Evaluating the Correctness and Effectiveness of a Middleware QoS Configuration Process in DRE Systems Institute for Software Integrated Systems Dept of EECS, Vanderbilt University Nashville, TN, USA Amogh Kavimandan, Anantha Narayanan, Aniruddha Gokhale, Gabor Karsai [email protected]www.dre.vanderbilt.edu/~gokhale Presented at ISORC 2008, Orlando, FL May 5-7, 2008
28
Embed
Evaluating the Correctness and Effectiveness of a Middleware QoS Configuration Process in DRE Systems Institute for Software Integrated Systems Dept of.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Evaluating the Correctness and Effectiveness of a Middleware QoS
Configuration Process in DRE Systems
Institute for Software Integrated Systems
Dept of EECS, Vanderbilt UniversityNashville, TN, USA
• What vs how - Middleware platforms provide what is required to achieve system QoS not always how it can be achieved• No centralized orchestrator to realize QoS
RTAS 2008: Model transformation algorithms for CCM/RT
QoS Policy Modeling
request/response
publish/subscribe
brokered notification
reliable messaging
Validation & Verification
ComponentS2
S3S4
S1
ComponentS2
S3S4
S1
ComponentS2
S3S4
S1
ComponentS2
S3S4
S1
10
ISORC 2008: Evaluating QUICKER
1. Is the transformation process correct?• We use structural
correspondence to prove the transformations correct
2. Are the generated artifacts correct?• We use model
checking
3. Do the generated configurations deliver the desired QoS?• We use empirical
validation
QoS Configurations
Metamodel
Target Model
instanceof
Graph Rewriting Rules
G G’ G G’
G G’ G G’ G G’
Requirements Metamodel
Source Model
instanceof
Transformation Engine
Model Transformation
Non-functional Analysis
DRE Developer
System QoS Configuration
Evolution
System-level QoS
requirements
Requirements Metamodel
QoS Configurations
Metamodel
QoS Mapping
QoS Policy Modeling
request/response
publish/subscribe
brokered notification
reliable messaging
Focus on the correctness & effectiveness of our QoS configuration process
• Verification framework• Specify correctness properties at meta-level• Add annotations for each instance (correspondence rules)• Use annotations to automatically verify whether the instances
satisfy the correctness properties
• We do not attempt to prove the general correctness of the transformation itself
Source Meta
Target Meta
Source Model
Target Model
CorrectnessSpecification
Model Transformation
CorrectnessChecker
AnnotationsCertificate
(1) Verifying the Correctness of QoS Mapping Algorithms
• Add cross links to identify corresponding elements• Rules specify correspondence conditions for selected types• At the end of the transformation, the instance models are checked
if they satisfy all the correspondence conditions
Input Model Output Model
CorrespondenceRules
crosslink
(1) Verifying the Correctness of QoS Mapping Algorithms
12
13
Container
COMPONENTEXECUTORS
ComponentHome
POA
CallbackInterfaces
I nt e
r na
lIn
terf
ac e
s
Eve
ntS
inks
Face
t s
Rec
ep
t acl
esE
ven
tS
ou
r ce
s
ComponentReference
Co
mp
on
en
t C
on
t ex
t
COMPONENT SERVER 1
Container
COMPONENTEXECUTORS
ComponentHome
POA
CallbackInterfaces
I nte
r na
lI n
t erf
ace
s
Ev
ent
Sin
ksF
ace
t s
Re
ce
pt a
cle
sE
v en
tS
ou
rce
s
ComponentReference
Co
mp o
nen
t C
on
t ex
t
COMPONENT SERVER 2
ORB
End-to-End PriorityPropagation
ThreadPools
Portable PrioritiesProtocol Properties
Priority Band
• Dependencies may span beyond “immediate neighbors”, e.g.,
– application execution path
– components belonging to separate assemblies
• Empirically validating configuration changes slows down development & QA process considerably
• Several iterations before desired QoS is achieved (if at all)
Container
COMPONENTEXECUTORS
ComponentHome
POA
CallbackInterfaces
I nt e
r na
lIn
terf
ac e
s
Eve
ntS
inks
Face
t s
Rec
ep
t acl
esE
ven
tS
ou
r ce
s
ComponentReference
Co
mp
on
en
t C
on
t ex
t
COMPONENT SERVER 1
Assembly 1 Assembly n
PriorityModel
Priority Band
(2) Verifying the Generated QoS Configurations
Comm<Lanes, PModel>
Ana1<Bands>
Ana2<Bands>
Ana3<Bands>
Flt1<Bands>
Flt2<Bands>
Flt3<Bands>
Gzm1<Bands>
Gzm2<Bands>
Gzm3<Bands>
Depends on
options of dependent component(s) triggers detection of potential mismatches• e.g., dependency between Gizmo invocation priority & Comm lane priority
14
• Leveraging Bogor model checking framework• Dependency structure
maintained in Bogor used to track dependencies between QoS options of components, e.g.:
– Analysis & Comm are connected
– Gizmo & Comm are dependent
• Change(s) in QoS
Detect mismatch if either values change
(2) Verifying the Generated QoS Configurations
15
• Representation of middleware QoS options in Bogor model-checker
• BIR extensions allow representing domain-level concepts in a system model
• QUICKER defines new BIR extensions for QoS options
– Allows representing QoS options & domain entities directly in a Bogor input model
– e.g., CCM components, Real-time CORBA lanes/bands are first-class Bogor data types
• Reduces size of system model by avoiding multiple low-level variables to represent domain concepts & QoS options
(3) Verifying the Generated QoS Configurations
16
• Representation of properties (that a system should satisfy) in Bogor
• BIR primitives define language constructs to access & manipulate domain-level data types, e.g.:
– Used to define rules that validate QoS options & check if property is satisfied
• Automatic generation of BIR of DRE system from QUICKER-generated output models
Model interpreters auto-generate Bogor Input Representation of a system from its model
(3) Verifying the Generated QoS Configurations
of correctness of QUICKER’s QoS configuration
process• Verified the generated QoS configurations through model-checking
• QUICKER toolchain provides
• QoS requirements modeling languages
• QoS mapping algorithms for mapping requirements to middleware QoS options
• We discussed verification
Model Transformation
Non-functional Analysis
DRE Developer
System QoS Configuration
Evolution
System-level QoS
requirements
Requirements Metamodel
QoS Configurations
Metamodel
Validation & Verification
ComponentS2
S3S4
S1
ComponentS2
S3S4
S1
ComponentS2
S3S4
S1
ComponentS2
S3S4
S1
QoS Configurations
Metamodel
Target Model
instanceof
Graph Rewriting Rules
G G’ G G’
G G’ G G’ G G’
Requirements Metamodel
Source Model
instanceofQoS Policy Modeling
request/response
publish/subscribe
brokered notification
reliable messaging
QoS Mapping
Transformation Engine
20
Concluding Remarks
QUICKER can be downloaded from www.dre.vanderbilt.edu/CoSMIC/
• Verified the correctness of QoS Mapping Algorithms through structural correspondence• Empirically validated the configurations by applying the QUICKER process to
representative DRE system case study• Future work based on capturing variability in requirements & middleware
Questions?
21
1-5 10-20 21-100
BACKUP
deve
lops
QoS Design
Multi-service Levels
Preserve invocn. priority
Event delivery on-demand
Event Filtering
Prioritize invocations
Component
Impl Impl Impl
Properties Properties
deploys
Application Specification
Platform Specification
Overview of QUICKER: Specifying QoS Requirements• Challenge 1. QoS
requirements specification
• DRE developers are domain experts who understand domain-level issues, system QoS specification must be expressible at the same level of abstraction
23
24
• Challenge 1. QoS requirements specification
• DRE developers are domain experts who understand domain-level issues, system QoS specification must be expressible at the same level of abstraction
• Large gap between what is required (by the application) and how it can be achieved (by the middleware platform)
• Configurations can not be reused; difficult to scale to large-scale systems
deve
lops
QoS Design
Multi-service Levels
Preserve invocn. priority
Event delivery on-demand
Event Filtering
Prioritize invocations
Component
Impl Impl Impl
Properties Properties
deploys
Application Specification
Platform Specification
Overview of QUICKER: Specifying QoS Requirements
25
• Application requirements are expressed as QUICKER QoS policy models
• QUICKER captures policies in a platform-independent manner
– Specifying QoS is tantamount to answering questions about application; rather than using low-level mechanisms (such as type of publisher proxy collection, event dispatching mechanism etc.) to achieve QoS
Require support for request buffering.
Gizmo 1Gizmo 2Gizmo 3
Filter 1Filter 2Filter 3
Analysis 1Analysis 2Analysis 3
Comm Ground
Science Agent
Requests executed at the invocation priority.
Support varying service levels for clients.
Requires concurrency support in order to handle all Gizmo requests.
Overview of QUICKER: Specifying QoS Requirements
• Representation at multiple levels of granularity– e.g., component- or assembly-level
26
• Application requirements are expressed as QUICKER QoS policy models
• QUICKER captures policies in a platform-independent manner
– Specifying QoS is tantamount to answering questions about application; rather than using low-level mechanisms (such as type of publisher proxy collection, event dispatching mechanism etc.) to achieve QoS
Requirement
OutEventPort
InEventPort
RequiredRequestPort
ProvidedRequestPort
RequestConnectorEventConnector
*
-src0..*
-dst0..*
*
*-src0..1
-dst0..*
*
Component
ComponentAssembly
1
0..*
1
0..*
1
0..*
1
0..*
1
0..*
-src*
-dst1
-src*
-dst1
-src
*
-dst
1
-src
*
-dst
1
Overview of QUICKER: Specifying QoS Requirements
27
• Benefits of QUICKER QoS policy modeling
• QoS policy specifications can be containment inherited, reused
• QoS policy inherited by all contained objects
• More than one connections can share QoS policies
• Scalable, flexible QoS policy models
Overview of QUICKER: Specifying QoS Requirements
28
Pub-side filtering Sub-side filteringEvent-type
filtering
Dispatching Scheduling
Event Grouping Pub-proxy collection
Sub-proxy collection
Event TimeoutObserverPub-disconnect
control
Sub-disconnect control
// Get the correct bands from the <server_declared_obj>. policies[0] = server_declared_obj->_get_policy (RTCORBA::PRIORITY_BANDED_CONNECTION_POLICY_TYPE); RTCORBA::PriorityBandedConnectionPolicy_var