Specification and automated validation of staged reconfiguration processes for dynamic software product lines

Dynamic software product lines (DSPLs) propose elaborated design and implementation principles for engineering highly configurable runtime-adaptive systems in a sustainable and feature-oriented way. For this, DSPLs add to classical software product lines (SPL) the notions of (1) staged (pre-)configurations with dedicated binding times for each individual feature, and (2) continuous runtime reconfigurations of dynamic features throughout the entire product life cycle. Especially in the context of safety- and mission-critical systems, the design of reliable DSPLs requires capabilities for accurately specifying and validating arbitrary complex constraints among configuration parameters and/or respective reconfiguration options. Compared to classical SPL domain analysis which is usually based on Boolean constraint solving, DSPL validation, therefore, further requires capabilities for checking temporal properties of reconfiguration processes. In this article, we present a comprehensive approach for modeling and automatically verifying essential validity properties of staged reconfiguration processes with complex binding time constraints during DSPL domain engineering. The novel modeling concepts introduced are motivated by (re-)configuration constraints apparent in a real-world industrial case study from the automation engineering domain, which are not properly expressible and analyzable using state-of-the-art SPL domain modeling approaches. We present a prototypical tool implementation based on the model checker SPIN and present evaluation results obtained from our industrial case study, demonstrating the applicability of the approach.     

Intelligent distributed control systems

ContextThe paper² deals with distributed reconfigurable embedded control systems following the component-based International Industrial Standard IEC61499 in which a Function Block (abbreviated by FB) is an event-triggered software component owning data and a control application is a distributed network of Function Blocks. Nowadays, limited related works have been proposed to address particular cases of reconfigurations without considering distributed architectures. Our first problem is to be able to handle all possible forms of reconfigurations that can be applied at run-time to distributed Function Blocks. In this case, a coordination between devices of the execution environment should be applied to guarantee safe and coherent distributed reconfigurations. A second problem is to find the sufficient solutions for the correct implementation of this reconfigurable distributed architecture.ObjectiveThe paper defines an implementable multi-agent architecture for automatic and coherent reconfigurations of distributed Function Blocks.MethodTo address all possible industrial forms, we classify the reconfiguration scenarios into three levels. The first level deals with additions–removals of Function Blocks to-from the system’s implementation. The second deals with updates of compositions of blocks, and the third deals with updates of data. We define a Reconfiguration Agent for each device of the execution environment, and a unique Coordination Agent for coordinations between devices. Each Reconfiguration Agent to be modelled by nested state machines applies local reconfiguration scenarios in the corresponding device after coordinations with the Coordination Agent. We propose an Inter-Agents Communication Protocol to support correct and coherent reconfigurations of distributed devices. This protocol is based on Coordination Matrices to be handled by the Coordination Agent in order to define all reconfiguration scenarios that should be simultaneously applied in distributed devices. We propose XML-based implementations for both kinds of agents where XML code blocks are exchanged between devices to guarantee safety distributed reconfigurations. The contributions of the paper are applied to two Benchmark Production Systems available in our research laboratory.ResultsThe communication protocol is successfully applied to our platforms where simulations are executed to check distributed and coherent reconfiguration scenarios. The Reconfiguration and Coordination Agents are implemented in this platform by following the International Standard IEC61499. We show in addition XML-based successful interactions between devices when distributed reconfigurations are applied.ConclusionThe paper successfully defines a multi-agent architecture for IEC61499 distributed reconfigurable embedded systems where Coordination and Reconfiguration agents are proposed to allow feasible and coherent distributed reconfigurations by using a defined communication protocol. This architecture is implemented in XML and applied to real industrial platforms.     

Heuristics-based mediation for building smart architectures at run-time

Smart architectures are increasingly being used in current software development. Smart user interfaces, smart homes, or smart buildings are becoming common examples in the new era of smart cities. Software architectures usually related to these domains need to be adapted and reconfigured at run-time, for example, to provide new services, react to user interaction, or due to changes decided from the business logic of the application. Component-based techniques are a suitable way to carry out this kind of adaptation, as dynamic reconfiguration operations can be applied to the architecture. In this paper, we address run-time generation of component-based applications, taking the abstract definitions of their architecture as a reference, in addition to a set of available components. The process calculates the best configuration of components from the abstract definition by applying a trading approach based on an adapted A* algorithm. This algorithm uses heuristics based on syntactic and semantic information obtained from the component definitions. A case study related to mashup user interfaces formed by coarse-grained components is also explained. In short, the results show the usefulness of heuristics and suitable execution times for building the best configurations.     

NCES-based modelling and CTL-based verification of reconfigurable embedded control systems

This paper (This work is done in the research laboratory of Prof. Dr. Hans-Michael Hanisch at the Martin Luther University in Germany, and it is supported by the Alexander von Humboldt foundation in Germany under the reference TUN1127196STP.) deals with automatic reconfigurations of safe embedded control systems following the component-based International Industrial Standard IEC61499 in which a Function Block (FB) is an event triggered software component owning data and a control application is a network of blocks. We define a new semantics of reconfigurations that allow automatic improvements of system performances at run-time even if there are no hardware faults. We apply this new semantics on two Benchmark Production Systems developed in our research laboratory according to this industrial technology. We classify thereafter into three forms all possible reconfiguration scenarios to be applied at run-time by a well-defined agent in order to adapt the system to its environment according to well-defined conditions. The agent is modelled by nested state machines according to the formalism Net Condition/Event Systems (NCES) which is an extension of Petri nets. In order to satisfy user requirements, we specify functional and non-functional properties according to the well-known temporal logic “Computation Tree Logic” (CTL) as well as its extensions eCTL and TCTL, and we apply the model checker SESA to check the whole agent-based architecture of the reconfigurable system.     

Computational Analysis of Run-time Monitoring: Fundamentals of Java-MaC

A run-time monitor shares computational resources, such as memory and CPU time, with the target program. Furthermore, heavy computation performed by a monitor for checking target program's execution with respect to requirement properties can be a bottleneck to the target program's execution. Therefore, computational characteristics of run-time monitoring cause a significant impact on the target program's execution.We investigate computational issues on run-time monitoring. The first issue is the power of run-time monitoring. In other words, we study the class of properties run-time monitoring can evaluate. The second issue is computational complexity of evaluating properties written in process algebraic language. Third, we discuss sound abstraction of the target program's execution, which does not change the result of property evaluation. This abstraction can be used as a technique to reduce monitoring overhead. Theoretical understanding obtained from these issues affects the implementation of Java-MaC, a toolset for the run-time monitoring and checking of Java programs. Finally, we demonstrate the abstraction-based overhead reduction technique implemented in Java-MaC through a case study.     

Formal approach to agent-based dynamic reconfiguration in Networks-On-Chip

A Network-On-Chip (NoC) platform is an emerging topology for large-scale applications. It provides a required number of resources for critical and excessive computations. However, the computations may be interrupted by faults occurring at run-time. Hence, reliability of computations as well as efficient resource management at run-time are crucial for such many-core NoC systems. To achieve this, we utilize an agent-based management system where agents are organized in a three-level hierarchy. We propose to incorporate reallocation and reconfiguration procedures into agents hierarchy such that fault-tolerance mechanisms can be executed at run-time. Task reallocation enables local reconfiguration of a core allowing it to be eventually reused in order to restore the original performance of communication and computations. The contributions of this paper are: (i) an algorithm for initial application mapping with spare cores, (ii) a multi-objective algorithm for efficient utilization of spare cores at run-time in order to enhance fault-tolerance while maintaining efficiency of communication and computations at an adequate level, (iii) an algorithm integrating the local reconfiguration procedure and (iv) formal modeling and verification of the dynamic agent-based NoC management architecture incorporating these algorithms within the Event-B framework.     

深度神经网络压缩与加速综述

随着人工智能民主化的发展,深度神经网络已经被广泛地应用于移动嵌入式设备上,例如智能手机和自动驾驶领域等. 随机计算作为一种新兴的、有前途的技术在执行机器学习任务时使用简单的逻辑门而不是复杂的二进制算术电路. 它具有在资源（如能源、计算单元和存储单元等）受限的边缘设备上执行深度神经网络低能耗、低开销的优势. 然而,之前的关于随机计算的工作都仅仅设计一组模型配置并在固定的硬件配置上实现,忽略了实际应用场景中硬件资源（如电池电量）的动态改变,这导致了低硬件效率和短电池使用时间. 为了节省电池供电的边缘设备的能源,动态电压和频率调节技术被广泛用于硬件重配置以延长电池的使用时间. 针对基于随机计算的深度神经网络,创新性地提出了一个运行时可重配置框架,即RR-SC,这个框架首次尝试将硬件和软件的重配置相结合以满足任务的时间约束并最大限度节省能源. RR-SC利用强化学习技术可以一次性生成多组模型配置,同时满足不同硬件配置（即不同的电压/频率等级）下的准确率要求. RR-SC得到的解具有最好的准确率和硬件效率权衡. 同时,多个模型配置运行时在同一个主干网络上进行切换,从而实现轻量级的软件重配置. 实验结果表明,RR-SC可以在110 ms内进行模型配置的轻量级切换,以保证在不同硬件级别上所需的实时约束. 同时,它最高可以实现7.6倍的模型推理次数提升,仅造成1%的准确率损失.

     

Architecture compliance checking at run-time

In this paper, we report on our experiences with architecture compliance checking – the process of checking whether the planned or specified software architecture is obeyed by the running system – of an OSGi-based, dynamically evolving application in the office domain. To that end, we first show how to dynamically instrument a running system in the context of OSGi in order to collect run-time traces. Second, we explain how to bridge the abstraction gap between run-time traces and software architectures, through the construction of hierarchical Colored Petri nets (CP-nets). In addition, we demonstrate how to design reusable hierarchical CP-nets. In an industry example, we were able to extract views that helped us to identify a number of architecturally relevant issues (e.g., architectural style violations, behavior violations) that would not have been detected otherwise, and could have caused serious problems like system malfunctioning or unauthorized access to sensitive data. Finally, we package valuable experiences and lessons learned from this endeavor.     

A Framework for Run-time Reconfigurable Systems

We present a framework for run-time reconfigurable systems. The framework provides a methodology and a design representation which allow to plug in different design and implementation tools. Front-end tools cover design capture, temporal partitioning and scheduling; back-end tools provide reconfiguration control, communication channel generation, estimation, and the final code composition. This paper elaborates on two of the framework's main issues: First, we discuss the design representation comprising aspects of the problem, the target architecture, and the communication channels. Second, we present a hierarchical approach to reconfiguration control in multi-FPGA systems.     

Requirements for a Practical Network Event Recognition Language

We propose a run-time monitoring and checking architecture for network protocols called Network Event Recognition. Our framework is based on passively monitoring the packet trace produced by a protocol implementation and checking it for properties written in a formal specification language, NERL. In this paper, we describe the design requirements for NERL. We show how the unique requirements of network protocol monitoring impact design and implementation options. Finally we outline our prototype implementation of NERL and discuss two case studies: checking the correctness of network protocol simulations and privacy issues in packet-mode surveillance.     

面向网络化制造的产品再配置模型

该文提出一个面向网络化制造的产品再配置概念模型．该模型突出配置过程的动态特性,在分析了基于版本模型的部件、配置模型演化方式以及两者在演化过程中的相互影响的基础上,给出在集成产品配置的产品数据管理系统中对部件演化和模型演化进行跟踪和记录的方法,以实现产品再配置．该模型具有较强的时态描述能力,可广泛应用在网络化制造系统中．最后还提出了一个面向网络化制造的产品再配置结果相关度匹配算法．     

Compositional and behavior-preserving reconfiguration of component connectors in Reo

It is generally accepted that building software out of loosely coupled components, such as in service-oriented systems or mobile networks, yields applications that are more robust against changes and failure of single components than monolithic systems. In order to accommodate for changes in the environment or in the requirements, and anticipate to a component failure, applications are often dynamically adapted by means of a reconfiguration. In this paper, we target the visual channel-based coordination language Reo and introduce a combined structural and behavioral model for graph-based component connectors in Reo. Exploiting concepts from category theory, we model reconfigurations of connectors as transformations of the underlying connector graphs. We show that our connector model has a compositional semantics and lift structural reconfigurations to the semantical level. As a concrete application of our framework, we introduce a notion of behavior-preserving reconfiguration for Reo and provide a sufficient condition to ensure behavior-preservation statically.     

基于信息流的整数漏洞插装和验证

为降低整数漏洞插装验证的运行开销,提出基于信息流的整数漏洞插装方法.从限定分析对象范围的角度出发,将分析对象约减为污染信息流路径上的所有危险整数操作,以降低静态插装密度.在GCC平台上,实现了原型系统DRIVER(detect and run-time check integer-based vulnerabilities with information flow).实验结果表明,该方法具有精度高、开销低、定位精确等优点.     

Component-Based Systems Reconfigurations Using Graph Transformations with <Emphasis Type="Italic">GROOVE</Emphasis>

Component-based systems permit standardisation and re-usability of code through the use of components. The architecture of component-based systems can be modified thanks to dynamic reconfigurations, which contribute to systems’ (self-)adaptation by adding or removing components without incurring any system downtime. In this context, the present article describes a formal model for dynamic reconfigurations of component-based systems. It provides a way of expressing runtime reconfigurations of a system and proving their correctness according to a static invariant for consistency constraints and/or a user-provided post-condition. Guarded reconfigurations allow us to build reconfigurations based on primitive reconfiguration operations using sequences of reconfigurations and the alternative and the repetitive constructs, while preserving configuration consistency. A practical contribution consists of the implementation of a component-based model using the GROOVE graph transformation tool. This implementation is illustrated on a cloud-based multi-tier application hosting environment managed as a component-based system. In addition, after enriching the model with interpreted configurations and reconfigurations in a consistency compatible manner, component systems’ implementations are related to their specifications by a simulation relation.     

UML-based hardware/software co-design platform for dynamically partially reconfigurable network security systems

The dynamic partial reconfiguration technology of FPGA has made it possible to adapt system functionalities at run-time to changing environment conditions. However, this new dimension of dynamic hardware reconfigurability has rendered existing CAD tools and platforms incapable of efficiently exploring the design space. As a solution, we proposed a novel UML-based hardware/software co-design platform (UCoP) targeting at dynamically partially reconfigurable network security systems (DPRNSS). Computation-intensive network security functions, implemented as reconfigurable hardware functions, can be configured on-demand into a DPRNSS at run-time. Thus, UCoP not only supports dynamic adaptation to different environment conditions, but also increases hardware resource utilization. UCoP supports design space exploration for reconfigurable systems in three folds. Firstly, it provides reusable models of typical reconfigurable systems that can be customized according to user applications. Secondly, UCoP provides a partially reconfigurable hardware task template, using which users can focus on their hardware designs without going through the full partial reconfiguration flow. Thirdly, UCoP provides direct interactions between UML system models and real reconfigurable hardware modules, thus allowing accurate time measurements. Compared to the existing lower-bound and synthesis-based estimation methods, the accurate time measurements using UCoP at a high abstraction level can more efficiently reduce the system development efforts.     

Automatic resource allocation in a distributed camera network

In this paper, we present a hierarchical smart resource coordination and reconfiguration framework for distributed systems. We view the coordination problem as one of context aware resource reconfiguration. The fundamental unit in this hierarchy is a Fault Containment Unit (FCU) that provides run-time fault-tolerance by deciding on the best alternative course of action when a failure occurs. FCUs are composed hierarchically and are responsible for dynamically reconfiguring failing FCUs at lower levels. When such a reconfiguration is not possible, FCUs propagate the failure upward for resolution. We evaluate the effectiveness of our framework in a people tracking application using a network of cameras. The task for our multi-camera network is to allocate pairs of cameras that localize a subject optimally given the current run-time context. The system automatically derives policies for switching between camera pairs that enable robust tracking while being attentive to certain performance measures. Our approach is unique in that we model the dynamics in the scene and the camera network configuration steers the policies to provide robust tracking.     

硬件内部进化原理及其实现

研究了如何实现硬件的内部进化;讨论了实现硬件内部进化的3个条件：物质基础RCl000板卡、进化算法HereBoy和实时重构接口JBits;给出了硬件内部进化的具体流程,其实质是采用JBits对RC1000板卡上的FPGA进行实时部分重构;实例证明基于JBitsAPI、RCl000板卡和遗传算法实现硬件内部进化是可行的;对不同编码方法及不同进化资源条件下,收敛速度加以比较,结果表明：采用多参数级联编码法,协同进化LUT及其连线,显著改善了收敛速度。     

An overview of Dynamic Software Product Line architectures and techniques: Observations from research and industry

Over the last two decades, software product lines have been used successfully in industry for building families of systems of related products, maximizing reuse, and exploiting their variable and configurable options. In a changing world, modern software demands more and more adaptive features, many of them performed dynamically, and the requirements on the software architecture to support adaptation capabilities of systems are increasing in importance. Today, many embedded system families and application domains such as ecosystems, service-based applications, and self-adaptive systems demand runtime capabilities for flexible adaptation, reconfiguration, and post-deployment activities. However, as traditional software product line architectures fail to provide mechanisms for runtime adaptation and behavior of products, there is a shift toward designing more dynamic software architectures and building more adaptable software able to handle autonomous decision-making, according to varying conditions. Recent development approaches such as Dynamic Software Product Lines (DSPLs) attempt to face the challenges of the dynamic conditions of such systems but the state of these solution architectures is still immature. In order to provide a more comprehensive treatment of DSPL models and their solution architectures, in this research work we provide an overview of the state of the art and current techniques that, partially, attempt to face the many challenges of runtime variability mechanisms in the context of Dynamic Software Product Lines. We also provide an integrated view of the challenges and solutions that are necessary to support runtime variability mechanisms in DSPL models and software architectures.     

一种智能合约微服务化框架

区块链具有分布式、不可篡改、去中心化、历史可追溯等特点,但难以落地.智能合约的引入,有效地解决了这一难题.然而,智能合约的开发和运维存在部署效率低、监控工具不成熟等问题.受DevOps自动化工具支持微服务持续交付、持续监控的启发,针对上述问题,提出了一种用于智能合约微服务化改造的框架.随后,结合支持DevOps的工具设计原型平台Mictract,完成智能合约的部署和监控.在Hyperledger Fabric官方链码Marbles上的案例研究表明,该框架和原型平台能够显著提升智能合约部署和监控的自动化水平.