Software that people use for everyday purposes is usually not mission critical---some failures can be tolerated. However, this software should be dependable enough for its intended use, even when users change expectations. Software systems that could adapt to accommodate both failures and changing user expectations could significantly improve the dependability of such everyday software. Many adaptation techniques require specifications of proper behavior (for detecting improper behavior) and problem severity, alternatives and their selection (for mitigation and for repair).However, the specifications of everyday software are usually incomplete and imprecise. This makes it difficult to determine the dependability of the software and even more difficult to adapt.We address the problem of detecting anomalies---deviations from expected behavior---when specifications of expected behavior are missing. Setting up anomaly detection depends on human participation, yielding predicates that can serve as proxies for missing specifications.We propose a template mechanism to lower the demands on human attention when setting up detection. We show how this mechanism may be used in our framework for enhancing dynamic data feeds with automatic adaptation. We discuss how the same mechanism may be used in repair. Our emphasis is on detecting semantic anomalies: cases in which the data feed is responsive and delivers well-formed results, but these results are unreasonable.
{"title":"Enabling automatic adaptation in systems with under-specified elements","authors":"O. Raz, P. Koopman, M. Shaw","doi":"10.1145/582128.582139","DOIUrl":"https://doi.org/10.1145/582128.582139","url":null,"abstract":"Software that people use for everyday purposes is usually not mission critical---some failures can be tolerated. However, this software should be dependable enough for its intended use, even when users change expectations. Software systems that could adapt to accommodate both failures and changing user expectations could significantly improve the dependability of such everyday software. Many adaptation techniques require specifications of proper behavior (for detecting improper behavior) and problem severity, alternatives and their selection (for mitigation and for repair).However, the specifications of everyday software are usually incomplete and imprecise. This makes it difficult to determine the dependability of the software and even more difficult to adapt.We address the problem of detecting anomalies---deviations from expected behavior---when specifications of expected behavior are missing. Setting up anomaly detection depends on human participation, yielding predicates that can serve as proxies for missing specifications.We propose a template mechanism to lower the demands on human attention when setting up detection. We show how this mechanism may be used in our framework for enhancing dynamic data feeds with automatic adaptation. We discuss how the same mechanism may be used in repair. Our emphasis is on detecting semantic anomalies: cases in which the data feed is responsive and delivers well-formed results, but these results are unreasonable.","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122258918","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Distributed databases generally have strict consistency requirements on data replicas, meaning that they are not allowed to diverge outside of transaction boundaries. For certain applications, this is too pessimistic, and it is often better to trade off consistency for higher availability, performance, or predictability. In this paper, we describe a replication protocol for a distributed database which is eventually consistent; it allows replicas to diverge if the system can be guaranteed to eventually converge to a consistent state. We also compare eventual consistency to self-stabilization, and outline how self-stabilization theory may help in proving properties of eventually consistent systems.
{"title":"Self-stabilization and eventual consistency in replicated real-time databases","authors":"S. Gustavsson, S. F. Andler","doi":"10.1145/582128.582150","DOIUrl":"https://doi.org/10.1145/582128.582150","url":null,"abstract":"Distributed databases generally have strict consistency requirements on data replicas, meaning that they are not allowed to diverge outside of transaction boundaries. For certain applications, this is too pessimistic, and it is often better to trade off consistency for higher availability, performance, or predictability. In this paper, we describe a replication protocol for a distributed database which is eventually consistent; it allows replicas to diverge if the system can be guaranteed to eventually converge to a consistent state. We also compare eventual consistency to self-stabilization, and outline how self-stabilization theory may help in proving properties of eventually consistent systems.","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116524910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We attach a feedback-control-loop infrastructure to an existing target system, to continually monitor and dynamically adapt its activities and performance. (This approach could also be applied to "new" systems, as an alternative to "building in" adaptation facilities, but we do not address that here.) Our infrastructure consists of multiple layers, with the objectives of 1. probing, measuring and reporting of activity and state during the execution of the target system among its components and connectors; 2. gauging, analysis and interpretation of the reported events; and 3. whenever necessary, feedback onto the probes and gauges, to focus them (e.g., drill deeper), or onto the running target system, to direct its automatic adjustment and reconfiguration. We report on our successful experience using this approach in the dynamic adaptation of a large-scale commercial application requiring both coarse and fine-grained modifications.
{"title":"A case study in software adaptation","authors":"G. Valetto, G. Kaiser","doi":"10.1145/582128.582142","DOIUrl":"https://doi.org/10.1145/582128.582142","url":null,"abstract":"We attach a feedback-control-loop infrastructure to an existing target system, to continually monitor and dynamically adapt its activities and performance. (This approach could also be applied to \"new\" systems, as an alternative to \"building in\" adaptation facilities, but we do not address that here.) Our infrastructure consists of multiple layers, with the objectives of 1. probing, measuring and reporting of activity and state during the execution of the target system among its components and connectors; 2. gauging, analysis and interpretation of the reported events; and 3. whenever necessary, feedback onto the probes and gauges, to focus them (e.g., drill deeper), or onto the running target system, to direct its automatic adjustment and reconfiguration. We report on our successful experience using this approach in the dynamic adaptation of a large-scale commercial application requiring both coarse and fine-grained modifications.","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114771007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Z. Yang, B. Cheng, R. Stirewalt, J. Sowell, S. M. Sadjadi, P. McKinley
This paper presents an aspect-oriented approach to dynamic adaptation. A systematic process for defining where, when, and how an adaptation is to be incorporated into an application is presented. Specifically, the paper presents a two-phase approach to dynamic adaptation, where the first phase prepares a non-adaptive program for adaptation, and the second phase implements the adaptation at run time. This approach is illustrated with a distributed conferencing application.
{"title":"An aspect-oriented approach to dynamic adaptation","authors":"Z. Yang, B. Cheng, R. Stirewalt, J. Sowell, S. M. Sadjadi, P. McKinley","doi":"10.1145/582128.582144","DOIUrl":"https://doi.org/10.1145/582128.582144","url":null,"abstract":"This paper presents an aspect-oriented approach to dynamic adaptation. A systematic process for defining where, when, and how an adaptation is to be incorporated into an application is presented. Specifically, the paper presents a two-phase approach to dynamic adaptation, where the first phase prepares a non-adaptive program for adaptation, and the second phase implements the adaptation at run time. This approach is illustrated with a distributed conferencing application.","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134618052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Online adaptation is a powerful means to handle unexpected slow or catastrophic changes of the system's behavior (e.g., a stuck or broken rudder of an aircraft). Therefore, adaptation is one way for realizing a self-healing system. Substantial research and development has been made to use neural networks (NN) for such tasks (e.g., integrated in various unmanned helicopters and test-flown on a modified F-15 aircraft). Despite the advantages of adaptive neural network based systems, the lack of methods to perform certification, verification, and validation (V&V) of such systems severely restricts their applicability.In this paper, we report on ongoing work to develop V&V techniques and processes for NN-based safety-critical control systems, in our case an aircraft flight control system. Although the project ultimately aims at V&V of online adaptive systems, this paper focuses on the first part of this project dealing with so-called pre-trained neural networks (PTNN). V&V techniques developed here are important pre-requisites for handling the online adaptive case. In particular, we describe highlights of a process guide which has been developed within this project and discuss important V&V issues which need to be addressed during certification.
{"title":"Toward V&V of neural network based controllers","authors":"J. Schumann, S. Nelson","doi":"10.1145/582128.582141","DOIUrl":"https://doi.org/10.1145/582128.582141","url":null,"abstract":"Online adaptation is a powerful means to handle unexpected slow or catastrophic changes of the system's behavior (e.g., a stuck or broken rudder of an aircraft). Therefore, adaptation is one way for realizing a self-healing system. Substantial research and development has been made to use neural networks (NN) for such tasks (e.g., integrated in various unmanned helicopters and test-flown on a modified F-15 aircraft). Despite the advantages of adaptive neural network based systems, the lack of methods to perform certification, verification, and validation (V&V) of such systems severely restricts their applicability.In this paper, we report on ongoing work to develop V&V techniques and processes for NN-based safety-critical control systems, in our case an aircraft flight control system. Although the project ultimately aims at V&V of online adaptive systems, this paper focuses on the first part of this project dealing with so-called pre-trained neural networks (PTNN). V&V techniques developed here are important pre-requisites for handling the online adaptive case. In particular, we describe highlights of a process guide which has been developed within this project and discuss important V&V issues which need to be addressed during certification.","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124189997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Marija Mikic-Rakic, Nikunj R. Mehta, N. Medvidović
This paper argues for a set of requirements that an architectural style for self-healing systems should satisfy: adaptability, dynamicity, awareness, autonomy, robustness, distributability, mobility, and traceability. Support for these requirements is discussed along five dimensions we have identified as distinguishing characteristics of architectural styles: external structure, topology rules, behavior, interaction, and data flow. As an illustration, these requirements are used to assess an existing architectural style. While this initial formulation of the requirements appears to have utility, much further work remains to be done in order to apply it in evaluating and comparing architectural styles for self-healing systems.
{"title":"Architectural style requirements for self-healing systems","authors":"Marija Mikic-Rakic, Nikunj R. Mehta, N. Medvidović","doi":"10.1145/582128.582138","DOIUrl":"https://doi.org/10.1145/582128.582138","url":null,"abstract":"This paper argues for a set of requirements that an architectural style for self-healing systems should satisfy: adaptability, dynamicity, awareness, autonomy, robustness, distributability, mobility, and traceability. Support for these requirements is discussed along five dimensions we have identified as distinguishing characteristics of architectural styles: external structure, topology rules, behavior, interaction, and data flow. As an illustration, these requirements are used to assess an existing architectural style. While this initial formulation of the requirements appears to have utility, much further work remains to be done in order to apply it in evaluating and comparing architectural styles for self-healing systems.","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127412036","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The current panorama of the communication infrastructures let us foresee that several kinds of variously integrated transmission and communication infrastructures will be available in the near future. In such a scenario, it will be possible to implement heterogeneous access software applications, whose users are likely to be mobile, to employ access devices of various kinds (PCs, PDAs, cellular phones, communicators, etc.), and to be willing to accept varying quality of service, including degraded functionalities, according to the place, the time, the device in use, etc. Moreover the technological developments in terms of devices show that what today is seen as a discrete set of well characterized —different types of— devices, tomorrow will became a virtually infinite range of access devices all homogeneous in terms of basic resources and functionalities but —all— different in terms of quantitative and qualitative characteristics (size, dimensions, speed, resolution, interpreters, languages, ...). Think, for example, of resources like memory, screen, databases, threading etc. This means that devices can exhibit possibly infinite different configurations both at the hardware and software level. In this context our research addresses the problem of dealing with the heterogeneity of access devices. The problem we are facing is that of a, possibly mobile, user that wants to download and execute an application from a remote server. The user’s hosting device can be any of the above mentioned access devices with specific hardware and software capabilities. The problem is then to be able to decide whether the user’s current device characteristics are compatible with the application requirements in order to prevent execution failures. In the negative case we would like to be able to identify the reasons that determined the un-compatibility and perform an adaptation of the application so that it can match the user’s device capabilities. These reasons pushed us toward a declarative approach [3, 6]. Informally our approach is the following. We propose to provide each device with a declarative mechanism to express
{"title":"Correct deployment and adaptation of software applications on heterogenous (mobile) devices","authors":"P. Inverardi, F. Mancinelli, G. Marinelli","doi":"10.1145/582128.582151","DOIUrl":"https://doi.org/10.1145/582128.582151","url":null,"abstract":"The current panorama of the communication infrastructures let us foresee that several kinds of variously integrated transmission and communication infrastructures will be available in the near future. In such a scenario, it will be possible to implement heterogeneous access software applications, whose users are likely to be mobile, to employ access devices of various kinds (PCs, PDAs, cellular phones, communicators, etc.), and to be willing to accept varying quality of service, including degraded functionalities, according to the place, the time, the device in use, etc. Moreover the technological developments in terms of devices show that what today is seen as a discrete set of well characterized —different types of— devices, tomorrow will became a virtually infinite range of access devices all homogeneous in terms of basic resources and functionalities but —all— different in terms of quantitative and qualitative characteristics (size, dimensions, speed, resolution, interpreters, languages, ...). Think, for example, of resources like memory, screen, databases, threading etc. This means that devices can exhibit possibly infinite different configurations both at the hardware and software level. In this context our research addresses the problem of dealing with the heterogeneity of access devices. The problem we are facing is that of a, possibly mobile, user that wants to download and execute an application from a remote server. The user’s hosting device can be any of the above mentioned access devices with specific hardware and software capabilities. The problem is then to be able to decide whether the user’s current device characteristics are compatible with the application requirements in order to prevent execution failures. In the negative case we would like to be able to identify the reasons that determined the un-compatibility and perform an adaptation of the application so that it can match the user’s device capabilities. These reasons pushed us toward a declarative approach [3, 6]. Informally our approach is the following. We propose to provide each device with a declarative mechanism to express","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128764576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Modern practical computing systems are much more complex than the simple programs on which we developed our models of dependability. These dependability models depend on precise specifications, but it is often impractical to obtain precise specifications of practical software-intensive systems. Furthermore, the criteria for acceptable behavior vary from time to time and from one user to another. When development methods are based on the classic models that assume precise specifications, the resulting systems are often brittle --- they are vulnerable to unexpected conditions and hard to tune to changing expectations. Practical systems would be better served by development models that recognize the variability and unpredictability of the environment in which the systems are used. Such development methods should pursue not the absolute criterion of correctness, but rather the goal of fitness for the intended task, or sufficient correctness. They should accommodate environmental unpredictability not only by reactive mechanisms, but also by design that produces resilience to environmental change, or homeostasis. In many cases, this resilience may be achievable by relaxing tolerances in the specifications, thereby enlarging the envelope of acceptable operation.
{"title":"\"Self-healing\": softening precision to avoid brittleness: position paper for WOSS '02: workshop on self-healing systems","authors":"M. Shaw","doi":"10.1145/582128.582152","DOIUrl":"https://doi.org/10.1145/582128.582152","url":null,"abstract":"Modern practical computing systems are much more complex than the simple programs on which we developed our models of dependability. These dependability models depend on precise specifications, but it is often impractical to obtain precise specifications of practical software-intensive systems. Furthermore, the criteria for acceptable behavior vary from time to time and from one user to another. When development methods are based on the classic models that assume precise specifications, the resulting systems are often brittle --- they are vulnerable to unexpected conditions and hard to tune to changing expectations. Practical systems would be better served by development models that recognize the variability and unpredictability of the environment in which the systems are used. Such development methods should pursue not the absolute criterion of correctness, but rather the goal of fitness for the intended task, or sufficient correctness. They should accommodate environmental unpredictability not only by reactive mechanisms, but also by design that produces resilience to environmental change, or homeostasis. In many cases, this resilience may be achievable by relaxing tolerances in the specifications, thereby enlarging the envelope of acceptable operation.","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"868 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123970987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traditional mechanisms that allow a system to detect and recover from errors are typically wired into applications at the level of code where they are hard to change, reuse, or analyze. An alternative approach is to use externalized adaptation: one or more models of a system are maintained at run time and external to the application as a basis for identifying problems and resolving them. In this paper we provide an overview of recent research in which we use architectural models as the basis for such problem diagnosis and repair. These models can be specialized to the particular style of the system, the quality of interest, and the dimensions of run time adaptation that are permitted by the running system.
{"title":"Model-based adaptation for self-healing systems","authors":"D. Garlan, B. Schmerl","doi":"10.1145/582128.582134","DOIUrl":"https://doi.org/10.1145/582128.582134","url":null,"abstract":"Traditional mechanisms that allow a system to detect and recover from errors are typically wired into applications at the level of code where they are hard to change, reuse, or analyze. An alternative approach is to use externalized adaptation: one or more models of a system are maintained at run time and external to the application as a basis for identifying problems and resolving them. In this paper we provide an overview of recent research in which we use architectural models as the basis for such problem diagnosis and repair. These models can be specialized to the particular style of the system, the quality of interest, and the dimensions of run time adaptation that are permitted by the running system.","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121653815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: