Runtime observable and adaptable UML state machines: [email protected] approach

n embedded system is a self-contained system that incorporateselements of control logic and real-world interaction. UML State Ma-chines constitute a powerful formalism to model the behaviour ofthese types of systems. In current industrial environments, the soft-ware of these embedded systems have to cope with the increasingcomplexity and robustness requirements at runtime. One way tomanage these requirements is having the software component’sbehaviour model available at runtime ([email protected]). Thus,it is possible to enhance the safety of the software component byenabling verification and adaptation at runtime. In this paper, wepresent a model-driven approach to generate software components(namely, RESCO framework), which are able both to provide theirinternal information in model terms at runtime and adapt their be-haviour automatically when an error or an unexpected situation isdetected. The aforementioned runtime introspection and adaptationabilities are added automatically to the software component and itdoes not require the developer make any extra effort. The solutionhas been tested in the design and implementation of an industrialBurner controller. Results indicate that the software components ge-nerated by the presented solution provides introspection at runtime.Thanks to this introspection ability at runtime, the software com-ponents are able to adapt automatically from their normal-modebehaviour to a safe-mode behaviour which was defined to be usedin erroneous or unexpected situations at runtime. Therefore, it ispossible to enhance the safety of the systems consisting of thesesoftware components

A UML Profile for the Design, Quality Assessment and Deployment of Data-intensive Applications

Big Data or Data-Intensive applications (DIAs) seek to mine, manipulate, extract or otherwise exploit the potential intelligence hidden behind Big Data. However, several practitioner surveys remark that DIAs potential is still untapped because of very difficult and costly design, quality assessment and continuous refinement. To address the above shortcoming, we propose the use of a UML domain-specific modeling language or profile specifically tailored to support the design, assessment and continuous deployment of DIAs. This article illustrates our DIA-specific profile and outlines its usage in the context of DIA performance engineering and deployment. For DIA performance engineering, we rely on the Apache Hadoop technology, while for DIA deployment, we leverage the TOSCA language. We conclude that the proposed profile offers a powerful language for data-intensive software and systems modeling, quality evaluation and automated deployment of DIAs on private or public clouds

Методика построения событийно-управляемых программных систем с использованием языка спецификации CIAO

Event-driven software systems, belonging to the class of systems with complex behavior in the scientific literature, are reactive systems, which react to the same input effect in different ways depending on their state and background. It is convenient to describe such systems using state-transition models utilizing special language tools, both graphical and textual. Methodology for automated development of systems with complex behavior using the designed CIAO language (Cooperative Interaction of Automata Objects), which allows formally specifying the required behavior based on an informal description of the reacting system, is presented. An informal description of a reacting system can be provided verbally in a natural language or in another way adopted in a specific domain. Further, according to this specification in the CIAO language, a software system for interacting automata in the C++ programming language is generated with a special system. The generated program implements a behavior guaranteed to correspond to a given specification and original informal description. CIAO provides both graphical and textual notation. Graphic notation is based on an extended notation of state machine diagrams and component diagrams of the unified modeling language UML, which are well established in describing the behavior of event-driven systems. The text syntax of the CIAO language is described by context-free grammar in regular form. Automatically generated C++ code allows using of both library and any external functions written manually. At the same time, the evident correspondence of the formal specification and the generated code is preserved on conditions that the external functions conform to their specifications. As an example, an original solution to D. Knut's problem of a responsive elevator control system is proposed. The effectiveness of the proposed methodology is demonstrated, since the automaton-converter generating the C++ code is presented as a responsive system, is specified in the CIAO language and implemented by the bootstrapping. The proposed methodology is compared with other well-known formal methods for describing systems with complex behavior.Событийно-управляемые программные системы в научной литературе относят к классу систем со сложным поведением, называемых реагирующими системами (reactive systems), то есть систем, которые на одно и то же входное воздействие реагируют по-разному в зависимости от своего состояния и предыстории. Такие системы удобно описывать с помощью автоматных моделей с использованием специальных языковых средств – как графических, так и текстовых. Представлена методика автоматизированного построения систем со сложным поведением с использованием разработанного авторами языка CIAO (Cooperative Interaction of Automata Objects), который позволяет на основе неформального описания реагирующей системы формально специфицировать требуемое поведение. Описание реагирующей системы может быть задано словесно на естественном языке или иным способом, принятым в конкретной предметной области. Далее по этой спецификации на языке CIAO специальным преобразователем генерируется программная система взаимодействующих автоматов на языке программирования С++. Сгенерированная программа реализует поведение, гарантированно соответствующее заданной спецификации и исходному неформальному описанию. Для языка CIAO предусмотрена как графическая, так и текстовая нотация. Графическая нотация основана на расширенной нотации диаграмм автомата и диаграмм компонентов унифицированного языка моделирования UML, которые хорошо зарекомендовали себя в описании поведения управляемых событиями систем. Текстовый синтаксис языка CIAO описан контекстно-свободной грамматикой в регулярной форме. Автоматически генерируемый код на языке С++ допускает использование как библиотечных, так и любых внешних функций, написанных вручную. При этом доказательное соответствие формальной спецификации и сгенерированного кода сохраняется при условии соответствия внешних функций своим спецификациям. В качестве примера предложено оригинальное решение задачи Д. Кнута о реагирующей системе управления лифтом. Продемонстрирована действенность предлагаемой методики, поскольку сам автомат-преобразователь, генерирующий код на С++, представлен как реагирующая система, специфицирован на языке CIAO и реализован методом раскрутки. Проведено сравнение предлагаемой методики с другими известными формальными методами описания систем со сложным поведением

Методика построения событийно-управляемых программных систем с использованием языка спецификации CIAO

Событийно-управляемые программные системы в научной литературе относят к классу систем со сложным поведением, называемых реагирующими системами (reactive systems), то есть систем, которые на одно и то же входное воздействие реагируют по-разному в зависимости от своего состояния и предыстории. Такие системы удобно описывать с помощью автоматных моделей с использованием специальных языковых средств – как графических, так и текстовых. Представлена методика автоматизированного построения систем со сложным поведением с использованием разработанного авторами языка CIAO (Cooperative Interaction of Automata Objects), который позволяет на основе неформального описания реагирующей системы формально специфицировать требуемое поведение. Описание реагирующей системы может быть задано словесно на естественном языке или иным способом, принятым в конкретной предметной области. Далее по этой спецификации на языке CIAO специальным преобразователем генерируется программная система взаимодействующих автоматов на языке программирования С++. Сгенерированная программа реализует поведение, гарантированно соответствующее заданной спецификации и исходному неформальному описанию. Для языка CIAO предусмотрена как графическая, так и текстовая нотация. Графическая нотация основана на расширенной нотации диаграмм автомата и диаграмм компонентов унифицированного языка моделирования UML, которые хорошо зарекомендовали себя в описании поведения управляемых событиями систем. Текстовый синтаксис языка CIAO описан контекстно-свободной грамматикой в регулярной форме. Автоматически генерируемый код на языке С++ допускает использование как библиотечных, так и любых внешних функций, написанных вручную. При этом доказательное соответствие формальной спецификации и сгенерированного кода сохраняется при условии соответствия внешних функций своим спецификациям. В качестве примера предложено оригинальное решение задачи Д. Кнута о реагирующей системе управления лифтом. Продемонстрирована действенность предлагаемой методики, поскольку сам автомат-преобразователь, генерирующий код на С++, представлен как реагирующая система, специфицирован на языке CIAO и реализован методом раскрутки. Проведено сравнение предлагаемой методики с другими известными формальными методами описания систем со сложным поведением

Automated Validation of State-Based Client-Centric Isolation with TLA ⁺

Clear consistency guarantees on data are paramount for the design and implementation of distributed systems. When implementing distributed applications, developers require approaches to verify the data consistency guarantees of an implementation choice. Crooks et al. define a state-based and client-centric model of database isolation. This paper formalizes this state-based model in, reproduces their examples and shows how to model check runtime traces and algorithms with this formalization. The formalized model in enables semi-automatic model checking for different implementation alternatives for transactional operations and allows checking of conformance to isolation levels. We reproduce examples of the original paper and confirm the isolation guarantees of the combination of the well-known 2-phase locking and 2-phase commit algorithms. Using model checking this formalization can also help finding bugs in incorrect specifications. This improves feasibility of automated checking of isolation guarantees in synthesized synchronization implementations and it provides an environment for experimenting with new designs.</p

Integrating AADL and FMI to Extend Virtual Integration Capability

Virtual Integration Capability is paramount to perform early validation of Cyber Physical Systems. The objective is to guide the systems engineer so as to ensure that the system under design meets multiple criteria through high-fidelity simulation. In this paper, we present an integration scheme that leverages the FMI (Functional Mock-Up interface) standard and the AADL architecture description language. Their combination allows for validation of systems combining embedded platform captured by the AADL, and FMI components that represent physical elements, either mechanical parts, or the environment. We present one approach, and demonstrator case studies

A systematic approach for performance assessment using process mining. An industrial experience report

Software performance engineering is a mature field that offers methods to assess system performance. Process mining is a promising research field applied to gain insight on system processes. The interplay of these two fields opens promising applications in the industry. In this work, we report our experience applying a methodology, based on process mining techniques, for the performance assessment of a commercial data-intensive software application. The methodology has successfully assessed the scalability of future versions of this system. Moreover, it has identified bottlenecks components and replication needs for fulfilling business rules. The system, an integrated port operations management system, has been developed by Prodevelop, a medium-sized software enterprise with high expertise in geospatial technologies. The performance assessment has been carried out by a team composed by practitioners and researchers. Finally, the paper offers a deep discussion on the lessons learned during the experience, that will be useful for practitioners to adopt the methodology and for researcher to find new routes

To Do or Not to Do: Semantics and Patterns for Do Activities in UML PSSM State Machines

State machines are used ubiquitously in engineering software-intensive systems. UML State Machines extend simple finite state machines with powerful constructs. Among the many extensions, there is one seemingly simple and innocent language construct that fundamentally changes state machines' reactive model of computation: doActivity behaviors. DoActivity behaviors describe behavior that is executed independently from the state machine once entered in a given state, typically modeling complex computation or communication as background tasks. However, the UML specification or textbooks are vague about how the doActivity behavior construct should be appropriately used. This lack of guidance is a severe issue as, when improperly used, doActivities can cause concurrent, non-deterministic bugs that are especially challenging to find and could ruin a seemingly correct software design. The Precise Semantics of UML State Machines (PSSM) specification introduced detailed operational semantics for state machines. To the best of our knowledge, there is no rigorous review yet of doActivity's semantics as specified in PSSM. We analyzed the semantics by collecting evidence from cross-checking the text of the specification, its semantic model and executable test cases, and the simulators supporting PSSM. We synthesized insights about subtle details and emergent behaviors relevant to tool developers and advanced modelers. We reported inconsistencies and missing clarifications in more than 20 issues to the standardization committee. Based on these insights, we studied 11 patterns for doActivities detailing the consequences of using a doActivity in a given situation and discussing countermeasures or alternative design choices. We hope that our analysis of the semantics and the patterns help vendors develop conformant simulators or verification tools and engineers design better state machine models

Runtime observable and adaptable UML state machine-based software components generation and verification: [email protected] approach

Cyber-Physical Systems (CPSs) are embedded computing systems in which computation interacts closely with the physical world through sensors and actuators. CPSs are used to control context aware systems. These types of systems are complex systems that will have different configurations and their control strategy can be configured depending the environmental data and current situation of the context. Therefore, in current industrial environments, the software of embedded and Cyber-Physical systems have to cope with increasing complexity, uncertain scenarios and safe requirements at runtime. The UML State Machine is a powerful formalism to model the logical behaviour of these types of systems, and in Model Driven Engineering (MDE) we can generate code automatically from these models. MDE aims to overcome the complexity of software construction by allowing developers to work at the high-level models of software systems instead of low-level codes. However, determining and evaluating the runtime behaviour and performance of models of CPSs using commercial MDE tools is a challenging task. Such tools provide little support to observe at model-level the execution of the code generated from the model, and to collect the runtime information necessary to, for example, check whether defined safe properties are met or not. One solution to address these requirements is having the software components information in model terms at runtime ([email protected]). Work on [email protected] seeks to extend the applicability of models produced in MDE approaches to the runtime environment. Having the model at runtime is the first step towards the runtime verification. Runtime verification can be performed using the information of model elements (current state, event, next state,etc.) This thesis aims at advancing the current practice on generating automatically Unified Modeling Language - State Machine (UML-SM) based software components that are able to provide their internal information in model terms at runtime. Regarding automation, we propose a tool supported methodology to automatically generate these software components. As for runtime monitoring, verification and adaptation, we propose an externalized runtime module that is able to monitor and verify the correctness of the software components based on their internal status in model terms at component and system level. In addition, if an error is detected, the runtime adaptation module is activated and the safe adaptation process starts in the involved software components. All things considered, the overall safe level of the software components and CPSs is enhanced.Sistema Ziber-Fisikoak, konputazio sistema txertatuez osatuta daude. Konputazio sistema txertatu hauek, mundu birtuala mundu fisikoarekin uztartzeko gaitasuna eskaintzen dute. Sistema ziberfisikoak orokorrean sistema konplexuak izan ohi dira eta inguruan gertazen denaren araberako konfigurazio desberdinak izan ohi dituzte. Gaur egungo industria ingurunetan, sistema hauek daramaten kontroleko softwarea asko handitu da eta beren konplexutasunak ere gorakada handia izan du: aurrez ezagunak ez diren baldintza eta inguruetan lan egin beharra dute askotan, denbora errealeko eskakizunak eta segurtasun eskakizunak ere beteaz. UML State Machine formalismoa, goian aipaturiko sistema mota horien portaera logikoa modelizatzeko erabiltzen den formalismo indartsu bat da. Formalismo honen baitan eta Model Driven Engineering (MDE) enfokea jarraituaz, sistema modelatzeko erabilitako grafikoetatik sisteman txertatua izango den kodea automatikoki sor genezake. MDEk softwarea sortzeko orduan izan genezakeen konplexutasuna gainditu nahi du, garatzailei software-sistemen goi-mailako ereduetan lan egiteko aukera emanez. Hala ere, MDE-an oinarrituriko tresna komertzialak erabiliaz, zaila izaten da berauen bidez sorturiko kodearen errendimendua eta portaera sistema exekuzioan dagoenean ebaluatzea. Tresna horiek laguntza gutxi eskaintzen dute modelotatik sortutako kodea exekutatzen ari denean sisteman zer gertatzen ari denaren informazioa modeloaren terminoetan jasotzeko. Beraz, exekuzio denboran, oso zaila izaten da sistemaren portaera egokia den edo ez aztertzea modelo mailako informazio hori erabiliaz. Eskakizun horiek kudeatzeko modu bat, software modeloaren informazioa denbora errealean izatea da ([email protected] enfokea). [email protected] enfokearen helburu nagusietako bat, MDE enfokearekin garapen fasean sortutako modeloak exekuzio denboran (runtime-en) erabilgarri izatean datza. Exekuzio denboran egiaztapen edo testing-a egin ahal izateko lehen urratsa, testeatu nahi den software horren modeloa exekuzio denboran eskuragarri izatea da. Honela, exekuzio denborako egiaztapen edo berifikazioak softwarea modelatzeko erabili ditugun elementu berberak erabiliaz egin daitke (egungo egoera, gertaera, hurrengo egoera, eta abar). Tesi honen helburutako bat UML-State Machine modeloetan oinarritutako eta exekuzio denboran beren barne egoeraren informazioa modeloko elementu bidez probestu ahalko duten software osagaiak modu automatikoan sortzea da. Automatizazioari dagokionez, lehenik eta behin, software-osagai horiek automatikoki sortzen dituzten tresnak eskaintzen dituen metodologia proposatzen dugu. Bigarrenik, UMLSM oinarritutako software osagaiak automatikoki sortuko dituen herraminta bera proposatzen dugu. Exekuzio denboran eguneraketen jarraipenari, egiaztatzeari eta egokitzeari dagokionez, barne egoera UML-SM modelo terminoetan eskaintzen duten software osagaiak egiaztatzeko eta egokitzeko gai den kanpo exekuzio modulo bat proposatzen dugu. Honela, errore bat detektatzen bada, exekuzio garaian egokitze modulua aktibatuko da egokitzapen prozesu segurua martxan jarriaz. Honek, dagokion software osagaiari abixua bidaliko dio egokitzapena egin dezan. Gauza guztiak kontuan hartuta, software osagaien eta CPSen segurtasun maila orokorra hobetua izango da.Los sistemas cyber-físicos (CPSs) son sistemas de computación embebidos en los que la computación interactúa estrechamente con el mundo físico a través de sensores y actuadores. Los CPS se utilizan para controlar sistemas que proveen conocimiento del contexto. Este tipo de sistemas son sistemas complejos que suelen tener diferentes configuraciones y su estrategia de control puede configurarse en función de los datos del entorno y de la situación actual del contexto. Por lo tanto, en los entornos industriales actuales, el software de los sistemas embebidos tiene que hacer frente a la creciente complejidad, los escenarios inciertos y los requisitos de seguridad en tiempo de ejecución. Las máquinas de estado UML son un formalismo muy utilizado en industria para modelar el comportamiento lógico de este tipo de sistemas, y siguiendo el enfoque Model Driven Engineering (MDE) podemos generar código automáticamente a partir de estos modelos. El objetivo de MDE es superar la complejidad de la construcción de software permitiendo a los desarrolladores trabajar en los modelos de alto nivel de los sistemas de software en lugar de tener que codificar el control mediante lenguajes de programación de bajo nivel. Sin embargo, determinar y evaluar el comportamiento y el rendimiento en tiempo de ejecución de estos modelos generados mediante herramientas comerciales de MDE es una tarea difícil. Estas herramientas proporcionan poco apoyo para observar a nivel de modelo la ejecución del código generado a partir del modelo. Por lo tanto, no son muy adecuadas para poder recopilar la información de tiempo de ejecución necesaria para, por ejemplo, comprobar si se cumplen o no las restricciones definidas. Un enfoque para gestionar estos requisitos, es tener la información de los componentes de software en términos de modelo en tiempo de ejecución ([email protected]). El trabajo en [email protected] busca ampliar la aplicabilidad de los modelos producidos en fase de desarrollo mediante el enfoque MDE al entorno de tiempo de ejecución. Tener el modelo en tiempo de ejecución es el primer paso para poder llevar a cabo la verificación en tiempo de ejecución. Así, esta verificación se podrá realizar utilizando la información de los elementos del modelo (estado actual, evento, siguiente estado, etc.). El objetivo de esta tesis es avanzar en la práctica actual de generar automáticamente componentes software basados en Unified Modeling Language - State Machine (UML-SM) que sean capaces de proporcionar información interna en términos de modelos en tiempo de ejecución. En cuanto a la automatización, en primer lugar, proponemos una metodología soportada por herramientas para generar automáticamente estos componentes de software. En segundo lugar, proponemos un marco de trabajo de generación de componentes de software basado en UML-SM. En cuanto a la monitorización, verificación y adaptación en tiempo de ejecución, proponemos un módulo de tiempo de ejecución externalizado que es capaz de monitorizar y verificar la validez de los componentes del software en función de su estado interno en términos de modelo. Además, si se detecta un error, se activa el módulo de adaptación en tiempo de ejecución y se inicia el proceso de adaptación seguro en el componente de software correspondiente. Teniendo en cuenta todo esto, el nivel de seguridad global de los componentes del software y de los CPS se ve mejorado