@article{MaximovaGieseKrause2018,
  author    = {Maximova, Maria and Giese, Holger and Krause, Christian},
  title     = {Probabilistic timed graph transformation systems},
  series = {Journal of Logical and Algebraic Methods in Programming},
  volume    = {101},
  journal   = {Journal of Logical and Algebraic Methods in Programming},
  publisher = {Elsevier},
  address   = {New York},
  issn      = {2352-2208},
  doi       = {10.1016/j.jlamp.2018.09.003},
  pages     = {110 -- 131},
  year      = {2018},
  abstract  = {Today, software has become an intrinsic part of complex distributed embedded real-time systems. The next generation of embedded real-time systems will interconnect the today unconnected systems via complex software parts and the service-oriented paradigm. Due to these interconnections, the architecture of systems can be subject to changes at run-time, e.g. when dynamic binding of service end-points is employed or complex collaborations are established dynamically. However, suitable formalisms and techniques that allow for modeling and analysis of timed and probabilistic behavior of such systems as well as of their structure dynamics do not exist so far. To fill the identified gap, we propose Probabilistic Timed Graph Transformation Systems (PTGTSs) as a high-level description language that supports all the necessary aspects of structure dynamics, timed behavior, and probabilistic behavior. We introduce the formal model of PTGTSs in this paper as well as present and formally verify a mapping of models with finite state spaces to probabilistic timed automata (PTA) that allows to use the PRISM model checker to analyze PTGTS models with respect to PTCTL properties. (C) 2018 Elsevier Inc. All rights reserved.},
  language  = {en}
}
@article{DyckGieseLambers2019,
  author    = {Dyck, Johannes and Giese, Holger and Lambers, Leen},
  title     = {Automatic verification of behavior preservation at the transformation level for relational model transformation},
  series = {Software and systems modeling},
  volume    = {18},
  journal   = {Software and systems modeling},
  number    = {5},
  publisher = {Springer},
  address   = {Heidelberg},
  issn      = {1619-1366},
  doi       = {10.1007/s10270-018-00706-9},
  pages     = {2937 -- 2972},
  year      = {2019},
  abstract  = {The correctness of model transformations is a crucial element for model-driven engineering of high-quality software. In particular, behavior preservation is an important correctness property avoiding the introduction of semantic errors during the model-driven engineering process. Behavior preservation verification techniques show some kind of behavioral equivalence or refinement between source and target model of the transformation. Automatic tool support is available for verifying behavior preservation at the instance level, i.e., for a given source and target model specified by the model transformation. However, until now there is no sound and automatic verification approach available at the transformation level, i.e., for all source and target models. In this article, we extend our results presented in earlier work (Giese and Lambers, in: Ehrig et al (eds) Graph transformations, Springer, Berlin, 2012) and outline a new transformation-level approach for the sound and automatic verification of behavior preservation captured by bisimulation resp.simulation for outplace model transformations specified by triple graph grammars and semantic definitions given by graph transformation rules. In particular, we first show how behavior preservation can be modeled in a symbolic manner at the transformation level and then describe that transformation-level verification of behavior preservation can be reduced to invariant checking of suitable conditions for graph transformations. We demonstrate that the resulting checking problem can be addressed by our own invariant checker for an example of a transformation between sequence charts and communicating automata.},
  language  = {en}
}
@book{KrauseGiese2012,
  author    = {Krause, Christian and Giese, Holger},
  title     = {Quantitative modeling and analysis of service-oriented real-time systems using interval probabilistic timed automata},
  publisher = {Universit{\"a}tsverlah Potsdam},
  address   = {Potsdam},
  isbn      = {978-3-86956-171-4},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus-57845},
  publisher      = {Universit{\"a}t Potsdam},
  pages     = {45},
  year      = {2012},
  abstract  = {One of the key challenges in service-oriented systems engineering is the prediction and assurance of non-functional properties, such as the reliability and the availability of composite interorganizational services. Such systems are often characterized by a variety of inherent uncertainties, which must be addressed in the modeling and the analysis approach. The different relevant types of uncertainties can be categorized into (1) epistemic uncertainties due to incomplete knowledge and (2) randomization as explicitly used in protocols or as a result of physical processes. In this report, we study a probabilistic timed model which allows us to quantitatively reason about nonfunctional properties for a restricted class of service-oriented real-time systems using formal methods. To properly motivate the choice for the used approach, we devise a requirements catalogue for the modeling and the analysis of probabilistic real-time systems with uncertainties and provide evidence that the uncertainties of type (1) and (2) in the targeted systems have a major impact on the used models and require distinguished analysis approaches. The formal model we use in this report are Interval Probabilistic Timed Automata (IPTA). Based on the outlined requirements, we give evidence that this model provides both enough expressiveness for a realistic and modular specifiation of the targeted class of systems, and suitable formal methods for analyzing properties, such as safety and reliability properties in a quantitative manner. As technical means for the quantitative analysis, we build on probabilistic model checking, specifically on probabilistic time-bounded reachability analysis and computation of expected reachability rewards and costs. To carry out the quantitative analysis using probabilistic model checking, we developed an extension of the Prism tool for modeling and analyzing IPTA. Our extension of Prism introduces a means for modeling probabilistic uncertainty in the form of probability intervals, as required for IPTA. For analyzing IPTA, our Prism extension moreover adds support for probabilistic reachability checking and computation of expected rewards and costs. We discuss the performance of our extended version of Prism and compare the interval-based IPTA approach to models with fixed probabilities.},
  language  = {en}
}
@book{GieseHildebrandtNeumannetal.2012,
  author    = {Giese, Holger and Hildebrandt, Stephan and Neumann, Stefan and W{\"a}tzoldt, Sebastian},
  title     = {Industrial case study on the integration of SysML and AUTOSAR with triple graph grammars},
  publisher = {Universit{\"a}tsverlag Potsdam},
  address   = {Potsdam},
  isbn      = {978-3-86956-191-2},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus-60184},
  publisher      = {Universit{\"a}t Potsdam},
  pages     = {vi, 51},
  year      = {2012},
  abstract  = {During the overall development of complex engineering systems different modeling notations are employed. For example, in the domain of automotive systems system engineering models are employed quite early to capture the requirements and basic structuring of the entire system, while software engineering models are used later on to describe the concrete software architecture. Each model helps in addressing the specific design issue with appropriate notations and at a suitable level of abstraction. However, when we step forward from system design to the software design, the engineers have to ensure that all decisions captured in the system design model are correctly transferred to the software engineering model. Even worse, when changes occur later on in either model, today the consistency has to be reestablished in a cumbersome manual step. In this report, we present in an extended version of [Holger Giese, Stefan Neumann, and Stephan Hildebrandt. Model Synchronization at Work: Keeping SysML and AUTOSAR Models Consistent. In Gregor Engels, Claus Lewerentz, Wilhelm Sch{\"a}fer, Andy Sch{\"u}rr, and B. Westfechtel, editors, Graph Transformations and Model Driven Enginering - Essays Dedicated to Manfred Nagl on the Occasion of his 65th Birthday, volume 5765 of Lecture Notes in Computer Science, pages 555-579. Springer Berlin / Heidelberg, 2010.] how model synchronization and consistency rules can be applied to automate this task and ensure that the different models are kept consistent. We also introduce a general approach for model synchronization. Besides synchronization, the approach consists of tool adapters as well as consistency rules covering the overlap between the synchronized parts of a model and the rest. We present the model synchronization algorithm based on triple graph grammars in detail and further exemplify the general approach by means of a model synchronization solution between system engineering models in SysML and software engineering models in AUTOSAR which has been developed for an industrial partner. In the appendix as extension to [19] the meta-models and all TGG rules for the SysML to AUTOSAR model synchronization are documented.},
  language  = {en}
}
@book{NeumannGiese2013,
  author    = {Neumann, Stefan and Giese, Holger},
  title     = {Scalable compatibility for embedded real-time components via language progressive timed automata},
  publisher = {Universit{\"a}tsverlag Potsdam},
  address   = {Potsdam},
  isbn      = {978-3-86956-226-1},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus-63853},
  publisher      = {Universit{\"a}t Potsdam},
  pages     = {vi, 67},
  year      = {2013},
  abstract  = {The proper composition of independently developed components of an embedded real- time system is complicated due to the fact that besides the functional behavior also the non-functional properties and in particular the timing have to be compatible. Nowadays related compatibility problems have to be addressed in a cumbersome integration and configuration phase at the end of the development process, that in the worst case may fail. Therefore, a number of formal approaches have been developed, which try to guide the upfront decomposition of the embedded real-time system into components such that integration problems related to timing properties can be excluded and that suitable configurations can be found. However, the proposed solutions require a number of strong assumptions that can be hardly fulfilled or the required analysis does not scale well. In this paper, we present an approach based on timed automata that can provide the required guarantees for the later integration without strong assumptions, which are difficult to match in practice. The approach provides a modular reasoning scheme that permits to establish the required guarantees for the integration employing only local checks, which therefore also scales. It is also possible to determine potential configuration settings by means of timed game synthesis.},
  language  = {de}
}
@book{HebigGieseBatoulisetal.2015,
  author    = {Hebig, Regina and Giese, Holger and Batoulis, Kimon and Langer, Philipp and Zamani Farahani, Armin and Yao, Gary and Wolowyk, Mychajlo},
  title     = {Development of AUTOSAR standard documents at Carmeq GmbH},
  number    = {92},
  publisher = {Universit{\"a}tsverlag Potsdam},
  address   = {Potsdam},
  isbn      = {978-3-86956-317-6},
  issn      = {1613-5652},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-71535},
  publisher      = {Universit{\"a}t Potsdam},
  pages     = {52},
  year      = {2015},
  abstract  = {This report documents the captured MDE history of Carmeq GmbH, in context of the project Evolution of MDE Settings in Practice. The goal of the project is the elicitation of MDE approaches and their evolution.},
  language  = {en}
}
@misc{BrandGiese2019,
  author    = {Brand, Thomas and Giese, Holger},
  title     = {Generic adaptive monitoring based on executed architecture runtime model queries and events},
  series = {IEEE Xplore},
  journal   = {IEEE Xplore},
  publisher = {IEEE},
  address   = {New York},
  isbn      = {978-1-7281-2731-6},
  issn      = {1949-3673},
  doi       = {10.1109/SASO.2019.00012},
  pages     = {17 -- 22},
  year      = {2019},
  abstract  = {Monitoring is a key functionality for automated decision making as it is performed by self-adaptive systems, too. Effective monitoring provides the relevant information on time. This can be achieved with exhaustive monitoring causing a high overhead consumption of economical and ecological resources. In contrast, our generic adaptive monitoring approach supports effectiveness with increased efficiency. Also, it adapts to changes regarding the information demand and the monitored system without additional configuration and software implementation effort. The approach observes the executions of runtime model queries and processes change events to determine the currently required monitoring configuration. In this paper we explicate different possibilities to use the approach and evaluate their characteristics regarding the phenomenon detection time and the monitoring effort. Our approach allows balancing between those two characteristics. This makes it an interesting option for the monitoring function of self-adaptive systems because for them usually very short-lived phenomena are not relevant.},
  language  = {en}
}
@misc{Giese2019,
  author    = {Giese, Holger Burkhard},
  title     = {Software Engineering for Smart Cyber-Physical Systems},
  series = {Proceedings of the 12th Innovations on Software Engineering Conference},
  journal   = {Proceedings of the 12th Innovations on Software Engineering Conference},
  publisher = {Association for Computing Machinery},
  address   = {New York},
  isbn      = {978-1-4503-6215-3},
  doi       = {10.1145/3299771.3301650},
  pages     = {1},
  year      = {2019},
  abstract  = {Currently, a transformation of our technical world into a networked technical world where besides the embedded systems with their interaction with the physical world the interconnection of these nodes in the cyber world becomes a reality can be observed. In parallel nowadays there is a strong trend to employ artificial intelligence techniques and in particular machine learning to make software behave smart. Often cyber-physical systems must be self-adaptive at the level of the individual systems to operate as elements in open, dynamic, and deviating overall structures and to adapt to open and dynamic contexts while being developed, operated, evolved, and governed independently. In this presentation, we will first discuss the envisioned future scenarios for cyber-physical systems with an emphasis on the synergies networking can offer and then characterize which challenges for the design, production, and operation of these systems result. We will then discuss to what extent our current capabilities, in particular concerning software engineering match these challenges and where substantial improvements for the software engineering are crucial. In today's software engineering for embedded systems models are used to plan systems upfront to maximize envisioned properties on the one hand and minimize cost on the other hand. When applying the same ideas to software for smart cyber-physical systems, it soon turned out that for these systems often somehow more subtle links between the involved models and the requirements, users, and environment exist. Self-adaptation and runtime models have been advocated as concepts to covers the demands that result from these subtler links. Lately, both trends have been brought together more thoroughly by the notion of self-aware computing systems. We will review the underlying causes, discuss some our work in this direction, and outline related open challenges and potential for future approaches to software engineering for smart cyber-physical systems.},
  language  = {en}
}
@misc{BrandGiese2019,
  author    = {Brand, Thomas and Giese, Holger Burkhard},
  title     = {Towards Generic Adaptive Monitoring},
  series = {2018 IEEE 12th International Conference on Self-Adaptive and Self-Organizing Systems (SASO)},
  journal   = {2018 IEEE 12th International Conference on Self-Adaptive and Self-Organizing Systems (SASO)},
  publisher = {IEEE},
  address   = {New York},
  isbn      = {978-1-5386-5172-8},
  issn      = {1949-3673},
  doi       = {10.1109/SASO.2018.00027},
  pages     = {156 -- 161},
  year      = {2019},
  abstract  = {Monitoring is a key prerequisite for self-adaptive software and many other forms of operating software. Monitoring relevant lower level phenomena like the occurrences of exceptions and diagnosis data requires to carefully examine which detailed information is really necessary and feasible to monitor. Adaptive monitoring permits observing a greater variety of details with less overhead, if most of the time the MAPE-K loop can operate using only a small subset of all those details. However, engineering such an adaptive monitoring is a major engineering effort on its own that further complicates the development of self-adaptive software. The proposed approach overcomes the outlined problems by providing generic adaptive monitoring via runtime models. It reduces the effort to introduce and apply adaptive monitoring by avoiding additional development effort for controlling the monitoring adaptation. Although the generic approach is independent from the monitoring purpose, it still allows for substantial savings regarding the monitoring resource consumption as demonstrated by an example.},
  language  = {en}
}
@misc{Giese2017,
  author    = {Giese, Holger},
  title     = {Formal models and analysis for self-adaptive cyber-physical systems},
  series = {Lecture notes in computer science},
  volume    = {10231},
  journal   = {Lecture notes in computer science},
  editor    = {Kouchnarenko, Olga and Khosravi, Ramtin},
  publisher = {Springer},
  address   = {Cham},
  isbn      = {978-3-319-57666-4},
  issn      = {0302-9743},
  doi       = {10.1007/978-3-319-57666-4_1},
  pages     = {3 -- 9},
  year      = {2017},
  abstract  = {In this extended abstract, we will analyze the current challenges for the envisioned Self-Adaptive CPS. In addition, we will outline our results to approach these challenges with SMARTSOS [10] a generic approach based on extensions of graph transformation systems employing open and adaptive collaborations and models at runtime for trustworthy self-adaptation, self-organization, and evolution of the individual systems and the system-of-systems level taking the independent development, operation, management, and evolution of these systems into account.},
  language  = {en}
}