Temporal specification and deductive verification of a distributed component model and its environment

In this paper we investigate the formalisation of distributed and long-running stateful systems using our normative temporal specification framework. We analyse aspects of a component-oriented Grid system, and the benefits of having a logic-based tool to perform automated and safe dynamic reconfiguration of its components. We describe which parts of this Grid system are involved in the reconfiguration process and detail the translation procedure into a state-based formal specification. Subsequently, we apply deductive verification to test whether dynamic reconfiguration can be performed. Finally, we analyse the procedure required to update our model for reconfiguration and justify the validity and the advantages of our methodology

Dynamic Reconfiguration of Distributed Applications

Applications requiring concurrency or access to specialized hardware are naturally written as distributed applications, where each software component (module) can execute on a different machine, and modules interact via bindings. In order to make changes to very long-running applications or those that must be continuously availablet we must dynamically change the application. Dynamic reconfiguration of a distributed application is the act of changing the configuration of the application as it executes. Examples of configuration changes are replacing a module, moving a module to another machine, and adding or removing modules from the application. The most challenging aspect of dynamic reconfiguration is that an application in execution has state information, both within the modules and within the communication channels between modules. This state information may need to be transferred from the old configuration to the new in order to reach an application state compatible with the new configuration. Thus, in addition to requiring a mechanism for changing the configuration during execution, dynamic reconfiguration requires that modules be able to divulge and install state information, and requires a mechanism for coordinating the communication during recon figuration. Prior to this work, all systems supporting some form of dynamic reconfiguration have given the application programmer no support nor even guidelines for capturing and restoring an application's state information. We have developed a machine-in dependent method for installing this functionality in the application, given a set of reconfiguration points designated by the programmer. This new technique has been implemented as part of the general framework we have developed to support dynamic reconf iguration of distributed applications. These reconfiguration capabilities were implemented on top of existing operating systems and compilers, requiring no modifications to either. They support dynamic reconfiguration for applications composed of mixed languages, communicating via message passing, running on a heterogeneous distributed platform. (Also cross-referenced as UMIACS-TR-94-8

On Modelling and Analysis of Dynamic Reconfiguration of Dependable Real-Time Systems

This paper motivates the need for a formalism for the modelling and analysis of dynamic reconfiguration of dependable real-time systems. We present requirements that the formalism must meet, and use these to evaluate well established formalisms and two process algebras that we have been developing, namely, Webpi and CCSdp. A simple case study is developed to illustrate the modelling power of these two formalisms. The paper shows how Webpi and CCSdp represent a significant step forward in modelling adaptive and dependable real-time systems.Comment: Presented and published at DEPEND 201

Verifying service continuity in a satellite reconfiguration procedure: application to a satellite

The paper discusses the use of the TURTLE UML profile to model and verify service continuity during dynamic reconfiguration of embedded software, and space-based telecommunication software in particular. TURTLE extends UML class diagrams with composition operators, and activity diagrams with temporal operators. Translating TURTLE to the formal description technique RT-LOTOS gives the profile a formal semantics and makes it possible to reuse verification techniques implemented by the RTL, the RT-LOTOS toolkit developed at LAAS-CNRS. The paper proposes a modeling and formal validation methodology based on TURTLE and RTL, and discusses its application to a payload software application in charge of an embedded packet switch. The paper demonstrates the benefits of using TURTLE to prove service continuity for dynamic reconfiguration of embedded software

The Performability Manager

The authors describe the performability manager, a distributed system component that contributes to a more effective and efficient use of system components and prevents quality of service (QoS) degradation. The performability manager dynamically reconfigures distributed systems whenever needed, to recover from failures and to permit the system to evolve over time and include new functionality. Large systems require dynamic reconfiguration to support dynamic change without shutting down the complete system. A distributed system monitor is needed to verify QoS. Monitoring a distributed system is difficult because of synchronization problems and minor differences in clock speeds. The authors describe the functionality and the operation of the performability manager (both informally and formally). Throughout the paper they illustrate the approach by an example distributed application: an ANSAware-based number translation service (NTS), from the intelligent networks (IN) area

Kompics: a message-passing component model for building distributed systems

The Kompics component model and programming framework was designedto simplify the development of increasingly complex distributed systems. Systems built with Kompics leverage multi-core machines out of the box and they can be dynamically reconfigured to support hot software upgrades. A simulation framework enables deterministic debugging and reproducible performance evaluation of unmodified Kompics distributed systems. We describe the component model and show how to program and compose event-based distributed systems. We present the architectural patterns and abstractions that Kompics facilitates and we highlight a case study of a complex distributed middleware that we have built with Kompics. We show how our approach enables systematic development and evaluation of large-scale and dynamic distributed systems