towards corrective assurance in adaptive service-based applications raman kazhamiakin 1, andreas...
TRANSCRIPT
Towards Corrective Assurance in Adaptive Service-Based Applications
Raman Kazhamiakin1, Andreas Metzger2, Marco Pistore1
FBK-Irst, Trento, Italy
SSE, University of Duisburg-Essen, Germany
December 2008
SBA Adaptation Modern Service-based Applications
■ Operate and evolve in highly dynamic environments■ Compose and exploit variety of third-party services ■ Subject to rapidly changing requirements and constraints
Adaptation is a key to■ identify of critical problems and changes■ timely accommodate to problems and changes
2
December 2008
Example: dynamic re-binding
3
S1
S21
S3
Composite service
S2
S22xRegistry
Adaptation
S22’
S22
S1
S21
S3
Composite service
S2
December 2008
Example:variant specification
4
A
B D
C E
Variant 1Condition: C.exception Action: Undo C Redo B Skip D Replace E ← E’
Variant 2Condition: D.exception Action: Undo D Skip D;E Replace C ← C’
December 2008
Adaptation Process At design time
■ Identify dynamic part of SBA: what can change?■ Define adaptation requirements: what should be achieved?■ Define adaptation strategies: how to achieve requirements?
At run-time■ Observe and detect changes and problems■ Execute appropriate adaptation strategies
Adaptation strategies■ Configuration adaptation
■ Change of configuration parameters, e.g., re-negotiate SLA QoS properties■ Changes of services bound to the SBA, e.g., re-binding
■ Composition adaptation■ Change the composition structure, e.g., re-compose SBA■ Modify path of the process, e.g., rollback to safe point, redo, use alternative
branch
5
December 2008
Example: dynamic re-binding
6
S1
S21
S3
Composite service
S2
S22xRegistry
Adaptation
S22’
S22
S1
S21
S3
Composite service
S2
?? ?
December 2008
Example:variant specification
7
A
B D
C E
Variant 1Condition: C.exception Action: Undo C Redo B Skip D Replace E ← E’
Variant 2Condition: D.exception Action: Undo D Skip D;E Replace C ← C’? ?
?
December 2008
Need for Correctness Assurance
There exists a gap between the adaptation specification provided at design time and adaptation context at run-time
Adaptation may fail or lead to incorrect result!■ Situations unforeseen at design time are encountered■ Extra concurrency between with respect to the adaptation■ Same adaptation activities are chosen even if failed previously
Specific correctness assurance means are necessary
8
December 2008
Agenda Adaptation in Service-Based Applications
■ Configuration and composition adaptation■ Failures in adaptation
Adaptation-specific Failures■ Failures due to incomplete knowledge■ Failures due to concurrent changes■ Undesired adaptation loops
Ensuring Adaptation Correctness■ Using existing correctness assurance approaches■ New extensions and approaches
Conclusions and Future Works
9
December 2008
Failures: Incomplete Knowledge Adaptation actions are predefined at design time
■ the defined adaptation actions will complete successfully in all the foreseen situations …
■ … but a new situation is encountered at run-time. ■ As a consequence, adaptation actions are impossible or harmful
Configuration adaptation:■ in case of service failure, adaptation aims to find/replace it…■ … but there exist no services with given QoS parameters
Composition adaptation:■ adaptation aims at changing the structure of process instance… ■ … but the instance has reached a state where the change is
semantically incorrect
10
December 2008
Failures: Incomplete Knowledge Adaptation actions are predefined at design time
■ the defined adaptation actions will complete successfully in all the foreseen situations …
■ … but a new situation is encountered at run-time. ■ As a consequence, adaptation actions are impossible or harmful
Configuration adaptation:■ in case of service failure, adaptation aims to find/replace it…■ … but there exist no services with given QoS parameters
Composition adaptation:■ adaptation aims at changing the structure of process instance… ■ … but the instance has reached a state where the change is
semantically incorrect
11
Requirements
•Avoid predefined adaptation actions
•Validate applicability of the actions
inconcrete situation
December 2008
Failures: Concurrent Changes Adaptation execution is expected to be isolated from
application execution■ It is expected that the changes are not very frequent, and
adaptation actions are performed while the SBA is not running …■ … but in some cases changes are as fast as the execution!■ So they occur concurrently with the adaptation actions.
Configuration adaptation:■ Optimization requires reconfiguration when QoS degrades…■ … but QoS metrics change too rapidly
Composition adaptation:■ We are executing activities defined by the adaptation
specification…■ … but new events occur triggering new adaptation activities
12
December 2008
Failures: Concurrent Changes Adaptation execution is expected to be isolated from
application execution■ It is expected that the changes are not very frequent, and
adaptation actions are performed while the SBA is not running …■ … but in some cases changes are as fast as the execution!■ So they occur concurrently with the adaptation actions.
Configuration adaptation:■ Optimization requires reconfiguration when QoS degrades…■ … but QoS metrics change too rapidly
Composition adaptation:■ We are executing activities defined by the adaptation
specification…■ … but new events occur triggering new adaptation activities
13
Requirements
• Model and analyze dynamics of SBA
• Analyze the impact of the dynamics
on the adaptation execution
December 2008
Failures: Adaptation Loop Adaptation should lead to a new state/configuration
■ It is expected that the adaptation completes successfully, so a new situation is achieved, where further adaptation is not needed…
■ … but adaptation may fail (partially) or re-generate the problem.■ Another loop of adaptation is the triggered again
Configuration adaptation:■ Adaptation aims at finding new service to replaces failed ones…■ … but a previously used service can be found instead.
Composition adaptation:■ In reaction to some problem an alternative path is selected and
used…■ … but the path also fails with the same problem
14
December 2008
Failures: Adaptation Loop Adaptation should lead to a new state/configuration
■ It is expected that the adaptation completes successfully, so a new situation is achieved, where further adaptation is not needed…
■ … but adaptation may fail (partially) or re-generate the problem.■ Another loop of adaptation is the triggered again
Configuration adaptation:■ Adaptation aims at finding new service to replaces failed ones…■ … but a previously used service can be found instead.
Composition adaptation:■ In reaction to some problem an alternative path is selected and
used…■ … but the path also fails with the same problem
15
Requirements
• Define adaptation such that loops do
not occur
• Monitor loops and define strategies to
break them
December 2008
Agenda Adaptation in Service-Based Applications
■ Configuration and composition adaptation■ Failures in adaptation
Adaptation-specific Failures■ Failures due to incomplete knowledge■ Failures due to concurrent changes■ Undesired adaptation loops
Ensuring Adaptation Correctness■ Using existing correctness assurance approaches■ New extensions and approaches
Conclusions and Future Works
16
December 2008
Correctness Assurance
17
Correctness Assurance
Analytical techniques
Constructive techniques
MonitoringTesting
Simulation Verification
Automated Configuration
Model-drivendesign
Automated composition
December 2008
Correctness Assurance
18
Correctness Assurance
Analytical techniques
Constructive techniques
MonitoringTesting
Simulation Verification
Automated Configuration
Model-drivendesign
Automated composition
Offline
Online
December 2008
Correctness Assurance
19
Correctness Assurance
Analytical techniques
Constructive techniques
MonitoringTesting
Simulation Verification
Automated Configuration
Model-drivendesign
Automated composition
Composition
Configuration
December 2008
Correctness Assurance
20
Correctness Assurance
Analytical techniques
Constructive techniques
MonitoringTesting
Simulation Verification
Automated Configuration
Model-drivendesign
Automated composition
Not readily applicable to deal with
adaptation-specific failures!
December 2008
Example: dynamic re-binding
21
S1
S21
S3
Composite service
S2
S22xRegistry
Adaptation
S22’
S22
S1
S21
S3
Composite service
S2
?? ?
Monitor / test the execution environment at deployment time• to check if the registry is available and reachable• to check if there are backup services available• to check if the backup services can be used as replacements
Collect statistics / metrics on availability• availability of the registry • services: more stable services are to be preferred as
replacements
December 2008
Example:variant specification
22
A
B D
C E
Variant 1Condition: C.exception Action: Undo C Redo B Skip D Replace E ← E’
Variant 2Condition: D.exception Action: Undo D Skip D;E Replace C ← C’? ?
?
Verification and validation of the adaptation• to check if the proposed adaptations are correct in all circumstances• to evaluate the effects of multiple / nested adaptations
Guarantee by construction correctness / completeness of adaptation• E.g., by using model driven techniques
Monitor adaptation histories• to detect and break adaptation loop
Monitor / test the execution environment at deployment time• to check that the adaptation strategies are supported
December 2008
Adaptation-specific Techniques
23
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
December 2008
Adaptation-specific Techniques
24
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Verification / validation of the adaptation specification at design time
December 2008
Adaptation-specific Techniques
25
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Evaluate some properties of the environment in order to estimate future adaptation behaviors
December 2008
Adaptation-specific Techniques
26
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Validate / simulate critical properties before SBA execution given the specific run-time situation
December 2008
Adaptation-specific Techniques
27
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Use data on previous adaptations and outcomes to drive decisions / break loops
December 2008
Adaptation-specific Techniques
28
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Use model driven techniques to compose not just the SBA but also the adaptation strategies
December 2008
Adaptation-specific Techniques
29
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Combine automated composition with the run-time information
December 2008
Adaptation-specific Techniques
30
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Identify “stable” services / properties that can be used at design or adaptation to reduce dynamicity
December 2008
Adaptation-specific Techniques
31
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Offline
Online
December 2008
Adaptation-specific Techniques
32
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Composition
Configuration
December 2008
Adaptation-specific Techniques
33
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Failures due to incomplete knowledge
December 2008
Adaptation-specific Techniques
34
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability metrics
Built-in adaptation
Online automated
composition
Failures due to concurrent changes
December 2008
Adaptation-specific Techniques
35
Correctness Assurance
Analytical techniques
Constructive techniques
Monitoring adaptation histories
Online verification
Offline adaptation analysis
Pre-deployment monitoring
Stability netrics
Built-in adaptation
Online automated
composition
Undesired adaptation loops
December 2008
Agenda Adaptation in Service-Based Applications
■ Configuration and composition adaptation■ Failures in adaptation
Adaptation-specific Failures■ Failures due to incomplete knowledge■ Failures due to concurrent changes■ Undesired adaptation loops
Ensuring Adaptation Correctness■ Using existing correctness assurance approaches■ New extensions and approaches
Conclusions and Future Works
36
December 2008
Conclusions Adaptation in SBA introduces additional levels of
complexity■ Specific problems and failures■ Cannot be addressed using existing correctness assurance
approaches■ Novel approaches to QA in adaptive SBA are necessary
It is necessary to extend the existing methodologies■ Existing approaches should be evolved to take adaptation
specifications into account ■ Offline adaptation analysis, built-in adaptation, monitoring adaptation
histories, stability metrics
■ Offline approaches should be extended to work online■ Online automated composition, online verification
37
December 200838
* The research leading to these results has received funding from the European Community's Seventh Framework Programme FP7/2007-2013 under grant agreement 215483 (S-Cube).
Thank you!*
December 2008