15.12.13 - 19.12.13, Seminar 13511

Software Engineering for Self-Adaptive Systems: Assurances

Diese Seminarbeschreibung wurde vor dem Seminar auf unseren Webseiten veröffentlicht und bei der Einladung zum Seminar verwendet.

Motivation

Repairing faults, or performing upgrades on different kinds of software systems have been tasks traditionally performed as a maintenance activity conducted off-line. However, as software systems become central to support everyday activities and face increasing dependability requirements, even as they have increased levels of complexity and uncertainty in their operational environments, there is a critical need to improve their resilience, optimize their performance, and at the same time, reduce their development and operational costs. This situation has led to the development of systems able to reconfigure their structure and modify their behaviour at run-time in order to improve their operation, recover from failures, and adapt to changes with little or no human intervention. These kinds of systems typically operate using an explicit representation of their own structure, behaviour and goals, and appear in the literature under different designations (e.g. self-adaptive, self-healing, self-managed, self-*, autonomic, etc.).

In spite of recent and important advances in the area, one key aspect of self-adaptive systems that poses important challenges yet to be tackled in depth is assurances: that is, providing evidence that systems satisfy their functional and non-functional requirements during operation. Specifically, assurances involve not only system dependability and security, but also resilience with respect to changes that may occur in the system, its environment, or its goals. The provision of assurances for self-adaptive systems, which should be done tandem with their development, operation and evolution, is difficult since run-time changes (e.g., resource variability) introduce a high degree of uncertainty that is atypical is more conventional systems. This Dagstuhl Seminar will bring together researchers to discuss software engineering aspects of self-adaptive systems, including methods, architectures, languages, algorithms, techniques, and tools that can be used to support assurances in development and deployment of these systems. In particular, the seminar is intended as a complement to past Dagstuhl Seminars 08031 and 10431 on Software Engineering for Self-Adaptive Systems, the ongoing SEAMS Symposium, and the recently organised ESEC/FSE 2011 Workshop on Assurances for Self-adaptive Systems (ASAS). Unlike most of those events, which were concerned broadly with all aspects of self-adaptation, this Dagstuhl Seminar intends to focus specifically on the collection of evidence, its storage and analysis for the provision of assurances that a self-adaptive software system is able to behave functionally and non-functionally according to its specified needs.

Description of the Topic

The Seminar will concentrate on obtaining assurances for self-adaptive software systems. The topic of self-adaptive systems has been studied independently within different research areas of software engineering, including requirements engineering, modelling, architecture and middleware, event-based, component-based and knowledge-based systems, testing, verification and validation, as well as software maintenance and evolution. On the other hand, the topic of assurances for software-based systems has been widely investigated by the dependability community, in particular when considered in the context of safety-critical systems. For these types of systems there is the need to build coherent arguments showing that the system is able to comply with strict functional and non-functional requirements, which are often dictated by safety standards and general safety guidelines. The major challenge when combining self-adaptability and dependability is how to obtain assurances regarding the uncertainty of changes that may affect the system, its environment or its goals.

The flexible nature of software provides an ideal platform for self-adaptation. However, the proper realization of the self-adaptation capability remains a formidable intellectual challenge when coupled with the need to provide assurances during system operation. In the long run, we need to establish the foundations that enable systematic development of future generations of self-adaptive systems in which evidence gathered during development-time and run-time can be combined. Therefore, the current achievements have to be integrated into a more comprehensive overall research effort from which generic approaches should be devised. Building self-adaptive software systems cost-effectively, in a systematic and predictable manner, and aiming to provide resilient services is a major engineering challenge—even though self-adaptive systems have had a long history with successes in many different branches of engineering. Mining the rich experiences in these fields, borrowing theories, mainly, from software engineering, control engineering, safety-critical systems and other related fields, and then applying the findings to software-intensive self-adaptive systems is a promising avenue of research for addressing the challenges associated with the need for providing assurances.

Although the former Dagstuhl Seminars 08031 and 10431 on Software Engineering for Self-Adaptive Systems were very successful with respect to their outcomes, they also revealed that the classical development steps of software engineering provide a limited framework for discussing the challenges and potential solutions regarding the provision of assurances for self-adaptive software systems. Due to its diverse nature, self-adaptation requires new perspectives in software development techniques and processes because traditional boundaries between development-time and run-time activities often do not apply. Therefore, during the Seminar we plan to approach the topics in a more flexible and problem-oriented manner. The topics identified below emerged from the discussions held during the previous Dagstuhl Seminar, and from its concrete outcomes-- specifically, a roadmap report for the area and the profile of the papers submitted to a forthcoming book on the same topic.

Topics to be covered

  • Formal notations for modelling and analyzing. Today’s formal notations for modelling and analysis do not explicitly address to model adaptation and thus are usually not sufficient to capture all the additional aspects relevant for self-adaptive software. Therefore, the open question is which existing formal notations are sufficient for which kind of self-adaptive software and/or what extensions are required to make them suitable.
  • Stochastic analysis, and reasoning in the presence of uncertainty. Self-adaptive software has to operate often in frequently changing environments. However, the frequency of specific changes and their specific characteristics can hardly be predicted at development-time. Therefore, ways have to be found to deal with this uncertainty concerning the environment. Promising direction are different stochastic models that try to capture the made observations in form of probability distributions.
  • Run-time and development-time verification and validation. Key aspects of assurance are validation and verification activities. Due to the uncertainty, it is often only possible to cover specific aspects at run-time. Therefore, the question is how we can systematically combine the different results achieved for v & v activities at development-time and run-time.
  • Run-time monitoring and analysis. A crucial activity of self-adaptive software is the monitoring and subsequent analysis of the context and software at run-time. The specific challenge here is that the overhead of the monitoring and analysis has to be not too high while on the other hand the monitoring and analysis has to detect all relevant changes.
  • Correctness by construction and run-time synthesis. Guarantees that can be provided by construction are valuable for assurance. In the same manner synthesis algorithms, as for example planning algorithms, can provide guarantees for their computed solution. The challenges are how synthesis approaches can be made efficient enough to be applicable for real self-adaptive software and how the resulting guarantees can be combined with other sources of evidence.
  • Measuring, evaluation and benchmarking. All assurance activities based on the observation of the execution of the software require dedicated measuring steps and related evaluation steps. In case multiple systems are considered, also benchmarks that allow comparing solutions or alternative design options are relevant. The open challenge is how these well-understood activities have to be adjusted for the case of self-adaptive software.
  • Resilient cases and evidence. The assurance for self-adaptive software cannot be restricted to ensuring that the regular behaviour is guaranteed as required even though the system can adapt itself. Also the resilience of the system, which relies on the self-adaptation, has to be covered by the assurance. Due to the uncertain nature of the changes for which evidence is required, new ways have to be found to establish this kind of required evidence.
  • Social aspects of assurances. The assurance that can be achieved for self-adaptive software will hopefully give evidence that the software works as required in even more cases than an alternative non self-adaptive solution. However, on the other hand additional risks result from the fact that the software can adapt itself. Therefore it is a relevant question, whether the society is willing to accept the additional risks due to the improvements achieved by the self-adaptation if they likely outweigh the additional risk.

As we bring together researchers from different fields conducting research on assurances and self-adaptive software systems, we have to take into account that their specific foci include application domains as well as specific types of solutions. To identify relevant working group themes at the seminar, we plan to concentrate on relevant areas of interest with respect to the dimensions outlined by the organizers to enable focused group discussions. The planned key questions to launch the discussion are outlined in the next section on the goals of the seminar.

Goals

The goal of this Dagstuhl Seminar is to bring together the leading experts software engineering, self-adaptive systems, assurances, and other distinguished experts from related fields to discuss the fundamental principles, models, methods, techniques, mechanisms, state-of-the-art and challenges associated with the provision of assurances for self-adaptive software systems. Some of the challenges that we would like to address during the seminar, and which should be used as guidance for the discussions, are the following:

  • Evidence gathering when uncertainty is high. For example, models are inaccurate or system cannot be fully tested. Issues to be discussed: instead of correctness, is it possible gather evidence in terms of levels of confidence? During run-time, would it be possible to use efficient but incomplete verification strategies with low space/time complexity? How to incorporate and validate last line of defence for unanticipated changes?
  • Capabilities and limitations of run-time V&V of self-adaptive systems. What (traditional) development-time validation techniques can be extended and applied at run-time? What properties can/cannot be validated at run-time? What affects the choice of V&V techniques? For example, cost/benefit analysis should be performed based on risk, importance, need, cost/time and impact. How to chose and combine the outcomes of different techniques? For example, model checking, testing, and performance modelling.
  • Enabling run-time V&V. How to adapt/instrument to support run-time V&V? How to make context and models first class entities? What if run-time V&V fails? When to initiate run-time V&V? How to validate and verify continuously at run-time? Should the process be reactive or pro-active?
  • Development-time and run-time activities. How to combine development- and run-time evidence for the provision of assurances? For example, development-time rationale and run-time decision-making. How integrate in a cohesive manner, software life-cycle phases and software engineering disciplines?
  • Correctness by construction. What is the role of models in evidence gathering? How these models can be validated against the actual entities they represent (system, environment, and goals)? How to deal with model inaccuracies and synchronisation problems, for example?

As with the former editions of this Dagstuhl Seminar, we envisage as a concrete outcome for the proposed seminar a new version of the roadmap paper, and a new book, both focusing on theme of assurances for self-adaptive systems. The roadmap paper should be structured according to the new topics to be identified during the seminar, which should presented in terms of their state-of-the-art and future challenges.