This document discusses adaptable transition systems, which are a formal model for self-adaptive systems. It defines an adaptable system as one that has distinguished control data that can be modified at runtime to change the system's behavior. An adaptable transition system augments a standard transition system with control propositions that represent this control data. Control data can be modified by an autonomous manager component to achieve adaptation. The interaction between a manager and managed component can be modeled using adaptable interface automata, which extend interface automata with control propositions. This formalism allows precise study of adaptation mechanisms.
Agile is simple to understand but difficult to implement and hard to master.
This is because many organisations start implementing Agile in a cultural context that is mostly non-Agile.
This creates a significant number of tensions and frictions that the teams adopting Agile have to deal with although they are often not fully aware of them. Darren will discuss the why, the what and the how.
Information flow techniques typically classify information according to suitable security levels and enforce policies that are based on binary relations between individual levels, e.g., stating that information is allowed to flow from one level to another. We argue that some information flow properties of interest naturally require coordination patterns that involve sets of security levels rather than individual levels: some secret information could be safely disclosed to a set of confidential channels of incomparable security levels, with individual leaks considered instead illegal; a group of competing agencies might agree to disclose their secrets, with individual disclosures being undesired, etc. Motivated by this we propose a simple language for expressing information flow policies where the usual admitted flow relation between individual security lev- els is replaced by a relation between sets of security levels, thus allowing to capture coordinated flows of information. The flow of information is expressed in terms of causal dependencies and the satisfaction of a policy is defined with respect to an event structure that is assumed to capture the causal structure of system computations. We suggest applications to secret exchange protocols, program security and security architectures, and discuss the relation to classic notions of information flow control.
Talk at the Informatics Colloquium at LMU München.
Abstract: Aggregation plays a central role in many computational paradigms and their applications. Classical examples are fold/reduce functions in functional programming, reduce/gather operations in parallel programming, and set functions in database programming. Aggregation is essential as well in many of today's IT trends, from Big (Graph) Data analytics to coordination of devices and services in complex distributed systems such as the Internet-of-Things. Aggregate programming models, languages and techniques are indeed a current topic of research in several communities. I will discuss how a soft variant of a modal logic can provide a convenient declarative approach to aggregate programming and I will mention applications to distributed coordination of agents and to distributed graph analytics.
My presentation in the idea4cps.dk workshop held in Aalborg. Its about a semiring-valued temporal logic that me and Ugo Montanari developed some years ago. The logic is essentially a generalisation of CTL interpreted over absorptive semirings, an algebraic structure that is quite suitable to model quantitative aspects such as quality-of-service measures.
Can we efficiently verify concurrent programs under relaxed memory models in ...Alberto Lluch Lafuente
Relaxed memory models offer suitable abstractions of the actual optimizations offered by multi-core architectures and by compilers of concurrent programming languages. Using such abstractions for verification purposes is challenging in part since they introduce yet another source of high non-determinism, thus contributing to the state explosion problem. In the last years several techniques have been proposed to mitigate those problems so to make verification under relaxed memory models feasible. In this talk I present some of those techniques and discuss if and how those techniques can be adopted in Maude or Maude-based verification tools.
Collaborative Task Execution In Volunteer Clouds (or how to choose a sub-revi...Alberto Lluch Lafuente
My talk at the 2nd General Meeting of the CINA project, Bologna, 18-20 Feb 2014.
The increasing diffusion of cloud technologies offers new opportunities for distributed and collaborative computing. Volunteer clouds are a prominent example, where participants join and leave the platform and collaborate by sharing computational resources. The high complexity, dynamism and unpredictability of such scenarios call for decentralized self-* approaches. We present in this paper a framework for the design and evaluation of self-adaptive collaborative task execution strategies in volunteer clouds. As a byproduct, we propose a novel strategy based on the Ant Colony Optimization paradigm, that we validate through simulation-based statistical analysis over Google workload data.
Agile is simple to understand but difficult to implement and hard to master.
This is because many organisations start implementing Agile in a cultural context that is mostly non-Agile.
This creates a significant number of tensions and frictions that the teams adopting Agile have to deal with although they are often not fully aware of them. Darren will discuss the why, the what and the how.
Information flow techniques typically classify information according to suitable security levels and enforce policies that are based on binary relations between individual levels, e.g., stating that information is allowed to flow from one level to another. We argue that some information flow properties of interest naturally require coordination patterns that involve sets of security levels rather than individual levels: some secret information could be safely disclosed to a set of confidential channels of incomparable security levels, with individual leaks considered instead illegal; a group of competing agencies might agree to disclose their secrets, with individual disclosures being undesired, etc. Motivated by this we propose a simple language for expressing information flow policies where the usual admitted flow relation between individual security lev- els is replaced by a relation between sets of security levels, thus allowing to capture coordinated flows of information. The flow of information is expressed in terms of causal dependencies and the satisfaction of a policy is defined with respect to an event structure that is assumed to capture the causal structure of system computations. We suggest applications to secret exchange protocols, program security and security architectures, and discuss the relation to classic notions of information flow control.
Talk at the Informatics Colloquium at LMU München.
Abstract: Aggregation plays a central role in many computational paradigms and their applications. Classical examples are fold/reduce functions in functional programming, reduce/gather operations in parallel programming, and set functions in database programming. Aggregation is essential as well in many of today's IT trends, from Big (Graph) Data analytics to coordination of devices and services in complex distributed systems such as the Internet-of-Things. Aggregate programming models, languages and techniques are indeed a current topic of research in several communities. I will discuss how a soft variant of a modal logic can provide a convenient declarative approach to aggregate programming and I will mention applications to distributed coordination of agents and to distributed graph analytics.
My presentation in the idea4cps.dk workshop held in Aalborg. Its about a semiring-valued temporal logic that me and Ugo Montanari developed some years ago. The logic is essentially a generalisation of CTL interpreted over absorptive semirings, an algebraic structure that is quite suitable to model quantitative aspects such as quality-of-service measures.
Can we efficiently verify concurrent programs under relaxed memory models in ...Alberto Lluch Lafuente
Relaxed memory models offer suitable abstractions of the actual optimizations offered by multi-core architectures and by compilers of concurrent programming languages. Using such abstractions for verification purposes is challenging in part since they introduce yet another source of high non-determinism, thus contributing to the state explosion problem. In the last years several techniques have been proposed to mitigate those problems so to make verification under relaxed memory models feasible. In this talk I present some of those techniques and discuss if and how those techniques can be adopted in Maude or Maude-based verification tools.
Collaborative Task Execution In Volunteer Clouds (or how to choose a sub-revi...Alberto Lluch Lafuente
My talk at the 2nd General Meeting of the CINA project, Bologna, 18-20 Feb 2014.
The increasing diffusion of cloud technologies offers new opportunities for distributed and collaborative computing. Volunteer clouds are a prominent example, where participants join and leave the platform and collaborate by sharing computational resources. The high complexity, dynamism and unpredictability of such scenarios call for decentralized self-* approaches. We present in this paper a framework for the design and evaluation of self-adaptive collaborative task execution strategies in volunteer clouds. As a byproduct, we propose a novel strategy based on the Ant Colony Optimization paradigm, that we validate through simulation-based statistical analysis over Google workload data.
My talk on "State Space C-Reductions for Concurrent Systems in Rewriting Logic" held at the International ETAPS Workshop on Graph Inspection and Traversal Engineering (GRAPHITE 2013).
Full manuscript available here: http://eprints.imtlucca.it/1350/
State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Wor...Alberto Lluch Lafuente
We present c-reductions, a state space reduction technique. The rough idea is to exploit some equivalence relation on states (possibly capturing system regularities) that preserves behavioral properties, and explore the induced quotient system. This is done by means of a canonizer function, which maps each state into one (of the) canonical representative(s) of its equivalence class. The approach exploits the expressiveness of rewriting logic and its realization in Maude to enjoy several advantages over similar approaches: flexibility and simplicity in the definition of the reductions (supporting not only traditional symmetry reductions, but also name reuse and name abstraction); reasoning support for checking and proving correctness of the reductions; and automatization of the reduction infrastructure via Maude's meta-programming features. The approach has been validated over a set of representative case studies, exhibiting comparable results with respect to other tools.
Evaluating the performance of model transformation styles with Maude @ Sympos...Alberto Lluch Lafuente
Rule-based programming has been shown to be very successful in many application areas. Two prominent examples are the specification of model transformations in model driven development approaches and the definition of structured operational semantics of formal languages. General rewriting frameworks such as Maude are flexible enough to allow the programmer to adopt and mix various rule styles. The choice between styles can be biased by the programmer's background. For instance, experts in visual formalisms might prefer graph-rewriting styles, while experts in semantics might prefer structurally inductive rules. This paper evaluates the performance of different rule styles on a significant benchmark taken from the literature on model transformation. Depending on the actual transformation being carried out, our results show that different rule styles can offer drastically different performances. We point out the situations from which each rule style benefits to offer a valuable set of hints for choosing one style over the other.
We define an algebraic theory of hierarchical graphs, whose equational part characterises graph isomorphism, i.e. it is formed by a sound and complete set of axioms equating two terms whenever they represent the same hierarchical graph. Our algebra can thus be understood as a high-level language for describing graphs with a nested structure, and is then particularly suited for the visual specication of process calculi with inherently hierarchical features such as sessions, transactions or locations. We illustrate our approach by encoding CaSPiS, a recently proposed session-centered calculus.
My talk on "State Space C-Reductions for Concurrent Systems in Rewriting Logic" held at the International ETAPS Workshop on Graph Inspection and Traversal Engineering (GRAPHITE 2013).
Full manuscript available here: http://eprints.imtlucca.it/1350/
State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Wor...Alberto Lluch Lafuente
We present c-reductions, a state space reduction technique. The rough idea is to exploit some equivalence relation on states (possibly capturing system regularities) that preserves behavioral properties, and explore the induced quotient system. This is done by means of a canonizer function, which maps each state into one (of the) canonical representative(s) of its equivalence class. The approach exploits the expressiveness of rewriting logic and its realization in Maude to enjoy several advantages over similar approaches: flexibility and simplicity in the definition of the reductions (supporting not only traditional symmetry reductions, but also name reuse and name abstraction); reasoning support for checking and proving correctness of the reductions; and automatization of the reduction infrastructure via Maude's meta-programming features. The approach has been validated over a set of representative case studies, exhibiting comparable results with respect to other tools.
Evaluating the performance of model transformation styles with Maude @ Sympos...Alberto Lluch Lafuente
Rule-based programming has been shown to be very successful in many application areas. Two prominent examples are the specification of model transformations in model driven development approaches and the definition of structured operational semantics of formal languages. General rewriting frameworks such as Maude are flexible enough to allow the programmer to adopt and mix various rule styles. The choice between styles can be biased by the programmer's background. For instance, experts in visual formalisms might prefer graph-rewriting styles, while experts in semantics might prefer structurally inductive rules. This paper evaluates the performance of different rule styles on a significant benchmark taken from the literature on model transformation. Depending on the actual transformation being carried out, our results show that different rule styles can offer drastically different performances. We point out the situations from which each rule style benefits to offer a valuable set of hints for choosing one style over the other.
We define an algebraic theory of hierarchical graphs, whose equational part characterises graph isomorphism, i.e. it is formed by a sound and complete set of axioms equating two terms whenever they represent the same hierarchical graph. Our algebra can thus be understood as a high-level language for describing graphs with a nested structure, and is then particularly suited for the visual specication of process calculi with inherently hierarchical features such as sessions, transactions or locations. We illustrate our approach by encoding CaSPiS, a recently proposed session-centered calculus.
Adaptable Transition Systems @ ASCENS Meeting Prague 2013
1. Adaptable T ´´
ransition Systems
-- Roberto Bruni, UNIPI
-- Andrea Corradini, UNIPI
-- Fabio Gadducci, UNIPI
-- Alberto Lluch Lafuente, IMT
-- Andrea Vandin, IMT
ASCENS General and Working Meeting, Prague, February 11-14 2013
6. “... a software system self-adaptive if
changes behavior in response to ...”
[*] Oreizy, P., Gorlick, M.M., Taylor, R.N., Heimbigner, D., Johnson, G., Medvidovic, N.,
Quilici, A., Rosenblum, D.S., Wolf, A.L.: An architecture-based approach to self-
adaptive software. Intelligent Systems and their Applications 14(3), 54–62 (1999)
[*] Robertson, P., Shrobe, H.E., Laddaga, R.: Introduction to self-adaptive software:
Applications. In: Robertson, P., Shrobe, H.E., Laddaga, R. (eds.) IWSAS. LNCS, vol.
1936, pp. 1–5. Springer (2001)
[*] Self-Adaptive Software: Landscape and Research Challenges, Mazeiar Salehie,
Ladan Tahvildari, ACM Transactions on Autonomous and Adaptive Systems 4, 2.
10. ADAPTATION MECHANISMS
constraints
contracts plans
aspects architectures
messages
contexts rules
configuration
variables policies programs
CONTROL DATA
11. WHAT IS AN ADAPTABLE SYSTEM?
CONTROL DATA OTHER DATA
ADAPTABLE SYSTEM
“adaptation is the run-time
modification of control data”
12. A SYSTEM IS...
“...adaptable if it has a distinguished control data
that can be modified at runtime.”
“...adaptive if its control data is modified at runtime
for some computation.”
“...self-adaptive if it modifies its own control data at
runtime.”
13. “an excellent discussion of
the precise meaning of the
term adaptive software.”
- Carlo Ghezzi, Evolution, Adaptation, and the
Quest for Incrementality, LNCS 7539/2012,
14. OUTLINE
1 White box adaptation
“A Conceptual Framework for Adaptation” [FASE 2012]
2 Adaptable Transition Systems
“Adaptable Transition Systems” [WADT 2012]
16. task? task?
D{}[] D{}[t] D{}[tt]
down! up! up!
task? task?
U{}[] U{}[t] U{}[tt]
schedule! schedule!
finish!
Is it s
finish!elf
U{t}[]
da
task?
pti v e?
U{t}[t]
a
53. RECONCILING BLACK- AND WHITE-BOX ADAPTATION?
“in the game between the system and the environment,
the manager has a strategy to ensure the satisfaction of ψ.”
“receptiveness, realizability, and controllability
can be formulated as model-checking problems
for alternating-time formulas.”