Towards Self-Adaptive Software
Download
Report
Transcript Towards Self-Adaptive Software
TOWARDS SELF-ADAPTIVE
SOFTWARE-INTENSIVE
SYSTEMS
Hausi A. Müller
University of Victoria, Canada
IWPSE-EVOL
Amsterdam, The Netherlands
August 24-25, 2009
CONGRATULATIONS
10th Anniversary of International Workshop on
Principles of Software Evolution (IWPSE)
5th Anniversary of ERCIM Workshop on Software
Evolution (EVOL)
Tremendous achievements!
Congratulations!
2
MY BACKGROUND
Founding Director of Bachelor of Software Engineering
Associate Dean Research, Faculty of Engineering
IBM Toronto
Since 1991
CSER/NSERC CRD Project
Design and Evolution of Autonomic Application Software
SOA Governance
CA Canada Inc. (formerly Computer Associates), Toronto
http://www.bseng.uvic.ca
47 courses; 15 software engineering courses
Since 2005
CSER/NSERC CRD Project
Logging, Monitoring & Diagnosis Systems for Enterprise Applications
SEI (Software Engineering Institute), Pittsburgh
Since 1995
SOA Governance and Service Oriented Computing
Ultra Large Scale Systems
3
KEEP IN MIND …
4
ENGINEERING
SELF-ADAPTIVE SYSTEMS
High degree of dynamism
Goals / policies change at run-time
Validation and verification
performed at run-time
Agility at run-time
Müller, H.A.: SEAMS 2008 Panel—Report from Dagstuhl
Seminar 08031 on Engineering Self-Adaptive Systems
5
VERY HIGH EXPECTATIONS
FOR SELF-ADAPTABILITY
Software systems must become more
versatile, flexible, resilient, dependable
service-oriented, mashable, inter-operable,
continuously available, robust, decentralized,
energy-efficient, recoverable, customizable,
configurable, self-healing, configurable,
self-optimizing, self-*, …
by adapting to changing operational contexts and
environments
6
IWPSE 1998: SESSION 3
DYNAMIC/RUNTIME STRUCTURES
Analyzing Dynamic Change in Software Architectures
Software Evolution and the Chemical Abstract Machine
Kurt Geihs, Holger Grunder (University of Frankfurt)
Decentralized Software Evolution
Yasuhiko Sugiyama (Nihon University)
Dynamic Objects for Software Evolution in Distributed Object Systems
Hidehiko Masuhara, Akinori Yonezawa (University of Tokyo)
Runtime Software Evolution based on Version Management
Noriki Amano, Takuo Watanabe (JAIST)
A Reflective Approach to Support Software Evolution
Michel Wermelinger (University of Nova de Lisboa)
A Procedural Model of Dynamic Adaptability and its Description Language
Jeff Kramer, Jeff Magee (Imperial College)
Peyman Oreizy (University of California, Irvine)
Support for Evolution of System Through Software Composition
R. Pandey, P. Devanbu, V. Akella (University of California, Davis)
Architect, design for software adaptation …
Decentralized software evolution …
7
SOFTWARE EVOLUTION
GREAT SUCCESS STORIES
Many methods, techniques, and tools
Artifact identification and dependencies,
(de)-composition
Models, meta-models, exchange formats
Analysis: impact, change, code smells,
analysis paralysis, patterns
(Multi-dimensional) separation of concerns
Tooling: parsing, repositories, visualization,
analysis, program transformation
Several distinct research communities
ICSM, IWPSE, EVOL, ICPC, IWPC, WCRE, PASTE,
SCAM, MSR, VISSOFT, ATEM, and many others
8
CO-SOFTWARE EVOLUTION
Do we concentrate too much on the code?
Are we too reactive and not enough pro-active?
Can we apply and inject our evolution experience into new
development paradigms (e.g., service oriented systems)?
IEEE Standard 830-1998
Software Requirements Specifications
Product
functions
User
characteristics
Nonfunctional
requirements
Context and
environment
Constrain
ts
Co-evolve requirements, context, constraints, policies, code
9
Evolving
Software
Systems
ULS
Systems
Autonomic
Systems
What do
these
systems
have in
common?
SOA
Systems
Control
Systems
10
Evolving
Software
Systems
Selfmanaging
Systems
SOA
Systems
Feedback
Loops
ULS
Systems
Control
Systems
Autonomic
Systems
11
OUTLINE
Motivation for self-adaptive systems
SOA governance and evolution governance
Realizing self-adaptive systems using feedback loops
Evolution of self-adaptive systems
Research challenges
12
RISE OF THE DYNAMIC VALUE SET
The value chains of today are the result of linked individual business
tasks that come together to form a valuable end product
Just like a physical assembly line, each participant in the value chain
contributes something to increase the value of the end product
Although these value chains have become increasingly distributed,
they still tend to be predictable, structured and linear
Set of service providers is changing dynamically based on who is in the
best position to perform a given task at a given time
Service providers are becoming interconnected to the point that mapping
their relationships yields more of a net than the traditional linear chain
Familiar value chains are morphing into dynamic value nets
Value nets are orchestrated by the organization that delivers the end
product to market
This orchestration may be the lead brand organization’s unique value add
13
Steve Mills, VP IBM Software Group: The
Future of Business, White Paper, June 2007
IBM GLOBAL SERVICES SERVICE
INTEGRATION MATURITY MODEL
(SIMM)
Ultimate goal: dynamically configurable services
14
http://www.ibm.com/developerworks/webservices/library/ws-soa-simm/
SELF-ADAPTIVE SYSTEMS:
ANTICIPATED AND UN-ANTICIPATED
ADAPTATION
Anticipated adaption
The different contexts to be accommodated at run-time
are known at design-time
Un-anticipated adaption
The variation possibilities are recognized and computed
at run-time
The decision which variant is best is computed using
self-awareness and environmental context information
Pure un-anticipated self-adaptive system are rare
Most self-adaptive systems feature a combination of
anticipated self-adaptation and un-anticipated selfadaptation
15
Control-Centric
Design and Views
Architecture-centric
Design and Views
ARCHITECTURE-CENTRIC VS.
CONTROL-CENTRIC
ORCHESTRATION
16
SOA GOVERNANCE
Governance has been rated as the main inhibitor
of SOA adoption
SOA governance provides a set of policies, rules,
and enforcement mechanisms for developing,
using and evolving service-oriented systems, and
for analysis of their business value
SOA governance includes policies, procedures,
roles and responsibilities for design-time
governance and runtime governance
17
G. Lewis, D. Smith: SOA and its Implications for
Software Maintenance and Evolution, ICSM FoSM 2008
SOA GOVERNANCE TYPES
Design-time governance
Includes elements such as rules for strategic identification of
services, development, and deployment of services; reuse; and
legacy system migration to services
Enforces consistency in use of standards, SOA infrastructure
and processes
Run-time governance
Enforces rules to ensure that services are executed only in
ways that are legal and that important runtime data is logged
Service level agreements (SLAs) including runtime validation
of contractual specifications on performance, throughput, and
availability; the use of automated metrics for tracking and
reporting; and problem management
18
G. Lewis, D. Smith: SOA and its Implications for
Software Maintenance and Evolution, ICSM FoSM 2008
FEEDBACK LOOPS ARE AT THE
HEART OF DYNAMICAL SYSTEMS
Feedback is ubiquitous
in natural and
engineered systems
... and in computing systems
19
Continuous Evolution
Problems
20
Continuous Evolution
Problems
Software
Evolution
Problems
21
ULS CHALLENGES APPLY TO
SOFTWARE EVOLUTION
The ULS book describes challenges in
three broad areas:
Design and evolution
Orchestration and control
Monitoring and assessment
The challenges in all three areas apply readily to
the maintenance and evolution of software
systems
L. Northrop et al.: Ultra-Large-Scale Systems: The Software
Challenge of the Future, SEI Tech Report, June 2006
22
SPECIFIC CHALLENGES IN GOVERNANCE
SYSTEM MONITORING AND ASSESSMENT
With respect to governance
How do we evaluate the effectiveness of system design,
operation, evolution, orchestration, and control?
How do we monitor and assess system state, behavior,
and overall health and well being?
Challenges include
Defining indicators
Understanding why indicators change
Prioritizing the indicators (e.g., to form a hierarchy)
Handling change and imperfect information
Gauging the human elements
23
SPECIFIC CHALLENGES FOR
SYSTEM MONITORING AND
ASSESSMENT
Defining indicators
Understanding why indicators change
What system-wide, end-to-end, and local quality-of-service
indicators are relevant to meeting user needs and ensuring
the long-term viability of the subject system?
What adjustments or changes to system elements and
interconnections will improve or degrade these indicators?
Prioritizing the indicators
Which indicators should be examined under what conditions?
Are indicators ordered by generality?
General overall health reading versus specialized particular diagnostics
24
SPECIFIC CHALLENGES FOR
SYSTEM MONITORING AND ASSESSMENT
Handling change and imperfect information
How do the monitoring and assessment processes handle
continual changes to components, services, usage, or
connectivity?
Imperfect information can be inaccurate, stale, or imprecise.
Gauging the human elements
What are the indicators of the health and performance of the
people, business, and organizational elements of the SOA
subject system?
25
BRIEF SIDE NOTE ...
COMPLIANCE VS. CONFORMANCE
Compliance implies adherence to a standard or regulation
You either pass or fail
A company can be in compliance with Sarbanes-Oxley auditing requirements
A browser can comply with a specific security requirement by providing 128bit security and TLS encryption
Service delivery is compliant with an SLA
Conformance describes how well a given implementation
matches or does not match a standard or a reference
A conformance testing suite that returns results that certain aspects of an
implementation match a reference implementation
A Web services implementation can conform with the WS-I basic
interoperability profile
Service delivery is conformance with an SLA depends on the importance of
the customer
A lack of conformance does not necessarily imply a value judgment
the way that lack of compliance with a law or regulation does
Keep in mind: Whenever we talk about “compliance,”
we often really mean “conformance.”
26
MONITORING
DYNAMICAL SYSTEMS
Perform critical regression tests dynamically to observe
satisfaction of requirements
Testing run-time (and design-time) governance
Govern and enforce rules and regulations
Perform V&V operations (transformations) regularly to
ascertain V&V properties
Monitor compliance and conformance
Assess whether services are used properly
Recognizing normal and exceptional behaviour
Monitor functional and non-functional requirements when
the environment evolves
SLAs
Assess and maintain quality of service (QoS)
Manage tradeoffs
27
CHANGE OF PERSPECTIVE
From satisfaction of requirements through
traditional, top-down engineering
The system
shall do this
… but it may
do this …
as long as it
does this …
To satisfaction of requirements by regulation of
complex, decentralized systems
How?
With adaptive systems
and feedback loops
28
BIOLOGICAL SYSTEMS
The internal mechanisms of humans
continuously work together to maintain
essential variables within physiological
limits—the n-dimensional viability zone
n-dimensional
viability zone
equilibrium
The goal of human self-managing
behavior is directly linked to survivability
If the external or internal environment pushes
the system outside its physiological equilibrium
zone, the system will work towards returning
to the equilibrium zone
29
MOST FAMOUS FEEDBACK SYSTEM
AUTONOMIC NERVOUS SYSTEM (ANS)
Autonomic nervous system (ANS)
Measure
Temperature
Heart rate
Breathing rate
Blood pressure
Blood sugar
Pupil dilation
Tears
Digestion
Immune response
Resource
Sympathetic
Stressful situation processes
Decide
Parasympathetic
Day-to-day internal processes
Control
Monitor and regulate
30
FEEDBACK SYSTEMS
Merriam-Webster’s Online Dictionary
the return to the input of a part of the output of a machine,
system, or process
producing changes in an
electronic circuit to improve
performance
an automatic control device
to provide self-corrective action
31
APPROACH: FEEDBACK LOOP
32
Dobson, S. et al.: A Survey of Autonomic Communications. ACM Trans.
on Autonomous and Adaptive Systems (TAAS) 1(2):223-259 (2006)
CONTROLLER AS AN
AUTONOMIC ELEMENT
33
ACRA: A HIERARCHY OF AUTONOMIC
ELEMENTS TO ORCHESTRATE INDICATORS
34
IBM: An Architectural Blueprint for
Autonomic Computing, 4th Ed. (2006)
REALIZATION OF A
DYNAMIC ARCHITECTURE
Feedback control system with
disturbance and noise input
Hellerstein, Diao, Parekh, Tilbury: Feedback Control of
Computing Systems. John Wiley & Sons (2004)
35
REALIZATION OF
A DYNAMIC
ARCHITECTURE
Reference input
Reference input minus (measured)
transduced output
Control Input
Goal, objectives, specified desired
output
Control Error
Parameters which affect behavior of
the system—number of threads, CPU,
memory, parameters
Disturbance input
Affects control input—arrival rate
Controller
Managed system
Measurable feature of the system—
response time
Noise input
Dynamical system, process, plant—
often characterized by differential
equations
Measured output
Change control input to achieve
reference input—design is based on a
model of the managed system
Affects measured output
Transducer
Transforms measured output to
compare with reference input
36
Hellerstein, Diao, Parekh, Tilbury: Feedback Control of
Computing Systems. John Wiley & Sons (2004)
ADAPTIVE CONTROL
Modify the control law to cope by changing
system parameters while the system is running
Different from Robust Control in the sense that it
does not need a priori information about the
uncertainties
Robust Control includes the bounds of uncertainties in
the design of the control law.
Thus, if the system changes are within the bounds, the
control law needs no modification.
37
SYSTEM IDENTIFICATION
MODEL BUILDING
Mathematical tools and algorithms to build
dynamical models from measured data
A dynamical mathematical model in this context
is a mathematical description of the dynamic
behavior of a system or process in either the time
or frequency domain
Theories and processes
Physical
Computing
Social
Engineering
Economic
Biological
Chemical
Therapeutic
38
MODEL REFERENCE ADAPTIVE
CONTROLLERS—MRAC
Also referred to as Model Reference Adaptive
System (MRAS)
Closed loop controller with parameters that can be
updated to change the response of the system
The output of the system is compared to a desired
response from a reference model (e.g., simulation
model)
The control parameters are updated based on this
error
The goal is for the parameters to converge to ideal
values that cause the managed system response to
match the response of the reference model.
39
MODEL REFERENCE ADAPTIVE
CONTROLLERS—MRAC
F
B
40
MODEL REFERENCE ADAPTIVE
CONTROLLERS—MRAC
41
MODEL IDENTIFICATION ADAPTIVE
CONTROLLERS—MIAC
Perform system identification while system is
running to modify the control laws
Cautious adaptive controllers
Create model structure and perform parameter
estimation typically using the Least Squares method
Use current system identification to modify control law,
allowing for system identification uncertainty
Certainty equivalent adaptive controllers
Take current system identification to be the true
system, assume no uncertainty
42
MODEL IDENTIFICATION ADAPTIVE
CONTROLLERS—MIAC
F
B
43
MODEL IDENTIFICATION ADAPTIVE
CONTROLLERS—MIAC
44
MIAC AND MRAC ARCHITECTURES
FOR DYNAMICAL COMPUTING
SYSTEMS
The goal of both approaches is to adjust the
control laws in the controller
MRAC approach
Reference model is static—given or pre-computed and
not changed at run-time
MIAC approach
Reference model is changed at run-time using system
identification methods
45
DEBATE QUESTIONS
EVOLUTION CONCERNS
How different are the maintainability and
evolution concerns for self-adaptive systems
compared to static, non-adaptive systems?
Is a system that is designed for dynamic
variability or adaptation easier to maintain?
Control-Centric
Design and Views
Architecture-centric
Design and Views
46
RESEARCH CHALLENGES
Model construction
Managing and leveraging uncertainty
Making control loops explicit
47
RESEARCH CHALLENGES:
MODEL CONSTRUCTION
The process of designing feedback-based computing systems
requires the construction of models which quantify the effect of
control inputs on measured outputs
While performance engineering and queuing theory have developed
advanced models for many different applications, we need models for
many other quality-of-service indicators that come into play in dynamical
applications
For some of these criteria (e.g., trust) quantification is difficult
What system-wide, end-to-end, and local quality-of-service indicators are
relevant to meeting user needs?
Models are also needed to design trade-off analyses schemes for
combinations of quality-of-service indicators
Developing feedback models for quality-of-service indicators for
various application domains is a major challenge
Models and quality-of-service indicators related to governance,
compliance, and service-level agreements are of particular importance
for service-oriented business processes and applications
48
RESEARCH CHALLENGES:
MANAGING AND LEVERAGING
UNCERTAINTY
When we model potential disturbances from the environment of a system
(e.g., unexpected saturation of the network) or satisfy requirements by
regulation (i.e., trade-off analysis among several extra-functional
requirements), we introduce some uncertainty
Therefore, designers and maintainers of such dynamical systems should
manage uncertainty because the environment may change in unexpected
ways and, as a result, the system may adapt in such a way that was not
foreseeable at design time
Introducing uncertainty requires trade-offs between flexibility and
assurance
For a maintainer it is critical to know which parts of the environment are
assumed to be fixed and which are expected to introduce uncertainty
Moreover, assurance and compliance criteria should be continuously
validated at run-time—not just at system acceptance time
Thus, understanding, managing, and leveraging uncertainty is important
for delivering evolving systems with reliability and assurance guarantees
49
RESEARCH CHALLENGES:
MAKING CONTROL LOOPS EXPLICIT
Investigate architecture-centric vs. control-centric design and run-time views
for evolving systems
Software engineers are trained to develop abstractions that hide complexity
Designers of evolving systems will likely realize significant benefits by
raising the visibility of control loops and specifying the major components
and characteristics of the control loops explicitly
When arrangements of multiple control loops interact, system design and analysis
should cover their interactions
As control grows more complex, it is important for the control loops to be explicit in
design and analysis
Investigate the trade-offs between hiding the complexity of feedback loops
and treating feedback loops as first class objects with respect to the
construction and operation of evolving systems
Further benefits could be realized by identifying common forms of
adaptation and then distilling design and V&V obligations
50
CHALLENGE FOR SOFTWARE
EVOLUTION COMMUNITIES
To instrument software systems with manageability
endpoints—sensor and effectors—using the reverse
engineering and transformation technology
developed over the past 15 years
To monitor and control software systems and their
environments at run-time at unprecedented levels
51
CONCLUSIONS
Changes in traditional value chains are giving rise to
interconnected, dynamic value nets
To be able to observe and possibly orchestrate the
continuous evolution of dynamical systems in a complex
and changing environment, we need to push the
monitoring of evolving systems to unprecedented levels
Monitoring evolving systems using feedback loops
Architecture-centric vs. control-centric orchestration
Make feedback loops explicit and first class
Recognize the limitations of evolutionary developments
Combination of anticipated and un-anticipated adaptation
Instrument systems from the ground up for KPIs
Maintainability and evolution concerns for self-adaptive 52
systems compared to static, non-adaptive systems
TO PROBE FURTHER
Hellerstein, J.L., Diao, Y., Parekh, S., Tilbury, D.M.: Feedback Control
of Computing Systems. John Wiley & Sons (2004)
Northrop, L., et al.: Ultra-Large-Scale Systems. The Software Challenge of the Future. SEI Tech
Report, 134 pages, ISBN 0-9786956-0-7 (2006) http://www.sei.cmu.edu/uls
Lewis, G., Smith, D.: SOA and its Implications for Maintenance and Evolution, ICSM FoSM (2008)
Mills, S.: The Future of Business, White Paper (2007)
IBM: An Architectural Blueprint for Autonomic Computing, 4th Ed. (2006)
Huebscher, M.C., McCann, J.A.: A Survey of Autonomic Computing—Degrees, Models, and
Applications. ACM Computing Surveys, 40 (3):7:1-28 (2008)
Dobson, S., Denazis, S., Fernandez, A., Gaiti, D., Gelenbe, E., Massacci, F., Nixon, P., Saffre, F.,
Schmidt, N., Zambonelli, F.: A Survey of Autonomic Comm.. ACM TAAS 1(2):223-259 (2006)
Diao, Y., Hellerstein, J.L., Parekh, S., Griffith, R., Kaiser, G.E., Phung, D.: A Control Theory
Foundation for Self-Managing Computing Systems. IEEE Journal on Selected Areas in
Communications 23(12):2213-2222 (2005)
Müller, H.A., Pezzè, M., Shaw, M.: Visibility of Control in Adaptive System.
In: 3rd ACM/IEEE International ICSE ULSSIS 2008, pp. 23-26 (2008)
Müller, H.A., Kienle, H.M., Stege, U.: Autonomic Computing: Now You See It, Now You Don’t—
Design and Evolution of Autonomic Software Systems. In: De Lucia, A., Ferrucci, F. (eds.):
In ISSL, LNCS 5413, pp. 32–54 (2009)
Brun, Y., Di Marzo Serugendo, J., Gacek, C., Giese, H., Kienle, H.M., Litoiu, M., Müller,
H.A., Pezzè, M., Shaw, M.: Engineering Self-Adaptive Systems through Feedback Loops,
In: Software Engineering for Self-Adaptive Systems, LNCS 5527, pp. 47-69 (2009)
53
HOPE TO SEE YOU ALL IN
EDMONTON IN SEPTEMBER
ICSM 2009—September 20-26
IEEE International Conference on Software Maintenance
(ICSM), Edmonton, Alberta
VISSOFT 2009
MESOA 2009
Ninth IEEE International Working Conference
on Source Code Analysis and Manipulation
WSE 2009
3rd International Workshop on a Research Agenda for Maintenance and
Evolution of Service-Oriented Systems
SCAM 2009
IEEE International Workshops on Visualizing Software for
Understanding and Analysis
11th IEEE International Symposium on Web Systems Evolution
SEAMS 2010—May
Software Engineering for Adaptive Systems (SEAMS)
Workshop at ICSE 2010, Capetown, South Africa
54
QUESTIONS, FEEDBACK, COMMENTS,
IDEAS, AHA-EXPERIENCE, INSIGHTS, ...
55