Synthesis and Quantitative Verification of Tradeoff Spaces for Families of Software Systems [chapter]

Javier Cámara, David Garlan, Bradley Schmerl
2017 Lecture Notes in Computer Science  
Designing software subject to uncertainty in a way that provides guarantees about its run-time behavior while achieving an acceptable balance between multiple extra-functional properties is still an open problem. Tools and techniques to inform engineers about poorly-understood design spaces in the presence of uncertainty are needed. To tackle this problem, we propose an approach that combines synthesis of spaces of system design alternatives from formal specifications of architectural styles
more » ... h probabilistic formal verification. The main contribution of this paper is a formal framework for specification-driven synthesis and analysis of design spaces that provides formal guarantees about the correctness of system behaviors and satisfies quantitative properties (e.g., defined over system qualities) subject to uncertainty, which is factored as a first-class entity. systems) that can be captured in the form of probability distributions (e.g., over the response time of a Web service, fault occurrence). For a designer, it is difficult to envisage how these uncertainties will affect overall system behavior and qualities, despite the fact that they can sometimes have a remarkable impact on them. Often, design spaces are also constrained by the need to design systems within certain patterns or constraints that comprise an architectural style. Architectural styles [23] characterize the design space of families of software systems in terms of patterns of structural organization, defining a vocabulary of component and connector types, as well as a set of constraints on how they can be combined. Styles help designers constrain design space exploration to within a set of legal structures that the system must conform to. However, while the structure of a system may be constrained by some style, there is still considerable design flexibility left for exploring the tradeoffs on many of the qualities that a system must achieve. Formal characterization of architectural styles combined with formal methods like Alloy [11] have proved to be a valuable tool to aid designers in exploring rich solution spaces, by synthesizing possible system configurations that satisfy the constraints imposed by a given architectural style [3, 7, 19] . However, these solutions tend to focus on structural properties, and when available, analysis of system behaviors and qualities are performed separately. So, these approaches are limited in their ability to consider interactions between behavioral properties and qualities (e.g., impact of failure in serving a request and a subsequent retry on overall system performance). Moreover, the approaches that explore non-structural properties tend to be based either on dynamic analysis or simulations. Such approaches cannot exhaustively explore the state space of design alternatives or provide formal guarantees that encompass both their behavior and qualities (both in general, and in particular, in the presence of uncertainties). Architects need tools and techniques that can help them explore this complex design space and guide them to good designs. Providing such tool support demands investigating questions such as: (i) how to integrate formal descriptions of structural, behavioral, and quality aspects of design alternatives to enable integrated reasoning about all these aspects, and (ii) how to effectively streamline the exploration of the solution space while providing formal guarantees about solutions in the presence of uncertainty (e.g., with respect to correctness of behaviors, or quantitative and structural constraints). This paper explores these questions by introducing a formal framework that enables the: (i) exhaustive exploration of a rich space of design alternatives by automatically synthesizing architecture configurations that satisfy the constraints imposed by an architectural style, and (ii) provision of formal guarantees with respect to the functional behaviors and qualities (i.e., extra-functional properties) of configurations by analyzing exhaustively the state space of each configuration's behavior. Our framework explicitly considers interactions between functional behaviors and extra-functional properties while factoring in uncertainty as a first-class entity. The framework is grounded on two related formalisms: (i) predicate logic and sets capture the structural aspects of system configurations, and (ii) probabilistic automata and formal quantitative verification (e.g., probabilistic model checking [15] ) capture behavior and qualities.
doi:10.1007/978-3-319-65831-5_1 fatcat:67bfzlpgubhhfbo5gzoy2xww7q