Typing the evolution of variational software

[Excerpt] Maintaining multiple versions of a software system is a laborious and challenging task, which is many times a strong requirement of the software development process. Such hurdle is justified by needs of backward compatibility with libraries or existence of legacy equipment with particular constraints. It is also an intrinsic requirement of software product lines that target multiple target platforms, service, or licensing levels [7]. A crucial example of a high variability context is an operating system where hundreds of variants need to be maintained to cope with all the different target architectures [1]. We find another important example in mobile applications, where server and client code need to be updated in sync to change structure of the interface or the semantics of webservices. However, it is always the case that older versions of server code must be maintained to support client devices that are not immediately updated. The soundness of a unique and common code corpus demands a high degree of design and programming discipline [8], code versioning, branching and merging tools [12], and sophisticated management methods [11, 9]. For instance, in looselycoupled service-oriented architectures, where the compatibility guaranties between modules are almost non-existent, special attention is needed to maintain the soundness between multiple versions of service end-points (cf. Twitter API [13]). [...]This work is supported by NOVA LINCS UID/CEC/04516/2013, COST CA15123 - EUTYPES and FC&T Project CLAY - PTDC/EEI-CTP/4293/2014

Robust Contract Evolution in a TypeSafe MicroServices Architecture

Microservices architectures allow for short deployment cycles and immediate effects but offer no safety mechanisms when service contracts need to be changed. Maintaining the soundness of microservice architectures is an error-prone task that is only accessible to the most disciplined development teams. We present a microservice management system that statically verifies service interfaces and supports the seamless evolution of compatible interfaces. We define a compatibility relation that captures real evolution patterns and embodies known good practices on the evolution of interfaces. Namely, we allow for the addition, removal, and renaming of data fields of a producer module without breaking or needing to upgrade consumer services. The evolution of interfaces is supported by runtime generated proxy components that dynamically adapt data exchanged between services to match with the statically checked service code.The model was instantiated in a core language whose semantics is defined by a labeled transition system and a type system that prevents breaking changes from being deployed. Standard soundness results for the core language entail the existence of adapters, hence the absence of adaptation errors and the correctness of the management model. This adaptive approach allows for gradual deployment of modules, without halting the whole system and avoiding losing or misinterpreting data exchanged between system nodes. Experimental data shows that an average of 69% of deployments that would require adaptation and recompilation are safe under our approach

Type System for the ComponentJ Programming Language

Dissertação apresentada na Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa para a obtenção do grau de Mestre em Engenharia Informática.With the constant evolution of software systems need arises for more structured implementations, where processes like software updates and changes in systems can be easily made, with no need to change what had previously been implemented. One possible solution to this problem is the use of component-based programming languages. This kind of programming languages tries to promote not only code reuse but also a black-box discipline where it is not needed how a service is implemented, but only its interface so that it can be used. The ComponentJ programming language seeks to provide a simple way to perform component creation and composition, making this new programming paradigm somewhat easy to use. Because ComponentJ is meant to be an extension to the Java programming language it becomes possible to implement components using the whole expressiveness of this language. It is also possible, in ComponentJ, to dynamically change components and the object structure based on runtime decisions. This dynamic reconfiguration process allows, for instance, to perform changes/updates to a certain software system without having to stop its execution. The goal for this project is to implement a type system for the ComponentJ programming language, based on the work presented in [32, 28]. Type verification is syntax driven, and uses structural equivalence of types. Advanced techniques such as subtyping and type inference are also included in order to make the language more flexible. Besides the static type checker, a dynamic checker is also included, allowing the type safe application of runtime changes to the system (dynamic reconfiguration of objects) before their application

Event-based run-time adaptation in communication-centric systems

International audienceCommunication-centric systems are software systems built as assemblies of distributed arti-facts that interact following predefined communication protocols. Session-based concurrency is a type-based approach to ensure the conformance of communication-centric systems to such protocols. This paper presents a model of session-based concurrency with mechanisms for run-time adaptation. Our model allows us to specify communication-centric systems whose session behavior can be dynamically updated at run-time. We improve on previous work by proposing an event-based approach: adaptation requests, issued by the system itself or by its context, are assimilated to events which may trigger adaptation routines. These routines exploit type-directed checks to enable the reconfiguration of processes with active protocols. We equip our model with a type system that ensures communication safety and consistency properties: while safety guarantees absence of run-time communication errors, consistency ensures that update actions do not disrupt already established session protocols. We provide soundness results for binary and multiparty protocols

How To Touch a Running System

The increasing importance of distributed and decentralized software architectures entails more and more attention for adaptive software. Obtaining adaptiveness, however, is a difficult task as the software design needs to foresee and cope with a variety of situations. Using reconfiguration of components facilitates this task, as the adaptivity is conducted on an architecture level instead of directly in the code. This results in a separation of concerns; the appropriate reconfiguration can be devised on a coarse level, while the implementation of the components can remain largely unaware of reconfiguration scenarios. We study reconfiguration in component frameworks based on formal theory. We first discuss programming with components, exemplified with the development of the cmc model checker. This highly efficient model checker is made of C++ components and serves as an example for component-based software development practice in general, and also provides insights into the principles of adaptivity. However, the component model focuses on high performance and is not geared towards using the structuring principle of components for controlled reconfiguration. We thus complement this highly optimized model by a message passing-based component model which takes reconfigurability to be its central principle. Supporting reconfiguration in a framework is about alleviating the programmer from caring about the peculiarities as much as possible. We utilize the formal description of the component model to provide an algorithm for reconfiguration that retains as much flexibility as possible, while avoiding most problems that arise due to concurrency. This algorithm is embedded in a general four-stage adaptivity model inspired by physical control loops. The reconfiguration is devised to work with stateful components, retaining their data and unprocessed messages. Reconfiguration plans, which are provided with a formal semantics, form the input of the reconfiguration algorithm. We show that the algorithm achieves perceived atomicity of the reconfiguration process for an important class of plans, i.e., the whole process of reconfiguration is perceived as one atomic step, while minimizing the use of blocking of components. We illustrate the applicability of our approach to reconfiguration by providing several examples like fault-tolerance and automated resource control