SlideShare a Scribd company logo

Paderborn

Carlo Ghezzi
Carlo Ghezzi
1 of 39
Download to read offline
Challenges of self-adaptive software the fading boundary between development time and run time 9th International Heinz Nixdorf Symposium Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEI-PoliMI 1
The vision • World fully populated by computationally rich devices offering services (disappearing computer) – appliances, sensors/actuators, ... “things” • Cyber-physical systems • Mobility • Situation-aware computing – new “services” built dynamically in a situation-dependent manner • Continuously running systems – need to evolve while they offer service 2
The challenge • Change and flexibility adversary of dependability • Can they be reconciled through sound design methods? 3
The machine and the world Domain properties (assumptions) Goals Specification Requirements P. Zave and M. Jackson. Four dark corners of requirements engineering. ACM Trans. Softw. Eng. Methodol., 6(1):1–30, 1997. 4
Dependability arguments Assume that a rigorous (formal) representation is given for – R = requirements – S = specification – D = domain assumptions if S and D are all satisfied and consistent, it is necessary to prove – S, D |= R 5
Change comes into play • Changes in goals/requirements • Changes in domain assumptions – Usage context • request profiles – Physical context • space, time, … – Computational context • external components/services (multiple ownership) ‣ systems increasingly built out of parts that are developed, maintained, and even operated by independent parties ‣ no single stakeholder oversees all parts, which may change independently ‣ yet by assembling the whole one commits to achieving certain goals 6
Changes may affect dependability • Changes may concern • R • D • We can decompose D into Df and Dc – Df is the fixed/stable part – Dc is the changeable part We need to detect changes to Dc and make changes to S to keep satisfying R (self-)adaptation (vs. evolution) 7
Change revisited • Change recognized as a crucial problem since the 1970’s (see work by M. Lehman) • Traditionally managed off-line: software maintenance • What is new here – the unprecedented degree of change – the request that software responds to changes while the system is running (continuously running systems), possibly in a self-managed manner 8
A paradigm change • Conventional separation between development time and run time is blurring • Models + requirements need to be kept + updated at run time (systems need to be reflective) • Continuous verification must be performed to detect the need for adaptation    F(S=OK) Env R. Calinescu, C. Ghezzi, M. Kwiatkokwska, R. Mirandola, “Self-adaptive software 9 needs quantitative verification at runtime”, Comm. ACM, Sept. 2012
Zoom-in A framework for (self) adaptation • [ICSE 2009] I. Epifani, C. Ghezzi, R. Mirandola, G. Tamburrelli, "Model Evolution by Run-Time Parameter Adaptation” • [RE 2009] C. Ghezzi, G. Tamburrelli, "Reasoning on Non Functional Requirements for Integrated Services” • [FSE 2010] I. Epifani, C. Ghezzi, G. Tamburrelli, "Change-Point Detection for Black-Box Services” 10
Specific focus • Non-functional requirements – reliability, performance, energy consumption, cost, … • Quantitatively stated in probabilistic terms • Dc decomposed into Du , Ds – Du = usage profile – Ds = S1 ∧ .... ∧ Sn Si assumption on i-th service ? Hard to estimate at ? ? ? System under design time + development ? very likely to change ? ? at run time ? 11
Our approach in a nutshell Reqs + Formalization 0 Learning & update Initial Assumptions 1 E Implementation Monitoring Execution 12
Models • Different models provide different viewpoints from which a system can be analyzed • Focus on non-functional properties and quantitative ways to deal with uncertainty • Use of Markov models – DTMCs for reliability – CTMCs for performance – Reward DTMCs for energy/cost 13
Quantitative modelling • Operational model: state machine with probabilities on transitions (DTMC) • Success/failure states as final • Requirements expressed as properties in PCTL (probabilistic extension of CTL) • typically: reachability properties • P>0.8 [◊(system state = success)] • Excellent tools exist to perform verification via model checking – PRISM (Kwiatkowska et al.) • http://www.prismmodelchecher.org/ – MRMC (Katoen at al.) • http://www.mrmc-tool.org/trac/ 14
The approach in in action: e-commerce service composition Users classified as BigSpender or SmallSpender based on their usage profile. 3 probabilistic requirements: R1: “Probability of success is > 0.8” R2: “Probability of a ExpShipping failure for a user recognized as BigSpender < 0.035” R3: “Probability of an authentication failure is less then < 0.06” 15
Assumptions User profile domain knowledge External service assumptions (reliability) 16
DTMC model Property check via model checking R1: “Probability of success is > 0.8” 0.84 R2: “Probability of a ExpShipping failure for a user recognized as BigSpender < 0.035” 0.031 R3: “Probability of an authentication failure is less then < 0.06” 0.056 17
What happens at run time? • We monitor the actual behavior • A statistical (Bayesian) approach estimates the updated DTMC matrix (posterior) given run time traces and prior transitions • Boils down to the following updating rule A-priori Knowledge A-posteriori Knowledge 18
Model @ run time • A detected violation of a requirements does not mean that the violation actually occurred in reality (i.e., experienced by user) • Model analysis has a predictive nature 0.067 Predicted failure! Probability of a ExpShipping failure for a user recognized a BigSpender < 0.035 19
Reflective run time environments • Traditionally software engineering has been mostly concerned with development time • The result is code that simply needs to be run (Self-)adaptive software requires much more - must be able to reason at run time about itself and the environment ✓ models ✓ goals and requirements ✓ strategies must be available at runtime 20
Run-time agility, incrementality • Agility taken to extremes - time boundaries shrink ✓ constrained by real-time requirements • Verification approaches must be re-visited - they must be incremental Given S system (model), P property to verify for S Change = new pair S’, P’ Incremental verification reuses part of the proof of S against P to verify S’ against P’ 21
Incrementality by parameterization g m d i • Requires anticipation of changing parameters ra • The model is partly numeric and partly symbolic a p • Evaluation of the verification condition requires m st r partial evaluation (mixed numerical/symbolic o ir m k f ate processing) g o n o i C p l • Result is a formula (polynomial for reachability on r k DTMCs) -u o • Evaluation at run time substitutes actual values to W arm symbolic parameters W [ICSE 2011] A. Filieri, C. Ghezzi, G. Tamburrelli, “Run-Time Efficient Probabilistic Model Checking” [FAC 2012] A Filieri, C. Ghezzi, G. Tamburrelli,, “A formal approach to adaptive software: continuous assurance of non-functional requirements”, Formal Aspects of Computing, vol. 4, n. 2, 2012 22
Working mom paradigm Design-Time Partial (offline) 0 evaluation 1 E Parameter Run-Time (online) values Analyzable properties: reliability, costs (e.g., energy consumption) 23
Back to example Returning Search Buy ExpShipping FailedExpSh 1 1 1 4 7 0.5 10 x 0.05 13 1 0.2 0.3 0.95 0.35 1-x CheckOut Login Profiler FailedLg FailedChk Logout Success 1 0.97 1 1 0 2 5 8 0.1 11 0.9 14 0.97 16 0.03 0.65 0.95 0.03 0.25 1 1 3 1 6 9 0.6 12 0.05 15 0.15 NewCustomer Search Buy NrmShipping FailedNrmSh Design time evaluation has very high complexity Run time evaluation is extremely efficient 24
Zoom-in Control-theory based self adaptation [ASE 2011] A. Filieri, C. Ghezzi, A. Leva, M. Maggio, “Self-Adaptive Software Meets Control Theory: A Preliminary Approach Supporting Reliability Requirements” [SEAMS 2012] A. Filieri, C. Ghezzi, A. Leva, M. Maggio, "Reliability-driven dynamic binding via feedback control" 25
First approach • Tune software through its model via feedback control loop • Formally prove controller’s capabilities (error reduction, convergence, ...) Dynamic Parametric Dynamic controllable behavioral controllable model model model Control the model, control the software Controller 26
Reliability-driven Dynamic-binding C0 p 1-p PI Controllers C1 C2 Abstract interface p 1-p p 1-p Concrete implementations [SEAMS2012] 27
Zoom-in Dynamic software update [ESEC/FSE 2011] X, Ma, L, Baresi, C, Ghezzi,V. Panzica La Manna, and J. Lu, “Version-consistent Dynamic Reconfiguration of Component-based Distributed Systems” [SEAMS 2012] C. Ghezzi, J. Greenyer,V. Panzica La Manna, "Synthesizing Dynamically Updating Controllers from Changes in Scenario-based Specifications" 28
Goal • Support run-time changes to the structure and behavior of a running software Low$ Timeliness$ Safety$ Disruption$ • Two approaches: • Module level • Model level 29
A  Speci(ication-­‐oriented   Perspective Environment 10
A  Speci(ication-­‐oriented   Perspective Speci5ication Requirements:  The  set  of   runs  (events   Requirements Environment sequences)  allowed  in   Assumptions the  system.    “Something  that  the   system  must  (not)  do” Assumptions:  The  set  of   runs  we  assume  can   happen  in  the  system.    “Something  that  the   Environment environment  will  (not)   11
A  Speci(ication-­‐oriented   Perspective Speci5ication NEW  Speci5ication Environment Environment Requirements Requirements Assumptions Assumptions Environment 12
A  Speci(ication-­‐oriented   Perspective Speci5ication NEW  Speci5ication Environment Environment Requirements Requirements Assumptions Assumptions Environment 13
A  Speci(ication-­‐oriented   Perspective Speci5ication NEW  Speci5ication Environment Environment Requirements Requirements Assumptions Assumptions Challenges: 1)  In  which  state  a   running  system  can  be   safely  updated  to  satisfy   the  new  speci5ication? Environment 14
A  Speci(ication-­‐oriented   Perspective Speci5ication NEW  Speci5ication Environment Environment Requirements Requirements Assumptions Assumptions Challenges: 1)  In  which  state  a   running  system  can  be   safely  updated  to  satisfy   the  new  speci5ication? 2)  How  the  dynamically   updating  system  can  be   automatically  derived? Environment 15
Contribution Challenges: 1.General  formal  de5inition  of   1)  In  which  state  a   correct  dynamic  updates   running  system  can  be   from  changes  in  the   safely  updated  to  satisfy   speci5ication. the  new  speci5ication? 2)  How  the  dynamically   2.Approach  for  automatically   updating  system  can  be   synthesizing  a  dynamically   automatically  derived? updating  controller  from   changes  in  scenario-­‐based   speci5ications. 17
Conclusions and future work • (Self-)adaptation is needed • It requires a paradigm shift • Run-time environments must become semantically rich • Run-time reasoning must be supported, not just execution • Continuous change and the quest for incrementality • Opportunities for interdisciplinary research • Challenges from real scenarios 37
Thanks to the group 38
Acknowledgements This work is supported by and Advanced Grant of the European Research Council Programme IDEAS-ERC, Project 227977---SMScom 39

Recommended

Engineered Resilient Systems, overview and status, 31 october 2011
Engineered Resilient Systems, overview and status, 31 october 2011Engineered Resilient Systems, overview and status, 31 october 2011
Engineered Resilient Systems, overview and status, 31 october 2011RNeches
 
Friedenthal.sandford
Friedenthal.sandfordFriedenthal.sandford
Friedenthal.sandfordNASAPMC
 
Pr 005 qa_workshop
Pr 005 qa_workshopPr 005 qa_workshop
Pr 005 qa_workshopFrank Gielen
 
Software enginnering unit 01 by manoj kumar soni
Software enginnering unit 01 by manoj kumar soniSoftware enginnering unit 01 by manoj kumar soni
Software enginnering unit 01 by manoj kumar sonimanojsonikgn
 
Jim.free
Jim.freeJim.free
Jim.freeNASAPMC
 
Jaguar Land Rover - Robust Design Optimization of a Knee Bolster
Jaguar Land Rover - Robust Design Optimization of a Knee BolsterJaguar Land Rover - Robust Design Optimization of a Knee Bolster
Jaguar Land Rover - Robust Design Optimization of a Knee BolsterAltair ProductDesign
 
Dfr Presentation
Dfr PresentationDfr Presentation
Dfr Presentationeraz
 
Ph.D. Dissertation
Ph.D. DissertationPh.D. Dissertation
Ph.D. DissertationSumant Tambe
 

Recommended

Engineered Resilient Systems, overview and status, 31 october 2011
Engineered Resilient Systems, overview and status, 31 october 2011Engineered Resilient Systems, overview and status, 31 october 2011
Engineered Resilient Systems, overview and status, 31 october 2011RNeches
 
Friedenthal.sandford
Friedenthal.sandfordFriedenthal.sandford
Friedenthal.sandfordNASAPMC
 
Pr 005 qa_workshop
Pr 005 qa_workshopPr 005 qa_workshop
Pr 005 qa_workshopFrank Gielen
 
Software enginnering unit 01 by manoj kumar soni
Software enginnering unit 01 by manoj kumar soniSoftware enginnering unit 01 by manoj kumar soni
Software enginnering unit 01 by manoj kumar sonimanojsonikgn
 
Jim.free
Jim.freeJim.free
Jim.freeNASAPMC
 
Jaguar Land Rover - Robust Design Optimization of a Knee Bolster
Jaguar Land Rover - Robust Design Optimization of a Knee BolsterJaguar Land Rover - Robust Design Optimization of a Knee Bolster
Jaguar Land Rover - Robust Design Optimization of a Knee BolsterAltair ProductDesign
 
Dfr Presentation
Dfr PresentationDfr Presentation
Dfr Presentationeraz
 
Ph.D. Dissertation
Ph.D. DissertationPh.D. Dissertation
Ph.D. DissertationSumant Tambe
 
Solido Variation Designer Datasheet
Solido Variation Designer DatasheetSolido Variation Designer Datasheet
Solido Variation Designer DatasheetSolido Design Automation
 
DFR a case study using a physics of failure
DFR a case study using a physics of failure DFR a case study using a physics of failure
DFR a case study using a physics of failure ASQ Reliability Division
 
Lifecycle
LifecycleLifecycle
LifecyclePetros Maragkoudakis
 
Lesson2 software process_contd2
Lesson2 software process_contd2Lesson2 software process_contd2
Lesson2 software process_contd2Nongkonlek Los Blancos
 
Why iterative software project management matters
Why iterative software project management mattersWhy iterative software project management matters
Why iterative software project management mattersHermano Moura
 
Thomas.mc vittie
Thomas.mc vittieThomas.mc vittie
Thomas.mc vittieNASAPMC
 
Designing at 2x nanometers Some New Problems Appear & Some Old Ones Remain
Designing at 2x nanometers Some New Problems Appear & Some Old Ones RemainDesigning at 2x nanometers Some New Problems Appear & Some Old Ones Remain
Designing at 2x nanometers Some New Problems Appear & Some Old Ones Remainchiportal
 
Tridiagona Solutions Corporate Presentation
Tridiagona Solutions Corporate PresentationTridiagona Solutions Corporate Presentation
Tridiagona Solutions Corporate Presentationabhijeetsd
 
Agile Importance in Pharmaceutical Industry
Agile Importance in Pharmaceutical IndustryAgile Importance in Pharmaceutical Industry
Agile Importance in Pharmaceutical IndustryVijay Brzee
 
Reliability Training Lesson 1 Basics
Reliability Training Lesson 1 BasicsReliability Training Lesson 1 Basics
Reliability Training Lesson 1 Basicsrhilding
 
Slides Cost Based Performance Modelling
Slides Cost Based Performance ModellingSlides Cost Based Performance Modelling
Slides Cost Based Performance ModellingEugene Margulis
 
My talk at PMI Sweden Congress 2013 on Agile and Large Software Products
My talk at PMI Sweden Congress 2013 on Agile and Large Software ProductsMy talk at PMI Sweden Congress 2013 on Agile and Large Software Products
My talk at PMI Sweden Congress 2013 on Agile and Large Software ProductsSvante Lidman
 
Eggert.joe
Eggert.joeEggert.joe
Eggert.joeNASAPMC
 
Postdoc Symposium - Abram Hindle
Postdoc Symposium - Abram HindlePostdoc Symposium - Abram Hindle
Postdoc Symposium - Abram HindleICSM 2011
 
Kirsch.mike
Kirsch.mikeKirsch.mike
Kirsch.mikeNASAPMC
 
6 sigma rollators update for my blog
6 sigma rollators update for my blog6 sigma rollators update for my blog
6 sigma rollators update for my blogMario Ruiz Felix
 
8 - Architetture Software - Architecture centric processes
8 - Architetture Software - Architecture centric processes8 - Architetture Software - Architecture centric processes
8 - Architetture Software - Architecture centric processesMajong DevJfu
 
Dpm sapphire 2012
Dpm sapphire 2012 Dpm sapphire 2012
Dpm sapphire 2012 Melvyn D. Scofield
 
Planificación del proyecto análisis de riesgo
Planificación del proyecto análisis de riesgoPlanificación del proyecto análisis de riesgo
Planificación del proyecto análisis de riesgoProColombia
 
Feasible
FeasibleFeasible
Feasibleanasamirah
 
Лилия Горелая
Лилия ГорелаяЛилия Горелая
Лилия ГорелаяOleg Samoilow
 
A peliku
A pelikuA peliku
A pelikunidlomserah
 

More Related Content

What's hot

DFR a case study using a physics of failure
DFR a case study using a physics of failure DFR a case study using a physics of failure
DFR a case study using a physics of failure ASQ Reliability Division
 
Why iterative software project management matters
Why iterative software project management mattersWhy iterative software project management matters
Why iterative software project management mattersHermano Moura
 
Thomas.mc vittie
Thomas.mc vittieThomas.mc vittie
Thomas.mc vittieNASAPMC
 
Designing at 2x nanometers Some New Problems Appear & Some Old Ones Remain
Designing at 2x nanometers Some New Problems Appear & Some Old Ones RemainDesigning at 2x nanometers Some New Problems Appear & Some Old Ones Remain
Designing at 2x nanometers Some New Problems Appear & Some Old Ones Remainchiportal
 
Tridiagona Solutions Corporate Presentation
Tridiagona Solutions Corporate PresentationTridiagona Solutions Corporate Presentation
Tridiagona Solutions Corporate Presentationabhijeetsd
 
Agile Importance in Pharmaceutical Industry
Agile Importance in Pharmaceutical IndustryAgile Importance in Pharmaceutical Industry
Agile Importance in Pharmaceutical IndustryVijay Brzee
 
Reliability Training Lesson 1 Basics
Reliability Training Lesson 1 BasicsReliability Training Lesson 1 Basics
Reliability Training Lesson 1 Basicsrhilding
 
Slides Cost Based Performance Modelling
Slides Cost Based Performance ModellingSlides Cost Based Performance Modelling
Slides Cost Based Performance ModellingEugene Margulis
 
My talk at PMI Sweden Congress 2013 on Agile and Large Software Products
My talk at PMI Sweden Congress 2013 on Agile and Large Software ProductsMy talk at PMI Sweden Congress 2013 on Agile and Large Software Products
My talk at PMI Sweden Congress 2013 on Agile and Large Software ProductsSvante Lidman
 
Eggert.joe
Eggert.joeEggert.joe
Eggert.joeNASAPMC
 
Postdoc Symposium - Abram Hindle
Postdoc Symposium - Abram HindlePostdoc Symposium - Abram Hindle
Postdoc Symposium - Abram HindleICSM 2011
 
Kirsch.mike
Kirsch.mikeKirsch.mike
Kirsch.mikeNASAPMC
 
6 sigma rollators update for my blog
6 sigma rollators update for my blog6 sigma rollators update for my blog
6 sigma rollators update for my blogMario Ruiz Felix
 
8 - Architetture Software - Architecture centric processes
8 - Architetture Software - Architecture centric processes8 - Architetture Software - Architecture centric processes
8 - Architetture Software - Architecture centric processesMajong DevJfu
 
Planificación del proyecto análisis de riesgo
Planificación del proyecto análisis de riesgoPlanificación del proyecto análisis de riesgo
Planificación del proyecto análisis de riesgoProColombia
 

What's hot (20)

Solido Variation Designer Datasheet
Solido Variation Designer DatasheetSolido Variation Designer Datasheet
Solido Variation Designer Datasheet
 
DFR a case study using a physics of failure
DFR a case study using a physics of failure DFR a case study using a physics of failure
DFR a case study using a physics of failure
 
Lifecycle
LifecycleLifecycle
Lifecycle
 
Lesson2 software process_contd2
Lesson2 software process_contd2Lesson2 software process_contd2
Lesson2 software process_contd2
 
Why iterative software project management matters
Why iterative software project management mattersWhy iterative software project management matters
Why iterative software project management matters
 
Thomas.mc vittie
Thomas.mc vittieThomas.mc vittie
Thomas.mc vittie
 
Designing at 2x nanometers Some New Problems Appear & Some Old Ones Remain
Designing at 2x nanometers Some New Problems Appear & Some Old Ones RemainDesigning at 2x nanometers Some New Problems Appear & Some Old Ones Remain
Designing at 2x nanometers Some New Problems Appear & Some Old Ones Remain
 
Tridiagona Solutions Corporate Presentation
Tridiagona Solutions Corporate PresentationTridiagona Solutions Corporate Presentation
Tridiagona Solutions Corporate Presentation
 
Agile Importance in Pharmaceutical Industry
Agile Importance in Pharmaceutical IndustryAgile Importance in Pharmaceutical Industry
Agile Importance in Pharmaceutical Industry
 
Reliability Training Lesson 1 Basics
Reliability Training Lesson 1 BasicsReliability Training Lesson 1 Basics
Reliability Training Lesson 1 Basics
 
Slides Cost Based Performance Modelling
Slides Cost Based Performance ModellingSlides Cost Based Performance Modelling
Slides Cost Based Performance Modelling
 
My talk at PMI Sweden Congress 2013 on Agile and Large Software Products
My talk at PMI Sweden Congress 2013 on Agile and Large Software ProductsMy talk at PMI Sweden Congress 2013 on Agile and Large Software Products
My talk at PMI Sweden Congress 2013 on Agile and Large Software Products
 
Eggert.joe
Eggert.joeEggert.joe
Eggert.joe
 
Postdoc Symposium - Abram Hindle
Postdoc Symposium - Abram HindlePostdoc Symposium - Abram Hindle
Postdoc Symposium - Abram Hindle
 
Kirsch.mike
Kirsch.mikeKirsch.mike
Kirsch.mike
 
6 sigma rollators update for my blog
6 sigma rollators update for my blog6 sigma rollators update for my blog
6 sigma rollators update for my blog
 
8 - Architetture Software - Architecture centric processes
8 - Architetture Software - Architecture centric processes8 - Architetture Software - Architecture centric processes
8 - Architetture Software - Architecture centric processes
 
Dpm sapphire 2012
Dpm sapphire 2012 Dpm sapphire 2012
Dpm sapphire 2012
 
Planificación del proyecto análisis de riesgo
Planificación del proyecto análisis de riesgoPlanificación del proyecto análisis de riesgo
Planificación del proyecto análisis de riesgo
 
Feasible
FeasibleFeasible
Feasible
 

Viewers also liked

Лилия Горелая
Лилия ГорелаяЛилия Горелая
Лилия ГорелаяOleg Samoilow
 
Laser 3-incremental
Laser 3-incrementalLaser 3-incremental
Laser 3-incrementalCarlo Ghezzi
 
Module iii development of an export marketing strategy
Module iii development of an export marketing strategyModule iii development of an export marketing strategy
Module iii development of an export marketing strategyquanghieu102t
 
プレゼンテーション1
プレゼンテーション1プレゼンテーション1
プレゼンテーション1Otsuchiya5339
 
Presentation Tsuchiya
Presentation TsuchiyaPresentation Tsuchiya
Presentation TsuchiyaOtsuchiya5339
 
Module i introduction
Module i introductionModule i introduction
Module i introductionquanghieu102t
 
Laser 1-background
Laser 1-backgroundLaser 1-background
Laser 1-backgroundCarlo Ghezzi
 
Module ii situation analysis
Module ii situation analysisModule ii situation analysis
Module ii situation analysisquanghieu102t
 
Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16CDIHeinrichNessel
 

Viewers also liked (17)

Лилия Горелая
Лилия ГорелаяЛилия Горелая
Лилия Горелая
 
A peliku
A pelikuA peliku
A peliku
 
Laser 0-prologue
Laser 0-prologueLaser 0-prologue
Laser 0-prologue
 
Laser 3-incremental
Laser 3-incrementalLaser 3-incremental
Laser 3-incremental
 
Module iii development of an export marketing strategy
Module iii development of an export marketing strategyModule iii development of an export marketing strategy
Module iii development of an export marketing strategy
 
プレゼンテーション1
プレゼンテーション1プレゼンテーション1
プレゼンテーション1
 
Presentation Tsuchiya
Presentation TsuchiyaPresentation Tsuchiya
Presentation Tsuchiya
 
Module i introduction
Module i introductionModule i introduction
Module i introduction
 
Laser 1-background
Laser 1-backgroundLaser 1-background
Laser 1-background
 
Module ii situation analysis
Module ii situation analysisModule ii situation analysis
Module ii situation analysis
 
Presentation2
Presentation2Presentation2
Presentation2
 
Postmodernism media homework a2
Postmodernism media homework a2Postmodernism media homework a2
Postmodernism media homework a2
 
Postmodernism media
Postmodernism mediaPostmodernism media
Postmodernism media
 
Cv emprenedores
Cv emprenedoresCv emprenedores
Cv emprenedores
 
ICSE 2009 keynote
ICSE 2009 keynoteICSE 2009 keynote
ICSE 2009 keynote
 
Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16
 
Module iv branding
Module iv brandingModule iv branding
Module iv branding
 

Similar to Paderborn

Design principles &amp; quality factors
Design principles &amp; quality factorsDesign principles &amp; quality factors
Design principles &amp; quality factorsAalia Barbe
 
Software development Life Cycle
Software development Life CycleSoftware development Life Cycle
Software development Life CycleKumar
 
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)David Rosenblum
 
Web Performance Bootcamp 2014
Web Performance Bootcamp 2014Web Performance Bootcamp 2014
Web Performance Bootcamp 2014Daniel Austin
 
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...Liming Zhu
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect PredictionSung Kim
 
Technology insights: Decision Science Platform
Technology insights: Decision Science PlatformTechnology insights: Decision Science Platform
Technology insights: Decision Science PlatformDecision Science Community
 
Agile non-functional testing for a digital bank
Agile non-functional testing for a digital bankAgile non-functional testing for a digital bank
Agile non-functional testing for a digital bankDavid Morris
 
Novelty in Non-Greenfield
Novelty in Non-GreenfieldNovelty in Non-Greenfield
Novelty in Non-GreenfieldJustin Lovell
 
Real-Time Engineering Simulators
Real-Time Engineering SimulatorsReal-Time Engineering Simulators
Real-Time Engineering SimulatorsGSE Systems, Inc.
 
Self-Adaptive SLA-Driven Capacity Management for Internet Services
Self-Adaptive SLA-Driven Capacity Management for Internet ServicesSelf-Adaptive SLA-Driven Capacity Management for Internet Services
Self-Adaptive SLA-Driven Capacity Management for Internet ServicesBruno Abrahao
 
Software Evolution_Se lect2 btech
Software Evolution_Se lect2 btechSoftware Evolution_Se lect2 btech
Software Evolution_Se lect2 btechIIITA
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleSanjeev Sharma
 
Webinar: How We Evaluated MongoDB as a Relational Database Replacement
Webinar: How We Evaluated MongoDB as a Relational Database ReplacementWebinar: How We Evaluated MongoDB as a Relational Database Replacement
Webinar: How We Evaluated MongoDB as a Relational Database ReplacementMongoDB
 
Re-Platforming Applications for the Cloud
Re-Platforming Applications for the CloudRe-Platforming Applications for the Cloud
Re-Platforming Applications for the CloudCarter Wickstrom
 
Performance Requirements: the Backbone of the Performance Engineering Process
Performance Requirements: the Backbone of the Performance Engineering ProcessPerformance Requirements: the Backbone of the Performance Engineering Process
Performance Requirements: the Backbone of the Performance Engineering ProcessAlexander Podelko
 
See the App Performance Future with Predictive Analytics Webcast
See the App Performance Future with Predictive Analytics WebcastSee the App Performance Future with Predictive Analytics Webcast
See the App Performance Future with Predictive Analytics WebcastCompuware
 
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)lifove
 

Similar to Paderborn (20)

Design principles &amp; quality factors
Design principles &amp; quality factorsDesign principles &amp; quality factors
Design principles &amp; quality factors
 
Software development Life Cycle
Software development Life CycleSoftware development Life Cycle
Software development Life Cycle
 
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
 
Web Performance Bootcamp 2014
Web Performance Bootcamp 2014Web Performance Bootcamp 2014
Web Performance Bootcamp 2014
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
 
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect Prediction
 
Software Lifecycle
Software LifecycleSoftware Lifecycle
Software Lifecycle
 
Technology insights: Decision Science Platform
Technology insights: Decision Science PlatformTechnology insights: Decision Science Platform
Technology insights: Decision Science Platform
 
Agile non-functional testing for a digital bank
Agile non-functional testing for a digital bankAgile non-functional testing for a digital bank
Agile non-functional testing for a digital bank
 
Novelty in Non-Greenfield
Novelty in Non-GreenfieldNovelty in Non-Greenfield
Novelty in Non-Greenfield
 
Real-Time Engineering Simulators
Real-Time Engineering SimulatorsReal-Time Engineering Simulators
Real-Time Engineering Simulators
 
Self-Adaptive SLA-Driven Capacity Management for Internet Services
Self-Adaptive SLA-Driven Capacity Management for Internet ServicesSelf-Adaptive SLA-Driven Capacity Management for Internet Services
Self-Adaptive SLA-Driven Capacity Management for Internet Services
 
Software Evolution_Se lect2 btech
Software Evolution_Se lect2 btechSoftware Evolution_Se lect2 btech
Software Evolution_Se lect2 btech
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
 
Webinar: How We Evaluated MongoDB as a Relational Database Replacement
Webinar: How We Evaluated MongoDB as a Relational Database ReplacementWebinar: How We Evaluated MongoDB as a Relational Database Replacement
Webinar: How We Evaluated MongoDB as a Relational Database Replacement
 
Re-Platforming Applications for the Cloud
Re-Platforming Applications for the CloudRe-Platforming Applications for the Cloud
Re-Platforming Applications for the Cloud
 
Performance Requirements: the Backbone of the Performance Engineering Process
Performance Requirements: the Backbone of the Performance Engineering ProcessPerformance Requirements: the Backbone of the Performance Engineering Process
Performance Requirements: the Backbone of the Performance Engineering Process
 
See the App Performance Future with Predictive Analytics Webcast
See the App Performance Future with Predictive Analytics WebcastSee the App Performance Future with Predictive Analytics Webcast
See the App Performance Future with Predictive Analytics Webcast
 
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
 

Paderborn

  • 1. Challenges of self-adaptive software the fading boundary between development time and run time 9th International Heinz Nixdorf Symposium Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEI-PoliMI 1
  • 2. The vision • World fully populated by computationally rich devices offering services (disappearing computer) – appliances, sensors/actuators, ... “things” • Cyber-physical systems • Mobility • Situation-aware computing – new “services” built dynamically in a situation-dependent manner • Continuously running systems – need to evolve while they offer service 2
  • 3. The challenge • Change and flexibility adversary of dependability • Can they be reconciled through sound design methods? 3
  • 4. The machine and the world Domain properties (assumptions) Goals Specification Requirements P. Zave and M. Jackson. Four dark corners of requirements engineering. ACM Trans. Softw. Eng. Methodol., 6(1):1–30, 1997. 4
  • 5. Dependability arguments Assume that a rigorous (formal) representation is given for – R = requirements – S = specification – D = domain assumptions if S and D are all satisfied and consistent, it is necessary to prove – S, D |= R 5
  • 6. Change comes into play • Changes in goals/requirements • Changes in domain assumptions – Usage context • request profiles – Physical context • space, time, … – Computational context • external components/services (multiple ownership) ‣ systems increasingly built out of parts that are developed, maintained, and even operated by independent parties ‣ no single stakeholder oversees all parts, which may change independently ‣ yet by assembling the whole one commits to achieving certain goals 6
  • 7. Changes may affect dependability • Changes may concern • R • D • We can decompose D into Df and Dc – Df is the fixed/stable part – Dc is the changeable part We need to detect changes to Dc and make changes to S to keep satisfying R (self-)adaptation (vs. evolution) 7
  • 8. Change revisited • Change recognized as a crucial problem since the 1970’s (see work by M. Lehman) • Traditionally managed off-line: software maintenance • What is new here – the unprecedented degree of change – the request that software responds to changes while the system is running (continuously running systems), possibly in a self-managed manner 8
  • 9. A paradigm change • Conventional separation between development time and run time is blurring • Models + requirements need to be kept + updated at run time (systems need to be reflective) • Continuous verification must be performed to detect the need for adaptation    F(S=OK) Env R. Calinescu, C. Ghezzi, M. Kwiatkokwska, R. Mirandola, “Self-adaptive software 9 needs quantitative verification at runtime”, Comm. ACM, Sept. 2012
  • 10. Zoom-in A framework for (self) adaptation • [ICSE 2009] I. Epifani, C. Ghezzi, R. Mirandola, G. Tamburrelli, "Model Evolution by Run-Time Parameter Adaptation” • [RE 2009] C. Ghezzi, G. Tamburrelli, "Reasoning on Non Functional Requirements for Integrated Services” • [FSE 2010] I. Epifani, C. Ghezzi, G. Tamburrelli, "Change-Point Detection for Black-Box Services” 10
  • 11. Specific focus • Non-functional requirements – reliability, performance, energy consumption, cost, … • Quantitatively stated in probabilistic terms • Dc decomposed into Du , Ds – Du = usage profile – Ds = S1 ∧ .... ∧ Sn Si assumption on i-th service ? Hard to estimate at ? ? ? System under design time + development ? very likely to change ? ? at run time ? 11
  • 12. Our approach in a nutshell Reqs + Formalization 0 Learning & update Initial Assumptions 1 E Implementation Monitoring Execution 12
  • 13. Models • Different models provide different viewpoints from which a system can be analyzed • Focus on non-functional properties and quantitative ways to deal with uncertainty • Use of Markov models – DTMCs for reliability – CTMCs for performance – Reward DTMCs for energy/cost 13
  • 14. Quantitative modelling • Operational model: state machine with probabilities on transitions (DTMC) • Success/failure states as final • Requirements expressed as properties in PCTL (probabilistic extension of CTL) • typically: reachability properties • P>0.8 [◊(system state = success)] • Excellent tools exist to perform verification via model checking – PRISM (Kwiatkowska et al.) • http://www.prismmodelchecher.org/ – MRMC (Katoen at al.) • http://www.mrmc-tool.org/trac/ 14
  • 15. The approach in in action: e-commerce service composition Users classified as BigSpender or SmallSpender based on their usage profile. 3 probabilistic requirements: R1: “Probability of success is > 0.8” R2: “Probability of a ExpShipping failure for a user recognized as BigSpender < 0.035” R3: “Probability of an authentication failure is less then < 0.06” 15
  • 16. Assumptions User profile domain knowledge External service assumptions (reliability) 16
  • 17. DTMC model Property check via model checking R1: “Probability of success is > 0.8” 0.84 R2: “Probability of a ExpShipping failure for a user recognized as BigSpender < 0.035” 0.031 R3: “Probability of an authentication failure is less then < 0.06” 0.056 17
  • 18. What happens at run time? • We monitor the actual behavior • A statistical (Bayesian) approach estimates the updated DTMC matrix (posterior) given run time traces and prior transitions • Boils down to the following updating rule A-priori Knowledge A-posteriori Knowledge 18
  • 19. Model @ run time • A detected violation of a requirements does not mean that the violation actually occurred in reality (i.e., experienced by user) • Model analysis has a predictive nature 0.067 Predicted failure! Probability of a ExpShipping failure for a user recognized a BigSpender < 0.035 19
  • 20. Reflective run time environments • Traditionally software engineering has been mostly concerned with development time • The result is code that simply needs to be run (Self-)adaptive software requires much more - must be able to reason at run time about itself and the environment ✓ models ✓ goals and requirements ✓ strategies must be available at runtime 20
  • 21. Run-time agility, incrementality • Agility taken to extremes - time boundaries shrink ✓ constrained by real-time requirements • Verification approaches must be re-visited - they must be incremental Given S system (model), P property to verify for S Change = new pair S’, P’ Incremental verification reuses part of the proof of S against P to verify S’ against P’ 21
  • 22. Incrementality by parameterization g m d i • Requires anticipation of changing parameters ra • The model is partly numeric and partly symbolic a p • Evaluation of the verification condition requires m st r partial evaluation (mixed numerical/symbolic o ir m k f ate processing) g o n o i C p l • Result is a formula (polynomial for reachability on r k DTMCs) -u o • Evaluation at run time substitutes actual values to W arm symbolic parameters W [ICSE 2011] A. Filieri, C. Ghezzi, G. Tamburrelli, “Run-Time Efficient Probabilistic Model Checking” [FAC 2012] A Filieri, C. Ghezzi, G. Tamburrelli,, “A formal approach to adaptive software: continuous assurance of non-functional requirements”, Formal Aspects of Computing, vol. 4, n. 2, 2012 22
  • 23. Working mom paradigm Design-Time Partial (offline) 0 evaluation 1 E Parameter Run-Time (online) values Analyzable properties: reliability, costs (e.g., energy consumption) 23
  • 24. Back to example Returning Search Buy ExpShipping FailedExpSh 1 1 1 4 7 0.5 10 x 0.05 13 1 0.2 0.3 0.95 0.35 1-x CheckOut Login Profiler FailedLg FailedChk Logout Success 1 0.97 1 1 0 2 5 8 0.1 11 0.9 14 0.97 16 0.03 0.65 0.95 0.03 0.25 1 1 3 1 6 9 0.6 12 0.05 15 0.15 NewCustomer Search Buy NrmShipping FailedNrmSh Design time evaluation has very high complexity Run time evaluation is extremely efficient 24
  • 25. Zoom-in Control-theory based self adaptation [ASE 2011] A. Filieri, C. Ghezzi, A. Leva, M. Maggio, “Self-Adaptive Software Meets Control Theory: A Preliminary Approach Supporting Reliability Requirements” [SEAMS 2012] A. Filieri, C. Ghezzi, A. Leva, M. Maggio, "Reliability-driven dynamic binding via feedback control" 25
  • 26. First approach • Tune software through its model via feedback control loop • Formally prove controller’s capabilities (error reduction, convergence, ...) Dynamic Parametric Dynamic controllable behavioral controllable model model model Control the model, control the software Controller 26
  • 27. Reliability-driven Dynamic-binding C0 p 1-p PI Controllers C1 C2 Abstract interface p 1-p p 1-p Concrete implementations [SEAMS2012] 27
  • 28. Zoom-in Dynamic software update [ESEC/FSE 2011] X, Ma, L, Baresi, C, Ghezzi,V. Panzica La Manna, and J. Lu, “Version-consistent Dynamic Reconfiguration of Component-based Distributed Systems” [SEAMS 2012] C. Ghezzi, J. Greenyer,V. Panzica La Manna, "Synthesizing Dynamically Updating Controllers from Changes in Scenario-based Specifications" 28
  • 29. Goal • Support run-time changes to the structure and behavior of a running software Low$ Timeliness$ Safety$ Disruption$ • Two approaches: • Module level • Model level 29
  • 31. A  Speci(ication-­‐oriented   Perspective Speci5ication Requirements:  The  set  of   runs  (events   Requirements Environment sequences)  allowed  in   Assumptions the  system.    “Something  that  the   system  must  (not)  do” Assumptions:  The  set  of   runs  we  assume  can   happen  in  the  system.    “Something  that  the   Environment environment  will  (not)   11
  • 32. A  Speci(ication-­‐oriented   Perspective Speci5ication NEW  Speci5ication Environment Environment Requirements Requirements Assumptions Assumptions Environment 12
  • 33. A  Speci(ication-­‐oriented   Perspective Speci5ication NEW  Speci5ication Environment Environment Requirements Requirements Assumptions Assumptions Environment 13
  • 34. A  Speci(ication-­‐oriented   Perspective Speci5ication NEW  Speci5ication Environment Environment Requirements Requirements Assumptions Assumptions Challenges: 1)  In  which  state  a   running  system  can  be   safely  updated  to  satisfy   the  new  speci5ication? Environment 14
  • 35. A  Speci(ication-­‐oriented   Perspective Speci5ication NEW  Speci5ication Environment Environment Requirements Requirements Assumptions Assumptions Challenges: 1)  In  which  state  a   running  system  can  be   safely  updated  to  satisfy   the  new  speci5ication? 2)  How  the  dynamically   updating  system  can  be   automatically  derived? Environment 15
  • 36. Contribution Challenges: 1.General  formal  de5inition  of   1)  In  which  state  a   correct  dynamic  updates   running  system  can  be   from  changes  in  the   safely  updated  to  satisfy   speci5ication. the  new  speci5ication? 2)  How  the  dynamically   2.Approach  for  automatically   updating  system  can  be   synthesizing  a  dynamically   automatically  derived? updating  controller  from   changes  in  scenario-­‐based   speci5ications. 17
  • 37. Conclusions and future work • (Self-)adaptation is needed • It requires a paradigm shift • Run-time environments must become semantically rich • Run-time reasoning must be supported, not just execution • Continuous change and the quest for incrementality • Opportunities for interdisciplinary research • Challenges from real scenarios 37
  • 38. Thanks to the group 38
  • 39. Acknowledgements This work is supported by and Advanced Grant of the European Research Council Programme IDEAS-ERC, Project 227977---SMScom 39