scispace - formally typeset

Book ChapterDOI

Run Time Models in Adaptive Service Infrastructure

01 Jan 2010-pp 125-152

TL;DR: The approach undertaken in recent projects to address the challenge of assessing dependability for adaptive software systems is described and the traditional division among static analysis and dynamic analysis is blurred by the need to validate dynamic systems adaptation.
Abstract: Software in the near ubiquitous future will need to cope with variability, as software systems get deployed on an increasingly large diversity of computing platforms and operates in different execution environments. Heterogeneity of the underlying communication and computing infrastructure, mobility inducing changes to the execution environments and therefore changes to the availability of resources and continuously evolving requirements require software systems to be adaptable according to the context changes. Software systems should also be reliable and meet the user’s requirements and needs. Moreover, due to its pervasiveness, software systems must be dependable. Supporting the validation of these self-adaptive systems to ensure dependability requires a complete rethinking of the software life cycle. The traditional division among static analysis and dynamic analysis is blurred by the need to validate dynamic systems adaptation. Models play a key role in the validation of dependable systems, dynamic adaptation calls for the use of such models at run time. In this paper we describe the approach we have undertaken in recent projects to address the challenge of assessing dependability for adaptive software systems.

Content maybe subject to copyright    Report

Run time models in adaptive service infrastruc-
ture
Marco Autili, Paola Inverardi and Massimo Tivoli
Abstract. Software in the near ubiquitous future will need to cope with vari-
ability, as software systems get deployed on an increasingly large d iversity
of compu ti n g platforms and operates in different execution environments.
Heterogeneity of the underlying communication and computing infrastruc-
ture, mobility inducing changes to the execution environments and therefore
changes to the availa b ility of resources an d continuously evolving requirements
require software systems to be adaptable according to the co ntext changes.
Software systems should also be reliable and meet the user’s requirements
and needs. Moreover, due to its pervasiveness, software systems must be de-
pendable. Sup porting the validation of these self-adaptive systems to ensur e
dependability requires a complete rethinking of the software life cycle. The
traditional division am ong static analysis and dynamic analysis is blurred by
the need to validate dynamic systems adaptation. Models play a key role in
the validation of dependable systems, dyna mic adaptation calls for the use of
such models at run time. In this paper we describe the approach we have un -
dertaken in recent projects to addr ess the challenge of assessing dependability
for adaptive software systems.
1. Introduction
The near future envisions a pervasive heterogeneous computing infrastruc tu r e that
makes it possible to provide and access software serv ice s on a variety of devices,
from end-users with different needs and expectations. To ensure that users meet
their non-fu nc ti onal requirements by experiencing the best Quality of Service
(QoS) according to their needs and specific contexts of use, services need to be
This work is a revised and extended version of [28]. It has been partially supported by the IST
project PLA ST I C No 026955, the FET project CONNECT No 231167, and the Italian Prin
D-ASAP. We acknowledge all the members of the consortium for PLASTIC, CONNECT, and
D-ASAP, and of the SEALab at University of L’Aquila for joint efforts on all the research efforts
reported in this paper.

2 Marco Autili, Paola Inverardi and Massimo Tivoli
context-aware, adaptable, and dependable. The development and the execution of
such services is a big challenge and it is far to be solved.
Software services and systems in the near ubiquitous future (Softure) cannot
rely on the classical desktop-centric assumption that the system execution environ-
ment is known a priori at design time and, hence, the execution e nvironment of a
Softure cannot be statically anticipated. Softure will need to cope with variability,
as software systems get deployed on an incr e asin gly large diversity of comput-
ing platforms and operates in different execution environments. Heterogeneity of
the underlying communication and computing infrastructure, mobility inducing
changes to the execution environments and therefore changes to the availability of
resources and continuously evolving requirements require software systems to be
adaptable according to the context changes.
Context awareness and adaptation h ave become two key aspects to be con-
sidered while developing and running future software. While providing/consuming
services, Softure need to be aware of and adaptive to their context, i.e., the com-
bination of user-centric data (e.g., requested QoS, information of interest for users
according to their current circumstance) and resource/computer-centric data (e.g.,
resources and conditions of devices and network). At the same time, Softure should
be dependable and meet the user s performance requi r ements and needs. Moreover,
due to its pervasiveness and in order to make adaptation effective and successful,
adaptation must be considered in conjunction with dependability, i.e., no matter
what adaptation is performed, the system must continue to guarantee a certain
degree of QoS.
Supporting the development and execution of Softure systems raises numer-
ous challenges that involve languages, methods and tools for the s ys t ems through
design, analysis, and validation in order to ensure dependability of the self-adaptive
systems that are targeted.
In this paper we describe three completely different instantiations of a de vel-
opment proces s model for Softure systems. We report our experience in assessin g
dependability for adaptive software systems within the context of three d iffe r ent
projects. Although completely different, it is worthwhile considering the three sce-
narios since each of them focus on different dependability requirements. However,
due to their different nature and aims, neither a common example cannot be used
to discuss them nor it is meaningful for them to give an integrated view.
The first one, that we will describe in detail, concerns the IST PLASTIC [
36]
project that can be considered as a spe ci fic instance of Softure as context-aware
software for ne xt generation networking environments. Another scenario conce r ns
the FET CONNECT [
21] project that aims at enabling continuous composition of
networked systems to respond to the evolution of functionalities pr ovided to and
required from the networked environment. Since the project is still in a preliminary
stage, we cannot provide a detailed description of it. In the last scenario we describe
how to manage the performance of the Siena publish/subscribe middleware [
16,
19] by using the Performance Management Framework (PFM). PFM allows the
management of the s y st em p e r for mance at run time based on monitoring and

Run time models in adaptive service infrastructur e 3
model-based performance evaluation [17]. We will keep also the description of the
PFM scenario short since it concerns a particular act iv ity of a development process
model for Softure, i.e., dynamic reconfiguration driven by the run-time exploitation
of performance models.
Our thesis is that Softure requires to rethink t he whole software development
process since it never stabilizes, but it is permanently under maintenance. Software
evolution, which is traditionally pr acti ced as an off-line activity, must often be ac-
commodated at run time for Softure. This requires t o reconcile the static view with
the d y namic view by breaking the traditional division among development phases
by moving some activities from design time to deployment and run ti me hence
asking for new and more e fficie nt verification and validation techniques. Depend-
ability is achieved with a comprehensive life cycle approach from requirements to
operation, to maintenance by analyzing models, testing code, monitor, and repair
execution. Many software models are involved, from requirements to specification,
to code. In order to s up port dependability of adaptable applications new modeling
notations are require d. These should permit to express and deal with character-
istics that are crucial for a Softure, i.e., QoS, resource-awarene ss , evolution, re-
configuration, variability, and uncertainty. At the s ame time they should allow for
validation techniques affordable at run time. Their cost must be sustainable un-
der the execution environment resource constraints, e.g. time and computational
resources. In or d er to easily and consistently integrate the modeling layer with the
analysis and implementation ones, model transformation and evolution techniques
should be exploited.
The paper is structured as follows. In the following s ec tion we discuss the
Softure characteristics in order to identify the two key challenges, i.e., adaptability
and dependability, and to highlight the crucial role that mo de ls play, at run time,
for adaptive software. This discussion will bring us to cons i de r the Softure issues
in a software process perspective. In Se ct ion
3, we propose a new software process
for Softure, where models play a key role in dynamic adaptation and dependabil-
ity validation. In Section
4, we show the application of the proposed process to
three different scenarios we borrowed from three projects we participate(d) to. In
Section
5 we con clu d e by summarizing the thesis originating from the discussion
carried on throughout the paper.
2. Setting the context
Softure is supposed to execute i n an ubiquitous, heterogeneous infrastructure un-
der mobility constraints. This means that the software must be able to carry on
operations while changing different execution environments or contexts. Execution
contexts offer a variability of resources that can affect the software operation. Con-
text awareness refers to the ability of an application to sense the context in which
it is execu ti ng and therefore it is the base to consider (self-)adaptive applications,

4 Marco Autili, Paola Inverardi and Massimo Tivoli
i.e., software systems that have the ability to change their behavior in response to
external changes.
It is worthwhile stressing that although a change of context is measure d in
quantitative terms, an application can only be adapted by changing its behavior,
i.e., its functional/qualitative specification. For instance, (Physical) Mobil ity al-
lows a us e r to move out of his proper context, traveling across different contexts
and, to our purposes, the d iff er en c e among contexts is determined in terms of avail-
able resources like connec tiv ity, energy, software, etc. However other dimensions
of contexts can exis t relevant to the user, system and physical domains, which are
the main context domains identified in the literature [
38, 9, 26, 7, 20, 40]. In the
software d evelopment practice when building a system the context is determined
and it is also part of the (non-functional) requirements (operational, social, or-
ganizational constraints). If context changes, requirements change therefore the
system n ee ds to change. In standard software, the pace at which contex t changes
is slow and they are usually taken into account as evolutionary requirements. For
Softure, context changes occur due to physical mobility while the system is in
operation. This means that if the system needs to change this should happen dy-
namically. This notion leads to consider different ways to modify a system at run
time that can happen in different forms namely (self-)adaptiveness/dynamicity
and at different levels of granular ity, from software architecture to line of code.
Softure nee d s also to be dependable. Dependability is an orthogonal is su e that
depends on QoS attributes, like performance and all other -bilities. D e pendability
impacts all th e software life cycle. In general dependability i s an attribute for soft-
ware systems that operate in specific application domains. For Softure we consider
dependability in its original meaning as defined in [
27], that is the trustworthiness
of a computing system which allows reliance to be justifiably placed on the ser-
vice it delivers ... Dependability includes such attributes as reliability, availability,
safety, security. Softure encompasses any kind of software system that can operate
in the future ubiquitous infrastructure. The dependability requir e ment is therefore
extended also to applications that traditionally have not this requirement. Depend-
ability in this case represents the user requirement that states that the application
must operate in the unknown world (i.e., out of a confined execution environment)
with the same level of reliance it has when oper ati ng at home. At home means
in the controlled execution environment where there is complete knowledge of the
system behavior and the context is fixed. In the unknown world, the knowledge
of the system is undermined by the absence of knowledge on contexts, thus the
dependability requirement arises also for conventional appli cati ons . Traditionally
dependability is achieved with a comprehensi ve approach all along the software life
cycle from requirements to operation to maintenance by analyzing models , testing
code, monitor and repair execution.
Therefore the overall challenge is to provide dependable assurance for highly
adaptable applications. Since dep en dabi lity is achieved throughout the life cycle
many s oftware artifacts are involved, from requirements specificati on to code. In
the rest of this paper, as such artifacts, we will consider model s , i.e., an idealized

Run time models in adaptive service infrastructur e 5
view of the system suitable for reasoning, developing, validating a real system.
Models can be functional and non-functional and can represent different level of
abstractions of the real system, from requ ir e ments to code. Our rese arch bias is
on Software Architecture, therefore we will often consider softwar e architectur al
systems’ models. An architectural model allows the description of the static and
dynamic components of the system and explains how they interact. Software ar-
chitectures support earl y analysis , verification and validation of software systems.
Software architectures are the earliest comprehensive system model along the soft-
ware lifecycle built from requirements specification. They are increasingly part of
standardized software development processes because they r ep r e se nt a system ab-
straction in which design choices relevant to the correctness of the final system
are taken. This is particularly evident for dependability requirements like security
and reliability and q uantitative ones like performance.
3. The Process View: the Role of Models at Run Time
In this section we cast the above discussed challenges in a development process
view. The process view focuses on the s et of activities that characterize the devel-
opment and the operation of a software system. These activities are traditionally
divided into activities related t o the actual production of the software system and
activities that are performed when the s y st em can be executed and goes into op-
eration. Specification, Design, Validation, an d Evolution activiti es vary depending
on the organizati on and the type of system being developed. Each Activity requires
its Language, Methods and Tools and works on suitable artefacts of the system.
For validation purposes each artefact can be cou ple d with a model. Models are
an idealized view of the system suitable f or reasoning, developing, validating a
real system. To achieve dependability a large variety of models are used from be-
havioural to stochastic. These models represent the systems at very different levels
of abstr acti on from require ments specification to code. The ever growing complex-
ity of software has exacer bate d the dichotomy development/static/compile time
versus execution/dynamic/interpreter time concentrating as many analysis and
validation activities as possible at development time.
Softure puts new requirements on this standard development pro ce ss . The
evolutionary nature of Softure makes infeasible a standard approach to validation
since it would require before t he system is in execution to predict the system
behaviour with respect to virtually any possible change. Therefore, in the literature
most approaches that try to deal with the validation of dynamic software system
concentrate the changes to the st r uc tu r e by using graph and graph grammars
formalisms or topological constraints [
11, 23, 25, 30, 32, 39, 14, 22]. As far as
changes to behaviour ar e concerned, only few approaches exist that make use
either of behavioural equivalence checks or of the type system [2, 3, 4] or through
code certification [
12, 33]. If dependability has to be preserved through adaptation,
whatever the change mechanism is, at the time the change occurs a validation check

Citations
More filters

01 Jan 2008-
TL;DR: An implementation to derive on-line monitors for web services automatically from SLAs using an Eclipse plugin is presented and the efficiency and scalability of this approach is evaluated using a large-scale case study in a service-oriented computational grid.
Abstract: If an organization depends on the service quality provided by another organization it often enters into a bilateral service level agreement (SLA), which mitigates outsourcing risks by associating penalty payments with poor service quality. Once these agreements are entered into, it becomes necessary to monitor their conditions, which will commonly relate to timeliness, reliability and request throughput, at run-time. We show how these conditions can be translated into timed automata. Acceptance of a timed word by a timed automaton can be decided in quadratic time and because the timed automata can operate while messages are exchanged at run-time there is effectively only a linear run-time overhead. We present an implementation to derive on-line monitors for web services automatically from SLAs using an Eclipse plugin. We evaluate the efficiency and scalability of this approach using a large-scale case study in a service-oriented computational grid.

10 citations


Proceedings Article
23 Oct 2011-
TL;DR: A systematic review of the study of adaptivity in which both the extension and complexity of this notion are examined, and the hypothesis of using the scope of service-oriented architecture as a comparable model for the whole field is checked.
Abstract: The study of adaptivity, i.e., the capability to react to changes in the environment, is becoming ever more important in many fields of study, and in the development of software in particular. This paper presents a systematic review in which both the extension and complexity of this notion are examined. After studying the influence from external fields, this review checks the hypothesis of using the scope of service-oriented architecture as a comparable model for the whole field. As part of the systematic review, the influence of the most relevant bibliography is considered, and the terminology is clarified.

7 citations


Cites methods from "Run Time Models in Adaptive Service..."

  • ...In summary, we can conclude that currently there is not any effective method able to evaluate the adaptivity of a software system [27][28] [29][30][31][32][33][34][35][36] – not even when we refer to this property not in the wider sense, but focusing on a concrete feature....

    [...]

  • ...[35] User-level Quality of Service (QoS) (Context awareness) / PLASTIC, model PFM / Pervasive Networking Environment Performance evaluation...

    [...]


References
More filters

Proceedings ArticleDOI
08 Dec 1994-
TL;DR: This paper describes systems that examine and react to an individual's changing context, and describes four catagories of context-aware applications: proximate selection, automatic contextual reconfiguration, contextual information and commands, and contex-triggered actions.
Abstract: This paper describes systems that examine and react to an individual's changing context. Such systems can promote and mediate people's interactions with devices, computers, and other people, and they can help navigate unfamiliar places. We believe that a limited amount of information covering a person's proximate environment is most important for this form of computing since the interesting part of the world around us is what we can see, hear, and touch. In this paper we define context-aware computing, and describe four catagories of context-aware applications: proximate selection, automatic contextual reconfiguration, contextual information and commands, and contex-triggered actions. Instances of these application types have been prototyped on the PARCTAB, a wireless, palm-sized computer.

3,717 citations


"Run Time Models in Adaptive Service..." refers background in this paper

  • ...However other dimensions of contexts can exist relevant to the user, system and physical domains, which are the main context domains identified in the literature [38, 9, 26, 7, 20, 40]....

    [...]


Journal ArticleDOI
01 Jun 2007-
TL;DR: Common architecture principles of context-aware systems are presented and a layered conceptual design framework is derived to explain the different elements common to mostcontext-aware architectures.
Abstract: Context-aware systems offer entirely new opportunities for application developers and for end users by gathering context data and adapting systems behaviour accordingly. Especially in combination with mobile devices, these mechanisms are of high value and are used to increase usability tremendously. In this paper, we present common architecture principles of context-aware systems and derive a layered conceptual design framework to explain the different elements common to most context-aware architectures. Based on these design principles, we introduce various existing context-aware systems focusing on context-aware middleware and frameworks, which ease the development of context-aware applications. We discuss various approaches and analyse important aspects in context-aware computing on the basis of the presented systems.

1,998 citations


"Run Time Models in Adaptive Service..." refers background in this paper

  • ...However other dimensions of contexts can exist relevant to the user, system and physical domains, which are the main context domains identified in the literature [38, 9, 26, 7, 20, 40]....

    [...]


Book
01 Aug 2003-
TL;DR: The authoritative guide to the Eclipse Modeling Framework (EMF)--written by the lead EMF designers! shows how EMF unifies three important technologies: Java, XML, and UML.
Abstract: The authoritative guide to the Eclipse Modeling Framework (EMF)--written by the lead EMF designers! Shows how EMF unifies three important technologies: Java, XML, and UML @BULLET= Provides a comprehensive overview of the EMF classes including a complete quick reference for all the classes and methods in the EMF 1.1 API. Includes examples of many common framework customizations and programming techniques.

1,985 citations


"Run Time Models in Adaptive Service..." refers methods in this paper

  • ...In particular, relying on the Chameleon programming model (see below), models are translated automatically into generic code skeletons (like the one in Listing 1) by means of a developed code generator based on the Eclipse Java Emitter Template framework (part of the EMF framework [15])....

    [...]


Proceedings ArticleDOI
George C. Necula1Institutions (1)
01 Jan 1997-
TL;DR: It is shown in this paper how proof-carrying code might be used to develop safe assembly-language extensions of ML programs and the adequacy of concrete representations for the safety policy, the safety proofs, and the proof validation is proved.
Abstract: This paper describes proof-carrying code (PCC), a mechanism by which a host system can determine with certainty that it is safe to execute a program supplied (possibly in binary form) by an untrusted source. For this to be possible, the untrusted code producer must supply with the code a safety proof that attests to the code's adherence to a previously defined safety policy. The host can then easily and quickly validate the proof without using cryptography and without consulting any external agents.In order to gain preliminary experience with PCC, we have performed several case studies. We show in this paper how proof-carrying code might be used to develop safe assembly-language extensions of ML programs. In the context of this case study, we present and prove the adequacy of concrete representations for the safety policy, the safety proofs, and the proof validation. Finally, we briefly discuss how we use proof-carrying code to develop network packet filters that are faster than similar filters developed using other techniques and are formally guaranteed to be safe with respect to a given operating system safety policy.

1,785 citations


Journal ArticleDOI
TL;DR: SIENA, an event notification service that is designed and implemented to exhibit both expressiveness and scalability, is presented and the service's interface to applications, the algorithms used by networks of servers to select and deliver event notifications, and the strategies used to optimize performance are described.
Abstract: The components of a loosely coupled system are typically designed to operate by generating and responding to asynchronous events. An event notification service is an application-independent infrastructure that supports the construction of event-based systems, whereby generators of events publish event notifications to the infrastructure and consumers of events subscribe with the infrastructure to receive relevant notifications. The two primary services that should be provided to components by the infrastructure are notification selection (i. e., determining which notifications match which subscriptions) and notification delivery (i.e., routing matching notifications from publishers to subscribers). Numerous event notification services have been developed for local-area networks, generally based on a centralized server to select and deliver event notifications. Therefore, they suffer from an inherent inability to scale to wide-area networks, such as the Internet, where the number and physical distribution of the service's clients can quickly overwhelm a centralized solution. The critical challenge in the setting of a wide-area network is to maximize the expressiveness in the selection mechanism without sacrificing scalability in the delivery mechanism. This paper presents SIENA, an event notification service that we have designed and implemented to exhibit both expressiveness and scalability. We describe the service's interface to applications, the algorithms used by networks of servers to select and deliver event notifications, and the strategies used to optimize performance. We also present results of simulation studies that examine the scalability and performance of the service.

1,557 citations


"Run Time Models in Adaptive Service..." refers methods in this paper

  • ...In particular, we describe the application of PFM to the management of the performance of the Siena publish/subscribe middleware [16, 19]....

    [...]

  • ...In the last scenario we describe how to manage the performance of the Siena publish/subscribe middleware [16, 19] by using the Performance Management Framework (PFM)....

    [...]

  • ...PMF has been experimented to manage the performance of the PFM publish/subscribe middleware [16, 19]....

    [...]


Network Information
Related Papers (5)
10 May 2008

Serena Fritsch, Aline Senart +2 more

10 May 2008

Yanyan Wang, Antonio Carzaniga +1 more

Performance
Metrics
No. of citations received by the Paper in previous years
YearCitations
20111
20081