An Assumptions Management Framework for Systems Software

Critical systems in areas ranging from avionics to consumer car control systems are being built by integrating commercial-off-the-shelf (COTS) components. Software components used in these systems need to satisfy many formally unexpressed, yet necessary conditions, termed as assumptions, for their correct functioning. Invalid assumptions have been determined to be the root cause of failures in many such systems; for example, in the Ariane 5 rocket failure. In the current software engineering practices, many of these assumptions are not recorded in a machine-checkable format, which makes validating the assumptions a manual and an error-prone task. This thesis examines this problem in detail and evolves a framework, called the assumptions management framework (AMF), which provides a vocabulary for discussing assumptions, a language for encoding assumptions in a machine-checkable format and facilities to manage the assumptions in terms of composition and setting policies on assumption validation. A relevant subset of assumptions can be validated or flagged as invalid automatically as the system evolves. AMF allows the assumption specification process to blend with the components' source-code and architecture specification. This enables AMF to be applied to existing systems with minor or no modifications in components' implementation and design. Performance and scalability tests show that the AMF implementation is scalable to be applied to large-scale systems. Case-studies were conducted on representative systems to study the nature and number of defects caused by invalid assumptions. It was found that a significant number of defects in the systems studied had invalid assumptions as the root-cause. It was found that AMF has the ability to encode and validate majority of the assumptions that caused defects in these systems. This can prevent such defects in the future or warn in advance of potential defects when assumptions are invalid. Analyzing and correcting one of the invalid assumptions in Iperf, an end-to-end bandwidth measurement tool, resulted in significantly better bandwidth estimates by Iperf across high-bandwidth networks. In most cases, it also resulted in savings of over 90% in terms of both network traffic generated and bandwidth measurement times.

[1]  Steve Vinoski,et al.  CORBA: integrating diverse applications within distributed heterogeneous environments , 1997, IEEE Commun. Mag..

[2]  Douglas C. Schmidt,et al.  An overview of the Real-Time CORBA specification , 2000, Computer.

[3]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[4]  John Mylopoulos,et al.  On formal requirements modeling languages: RML revisited , 1994, Proceedings of 16th International Conference on Software Engineering.

[5]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[6]  Lui Sha Upgrading Embedded Software in the Field: Dependability and Survivability , 2002, EMSOFT.

[7]  Robert Szewczyk,et al.  System architecture directions for networked sensors , 2000, ASPLOS IX.

[8]  Eric Dubois,et al.  Elaborating, Structuring and Expressing Formal Requirements of Composite Systems , 1992, CAiSE.

[9]  Jeff Magee,et al.  The Koala Component Model for Consumer Electronics Software , 2000, Computer.

[10]  Brent Hailpern,et al.  Software debugging, testing, and verification , 2002, IBM Syst. J..

[11]  C. A. R. Hoare,et al.  Monitors: an operating system structuring concept , 1974, CACM.

[12]  Grady Booch From small to gargantuan [software development patterns] , 2006, IEEE Software.

[13]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[14]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[15]  Corina S. Pasareanu,et al.  Assume-guarantee verification of source code with design-level assumptions , 2004, Proceedings. 26th International Conference on Software Engineering.

[16]  Rob C. van Ommering Building product populations with software components , 2002, ICSE '02.

[17]  Kent L. Beck,et al.  Embracing Change with Extreme Programming , 1999, Computer.

[18]  Lui Sha,et al.  Etherware: domainware for wireless control networks , 2004, Seventh IEEE International Symposium onObject-Oriented Real-Time Distributed Computing, 2004. Proceedings..

[19]  Nancy G. Leveson,et al.  Intent specifications: an approach to building human-centered specifications , 1998, Proceedings of IEEE International Symposium on Requirements Engineering: RE '98.

[20]  Michael Huth,et al.  Assume-Guarantee Model Checking of Software: A Comparative Case Study , 1999, SPIN.

[21]  Lui Sha,et al.  Dependency algebra: a tool for designing robust real-time systems , 2005, 26th IEEE International Real-Time Systems Symposium (RTSS'05).

[22]  Dieter K. Hammer,et al.  Evaluation of static properties for component-based architectures , 2002, Proceedings. 28th Euromicro Conference.

[23]  Lui Sha,et al.  A Case Study on Analytical Analysis of the Inverted Pendulum Real-Time Control System , 1999 .

[24]  Thomas A. Henzinger,et al.  An assume-guarantee rule for checking simulation , 1998, TOPL.

[25]  Thomas Pfarr,et al.  The Integration of COTS/GOTS within NASA's HST Command and Control System , 2002, ICCBSS.

[26]  Bruce H. Krogh,et al.  Lightweight detection and classification for wireless sensor networks in realistic environments , 2005, SenSys '05.

[27]  Maurizio Morisio,et al.  Investigating and improving a COTS-based software development process , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[28]  Jean-Marc Jézéquel,et al.  Design by Contract: The Lessons of Ariane , 1997, Computer.

[29]  P. Lago,et al.  Explicit assumptions enrich architectural models , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[30]  Marco Caccamo,et al.  A robust implicit access protocol for real-time wireless collaboration , 2005, 17th Euromicro Conference on Real-Time Systems (ECRTS'05).

[31]  Douglas C. Schmidt,et al.  A high-performance end system architecture for real-time CORBA , 1997, IEEE Commun. Mag..

[32]  David E. Culler,et al.  TOSSIM: accurate and scalable simulation of entire TinyOS applications , 2003, SenSys '03.

[33]  Lui Sha,et al.  Prevention of failures due to assumptions made by software components in real-time systems , 2005, SIGBED.

[34]  Brian Ellis,et al.  VEST: an aspect-based composition tool for real-time systems , 2003, The 9th IEEE Real-Time and Embedded Technology and Applications Symposium, 2003. Proceedings..

[35]  Peter H. Feiler,et al.  Impact analysis in real-time control systems , 1999, Proceedings IEEE International Conference on Software Maintenance - 1999 (ICSM'99). 'Software Maintenance for Business Change' (Cat. No.99CB36360).

[36]  Douglas C. Schmidt,et al.  The design and implementation of real-time CORBA 2.0: dynamic scheduling in TAO , 2004, Proceedings. RTAS 2004. 10th IEEE Real-Time and Embedded Technology and Applications Symposium, 2004..

[37]  Douglas C. Schmidt,et al.  Ultra-Large-Scale Systems: The Software Challenge of the Future , 2006 .

[38]  Larry L. Peterson,et al.  TCP Vegas: End to End Congestion Avoidance on a Global Internet , 1995, IEEE J. Sel. Areas Commun..

[39]  B. Kitchenham,et al.  Case Studies for Method and Tool Evaluation , 1995, IEEE Softw..

[40]  Damir Isovic Components in Real-Time Systems , 2002 .

[41]  Jean C. Walrand,et al.  Analysis and comparison of TCP Reno and Vegas , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[42]  Thomas A. Henzinger,et al.  You Assume, We Guarantee: Methodology and Case Studies , 1998, CAV.

[43]  Gabor Karsai,et al.  The Generic Modeling Environment , 2001 .

[44]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[45]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[46]  Grigore Rosu,et al.  Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation , 2003, RV@CAV.

[47]  Nancy G. Leveson,et al.  Completeness and Consistency in Hierarchical State-Based Requirements , 1996, IEEE Trans. Software Eng..