engineering. 2(11):95-111. Abstractharrisoncm15-authorsversion.pdf

The paper is concerned with the comparative analysis of interactive devices. It compares two devices by checking a battery of template properties that are designed to explore important interface characteristics. The two devices are designed to support similar tasks in a clinical setting but differ in a number of respects as a result of judgements based on a range of considerations including software. Variations between designs are often relatively subtle and do not always become evident through even relatively thorough user testing. Notwithstanding their subtlety these differences may be important to the safety or usability of the device. The illustrated approach uses formal techniques to provide the analysis. This means that similar analysis can be applied systematically.
Paulo J, Reis P, Pereira JO, Sousa AL.  2013.  Towards an Accurate Evaluation of Deduplicated Storage Systems. International Journal of Computer Systems Science and Engineering. 29(1):73-83. Abstractprp13.pdf

Deduplication has proven to be a valuable technique for eliminating duplicate data in backup and archival systems and is now being applied to new storage environments with distinct requirements and performance trade-offs. Namely, deduplication system are now targeting large-scale cloud computing storage infrastructures holding unprecedented data volumes with a significant share of duplicate content.

It is however hard to assess the usefulness of deduplication in particular settings and what techniques provide the best results. In fact, existing disk I/O benchmarks follow simplistic approaches for generating data content leading to unrealistic amounts of duplicates that do not evaluate deduplication systems accurately. Moreover, deduplication systems are now targeting heterogeneous storage environments, with specific duplication ratios, that benchmarks must also simulate.

We address these issues with DEDISbench, a novel micro-benchmark for evaluating disk I/O performance of block based deduplication systems. As the main contribution, DEDISbench generates content by following realistic duplicate content distributions extracted from real datasets. Then, as a second contribution, we analyze and extract the duplicates found on three real storage systems, proving that DEDISbench can easily simulate several workloads.

The usefulness of DEDISbench is shown by comparing it with Bonnie++ and IOzone open-source disk I/O micro-benchmarks on assessing two open-source deduplication systems, Opendedup and Lessfs, using Ext4 as a baseline. Our results lead to novel insight on the performance of these file systems.
Matos M, Schiavoni V, Felber P, Oliveira R, Rivière E.  2013.  Lightweight, efficient, robust epidemic dissemination. Journal of Parallel and Distributed Computing. 7(7):987-999. Abstractjpdc-brisa.pdf

Today's intensive demand for data such as live broadcast or news feeds requires effcient and robust dissemination systems. Traditionally, designs focus on extremes of the effciency/robustness spectrum by either using structures, such as trees for effciency or by using loosely-coupled epidemic protocols for robustness. We present Brisa, a hybrid approach combining the robustness of epidemics with the effciency of structured approaches. Brisa implicitly emerges embedded dissemination structures from an underlying epidemic substrate. The structures' links are chosen with local knowledge only, but still ensuring connectivity. Failures can be promptly compensated and repaired thanks to the epidemic substrate, and their impact on dissemination delays masked by the use of multiple independent structures. Besides presenting the protocol design, we conduct an extensive evaluation in real environments, analyzing the effectiveness of the structure creation mechanism and its robustness under dynamic conditions. Results confirm Brisa as an effcient and robust approach to data dissemination in large dynamic environments.
Matos M, Felber P, Oliveira R, Pereira JO, Rivière E.  2013.  Scaling up Publish/Subscribe Overlays using Interest Correlation for Link Sharing. IEEE Transactions on Parallel and Distributed Systems. 24(13875740):2462-2471. Abstracttpds-stan-main.pdf

Topic-based publish/subscribe is at the core of many distributed systems, ranging from application integration middleware to news dissemination. Therefore, much research was dedicated to publish/subscribe architectures and protocols, and in particular to the design of overlay networks for decentralized topic-based routing and efficient message dissemination. Nonetheless, existing systems fail to take full advantage of shared interests when disseminating information, hence suffering from high maintenance and traffic costs, or construct overlays that cope poorly with the scale and dynamism of large networks. In this paper we present StaN, a decentralized protocol that optimizes the properties of gossip-based overlay networks for topic- based publish/subscribe by sharing a large number of physical connections without disrupting its logical properties. StaN relies only on local knowledge and operates by leveraging common interests among participants to improve global resource usage and promote topic and event scalability. The experimental evaluation under two real workloads, both via a real deployment and through simulation shows that StaN provides an attractive infrastructure for scalable topic-based publish/subscribe.
Oliveira JN, Ferreira M.  2013.  Alloy Meets the Algebra of Programming: A Case Study. IEEE Transactions on Software Engineering. 39:305-326. Abstract_of13.pdf

Relational algebra offers to software engineering the same degree of conciseness and calculational power as linear algebra in other engineering disciplines. Binary relations play the role of matrices with similar emphasis on multiplication and transposition. This matches with Alloy's lemma “everything is a relation” and with the relational basis of the Algebra of Programming (AoP). Altogether, it provides a simple and coherent approach to checking and calculating programs from abstract models. In this paper, we put Alloy and the Algebra of Programming together in a case study originating from the Verifiable File System mini-challenge put forward by Joshi and Holzmann: verifying the refinement of an abstract file store model into a journaled (Flash) data model catering to wear leveling and recovery from power loss. Our approach relies on diagrams to graphically express typed assertions. It interweaves model checking (in Alloy) with calculational proofs in a way which offers the best of both worlds. This provides ample evidence of the positive impact in software verification of Alloy's focus on relations, complemented by induction-free proofs about data structures such as stores and lists.
Macedo H, Oliveira JN.  2013.  Typing linear algebra: A biproduct-oriented approach. Science of Computer Programming. 78(11):2160-2191. Abstractscp11.pdf

Interested in formalizing the generation of fast running code for linear algebra applications, the authors show how an index-free, calculational approach to matrix algebra can be developed by regarding matrices as morphisms of a category with biproducts. This shifts the traditional view of matrices as indexed structures to a type-level perspective analogous to that of the pointfree algebra of programming. The derivation of fusion, cancellation and abide laws from the biproduct equations makes it easy to calculate algorithms implementing matrix multiplication, the central operation of matrix algebra, ranging from its divide-and-conquer version to its vectorization implementation.
From errant attempts to learn how particular products and coproducts emerge from biproducts, not only blocked matrix algebra is rediscovered but also a way of extending other operations (e.g. Gaussian elimination) blockwise, in a calculational style, is found.
The prospect of building biproduct-based type checkers for computer algebra systems such as MatlabTM is also considered.
Almeida JB, Barbosa MB, Pinto JS, Vieira B.  2013.  Formal verification of side-channel countermeasures using self-composition. Science Computer Programming. 78(7):796–812. Abstract11scp.pdf

Formal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive low-level optimizations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper we extend previous results supporting the practicality of self-composition proofs of non-interference and generalisations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We propose a formal verification framework to address these policies, extending the range of attacks that could previously be han- dled using self-composition. We demonstrate our techniques by addressing functional correctness and compliance with security policies for a practical use case.
Silva CC, Mendonça C, Mouta S, Silva R, Campos JC, Santos J.  2013.  Depth cues and perceived audiovisual synchrony of biological motion. PLOS One. 8(1) Abstractjournal.pone_.0080096.pdf

Background

Due to their different propagation times, visual and auditory signals from external events arrive at the human sensory receptors with a disparate delay. This delay consistently varies with distance, but, despite such variability, most events are perceived as synchronic. There is, however, contradictory data and claims regarding the existence of compensatory mechanisms for distance in simultaneity judgments.

Principal Findings

In this paper we have used familiar audiovisual events – a visual walker and footstep sounds – and manipulated the number of depth cues. In a simultaneity judgment task we presented a large range of stimulus onset asynchronies corresponding to distances of up to 35 meters. We found an effect of distance over the simultaneity estimates, with greater distances requiring larger stimulus onset asynchronies, and vision always leading. This effect was stronger when both visual and auditory cues were present but was interestingly not found when depth cues were impoverished.

Significance

These findings reveal that there should be an internal mechanism to compensate for audiovisual delays, which critically depends on the depth information available.
Campos JC, Machado J.  2013.  A Specification Patterns System for Discrete Event Systems' Analysis. International Journal of Advanced Robotic Systems. 10:315. Abstract45610.pdf

As formal verification tools gain popularity, the problem arises of making them more accessible to engineers. A correct understanding of the logics used to express properties of a system's behavior is needed in order to guarantee that properties correctly encode the intent of the verification process. Writing appropriate properties, in a logic suitable for verification, is a skillful process. Errors in this step of the process can create serious problems since a false sense of safety is gained with the analysis. However, when compared to the effort put into developing and applying modeling languages, little attention has been devoted to the process of writing properties that accurately capture verification requirements. In this paper we illustrate how a collection of property patterns can help in simplifying the process of generating logical formulae from informally expressed requirements.