Keynote Speakers

Janos Sztipanovits, Vanderbilt University School of Engineering/USA

Dr. Janos Sztipanovits is currently the E. Bronson Ingram Distinguished Professor of Engineering at Vanderbilt University. He is founding director of the Institute for Software Integrated Systems (ISIS). His current research interest includes the foundation and applications of Model-Integrated Computing for the design of Cyber Physical Systems. His other research contributions include structurally adaptive systems, autonomous systems, design space exploration and systems-security co-design technology. He served as  program manager and acting deputy director of DARPA/ITO between 1999 and 2002. He was founding chair of the ACM Special Interest Group on Embedded Software (SIGBED). Dr. Sztipanovits was elected Fellow of the IEEE in 2000 and external member of the Hungarian Academy of Sciences in 2010. He graduated (Summa Cum Laude) from the Technical University of Budapest in 1970 and received his doctorate from the Hungarian Academy of Sciences in 1980.

Model Integration Languages

Recent attention to Cyber Physical Systems (CPS) is driven by the need for facilitating cross—domain design tradeoffs  among physical and computational domains. Heterogeneity is the norm as well as the main challenge in CPS design: components and systems are modeled using multiple physical, logical, functional and non-functional modeling aspects. The scope of relevant design domains includes (1) multiple physical domains, such as 3D structure, mechanical, thermal, fluid, electrical, electromagnetic  and (2) computational/networking domains, such as system control, sensors, health management, mission management, communication. Modeling and analyzing cross-domain interactions among physical and computational/networking domains and understanding the effects of heterogeneous abstraction layers in the design flow are fundamental part of CPS design theories. The current practice of multi-modeling – using established domain-specific modeling languages and tools independently in the design process or attempting the establishment of massive universal modeling languages that cover all domains – are insufficient. I will frame this challenge as a model integration problem and discuss solutions for capturing interdependencies across modeling domains using Model Integration Languages.

Slides:


Thomas A. Henzinger, IST/AUSTRIA

Thomas Henzinger is President of IST Austria (Institute of Science and Technology Austria). He holds a Dipl.-Ing. degree in Computer Science from Kepler University in Linz, Austria, an M.S. degree in Computer and Information Sciences from the University of Delaware, and a Ph.D. degree in Computer Science from Stanford University (1991). He was Assistant Professor of Computer Science at Cornell University (1992-95), Assistant Professor (1996-97), Associate Professor (1997-98), and Professor (1998-2004) of Electrical Engineering and Computer Sciences at the University of California, Berkeley. He was also Director at the Max-Planck Institute for Computer Science in Saarbruecken, Germany (1999) and Professor of Computer and Communication Sciences at EPFL in Lausanne, Switzerland (2004-09). His research focuses on modern systems theory, especially models, algorithms, and tools for the design and verification of reliable software, hardware, and embedded systems. His HyTech tool was the first model checker for mixed discrete-continuous systems. He is an ISI highly cited researcher, a member of Academia Europaea, a member of the German Academy of Sciences (Leopoldina), a member of the Austrian Academy of Sciences, a Fellow of the ACM, a Fellow of the IEEE, and the recipient of an ERC Advanced Investigator Grant.

Quantitative Reactive Modeling

Formal verification aims to improve the quality of hardware and software by detecting errors before they do harm. At the basis of formal verification lies the logical notion of correctness, which purports to capture whether or not a circuit or program behaves as desired. We suggest that the boolean partition into correct and incorrect systems falls short of the practical need to assess the behavior of hardware and software in a more nuanced fashion against multiple criteria. We propose quantitative fitness measures for reactive models of concurrent systems, specifically for measuring function, performance, and robustness. The theory supports quantitative generalizations of the paradigms that have been success stories in qualitative reactive modeling, such as compositionality, property-preserving abstraction, model checking, and synthesis.

Slides:


Stephan Thesing, EUROCOPTER Group Munich/GERMANY

Dr.-Ing. Stephan Thesing, born in 1970, got his Diploma in Computer Science from the University of Bielefeld in 1996. In 2004 he obtained his PhD from Saarland University at the chair of Prof. Wilhelm with a thesis on computing worst-case execution times for hard real-time systems by static analysis of programs based on models of the underlying hardware. The aiT tool coming out of this research is the most advanced tool for WCET analysis in use today and is sold by the company AbsInt GmbH, which he co-founded in 1998. Since 2008 he is with Eurocopter Deutschland GmbH, a business unit of EADS, manufacturing helicopters. He is currently Team Leader in the department for Software Products within Eurocopter and concerned with development techniques/tools for on-board flight software for helicopters.

Ideas and requirements for model driven software and system development: the industry point of view

Model driven development has shown to provide benefits in terms of costs and duration both in software and system development projects. Nonetheless, there is no single solution for model driven development that fits every application domain equally well. For example, Matlab/Simulink is widely used as the model basis in automotive industry for control type applications, as is SCADE in the avionics industry.  Although successful in their specific control application domain, their use for other types of applications in automotive or avionics is not desirable: the modeling concepts are not a good fit anymore. Thus, having a model driven development through the whole development phases (typically the "V-model" in avionics) requires domain specific modeling techniques for different phases of the development and for different application areas. This presentation will focus on the avionics industry, namely rotorcraft type of aircraft. Here, issues of certification become the governing factor: each aircraft needs a certification from airworthiness authorities in order to be allowed to fly. Requirements on the development process coming from the certification process influence requirements on the development tools and methods. The presentation will discuss some of these requirements and their consequences for a model driven development methodology.

Slides: