management of time requirements in component-based systemstianhuat.github.io/slides/fm2014.pdf ·...
TRANSCRIPT
Management of Time Requirements in
Component-based Systems
Yi Li1 Tian Huat Tan2 Marsha Chechik1
1. University of Toronto 2. Singapore University of Technology and Design
FM 2014 Singapore May 14, 2014
1
Component-based Software Engineering
2
Component-based Software Engineering
Business Goals &System Requirements
2
Component-based Software Engineeringmodularity, reusability, separation of concerns
Business Goals &System Requirements
2
Timing Requirements
3
Timing RequirementsVehicle Control Systems
• Electronic Stability Control (ESC)
• Anti-lock braking system (ABS)
3
Timing RequirementsVehicle Control Systems
• Electronic Stability Control (ESC)
• Anti-lock braking system (ABS)
Smart Phones
3
Timing RequirementsVehicle Control Systems
• Electronic Stability Control (ESC)
• Anti-lock braking system (ABS)
Smart Phones• Sensors - motion tracking
3
Timing RequirementsVehicle Control Systems
• Electronic Stability Control (ESC)
• Anti-lock braking system (ABS)
Smart Phones• Sensors - motion tracking
Web Service Compositions• Ticket Booking
• Stock Quotes
3
Timing RequirementsVehicle Control Systems
• Electronic Stability Control (ESC)
• Anti-lock braking system (ABS)
Smart Phones• Sensors - motion tracking
Web Service Compositions• Ticket Booking
• Stock Quotes
…
3
Existing Approach: LTR
?
4
Existing Approach: LTR
?
4
Existing Approach: LTR
?
4
Existing Approach: LTR
?
4
Existing Approach: LTR
?
4
Existing Approach: LTR
Failure!?
4
Existing Approach: LTRMust finish within 4s!
4
Previous Work: [ICSE’13]• Local Timing Requirements
(LTR) synthesis • Web Services - BPEL • Monolithic representation
Existing Approach: LTRMust finish within 4s!
tDS tFS tPS
4
Previous Work: [ICSE’13]• Local Timing Requirements
(LTR) synthesis • Web Services - BPEL • Monolithic representation
Existing Approach: LTRMust finish within 4s!
tDS tFS tPS
LTR:¬(0≤tDS⋀1≤tFS⋀1≤tPS)
⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
4
Previous Work: [ICSE’13]• Local Timing Requirements
(LTR) synthesis • Web Services - BPEL • Monolithic representation
Existing Approach: LTRMust finish within 4s!
tDS tFS tPS
LTR:¬(0≤tDS⋀1≤tFS⋀1≤tPS)
⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
4
LTR - monolithic constraint Pros:+ distills complicated composition structures into a single formula + precisely captures all feasible combinations
Cons:- imposes dependencies across components - lacks support for localized debugging/repairing
Previous Work: [ICSE’13]• Local Timing Requirements
(LTR) synthesis • Web Services - BPEL • Monolithic representation
Existing Approach: LTRMust finish within 4s!
tDS tFS tPS
LTR:¬(0≤tDS⋀1≤tFS⋀1≤tPS)
⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
4
uLTR:(0≤tDS<1⋀0≤tFS<1) ∨(0≤tDS<1⋀0≤tPS<1)
LTR vs. uLTR
• Component-dependent timing requirement
• Linear real arithmetic
• Precise
• Monolithic
5
uLTR:(0≤tDS<1⋀0≤tFS<1) ∨(0≤tDS<1⋀0≤tPS<1)
• Component-independent under-approximated LTR
• Intervals
• Under-approximated
• Localized
LTR:¬(0≤tDS⋀1≤tFS⋀1≤tPS)
⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
All possible timing configurations,
e.g., tDS = 1, tFS = 0.5, tPS = 0.8
LTR vs. uLTR
6
Precision
All possible timing configurations,
e.g., tDS = 1, tFS = 0.5, tPS = 0.8
LTR vs. uLTR
6
LTR
Precision
unsafe
safe
All possible timing configurations,
e.g., tDS = 1, tFS = 0.5, tPS = 0.8
LTR vs. uLTR
6
LTR
uLTRfalse negatives
Precision
Precision(uLTR) =
#configurations satisfied by uLTR
#configurations satisfied by LTR
⇥ 100%
under- approximation
All possible timing configurations,
e.g., tDS = 1, tFS = 0.5, tPS = 0.8
LTR vs. uLTR
6
LTR
uLTR
Precision
Precision(uLTR) =
#configurations satisfied by uLTR
#configurations satisfied by LTR
⇥ 100%
ChecklistWhat is uLTR?
• Component-independent under-approximated LTR • Soundness: ensure timing safety
How to break up the monolithic constraint?• Compute uLTR from LTR • Precision: preserve as many choices as possible
How can localized constraints support the management of timing requirements?
• uLTR for component selection • uLTR for runtime adaptation and recovery
7
ChecklistWhat is uLTR?
• Component-independent under-approximated LTR • Soundness: ensure timing safety
How to break up the monolithic constraint?• Compute uLTR from LTR • Precision: preserve as many choices as possible
How can localized constraints support the management of timing requirements?
• uLTR for component selection • uLTR for runtime adaptation and recovery
7
φ:¬(0≤tDS⋀1≤tFS⋀1≤tPS)
⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
8
φ:¬(0≤tDS⋀1≤tFS⋀1≤tPS)
⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
0
3
1
2
1
tDS
tF S
tP S
8
φ:¬(0≤tDS⋀1≤tFS⋀1≤tPS)
⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
B:(0≤tDS<1⋀0≤tFS<1) ∨(0≤tDS<1⋀0≤tPS<1)
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
8
0
3
1
2
1
tDS
tF S
tP S
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
8
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
0
3
1
2
1
tDS
tF S
tP S
B1= MaxCube(φ)
8
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
0
3
1
2
1
tDS
tF S
tP S
0
3
1
2
1
tDS
tF S
tP S
B1= MaxCube(φ)InfCube(φ,B1)
8
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
0
3
1
2
1
tDS
tF S
tP S
0
3
1
2
1
tDS
tF S
tP S
0
3
1
2
1
tDS
tF S
tP S
B1= MaxCube(φ)InfCube(φ,B1)B2= MaxCube(φ)
8
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
B1= MaxCube(φ)InfCube(φ,B1)B2= MaxCube(φ)
…
0
3
1
2
1
tDS
tF S
tP S
8
B=Merge(B1,…,Bi)
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
B1= MaxCube(φ)InfCube(φ,B1)B2= MaxCube(φ)
…
0
3
1
2
1
tDS
tF S
tP S
0
3
1
2
1
tDS
tF S
tP S
8
if (h(Bi)<ω)return;
B=Merge(B1,…,Bi)
Compute uLTR from LTR
0
3
1
2
1
tDS
tF S
tP S
B1= MaxCube(φ)InfCube(φ,B1)B2= MaxCube(φ)
…
Soundness
Termination
0
3
1
2
1
tDS
tF S
tP S
0
3
1
2
1
tDS
tF S
tP S
Precision
8
if (h(Bi)<ω)return;
B=Merge(B1,…,Bi)
SMT EncodingsMaxCube(φ) //return the hypercube in φ with maximum volume
InfCube(φ,B) //relax in one direction if possible
9
SMT EncodingsMaxCube(φ) //return the hypercube in φ with maximum volume
InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle
9
✓ , 8V ars(') · ((V
vi2V ars(')
li vi ui) ) ')
SMT EncodingsMaxCube(φ) //return the hypercube in φ with maximum volume
InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle
// sample maximal hyper-cube
9
✓ , 8V ars(') · ((V
vi2V ars(')
li vi ui) ) ')
Optimize(✓ ^ (V
vi2V ars(')
(ui � li = h)), h)
SMT EncodingsMaxCube(φ) //return the hypercube in φ with maximum volume
InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle
// sample maximal hyper-cube
9
✓ , 8V ars(') · ((V
vi2V ars(')
li vi ui) ) ')
Optimize(✓ ^ (V
vi2V ars(')
(ui � li = h)), h)
Symbolic Optimization
[POPL’14]
SMT EncodingsMaxCube(φ) //return the hypercube in φ with maximum volume
InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle
// sample maximal hyper-cube
// relax lower bound
// relax upper bound
9
✓ , 8V ars(') · ((V
vi2V ars(')
li vi ui) ) ')
unSAT? (¬(B[li/1] ) '))
unSAT? (¬(B[ui/1] ) '))
Optimize(✓ ^ (V
vi2V ars(')
(ui � li = h)), h)
SMT EncodingsMaxCube(φ) //return the hypercube in φ with maximum volume
InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle
// sample maximal hyper-cube
// relax lower bound
// relax upper bound
// heights of sampled hyper-cubes form a non-increasing sequence
9
✓ , 8V ars(') · ((V
vi2V ars(')
li vi ui) ) ')
unSAT? (¬(B[li/1] ) '))
unSAT? (¬(B[ui/1] ) '))
Optimize(✓ ^ (V
vi2V ars(')
(ui � li = h)), h)
ChecklistWhat is uLTR?
• Component-independent under-approximated LTR • Soundness: ensure timing safety
How to break up the monolithic constraint?• Compute uLTR from LTR • Precision: preserve as many choices as possible
How can localized constraints support the management of timing requirements?
• uLTR for component selection • uLTR for runtime adaptation and recovery
10
ChecklistWhat is uLTR?
• Component-independent under-approximated LTR • Soundness: ensure timing safety
How to break up the monolithic constraint?• Compute uLTR from LTR • Precision: preserve as many choices as possible
How can localized constraints support the management of timing requirements?
• uLTR for component selection • uLTR for runtime adaptation and recovery
10
uLTR for component selection
11
uLTR for component selection
publish
11
uLTR for component selection
publish
LTR:(tFS<1⋀
tDS≤3⋀tDS+
tFS≤3)∨ …
11
uLTR for component selection
publish
LTR:(tFS<1⋀
tDS≤3⋀tDS+
tFS≤3)∨ …
11
uLTR for component selection
publish
request
retrieve
11
Carminati et al., 2005
Rajendran et al., 2010
Al-Masri & Mahmoud, 2007
uLTR for component selection
publish
request
retrieve
tFS<1s
finds the “best” match given localized
constraints
11
uLTR for component selection
publish
request
retrieve
tFS<1s
finds the “best” match given localized
constraints
11
• Real-world Web Service data: QWS dataset • Case studies: online booking service, … • Evaluate the percentage of false-negatives (precision)
w.r.t. size of the uLTR model
uLTR for component selection
100 200
Size of uLTR model (|BS|)
10
20
30
40
50
60
70
80
90
100
Precision
ofuLTR
mod
el(%
)
QWS, Te = 10.8s
Rand, Te ≈ 201.4s
1 4 7 10
Size of uLTR model (|BS|)
60
65
70
75
80
85
90
95
100
Precision
ofuLTR
mod
el(%
)
QWS, Te = 0.9s
Rand, Te ≈ 10.8s
1 4 7 10
Size of uLTR model (|BS|)
60
65
70
75
80
85
90
95
100
Precision
ofuLTR
mod
el(%
)
QWS, Te = 2.7s
Rand, Te ≈ 242.2s
12
• Real-world Web Service data: QWS dataset • Case studies: online booking service, … • Evaluate the percentage of false-negatives (precision)
w.r.t. size of the uLTR model
uLTR for component selection
100 200
Size of uLTR model (|BS|)
10
20
30
40
50
60
70
80
90
100
Precision
ofuLTR
mod
el(%
)
QWS, Te = 10.8s
Rand, Te ≈ 201.4s
1 4 7 10
Size of uLTR model (|BS|)
60
65
70
75
80
85
90
95
100
Precision
ofuLTR
mod
el(%
)
QWS, Te = 0.9s
Rand, Te ≈ 10.8s
1 4 7 10
Size of uLTR model (|BS|)
60
65
70
75
80
85
90
95
100
Precision
ofuLTR
mod
el(%
)
QWS, Te = 2.7s
Rand, Te ≈ 242.2s
12
Strong dependency in the original LTR: t1+t2+3t3-2t4<4
uLTR for runtime adaptation and recovery
Must finish within 4s! Monitor
13
uLTR for runtime adaptation and recovery
Must finish within 4s!
response time
Monitor
13
uLTR for runtime adaptation and recovery
Must finish within 4s!
response time
Monitor
13
uLTR for runtime adaptation and recovery
Must finish within 4s!
response time
repairing plan
Monitor
13
uLTR for runtime adaptation and recovery
Must finish within 4s!
response time
repairing plan
Monitor
13
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3)
⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
uLTR for runtime adaptation and recovery
Must finish within 4s!
response time
repairing plan
Monitor
13
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3)
⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
uLTR for runtime adaptation and recovery
Must finish within 4s!
?
response time
repairing plan
Monitor
Have to replace both DS and FS.
13
uLTR for runtime adaptation and recovery
Must finish within 4s!
tDS<1 tFS<∞ tPS<1
response time
repairing plan
Monitor
13
uLTR for runtime adaptation and recovery
Must finish within 4s!
tDS<1 tFS<∞ tPS<1
response time
repairing plan
Monitor
Replacing DS is enough!
13
uLTR for runtime adaptation and recovery
Must finish within 4s!
tDS<1 tFS<∞ tPS<1
response time
repairing plan
Monitor
Replacing DS is enough!
The “meaning” of LTR: safe if one of tFS and tPS is less than 1.
13
uLTR for runtime adaptation and recovery
Experiments:• Use real service response time • Simulate violations by adding uniform random delays to
components • Compare the length of recovery plans generated by
LTR and uLTR • In ~90% cases, uLTR discovers shorter repairs
14
Limitations & Future WorkLimited evaluation
• Need to look at other domains
Proof of concept, not the silver bullet• Generalize the sampling algorithm: allow arbitrary
hyper-rectangles
Scalability issues:• Quantifier elimination • Balance between precision and performance
15
ChecklistWhat is uLTR?
• Component-independent under-approximated LTR • Soundness: ensure timing safety
How to break up the monolithic constraint?• Compute uLTR from LTR • Precision: preserve as many choices as possible
How can localized constraints support the management of timing requirements?
• uLTR for component selection • uLTR for runtime adaptation and recovery
16
ChecklistWhat is uLTR?
• Component-independent under-approximated LTR • Soundness: ensure timing safety
How to break up the monolithic constraint?• Compute uLTR from LTR • Precision: preserve as many choices as possible
How can localized constraints support the management of timing requirements?
• uLTR for component selection • uLTR for runtime adaptation and recovery
16
Questions?Thank you!
17
ReferencesLi, Y., Albarghouthi, A., Gurfinkel, A., Kincaid, Z., Chechik, M.: Symbolic Optimization with SMT Solvers. In: Proc. of POPL 2014 (2014)
Tan, T.H., André, E., Sun, J., Liu, Y., Dong, J.S., Chen, M.: Dynamic Synthesis of Local Time Requirement for Service Composition. In: Proc. of ICSE 2013, pp. 542–551 (2013)
Al-Masri,E.,Mahmoud,Q.H.:QoS-based Discovery and Ranking of Web Services.In:Proc. of ICCCN 2007, pp. 529–534. IEEE (2007)
Wang, S., Rho, S., Mai, Z., Bettati, R., Zhao, W.: Real-time Component-based Systems. In: Proc. of RTETAS 2005, pp. 428–437 (2005)
Carminati, B., Ferrari, E., Hung, P.C.: Exploring Privacy Issues in Web Services Discovery Agencies. IEEE Security & Privacy 3(5), 14–21 (2005)
18