Towards a Fault-Tolerant Architecture for Enterprise Application Integration Solutions

Enterprise Application Integration (EAI) solutions rely on process support systems to implement exogenous message workflows whereby one can devise and deploy a process that helps keep a number of applications’ data in synchrony or develop new functionality on top of them. EAI solutions are prone to failures due to the fact that they are highly distributed and combine stand-alone applications with specific-purpose integration processes. The literature provides two execution models for workflows, namely, synchronous and asynchronous. In this paper, we report on an architecture that addresses the problem of endowing the asynchronous model with fault-tolerance capabilities, which is a problem for which the literature does not provide a conclusion.Ministerio de Ciencia y Tecnología TIN2007-64119Junta de Andalucía P07-TIC-0260

Error-detection in enterprise application integration solutions

Enterprise Application Integration (EAI) is a field of Sofware Engineering. Its focus is on helping software engineers integrate existing applications at a sensible costs, so that they can easily implement and evolve business processes. EAI solutions are distributed in nature, which makes them inherently prone to failures. In this paper, we report on a proposal to address error detection in EAI solutions. The main contribution is that it can deal with both choreographies and orchestrations and that it is independent from the execution model used

Cooperative tasking for multi-agent systems

Ph.DDOCTOR OF PHILOSOPH

Tools and Algorithms for the Construction and Analysis of Systems

This book is Open Access under a CC BY licence. The LNCS 11427 and 11428 proceedings set constitutes the proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2019, which took place in Prague, Czech Republic, in April 2019, held as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019. The total of 42 full and 8 short tool demo papers presented in these volumes was carefully reviewed and selected from 164 submissions. The papers are organized in topical sections as follows: Part I: SAT and SMT, SAT solving and theorem proving; verification and analysis; model checking; tool demo; and machine learning. Part II: concurrent and distributed systems; monitoring and runtime verification; hybrid and stochastic systems; synthesis; symbolic verification; and safety and fault-tolerant systems

On the decidability of problems in liveness of controlled Discrete Event Systems modeled by Petri Nets

A Discrete Event System (DES) is a discrete-state system, where the state changes at discrete-time instants due to the occurrence of events. Informally, a liveness property stipulates that a 'good thing' happens during the evolution of a system. Some examples of liveness properties include starvation freedom -- where the 'good thing' is the process making progress; termination -- in which the good thing is for an evolution to not run forever; and guaranteed service -- such as in resource allocation systems, when every request for resource is satisfied eventually. In this thesis, we consider supervisory policies for DESs that, when they exist, enforce a liveness property by appropriately disabling a subset of preventable events at certain states in the evolution of DES. One of the main contributions of this thesis is the development of a system-theoretic framework for the analysis of Liveness Enforcing Supervisory Policies (LESPs) for DESs. We model uncertainties in the forward- and feedback-path, and present necessary and sufficient conditions for the existence of Liveness Enforcing Supervisory Policies (LESPs) for a general model of DESs in this framework. The existence of an LESP reduces to the membership of the initial state to an appropriately defined set. The membership problem is undecidable. For characterizing decidable instances of this membership problem, we consider a modeling paradigm of DESs known as Petri Nets, which have applications in modeling concurrent systems, software design, manufacturing systems, etc. Petri Net (PN) models are inherently monotonic in the sense that if a transition (which loosely represents an event of the DES) can fire from a marking (a non-negative integer-valued vector that represents the state of the DES being modeled), then it can also fire from any larger marking. The monotonicity creates a possibility of representing an infinite-state system using what can be called a "finite basis" that can lead to decidability. However, we prove that several problems of our interest are still undecidable for arbitrary PN models. That is, informally, a general PN model is still too powerful for the analysis that we are interested in. Much of the thesis is devoted to the characterization of decidable instances of the existence of LESPs for arbitrary PN models within the system-theoretic framework introduced in the thesis. The philosophical implication of the results in this thesis is the existence of what can be called a "finite basis" of an infinite state system under supervision, on which the membership tests can be performed in finite time; hence resulting in the decidability of problems and finite-time termination of algorithms. The thesis discusses various scenarios where such a finite basis exists and how to find them

Proceedings of the First NASA Formal Methods Symposium

Topics covered include: Model Checking - My 27-Year Quest to Overcome the State Explosion Problem; Applying Formal Methods to NASA Projects: Transition from Research to Practice; TLA+: Whence, Wherefore, and Whither; Formal Methods Applications in Air Transportation; Theorem Proving in Intel Hardware Design; Building a Formal Model of a Human-Interactive System: Insights into the Integration of Formal Methods and Human Factors Engineering; Model Checking for Autonomic Systems Specified with ASSL; A Game-Theoretic Approach to Branching Time Abstract-Check-Refine Process; Software Model Checking Without Source Code; Generalized Abstract Symbolic Summaries; A Comparative Study of Randomized Constraint Solvers for Random-Symbolic Testing; Component-Oriented Behavior Extraction for Autonomic System Design; Automated Verification of Design Patterns with LePUS3; A Module Language for Typing by Contracts; From Goal-Oriented Requirements to Event-B Specifications; Introduction of Virtualization Technology to Multi-Process Model Checking; Comparing Techniques for Certified Static Analysis; Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder; jFuzz: A Concolic Whitebox Fuzzer for Java; Machine-Checkable Timed CSP; Stochastic Formal Correctness of Numerical Algorithms; Deductive Verification of Cryptographic Software; Coloured Petri Net Refinement Specification and Correctness Proof with Coq; Modeling Guidelines for Code Generation in the Railway Signaling Context; Tactical Synthesis Of Efficient Global Search Algorithms; Towards Co-Engineering Communicating Autonomous Cyber-Physical Systems; and Formal Methods for Automated Diagnosis of Autosub 6000

How To Touch a Running System

The increasing importance of distributed and decentralized software architectures entails more and more attention for adaptive software. Obtaining adaptiveness, however, is a difficult task as the software design needs to foresee and cope with a variety of situations. Using reconfiguration of components facilitates this task, as the adaptivity is conducted on an architecture level instead of directly in the code. This results in a separation of concerns; the appropriate reconfiguration can be devised on a coarse level, while the implementation of the components can remain largely unaware of reconfiguration scenarios. We study reconfiguration in component frameworks based on formal theory. We first discuss programming with components, exemplified with the development of the cmc model checker. This highly efficient model checker is made of C++ components and serves as an example for component-based software development practice in general, and also provides insights into the principles of adaptivity. However, the component model focuses on high performance and is not geared towards using the structuring principle of components for controlled reconfiguration. We thus complement this highly optimized model by a message passing-based component model which takes reconfigurability to be its central principle. Supporting reconfiguration in a framework is about alleviating the programmer from caring about the peculiarities as much as possible. We utilize the formal description of the component model to provide an algorithm for reconfiguration that retains as much flexibility as possible, while avoiding most problems that arise due to concurrency. This algorithm is embedded in a general four-stage adaptivity model inspired by physical control loops. The reconfiguration is devised to work with stateful components, retaining their data and unprocessed messages. Reconfiguration plans, which are provided with a formal semantics, form the input of the reconfiguration algorithm. We show that the algorithm achieves perceived atomicity of the reconfiguration process for an important class of plans, i.e., the whole process of reconfiguration is perceived as one atomic step, while minimizing the use of blocking of components. We illustrate the applicability of our approach to reconfiguration by providing several examples like fault-tolerance and automated resource control

Safety‐oriented discrete event model for airport A‐SMGCS reliability assessment

A detailed analysis of State of the Art Technologies and Procedures into Airport Advanced-Surface Movement Guidance and Control Systems has been provided in this thesis, together with the review ofStatistical Monte Carlo Analysis, Reliability Assessment and Petri Nets theories. This practical and theoretical background has lead the author to the conclusion that there is a lack of linkage in between these fields. At the same of time the rapid increasing of Air Traffic all over the world, has brought in evidence the urgent need of practical instruments able to identify and quantify the risks connected with Aircraft operations on the ground, since the Airport has shown to be the actual ‘bottle neck’ of the entire Air Transport System. Therefore, the only winning approach to such a critical matter has to be multi-disciplinary, sewing together apparently different subjects, coming from the most disparate areas of interest and trying to fulfil the gap. The result of this thesis work has come to a start towards the end, when a Timed Coloured Petri Net (TCPN) model of a ‘sample’ Airport A-SMGCS has been developed, that is capable of taking into account different orders of questions arisen during these recent years and tries to give them some good answers. The A-SMGCS Airport model is, in the end, a parametric tool relying on Discrete Event System theory, able to perform a Reliability Analysis of the system itself, that: • uses a Monte Carlo Analysis applied to a Timed Coloured Petri Net, whose purpose is to evaluate the Safety Level of Surface Movements along an Airport • lets the user to analyse the impact of Procedures and Reliability Indexes of Systems such as Surface Movement Radars, Automatic Dependent Surveillance-Broadcast, Airport Lighting Systems, Microwave Sensors, and so on… onto the Safety Level of Airport Aircraft Transport System • not only is a valid instrument in the Design Phase, but it is useful also into the Certifying Activities an in monitoring the Safety Level of the above mentioned System with respect to changes to Technologies and different Procedures.This TCPN model has been verified against qualitative engineering expectations by using simulation experiments and occupancy time schedules generated a priori. Simulation times are good, and since the model has been written into Simulink/Stateflow programming language, it can be compiled to run real-time in C language (Real-time workshop and Stateflow Coder), thus relying on portable code, able to run virtually on any platform, giving even better performances in terms of execution time. One of the most interesting applications of this work is the estimate, for an Airport, of the kind of A-SMGCS level of implementation needed (Technical/Economical convenience evaluation). As a matter of fact, starting from the Traffic Volume and choosing the kind of Ground Equipment to be installed, one can make predictions about the Safety Level of the System: if the value is compliant with the TLS required by ICAO, the A-SMGCS level of Implementation is sufficiently adequate. Nevertheless, even if the Level of Safety has been satisfied, some delays due to reduced or simplified performances (even if Safety is compliant) of some of the equipment (e.g. with reference to False Alarm Rates) can lead to previously unexpected economical consequences, thus requiring more accurate systems to be installed, in order to meet also Airport economical constraints. Work in progress includes the analysis of the effect of weather conditions and re-sequencing of a given schedule. The effect of re-sequencing a given schedule is not yet enough realistic since the model does not apply inter arrival and departure separations. However, the model might show some effect on different sequences based on runway occupancy times. A further developed model containing wake turbulence separation conditions would be more sensitive for this case. Hence, further work will be directed towards: • The development of On-Line Re-Scheduling based on the available actual runway/taxiway configuration and weather conditions. • The Engineering Safety Assessment of some small Italian Airport A-SMGCSs (Model validation with real data). • The application of Stochastic Differential Equations systems in order to evaluate the collision risk on the ground inside the Place alone on the Petri Net, in the event of a Short Term Conflict Alert (STCA), by adopting Reich Collision Risk Model. • Optimal Air Traffic Control Algorithms Synthesis (Adaptive look-ahead Optimization), by Dynamically Timed Coloured Petri Nets, together with the implementation of Error-Recovery Strategies and Diagnosis Functions