Carlo Ghezzi

Carlo Ghezzi
Politecnico di Milano | Polimi · Department of Electronics, Information, and Bioengineering

About

365
Publications
104,906
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
9,974
Citations

Publications

Publications (365)
Article
Full-text available
Engineering cyber-physical systems inhabiting contemporary urban spatial environments demands software engineering facilities to support design and operation. Tools and approaches in civil engineering and architectural informatics produce artifacts that are geometrical or geographical representations describing physical spaces. The models we consid...
Preprint
Cyber-physical space systems are engineered systems operating within physical space with design requirements that depend on space, e.g., regarding location or movement behavior. They are built from and depend upon the seamless integration of computation and physical components. Typical examples include systems where software-driven agents such as m...
Article
Cyber-physical space systems are engineered systems operating within physical space with design requirements that depend on space, e.g., regarding location or movement behavior. They are built from and depend upon the seamless integration of computation and physical components. Typical examples include systems where software-driven agents such as m...
Chapter
In modern societies, people live in spaces populated by a variety of computational elements, which generate new kinds of active cyber-entities interacting with each other and with humans, enabling new smart functionalities. Examples range from smart buildings such as modern office spaces, hospitals, airports and other public facilities up to entire...
Article
Full-text available
Internet-enabled devices operating in the physical world are increasingly integrated in modern distributed systems. We focus on systems where the dynamics of spatial distribution is crucial; in such cases, devices may need to carry out complex computations (e.g., analyses) to check satisfaction of spatial requirements. The requirements are partly g...
Preprint
Internet-enabled things and devices operating in the physical world are increasingly integrated in modern distributed systems, supporting functionalities that require assurances that certain critical requirements are satisfied by the overall system. We focus here on spatially-distributed Internet-of-Things systems such as smart environments, where...
Chapter
Cyber-Physical Systems (CPS) are increasingly applied in critical contexts, where they have to support safe and secure operations, often subject to stringent timing requirements. Typical examples are scenarios involving automated living or working spaces in which humans operate, or human-robot collaborations (HRC) in modern manufacturing. Formal me...
Article
Mobile and general-purpose robots increasingly support our everyday life, requiring dependable robotics control software. Creating such software mainly amounts to implementing their complex behaviors known as missions. Recognizing this need, a large number of domain-specific specification languages has been proposed. These, in addition to tradition...
Article
Full-text available
Controllers often are large and complex reactive software systems and thus they typically cannot be developed as monolithic products. Instead, they are usually comprised of multiple components that interact to provide the desired functionality. Components themselves can be complex and in turn be decomposed into multiple sub-components. Designing su...
Preprint
Full-text available
Providing assurances for self-adaptive systems is challenging. A primary underlying problem is uncertainty that may stem from a variety of different sources, ranging from incomplete knowledge to sensor noise and uncertain behavior of humans in the loop. Providing assurances that the self-adaptive system complies with its requirements calls for an e...
Article
Full-text available
Providing assurances for self-adaptive systems is challenging. A primary underlying problem is uncertainty that may stem from a variety of different sources, ranging from incomplete knowledge to sensor noise and uncertain behavior of humans in the loop. Providing assurances that the self-adaptive system complies with its requirements calls for an e...
Preprint
Full-text available
Mobile and general-purpose robots increasingly support our everyday life, requiring dependable robotics control software. Creating such software mainly amounts to implementing their complex behaviors known as missions. Recognizing the need, a large number of domain-specific specification languages has been proposed. These, in addition to traditiona...
Chapter
Full-text available
Change makes software different from any other artifact created by humans. Although this is known since the 1970s, change is still often handled in an ad hoc manner. Agile development and, more recently, DevOps have been proposed as a solution, and success stories are reported from industry. Still, principled and rigorous foundations that can be ta...
Conference Paper
Engineering dependable software for mobile robots is becoming increasingly important. A core asset in engineering mobile robots is the mission specification---a formal description of the goals that mobile robots shall achieve. Such mission specifications are used, among others, to synthesize, verify, simulate, or guide the engineering of robot soft...
Conference Paper
Full-text available
Cyber-physical space systems are becoming increasingly important. Such systems have to satisfy requirements that are heavily affected by the physical space they operate in and by the active entities inhabiting the space, whose dynamic behaviors generate continuous topological changes. Reasoning about requirements in the early design phases is extre...
Article
We present design concepts, programming constructs, and automatic verification techniques to support the development of adaptive Wireless Sensor Network (WSN) software. WSNs operate at the interface between the physical world and the computing machine and are hence exposed to unpredictable environment dynamics. WSN software must adapt to these dyna...
Conference Paper
We increasingly live in cyber-physical spaces -- spaces that are both physical and digital, and where the two aspects are intertwined. Such spaces are highly dynamic and typically undergo continuous change. Software engineering can have a profound impact in this domain, by defining suitable modeling and specification notations as well as supporting...
Conference Paper
Full-text available
Three-valued model checking has been proposed to support verification when some portions of the model are unspecified. Given a formal property, the model checker returns true if the property is satisfied, false and a violating behavior if it is not, maybe and a possibly violating behavior if it is possibly satisfied, i.e., its satisfaction may depe...
Article
Change has been recognized as the distinguishing feature that makes software different from any other human‐produced artifacts. Initial reflections on the urgent and unavoidable need to master change date back to the 1970s. However, despite the continuous progress that characterized software technology since, in practice, software change is still o...
Article
Full-text available
This paper describes in detail the example introduced in the preliminary evaluation of THRIVE. Specifically, it evaluates THRIVE over an abstraction of the ground model proposed for a critical component belonging to a medical device used by optometrists and ophtalmologits to dected visual problems.
Article
In the real world practice, software systems are often built without developing any explicit upfront model. This can cause serious problems that may hinder the almost inevitable future evolution, since at best the only documentation about the software is in the form of source code comments. To address this problem, research has been focusing on aut...
Conference Paper
Context and Motivation: Goal-oriented methods can be used by analysts to produce a set of system requirements that reflect the customer needs and are used as guidelines in the subsequent system design, in which a model of the system is produced. The design model is used to analyze the coherence of the system behavior with the requirements. Question...
Article
Smart spaces are becoming increasingly vulnerable from the interplay of cyber and physical entities. A representation of the spaces' topology can reveal security-relevant contextual characteristics, and a visualization tool allows security analysts to edit space topology and verify that access-control policies meet security requirements.
Article
Full-text available
Bigraphs are an emerging modeling formalism for structures in ubiquitous computing. Besides an algebraic notation, which can be adopted to provide an algebraic syntax for bigraphs, the bigraphical theory introduces a visual concrete syntax which is intuitive and unambiguous at the same time; the standard visual notation can be customized and thus t...
Conference Paper
A software specification is often the result of an iterative process that transforms an initial incomplete model through refinement decisions. A model is incomplete because the implementation of certain functionalities is postponed to a later development step or is delegated to third parties. An unspecified functionality may be later replaced by al...
Article
Full-text available
We increasingly live in cyber-physical spaces: spaces that are both physical and digital, and where the two aspects are intertwined. Cyber-physical spaces may exhibit a range of behaviors, from smart control of heating, ventilation, and light to visionary multi-functional living spaces that can be spatially re-organized in a dynamic way. In contras...
Article
Full-text available
Software development is an iterative process which includes a set of development steps that transform the initial high level specification of the system into its final, fully specified, implementation. This report discusses the theoretical foundations that allow Incomplete B\"uchi Automata (IBAs) to be used in the iterative development of a sequent...
Article
Ubiquitous computing is resulting in a proliferation of cyber-physical systems that host or manage valuable physical and digital assets. These assets can be harmed by malicious agents through both cyber-enabled or physically-enabled attacks, particularly ones that exploit the often ignored interplay between the cyber and physical world. The explici...
Chapter
This article is a tutorial on how to achieve software evolution and adaptation in a dependable manner, by systematically applying formal modelling and verification. It shows how software can be designed upfront to tolerate different sources of uncertainty that cause continuous future changes. If possible changes can be predicted, and their occurren...
Conference Paper
The problem of checking a logged event trace against a temporal logic specification arises in many practical cases. Unfortunately, known algorithms for an expressive logic like MTL (Metric Temporal Logic) do not scale with respect to two crucial dimensions: the length of the trace and the size of the time interval of the formula to be checked. The...
Conference Paper
Smart cyber-physical spaces indicate spatial environments which include both cyber and physical elements interacting with each other. In the construction industry, Building Information Models are the de facto standard for specifying complex information about building infrastructures, a representation which can also be extended for the specification...
Article
Modern component-based distributed software systems are increasingly required to offer non-stop service and thus their updates must be carried out at runtime. Different authors have already proposed solutions for the safe management of dynamic updates. Our contribution aims at improving their efficiency without compromising safety. We propose a new...
Conference Paper
Software systems are often built without developing any explicit model and therefore research has been focusing on automatic inference of models by applying machine learning to execution logs. However, the logs generated by a real software system may be very large and the inference algorithm can exceed the capacity of a single computer. This paper...
Conference Paper
Full-text available
Modern iterative and incremental software development relies on continuous testing. The knowledge of test-to-code traceability links facilitates test-driven development and improves software evolution. Previous research identified traceability links between test cases and classes under test. Though this information is helpful, a finer granularity t...
Article
Full-text available
The Future Internet is envisioned as a worldwide environment connecting a large open-ended collection of heterogeneous and autonomous resources, namely Things, Services and Contents, which interact with each other anywhere and anytime. Applications will possibly emerge dynamically as opportunistic aggregation of resources available at a given time,...
Article
Full-text available
The problem of checking a logged event trace against a temporal logic specification arises in many practical cases. Unfortunately, known algorithms for an expressive logic like MTL (Metric Temporal Logic) do not scale with respect to two crucial dimensions: the length of the trace and the size of the time interval for which logged events must be bu...
Article
Full-text available
Formal verification is used to establish the compliance of software and hardware systems with important classes of requirements. System compliance with functional requirements is frequently analyzed using techniques such as model checking, and theorem proving. In addition, a technique called quantitative verification supports the analysis of the re...
Article
Self-adaptive software modifies its behavior at run time to satisfy changing requirements in a dynamic environment. Context-oriented programming (COP) has been recently proposed as a specialized programming paradigm for context-aware and adaptive systems. COP mostly focuses on run time adaptation of the application's behavior by supporting modular...
Conference Paper
Modern software systems are increasingly required to run for a long time and deliver uninterrupted service. Their requirements or their environments, however, may change. Therefore, these systems must be updated dynamically, at run-time. Typical examples can be found in manufacturing, transportation, or space applications, where stopping the system...
Article
Full-text available
Constraint solution reuse is an effective approach to save the time of constraint solving in symbolic execution. Most of the existing reuse approaches are based on syntactic or semantic equivalence of constraints; e.g. the Green framework is able to reuse constraints which have different representations but are semantically equivalent, through cano...
Article
Modern software systems are continuously evolving, often because systems requirements change over time. Responding to requirements changes is one of the principles of agile methodologies. In this paper we envision the seamless integration of automated verification techniques within agile methodologies, thanks to the support for incrementality. Incr...
Article
Modern software-intensive systems often interact with an environment whose behavior changes over time, often unpredictably. The occurrence of changes may jeopardize their ability to meet the desired requirements. It is therefore desirable to design software in a way that it can self-adapt to the occurrence of changes with limited, or even without,...
Chapter
Software systems are usually developed to provide a fixed set of functionalities within given environmental conditions. However, in the last few years, there has been an increasing interest in systems that can autonomously modify their behavior in response to dynamic changes occurring in their execution environment. In one word, they must be self-a...
Conference Paper
Autonomous drones are a powerful new breed of mobile sensing platform that can greatly extend the capabilities of traditional sensing systems. Unfortunately, it is still non-trivial to coordinate multiple drones to perform a task collaboratively. We present a novel programming model called team-level programming that can express collaborative sensi...
Conference Paper
Modern enterprise information systems are built following the paradigm of service-orientation. This paradigm promotes workflow-based software composition, where complex business processes are realized by orchestrating different, heterogenous components. These workflow descriptions evolve continuously, to adapt to changes in the business goals or in...
Article
Full-text available
Service-based applications are often developed as compositions of partner services. A service integrator needs precise methods to specify the quality attributes expected by each partner service, as well as effective techniques to verify these attributes. In previous work, we identified the most common specification patterns related to provisioning...
Article
In this paper, we focus on the reliability and availability analysis of Web service (WS) compositions, orchestrated via the Business Process Execution Language (BPEL). Starting from the failure profiles of the services being composed, which take into account multiple possible failure modes, latent errors, and propagation effects, and from a BPEL pr...
Book
Full-text available
The computing and networking capabilities of today's wireless mobile devices allow for seamlessly-networked, ubiquitous services, which may be dynamically composed at run-time to accomplish complex tasks. This vision, however, remains challenged by the inherent mobility of such devices, which makes services highly volatile. These issues call for a...
Conference Paper
Adaptive security systems aim to protect critical assets in the face of changes in their operational environment. We have argued that incorporating an explicit representation of the environment's topology enables reasoning on the location of assets being protected and the proximity of potentially harmful agents. This paper proposes to engineer topo...
Conference Paper
We present a context-oriented approach to design and implement self-adaptive component-based software in resource-constrained Cyber physical Systems (CPSs). Because of unpredictable environment dynamics, developers must design and implement CPS software to dynamically adapt to widely different situations. Our approach provides design concepts and l...
Conference Paper
Full-text available
Modern complex software systems produce a large amount of execution data, often stored in logs. These logs can be analyzed using trace checking techniques to check whether the system complies with its requirements specifications. Often these specifications express quantitative properties of the system, which include timing constraints as well as hi...
Article
Adaptive security systems aim to protect valuable assets in the face of changes in their operational environment. They do so by monitoring and analysing this environment, and deploying security functions that satisfy some protection (security, privacy, or forensic) requirements. In this paper, we suggest that a key characteristic for engineering ad...
Conference Paper
Developers spend a significant portion of their time understanding and learning the correct usage of the APIs of libraries they want to integrate in their projects. However, learning how to effectively use APIs is complex and time consuming. Code recommendation systems play a crucial role facilitating developers in this task by providing to them re...
Conference Paper
Modern society increasingly relies on mobile devices. This explains the growing demand for high quality software for such devices. To improve the efficiency of the development life-cycle, shortening time-to-market while keeping quality under control, mobile applications are typically developed by composing together ad-hoc developed components, serv...
Conference Paper
Full-text available
Cloud-based elastic systems run on a cloud infrastructure and have the capability of dynamically adjusting the allocation of their resources in response to changes in the workload, in a way that balances the trade-off between the desired quality-of-service and the operational costs. The actual elastic behavior of these systems is determined by a co...
Article
Many modern user-intensive applications, such as Web applications, must satisfy the interaction requirements of thousands if not millions of users, which can be hardly fully understood at design time. Designing applications that meet user behaviors, by efficiently supporting the prevalent navigation patterns, and evolving with them requires new app...
Conference Paper
We present programming abstractions for implementing adaptive Wireless Sensor Network (WSN) software. The need for adaptability arises in WSNs because of unpredictable environment dynamics, changing requirements, and resource scarcity. However, after about a decade of research in WSN programming, developers are still left with no dedicated support....
Conference Paper
Full-text available
SMT solvers have been recently applied to bounded model checking and satisfiability checking of metric temporal logic. In this paper we consider SOLOIST, an extension of metric temporal logic with aggregate temporal modalities; it has been defined based on a field study on the use of specification patterns in the context of the provisioning of serv...
Article
Modern software systems are increasingly built by integrating different services implemented by independent organizations and offered in an open service marketplace. In such environment, multiple providers may compete with each other by publishing services that provide the same functionality, and export the same interface, but differ in the offered...
Article
In the recent years, several research efforts have been devoted to developing approaches to synthesize specifications of software behavior. Most of the proposed approaches addressed the inference of finite-state abstractions. The synthesized abstractions have been integrated in different validation scenarios, such as testing. While finite-state mod...
Conference Paper
Modern service oriented applications increasingly include publicly released services that impose novel and compelling requirements in terms of scalability and support to clients with limited capabilities such as mobile applications. To meet these requirements, service oriented applications require a careful optimisation of their provisioning mechan...
Chapter
Advances in software verification techniques have been impressive in the past decade. Formal verification of large production software is now increasingly feasible and this is paving the way to transferring these techniques from research to practice. We argue, however, that there is still a serious mismatch between verification and modern developme...
Conference Paper
We present our ongoing work on the design of macroprogramming abstractions to program sensing and actuating applications using robot swarms. Robots can sample the environment and act on it where no other sensor can reach, e.g., to monitor the environment at altitude with aerial robots. Programming the individual behavior of multiple coordinating ro...