Software that Meets Its Intent

  • Marieke HuismanEmail author
  • Herbert Bos
  • Sjaak Brinkkemper
  • Arie van Deursen
  • Jan Friso Groote
  • Patricia Lago
  • Jaco van de Pol
  • Eelco Visser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9953)


Software is widely used, and society increasingly depends on its reliability. However, software has become so complex and it evolves so quickly that we fail to keep it under control. Therefore, we propose intents: fundamental laws that capture a software systems’ intended behavior (resilient, secure, safe, sustainable, etc.). The realization of this idea requires novel theories, algorithms, tools, and techniques to discover, express, verify, and evolve software intents. Thus, future software systems will be able to verify themselves that they meet their intents. Moreover, they will be able to respond to deviations from intents through self-correction. In this article we propose a research agenda, outlining which novel theories, algorithms and tools are required.


Model Checker Satisfiability Modulo Theory Intended Behavior Program Verifier Proof Checker 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aarts, F., Kuppens, H., Tretmans, J., Vaandrager, F.W., Verwer, S.: Improving active Mealy machine learning for protocol conformance testing. Mach. Learn. 96(1–2), 189–224 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Abreu, R., Zoeteweij, P., Van Gemund, A.J.C.: A new Bayesian approach to multiple intermittent fault diagnosis. In: International Joint Conference on Artificial Intelligence, IJCAI 2009, pp. 653–658 (2009)Google Scholar
  3. 3.
    Abrial, J.: Modeling in Event-B - System and Software Engineering. Cambridge University Press, Cambridge (2010)CrossRefzbMATHGoogle Scholar
  4. 4.
    Ahrendt, W., Beckert, B., Hähnle, R., Rümmer, P., Schmitt, P.H.: Verifying object-oriented programs with KeY: a tutorial. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2006. LNCS, vol. 4709, pp. 70–101. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Ali, R., Dalpiaz, F., Giorgini, P.: Reasoning with contextual requirements: detecting inconsistency and conflicts. Inf. Softw. Technol. 55(1), 35–57 (2013)CrossRefGoogle Scholar
  6. 6.
    Amighi, A., Haack, C., Huisman, M., Hurlin, C.: Permission-based separation logic for multithreaded Java programs. Logical Methods Comput. Sci. 11(1:2), 1–66 (2015) paper 2Google Scholar
  7. 7.
    Andriesse, D., Bos, H., Slowinska, A.: Parallax: implicit code integrity verification using return-oriented programming. In: IEEE/IFIP IC on Dependable Systems and Networks, DSN 2015, pp. 125–135. IEEE Computer Society (2015)Google Scholar
  8. 8.
    Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press, Cambridge (2008)zbMATHGoogle Scholar
  9. 9.
    Barthe, G., Grégoire, B., Kunz, C., Rezk, T.: Certificate translation for optimizing compilers. ACM Trans. Program. Lang. Syst. 31(5), 18 (2009)CrossRefzbMATHGoogle Scholar
  10. 10.
    Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. ACM Trans. Softw. Eng. Methodol. 20(4), 14 (2011)CrossRefGoogle Scholar
  11. 11.
    Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development - Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. An EATCS Series. Springer, Heidelberg (2004)CrossRefzbMATHGoogle Scholar
  12. 12.
    Biere, A., Cimatti, A., Clarke, E.M., Strichman, O., Zhu, Y.: Bounded model checking. Adv. Comput. 58, 117–148 (2003)CrossRefGoogle Scholar
  13. 13.
    Blom, S., Huisman, M.: The VerCors tool for verification of concurrent programs. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 127–131. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  14. 14.
    Bradley, A.R.: IC3 and beyond: incremental, inductive verification. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, p. 4. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Breaux, T.D., Vail, M.W., Antón, A.I.: Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: IEEE International Requirements Engineering Conference, pp. 46–55 (2006)Google Scholar
  16. 16.
    Brun, Y., Di Marzo Serugendo, G., Gacek, C., Giese, H., Kienle, H., Litoiu, M., Müller, H., Pezzè, M., Shaw, M.: Engineering self-adaptive systems through feedback loops. In: Cheng, B.H.C., Lemos, R., Giese, H., Inverardi, P., Magee, J. (eds.) Software Engineering for Self-Adaptive Systems. LNCS, vol. 5525, pp. 48–70. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02161-9_3 CrossRefGoogle Scholar
  17. 17.
    Bryant, R.E.: Symbolic manipulation of Boolean functions using a graphical representation. In: Ofek, H., O’Neill, L.A. (eds.) 22nd ACM/IEEE Conference on Design Automation, (DAC 1985), pp. 688–694. ACM (1985)Google Scholar
  18. 18.
    Cachin, C., Guerraoui, R., Rodrigues, L.E.T.: Introduction to Reliable and Secure Distributed Programming, 2nd edn. Springer, Heidelberg (2011)CrossRefzbMATHGoogle Scholar
  19. 19.
    Cassel, S., Howar, F., Jonsson, B., Steffen, B.: Active learning for extended finite state machines. Formal Aspects Comput. 28(2), 233–263 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Chen, T.-H., Nagappan, M., Shihab, E., Hassan, A.E.: An empirical study of dormant bugs. In: 11th Working Conference on Mining Software Repositories, MSR 2014, pp. 82–91. ACM (2014)Google Scholar
  21. 21.
    Cimatti, A., Griggio, A., Schaafsma, B.J., Sebastiani, R.: The MathSAT5 SMT solver. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 93–107. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  22. 22.
    Clarke, E.M., Gupta, A., Strichman, O.: SAT-based counterexample-guided abstraction refinement. IEEE Trans. CAD Integr. Circ. Syst. 23(7), 1113–1123 (2004)CrossRefGoogle Scholar
  23. 23.
    Cok, D.R.: OpenJML: software verification for Java 7 using JML, OpenJDK, and Eclipse. In: Dubois, C., Giannakopoulou, D., Méry, D. (eds.) 1st Workshop on Formal Integrated Development Environment, (F-IDE 2014). EPTCS, vol. 149, pp. 79–92 (2014)Google Scholar
  24. 24.
    Dalpiaz, F., Paja, E., Giorgini, P.: Security Requirements Engineering: Designing Secure Socio-Technical Systems, 1st edn. MIT Press, Cambridge (2016)Google Scholar
  25. 25.
    Davis, M., Logemann, G., Loveland, D.W.: A machine program for theorem-proving. Commun. ACM 5(7), 394–397 (1962)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    de Bruijn, N.: A survey of the project AUTOMATH. In: To H.B. Curry: Essays in Combinatory Logic, Lambda Calculus and Formalism, pp. 579–606. Academic Press (1980)Google Scholar
  27. 27.
    de Gouw, S., Rot, J., de Boer, F.S., Bubel, R., Hähnle, R.: OpenJDK’s Java.utils.Collection.sort() is broken: the good, the bad and the worst case. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 273–289. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  28. 28.
    de Lemos, R., et al.: Software engineering processes for self-adaptive systems. In: Lemos, R., Giese, H., Müller, H.A., Shaw, M. (eds.) Software Engineering for Self-Adaptive Systems II. LNCS, vol. 7475, pp. 51–75. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-35813-5_3 CrossRefGoogle Scholar
  29. 29.
    de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  30. 30.
    van Deursen, A.: Testing web applications with state objects. Commun. ACM 58(8), 36–43 (2015)CrossRefGoogle Scholar
  31. 31.
    Diekert, V., Leucker, M.: Topology, monitorable properties and runtime verification. Theor. Comput. Sci. 537, 29–41 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Distefano, D., O’Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 287–302. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  33. 33.
    Eén, N., Sörensson, N.: An extensible SAT-solver. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, pp. 502–518. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  34. 34.
    Ellison, C., Rosu, G.: An executable formal semantics of C with applications. In: 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2012), pp. 533–544. ACM (2012)Google Scholar
  35. 35.
    Erdweg, S., et al.: Evaluating and comparing language workbenches: existing results and benchmarks for the future. Comput. Lang. Syst. Struct. 44, 24–47 (2015)Google Scholar
  36. 36.
    Finkelstein, A., Gabbay, D., Hunter, A., Kramer, J., Nuseibeh, B.: Inconsistency handling in multiperspective specifications. IEEE TSE 20(8), 569–578 (1994)Google Scholar
  37. 37.
    Finkelstein, A., Kramer, J., Nuseibeh, B., Finkelstein, L., Goedicke, M.: Viewpoints: a framework for integrating multiple perspectives in system development. Int. J. Softw. Eng. Knowl. Eng. 2(1), 31–57 (1992)CrossRefGoogle Scholar
  38. 38.
    Fitzgerald, J., Larsen, P.G.: Modelling Systems: Practical Tools and Techniques for Software Development, 2nd edn. Cambridge University Press, Cambridge (2009)CrossRefzbMATHGoogle Scholar
  39. 39.
    Fowler, M.: Language workbenches: The killer-app. for domain specific languages? (2005).
  40. 40.
    Fowler, M.: Domain-Specific Languages. Addison Wesley, Boston (2010)Google Scholar
  41. 41.
    Ganapathi, A., Patterson, D.A.: Crash data collection: a windows case study. In: DSN, pp. 280–285. IEEE Computer Society (2005)Google Scholar
  42. 42.
    Gartner Inc. Smart cities will include 10 billion things by 2020 (2015).
  43. 43.
    Ghardallou, W., Diallo, N., Mili, A.: Program derivation by correctness enhancements. In: Refinement (2015)Google Scholar
  44. 44.
    Giuffrida, C., Cavallaro, L., Tanenbaum, A.S.: Practical automated vulnerability monitoring using program state invariants. In: DSN, October 2013Google Scholar
  45. 45.
    Giuffrida, C., Iorgulescu, C., Kuijsten, A., Tanenbaum, A.S.: Back to the future: fault-tolerant live update with time-traveling state transfer. In: LISA, October 2013Google Scholar
  46. 46.
    Gratte, I.: Starting with COMAL. Prentice-Hall, Englewood Cliffs (1985)Google Scholar
  47. 47.
    Groote, J., Koorn, J., van Vlijmen, S.: The safety guaranteeing system at station Hoorn-Kersenboogerd (extended abstract). In: 10th Annual Conference on Computer Assurance (COMPASS 1995), pp. 57–68 (1995)Google Scholar
  48. 48.
    Groote, J., Mousavi, M.: Modeling and Analysis of Communicating Systems. The MIT Press, Cambridge (2014)zbMATHGoogle Scholar
  49. 49.
    Groote, J.F., Warners, J.P.: The propositional formula checker HeerHugo. J. Autom. Reasoning 24(1/2), 101–125 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  50. 50.
    Hendrickson, E.: Explore It!: Reduce Risk and Increase Confidence with Exploratory Testing. The Pragmatic Bookshelf, Raleigh (2013)Google Scholar
  51. 51.
    Hoare, C.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969)CrossRefzbMATHGoogle Scholar
  52. 52.
    Huisman, M.: Reasoning about Java Programs in Higher Order Logic with PVS and Isabelle. Ph.D. thesis, University of Nijmegen (2001)Google Scholar
  53. 53.
    Hwong, Y., Keiren, J., Kusters, V., Leemans, S., Willemse, T.: Formalising and analysing the control software of the compact muon solenoid experiment at the large hadron collider. Sci. Comput. Program. 78, 2435–2452 (2013)CrossRefGoogle Scholar
  54. 54.
    Ingolfo, S., Siena, A., Mylopoulos, J.: Establishing regulatory compliance for software requirements. In: Jeusfeld, M., Delcambre, L., Ling, T.-W. (eds.) ER 2011. LNCS, vol. 6998, pp. 47–61. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-24606-7_5 CrossRefGoogle Scholar
  55. 55.
    Kant, G., Laarman, A., Meijer, J., van de Pol, J., Blom, S., van Dijk, T.: LTSmin: high-performance language-independent model checking. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 692–707. Springer, Heidelberg (2015)Google Scholar
  56. 56.
    Kemme, B., Jiménez, R., Patiño-Martinínez, M.: Database Replication. Synthesis Lectures on Data Management. Morgan & Claypool Publishers, San Rafael (2010)zbMATHGoogle Scholar
  57. 57.
    Lago, P., Koçak, S.A., Crnkovic, I., Penzenstadler, B.: Framing sustainability as a property of software quality. Commun. ACM 58(10), 70–78 (2015)CrossRefGoogle Scholar
  58. 58.
    Le Goues, C., Nguyen, T., Forrest, S., Weimer, W.: GenProg: a generic method for automatic software repair. IEEE Trans. Softw. Eng. 38(1), 54–72 (2012)CrossRefGoogle Scholar
  59. 59.
    Leavens, G., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D.R., Müller, P., Kiniry, J., Chalin, P.: JML Reference Manual, Dept. of Computer Science, Iowa State University, February 2007.
  60. 60.
    Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52, 107–115 (2009)CrossRefGoogle Scholar
  61. 61.
    Lewis, G.A., Lago, P., Avgeriou, P.: A decision model for cyber-foraging systems. In: Proceedings of the 13th Working IEEE/IFIP Conference on Software Architecture (WICSA 2016), pp. 51–60. IEEE (2016)Google Scholar
  62. 62.
    Matias, R., Prince, M., Borges, L., Sousa, C., Henrique, L.: An empirical exploratory study on operating system reliability. In: 29th Annual ACM Symposium on Applied Computing, SAC 2014, pp. 1523–1528. ACM (2014)Google Scholar
  63. 63.
    Mesbah, A., van Deursen, A., Lenselink, S.: Crawling Ajax-based web applications through dynamic analysis of user interface state changes. ACM Trans. Web 6(1), 3 (2012)CrossRefGoogle Scholar
  64. 64.
    Mesbah, A., van Deursen, A., Roest, D.: Invariant-based automated testing of modern web applications. IEEE Trans. Softw. Eng. 38(1), 35–53 (2012)CrossRefGoogle Scholar
  65. 65.
    Meyer, B.: Touch of Class: Learning to Program Well with Objects and Contracts. Springer, Heidelberg (2009)CrossRefzbMATHGoogle Scholar
  66. 66.
    Milner, R.: Calculus of Communicating Systems. Lectures in Computer Science, vol. 92. Springer, Heidelberg (1980)CrossRefzbMATHGoogle Scholar
  67. 67.
    Necula, G.C.: Proof-carrying code. In: Principles of Programming Languages (1997)Google Scholar
  68. 68.
    Neron, P., Tolmach, A., Visser, E., Wachsmuth, G.: A theory of name resolution. In: Vitek, J. (ed.) ESOP 2015. LNCS, vol. 9032, pp. 205–231. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  69. 69.
    Osaiweran, A., Schuts, M., Hooman, J., Groote, J., van Rijnsoever, B.: Evaluating the effect a lightweight formal technique in industry. Int. J. Softw. Tools Technol. Transf. 18, 93–108 (2016)CrossRefGoogle Scholar
  70. 70.
    Ostrand, T.J., Weyuker, E.J.: The distribution of faults in a large industrial software system. In: 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2002, pp. 55–64. ACM (2002)Google Scholar
  71. 71.
    Ostrand, T.J., Weyuker, E.J., Bell, R.M.: Where the bugs are. In: 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2004, pp. 86–96. ACM (2004)Google Scholar
  72. 72.
    Patikirikorala, T., Colman, A., Han, J., Wang, L.: A systematic survey on the design of self-adaptive software systems using control engineering approaches. In: Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, pp. 33–42. IEEE Press (2012)Google Scholar
  73. 73.
    Pei, Y., Furia, C.A., Nordio, M., Wei, Y., Meyer, B., Zeller, A.: Automated fixing of programs with contracts. IEEE Trans. Softw. Eng. 40(5), 427–449 (2014)CrossRefGoogle Scholar
  74. 74.
    Perez, A., Abreu, R., van Deursen, A.: A unifying metric for test adequacy and diagnosability. In: Automated Software Engineering (2016, Submitted)Google Scholar
  75. 75.
    Procaccianti, G., Fernández, H., Lago, P.: Empirical evaluation of two best practices for energy-efficient software development. J. Syst. Softw. 117, 185–198 (2016)CrossRefGoogle Scholar
  76. 76.
    Procaccianti, G., Lago, P., Lewis, G.A.: A catalogue of green architectural tactics for the cloud. In: Maintenance and Evolution of Service-Oriented and Cloud-Based Systems (MESOCA 2014), pp. 29–36. IEEE (2014)Google Scholar
  77. 77.
    Procaccianti, G., Lago, P., Vetro, A., Fernández, D.M., Wieringa, R.: The green lab: experimentation in software energy efficiency. In: Proceedings of the 37th International Conference on Software Engineering-Volume 2 (2015)Google Scholar
  78. 78.
    Rozanski, N., Woods, E.: Software Systems Architecture: Working with Stakeholders using Viewpoints and Perspectives. Addison-Wesley, Boston (2012)Google Scholar
  79. 79.
    Salvesen, K., Galeotti, J.P., Gross, F., Fraser, G., Zeller, A.: Using dynamic symbolic execution to generate inputs in search-based GUI testing. In: Gay, G., Antoniol, G. (eds.) 8th IEEE/ACM International Workshop on Search-Based Software Testing, SBST 2015, pp. 32–35. IEEE (2015)Google Scholar
  80. 80.
    Sheeran, M., Stålmarck, G.: A tutorial on Stålmarck’s proof procedure for propositional logic. Formal Methods Syst. Des. 16(1), 23–58 (2000)CrossRefGoogle Scholar
  81. 81.
    Slowinska, A., Stancescu, T., Bos, H.: Body armor for binaries: preventing buffer overflows without recompilation. In: Proceedings of USENIX Annual Technical Conference, Boston, MA, June 2012Google Scholar
  82. 82.
    Tretmans, J.: Model based testing with labelled transition systems. In: Hierons, R.M., Bowen, J.P., Harman, M. (eds.) FORTEST. LNCS, vol. 4949, pp. 1–38. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  83. 83.
    van der Veen, V., Goktas, E., Contag, M., Pawlowski, A., Chen, X., Rawat, S., Bos, H., Holz, T., Athanasopoulos, E., Giuffrida, C.: A tough call: mitigating advanced code-reuse attacks at the binary level. In: Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland), San Jose, CA, USA, IEEE, May 2016Google Scholar
  84. 84.
    van Deursen, A., Klint, P.: Little languages: little maintenance? J. Softw. Maintenance 10(2), 75–92 (1998)CrossRefGoogle Scholar
  85. 85.
    van Deursen, A., Klint, P., Tip, F.: Origin tracking. J. Symbolic Comput. 15(5/6), 523–545 (1993)CrossRefzbMATHGoogle Scholar
  86. 86.
    van Deursen, A., Klint, P., Visser, J.: Domain-specific languages: an annotated bibliography. SIGPLAN Not. 35(6), 26–36 (2000)CrossRefGoogle Scholar
  87. 87.
    van Genuchten, M., Hatton, L.: Metrics with impact. IEEE Softw. 30, 99–101 (2013)CrossRefGoogle Scholar
  88. 88.
    van Genuchten, M., Hatton, L.: When software crosses a line. IEEE Softw. 33, 29–31 (2016)Google Scholar
  89. 89.
    van Lamsweerde, A.: Requirements engineering in the year 00: a research perspective. In: Proceedings of the IEEE International Symposium on Requirements Engineering, pp. 5–19 (2000)Google Scholar
  90. 90.
    van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley, Hoboken (2009)Google Scholar
  91. 91.
    von Hagen, W., Filesystems, U.: UNIX Filesystems: Evolution, Design, and Implementation. SAMS, Indianapolis (2002)Google Scholar
  92. 92.
    Weyns, D., Iftikhar, M.U., de la Iglesia, D.G., Ahmad, T.: A survey of formal methods in self-adaptive systems. In: Proceedings of the IC on Computer Science and Software Engineering, pp. 67–79. ACM (2012)Google Scholar
  93. 93.
    Whittaker, J.A.: Exploratory Software Testing: Tips, Tricks, Tours, and Techniques to Guide Test Design. Addison-Wesley, Boston (2009)Google Scholar
  94. 94.
    Witze, A.: Software error doomed Japanese Hitomi spacecraft. Nature 533, 18–19 (2016)CrossRefGoogle Scholar
  95. 95.
    Wurster, G., van Oorschot, P.C., Somayaji, A.: A generic attack on checksumming-based software tamper resistance. In: 2005 IEEE Symposium on Security and Privacy (S&P 2005), pp. 127–138. IEEE Computer Society (2005)Google Scholar
  96. 96.
    Yamada, S.: Software Reliability Modeling. Springer, Heidelberg (2014)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Marieke Huisman
    • 1
    Email author
  • Herbert Bos
    • 2
  • Sjaak Brinkkemper
    • 3
  • Arie van Deursen
    • 4
  • Jan Friso Groote
    • 5
  • Patricia Lago
    • 2
  • Jaco van de Pol
    • 1
  • Eelco Visser
    • 4
  1. 1.University of TwenteEnschedeThe Netherlands
  2. 2.Vrije Universiteit AmsterdamAmsterdamThe Netherlands
  3. 3.Utrecht UniversityUtrechtThe Netherlands
  4. 4.Delft University of TechnologyDelftThe Netherlands
  5. 5.Eindhoven University of TechnologyEindhovenThe Netherlands

Personalised recommendations