On the Effectiveness of Contracts as Test Oracles in the Detection and Diagnosis of Faults in Concurrent Object-Oriented Software

Design by Contract (DbC) is a software development methodology that focuses on clearly defining the interfaces between components to produce better quality object-oriented software. The idea behind DbC is that a method defines a contract stating the requirements a client needs to fulfill to use it, the precondition, and the properties it ensures after its execution, the postcondition. Though there exists ample support for DbC for sequential programs, applying DbC to concurrent programs presents several challenges. Using Java as the target programming language, this paper tackles such challenges by augmenting the Java Modelling Language (JML) and modifying the JML compiler to generate Runtime Assertion Checking (RAC) code to support DbC in concurrent programs. We applied our solution in a carefully designed case study on a highly concurrent industrial software system from the telecommunications domain to assess the effectiveness of contracts as test oracles in detecting and diagnosing functional faults in concurrent software. Based on these results, clear and objective requirements are defined for contracts to be effective test oracles for concurrent programs whilst balancing the effort to design them. Main results include that contracts of a realistic level of completeness and complexity can detect around 76% of faults and reduce the diagnosis effort for such faults by at least ten times. We, therefore, show that DbC can not only be applied to concurrent software but can also be a valua

Formalizing the Java Memory Model for multithreaded program correctness and optimization

technical reportStandardized language level support for threads is one of the most important features of Java. However, defining and understanding the Java Memory Model (JMM) has turned out to be a big challenge. Several models produced to date are not as easily comparable as first thought. Given the growing interest in multi- threaded Java programming, it is essential to have a sound framework that would allow formal specification and reasoning about the JMM. This paper presents the Uniform Memory Model (UMM), a formal memory model specification frame- work. With a flexible architecture, it can be easily configured to capture different shared memory semantics including both architectural and language level memory models. Based on guarded commands, UMM is integrated with a model checking utility, providing strong built-in support for formal verification and pro- gram analysis. A formal specification of the JMM following the semantics proposed by Manson and Pugh is presented in UMM. Systematic analysis has revealed interesting properties of the proposed semantics. In addition, several mistakes from the original specification have been uncovered

Data Management in Microservices: State of the Practice, Challenges, and Research Directions

We are recently witnessing an increased adoption of microservice architectures by the industry for achieving scalability by functional decomposition, fault-tolerance by deployment of small and independent services, and polyglot persistence by the adoption of different database technologies specific to the needs of each service. Despite the accelerating industrial adoption and the extensive research on microservices, there is a lack of thorough investigation on the state of the practice and the major challenges faced by practitioners with regard to data management. To bridge this gap, this paper presents a detailed investigation of data management in microservices. Our exploratory study is based on the following methodology: we conducted a systematic literature review of articles reporting the adoption of microservices in industry, where more than 300 articles were filtered down to 11 representative studies; we analyzed a set of 9 popular open-source microservice-based applications, selected out of more than 20 open-source projects; furthermore, to strengthen our evidence, we conducted an online survey that we then used to cross-validate the findings of the previous steps with the perceptions and experiences of over 120 practitioners and researchers. Through this process, we were able to categorize the state of practice and reveal several principled challenges that cannot be solved by software engineering practices, but rather need system-level support to alleviate the burden of practitioners. Based on the observations we also identified a series of research directions to achieve this goal. Fundamentally, novel database systems and data management tools that support isolation for microservices, which include fault isolation, performance isolation, data ownership, and independent schema evolution across microservices must be built to address the needs of this growing architectural style

An investigation into the notion of non-functional requirements

Although Non-Functional Requirements (NFRs) are recognized as very important contributors to the success of software projects, studies to date indicate that there is still no general consensus in the software engineering community regarding the notion of NFRs. This paper presents the result of an extensive and systematic analysis of the extant literature over three NFRs dimensions: (1) definition and terminology; (2) types; and (3) relevant NFRs in various types of systems and application domains. Two different perspectives to consider NFRs are described. A comprehensive catalogue of NFRs types as well as the top five NFRs that are frequently considered are presented. This paper also offers a novel classification of NFRs based on types of systems and application domains. This classification could assist software developers in identifying which NFRs are important in a particular application domain and for specific systems. © 2010 ACM

Discreteness and the transmission of light from distant sources

We model the classical transmission of a massless scalar field from a source to a detector on a background causal set. The predictions do not differ significantly from those of the continuum. Thus, introducing an intrinsic inexactitude to lengths and durations - or more specifically, replacing the Lorentzian manifold with an underlying discrete structure - need not disrupt the usual dynamics of propagation.Comment: 16 pages, 1 figure. Version 2: reference adde

Securing Real-Time Internet-of-Things

Modern embedded and cyber-physical systems are ubiquitous. A large number of critical cyber-physical systems have real-time requirements (e.g., avionics, automobiles, power grids, manufacturing systems, industrial control systems, etc.). Recent developments and new functionality requires real-time embedded devices to be connected to the Internet. This gives rise to the real-time Internet-of-things (RT-IoT) that promises a better user experience through stronger connectivity and efficient use of next-generation embedded devices. However RT- IoT are also increasingly becoming targets for cyber-attacks which is exacerbated by this increased connectivity. This paper gives an introduction to RT-IoT systems, an outlook of current approaches and possible research challenges towards secure RT- IoT frameworks

Decompose and Conquer: Addressing Evasive Errors in Systems on Chip

Modern computer chips comprise many components, including microprocessor cores, memory modules, on-chip networks, and accelerators. Such system-on-chip (SoC) designs are deployed in a variety of computing devices: from internet-of-things, to smartphones, to personal computers, to data centers. In this dissertation, we discuss evasive errors in SoC designs and how these errors can be addressed efficiently. In particular, we focus on two types of errors: design bugs and permanent faults. Design bugs originate from the limited amount of time allowed for design verification and validation. Thus, they are often found in functional features that are rarely activated. Complete functional verification, which can eliminate design bugs, is extremely time-consuming, thus impractical in modern complex SoC designs. Permanent faults are caused by failures of fragile transistors in nano-scale semiconductor manufacturing processes. Indeed, weak transistors may wear out unexpectedly within the lifespan of the design. Hardware structures that reduce the occurrence of permanent faults incur significant silicon area or performance overheads, thus they are infeasible for most cost-sensitive SoC designs. To tackle and overcome these evasive errors efficiently, we propose to leverage the principle of decomposition to lower the complexity of the software analysis or the hardware structures involved. To this end, we present several decomposition techniques, specific to major SoC components. We first focus on microprocessor cores, by presenting a lightweight bug-masking analysis that decomposes a program into individual instructions to identify if a design bug would be masked by the program's execution. We then move to memory subsystems: there, we offer an efficient memory consistency testing framework to detect buggy memory-ordering behaviors, which decomposes the memory-ordering graph into small components based on incremental differences. We also propose a microarchitectural patching solution for memory subsystem bugs, which augments each core node with a small distributed programmable logic, instead of including a global patching module. In the context of on-chip networks, we propose two routing reconfiguration algorithms that bypass faulty network resources. The first computes short-term routes in a distributed fashion, localized to the fault region. The second decomposes application-aware routing computation into simple routing rules so to quickly find deadlock-free, application-optimized routes in a fault-ridden network. Finally, we consider general accelerator modules in SoC designs. When a system includes many accelerators, there are a variety of interactions among them that must be verified to catch buggy interactions. To this end, we decompose such inter-module communication into basic interaction elements, which can be reassembled into new, interesting tests. Overall, we show that the decomposition of complex software algorithms and hardware structures can significantly reduce overheads: up to three orders of magnitude in the bug-masking analysis and the application-aware routing, approximately 50 times in the routing reconfiguration latency, and 5 times on average in the memory-ordering graph checking. These overhead reductions come with losses in error coverage: 23% undetected bug-masking incidents, 39% non-patchable memory bugs, and occasionally we overlook rare patterns of multiple faults. In this dissertation, we discuss the ideas and their trade-offs, and present future research directions.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/147637/1/doowon_1.pd

Enhancing the usability of rely-guarantee conditions for atomicity refinement

Formal methods are a useful tool for increasing the confidence in the correctness of computer programs with respect to their specifications. Formal methods allow designers to model specifications and these formal models can then be reasoned about in a rigourous way. Formal methods for sequential processes are well-understood, however formal methods for concurrent programs are more difficult, because of the interference which may arise when programs run concurrently. Rely-guarantee reasoning is a well-established formal method for modelling concurrent programs. Rely-guarantee conditions offer a tractable and compositional approach to reasoning about concurrent programs, by allowing designers to reason about the interference inherent in concurrent systems. While useful, there are certain weaknesses in rely-guarantee conditions. In particular, the requirement for rely-guarantee conditions to describe whole-state updates can make large specifications unwieldy. Similarly, it can be difficult to describe problems which exhibit distinct phases of execution. The main contribution of this thesis is to show ways in which these two weaknesses of rely-guarantee reasoning can be addressed. In turn, this enhances the usability of rely-guarantee conditions. Atomicity refinement is a potentially useful tool for simplifying the development of concurrent programs. The central idea is that designers can record (possibly unrealistic) atomicity assumptions about the eventual implementation of a program. This fiction of atomicity simplifies the design process by avoiding the difficult issue of interference. It is then necessary to identify ways in which this atomicity can be relaxed and concurrent execution introduced. This thesis also argues that the choice of data representation plays an important role in achieving atomicity refinement. In addition, this thesis presents an argument that rely-guarantee conditions and VDM offer a potentially fruitful approach to atomicity refinement. Specifically, rely-conditions can be used to represent assumptions about atomicity and the refinement rules of VDM allow different data representations to be introduced. To this end, a more usable approach to rely-guarantee reasoning would benefit the search for a usable form of atomicity refinement. All of these points are illustrated with a novel development of Simpson’s Four-Slot, a mechanism for asynchronous communication between processes.EThOS - Electronic Theses Online ServiceEPSRCGBUnited Kingdo

Reactive Microservices - An Experiment

Os microserviços são geralmente adotados quando a escalabilidade e flexibilidade de uma aplicação são essenciais para o seu sucesso. Apesar disto, as dependências entre serviços transmitidos através de protocolos síncronos, resultam numa única falha que pode afetar múltiplos microserviços. A adoção da capacidade de resposta numa arquitetura baseada em microserviços, através da reatividade, pode facilitar e minimizar a proliferação de erros entre serviços e na comunicação entre eles, ao dar prioridade à capacidade de resposta e à resiliência de um serviço. Esta dissertação fornece uma visão geral do estado da arte dos microserviços reativos, estruturada através de um processo de mapeamento sistemático, onde são analisados os seus atributos de qualidade mais importantes, os seus erros mais comuns, as métricas mais adequadas para a sua avaliação, e as frameworks mais relevantes. Com a informação recolhida, é apresentado o valor deste trabalho, onde a decisão do projeto e a framework a utilizar são tomadas, através da técnica de preferência de ordem por semelhança com a solução ideal e o processo de hierarquia analítica, respetivamente. Em seguida, é realizada a análise e o desenho da solução, para o respetivo projeto, onde se destacam as alterações arquiteturais necessárias para o converter num projeto de microserviços reativo. Em seguida, descreve-se a implementação da solução, começando pela configuração do projeto necessária para agilizar o processo de desenvolvimento, seguida dos principais detalhes de implementação utilizados para assegurar a reatividade e como a framework apoia e simplifica a sua implementação, finalizada pela configuração das ferramentas de métricas no projeto para apoiar os testes e a avaliação da solução. Em seguida, a validação da solução é investigada e executada com base na abordagem Goals, Questions, Metrics (GQM), para estruturar a sua análise relativamente à manutenção, escalabilidade, desempenho, testabilidade, disponibilidade, monitorabilidade e segurança, finalizada pela conclusão do trabalho global realizado, onde são listadas as contribuições, ameaças à validade e possíveis trabalhos futuros.Microservices are generally adopted when the scalability and flexibility of an application are essential to its success. Despite this, dependencies between services transmitted through synchronous protocols result in one failure, potentially affecting multiple microservices. The adoption of responsiveness in a microservices-based architecture, through reactivity, can facilitate and minimize the proliferation of errors between services and in the communication between them by prioritizing the responsiveness and resilience of a service. This dissertation provides an overview of the reactive microservices state of the art, structured through a systematic mapping process, where its most important quality attributes, pitfalls, metrics, and most relevant frameworks are analysed. With the gathered information, the value of this work is presented, where the project and framework decision are made through the technique of order preference by similarity to the ideal solution and the analytic hierarchy process, respectively. Then, the analysis and design of the solution are idealized for the respective project, where the necessary architectural changes are highlighted to convert it to a reactive microservices project. Next, the solution implementation is described, starting with the necessary project setup to speed up the development process, followed by the key implementation details employed to ensure reactivity and how the framework streamlines its implementation, finalized by the metrics tools setup in the project to support the testing and evaluation of the solution. Then, the solution validation is traced and executed based on the Goals, Questions, Metrics (GQM) approach to structure its analysis regarding maintainability, scalability, performance, testability, availability, monitorability, and security, finalized by the conclusion of the overall work done, where the contributions, threats to validity and possible future work are listed