Management of Time Requirements in Component-based Systems Yi Li 1 - - PowerPoint PPT Presentation
Management of Time Requirements in Component-based Systems Yi Li 1 Tian Huat Tan 2 Marsha Chechik 1 1. University of Toronto 2. Singapore University of Technology and Design FM 2014 Singapore May 14, 2014 1 Component-based Software
Yi Li1 Tian Huat Tan2 Marsha Chechik1
FM 2014 Singapore May 14, 2014
1
2
2
modularity, reusability, separation of concerns
2
3
Vehicle Control Systems
3
Vehicle Control Systems
Smart Phones
3
Vehicle Control Systems
Smart Phones
3
Vehicle Control Systems
Smart Phones
Web Service Compositions
3
Vehicle Control Systems
Smart Phones
Web Service Compositions
…
3
?
4
?
4
?
4
?
4
?
4
Failure!
?
4
Must finish within 4s!
4
Previous Work: [ICSE’13]
(LTR) synthesis
Must finish within 4s! tDS tFS tPS
4
Previous Work: [ICSE’13]
(LTR) synthesis
Must finish within 4s! tDS tFS tPS
LTR:
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
4
Previous Work: [ICSE’13]
(LTR) synthesis
Must finish within 4s! tDS tFS tPS
LTR:
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
4
LTR - monolithic constraint
Pros: + distills complicated composition structures into a single formula + precisely captures all feasible combinations Cons:
Previous Work: [ICSE’13]
(LTR) synthesis
Must finish within 4s! tDS tFS tPS
LTR:
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
4
uLTR:
(0≤tDS<1⋀0≤tFS<1) ∨(0≤tDS<1⋀0≤tPS<1)
timing requirement
5
uLTR: (0≤tDS<1⋀0≤tFS<1) ∨(0≤tDS<1⋀0≤tPS<1)
under-approximated LTR
LTR:
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
All possible timing configurations, e.g., tDS = 1, tFS = 0.5, tPS = 0.8
6
Precision
All possible timing configurations, e.g., tDS = 1, tFS = 0.5, tPS = 0.8
6
LTR
Precision
unsafe safe
All possible timing configurations, e.g., tDS = 1, tFS = 0.5, tPS = 0.8
6
LTR
uLTR
false negatives
Precision
Precision(uLTR) = #configurations satisfied by uLTR
#configurations satisfied by LTR × 100% under- approximation
All possible timing configurations, e.g., tDS = 1, tFS = 0.5, tPS = 0.8
6
LTR
uLTR
Precision
Precision(uLTR) = #configurations satisfied by uLTR
#configurations satisfied by LTR × 100%
What is uLTR?
How to break up the monolithic constraint?
How can localized constraints support the management of timing requirements?
7
What is uLTR?
How to break up the monolithic constraint?
How can localized constraints support the management of timing requirements?
7
φ:
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
3 1 2 1 tDS tF S tP S
8
φ:
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
3 1 2 1 tDS tF S tP S 3 1 2 1 tDS tF S tP S
8
φ:
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
B: (0≤tDS<1⋀0≤tFS<1) ∨(0≤tDS<1⋀0≤tPS<1)
3 1 2 1 tDS tF S tP S
8
3 1 2 1 tDS tF S tP S
3 1 2 1 tDS tF S tP S
8
3 1 2 1 tDS tF S tP S 3 1 2 1 tDS tF S tP S
B1= MaxCube(φ)
8
3 1 2 1 tDS tF S tP S 3 1 2 1 tDS tF S tP S 3 1 2 1 tDS tF S tP S
B1= MaxCube(φ) InfCube(φ,B1)
8
3 1 2 1 tDS tF S tP S 3 1 2 1 tDS tF S tP S 3 1 2 1 tDS tF S tP S 3 1 2 1 tDS tF S tP S
B1= MaxCube(φ) InfCube(φ,B1) B2= MaxCube(φ)
8
3 1 2 1 tDS tF S tP S
B1= MaxCube(φ) InfCube(φ,B1) B2= MaxCube(φ) …
3 1 2 1 tDS tF S tP S
8
B=Merge(B1,…,Bi)
3 1 2 1 tDS tF S tP S
B1= MaxCube(φ) InfCube(φ,B1) B2= MaxCube(φ) …
3 1 2 1 tDS tF S tP S 3 1 2 1 tDS tF S tP S
8
if (h(Bi)<ω) return; B=Merge(B1,…,Bi)
3 1 2 1 tDS tF S tP S
B1= MaxCube(φ) InfCube(φ,B1) B2= MaxCube(φ) … Soundness Termination
3 1 2 1 tDS tF S tP S 3 1 2 1 tDS tF S tP S
Precision
8
if (h(Bi)<ω) return; B=Merge(B1,…,Bi)
MaxCube(φ) //return the hypercube in φ with maximum volume InfCube(φ,B) //relax in one direction if possible
9
MaxCube(φ) //return the hypercube in φ with maximum volume InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle
9
θ , ∀V ars(ϕ) · (( V
vi∈V ars(ϕ)
li ≤ vi ≤ ui) ⇒ ϕ)
MaxCube(φ) //return the hypercube in φ with maximum volume InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle // sample maximal hyper-cube
9
θ , ∀V ars(ϕ) · (( V
vi∈V ars(ϕ)
li ≤ vi ≤ ui) ⇒ ϕ)
Optimize(θ ∧ ( V
vi∈V ars(ϕ)
(ui − li = h)), h)
MaxCube(φ) //return the hypercube in φ with maximum volume InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle // sample maximal hyper-cube
9
θ , ∀V ars(ϕ) · (( V
vi∈V ars(ϕ)
li ≤ vi ≤ ui) ⇒ ϕ)
Optimize(θ ∧ ( V
vi∈V ars(ϕ)
(ui − li = h)), h)
Symbolic Optimization [POPL’14]
MaxCube(φ) //return the hypercube in φ with maximum volume InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle // sample maximal hyper-cube // relax lower bound // relax upper bound
9
θ , ∀V ars(ϕ) · (( V
vi∈V ars(ϕ)
li ≤ vi ≤ ui) ⇒ ϕ) unSAT? (¬(B[li/∞] ⇒ ϕ))
unSAT? (¬(B[ui/∞] ⇒ ϕ))
Optimize(θ ∧ ( V
vi∈V ars(ϕ)
(ui − li = h)), h)
MaxCube(φ) //return the hypercube in φ with maximum volume InfCube(φ,B) //relax in one direction if possible
// sample arbitrary hyper-rectangle // sample maximal hyper-cube // relax lower bound // relax upper bound // heights of sampled hyper-cubes form a non-increasing sequence
9
θ , ∀V ars(ϕ) · (( V
vi∈V ars(ϕ)
li ≤ vi ≤ ui) ⇒ ϕ) unSAT? (¬(B[li/∞] ⇒ ϕ))
unSAT? (¬(B[ui/∞] ⇒ ϕ))
Optimize(θ ∧ ( V
vi∈V ars(ϕ)
(ui − li = h)), h)
What is uLTR?
How to break up the monolithic constraint?
How can localized constraints support the management of timing requirements?
10
What is uLTR?
How to break up the monolithic constraint?
How can localized constraints support the management of timing requirements?
10
11
publish
11
publish
LTR:(tFS<1⋀tDS≤3⋀tDS+tFS≤3)∨ …
11
publish
LTR:(tFS<1⋀tDS≤3⋀tDS+tFS≤3)∨ …
11
publish request r e t r i e v e
11
Carminati et al., 2005 Rajendran et al., 2010 Al-Masri & Mahmoud, 2007
publish request r e t r i e v e
tFS<1s finds the “best” match given localized constraints
11
publish request r e t r i e v e
tFS<1s finds the “best” match given localized constraints
11
w.r.t. size of the uLTR model
100 200 Size of uLTR model (|BS|) 10 20 30 40 50 60 70 80 90 100 Precision of uLTR model (%) QWS, Te = 10.8s Rand, Te ≈ 201.4s 1 4 7 10 Size of uLTR model (|BS|) 60 65 70 75 80 85 90 95 100 Precision of uLTR model (%) QWS, Te = 0.9s Rand, Te ≈ 10.8s 1 4 7 10 Size of uLTR model (|BS|) 60 65 70 75 80 85 90 95 100 Precision of uLTR model (%) QWS, Te = 2.7s Rand, Te ≈ 242.2s
12
w.r.t. size of the uLTR model
100 200 Size of uLTR model (|BS|) 10 20 30 40 50 60 70 80 90 100 Precision of uLTR model (%) QWS, Te = 10.8s Rand, Te ≈ 201.4s 1 4 7 10 Size of uLTR model (|BS|) 60 65 70 75 80 85 90 95 100 Precision of uLTR model (%) QWS, Te = 0.9s Rand, Te ≈ 10.8s 1 4 7 10 Size of uLTR model (|BS|) 60 65 70 75 80 85 90 95 100 Precision of uLTR model (%) QWS, Te = 2.7s Rand, Te ≈ 242.2s
12
Strong dependency in the original LTR: t1+t2+3t3-2t4<4
Must finish within 4s!
Monitor
13
Must finish within 4s! response time
Monitor
13
Must finish within 4s! response time
Monitor
13
Must finish within 4s! response time repairing plan
Monitor
13
Must finish within 4s! response time repairing plan
Monitor
13
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
Must finish within 4s! response time repairing plan
Monitor
13
¬(0≤tDS⋀1≤tFS⋀1≤tPS) ⋀((0≤tDS⋀0≤tFS⋀0≤tPS)⇒tDS≤3) ⋀((0≤tDS⋀0≤tFS≤1⋀0≤tPS)⇒tDS+tFS≤3) ⋀((0≤tDS⋀1≤tFS⋀0≤tPS≤1)⇒tDS+tPS≤2)
Must finish within 4s!
response time repairing plan
Monitor
Have to replace both DS and FS.
13
Must finish within 4s! tDS<1 tFS<∞ tPS<1 response time repairing plan
Monitor
13
Must finish within 4s! tDS<1 tFS<∞ tPS<1 response time repairing plan
Monitor
Replacing DS is enough!
13
Must finish within 4s! tDS<1 tFS<∞ tPS<1 response time repairing plan
Monitor
Replacing DS is enough! The “meaning” of LTR: safe if one of tFS and tPS is less than 1.
13
Experiments:
components
LTR and uLTR
14
Limited evaluation
Proof of concept, not the silver bullet
hyper-rectangles
Scalability issues:
15
What is uLTR?
How to break up the monolithic constraint?
How can localized constraints support the management of timing requirements?
16
What is uLTR?
How to break up the monolithic constraint?
How can localized constraints support the management of timing requirements?
16
17
Li, Y., Albarghouthi, A., Gurfinkel, A., Kincaid, Z., Chechik, M.: Symbolic Optimization with SMT Solvers. In: Proc. of POPL 2014 (2014) Tan, T.H., André, E., Sun, J., Liu, Y., Dong, J.S., Chen, M.: Dynamic Synthesis of Local Time Requirement for Service Composition. In: Proc.
Al-Masri,E.,Mahmoud,Q.H.:QoS-based Discovery and Ranking of Web Services.In:Proc. of ICCCN 2007, pp. 529–534. IEEE (2007) Wang, S., Rho, S., Mai, Z., Bettati, R., Zhao, W.: Real-time Component- based Systems. In: Proc. of RTETAS 2005, pp. 428–437 (2005) Carminati, B., Ferrari, E., Hung, P.C.: Exploring Privacy Issues in Web Services Discovery Agencies. IEEE Security & Privacy 3(5), 14–21 (2005)
18