Abstract Trust is a multi-faceted phenomenon traditionally studied in human relations and more recently in human-machine interactions. In the context of AI-enabled systems, trust is about the belief of the user that in a given scenario the system is going to be helpful and safe. The system-side counterpart to trust is trustworthiness. When trust and trustworthiness are aligned with each other, there is calibrated trust. Trust, trustworthiness, and calibrated trust are all dynamic phenomena, evolving throughout the history and evolution of user beliefs, systems, and their interaction. In this paper, we review the basic concepts of trust, trustworthiness and calibrated trust and provide definitions for them. We discuss their various metrics used in the literature, and the causes that may affect their dynamics, particularly in the context of AI-enabled systems. We discuss the implications of the discussed concepts for various types of stakeholders and suggest some challenges for future research.

Abstract Adaptive systems are designed to modify their behaviour at runtime in response to dynamically changing and open-ended environments as well as evolving requirements. Such systems may operate as individual adaptive entities or as collective adaptive systems composed of multiple collaborating components. Rigorous engineering of these systems requires appropriate methods, models, and tools that ensure reliability, correctness, and alignment with their intended purpose. This paper introduces the first part of the special section on Rigorous Engineering of Collective Adaptive Systems. It presents six of the thirteen selected contributions and positions them within two major research directions: (i) Modelling and Engineering Collective Adaptive Systems, and (ii) Analysing Collective Adaptive Systems. Together, these contributions illustrate current progress and emerging challenges in the rigorous engineering of collective adaptive systems.

Abstract Ensemble-based component systems have been used for many years to develop collective adaptive systems (CAS). The DEECo component model offers a framework for modeling and implementing ensemble-based component systems. Being expressive enough and having semantics specifically tailored towards dynamically evolving systems, DEECo has proven to be fairly powerful in modeling complex and dynamic architectures. We see great potential in employing large language models (LLMs) to simplify creating and refining the DEECo architectures. Since this constitutes a large research scope, in this paper, we focus on initial experiments to demonstrate how well generic LLMs (two OpenAI models executed remotely and four open-source models executed locally) understand the advanced concepts of ensemble-based CAS embodied in DEECo. We do so by systematically asking six questions about specific details of three DEECo applications that differ in the way they are specified. Our results indicate that LLMs can indeed understand ensemble-based architectures and show how this is influenced by the specification means. In particular, using external DSL, which is very self-explanatory, gave good results out of the box. Specifications embedded in existing programming languages needed a prior explanation of how to interpret them.

Abstract Drone formation flights, exemplified by performances such as the Intel Drone Shows, demonstrate the advancements and capabilities of current technology. This work revisits the concept of self-organization through swarm behavior for this goal, presenting 2.0 as an advanced approach in this domain. The proposed method facilitates parametrizable swarm behavior at a high level of abstraction. Building upon its predecessor, , it enables the generation of emergent effects through a single, generalized implementation, wherein only the parameters governing individual swarm members need to be adjusted. Leveraging swarm behavior for formation flight offers distinct advantages, including enhanced scalability, robustness, and flexibility. Unlike centrally coordinated approaches, swarm-based methods support the emergence of complex and dynamic formations. Notable formations include parallel swarms interacting with one another, single swarms utilizing multiple reference points to achieve novel flight patterns, and hierarchical swarm structures that further extend the range of possible configurations of swarm behavior. This paper introduces fundamental swarm behaviors that can be realized within the 2.0 framework in detail and explores their composition into more complex formations. The primary focus is the experimental and empirical evaluation of these concepts in simulated environments, including their stabilization properties when facing disturbances. In combination with previous successful pre-evaluations involving real drones it provides a strong foundation for future real-world applications of 2.0.

Abstract Formal methods for industrial critical systems are essential because they provide mathematically rigorous techniques to specify, design, and verify system behavior. This reduces the risk of failures in safety- and security-critical domains such as aerospace, automotive, and healthcare. This special issue of Software Tools for Technology Transfer contains four papers presenting recent advances in tools target the use of formal methods for critical systems in industry. The papers are revised and extended versions of selected conference papers from the 29th International Conference on Formal Methods for Industrial Critical Systems (FMICS 2024).

Abstract The SPARK tool analyzes Ada programs statically. It can be used to verify both that a program is free from runtime exceptions and that it conforms to a specification expressed through contracts. To facilitate dynamic analysis, Ada contracts are regular Ada expressions which can be evaluated at execution. As a result, the annotation language of the SPARK tool is restricted to executable constructs. In this context, high-level concepts necessary for specification by contracts need to be supplied as libraries. For example, the latest version of the Ada language introduces unbounded integers and rational numbers to the standard library. In this article, we present the functional containers library, which provides collections suitable for use in specification. We then explain how they can be used to specify and verify complex programs through concrete examples that have been developed over many years. Finally, we describe how these libraries are supported in the SPARK tool using reusable specification features instead of built-in support, i.e., a hard-coded mapping of library functionalities to axiomatized theories for the underlying provers.

Abstract Symbolic execution is a very active research area due to its automatic test-case generation, bug finding, and many more applications. Despite the many recent proposals for improvements, we find it hard to quantify how state-of-the-art progresses. One reason is the variety of programming languages, features, and symbolic execution engines to support them. Still, even if we compare a single symbolic execution engine (A) and the same engine with some modifications (A*) and run the implementations with the same benchmarks, reasoning about the actual cause of the differences between them is complex. While artefacts (here benchmarks, measurements, data, and implementation) provide an invaluable base for reproducible research, the implementation itself is often treated as a black box. Changes in behaviour between two implementations are quantified based on the coarse-grain difference in benchmark behaviour, i.e. changed code coverage or execution time. We propose a complementing fine-grain approach that helps to understand implementations far better — not only supporting reproducible research, but also supporting the development of the implementation in the first place. In this paper, we analyse KLEE, a well-established symbolic execution engine for C and C++, and identify significant challenges that make evaluating and comparing different implementations hard. We identify implementation-specific reasons for KLEE that can often be transferred to other symbolic execution engines and present ways to fix them. We propose Deterministic State-Space Exploration as one technique that helps to quantify and validate incremental improvements of symbolic execution engines.

Abstract We present Simsala, an easy-to-install and easy-to-use collection of scripts supporting benchmarking on clusters of compute nodes. While designed with applications for benchmarking solving technologies like SAT and extensions, our solution can be easily transferred to many other application scenarios as well. In this work, we discuss the design objectives behind Simsala, provide some implementation details, and illustrate with case studies how Simsala has been applied in the past for extensive evaluations.