2025Activity​​​‌ reportProject-TeamDIVERSE

Overall objective.

The disruptive‌ design of new, complex‌​‌ systems requires a high​​ degree of flexibility in​​​‌ the communication between many‌ stakeholders, often limited by‌​‌ the silo-like structure of​​ the organization itself (cf.​​​‌ Conway’s law). To overcome‌ this constraint, modern engineering‌​‌ environments aim to: (i)​​ better manage the necessary​​​‌ exchanges between the different‌ stakeholders; (ii) provide a‌​‌ unique and usable place​​ for information sharing; and​​​‌ (iii) ensure the consistency‌ of the many points‌​‌ of view. Software languages​​​‌ are the key pivot​ between the diverse stakeholders​‌ involved, and the software​​ systems they have to​​​‌ implement. Domain-Specific (Modeling) Languages​ enable stakeholders to address​‌ the diverse concerns through​​ specific points of view,​​​‌ and their coordinated use​ is essential to support​‌ the socio-technical coordination across​​ the overall software system​​​‌ life cycle.

Our perspectives​ on Software Language Engineering​‌ over the next period​​ is presented in Figure​​​‌ 2 and detailed in​ the following paragraphs.

Perspectives​‌ on Software Language Engineering​​ (axis #1)

DSL Executability.

Providing rich​​ and adequate environments is​​​‌ key to the adoption​ of domain-specific languages. In​‌ particular, we focus on​​ tools that support model​​​‌ and program execution. We​ explore the foundations to​‌ define the required concerns​​ in language specification, and​​​‌ systematic approaches to derive​ environments (e.g., IDE,​‌ notebook, design labs) including​​ debuggers, animators, simulators, loggers,​​​‌ monitors, trade-off analysis, etc.​

Modular & Distributed IDE.​‌

IDEs are indispensable companions​​ to software languages. They​​​‌ are increasingly turning towards​ Web-based platforms, heavily relying​‌ on cloud infrastructures and​​ forges. Since all language​​​‌ services require different computing​ capacities and response times​‌ (to guarantee a user-friendly​​ experience within the IDE)​​​‌ and use shared resources​ (e.g., the program),​‌ we explore new architectures​​ for their modularization and​​​‌ systematic approaches for their​ individual deployment and dynamic​‌ adaptation within an IDE.​​ To cope with the​​​‌ ever-growing number of programming​ languages, manufacturers of Integrated​‌ Development Environments (IDE) have​​ recently defined protocols as​​​‌ a way to use​ and share multiple language​‌ services in language-agnostic environments.​​ These protocols rely on​​​‌ a proper specification of​ the services that are​‌ commonly found in the​​ tool support of general-purpose​​​‌ languages, and define a​ fixed set of capabilities​‌ to offer in the​​ IDE. However, new languages​​​‌ regularly appear offering unique​ constructs (e.g., DSLs), and​‌ which are supported by​​ dedicated services to be​​​‌ offered as new capabilities​ in IDEs. This trend​‌ leads to the multiplication​​ of new protocols, hard​​​‌ to combine and possibly​ incompatible (e.g., overlap, different​‌ technological stacks). Beyond the​​ proposition of specific protocols,​​​‌ we will explore an​ original approach to be​‌ able to specify language​​ protocols and to offer​​​‌ IDEs to be configured​ with such protocol specifications.​‌ IDEs went from directly​​ supporting languages to protocols,​​​‌ and we envision the​ next step: IDE as​‌ code, where language​​ protocols are created or​​​‌ inferred on demand and​ serve as support of​‌ an adaptation loop taking​​ in charge of the​​​‌ (re)configuration of the IDE.​

Design Lab.

Web-based and​‌ cloud-native IDEs open new​​ opportunities to bridge the​​​‌ gap between the IDE​ and collaborative platforms, e.g.,​‌ forges. In the complex​​ world of software systems,​​​‌ we explore new approaches​ to reduce the distance​‌ between the various stakeholders​​ (e.g., systems engineers and​​​‌ all those involved in​ specialty engineering) and to​‌ improve the interactions between​​ them through an adapted​​​‌ tool chain. We aim​ to improve the usability​‌ of development cycles with​​ efficiency, affordance and satisfaction.​​ We also explore new​​​‌ approaches to explore and‌ interact with the design‌​‌ space or other concerns​​ such as human values​​​‌ or security, and provide‌ facilities for trade-off analysis‌​‌ and decision making in​​ the the context of​​​‌ software and system designs.‌

Live & Polyglot Development.‌​‌

As of today, polyglot​​ development is massively popular​​​‌ and virtually all software‌ systems put multiple languages‌​‌ to use, which not​​ only complexifies their development,​​​‌ but also their evolution‌ and maintenance. Moreover, as‌​‌ software are more used​​ in new application domains​​​‌ (e.g., data analytics, health‌ or scientific computing), it‌​‌ is crucial to ease​​ the participation of scientists,​​​‌ decision-makers, and more generally‌ non-software experts. Live programming‌​‌ makes it possible to​​ change a program while​​​‌ it is running, by‌ propagating changes on a‌​‌ program code to its​​ run-time state. This effectively​​​‌ bridges the gulf of‌ evaluation between program writing‌​‌ and program execution: the​​ effects a change has​​​‌ on the running system‌ are immediately visible, and‌​‌ the developer can take​​ immediate action. The challenges​​​‌ at the intersection of‌ polyglot and live programming‌​‌ have received little attention​​ so far, and we​​​‌ envision a language design‌ and implementation approach to‌​‌ specify domain-specific languages and​​ their coordination, and automatically​​​‌ provide interactive domain-specific environments‌ for live and polyglot‌​‌ programming.

Self-Adaptable Language.

Over​​ recent years, self-adaptation has​​​‌ become a concern for‌ many software systems that‌​‌ operate in complex and​​ changing environments. At the​​​‌ core of self-adaptation lies‌ a feedback loop and‌​‌ its associated trade-off reasoning,​​ to decide on the​​​‌ best course of action.‌ However, existing software languages‌​‌ do not abstract the​​ development and execution of​​​‌ such feedback loops for‌ self-adaptable systems. Developers have‌​‌ to fall back to​​ ad-hoc solutions to implement​​​‌ self-adaptable systems, often with‌ wide-ranging design implications (e.g.,‌​‌ explicit MAPE-K loop). Furthermore,​​ existing software languages do​​​‌ not capitalize on monitored‌ usage data of a‌​‌ language and its modeling​​ environment. This hinders the​​​‌ continuous and automatic evolution‌ of a software language‌​‌ based on feedback loops​​ from the modeling environment​​​‌ and runtime software system.‌ To address the aforementioned‌​‌ issues, we will explore​​ the concept of Self-Adaptable​​​‌ Language (SAL) to abstract‌ the feedback loops at‌​‌ both system and language​​ levels.

Overall objective.‌​‌

Leveraging our longstanding activity​​ on variability management for​​​‌ software product lines and‌ configurable systems covering diverse‌​‌ scenarios of use, we​​ will investigate over the​​​‌ next period the impact‌ of such a variability‌​‌ across the diverse layers,​​ incl. source code, input/output​​​‌ data, compilation chain, operating‌ systems and underlying execution‌​‌ platforms. We envision a​​ better support and assistance​​​‌ for the configuration and‌ optimisation (e.g., non-functional properties)‌​‌ of software systems according​​ to this deep variability.​​​‌ Moreover, as software systems‌ involve diverse artefacts (‌​‌e.g., APIs, tests, models,​​ scripts, data, cloud services,​​​‌ documentation, deployment descriptors...), we‌ will investigate their continuous‌​‌ co-evolution during the overall​​ lifecycle, including maintenance and​​​‌ evolution. Our perspectives on‌ spatio-temporal variability over the‌​‌ next period is presented​​​‌ in Figure 3 and​ is detailed in the​‌ following paragraphs.

Perspectives on​​ Spatio-temporal Variability in Software​​​‌ and Systems (axis #2)​

Deep Software Variability.​

Software systems can be​‌ configured to reach specific​​ functional goals and non-functional​​​‌ performance, either statically at​ compile time or through​‌ the choice of command​​ line options at runtime.​​​‌ We observed that considering​ the software layer only​‌ might be a naive​​ approach to tune the​​​‌ performance of the system​ or to test its​‌ functional correctness. In fact,​​ many layers (hardware, operating​​​‌ system, input data, etc.),​ which are themselves subject​‌ to variability, can alter​​ the performance or functionalities​​​‌ of software configurations. We​ call deep software variability​‌ the interaction of all​​ variability layers that could​​​‌ modify the behavior or​ non-functional properties of a​‌ software. Deep software variability​​ calls to investigate how​​​‌ to systematically handle cross-layer​ configuration. The diversification of​‌ the different layers is​​ also an opportunity to​​​‌ test the robustness and​ resilience of the software​‌ layer in multiple environments.​​ Another interesting challenge is​​​‌ to tune the software​ for one specific executing​‌ environment. In essence, deep​​ software variability questions the​​​‌ generalization of the configuration​ knowledge.

Continuous Software Evolution.​‌

Nowadays, software development has​​ become more and more​​​‌ complex, involving various artefacts,​ such as APIs, tests,​‌ models, scripts, data, cloud​​ services, documentation, etc., and​​​‌ embedding millions of lines​ of code (LOC). Recent​‌ evidence highlights continuous software​​ evolution based on thousands​​​‌ of commits, hundreds of​ releases, all done by​‌ thousands of developers. We​​ focus on the following​​​‌ essential backbone dimensions in​ software engineering: languages, models,​‌ APIs, tests and deployment​​ descriptors, all revolving around​​​‌ software code implementation. We​ will explore the foundations​‌ of a multidimensional and​​ polyglot co-evolution platform, and​​​‌ will provide a better​ understanding with new empirical​‌ evidence and knowledge.

Overall objective.​‌

The production and delivery​​ of modern software systems​​​‌ involves the integration of​ diverse dependencies and continuous​‌ deployment on diverse execution​​ platforms in the form​​​‌ of large distributed socio-technical​ systems. This leads to​‌ new software architectures and​​ programming models, as well​​​‌ as complex supply chains​ for final delivery to​‌ system users. In order​​ to boost cybersecurity, we​​​‌ want to provide strong​ support to software engineers​‌ and IT teams in​​ the development and delivery​​​‌ of secure and resilient​ software systems, ie. systems​‌ able to resist or​​ recover from cyberattacks. Our​​​‌ perspectives on DevSecOps and​ Resilience Engineering over the​‌ next period are presented​​ in Figure 4 and​​​‌ detailed in the following​ paragraphs.

Perspectives on DevSecOps​‌ and Resilience Eng. for​​ Software and Systems (axis​​​‌ #3)

Secure & Resilient Architecture.​

Continuous integration and deployment​‌ pipelines are processes implementing​​ complex software supply chains.​​​‌ We envision an explicit​ and early consideration of​‌ security properties in such​​ pipelines to help in​​ detecting vulnerabilities. In particular,​​​‌ we integrate the security‌ concern in Model-Based System‌​‌ Analysis (MBSA) approaches, and​​ explore guidelines, tools and​​​‌ methods to drive the‌ definition of secure and‌​‌ resilient architectures. We also​​ investigate resilience at runtime​​​‌ through frameworks for autonomic‌ computing and data-centric applications,‌​‌ both for the software​​ systems and the associated​​​‌ deployment descriptors.

Smart CI/CD.‌

Dependencies management, Infrastructure as‌​‌ Code (IaC) and DevOps​​ practices open opportunities to​​​‌ analyze complex supply chains.‌ We aim at providing‌​‌ relevant metrics to evaluate​​ and ensure the security​​​‌ of such supply chains,‌ advanced assistants to help‌​‌ in specifying corresponding pipelines,​​ and new approaches to​​​‌ optimize them (e.g.,‌ software debloating, scalability...). We‌​‌ study how supply chains​​ can actively leverage software​​​‌ variability and diversity to‌ increase cybersecurity and resilience.‌​‌

Secure Supply Chain.

In​​ order to produce secure​​​‌ and resilient software systems,‌ we explore new secure-by-design‌​‌ foundations that integrate security​​ concerns as first class​​​‌ entities through a seamless‌ continuum from the design‌​‌ to the continuous integration​​ and deployment. We explore​​​‌ new models, architectures, inter-relations,‌ and static and dynamic‌​‌ analyses that rely on​​ explicitly expressed security concerns​​​‌ to ensure a secure‌ and resilient supply chain.‌​‌ We lead research on​​ automatic vulnerability and malware​​​‌ detection in modern supply‌ chains, considering the various‌​‌ artefacts either as white​​ boxes enabling source code​​​‌ analysis (to avoid accidental‌ vulnerabilities or intentional ones‌​‌ or code poisoning), or​​ as black boxes requiring​​​‌ binary analysis (to find‌ malware or vulnerabilities). We‌​‌ also conduct research activities​​ in dependencies and deployment​​​‌ descriptors security analysis.

Towards​​ a Unifying Reference Model​​​‌ for Digital Twins of​ Cyber-Physical Systems

61 Digital​‌ twins are sophisticated software​​ systems for the representation,​​​‌ monitoring, and control of​ cyber-physical systems, including automotive,​‌ avionics, smart manufacturing, and​​ many more. Existing definitions​​​‌ and reference models of​ digital twins are overly​‌ abstract, impeding their comprehensive​​ understanding and implementation guidance.​​​‌ Consequently, a significant gap​ emerges between abstract concepts​‌ and their industrial implementations.​​ We analyze popular reference​​​‌ models for digital twins​ and combine these into​‌ a significantly detailed unifying​​ reference model for digital​​​‌ twins that reduces the​ concept-implementation gap to facilitate​‌ their engineering in industrial​​ practice. This enhances the​​​‌ understanding of the concepts​ of digital twins and​‌ their relationships and guides​​ developers to implement digital​​​‌ twins effectively.

Evolution at​ the Core of Digital​‌ Twin Engineering

50 Engineering​​ Digital Twins (EDT) presents​​​‌ a multifaceted challenge that​ extends beyond managing the​‌ lifecycle of a Digital​​ Twin (DT) to include​​​‌ its continuous, dynamic interaction​ with the lifecycle of​‌ the actual object, system,​​ or process it represents,​​ referred to as the​​​‌ Actual Twin (AT). The‌ relationship between the lifecycles‌​‌ of DT and AT​​ necessitates a rethinking of​​​‌ the software development lifecycle‌ of DTs. This work‌​‌ examines the deeply intertwined​​ lifecycles of DT and​​​‌ AT, arguing that effective‌ methods for EDT must‌​‌ embrace the mutual and​​ adaptive evolution of both​​​‌ over time. We propose‌ placing evolution at the‌​‌ core of EDT. We​​ identify key triggers of​​​‌ DT evolution, examine the‌ engineering dimensions involved, and‌​‌ explore how the best​​ practices, technologies, and tools​​​‌ of DevOps can support‌ this evolution. Finally, we‌​‌ discuss current challenges and​​ opportunities in the field.​​​‌ This work serves as‌ a call to action‌​‌ for the EDT community​​ to adopt evolution as​​​‌ a crucial factor and‌ core principle in EDT.‌​‌

On the Challenges of​​ Integrating Digital Twins

53​​​‌ Digital Twins (DTs) are‌ a key technology for‌​‌ smart ecosystems to provide​​ accurate digital representation of​​​‌ their constituents, e.g., smart‌ buildings, farms, transportation, and‌​‌ citizens, as well as​​ synchronization between the digital​​​‌ and the real subject,‌ and the exploration of‌​‌ what-if scenarios and tradeoff​​ reasoning. To cope with​​​‌ emerging complex socio-technical ecosystems,‌ we need to bring‌​‌ DTs together, which is​​ a challenging endeavor. After​​​‌ giving a historical overview‌ of system adaptation, we‌​‌ review the many enabling​​ technologies that can help​​​‌ with DT integration. Using‌ a smart city as‌​‌ an illuminating example to​​ highlight scenarios that require​​​‌ integration of DTs, we‌ discuss a model-based conceptual‌​‌ framework that identifies DT​​ integration strategies and elaborate​​​‌ on nine key integration‌ challenges that still need‌​‌ to be addressed. We​​ call on the DT​​​‌ community to investigate these‌ challenges.

Model-Driven Engineering for‌​‌ Digital Twins: Opportunities and​​ Challenges

45 Digital twins​​​‌ are increasingly used across‌ a wide range of‌​‌ industries. Modeling is a​​ key to digital twin​​​‌ development - both when‌ considering the models which‌​‌ a digital twin maintains​​ of its real-world complement​​​‌ ("models in digital twin")‌ and when considering models‌​‌ of the digital twin​​ as a complex (software)​​​‌ system itself. Thus, systematic‌ development and maintenance of‌​‌ these models is a​​ key factor in effective​​​‌ and efficient digital twin‌ development, maintenance, and use.‌​‌ We argue that model-driven​​ engineering (MDE), a field​​​‌ with almost three decades‌ of research, will be‌​‌ essential for improving the​​ efficiency and reliability of​​​‌ future digital twin development.‌ To do so, we‌​‌ present an overview of​​ the digital twin life​​​‌ cycle, identifying the different‌ types of models that‌​‌ should be used and​​ re-used at different life​​​‌ cycle stages (including systems‌ engineering models of the‌​‌ actual system, domain-specific simulation​​ models, models of data​​​‌ processing pipelines, etc.). We‌ highlight some approaches in‌​‌ MDE that can help​​ create and manage these​​​‌ models and present a‌ roadmap for research towards‌​‌ MDE of digital twins.​​

Modeling and Digital Twins:​​​‌ Insights and Strategies for‌ Software Engineers

29 Using‌​‌ software modeling to address​​ complex systems offers several​​​‌ significant benefits, enabling engineers‌ to design, manage, and‌​‌ evolve such systems more​​​‌ effectively. However, digital twins​ transform how software engineers​‌ design, operate, and maintain​​ complex systems, fostering innovation,​​​‌ efficiency, and reliability in​ diverse industries. Despite their​‌ potential, adopting this conceptual​​ framework poses significant challenges​​​‌ for software engineers, including​ technical and organizational hurdles​‌ and the complexity of​​ integrating digital twin engineering​​​‌ into existing workflows. To​ provide practical insights, this​‌ column discusses challenges and​​ highlights approaches discussed at​​​‌ the ACM/IEEE 27th International​ Conference on Model Driven​‌ Engineering Languages and Systems​​ (MODELS 2024) and the​​​‌ 1st International Conference on​ Engineering Digital Twins (EDTconf​‌ 2024). The selected papers​​ showcase advancements in the​​​‌ engineering of complex software​ systems, emphasizing modeling techniques​‌ and digital twins to​​ address challenges such as​​​‌ improving system understanding and​ stakeholder communication, enhancing design​‌ and development processes, optimizing​​ lifecycles, and supporting the​​​‌ integration of complex systems.​ The goal of this​‌ work is to welcome​​ feedbacks and suggestions on​​​‌ the topics covered.

Engineering​ Digital Twins: A Research​‌ Roadmap

54 As society​​ transitions from traditional engineered​​​‌ physical systems to software-driven​ ecosystems, the demand for​‌ adaptive, cost-effective, and rapidly​​ evolving technologies continues to​​​‌ rise. Digital Twins (DTs)​ have recently emerged as​‌ a key architectural and​​ conceptual tool to address​​​‌ these needs by decoupling​ high-level system control and​‌ decision making from physical​​ operations. By integrating deductive​​​‌ engineering models with inductive,​ data-driven insights, DTs offer​‌ powerful capabilities for simulation,​​ prediction, and adaptive system​​​‌ management. However, despite their​ promise, current DT implementations​‌ often remain fragmented, domain-specific,​​ and expensive to build​​​‌ and maintain. This work​ proposes a research agenda​‌ for a structured and​​ principled approach to the​​​‌ engineering of digital twins​ (EDT), grounded in established​‌ software and systems engineering​​ practices. Our goal is​​​‌ to empower the creation​ of digital twins that​‌ are scalable, reusable, and​​ trustworthy. Building on the​​​‌ capabilities outlined by the​ Digital Twin Consortium, we​‌ offer a complementary perspective​​ by identifying key research​​​‌ challenges associated with their​ integration in the context​‌ of digital twin engineering.​​ In addition, we examine​​​‌ the engineering lifecycle of​ DT systems and present​‌ a comprehensive research agenda​​ for the EDT community.​​​‌

PolyDebug:​ a Framework for Polyglot​‌ Debugging

41 As software​​ grows increasingly complex, the​​​‌ quantity and diversity of​ concerns to be addressed​‌ also rises. To answer​​ this diversity of concerns,​​​‌ developers may end up​ using multiple programming languages​‌ in a single software​​ project, a practice known​​​‌ as polyglot programming. This​ practice has gained momentum​‌ with the rise of​​ execution platforms capable of​​​‌ supporting polyglot systems. However,​ despite this momentum, there​‌ is a notable lack​​ of development tooling support​​​‌ for developers working on​ polyglot programs, such as​‌ in debugging facilities. Not​​ all polyglot execution platforms​​​‌ provide debugging capabilities, and​ for those that do,​‌ implementing support for new​​ languages can be costly.​​​‌ This work addresses this​ gap by introducing a​‌ novel debugger framework that​​ is language-agnostic yet leverages​​​‌ existing language-specific debuggers. The​ proposed framework is dynamically​‌ extensible to accommodate the​​ evolving combination of languages​​ used in polyglot software​​​‌ development. It utilizes the‌ Debug Adapter Protocol (DAP)‌​‌ to integrate and coordinate​​ existing debuggers within a​​​‌ debugging session. We found‌ that using our approach,‌​‌ we were able to​​ implement polyglot debugging support​​​‌ for three different languages‌ with little development effort.‌​‌ We also found that​​ our debugger did not​​​‌ introduce an overhead significant‌ enough to hinder debugging‌​‌ tasks in many scenarios;​​ however performance did deteriorate​​​‌ with the amount of‌ polyglot calls, making the‌​‌ approach not suitable for​​ every polyglot program structure.​​​‌ The effectiveness of this‌ approach is demonstrated through‌​‌ the development of a​​ prototype, PolyDebug, and its​​​‌ application to use cases‌ involving C, JavaScript, and‌​‌ Python. We evaluated PolyDebug​​ on a dataset of​​​‌ traditional benchmark programs, modified‌ to fit our criteria‌​‌ of polyglot programs. We​​ also assessed the development​​​‌ effort by measuring the‌ source lines of code‌​‌ (SLOC) for the prototype​​ as a whole as​​​‌ well as its components.‌ Debugging is a fundamental‌​‌ part of developing and​​ maintaining software. Lack of​​​‌ debug tools can lead‌ to difficulty in locating‌​‌ software bugs and slow​​ down the development process.​​​‌ We believe this work‌ is relevant to help‌​‌ provide developers proper debugging​​ support regardless of the​​​‌ runtime environment.

Modeling: The Heart‌​‌ and Soul of Engineering​​ Smart Ecosystems

52 The​​​‌ pervasive digitalization of our‌ world has ushered in‌​‌ a new era marked​​ by increased complexity and​​​‌ diversity in the development,‌ optimization, and maintenance of‌​‌ modern software-intensive systems. These​​ systems, often characterized by​​​‌ intricate socio-technical components and‌ AI integration, pose challenges‌​‌ for conventional systems engineering​​ approaches and require an​​​‌ alliance of different disciplines.‌ In this work, we‌​‌ argue that they demand​​ a paradigm shift towards​​​‌ integrative modeling across systems‌ engineering, software engineering, data‌​‌ science, and simulation engineering.​​ We highlight the key​​​‌ challenges faced in the‌ development of modern complex‌​‌ systems that need to​​ be addressed by this​​​‌ paradigm shift. We argue‌ that achieving this shift‌​‌ requires new research, tools,​​ and education.

Augmenting graphical​​​‌ modeling workbenches with semantic-aware‌ interactive features

39 Domain-Specific‌​‌ Modeling Languages (DSMLs) usually​​ come with a dedicated​​​‌ integrated environment called a‌ modeling workbench. In the‌​‌ context of graphical DSMLs,​​ such environments provide modelers​​​‌ with dedicated interactive features‌ that help them perform‌​‌ navigation and editing tasks.​​ Many of these features​​​‌ are generic and can‌ be used by graphical‌​‌ DSMLs without any specialization​​ (e.g., a physical zoom).​​​‌ Others require specializations in‌ accordance with the involved‌​‌ DSML. For instance, a​​ semantic zoom requires specifying​​​‌ which elements of the‌ model must be graphically‌​‌ modified at the different​​ zoom levels. However, current​​​‌ language workbenches do not‌ propose facilities to help‌​‌ language designers in developing​​ such semantic-aware features for​​​‌ their graphical modeling workbenches.‌ So language designers must‌​‌ develop these features by​​ hand, which is a​​​‌ complex and time-consuming task.‌ This work proposes a‌​‌ novel approach to help​​ language designers in this​​​‌ task. In addition to‌ existing DSML concerns, such‌​‌ as the syntaxes, we​​​‌ propose to capture the​ interactive features of the​‌ targeted modeling workbench in​​ the form of DSML​​​‌ pragmatics. We propose an​ implementation of our proposal​‌ within one industrial language​​ workbench, Sirius Web. We​​​‌ evaluate our proposal through​ two representative use cases​‌ that support discussion of​​ the feasibility of the​​​‌ proposal. We also evaluate​ its scalability. The evaluation​‌ brings forward challenges the​​ community has to consider​​​‌ while developing highly interactive​ modeling workbenches.

HydroModPy: A Python​​ toolbox for deploying catchment-scale​​​‌ shallow groundwater models

80​ In response to the​‌ growing demand for groundwater​​ flow models, we present​​​‌ HydroModPy, an open-source toolbox​ designed to automate their​‌ deployment at the catchment​​ scale. Built on top​​​‌ of the MODFLOW-enabling FloPy​ library, HydroModPy combines the​‌ robust WhiteboxTools toolbox for​​ geospatial analysis and the​​​‌ well-validated MODFLOW code for​ groundwater modeling. This Python-based​‌ toolbox streamlines the construction,​​ calibration, and analysis of​​​‌ unconfined aquifer models while​ adhering to FAIR (Findable,​‌ Accessible, Interoperable, and Reusable)​​ principles. It enhances model​​​‌ reproducibility through editable Python​ code, supports multi-site deployment,​‌ and provides compatibility with​​ alternative groundwater flow solvers.​​​‌ Furthermore, it integrates pre-​ and post-processing functionalities to​‌ simplify workflows. The toolbox​​ enables catchment delineation and​​​‌ hydrological feature extraction from​ DEMs, followed by semi-automatic​‌ model construction and advanced​​ visualization of hydraulic head​​​‌ and flow results. Users​ can choose from predefined​‌ aquifer structures and hydraulic​​ properties such as exponential​​​‌ decay of hydraulic conductivity​ and porosity with depth​‌ or import complex 3D​​ geological models. HydroModPy outputs​​​‌ can be exported in​ standard formats (e.g., raster,​‌ shapefile, netCDF), including water​​ table elevation, water table​​​‌ depth, groundwater storage, groundwater-dependent​ hydrographic network and streamflow​‌ rates, and subsurface residence​​ times. HydroModPy is tailored​​​‌ for the deployment in​ diverse geomorphological and hydrological​‌ settings, enabling the testing​​ and exploration of aquifer​​​‌ models under varying recharge​ conditions. Its deployment capabilities​‌ are demonstrated in complex​​ shallow basement and crystalline​​​‌ aquifers, where topography and​ geology primarily govern groundwater​‌ flow dynamics from hillslope​​ to catchment scales. As​​​‌ an open-source toolbox, HydroModPy​ is designed for the​‌ community and actively encourages​​ contributions from its users.​​​‌ It supports research in​ hydro(geo)logy and land and​‌ water management, while also​​ providing valuable opportunities for​​​‌ teaching and education.

Facilitating​ Heterogeneity Management on the​‌ Computing Continuum

73 The​​ computing continuum combines edge​​​‌ and cloud computing resources​ to create a seamless​‌ infrastructure. This integration brings​​ about a variety of​​​‌ resources, leading to heterogeneity.​ Therefore, meeting application requirements​‌ such as fast response​​ times, high-quality results, detailed​​​‌ data, low costs, and​ energy efficiency becomes challenging.​‌ We suggest using self-adaptive​​ systems and software variability​​​‌ management methods to manage​ this complexity. Specifically, we​‌ propose modeling software variability​​ and infrastructure heterogeneity to​​​‌ help configure and deploy​ systems effectively. We illustrate​‌ this approach with a​​ video analytics use-case.

Climate​​​‌ Change: What is Computing's​ Responsibility?

85 This Manifesto​‌ was produced from the​​ Perspectives Workshop 25122 entitled​​​‌ ”Climate Change: What is​ Computing's Responsibility?” held March​‌ 16-19, 2025 at Schloss​​ Dagstuhl, Germany. The Workshop​​ provided a forum for​​​‌ world-leading computer scientists and‌ expert consultants on environmental‌​‌ policy and sustainable transition​​ to engage in a​​​‌ critical and urgent conversation‌ about computing's responsibilities in‌​‌ addressing climate change -​​ or more aptly, climate​​​‌ crisis. The resulting Manifesto‌ outlines commitments and directions‌​‌ for future action which,​​ if adopted as a​​​‌ basis for more responsible‌ computing practices, will help‌​‌ ensure that these technologies​​ do not threaten the​​​‌ long-term habitability of the‌ planet. We preface our‌​‌ Manifesto with a recognition​​ that humanity is on​​​‌ a path that is‌ not in agreement with‌​‌ international global warming targets​​ and explore how computing​​​‌ technologies are currently hastening‌ the overshoot of these‌​‌ boundaries. We critically assess​​ the vaunted potential for​​​‌ harnessing computing technologies for‌ the mitigation of global‌​‌ warming, agreeing that, under​​ current circumstances, computing is​​​‌ contributing to negative environmental‌ impacts in other sectors.‌​‌ Computing primarily improves efficiency​​ and reduces costs which​​​‌ leads to more consumption‌ and more negative environmental‌​‌ impact. Relying solely on​​ efficiency gains in computing​​​‌ has thus far proven‌ to be insufficient to‌​‌ curb global greenhouse gas​​ emissions. Therefore, computing's purpose​​​‌ within a strategy for‌ tackling climate change must‌​‌ be reimagined. Our recommendations​​ cover changes that need​​​‌ to be urgently made‌ to the design priorities‌​‌ of computing technologies, but​​ also speak to the​​​‌ more systemic shift in‌ mindset, with sustainability and‌​‌ human rights providing a​​ necessary moral foundation for​​​‌ developing the kinds of‌ computing technologies most needed‌​‌ by society. We also​​ stress the importance of​​​‌ digital policy that accounts‌ for both the direct‌​‌ material impacts of computing​​ and the detrimental indirect​​​‌ impacts arising from computing-enabled‌ efficiencies, and the role‌​‌ of computing professionals in​​ informing policy making.

Automated co-evolution of metamodels​​ and code

42 In​​​‌ Software Engineering, Model-Driven Engineering‌ (MDE) is a methodology‌​‌ that considers Metamodels as​​ a cornerstone. As an​​​‌ abstract artifact, a metamodel‌ plays a significant role‌​‌ in the specification of​​ a software language, particularly,​​​‌ in generating other artifacts‌ of lower abstraction level,‌​‌ such as code. Developers​​ then enrich the generated​​​‌ code to build their‌ language services and tooling,‌​‌ e.g., editors, and checkers.​​ Problem. When a metamodel​​​‌ evolves, the generated code‌ is automatically updated. As‌​‌ a consequence, the developers'​​ additional code is impacted​​​‌ and needs to be‌ co-evolved accordingly. Contribution. This‌​‌ work proposes a new​​ fully automatic code co-evolution​​​‌ approach with the evolution‌ of the Ecore metamodel.‌​‌ The approach relies on​​ pattern matching of the​​​‌ additional code errors. This‌ process aims to analyze‌​‌ the abstraction gap between​​ the evolved metamodel elements​​​‌ and the code errors‌ to co-evolve them. Evaluation‌​‌ and Results. We evaluated​​ our approach on nine​​​‌ Eclipse projects from OCL,‌ Modisco, and Papyrus over‌​‌ several evolved versions of​​ three metamodels. Results show​​​‌ that we automatically co-evolved‌ 771 errors due to‌​‌ metamodel evolution with 631​​ matched and applied resolutions.​​​‌ Our approach reached an‌ average of 82% of‌​‌ precision and 81% of​​​‌ recall, varying from 48%​ to 100% for precision​‌ and recall respectively. To​​ check the effect of​​​‌ the co-evolution and its​ behavioral correctness, we rely​‌ on generated test cases​​ before and after co-evolution.​​​‌ We observed that the​ percentage of passing, failing,​‌ and erroneous tests remained​​ the same with insignificant​​​‌ variations in some projects.​ Thus, suggesting the behavioral​‌ correctness of the co-evolution​​ Moreover, we conducted a​​​‌ comparison with the use​ of quick fixes that​‌ represent a usual tool​​ for correcting code errors​​​‌ in an IDE. We​ found that our automatic​‌ co-evolution approach outperforms the​​ use of quick fixes​​​‌ that lacked the context​ of metamodel evolution. Finally,​‌ we also compared our​​ approach with the state-of-the-art​​​‌ semi-automatic co-evolution approach. As​ expected, precision and recall​‌ are slightly better with​​ semi-automation, but with the​​​‌ burden of manual intervention,​ which is alleviated with​‌ our automatic co-evolution.

A​​ language-parametric test amplification framework​​​‌ for executable domain-specific languages​

43 Behavioral models are​‌ important assets that must​​ be thoroughly verified early​​​‌ in the design process.​ This can be achieved​‌ with manually-written test cases​​ that embed carefully hand-picked​​​‌ domain-specific input data. However,​ such test cases may​‌ not always reach the​​ desired level of quality,​​​‌ such as high coverage​ or being able to​‌ localize faults efficiently. Test​​ amplification is an interesting​​​‌ emergent approach to improve​ a test suite by​‌ automatically generating new test​​ cases out of existing​​​‌ manually-written ones. Yet, while​ ad-hoc test amplification solutions​‌ have been proposed for​​ a few programming languages,​​​‌ no solution currently exists​ for amplifying the test​‌ suites of behavioral models.​​ In order to fill​​​‌ this gap, we propose​ an automated and generic​‌ test amplification approach for​​ executable Domain Specific Languages​​​‌ (DSLs). Hence, given an​ executable DSL, a conforming​‌ behavioral model, and an​​ existing test suite, our​​​‌ approach synthesizes new regression​ test cases in three​‌ steps: (i) generating new​​ test inputs by applying​​​‌ a set of generic​ modifiers on the existing​‌ test inputs; (ii) running​​ the model under test​​​‌ with new inputs and​ generating assertions from the​‌ execution traces; and (iii)​​ selecting the new test​​​‌ cases that increase the​ initial test quality. We​‌ provide a textual DSL​​ to control and configure​​​‌ the amplification process, along​ with tool support for​‌ the whole approach atop​​ the Eclipse GEMOC Studio.​​​‌ For assessment, we report​ on empirical evaluations over​‌ two different executable DSLs,​​ which show improved test​​​‌ quality in terms of​ both coverage and mutation​‌ score.

Teaching Reproducibility and Embracing​ Variability: From Floating-Point Experiments​‌ to Replicating Research

49​​ Reproducibility is often discussed​​​‌ but rarely practiced in​ undergraduate computer science education.​‌ In this work, we​​ present the design, implementation,​​​‌ and evaluation of a​ 24-hour hands-on course entirely​‌ dedicated to reproducibility and​​ variability in computational experiments.​​ Taught to fourth-and fifth-year​​​‌ students at INSA Rennes‌ in Fall 2024, the‌​‌ course combines scientific thinking,​​ software engineering practices, and​​​‌ variability analysis. Students first‌ explored the non-associativity of‌​‌ floating-point arithmetic as a​​ reproducibility ‘‘Hello World’’ using​​​‌ Docker, GitHub Actions, and‌ templated experimentation to analyze‌​‌ sources of variability across​​ programming languages, compiler flags,​​​‌ and numerical precision. The‌ second half of the‌​‌ course focused on reproducing​​ and replicating actual research​​​‌ papers, including studies on‌ large language models playing‌​‌ chess, home advantage in​​ football during COVID-19, and​​​‌ energy efficiency across programming‌ languages. Students successfully reproduced‌​‌ key results, identified subtle​​ reproducibility issues such as​​​‌ changes in library defaults,‌ and designed replications that‌​‌ extended or challenged original​​ findings. We describe the​​​‌ course structure, pedagogical strategies,‌ and lessons learned, including‌​‌ when students found reproducibility​​ flaws in the instructor’s​​​‌ own prior work. Our‌ experience suggests that reproducibility‌​‌ and variability deserve a​​ central place in computer​​​‌ science education and can‌ be taught in a‌​‌ way that is both​​ technically rigorous and scientifically​​​‌ engaging.

Software Variability for‌ Replicable Science

47 The‌​‌ ability to recreate computational​​ results provides a solid​​​‌ foundation for scientific research.‌ Yet, reproducibility and getting‌​‌ identical results with the​​ original data, code, and​​​‌ environment are challenging, due‌ to many uncontrolled or‌​‌ undocumented variability factors. When​​ reproduction is achieved, replicability​​​‌ can be envisioned to‌ check whether conclusions still‌​‌ hold or generalize when​​ well-controlled changes created by​​​‌ inevitable software variability-are introduced.‌ In this work, we‌​‌ first provide evidence that​​ deep software variability -​​​‌ spanning operating systems, compilers,‌ input data, versions, and‌​‌ configurations, etc. - is​​ impacting reproducibility and replicability​​​‌ in numerous fields of‌ computational science. We then‌​‌ present an approach based​​ on ‘‘modelling, sampling, measuring,​​​‌ learning’’ to systematically explore‌ variability spaces of neuroimaging‌​‌ pipelines. We also illustrate​​ how Masters’ students et​​​‌ INSA Rennes leverage variability‌ to reproduce and replicate‌​‌ studies in soccer, chess,​​ and energy consumption. Throughout​​​‌ this work, we try‌ to convince the audience‌​‌ that software-engineering and variability​​ researchers have a key​​​‌ role to play for‌ truly replicable science. Keynote‌​‌ (invited talk) at CBSoft​​ Brazilian Symposium on Software​​​‌ Components, Architectures, and Reuse‌

Re-evaluating Metamorphic Testing of‌​‌ Chess Engines: A Replication​​ Study

44 This study​​​‌ aims to confirm, replicate‌ and extend the findings‌​‌ of a previous work​​ entitled “Metamorphic Testing of​​​‌ Chess Engines” that reported‌ inconsistencies in the analyses‌​‌ provided by Stockfish, the​​ most widely used chess​​​‌ engine, for transformed chess‌ positions that are fundamentally‌​‌ identical. Initial findings, under​​ conditions strictly identical to​​​‌ those of the original‌ study, corroborate the reported‌​‌ inconsistencies. However, the original​​ work considers a specific​​​‌ dataset (including randomly generated‌ chess positions, end-games, or‌​‌ checkmate problems) and very​​ low analysis depth (10​​​‌ plies,1 corresponding to 5‌ moves). These decisions pose‌​‌ threats that limit generalizability​​ of the results, but​​​‌ also their practical usefulness‌ both for chess players‌​‌ and maintainers of Stockfish.​​ Thus, we replicate the​​​‌ original study. We consider‌ this time (1) positions‌​‌ derived from actual chess​​​‌ games, (2) analyses at​ appropriate and larger depths,​‌ and (3) different versions​​ of Stockfish. We conduct​​​‌ novel experiments on thousands​ of positions, employing significantly​‌ deeper searches. The replication​​ results show that the​​​‌ Stockfish chess engines demonstrate​ significantly greater consistency in​‌ its evaluations. The metamorphic​​ relations are not as​​​‌ effective as in the​ original work, especially on​‌ realistic chess positions. We​​ also demonstrate that, for​​​‌ any given position, there​ exists a depth threshold​‌ beyond which further increases​​ in depth do not​​​‌ result in any evaluation​ differences for the studied​‌ metamorphic relations. We perform​​ an in-depth analysis to​​​‌ identify and clarify the​ implementation reasons behind Stockfish’s​‌ inconsistencies when dealing with​​ transformed positions. A first​​​‌ concrete result is thus​ that metamorphic testing of​‌ chess engines is not​​ yet an effective technique​​​‌ for finding faults of​ Stockfish. Another result is​‌ the lessons learned through​​ this replication effort: metamorphic​​​‌ relations must be verified​ in the context of​‌ the domain’s specificities; without​​ such contextual validation, they​​​‌ may lead to misleading​ or irrelevant conclusions; changes​‌ in parameters and input​​ dataset can drastically alter​​​‌ the effectiveness of a​ testing method.

In the​‌ Search for Truth: Navigating​​ Variability in Neuroimaging Software​​​‌ Pipelines

71 Neuroimaging pipelines​ -software-driven analysis workflows of​‌ brain images -are characterized​​ by a wide range​​​‌ of tools, parameters, and​ configuration choices. Such flexibility,​‌ while enabling diverse scientific​​ inquiries, gives rise to​​​‌ analytical variability: different pipeline​ variants can lead to​‌ different outcomes. In practice,​​ each neuroimaging pipeline variant​​​‌ produces a statistic map​ -a complex, structured 3D​‌ output whose relevance can​​ only be assessed with​​​‌ specific domain expertise, unlike​ simple metrics such as​‌ execution time. And, in​​ most cases, there is​​​‌ no ground truth against​ which to judge these​‌ outputs, making it unclear​​ which variant yields the​​​‌ best result. In this​ work, we introduce a​‌ ‘‘sampling, variant scoring, learning’’​​ methodology to study variability​​​‌ in the absence of​ a quantitative target -i.e.​‌ ground truth. We report​​ our experience in developing​​​‌ an Universal Variability Language​ (UVL) feature model of​‌ 90 features representing the​​ configuration space of a​​​‌ well-established open source neuroimaging​ analysis software (SPM). We​‌ sample and run 1000​​ valid configurations generating 1000​​​‌ statistic maps as outputs.​ We studied various candidate​‌ proxy ground truths and​​ computed Spearman correlations as​​​‌ a quantitative metric of​ the performance of each​‌ pipeline. We tested the​​ following 12 proxy ground​​​‌ truths: the average statistic​ map (across variants), the​‌ output of an expertderived​​ configuration, and a set​​​‌ of randomly selected outputs​ (as baseline). Then, we​‌ used a decision tree​​ learning approach to inspect​​​‌ variability. We evaluated the​ sensitivity of our method​‌ to the choice of​​ (proxy) ground truth, both​​​‌ in terms of predictive​ accuracy and in the​‌ identification of important features.​​ These first results outline​​​‌ the challenge of choosing​ and validating a referential​‌ to assess our understanding​​ of variability in the​​​‌ absence of ground truth.​

PyroBuildS: Speeding up the​‌ exploration of large configuration​​ spaces with incremental build​​

46 Software developers are​​​‌ acutely aware that software‌ build is an essential‌​‌ but resource-intensive step in​​ any software development process,​​​‌ all the more when‌ building large and/or highly‌​‌ configurable systems, whose vast​​ number of configuration options​​​‌ leads to an explosion‌ in the number of‌​‌ variants to build and​​ evaluate. A potential approach​​​‌ to speed up the‌ builds of multiple configurations‌​‌ is to do incremental​​ build, i.e., to not​​​‌ clean the build environment‌ and reuse previous builds‌​‌ when building a new​​ configuration. Previous exploratory studies​​​‌ showed some benefits and‌ limitations of incremental build,‌​‌ but mainly on small​​ configurable software systems and​​​‌ on a limited set‌ of close configurations. However,‌​‌ for large configuration spaces,​​ little is known whether​​​‌ the large distance across‌ configurations impacts the correctness‌​‌ and efficiency of incremental​​ build. This work presents​​​‌ PyroBuildS, a new approach‌ to speed up incremental‌​‌ builds while keeping reproducibility,​​ featuring a configuration variation​​​‌ operator parameterized by two‌ deny lists of problematic‌​‌ options and a mutation​​ size (diversity). We evaluate​​​‌ PyroBuildS through an empirical‌ study on three large‌​‌ complex configurable systems, namely​​ Linux, BusyBox, and ToyBox,​​​‌ with respectively 18637, 1078,‌ 330 configuration options. We‌​‌ first show that for​​ all configurations PyroBuildS produces​​​‌ the exact same binaries‌ as a clean build,‌​‌ except for Linux with​​ some non-reproducible random configurations.​​​‌ We identify the reasons‌ why incremental build speeds‌​‌ up or slows down​​ the build of large​​​‌ configuration spaces – a‌ knowledge that can be‌​‌ integrated into PyroBuildS. Incremental​​ build systematically pays off,​​​‌ since problematic options are‌ avoided in the first‌​‌ place — something only​​ PyroBuildS does. We also​​​‌ show that a naive‌ use of incremental build‌​‌ on random Linux configurations​​ backfires, taking more time​​​‌ than clean builds. Thus,‌ PyroBuildS controls diversity to‌​‌ avoid too many differences​​ across configurations to perform​​​‌ efficient incremental builds. Thanks‌ to its ability to‌​‌ operate over non-problematic options​​ and close enough configurations,​​​‌ PyroBuildS significantly speeds up‌ the exploration of large‌​‌ configuration spaces, with a​​ gain in build time​​​‌ from 16% to 22%‌ in all three systems‌​‌ with mutated configurations. Finally,​​ with random configurations, PyroBuildS​​​‌ also speeds up the‌ build time from 15%‌​‌ to 20% for ToyBox​​ and BusyBox.

Variability Exploration for Decision‌ Making: Supporting Domain Experts‌​‌ in Configuring Business Processes​​

38 Designing a model​​​‌ with built-in variability that‌ can later be specialized‌​‌ for specific needs has​​ become a common practice.​​​‌ This approach enables the‌ consolidation of company expertise‌​‌ within a single model,​​ extending its applicability beyond​​​‌ a single system, process,‌ or behavior. Such modeling‌​‌ reveals a set of​​ choices that Domain Experts​​​‌ (DEs) must evaluate, collectively‌ forming the variability space-the‌​‌ range of potential decisions​​ available to achieve desired​​​‌ project outcomes. Selecting the‌ optimal decision within this‌​‌ variability space is often​​ challenging for DEs, especially​​​‌ those without a technical‌ background. The abundance of‌​‌ alternatives, each with the​​ potential to significantly influence​​​‌ the capabilities of the‌ final solution, adds complexity‌​‌ to the decision-making process.​​​‌ To assist DEs in​ exploring their models, we​‌ propose a tool-supported method​​ for discovering and visualizing​​​‌ the variability space captured​ within feature models. This​‌ method allows experts to​​ explore and evaluate different​​​‌ options against predefined objectives.​ By representing the variability​‌ space in a format​​ conducive to decision-making, our​​​‌ method helps identify key​ choices that impact overall​‌ business processes, assess the​​ implications of each option,​​​‌ and explore alternative configurations.​ We validate this method​‌ through a simplified case​​ study of the OneWay​​​‌ project of Airbus, a​ leading international aircraft manufacturer.​‌ Applying our method to​​ their feature model and​​​‌ business processes for avionics​ program development planning demonstrated​‌ its effectiveness in supporting​​ decision-making activities and its​​​‌ overall performance.

Reinforcement Learning​ for Mutation Operator Selection​‌ in Automated Program Repair​​

40 Automated program repair​​​‌ techniques aim to aid​ software developers with the​‌ challenging task of fixing​​ bugs. In heuristic-based program​​​‌ repair, a search space​ of mutated program variants​‌ is explored to find​​ potential patches for bugs.​​​‌ Most commonly, every selection​ of a mutation operator​‌ during search is performed​​ uniformly at random, which​​​‌ can generate many buggy,​ even uncompilable programs. Our​‌ goal is to reduce​​ the generation of variants​​​‌ that do not compile​ or break intended functionality​‌ which waste considerable resources.​​ In this work, we​​​‌ investigate the feasibility of​ a reinforcement learning-based approach​‌ for the selection of​​ mutation operators in heuristic-based​​​‌ program repair. Our proposed​ approach is programming language,​‌ granularity-level, and search strategy​​ agnostic and allows for​​​‌ easy augmentation into existing​ heuristic-based repair tools. We​‌ conducted an extensive empirical​​ evaluation of four operator​​​‌ selection techniques, two reward​ types, two credit assignment​‌ strategies, two integration methods,​​ and three sets of​​​‌ mutation operators using 30,080​ independent repair attempts. We​‌ evaluated our approach on​​ 353 real-world bugs from​​​‌ the Defects4J benchmark. The​ reinforcement learningbased mutation operator​‌ selection results in a​​ higher number of test-passing​​​‌ variants, but does not​ exhibit a noticeable improvement​‌ in the number of​​ bugs patched in comparison​​​‌ with the baseline, uniform​ random selection. While reinforcement​‌ learning has been previously​​ shown to be successful​​​‌ in improving the search​ of evolutionary algorithms, often​‌ used in heuristic-based program​​ repair, it has yet​​​‌ to demonstrate such improvements​ when applied to this​‌ area of research.

Small​​ Yet Configurable: Unveiling Null​​​‌ Variability in Software

83​ Many small-scale software systems,​‌ that is, with limited​​ codebase or binary size,​​​‌ are widely used in​ everyday tasks, yet their​‌ configurability remains largely unexplored.​​ At the same time,​​​‌ studies on modern software​ systems show a trend​‌ toward increasing configurability, alongside​​ growing interest in building​​​‌ immutable, specialized, and reproducible​ software. In this work,​‌ we present the first​​ empirical study on the​​​‌ extent of configurability in​ small-scale software systems. By​‌ analyzing 108 programs from​​ GNU coreutils, we show​​​‌ that even small programs​ can exhibit significant compile-time​‌ and run-time variability, with​​ up to 76 options​​​‌ per program. Then, there​ is a high correlation​‌ (0.78) between run-time variability​​ and codebase size. Furthermore,​​ an analysis of the​​​‌ 20 smallest programs across‌ 85 releases reveals that‌​‌ variability tends to increase​​ over time, primarily due​​​‌ to the added compile-time‌ variability. This suggests that‌​‌ shifting options between run-time​​ and compile-time, removing unnecessary​​​‌ run-time variability, or resolving‌ compile-time variability early, can‌​‌ help reduce codebase complexity​​ and size. We also​​​‌ introduce, for the first‌ time, the concept of‌​‌ null-variable software system, one​​ with no configurability beyond​​​‌ mandatory features. Our findings‌ show that high configurability‌​‌ is not exclusive to​​ largescale systems and that​​​‌ reducing unnecessary variability can‌ lead to lightweight, smaller,‌​‌ and more maintainable software.​​ We hope this effort​​​‌ contributes to designing new‌ software by understanding how‌​‌ to balance its configurability​​ with codebase size.

A​​​‌ Comprehensive Survey of Benchmarks‌ for Improvement of Software’s‌​‌ Non-Functional Properties

30 Despite​​ recent increase in research​​​‌ on improvement of non-functional‌ properties of software, such‌​‌ as energy usage or​​ program size, there is​​​‌ a lack of standard‌ benchmarks for such work.‌​‌ This absence hinders progress​​ in the field, and​​​‌ raises questions about the‌ representativeness of current benchmarks‌​‌ of real-world software. To​​ address these issues and​​​‌ facilitate further research on‌ improvement of non-functional properties‌​‌ of software, we conducted​​ a comprehensive survey on​​​‌ the benchmarks used in‌ the field thus far.‌​‌ We searched five major​​ online repositories of research​​​‌ work, collecting 5499 publications‌ (4066 unique), and systematically‌​‌ identified relevant papers to​​ construct a rich and​​​‌ diverse corpus of 425‌ relevant studies. We find‌​‌ that execution time is​​ the most frequently improved​​​‌ property in research work‌ (63%), while multi-objective improvement‌​‌ is rarely considered (7%).​​ Static approaches for improvement​​​‌ of non-functional software properties‌ are prevalent (51%), with‌​‌ exploratory approaches (18% evolutionary​​ and 15% non-evolutionary) increasingly​​​‌ popular in the last‌ 10 years. Only 39%‌​‌ of the 425 papers​​ describe work that uses​​​‌ benchmark suites, rather than‌ single software, of those‌​‌ SPEC is most popular​​ (63 papers). We also​​​‌ provide recommendations for future‌ work, noting, for instance,‌​‌ lack of benchmarks for​​ non-functional improvement that covers​​​‌ Python, JavaScript, or mobile‌ devices. All the details‌​‌ regarding the 425 identified​​ papers are available on​​​‌ our dedicated webpage.‌

On the Effect​​ of Feature Reduction on​​​‌ Energy Consumption: An Exploratory‌ Study

74 Energy consumption‌​‌ is a growing concern​​ for sustainable software. Although​​​‌ increasingly studied, it remains‌ largely unexplored in configurable‌​‌ systems growing in complexity​​ with features. Feature reduction​​​‌ can eliminate software bloat,‌ but to our knowledge,‌​‌ its impact on energy​​ use has not been​​​‌ investigated. To fill this‌ gap, we investigated how‌​‌ both on-demand and built-in​​ feature reduction (defined later)​​​‌ affect the energy consumption‌ of configurable systems. We‌​‌ conducted a first exploratory​​ study using 28 programs​​​‌ from three systems with‌ built-in feature reduction, namely‌​‌ ToyBox, BusyBox, and GNU,​​ as well as 6​​​‌ GNU programs debloated on-demand‌ using the Chisel, Debop,‌​‌ and Cov tools. In​​ our results, built-in feature​​​‌ reduction led to statistically‌ significant energy decreases in‌​‌ 7% of the cases,​​​‌ while on-demand reduction, despite​ achieving energy decreases in​‌ 67% of cases, showed​​ no statistical significance. However,​​​‌ when energy consumption increased,​ it was often more​‌ substantial than the reductions​​ observed (occurring in 25%​​​‌ of built-in cases and​ 11% of on-demand cases)​‌ showing the complex and​​ sometimes counterintuitive interplay between​​​‌ feature reduction and energy.​ Additionally, the observed strong​‌ correlation between energy consumption​​ and execution time motivates​​​‌ a shift from traditional​ debloating goals, centered on​‌ binary size/attack surface, to​​ energy-aware strategies that prioritize​​​‌ performance concerns. Finally, we​ provide an in-depth analysis​‌ and discuss the perspective.​​

Evaluating the Energy Profile​​​‌ of Tasks Managed by​ Build Automation Tools in​‌ Continuous Integration Workflows: The​​ Case of Apache Maven​​​‌ and Gradle

58 There​ is a growing interest​‌ in the energy impact​​ of computing-related activities, which​​​‌ is expected to increase​ in the coming years.​‌ Modern software development usually​​ relies on Continuous Integration​​​‌ (CI) to support short​ iterations, where code changes​‌ are integrated on a​​ daily basis. The implementation​​​‌ of CI workflows usually​ relies on build automation​‌ tools, (e.g. Apache Maven​​ or Gradle), to automate​​​‌ several activities such as​ testing or compiling. The​‌ large adoption of CI​​ practices raises concerns about​​​‌ the impact of such​ tasks usually run on​‌ cloud environments, where the​​ underlying hardware and its​​​‌ associated energy consumption remain​ intangible to developers. To​‌ better understand the energy​​ footprint related to modern​​​‌ software development, it is​ essential to investigate the​‌ energy profile of the​​ tasks managed by Apache​​​‌ Maven and Gradle. To​ achieve such goal, we​‌ performed a large-scale study​​ with 1167 CI workflows​​​‌ implemented through GitHub Actions​ and mined from popular​‌ Java projects hosted on​​ GitHub. After executing them​​​‌ locally, in a controlled​ environment, we analyzed in​‌ depth the energy profile​​ of 183 355 tasks​​​‌ managed by Apache Maven​ and Gradle. These tasks​‌ represent a quarter of​​ the total energy consumption​​​‌ associated with the CI​ workflows. We found that​‌ tasks from workflows of​​ small-sized projects do not​​​‌ necessarily consume less energy​ than tasks from workflows​‌ of medium-sized and large-sized​​ projects. We also found​​​‌ that testing-related tasks consume​ the most energy, and​‌ that the larger the​​ project, the higher the​​​‌ percentage of energy consumption​ related to testing. Moreover,​‌ tasks of different categories​​ have a different profile​​​‌ regarding energy consumption per​ task and per unit​‌ of time.

Exploring Performance​​ of Configurable Software Systems:​​​‌ the JHipster Case Study​

55 The performance of​‌ software systems remains a​​ key concern in software​​​‌ engineering. Configurable software systems,​ with their numerous configurations,​‌ complicate the performance evaluation​​ process. This work investigates​​​‌ the impact of web​ stack configurations on performance,​‌ using the JHipster web​​ stack generator as a​​​‌ case study. We analyze​ JHipster configurations to understand​‌ how component choices influence​​ system performance and explore​​​‌ individual configuration options for​ their specific effects. Our​‌ study shows that correlations​​ across performance indicators exist​​​‌ but are often weak,​ and different options affect​‌ performance unevenly, with some​​ impacting one indicator minimally​​ while significantly influencing another.​​​‌ We developed a performance‌ model for JHipster to‌​‌ automate the identification of​​ configurations optimized for specific​​​‌ metrics, identifying four configurations‌ that outperform the current‌​‌ default. Overall, this study​​ underscores JHipster’s relevance as​​​‌ a use case for‌ studying component-level variability in‌​‌ software systems and highlights​​ the importance of selecting​​​‌ configurations based on performance‌ indicators rather than preferred‌​‌ technologies.

Event-Driven Adaptation in​​ the Computing Continuum Using​​​‌ Software Variability

59 The‌ computing continuum aggregates edge,‌​‌ fog, and cloud infrastructure​​ layers, promising lower latencies​​​‌ and improved performance for‌ data-driven applications. In this‌​‌ context, keeping service level​​ objectives (SLOs) is challenging​​​‌ due to fluctuations in‌ resource capacities and network‌​‌ uncertainties. We present an​​ adaptive runtime that manages​​​‌ software configuration parameters, application‌ placement, and scaling at‌​‌ runtime to enforce SLOs.​​ Our approach aims to​​​‌ maintain a separation between‌ developers and providers roles‌​‌ while providing performance estimations​​ for previously unseen configurations.​​​‌ This work describes the‌ proposed architecture, event model,‌​‌ and preliminary results over​​ the Grid’5000 testbed.

Linux​​​‌ Kernel Configurations at Scale:‌ A Dataset for Performance‌​‌ and Evolution Analysis

69​​ Configuring the Linux kernel​​​‌ to meet specific requirements,‌ such as binary size,‌​‌ is highly challenging due​​ to its immense complexity-with​​​‌ over 15,000 interdependent options‌ evolving rapidly across different‌​‌ versions. Although several studies​​ have explored sampling strategies​​​‌ and machine learning methods‌ to understand and predict‌​‌ the impact of configuration​​ options, the literature still​​​‌ lacks a comprehensive and‌ large-scale dataset encompassing multiple‌​‌ kernel versions along with​​ detailed quantitative measurements. To​​​‌ bridge this gap, we‌ introduce TuxKConfig, an accessible‌​‌ collection of kernel configurations​​ spanning several kernel releases,​​​‌ specifically from versions 4.13‌ to 5.8. This dataset,‌​‌ gathered through automated tools​​ and build processes, comprises​​​‌ over 240,000 kernel configurations‌ systematically labeled with compilation‌​‌ outcomes and binary sizes.​​ By providing detailed records​​​‌ of configuration evolution and‌ capturing the intricate interplay‌​‌ among kernel options, our​​ dataset enables innovative research​​​‌ in feature subset selection,‌ prediction models based on‌​‌ machine learning, and transfer​​ learning across kernel versions.​​​‌ Throughout this work, we‌ describe how the dataset‌​‌ has been made easily​​ accessible via OpenML and​​​‌ illustrate how it can‌ be leveraged using only‌​‌ a few lines of​​ Python code to evaluate​​​‌ AI-based techniques, such as‌ supervised machine learning. We‌​‌ anticipate that this dataset​​ will significantly enhance reproducibility​​​‌ and foster new insights‌ into configuration-space analysis at‌​‌ a scale that presents​​ unique opportunities and inherent​​​‌ challenges, thereby advancing our‌ understanding of the Linux‌​‌ kernel’s configurability and evolution.​​

A systematic and large-scale​​​‌ exploration of analytical variability‌ in task-fMRI

82 Configurability‌​‌ of neuroimaging pipelines is​​ essential for tailoring the​​​‌ analyses to different experimental‌ conditions but also gives‌​‌ rise to analytical variability​​ : i.e. distinct pipelines,​​​‌ equally valid from a‌ scientific point of view,‌​‌ may produce different findings.​​ Previous works have explored​​​‌ the sources of this‌ variability typically by studying‌​‌ the variability induced (in​​ the results) by a​​​‌ small set of pre-defined‌ pipeline variations – such‌​‌ as the choice of​​​‌ software, operating systems or​ preprocessing methods. In this​‌ work, we leverage methods​​ from software engineering to​​​‌ systematically explore analytical variability​ from preprocessing up to​‌ group analysis in a​​ multi-task fMRI dataset. We​​​‌ investigate 20 parameters –​ including interpolation algorithm, coregistration​‌ cost function, number of​​ motion regressors – expressing​​​‌ a total of over​ 27,000 distinct pipelines. We​‌ propose a method to​​ study variability in this​​​‌ large space without any​ assumptions made on the​‌ expected results or target​​ downstream task. We separate​​​‌ variability of interest (differences​ observed across valid results)​‌ from unwanted variability (differences​​ linked to pipelines producing​​​‌ unacceptable or low quality​ results) while minimizing the​‌ required amount of visual​​ quality control. Finally, among​​​‌ the valid pipelines, we​ identify the parameters that​‌ have the strongest impact​​ on the final results.​​​‌

Piloting Copilot, Codex,​‌ and StarCoder2: Hot temperature,​​ cold prompts, or black​​​‌ magic?

37 Language models​ are promising solutions for​‌ tackling increasing complex problems.​​ In software engineering, they​​​‌ recently gained attention in​ code assistants, which generate​‌ programs from a natural​​ language task description (prompt).​​​‌ They have the potential​ to save time and​‌ effort but remain poorly​​ understood, limiting their optimal​​​‌ use. In this work,​ we investigate the impact​‌ of input variations on​​ two configurations of a​​​‌ language model, focusing on​ parameters such as task​‌ description, surrounding context, model​​ creativity, and the number​​​‌ of generated solutions. We​ design specific operators to​‌ modify these inputs and​​ apply them to three​​​‌ LLM-based code assistants (Copilot,​ Codex, StarCoder2) and two​‌ benchmarks representing algorithmic problems​​ (HumanEval, LeetCode). Our study​​​‌ examines whether these variations​ significantly affect program quality​‌ and how these effects​​ generalize across models. Our​​​‌ results show that varying​ input parameters can greatly​‌ improve performance, achieving up​​ to 79.27% success in​​​‌ one-shot generation compared to​ 22.44% for Codex and​‌ 31.1% for Copilot in​​ default settings. Actioning this​​​‌ potential in practice is​ challenging due to the​‌ complex interplay in our​​ study-the optimal settings for​​​‌ temperature, prompt, and number​ of generated solutions vary​‌ by problem.

Generative AI-based​​ Adaptation in Microservices Architectures:​​​‌ A Systematic Mapping Study​

66 Microservices have seen​‌ widespread adoption in academia​​ and industry. Despite their​​​‌ benefits, challenges persist in​ resilience, performance, scalability, and​‌ adaptation to dynamic contexts.​​ Generative AI (GenAI) has​​​‌ emerged as a promising​ approach to address these​‌ issues, though concerns remain​​ about the suitability of​​​‌ various models and potential​ drawbacks. To assess the​‌ state of the art,​​ we conducted a systematic​​​‌ mapping study analyzing 22​ primary studies. Results reveal​‌ significant potential of GenAI​​ in enhancing microservice adaptation,​​​‌ with emphasis on Large​ Language Models and optimization​‌ techniques. Applications primarily target​​ maintenance and monitoring, especially​​​‌ anomaly management. This study​ also highlights research gaps​‌ and outlines future directions​​ to advance GenAI integration​​​‌ for more resilient and​ autonomous microservices architectures.

LLM​‌ Code Customization with Visual​​ Results: A Benchmark on​​​‌ TikZ

62 With the​ rise of AI-based code​‌ generation, customizing existing code​​ out of natural language​​ instructions to modify visual​​​‌ results -such as figures‌ or images -has become‌​‌ possible, promising to reduce​​ the need for deep​​​‌ programming expertise. However, even‌ experienced developers can struggle‌​‌ with this task, as​​ it requires identifying relevant​​​‌ code regions (feature location),‌ generating valid code variants,‌​‌ and ensuring the modifications​​ reliably align with user​​​‌ intent. In this work,‌ we introduce vTikZ, the‌​‌ first benchmark designed to​​ evaluate the ability of​​​‌ Large Language Models (LLMs)‌ to customize code while‌​‌ preserving coherent visual outcomes.​​ Our benchmark consists of​​​‌ carefully curated vTikZ editing‌ scenarios, parameterized ground truths,‌​‌ and a reviewing tool​​ that leverages visual feedback​​​‌ to assess correctness. Empirical‌ evaluation with state-of-the-art LLMs‌​‌ shows that existing solutions​​ struggle to reliably modify​​​‌ code in alignment with‌ visual intent, highlighting a‌​‌ gap in current AI-assisted​​ code editing approaches. We​​​‌ argue that vTikZ opens‌ new research directions for‌​‌ integrating LLMs with visual​​ feedback mechanisms to improve​​​‌ code customization tasks in‌ various domains beyond TikZ,‌​‌ including image processing, art​​ creation, Web design, and​​​‌ 3D modeling.

HiPEAC Vision 2025‌

75 In the wake‌​‌ of a series of​​ reports painting a bleak​​​‌ picture of European competitiveness‌ – and hence future‌​‌ prosperity – the HiPEAC​​ Vision 2025 takes a​​​‌ clear-eyed look at the‌ computing sector in the‌​‌ European Union and sets​​ out a series of​​​‌ actionable recommendations applicable to‌ the next 10 years‌​‌ of computing research, covering​​ the computing continuum from​​​‌ edge to cloud to‌ high-performance computing, and tailored‌​‌ to the European context.​​ Taking an analysis of​​​‌ the state of the‌ technology sector as its‌​‌ starting point, the roadmap​​ describes how to implement​​​‌ the “next computing paradigm”‌ (NCP): a computing continuum‌​‌ tailored to the user,​​ where data and code​​​‌ migrate to where it‌ makes sense to process‌​‌ and execute them, and​​ which draws on European​​​‌ strengths such as edge‌ computing, digital twins, factory‌​‌ automation, and management of​​ complex systems to deliver​​​‌ technological solutions to real-world‌ problems. Chapters in this‌​‌ year’s HiPEAC Vision cover​​ the state of the​​​‌ European Union, the NCP,‌ artificial intelligence (AI), new‌​‌ hardware, tools, cyber-physical systems,​​ cybersecurity and sustainability. The​​​‌ document also includes a‌ series of recommendations covering‌​‌ technological themes, methodological approaches,​​ standardization issues, and policy​​​‌ directions.

Software Identification for‌ Cybersecurity: Survey and Recommendations‌​‌ for Regulators

79 Global​​ momentum around software supply​​​‌ chain security has increased‌ over the last few‌​‌ years. High-profile cybersecurity incidents​​ — together with new​​​‌ regulatory imperatives — underscore‌ the need for robust,‌​‌ verifiable identification of all​​ software components, to clearly​​​‌ identify software artifacts whose‌ vulnerabilities are the root‌​‌ cause of potential attacks.​​ Yet, existing naming schemes​​​‌ and repository-based references often‌ prove ephemeral, inexact, or‌​‌ insufficiently secure. By contrast,​​​‌ content-based, persistent software identifiers​ enable unambiguous references that​‌ outlive any particular development​​ platform or hosting service,​​​‌ thus providing a pathway​ to meet these newly​‌ mandated obligations. We contend​​ that SWHIDs (Software Hash​​​‌ IDentifiers) — now international​ standard under ISO/IEC 18670​‌ — offer a relevant​​ and practical solution to​​​‌ unify software identification requirements​ in the EU Cyber​‌ Resilience Act, the U.S.​​ Executive Orders, and broader​​​‌ international policy frameworks. Combined​ with the Software Heritage​‌ archival infrastructure, SWHIDs enable​​ transparent, verifiable identification of​​​‌ source code at various​ granularities (files, directories, version​‌ control systems commits, etc.)​​ and, by extension, of​​​‌ any derived artifact. We​ examined the current situation,​‌ which requires a reflection​​ on the challenges related​​​‌ to the identifications of​ open source components. Next,​‌ we analyzed prevalent identifier​​ architectures deployed in open​​​‌ source development and Software​ Bill of Materials (SBOM)​‌ standardization frameworks. Building on​​ this foundation, we introduced​​​‌ Software Heritage persistent Identifiers​ (SWHIDs), emphasizing their structural​‌ advantages and pivotal role​​ in addressing compliance requirements​​​‌ outlined in modern regulatory​ regimes. Next, we formulated​‌ a strategic implementation roadmap​​ to facilitate cross-sector adoption​​​‌ of SWHIDs, delineating actionable​ pathways for integration across​‌ governmental policy frameworks, industrial​​ supply chains, and open​​​‌ source communities. Finally, we​ call to action regulators,​‌ industry and OSS projects​​ on this topic

Did You Forkget It?​‌ Detecting One-Day Vulnerabilities in​​ Open-source Forks With Global​​​‌ History Analysis

81 Tracking​ vulnerabilities inherited from third-party​‌ open-source software is a​​ well-known challenge, often addressed​​​‌ by tracing the threads​ of dependency information. However,​‌ vulnerabilities can also propagate​​ through forking: a code​​​‌ repository forked after the​ introduction of a vulnerability,​‌ but before it is​​ patched, may remain vulnerable​​​‌ long after the vulnerability​ has been fixed in​‌ the initial repository. History​​ analysis approaches are used​​​‌ to track vulnerable software​ versions at scale. However,​‌ such approaches fail to​​ track vulnerabilities in forks,​​​‌ leaving fork maintainers to​ identify them manually. This​‌ work presents a global​​ history analysis approach to​​​‌ help software developers identify​ one-day (known but unpatched)​‌ vulnerabilities in forked repositories.​​ Leveraging the global graph​​​‌ of public code, as​ captured by the Software​‌ Heritage archive, our approach​​ propagates vulnerability information at​​​‌ the commit level and​ performs automated impact analysis.​‌ Starting from 7162 repositories​​ with vulnerable commits listed​​​‌ in OSV, we propagate​ vulnerability information to 2.2​‌ million forks. We evaluate​​ our approach by filtering​​​‌ forks with significant user​ bases whose latest commit​‌ is still potentially vulnerable,​​ manually auditing the code,​​​‌ and contacting maintainers for​ confirmation and responsible disclosure.​‌ This process identified 135​​ high-severity one-day vulnerabilities, achieving​​​‌ a precision of 0.69,​ with 9 confirmed by​‌ maintainers.

Approaches for strengthening embedded​​​‌ AI against attacks disrupting​ federated learning

72 Machine​‌ learning is increasingly integrated​​ into our daily lives,​​​‌ particularly through personalized systems.​ However, data confidentiality poses​‌ a major challenge. Federated​​ learning (FL) addresses this​​​‌ issue by enabling models​ to be trained without​‌ sharing sensitive data. However,​​ although FL guarantees data​​ confidentiality, it remains vulnerable​​​‌ to various attacks, such‌ as data poisoning attacks‌​‌ or inference on model​​ weights. The observation made​​​‌ is that all the‌ models deployed in this‌​‌ FL context can be​​ considered as variants of​​​‌ the global model, thus‌ echoing the world of‌​‌ software variability. This thesis​​ therefore proposes to adapt​​​‌ software testing and variability‌ management techniques to reinforce‌​‌ the security and robustness​​ of the FL, taking​​​‌ into account its evolution‌ over time and its‌​‌ specificities.

Breaking the​​​‌ Loop: AWARE is the‌ new MAPE-K

64 Self-adaptive‌​‌ systems have traditionally relied​​ on the MAPE-K loop.​​​‌ It consists of a‌ centralized, reactive, and sequential‌​‌ loop for monitoring, analyzing,​​ planning, and executing system​​​‌ adaptations. However, the increasing‌ complexity and dynamic nature‌​‌ of modern systems have​​ exposed the limitations of​​​‌ MAPE-K loops, including their‌ lack of proactivity, scalability‌​‌ challenges, and difficulty integrating​​ continuous learning or distributed​​​‌ decision-making. We introduce AWARE‌ (Assess, Weigh, Act, Reflect,‌​‌ Enrich), a distributed, goal-driven​​ framework that addresses these​​​‌ limitations. AWARE employs autonomous‌ AI agents capable of‌​‌ proactive adaptation, collaboration, and​​ continuous learning to enhance​​​‌ decision-making and system resilience.‌ The modular design of‌​‌ our framework supports dynamic​​ agent integration and optimized​​​‌ resource utilization, enabling seamless‌ scalability and adaptability. AWARE‌​‌ not only anticipates changes​​ and optimizes responses but​​​‌ also iteratively refines its‌ strategies based on contextual‌​‌ insights. Through a comparison​​ with MAPE-K and a​​​‌ real-world use case, we‌ demonstrate how AWARE-distributed intelligence‌​‌ redefines the capabilities of​​ self-adaptive systems, offering a​​​‌ solution better aligned with‌ the demands of complex‌​‌ real-world systems.

FP-Rainbow: Fingerprint-Based​​​‌ Browser Configuration Identification

57‌ Browser fingerprinting is a‌​‌ tracking technique that collects​​ attributes and calls functions​​​‌ from the browser’s APIs.‌ Unlike cookies, browser fingerprints‌​‌ are difficult to evade​​ or delete, raising significant​​​‌ privacy concerns for users‌ as they can be‌​‌ used to re-identify individuals​​ over browsing sessions without​​​‌ their consent. Yet, there‌ has been limited research‌​‌ on the impact of​​ browser configuration settings on​​​‌ these fingerprints. This work‌ introduces FP-Rainbow, a novel‌​‌ approach to systematically explore​​ and map the configuration​​​‌ space of Chromium-based web‌ browsers aiming to identify‌​‌ the impact of configuration​​ parameters on browser fingerprints​​​‌ and their changes over‌ time. We explore 1,748‌​‌ configuration parameters (switches) and​​ identify their impact on​​​‌ the browser’s BOM (Browser‌ Object Model). By collecting‌​‌ and analyzing over 61,000​​ fingerprints from 18 versions​​​‌ of Chromium, our study‌ reveals that 32 to‌​‌ 56 of these configuration​​ parameters (depending on versions),​​​‌ such as disable-3d-apis or‌ disable-notifications, influence the fingerprint‌​‌ of a web browser.​​ FP-Rainbow also proves efficient​​​‌ in identifying browser configuration‌ parameters from unknown fingerprints,‌​‌ achieving an average successful​​ identification rate of 84%​​​‌ when considering a single‌ configuration parameter and 78%‌​‌ when multiple parameters are​​ involved, across all evaluated​​​‌ browser versions. These findings‌ emphasize the importance of‌​‌ measuring the impact of​​ configuration parameters on browsers​​​‌ to develop safer and‌ more privacy-friendly web browsers.‌​‌

BrowserFM: A Feature Model-based​​​‌ Approach to Browser Fingerprint​ Analysis

56 Web browsers​‌ have become complex tools​​ used by billions of​​​‌ people. The complexity is​ in large part due​‌ to its adaptability and​​ variability as a deployment​​​‌ platform for modern applications,​ with features continuously being​‌ added. This also has​​ the side effect of​​​‌ exposing configuration and hardware​ properties that are exploited​‌ by browser fingerprinting techniques.​​ In this work, we​​​‌ generate a large dataset​ of browser fingerprints using​‌ multiple browser versions, system​​ and hardware configurations, and​​​‌ describe a tool that​ allows reasoning over the​‌ links between configuration parameters​​ and browser fingerprints. We​​​‌ argue that using generated​ datasets that exhaustively explore​‌ configurations provides developers, and​​ attackers, with important information​​​‌ related to the links​ between configuration parameters (i.e.,​‌ browser, system and hardware​​ configurations) and their exhibited​​​‌ browser fingerprints. We also​ exploit Browser Object Model​‌ (BOM) enumeration to obtain​​ exhaustive browser fingerprints composed​​​‌ of up to 16,000​ attributes. We propose to​‌ represent browser fingerprints and​​ their configurations with feature​​​‌ models, a tree-based representation​ commonly used in Software​‌ Product Line Engineering (SPLE)​​ to respond to the​​​‌ challenges of variability, to​ provide a better abstraction​‌ to represent browser fingerprints​​ and configurations. With translate​​​‌ 89,486 browser fingerprints into​ a feature model with​‌ 35,857 nodes from 1,​​ 748 configurations. We show​​​‌ the advantages of this​ approach, a more elegant​‌ tree-based solution, and propose​​ an API to query​​​‌ the dataset. With these​ tools and our exhaustive​‌ configuration exploration, we provide​​ multiple use cases, including​​​‌ differences between headless and​ headful browsers or the​‌ selection of a minimal​​ set of attributes from​​​‌ browser fingerprints to re-identify​ a configuration parameter from​‌ the browser.

ALE‌

• Title:
  Agile Language Engineering‌​‌
• Duration:
  2020 -> 2027​​
• Coordinator:
  Tijs van der​​​‌ Storm (storm@cwi.nl)
• Partners:
  • CWI‌ Amsterdam (Pays-Bas)
• Inria contact:‌​‌
  Benoît Combemale
• Summary:
  Software​​ engineering faces new challenges​​​‌ with the advent of‌ modern software-intensive systems such‌​‌ as complex critical embedded​​ systems, cyber-physical systems and​​​‌ the Internet of things.‌ Application domains range from‌​‌ robotics, transportation systems, defense​​ to home automation, smart​​​‌ cities, and energy management,‌ among others. Software is‌​‌ more and more pervasive,​​ integrated into large and​​​‌ distributed systems, and dynamically‌ adaptable in response to‌​‌ a complex and open​​ environment. As a major​​​‌ consequence, the engineering of‌ such systems involves multiple‌​‌ stakeholders, each with some​​ form of domain-specific knowledge,​​​‌ and with the increased‌ use of software as‌​‌ an integration layer. Hence​​ more and more organizations​​​‌ are adopting Domain-Specific Languages‌ (DSLs) to allow domain‌​‌ experts to express solutions​​ directly in terms of​​​‌ relevant domain concepts. This‌ new trend raises new‌​‌ challenges about designing DSLs,​​ evolving a set of​​​‌ DSLs and coordinating the‌ use of multiple DSLs‌​‌ for both DSL designers​​ and DSL users. ALE​​​‌ will contribute to the‌ field of Software Language‌​‌ Engineering, aiming to provide​​ more agility to both​​​‌ language designers and language‌ users. The main objective‌​‌ is twofold. First, we​​ aim to help language​​​‌ designers to leverage previous‌ DSL implementation efforts by‌​‌ reusing and combining existing​​ language modules, while automating​​​‌ the deployment of distributed,‌ elastic and collaborative modeling‌​‌ environments. Second, we aim​​ to provide more flexibility​​​‌ to language users by‌ ensuring interoperability between different‌​‌ DSLs, offering live feedback​​ about how the model​​​‌ or program behaves while‌ it is being edited‌​‌ (aka. live programming/modeling), and​​ combining with interactive environments​​​‌ like Jupiter Notebook for‌ literate programming.

RIPOST‌

• Title:
  Resilient and Reproducible‌​‌ Software
• Duration:
  2024 ->​​ 2027
• Coordinator:
  Arnaud Gotlieb​​​‌ (arnaud@simula.no)
• Partners:
  • Simula (Norvège)‌
• Inria contact:
  Mathieu Acher‌​‌
• Summary:

  Resilient and RePrOducible​​ SofTware The associated team​​​‌ Resilient and Reproducible Software‌ (RIPOST) will research the‌​‌ foundations of "Resilient Software"​​ - software systems which​​​‌ can resist failures without‌ significantly degrading their functionality.‌​‌ Over the past years,​​ resilient software systems have​​​‌ become extremely important in‌ various application domains. By‌​‌ combining Inria's and Simula's​​ expertise in software engineering,​​​‌ resilient software, and AI-based‌ software testing, the RIPOST‌​‌ associate team will address​​ the following challenges:

  • Reproducing​​​‌ experiments with deep variability,‌
  • Replication through automated variation‌​‌ of computational experiments,
  • Safe​​ and minimal explanations for​​​‌ reproducible scenarios Interpretable explanations‌ for reproducible and replicable‌​‌ scenarios,

  The goal of​​ the RIPOST associate team​​​‌ is to address systematically‌ the reproducibility testing challenge‌​‌ in computer science. It​​ is the continuation of​​​‌ the earlier associate team‌ RESIST EA. The RIPOST‌​‌ associate team is composed​​​‌ of ten researchers, five​ from the Simula department​‌ VIAS within the Software​​ Engineering area and five​​​‌ researchers from the DiverSE​ team at Inria Rennes.​‌ The associate team will​​ be jointly led by​​​‌ Professor Mathieu Acher at​ the University of Rennes​‌ (INSA Rennes, DiverSE Inria),​​ and Research Professor Arnaud​​​‌ Gotlieb from Simula in​ Norway. More information with​‌ activities, publications, etc.: here​​

Inria​​​‌ International Chair.

Gunter Mussbacher​ has an Inria International​‌ Chair, and he is​​ visiting the DiverSE team​​​‌ 4 months per year.​

Participants: Benoît Combemale,​‌ Gunter Mussbacher.

Research stays abroad

-​ Jean-Baptise Doderlein visited CWI​‌ (Prof. Tijs von der​​ Storm), the Netherlands, for​​​‌ two months.

HiPEAC

HiPEAC project on​​ cordis.europa.eu

• Title:
  High Performance,​​​‌ Edge And Cloud computing​
• Duration:
  From December 1,​‌ 2022 to July 31,​​ 2026
• Partners:
  • INSTITUT NATIONAL​​​‌ DE RECHERCHE EN INFORMATIQUE​ ET AUTOMATIQUE (INRIA), France​‌
  • ECLIPSE FOUNDATION EUROPE GMBH​​ (ECL), Germany
  • INSIDE, Netherlands​​​‌
  • UNIVERSITEIT GENT (UGent), Belgium​
  • RHEINISCH-WESTFAELISCHE TECHNISCHE HOCHSCHULE AACHEN​‌ (RWTH AACHEN), Germany
  • COMMISSARIAT​​ A L ENERGIE ATOMIQUE​​​‌ ET AUX ENERGIES ALTERNATIVES​ (CEA), France
  • SINTEF AS​‌ (SINTEF), Norway
  • IDC ITALIA​​ SRL, Italy
  • THALES (THALES),​​​‌ France
  • CLOUDFERRO SA, Poland​
  • BARCELONA SUPERCOMPUTING CENTER CENTRO​‌ NACIONAL DE SUPERCOMPUTACION (BSC​​ CNS), Spain
• Inria contact:​​​‌
  Olivier Zendra
• Coordinator:
  Koen​ De Bosschere, UGent
• Summary:​‌

  The objective of HiPEAC​​ is to stimulate and​​​‌ reinforce the development of​ the dynamic European computing​‌ ecosystem that supports the​​ digital transformation of Europe.​​​‌ It does so by​ guiding the future research​‌ and innovation of key​​ digital, enabling, and emerging​​​‌ technologies, sectors, and value​ chains. The longer term​‌ goal is to strengthen​​ European leadership in the​​​‌ global data economy and​ to accelerate and steer​‌ the digital and green​​ transitions through human-centred technologies​​​‌ and innovations. This will​ be achieved via mobilising​‌ and connecting European partnerships​​ and stakeholders to be​​​‌ involved in the research,​ innovation and development of​‌ computing and systems technologies.​​ They will provide roadmaps​​​‌ supporting the creation of​ next-generation computing technologies, infrastructures,​‌ and service platforms.

  The​​ key aim is to​​​‌ support and contribute to​ rapid technological development, market​‌ uptake and digital autonomy​​ for Europe in advanced​​ digital technology (hardware and​​​‌ software) and applications across‌ the whole European digital‌​‌ value chain. HiPEAC will​​ do this by connecting​​​‌ and upscaling existing initiatives‌ and efforts, by involving‌​‌ the key stakeholders, and​​ by improving the conditions​​​‌ for large-scale market deployment.‌ The next-generation computing and‌​‌ systems technologies and applications​​ developed will increase European​​​‌ autonomy in the data‌ economy. This is required‌​‌ to support future hyper-distributed​​ applications and provide new​​​‌ opportunities for further disruptive‌ digital transformation of the‌​‌ economy and society, new​​ business models, economic growth,​​​‌ and job creation.

  The‌ HiPEAC CSA proposal directly‌​‌ addresses the research, innovation,​​ and development of next​​​‌ generation computing and systems‌ technologies and applications. The‌​‌ overall goal is to​​ support the European value​​​‌ chains and value networks‌ in computing and systems‌​‌ technologies across the computing​​ continuum from cloud to​​​‌ edge computing to the‌ Internet of Things (IoT).‌​‌

  HiPEAC produces the yearly​​ HiPEAC Vision, a​​​‌ prospective document for EU.‌

MATISSE (ECSEL JU Project)​​

• Coordinator: Olga Hendel and​​​‌ Alessio Bucaioni Mälardalen University,‌ Sweden
• Local coordinator: Benoit‌​‌ Combemale
• Other local participant:​​ Djamel Eddine Khelladi
• Dates:​​​‌ 2024-2027
• Budget: 200 k€‌
• Abstract: MATISSE is a‌​‌ European HORIZON-KDT-JU research project​​ bringing together over 30​​​‌ partners from 7 countries‌ to develop an advanced‌​‌ framework for efficient engineering​​ and validation of industrial​​​‌ systems using Digital Twins‌ (DTs). By integrating DTs‌​‌ with model-based, data-driven, and​​ cloud technologies, MATISSE aims​​​‌ to simulate, test, and‌ predict system behaviors, enhancing‌​‌ both productivity and quality.​​ This innovative approach helps​​​‌ companies optimise their industrial‌ processes, reduce errors, and‌​‌ boost productivity, ultimately simplifying​​ complex operations like machinery​​​‌ production and factory management.‌

PEEPS ANR JCJC​​

Participants: Stéphanie Challita.​​​‌

• Coordinator: Stéphanie Challita
• DiverSE,‌ University of Rennes
• Dates:‌​‌ 2025-2030
• Abstract: Representational State​​ Transfer (REST) is the​​​‌ dominant architectural style for‌ Web APIs, with thousands‌​‌ of APIs currently in​​ use across domains such​​​‌ as social networking, e-commerce,‌ and weather services. However,‌​‌ the development and use​​ of REST APIs remain​​​‌ challenging due to inconsistencies‌ between business requirements, API‌​‌ code, and documentation, which​​ are produced by different​​​‌ stakeholders using heterogeneous concepts‌ and terminology. These inconsistencies‌​‌ lead to ambiguities, misunderstandings,​​ and misuses, with studies​​​‌ reporting inappropriate usage examples‌ in a significant proportion‌​‌ of API endpoints. The​​ PEEPS project addresses this​​​‌ issue by promoting coherence‌ between requirements, code, and‌​‌ documentation, referred to as​​ preciseness in REST APIs,​​​‌ through higher-level abstractions and‌ explicit bridges between these‌​‌ three facets.

MC-Evo2 ANR​​ JCJC

Participants: Djamel Eddine​​​‌ Khelladi.

• Coordinator: Djamel‌ E. Khelladi
• DiverSE, CNRS/IRISA‌​‌ Rennes
• Dates: 2021-2025
• Abstract:​​ Software maintenance represents 40%​​​‌ to 80% of the‌ total cost of developing‌​‌ software. On 65 projects,​​ an IT company reported​​​‌ a cost of several‌ million dollars, with a‌​‌ 25% higher cost on​​ complex projects. Nowadays, software​​​‌ evolves frequently with the‌ philosophy “Release early, release‌​‌ often” embraced by IT​​ giants like the GAFAM,​​​‌ thus making software maintenance‌ difficult and costly. Developing‌​‌ complex software inevitably requires​​​‌ developers to handle multiple​ dimensions, such as APIs​‌ to use, tests to​​ write, models to reason​​​‌ with, etc. When software​ evolves, a co-evolution is​‌ usually necessary as a​​ follow-up, to resolve the​​​‌ impacts caused by the​ evolution changes. For example,​‌ when APIs evolve, code​​ must be co-evolved, or​​​‌ when code evolves, its​ tests must be co-evolved.​‌ The goals of this​​ project are to: 1)​​​‌ address these challenges from​ a novel perspective, namely​‌ a multidimensional co-evolution approach,​​ 2) investigate empirically the​​​‌ multidimensional co-evolution in practice​ in GitHub, Maven, and​‌ Eclipse, 3) automate and​​ propagate the multidimensional co-evolution​​​‌ between the software code,​ APIs, tests, and models.​‌

MBDO

Participants: Jean-Marc Jezequel​​, Benoît Combemale,​​​‌ Quentin Perez, Didier​ Vojtisek.

• Coordinator: Jean-Marc​‌ Jezequel
• Coordinator: Univ. Rennes​​
• Partners: Aachen University, University​​​‌ of Stuttgart
• Dates: 2023-2026​
• Abstract: Our goal in​‌ MBDO is to provide​​ the foundations for a​​​‌ Model-Based DevOps framework unifying​ these different forms of​‌ models in the specific​​ context of cloud-native and​​​‌ IoT systems. The proposed​ Model-Based DevOps framework would​‌ then allow engineers to​​ smoothly go back and​​​‌ forth from Dev time​ to Ops time by​‌ leveraging semi-automatically generated digital​​ twins of their systems.​​​‌

LangSpecialize

Participants:​ Benoît Combemale, Olivier​‌ Barais.

• Coordinator: DGA​​
• Partners: DGA MI, INRIA​​​‌
• Dates: 2023-2026
• Abstract: in​ the context of this​‌ project, DGA-MI and the​​ INRIA team DiverSE explore​​​‌ the existing approaches to​ ease the development of​‌ formal specifications of domain-Specific​​ Languages (DSLs) dedicated to​​​‌ packet filtering, while guaranteeing​ expressiveness, precision and safety.​‌ In the long term,​​ this work is part​​​‌ of the trend to​ provide to DGA-MI and​‌ its partners a tooling​​ to design and develop​​​‌ formal DSLs which ease​ the use while ensuring​‌ a high level of​​ reasoning.

PEPR​​​‌ Cloud Taranis

Participants: Olivier​ Barais, Stéphanie Challita​‌, Paul Temple.​​

• Coordinator: INRIA
• Partners: INRIA,​​​‌ CNRS, UR.
• Dates: 2023-2030​
• Abstract: In order to​‌ efficiently exploit new infrastructures,​​ we propose a strategy​​​‌ based on a significant​ abstraction of the application​‌ structure description to further​​ automate application and infrastructure​​​‌ management. Thus, it will​ be possible to globally​‌ optimize the resources used​​ with respect to multi-criteria​​​‌ objectives (price, deadline, performance,​ energy, etc.) on both​‌ the user side (applications)​​ and the provider side​​​‌ (infrastructures). This abstraction also​ includes the challenges related​‌ to the abstraction of​​ application reconfiguration and to​​​‌ automatically adapt the use​ of resources.

PEPR Numpex​‌ Exasoft

Participants: Benoît Combemale​​, Olivier Barais.​​​‌

• Coordinator: INRIA
• Partners: INRIA,​ CNRS, UR.
• Dates: 2023-2030​‌
• Abstract: The ExaSoft project​​ will study the software​​​‌ stack for future exascale​ machines (compilers, programming and​‌ execution model, monitoring and​​ optimisation tools and energy​​​‌ management.

Software Heritage Sec

Participants:​‌ Olivier Barais, Mathieu​​ Acher, Djamel Eddine​​​‌ Khelladi, Olivier Zendra​.

• Coordinator: INRIA
• Partners:​‌ INRIA, IMT, CEA, Université​​ Sorbonne.
• Dates: 2023-2027
• Abstract:​​​‌ By analyzing the evolution​ of software source code​‌ over time, researchers and​​ practitioners will be able​​ to gain a better​​​‌ understanding of the vulnerabilities‌ and threats that may‌​‌ exist in software systems,​​ identify potential security risks​​​‌ early on and take‌ proactive measures to mitigate‌​‌ them.

Member of​​​‌ the organizing committees

Jean-Marc​ Jézéquel has organized ECSS'25​‌ in Rennes, the anual​​ conference of Informatics Europe.​​​‌

Djamel Khelladi has Organized​ ERMSEI 2025 in Rennes,​‌ the summer school on​​ Empirical Research Methods in​​​‌ Software engineering and Informatics.​

Aymeric Blot has been​‌ a co-organizer of GI@ICSE'25,​​ a scientific workshop on​​​‌ genetic improvement which took​ place within ICSE, the​‌ premier software engineering conference.​​

Benoit Combemale co-organized the​​​‌ 1st 1-week Workshop on​ Model Hybridization for Digital​‌ Twins (Bellairs, McGill Institute,​​ February 2025), and the​​​‌ 4th 1-week Winter Modeling​ Meeting (Italy, February, 2025).​‌

The DiverSE team has​​ organized the 19th International​​​‌ Working Conference on Variability​ Modelling of Software-Intensive Systems​‌ (aka VaMoS) 4-6 February​​ 2025 in Rennes, France.​​​‌ The general chair was​ Mathieu Acher, the local​‌ arrangements chairs were Djamel​​ Eddine Khelladi and Paul​​​‌ Temple, the publicity chair​ was Olivier Zendra, while​‌ Charly Reux, Heraldo Pimenta​​ Borges Filho, Jolan Philippe,​​​‌ Romain Lefeuvre were part​ of the organization.

DJamel​‌ Khelladi co-organized the Models​​ and Evolution workshop colocated​​​‌ with MODELS 2025.

Member​‌ of the conference program​​ committees

Stéphanie Challita has​​​‌ been a member of​ the following PCs:

• Technical​‌ track of ECMFA 2025​​
• NIER track of MODELS​​​‌ 2025

Olivier Barais has​ been member of the​‌ following PCs:

• European Conference​​ on Software Engineering Education​​​‌ Zum Inhalt springen 2025.​
• DebConf scientific track 2025.​‌

Arnaud Blouin has been​​ a member of the​​​‌ following PCs:

• SAC 2025​
• EICS 2025

Mathieu Acher​‌ has been a member​​ of the following PCs:​​​‌

• ECAI 2025
• SPLC 2025​
• MODEVAR@SPLC 2025

Benoit Combemale​‌ has been a member​​ of the following PCs:​​​‌

• MODELS 2025 (Program Board)​
• RE 2025
• EDTconf 2025​‌
• SusMod 2025

Djamel Khelladi​​ has been a member​​​‌ of the following PCs:​

• ICSE 2025/2026
• FSE 2025/2026​‌
• ASE 2025
• MSR 2025​​
• MODELS 2025
• ECMFA 2025​​​‌

Olivier Zendra has been​ a member of the​‌ following PCs:

• 20th International​​ Workshop on Implementation, Compilation,​​​‌ Optimization of OO Languages,​ Programs and Systems (ICOOOLPS​‌ 2025).
• 31st Computer &​​ Electronics Security Application Rendezvous​​​‌ (C&ESAR 2025)
• 26th Debian​ Conference Academic Track (DebConf25​‌ AcademicTrack)

Reviewer - reviewing activities​​

Team members regularly review​​ for the main journals​​​‌ in the field, namely‌ TSE, TOSEM, Sosym, JSS,‌​‌ EMSE, Jot, SPE, IEEE​​ Software, IST, ...