Time At Your Service: Schedulability Analysis of Real-Time and Distributed Services

The software today is distributed over several processing units. At a large scale this may span over the globe via the internet, or at the micro scale, a software may be distributed on several small processing units embedded in one device. Real-time distributed software and services need to be timely and respond to the requests in time. The Quality of Service of real time software depends on how it schedules its tasks to be executed. The state of the art in programming distributed software, like in Java, the scheduling is left to the underlying infrastructure and in particular the operating system, which is not anymore in the control of the applications. In this thesis, we introduce a software paradigm based on object orientation in which real-time concurrent objects are enabled to specify their own scheduling strategy. We developed high-level formal models for specifying distributed software based on this paradigm in which the quality of service requirements are specified as deadlines on performing and finishing tasks. At this level we developed techniques to verify that these requirements are satisfied. This research has opened the way to a new approach to modeling and analysis of a range of applications such as continuous planning in the context of logistics software in a dynamic environment as well as developing software for multi-core systems. Industrial companies (DEAL services) and research centers (the Uppsala Programming for Multicore Architectures Resrearch Center UPMARC) have already shown interest in the results of this thesis.LEI Universiteit LeidenFoundations of Software Technolog

FLACOS’08 Workshop proceedings

The 2nd Workshop on Formal Languages and Analysis of Contract-Oriented Software (FLACOS’08) is held in Malta. The aim of the workshop is to bring together researchers and practitioners working on language-based solutions to contract-oriented software development. The workshop is partially funded by the Nordunet3 project “COSoDIS” (Contract-Oriented Software Development for Internet Services) and it attracted 25 participants. The program consists of 4 regular papers and 10 invited participant presentations

Behavioral types in programming languages

A recent trend in programming language research is to use behav- ioral type theory to ensure various correctness properties of large- scale, communication-intensive systems. Behavioral types encompass concepts such as interfaces, communication protocols, contracts, and choreography. The successful application of behavioral types requires a solid understanding of several practical aspects, from their represen- tation in a concrete programming language, to their integration with other programming constructs such as methods and functions, to de- sign and monitoring methodologies that take behaviors into account. This survey provides an overview of the state of the art of these aspects, which we summarize as the pragmatics of behavioral types

Automated model-based testing of hybrid systems

In automated model-based input-output conformance testing, tests are automati- cally generated from a speci¯cation and automatically executed on an implemen- tation. Input is applied to the implementation and output is observed from the implementation. If the observed output is allowed according to the test, then test- ing may continue, or stop with the verdict pass. If the observed output is not allowed according to the test, then testing stops with the verdict fail. The advantages of this test method are that: ² specifications can be reused to test every product in exactly the same way, ² test environments can be controlled because the behavior of the environment is specified as the input of the implementation, ² tests can be generated that a test engineer did not think of yet, ² a huge quantity of tests can be generated and repeated endlessly, and ² the test engineer can focus on testing the parts of the system for which tests are not automated. A hybrid system is a system with both discrete-events and continuous behavior. By continuous behavior we usually mean the behavior of physical quantities over time. A thermostat that observes a chamber temperature and turns on a heater based on the observed temperature change is a system with continuous input and discrete-event output. A robot arm that moves with a certain speed on command (e.g. "GO LEFT") is a system with discrete-event input and continuous output. Within the Tangram project, a four year research project on model-based test and integration methods and their applications, one of the goals was to develop model- based testing for hybrid systems. This involves incorporating continuous behavior and discrete-event behavior into one input-output conformance relation and into a notion of hybrid test. Then, this approach to hybrid model-based testing had to be tried out in practice, in an industrial environment. In this thesis we describe the result of this research. In Chapter 2 and Chapter 3 we define the necessary preliminaries for defining our conformance relation and notion of test for hybrid systems. We use hybrid tran- sition systems to formally represent the implementation and the specification of a system. We base our conformance relation on the discrete-event input-output con- formance relation by Tretmans, and the timed input-output conformance relations by Brandan-Briones and Brinksma, and by Krichen and Tripakis. In Chapter 4 we define our input-output conformance relation for hybrid systems. In this chapter we also define a notion of test for hybrid systems that we have proven sound and exhaustive with respect to the hybrid conformance relation. Based on the notion of hybrid test, we have implemented a proof-of-concept hybrid model-based test tool. The architecture of our tool is based on the TorX test tool and the tests are generated from a hybrid specification using the hybrid  simulation tool. In Chapter 5 we describe TorX and the hybrid X language. In Chapter 6 we describe the issues involved in developing a hybrid model-based test tool in general, and our proof-of-concept tool in particular. In order to better fit theory and practice, we adapt our hybrid input-output conformance relation and notion of test to a conformance relation and notion of test for sampled behavior. We have proven that, under certain conditions, if a hybrid implementation conforms to a hybrid specification, then the implementation also conforms to the specification with sampled behavior. In Chapter 7 we describe the results of a case study that we have performed on a vacuum controller of a waferstepper machine. This controller has sampled con- tinuous input (namely samples of pressure observations) and discrete-event output (namely controlling pumps and valves). We have made a specification that models the sequences of events required for pumping down a vacuum chamber or venting a vacuum chamber. We have modeled the pressure loow in the chamber as continu- ous behavior. With the proof-of-concept tool we have been able to generate tests, stimulate the vacuum control software with sampled pressure low, observe output of the vacuum control software, and give a verdict. We have found a fault in the control software that was not found previously in the field, nor by co-simulation of the controller and a model of the hardware, nor by model checking using Uppaal. This result shows that hybrid model-based testing has added value. In chapter 8 we describe the results of this research and we present some directions for future research

Time at your service : schedulability analysis of real-time and distributed services

The software today is distributed over several processing units. At a large scale this may span over the globe via the internet, or at the micro scale, a software may be distributed on several small processing units embedded in one device. Real-time distributed software and services need to be timely and respond to the requests in time. The Quality of Service of real time software depends on how it schedules its tasks to be executed. The state of the art in programming distributed software, like in Java, the scheduling is left to the underlying infrastructure and in particular the operating system, which is not anymore in the control of the applications. In this thesis, we introduce a software paradigm based on object orientation in which real-time concurrent objects are enabled to specify their own scheduling strategy. We developed high-level formal models for specifying distributed software based on this paradigm in which the quality of service requirements are specified as deadlines on performing and finishing tasks. At this level we developed techniques to verify that these requirements are satisfied. This research has opened the way to a new approach to modeling and analysis of a range of applications such as continuous planning in the context of logistics software in a dynamic environment as well as developing software for multi-core systems. Industrial companies (DEAL services) and research centers (the Uppsala Programming for Multicore Architectures Resrearch Center UPMARC) have already shown interest in the results of this thesis.LEI Universiteit LeidenFoundations of Software Technolog

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

Modeling and verification of web service composition based interorganizational workflows

Interorganisationale Workflows sind Arbeitsabläufe, welche die Grenzen einer Organisation verlassen und einen Rahmen für Kooperationen der verschiedenen autonomen Organisationen zur Verfügung stellen. Ein wichtiger Punkt für den Entwurf solcher Workflows ist die Balance zwischen Offenheit und Abgrenzung, wobei erstere für Kooperationen und letztere die für den Schutz von Know-how benötigt wird. Workflow Sichten stellen ein effizientes Werkzeug für diesen Zweck zur Verfügung. Durch Offenlegung von bestimmten Teilen eines Prozesses, können Organisationen sowohl kooperieren als auch das Know-how schützen. Diese Dissertation präsentiert nun eine Methode für die korrekte Konstruktion von Workflow Sichten. Es wird angenommen, dass Organisationen Web Service orientierte Technologien zur Modellierung und Implementierung von interorganisationalen Workflows verwenden. Die Anwendung von Web Services bietet Organisationen viele Vorteile. Den eigentlichen Mehrwert von Web Services stellt aber die Kompositionsfähigkeit dar. Verfügbare Web Services können dadurch von anderen Choreographien und Orchestrationen (wieder-)verwendet werden. Die Notwendigkeit der Implementierung von Systemen von Null weg kann minimiert werden. Die zentralen Anforderungen sind einerseits eine Architektur mit adäquatem Potential, andererseits die Verifikation der Korrektheit. Diese Dissertation präsentiert nun eine Architektur zur Modellierung von Web Service Composition basierten interorganisationalen Workflows, genannt föderierte Choreographien, die verglichen mit anderen Architekturen verschiedene Vorteile anbieten. Darüber hinaus werden Algorithmen und Techniken zur Verifikation der strukturellen und temporalen Korrektheit vorgestellt. Strukturelle Korrektheit prüft, ob die Strukturen der beteiligten Prozesse zusammenpassen. Temporale Korrektheit überprüft, ob ein interorganisationaler Workflow, der aus mehreren Choreographien und Orchestrationen besteht hinsichtlich der lokalen und globalen Bedingungen fehlerfrei ist. Mit Hilfe dieser Techniken kann die strukturelle und temporale Konformität des Modells zur Designzeit überprüft werden. Falls das Modell nicht strukturell oder temporal konform ist, können nötige Änderungen durchgeführt werden, sodass die korrekte Ausführung zur Laufzeit garantiert werden kann. Die Überprüfung der Konformität zur Designzeit reduziert die Prozesskosten vor allem wegen den folgenden zwei Gründen: Erstens, die entdeckten Fehler zur Designzeit sind normalerweise billiger als jene, die zur Laufzeit entdeckt werden und zweitens, Fehlerbehandlungsmechanismen können verhindert werden, die wiederum Zusatzkosten verursachen. Zusätzlich zu der vorgestellten Architektur wird eine allgemeinere Architektur zusammen mit den passenden Konformitätsprüfungsalgorithmen präsentiert. Der Ansatz ist Platform- und sprachunabhängig und die Algorithmen sind verteilt.Interorganizational workflows are workflows that cross the boundaries of a single organization and provide a framework for cooperation of different autonomous organizations. An important issue when designing such workflows is the balance between the openness needed for cooperation and the privacy needed for protection of business know-how. Workflow views provide an efficient tool for this aim. By exposure of only selected parts of a process, organizations can both cooperate and protect their business logic. This dissertation presents a technique for a correct construction of workflow views. It is assumed that organizations and partners use web services and web service related technology to model and implement interorganizational workflows. Application of web services offers several advantages for organizations. The real surplus of web services is their capability of being composed to more complex systems. Available web services can be reused by other choreographies and orchestrations and the need for development of new systems from scratch can be minimized. The essential requirements are on the one hand an architecture with adequate capabilities and on the other hand, verification of correctness. This dissertation proposes an architecture for modeling web service composition based interorganizational workflows, called \emph{federated choreographies}, that provides several advantages compared to existing proposals. Moreover, algorithms and techniques for verification of structural and temporal correctness of interorganizational workflows are proposed. Structural conformance checks if the structures of the involved processes match. Temporal conformance checks if an interorganizational workflow composed of choreographies and orchestrations is temporally error-free with respect to local and global temporal constraints. The proposed algorithms can be applied for checking the structural and temporal conformance of the federated choreographies at design-time. If the model is not structurally or temporally conformant, necessary modifications can be done such that the correct execution of the flow at run-time can be guaranteed. The conformance checking at design time reduces the cost of process because of two reasons: first, errors detected at design time are normally cheaper than those detected at run time and second, exception handling mechanisms can be avoided which are, in turn, coupled with additional costs. In addition to the proposed architecture, a more general architecture together with the conformance checking algorithms and techniques for interorganizational workflows are presented. The presented approach is language and platform independent and algorithms work in a distributed manner