Management of Time Requirements in Component-based Systems

Transcription

1 Management of Time Requirements in Component-based Systems Yi Li 1 Tian Huat Tan 2 Marsha Chechik 1 1. University of Toronto 2. Singapore University of Technology and Design FM 2014 Singapore May 14,

2 Component-based Software Engineering 2

3 Business Goals & System Requirements Component-based Software Engineering 2

4 Business Goals & System Requirements Component-based Software Engineering modularity, reusability, separation of concerns 2

5 Timing Requirements 3

6 Timing Requirements Vehicle Control Systems Electronic Stability Control (ESC) Anti-lock braking system (ABS) 3

7 Timing Requirements Vehicle Control Systems Electronic Stability Control (ESC) Anti-lock braking system (ABS) Smart Phones 3

8 Timing Requirements Vehicle Control Systems Electronic Stability Control (ESC) Anti-lock braking system (ABS) Smart Phones Sensors - motion tracking 3

9 Timing Requirements Vehicle Control Systems Electronic Stability Control (ESC) Anti-lock braking system (ABS) Smart Phones Sensors - motion tracking Web Service Compositions Ticket Booking Stock Quotes 3

10 Timing Requirements Vehicle Control Systems Electronic Stability Control (ESC) Anti-lock braking system (ABS) Smart Phones Sensors - motion tracking Web Service Compositions Ticket Booking Stock Quotes 3

11 Existing Approach: LTR? 4

12 Existing Approach: LTR? 4

13 Existing Approach: LTR? 4

14 Existing Approach: LTR? 4

15 Existing Approach: LTR? 4

16 Existing Approach: LTR? Failure! 4

17 Existing Approach: LTR Must finish within 4s! 4

18 Existing Approach: LTR Must finish within 4s! Previous Work: [ICSE 13] Local Timing Requirements (LTR) synthesis Web Services - BPEL tds tfs tps Monolithic representation 4

19 Existing Approach: LTR Must finish within 4s! Previous Work: [ICSE 13] Local Timing Requirements (LTR) synthesis Web Services - BPEL tds tfs tps Monolithic representation LTR: (0 t DS 1 t FS 1 t PS ) ((0 t DS 0 t FS 0 t PS ) t DS 3) ((0 t DS 0 t FS 1 0 t PS ) t DS +t FS 3) ((0 t DS 1 t FS 0 t PS 1) t DS +t PS 2) 4

20 Existing Approach: LTR LTR: Previous Work: Must finish within 4s! Pros: + distills complicated composition structures into a single formula + precisely captures all feasible combinations tds tfs tps LTR - monolithic constraint (0 t DS 1 t FS 1 t PS ) ((0 t DS 0 t FS 0 t PS ) t DS 3) ((0 t DS 0 t FS 1 0 t PS ) t DS +t FS 3) ((0 t DS 1 t FS 0 t PS 1) t DS +t PS 2) [ICSE 13] Local Timing Requirements (LTR) synthesis Web Services - BPEL Cons: - imposes dependencies across components - lacks support for localized debugging/repairing Monolithic representation 4

21 Existing Approach: LTR Must finish within 4s! Previous Work: [ICSE 13] Local Timing Requirements (LTR) synthesis Web Services - BPEL tds tfs tps Monolithic representation LTR: (0 t DS 1 t FS 1 t PS ) ((0 t DS 0 t FS 0 t PS ) t DS 3) ((0 t DS 0 t FS 1 0 t PS ) t DS +t FS 3) ((0 t DS 1 t FS 0 t PS 1) t DS +t PS 2) ultr: (0 t DS <1 0 t FS <1) (0 t DS <1 0 t PS <1) 4

22 LTR vs. ultr LTR: (0 t DS 1 t FS 1 t PS ) ((0 t DS 0 t FS 0 t PS ) t DS 3) ((0 t DS 0 t FS 1 0 t PS ) t DS +t FS 3) ((0 t DS 1 t FS 0 t PS 1) t DS +t PS 2) Component-dependent timing requirement Linear real arithmetic Precise Monolithic ultr: (0 t DS <1 0 t FS <1) (0 t DS <1 0 t PS <1) Component-independent under-approximated LTR Intervals Under-approximated Localized 5

23 LTR vs. ultr All possible timing configurations, e.g., tds = 1, tfs = 0.5, tps = 0.8 Precision 6

24 LTR vs. ultr unsafe safe LTR All possible timing configurations, e.g., tds = 1, tfs = 0.5, tps = 0.8 Precision 6

25 LTR vs. ultr LTR false negatives All possible timing configurations, underultr approximation e.g., tds = 1, tfs = 0.5, tps = 0.8 Precision Precision(uLTR) = #configurations satisfied by ultr #configurations satisfied by LTR 100% 6

26 LTR vs. ultr LTR All possible timing configurations, ultr e.g., tds = 1, tfs = 0.5, tps = 0.8 Precision Precision(uLTR) = #configurations satisfied by ultr #configurations satisfied by LTR 100% 6

27 Checklist What is ultr? Component-independent under-approximated LTR Soundness: ensure timing safety How to break up the monolithic constraint? Compute ultr from LTR Precision: preserve as many choices as possible How can localized constraints support the management of timing requirements? ultr for component selection ultr for runtime adaptation and recovery 7

28 Checklist What is ultr? Component-independent under-approximated LTR Soundness: ensure timing safety How to break up the monolithic constraint? Compute ultr from LTR Precision: preserve as many choices as possible How can localized constraints support the management of timing requirements? ultr for component selection ultr for runtime adaptation and recovery 7

29 Compute ultr from LTR φ: (0 t DS 1 t FS 1 t PS ) ((0 t DS 0 t FS 0 t PS ) t DS 3) ((0 t DS 0 t FS 1 0 t PS ) t DS +t FS 3) ((0 t DS 1 t FS 0 t PS 1) t DS +t PS 2) t PS t FS t DS 8

30 Compute ultr from LTR φ: (0 t DS 1 t FS 1 t PS ) ((0 t DS 0 t FS 0 t PS ) t DS 3) ((0 t DS 0 t FS 1 0 t PS ) t DS +t FS 3) ((0 t DS 1 t FS 0 t PS 1) t DS +t PS 2) t PS t FS t DS 8

31 Compute ultr from LTR φ: (0 t DS 1 t FS 1 t PS ) ((0 t DS 0 t FS 0 t PS ) t DS 3) ((0 t DS 0 t FS 1 0 t PS ) t DS +t FS 3) ((0 t DS 1 t FS 0 t PS 1) t DS +t PS 2) t PS B: (0 t DS <1 0 t FS <1) (0 t DS <1 0 t PS <1) t FS t DS 8

32 Compute ultr from LTR t PS t FS t DS 8

33 Compute ultr from LTR B1= MaxCube(φ) t PS t FS t DS 8

34 Compute ultr from LTR B1= MaxCube(φ) InfCube(φ,B1) t PS t FS t DS 8

35 Compute ultr from LTR B1= MaxCube(φ) InfCube(φ,B1) B2= MaxCube(φ) t PS t FS t DS 8

36 Compute ultr from LTR B1= MaxCube(φ) InfCube(φ,B1) B2= MaxCube(φ) B=Merge(B1,,Bi) t PS t FS t DS 8

37 Compute ultr from LTR B1= MaxCube(φ) InfCube(φ,B1) B2= MaxCube(φ) B=Merge(B1,,Bi) t PS if (h(bi)<ω) return; 3 2 t FS t DS 8

38 Compute ultr from LTR B1= MaxCube(φ) InfCube(φ,B1) B2= MaxCube(φ) t PS 1 Soundness Termination Precision B=Merge(B1,,Bi) 0 1 if (h(bi)<ω) return; 3 2 t FS t DS 8

39 SMT Encodings MaxCube(φ) //return the hypercube in φ with maximum volume InfCube(φ,B) //relax in one direction if possible 9

40 SMT Encodings MaxCube(φ) //return the hypercube in φ with maximum volume // sample arbitrary hyper-rectangle, 8Vars(') (( V v i 2Vars(') l i apple v i apple u i ) ) ') InfCube(φ,B) //relax in one direction if possible 9

41 SMT Encodings MaxCube(φ) //return the hypercube in φ with maximum volume // sample arbitrary hyper-rectangle, 8Vars(') (( // sample maximal hyper-cube Optimize( ^ ( InfCube(φ,B) //relax in one direction if possible V v i 2Vars(') V v i 2Vars(') l i apple v i apple u i ) ) ') (u i l i = h)), h) 9

42 SMT Encodings MaxCube(φ) //return the hypercube in φ with maximum volume // sample arbitrary hyper-rectangle Symbolic Optimization, 8Vars(') (( v i 2Vars(') [POPL 14] // sample maximal hyper-cube Optimize( ^ ( InfCube(φ,B) //relax in one direction if possible V V v i 2Vars(') l i apple v i apple u i ) ) ') (u i l i = h)), h) 9

43 SMT Encodings MaxCube(φ) //return the hypercube in φ with maximum volume // sample arbitrary hyper-rectangle, 8Vars(') (( // sample maximal hyper-cube Optimize( ^ ( InfCube(φ,B) //relax in one direction if possible V v i 2Vars(') V v i 2Vars(') unsat? ( (B[l i /1] ) ')) unsat? ( (B[u i /1] ) ')) l i apple v i apple u i ) ) ') (u i l i = h)), h) // relax lower bound // relax upper bound 9

44 SMT Encodings MaxCube(φ) //return the hypercube in φ with maximum volume // sample arbitrary hyper-rectangle, 8Vars(') (( // sample maximal hyper-cube Optimize( ^ ( InfCube(φ,B) //relax in one direction if possible V v i 2Vars(') V v i 2Vars(') unsat? ( (B[l i /1] ) ')) unsat? ( (B[u i /1] ) ')) l i apple v i apple u i ) ) ') (u i l i = h)), h) // relax lower bound // relax upper bound // heights of sampled hyper-cubes form a non-increasing sequence 9

45 Checklist What is ultr? Component-independent under-approximated LTR Soundness: ensure timing safety How to break up the monolithic constraint? Compute ultr from LTR Precision: preserve as many choices as possible How can localized constraints support the management of timing requirements? ultr for component selection ultr for runtime adaptation and recovery 10

46 Checklist What is ultr? Component-independent under-approximated LTR Soundness: ensure timing safety How to break up the monolithic constraint? Compute ultr from LTR Precision: preserve as many choices as possible How can localized constraints support the management of timing requirements? ultr for component selection ultr for runtime adaptation and recovery 10

47 ultr for component selection 11

48 ultr for component selection publish 11

49 ultr for component selection LTR:(tFS<1 tds 3 tds+tfs 3) publish 11

50 ultr for component selection LTR:(tFS<1 tds 3 tds+tfs 3) publish 11

51 ultr for component selection Carminati et al., 2005 Al-Masri & Mahmoud, 2007 Rajendran et al., 2010 request retrieve publish 11

52 ultr for component selection tfs<1s finds the best match given localized constraints request retrieve publish 11

53 ultr for component selection tfs<1s finds the best match given localized constraints request retrieve publish 11

54 ultr for component selection Real-world Web Service data: QWS dataset Case studies: online booking service, Evaluate the percentage of false-negatives (precision) w.r.t. size of the ultr model Precision of ultr model (%) QWS, T e =0.9s Rand, T e 10.8s Precision of ultr model (%) QWS, T e =2.7s Rand, T e 242.2s Precision of ultr model (%) QWS, T e = 10.8s Rand, T e 201.4s Size of ultr model ( BS ) Size of ultr model ( BS ) Size of ultr model ( BS ) 12

55 ultr for component selection Real-world Web Service data: QWS dataset Case studies: online booking service, Precision of ultr model (%) Evaluate the percentage of false-negatives (precision) w.r.t. size of the ultr model Strong dependency in QWS, T e =0.9s Rand, T e 10.8s Size of ultr model ( BS ) Precision of ultr model (%) t1+t2+3t3-2t4< Size of ultr model ( BS ) the original LTR: QWS, T e =2.7s Rand, T e 242.2s Precision of ultr model (%) QWS, T e = 10.8s Rand, T e 201.4s Size of ultr model ( BS ) 12

56 ultr for runtime adaptation and recovery Must finish within 4s! Monitor 13

57 ultr for runtime adaptation and recovery Must finish within 4s! Monitor response time 13

58 ultr for runtime adaptation and recovery Must finish within 4s! Monitor response time 13

59 ultr for runtime adaptation and recovery Must finish within 4s! Monitor response time repairing plan 13

60 ultr for runtime adaptation and recovery Must finish within 4s! Monitor response time repairing plan 13

61 ultr for runtime adaptation and recovery Must finish within 4s! Monitor response time repairing plan (0 tds 1 tfs 1 tps) ((0 tds 0 tfs 0 tps) tds 3) ((0 tds 0 tfs 1 0 tps) tds+tfs 3) ((0 tds 1 tfs 0 tps 1) tds+tps 2) 13

62 ultr for runtime adaptation and recovery Must finish within 4s! response time Monitor (0 tds 1 tfs 1 tps) ((0 tds 0 tfs 0 tps) tds 3) ((0 tds 0 tfs 1 0 tps) tds+tfs 3) ((0 tds 1 tfs 0 tps 1) tds+tps 2) repairing plan? Have to replace both DS and FS. 13

63 ultr for runtime adaptation and recovery Must finish within 4s! Monitor response time repairing plan tds<1 tfs< tps<1 13

64 ultr for runtime adaptation and recovery Must finish within 4s! Monitor response time repairing plan tds<1 tfs< tps<1 Replacing DS is enough! 13

65 ultr for runtime adaptation and recovery Must finish within 4s! Monitor response time repairing plan tds<1 tfs< tps<1 Replacing DS is enough! The meaning of LTR: safe if one of tfs and tps is less than 1. 13

66 ultr for runtime adaptation and recovery Experiments: Use real service response time Simulate violations by adding uniform random delays to components Compare the length of recovery plans generated by LTR and ultr In ~90% cases, ultr discovers shorter repairs 14

67 Limitations & Future Work Limited evaluation Need to look at other domains Proof of concept, not the silver bullet Generalize the sampling algorithm: allow arbitrary hyper-rectangles Scalability issues: Quantifier elimination Balance between precision and performance 15

68 Checklist What is ultr? Component-independent under-approximated LTR Soundness: ensure timing safety How to break up the monolithic constraint? Compute ultr from LTR Precision: preserve as many choices as possible How can localized constraints support the management of timing requirements? ultr for component selection ultr for runtime adaptation and recovery 16

69 Checklist What is ultr? Component-independent under-approximated LTR Soundness: ensure timing safety How to break up the monolithic constraint? Compute ultr from LTR Precision: preserve as many choices as possible How can localized constraints support the management of timing requirements? ultr for component selection ultr for runtime adaptation and recovery 16

70 Questions? Thank you! 17

71 References Li, Y., Albarghouthi, A., Gurfinkel, A., Kincaid, Z., Chechik, M.: Symbolic Optimization with SMT Solvers. In: Proc. of POPL 2014 (2014) Tan, T.H., André, E., Sun, J., Liu, Y., Dong, J.S., Chen, M.: Dynamic Synthesis of Local Time Requirement for Service Composition. In: Proc. of ICSE 2013, pp (2013) Al-Masri,E.,Mahmoud,Q.H.:QoS-based Discovery and Ranking of Web Services.In:Proc. of ICCCN 2007, pp IEEE (2007) Wang, S., Rho, S., Mai, Z., Bettati, R., Zhao, W.: Real-time Componentbased Systems. In: Proc. of RTETAS 2005, pp (2005) Carminati, B., Ferrari, E., Hung, P.C.: Exploring Privacy Issues in Web Services Discovery Agencies. IEEE Security & Privacy 3(5), (2005) 18