Sistema de teste auto-adaptativo baseado em modelo para SOA dinâmico

Orientadores: Eliane Martins, Andrea CeccarelliDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Arquitetura orientada a serviços (SOA) é um padrão de design popular para implemen- tação de serviços web devido à interoperabilidade, escalabilidade e reuso de soluções de software que promove. Os serviços que usam essa arquitetura precisam operar em um am- biente altamente dinâmico, entretanto quanto mais a complexidade desses serviços cresce menos os métodos tradicionais de validação se mostram viáveis. Aplicações baseadas em arquitetura orientada a serviços podem evoluir e mudar du- rante a execução. Por conta disso testes offline não asseguram completamente o compor- tamento correto de um sistema em tempo de execução. Por essa razão, a necessidade de tecnicas diferentes para validar o comportamento adequado de uma aplicação SOA durante o seu ciclo de vida são necessárias, por isso testes online executados durante o funcionamento serão usados nesse projeto. O objetivo do projeto é de aplicar técnicas de testes baseados em modelos para gerar e executar casos de testes relevantes em aplicações SOA durante seu tempo de execu- ção. Para alcançar esse objetivo uma estrura de teste online autoadaptativa baseada em modelos foi idealizada. Testes baseados em modelos podem ser gerados de maneira offline ou online. Nos testes offline, os casos de teste são gerados antes do sistema entrar em execução. Já nos testes online, os casos de teste são gerados e aplicados concomitantemente, e as saídas produzidas pela aplicação em teste definem o próximo passo a ser realizado. Quando uma evolução é detectada em um serviço monitorado uma atualização no modelo da aplicação alvo é executada, seguido pela geração e execução de casos de testes online. Mais precisamente, quatro componentes foram integrados em um circuito autoadap- tativo: um serviço de monitoramento, um serviço de criação de modelos, um serviço de geração de casos de teste baseado em modelos e um serviço de teste. As caracteristicas da estrutura de teste foram testadas em três cenários que foram executados em uma aplicação SOA orquestrada por BPEL, chamada jSeduite. Este trabalho é um esforço para entender as restrições e limitações de teste de soft- ware para aplicações SOA, e apresenta análises e soluções para alguns dos problemas encontrados durante a pesquisaAbstract: Service Oriented Architecture (SOA) is a popular design pattern to build web services be- cause of the interoperability, scalability, and reuse of software solutions that it promotes. The services using this architecture need to operate in a highly dynamic environment, but as the complexity of these services grows, traditional validation processes become less feasible. SOA applications can evolve and change during their execution, and offline tests do not completely assure the correct behavior of the system during its execution. There- fore there is a need of techniques to validate the proper behaviour of SOA applications during the SOA lifecycle. Because of that, in this project online testing will be used. The project goal is to employ model-based testing techniques to generate and execute relevant test cases to SOA applications during runtime. In order to achieve this goal a self-adaptive model-based online testing framework was designed. Tests based on models can be generated offline and online. Offline test are generated before the system execution. Online tests are generated and performed concomitantly, and the output produced by the application under test defines the next step to be performed. when our solution detects that a monitored service evolves, the model of the target service is updated, and online test case generation and execution is performed. More specifically, four components were integrated in a self-adaptive loop: a mon- itoring service, a model generator service, a model based testing service and a testing platform. The testing framework had its features tested in three scenarios that were performed in a SOA application orchestrated by BPEL, called jSeduite. This work is an effort to understand the constraints and limitations of the software testing on SOA applications, and present analysis and solutions to some of the problems found during the researchMestradoCiência da ComputaçãoMestre em Ciência da ComputaçãoCAPE

Non-functional properties in the model-driven development of service-oriented systems

Systems based on the service-oriented architecture (SOA) principles have become an important cornerstone of the development of enterprise-scale software applications. They are characterized by separating functions into distinct software units, called services, which can be published, requested and dynamically combined in the production of business applications. Service-oriented systems (SOSs) promise high flexibility, improved maintainability, and simple re-use of functionality. Achieving these properties requires an understanding not only of the individual artifacts of the system but also their integration. In this context, non-functional aspects play an important role and should be analyzed and modeled as early as possible in the development cycle. In this paper, we discuss modeling of non-functional aspects of service-oriented systems, and the use of these models for analysis and deployment. Our contribution in this paper is threefold. First, we show how services and service compositions may be modeled in UML by using a profile for SOA (UML4SOA) and how non-functional properties of service-oriented systems can be represented using the non-functional extension of UML4SOA (UML4SOA-NFP) and the MARTE profile. This enables modeling of performance, security and reliable messaging. Second, we discuss formal analysis of models which respect this design, in particular we consider performance estimates and reliability analysis using the stochastically timed process algebra PEPA as the underlying analytical engine. Last but not least, our models are the source for the application of deployment mechanisms which comprise model-to-model and model-to-text transformations implemented in the framework VIATRA. All techniques presented in this work are illustrated by a running example from an eUniversity case study

Automated Realistic Test Input Generation and Cost Reduction in Service-centric System Testing

Service-centric System Testing (ScST) is more challenging than testing traditional software due to the complexity of service technologies and the limitations that are imposed by the SOA environment. One of the most important problems in ScST is the problem of realistic test data generation. Realistic test data is often generated manually or using an existing source, thus it is hard to automate and laborious to generate. One of the limitations that makes ScST challenging is the cost associated with invoking services during testing process. This thesis aims to provide solutions to the aforementioned problems, automated realistic input generation and cost reduction in ScST. To address automation in realistic test data generation, the concept of Service-centric Test Data Generation (ScTDG) is presented, in which existing services used as realistic data sources. ScTDG minimises the need for tester input and dependence on existing data sources by automatically generating service compositions that can generate the required test data. In experimental analysis, our approach achieved between 93% and 100% success rates in generating realistic data while state-of-the-art automated test data generation achieved only between 2% and 34%. The thesis addresses cost concerns at test data generation level by enabling data source selection in ScTDG. Source selection in ScTDG has many dimensions such as cost, reliability and availability. This thesis formulates this problem as an optimisation problem and presents a multi-objective characterisation of service selection in ScTDG, aiming to reduce the cost of test data generation. A cost-aware pareto optimal test suite minimisation approach addressing testing cost concerns during test execution is also presented. The approach adapts traditional multi-objective minimisation approaches to ScST domain by formulating ScST concerns, such as invocation cost and test case reliability. In experimental analysis, the approach achieved reductions between 69% and 98.6% in monetary cost of service invocations during testin

Security Aware Service Composition

Security assurance of Service-Based Systems (SBS) is a necessity and a key challenge in Service Oriented Computing. Several approaches have been introduced in order to take care of the security aspect of SBSs, from the design to the implementation stages. Such solutions, however, require expertise with regards to security languages and technologies or modelling formalisms. Furthermore, existing approaches allow only limited verification of security properties over a service composition, as they focus just on specific properties and require expressing compositions and properties in a model based formalism. In this thesis we present a unified security aware service composition approach capable of validation of arbitrary security properties. This approach allows SBS designers to build secure applications without the need to learn formal models thanks to security descriptors for services, being they self-appointed or certified by an external third-party. More specifically, the framework presented in this thesis allows expressing and propagating security requirements expressed for a security composition to requirements for the single activities of the composition, and checking security requirements over security service descriptors. The approach relies on the new core concept of secure composition patterns, modelling proven implications of security requirements within an orchestration pattern. The framework has been implemented and tested extensively in both a SBS design-time and runtime scenario, based respectively on Eclipse BPEL Designer and the Runtime Service Discovery Tool

Automated software systems generation for process-oriented organizations

Tese de doutoramento do Programa Doutoral em Tecnologias e Sistemas de InformaçãoCada vez mais, as organizações suportam as suas operações em sistemas de software. Torna-se, portanto, muito relevante o correto mapeamento das operações nos sistemas de software. Esta tese foca-se em organizações orientadas a processos de negócio, devido à relevância dada pelas normas de qualidade, pelos modelos de excelência, e pelos requisitos dos clientes, a esse tipo de estruturação interna das organizações. Nas organizações orientadas a processos de negócio existem diversos fatores, como o tempo envolvido nos projetos de implementação de processos de negócio em software, as diferenças existentes entre os modelos de processos de negócio e a sua implementação real, ou a quantidade e o tipo de recursos envolvidos nesses projetos, que fazem com que os projetos de desenvolvimento de software sejam demasiado dispendiosos, demorem demasiado tempo, e não garantam que o produto de software resultante seja o mais adequado à realidade da organização que o vai usar. Esta tese propõe que os sistemas de informação e de software devam ser desenvolvidos, desde o início, incorporando os modelos das organizações onde irão ser usados. Além disso, e como existem disponíveis modelos de referência de processos de negócio, esta tese também propõe o seu uso explícito aquando da recolha de requisitos. Assim, o objetivo principal da tese é propor uma metodologia que se inicie com modelos de processos de negócio e que termine com a geração de sistemas de software, para organizações orientadas a processos de negócio. A metodologia denomina-se BIM e é formalizada através do metamodelo EPF. Dada a abrangência dos temas a tratar, a tese foi conduzida tendo em atenção que o processo de desenvolvimento de software para suportar organizações orientadas a processos pode ser otimizado. Para melhor mostrar os diversos passos e resultados intermédios, usamos a metodologia de investigação Action Research. A tese propõe que as atividades de investigação sejam terminadas quando uma dada condição de paragem seja atingida, e para isso usa uma avaliação baseada num conjunto de indicadores para os resultados do produto e do processo, e uma adaptação do modelo de excelência EFQM para a forma como foi executado o processo de desenvolvimento. O foco das Action são os sistemas de software MES, essenciais na ligação entre sistemas de software embebido e sistemas ERP. Nesta tese, as Action iniciam-se com modelos de processos e com arquiteturas de software standard, e terminam com uma proposta de modelo de processo e com arquiteturas de software e tecnologias adaptadas à execução de processos de negócio. A tese propõe também alguns conceitos como IAvO (extensão de modelos de processos de negócio), OBO (componentes de software intermutáveis e não-proprietários), OA (aspetos organizacionais), e PF (framework de processos) para aumentarem a eficiência e eficácia na implementação em software de processos de negócio.Increasingly, organizations support their operations by using software systems, turning very relevant the proper mapping of operations into software systems. This thesis focuses on organizations oriented to business processes, due to the importance that quality norms, excellence models, and customer requirements put on this type of internal structures of organizations. Process-oriented organizations have characteristics, such as the time needed to implement business processes in software, the differences between the business process models and the real business processes, or the quantity and type of the required resources, that lead to development projects too expensive, taking too long to complete, and that do not assure that the resulting product is the most adequate to the reality of the client organization. This thesis proposes that the development of information and software system embodies, since the early stages, the models of the organization where they operate. In addition, and since business process reference models are available, the thesis also proposes to use explicitly such reference models by requirements collection time. Thus, the main goal of the thesis is to propose a methodology that picks business process reference models and ends with software systems, for process-oriented organizations. The methodology is denominated BIM and is formalized by using the EPF metamodel. Due to the wide scope of the studied areas, the thesis is tailored considering that the development process for processoriented organizations can be optimized. To express better the intermediate steps and results, we use the Action Research methodology. The thesis proposes that the research activities terminate when a stopping condition is met, based on a set of indicators for the product, and a tailoring of the EFQM model for the development process. The Actions are focused on MES, crucial for the linking of embedded software systems with ERP systems. In this thesis, the Actions start by using standard process models and software architectures, and end by using a proposed process model, and software architectures and technologies adapted to the execution of business software. The thesis also proposes new concepts like IAvO (extension to business process reference models), OBO (interchangeable and nonproprietary software components), AO (organizational aspects), and PF (process framework) to increase the efficiency and the effectiveness of the implementation of business processes in software

Flexible modeling and execution of choreographies

Approaches to address domain specific problems often share overlapping requirements but typically satisfy them in a unique manner for example using service-oriented concepts. The notion of Collaborative, Dynamic & Complex (CDC) systems has been proposed in literature to address the requirements of application domains such as eScience and Collective Adaptive Systems in a unified, generic manner. CDC systems are characterized by dealing with potentially large amounts of data and/or participating applications which engage in complex interactions specified by some collaboration protocol. Furthermore, the need for adaptation mechanisms is a common requirement and users from these application domains are typically no IT experts. The choreography concept originally known from collaborations in the business domain captures the interaction between independent parties from a global perspective. Each party is denoted as a choreography participant, which is implemented by a workflow or a service. This concept provides a way to model and execute for example complex eScience experiments involving multiple scientific fields, scientific methods, and time and/or length scales as a set of coupled workflows. However, typical choreography concepts as described in literature do not provide the desired level of flexibility and ease of use in both modeling and execution to address the requirements of users in CDC system application domains such as eScience. Thus, existing choreography concepts have to be considerably extended by introducing the Model-as-you-go for Choreographies approach in this thesis as a central notion providing capabilities for the flexible modeling and execution of choreographies. In the context of this approach, we provide a concept for fostering reuse in choreography modeling in the form of so-called choreography fragments. Such fragments can be extracted from existing and inserted into new choreography models in order to save time as well as reuse established and approved logic by inexperienced modelers in a less error-prone manner. Furthermore, we provide support for the user-driven control of the complete choreography life cycle. This effectively allows users to automatically deploy the workflow models implementing a choreography as well as starting, pausing, resuming, and terminating a choreography instance, which is formed through the collective execution of workflow instances. Most importantly, the underlying complexity of managing a set of coupled workflow instances is completely hidden from the users. Additional flexibility is given by a concept that allows to re-run already executed choreography logic in order to enforce the convergence of a calculation towards a particular result or to react to errors with parameter changes. The proposed concepts are implemented in a message-based system, the ChorSystem, which is able to handle the challenges of choreography life cycle management from deployment, to run time control and the re-run of logic. Furthermore, the modeling and run time monitoring are integrated into one graphical tool supporting the seamless transition from modeling to execution of choreographies. The concepts, their supporting algorithms, and the prototypical ChorSystem are validated by a set of case studies from different CDC system application domains and evaluated by performance measurements showing the practical applicability

Data-Driven Detection and Diagnosis of System-Level Failures in Middleware-Based Service Compositions

Service-oriented technologies have simplified the development of large, complex software systems that span administrative boundaries. Developers have been enabled to build applications as compositions of services through middleware that hides much of the underlying complexity. The resulting applications inhabit complex, multi-tier operating environments that pose many challenges to their reliable operation and often lead to failures at runtime. Two key aspects of the time to repair a failure are the time to its detection and to the diagnosis of its cause. The prevalent approach to detection and diagnosis is primarily based on ad-hoc monitoring as well as operator experience and intuition. This is inefficient and leads to decreased availability. We propose an approach to data-driven detection and diagnosis in order to decrease the repair time of failures in middleware-based service compositions. Data-driven diagnosis supports system operators with information about the operation and structure of a service composition. We discuss how middleware-based service compositions can be monitored in a comprehensive, yet non-intrusive manner and present a process to discover system structure by processing deployment information that is commonly reified in such systems. We perform a controlled experiment that compares the performance of 22 participants using either a standard or the data-driven approach to diagnose several failures injected into a real-world service composition. We find that system operators using the latter approach are able to achieve significantly higher success rates and lower diagnosis times. Data-driven detection is based on the automation of failure detection through applying an outlier detection technique to multi-variate monitoring data. We evaluate the effectiveness of one-class classification for this purpose and determine a simple approach to select subsets of metrics that afford highly accurate failure detection

Automated Runtime Testing of Web Services

Service-oriented computing (SOC) is a relatively new paradigm for developing software applications through the composition of software units called services. With services, software is no longer owned but offered remotely, within or across organisational borders. Currently, the dominant technology for implementing services is that of Web services. Since service requestors do not usually have access to the implementation source code, from their perspective, services are offered as black boxes. However, requestors need to verify first that provided services are trustworthy and implemented correctly before they are integrated into their own business-critical systems. The verification and testing of remote, third-party services involve unique considerations, since testing must be performed in a blackbox manner and at runtime. Addressing the aforementioned concerns, the research work described in this thesis investigates the feasibility of testing Web services for functional correctness, especially at runtime. The aim is to introduce rigour and automation to the testing process, so that service requestors can verify Web services with correctness guarantees and with the aid of tools. Thus, formal methods are utilised to specify the functionality of Web services unambiguously, so that they are amenable to automated and systematic testing. The well-studied stream X-machine (SXM) formalism has been selected as suitable for modelling both the dynamic behavior and static data of Web services, while a proven testing method associated with SXMs is used to derive test sets that can verify the correctness of the implementations. This research concentrates on testing stateful Web services, in which the presence of state makes their behaviour more complex and more difficult to specify and test. The nature of Web service state, its effect on service behaviour, and implications on service modelling and testing, are investigated. In addition, comprehensive techniques are described for deriving a stream X-machine specification of a Web service, and for subsequently testing its implementation for equivalence to the specification. Then, a collaborative approach that makes possible third-party Web service verification and validation is proposed, in which the service provider is required to supply a SXM specification of the service functionality along with the standard WSDL description of its interface. On top of that, techniques are proposed for service providers to include information that ground the abstract SXM specification to the concrete Web service implementation. Having these descriptions available, it is possible to automate at runtime not only test set generation but also test case execution on Web services. A tool has been developed as part of this work, which extends an existing SXM-based testing tool (JSXM). The tool supports the tester activities, consisting of generation of abstract test cases from the SXM specification and their execution on the Web service under test using the supplied grounding information. Practical Web service examples are also used throughout the thesis to demonstrate the proposed techniques