RAPIDWare: Assurance in Adaptive Systems

1
RAPIDWare Assurance in Adaptive Systems

• B. Cheng, L. Dillon, S. Kulkarni, P. McKinley,
  and K. Stirewalt
• Software Engineering and Network Systems (SENS)
  Laboratory
• Supported by the U.S. Dept. of the Navy, Office
  of Naval Research under Grant No.
  N00014-01-1-0744.

2
RAPIDWare Project

• Dynamic adaptation Mission-critical applications
  must adapt to changing conditions in the
  computing and communication infrastructure, and
  in the surrounding physical environment.
• Observations
• Adaptive logic is an inherent obstacle to
  assurance
• Always-on systems may need to be updated with
  new features or policies while system is running
• Key Idea Apply separation of concerns to
  insulate developers from the dynamics of
  adaptation and to enable run-time introduction of
  new functionality

3
Assurance ProblemReasoning about separate
concerns

• Separation of concerns
• Simplifies client code
• Localizes adaptive logic
• Problem
• Non-orthogonal concerns
• Synchronization/usage patterns
• Adaptive QoS/usability requirements
• Reliability/retry policies

task body EventManager is begin loop
AwaitEvent(e) loop if(testAndSet(d1))
then if(testAndSet) d2 then
Broadcast(e,d1,d2) break else
release(d1) end if end loop end
loop end task
4
Solution Reasoning about concerns

• task body EventManager is
• begin
• loop
• AwaitEvent(e)
• Broadcast(e,d1,d2)
• end loop
• end task
• Contract event gt d1 /\ d2

• Approach 1 Make client programs contract-aware
  and adapt behavior to conditions by negotiating
  contracts at run-time

• Approach 2 Reason about orthogonality of concern
  to guide design of adaptive-middleware frameworks
• Use connector wrappers to model interaction of
  reliability policies and client programs
• Architect pluggable reliability implementations
  according to wrapper specification

5
Assurance Problem Coordinating Distributed
Adaptation

• Distributed application
• Set of communicating processes, running on
  multiple hosts
• An adaptation may comprise multiple local
  adaptations
• Problem Non-deterministic ordering of local
  adaptations may leave application in an
  inconsistent or illegal state

6
Solution Coordinating adaptation

• Safe adaptation is essentially a distributed
  configuration-management problem
• Each process manages local configuration of
  components
• Legal combinations of local configurations
  specified using dependency invariants
• Reconfiguration occurs only when process in
  safe state
• Model distributed application as a
  state-transition system and identify safe
  sequences of intermediate adaptive actions
  during adaptation process
• Models behavior of system during adaptive
  action
• Computational structure Transitional invariant
  lattice
• Once safe sequence identified, program
  instrumented to guarantee local adaptations do
  not occur out of order

7
Assurance Problem Evolving assurance mechanisms

• Incorporating new functionality into a running
  system
• E.g., new security or auditing policy
• Needed to respond pro-actively to security
  threats
• Necessary for always-on systems
• Problem
• How to reason about new requirements in real
  time
• How to update run-time assurance mechanisms
  correctly and efficiently

8
Solution Evolving assurance mechanisms

• Coordination approaches
• Automated analysis of reconfiguration to assure
  safeness
• Use of invariants
• Contract-based approaches
• Contracts compose by conjunction
• Components replaceable with without violating
  client assumptions
• Open questions
• Can decision making about new features be
  automated?
• Can our coordination-based approaches be made
  incremental?
• How can feature-interaction and
  resource-optimization techniques be applied to
  adaptive systems?