Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.
-
Upload
darren-rice -
Category
Documents
-
view
214 -
download
0
Transcript of Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.
![Page 1: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/1.jpg)
Self-healing Software Systems
Mauro PezzèUniversity of Lugano
and
University of Milano Bicocca
![Page 2: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/2.jpg)
Why self healing?
Software fails
Verification & validation are hard
New factors amplify problemsdynamic behavior / emerging scenariosunexpected environment interactionsmulti vendors / multi owners
![Page 3: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/3.jpg)
Dynamic autonomous changesthe provider
independentlyupdates
the service implementation
the application dynamicallyreconfigure the services
Servicebroker
Serviceprovider
Servicerequestor
publish
find
com
mun
icat
e
bind
the broker dynamically
discovernew service
statically unpredictable evolution
![Page 4: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/4.jpg)
unpredictable environment interactions
statically unpredictabl
e interactions
![Page 5: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/5.jpg)
Multi vendors / owners
![Page 6: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/6.jpg)
Multi vendors / owners
![Page 7: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/7.jpg)
Self-healing
![Page 8: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/8.jpg)
Self-healing natural systems
![Page 9: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/9.jpg)
Self-healing software systems?
• similarly to natural systems– focus on some classes of problems– maybe incomplete recovery– may imply changes in the body– does not work for all problems
• differently from natural systems– recover from expected as well as unexpected
problems– built-in as well as emerging mechanisms– potentially hazardous novel interactions
![Page 10: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/10.jpg)
Inspire
but
not copy
from natural systems
![Page 11: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/11.jpg)
focus on some classes of problems
Integration failures• common in presence of evolving/emerging
behaviors• often due to uncovered incompatibilities -
misunderstandings• hard/impossible to identify during classic
testing• easy to correct once diagnosed
![Page 12: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/12.jpg)
Inconsistent interpretation of parameters or values
Mars Climate Orbiter
FAULTmeters – yard mismatch
FIXconverter
![Page 13: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/13.jpg)
Violations of domains, capacity, size
Buffer overflow
FAULTmeters – yard mismatch
FIXconverter
![Page 14: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/14.jpg)
…Integration Faults
Side effects on parameters or resourcesFAULT
conflict on temporary fileFIX
rename
misunderstood functionalityFAULT
Inconsistent interpretation of web hits
FIXconvert
![Page 15: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/15.jpg)
Explicit control loops
![Page 16: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/16.jpg)
IBM
![Page 17: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/17.jpg)
Shaw
![Page 18: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/18.jpg)
Detect failuresautomatically
![Page 19: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/19.jpg)
Detecting failures automatically
• Application independent failures– memory faults– deadlocks– race conditions– Exceptions
• Application dependent failures– Oracles– Assertions
![Page 20: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/20.jpg)
From design specs to code assertions
![Page 21: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/21.jpg)
setIdpublic abstract void setId(java.lang.String id) Set the component identifier of this UIComponent (if any). […] Component identifiers must obey the following semantic restrictions (note that this restriction is NOT enforced by the setId() implementation):
• The specified identifier must be unique among all the components […] that are descendents of the nearest ancestor UIComponent [...], or within the scope of the entire component tree […].
JSF Specification 1.2, javax.faces.component.UIComponent
Getting Assertions Right
![Page 22: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/22.jpg)
public class UIComponent {private String id = “default”;
public UIComponent(String id) {this.id = id;
}
public void setId(String id) {this.id = id;
}
public void doSomething() {this.id = “whatever”;
}}
![Page 23: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/23.jpg)
requirementJava service
pages specification
Java server faces
implementation
annotation
generation
![Page 24: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/24.jpg)
Observations
• 1 Property = 56 Assertions
![Page 25: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/25.jpg)
Properties and Frequency
Property Description occurrences (spec)
Explicit/comparable
Classes have to implement specific interface directly
20
Caching Correct caching protocol
Concurrency Race conditions 48
Immutability Object state may not change 25
Initialization Specific component/class initialization before use
36
Language Data values must match a regular language
3
Resource Mgmt Locking/releasing resources 8
Uniqueness Objects must be unique within their context
25
![Page 26: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/26.jpg)
Property Description occurrences (spec)
occurrences (bugs)
Explicit/comparable
Classes have to implement specific interface directly
20 3
Caching Correct caching protocol 3
Concurrency Race conditions 48 11
Immutability Object state may not change 25 2
Initialization Specific component/class initialization before use
36 10
Language Data values must match a regular language
3 9
Resource Mgmt Locking/releasing resources 8 3
Uniqueness Objects must be unique within their context
25
Properties and Frequency
![Page 27: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/27.jpg)
Property Description occurrences (spec)
occurrences (bugs)
Explicit/comparable
Classes have to implement specific interface directly
20 6
Immutability Object state may not change 25 2
Initialization Specific component/class initialization before use
36 10
Language Data values must match a regular language
3 9
Uniqueness Objects must be unique within their context
25
Properties and Frequency
![Page 28: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/28.jpg)
PropertiesProperties
Runtime ChecksRuntime Checks
Concept
UML Stereotypes
UML Stereotypes
AJ AdviceAJ Advice
Prototype
Platform independent
Platform specific
Pro
pert
y T
em
pla
tes
✔
![Page 29: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/29.jpg)
Diagnosing Faults
![Page 30: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/30.jpg)
Debugging
• hard manual activity• compare multiple execution
(need multiple runs)
![Page 31: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/31.jpg)
Locating faults automatically
![Page 32: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/32.jpg)
Infer information from running
systems
![Page 33: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/33.jpg)
Generating models from system runs
![Page 34: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/34.jpg)
System behavior
![Page 35: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/35.jpg)
System behavior
![Page 36: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/36.jpg)
Reality is Different!
Over-Generalization Over-Restriction
Over-Generalizationand
Over-Restriction
![Page 37: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/37.jpg)
Models derived dynamically …
1 2
a
3
c
4 5
d f
eb
x < 0
kTail Daikon
Adabu gkTail
![Page 38: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/38.jpg)
kTail
A. Biermann and J. Feldman. On the synthesis of
finite state machines from samples of their behavior.
IEEE Transactions on Computer, 21:592–597, 1972.
![Page 39: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/39.jpg)
From Sequence of Events to Protocols
a -> a -> a -> b -> ca -> b -> ca -> a -> b -> ca -> a -> a -> a -> a -> c
![Page 40: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/40.jpg)
kTail
a -> a -> a -> b -> ca -> b -> ca -> a -> b -> ca -> a -> a -> a -> a -> c
(1)
(2)
TRACESPTA
FSA
![Page 41: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/41.jpg)
Build the PTA
(1)
TRACES
PTA
a -> a -> a -> b -> ca -> b -> ca -> a -> b -> ca -> a -> a -> a -> a -> c
![Page 42: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/42.jpg)
k=2
2-future(2) = {aa,ab,bc}2-future(5) = {aa, bc}2-future(11) = {}2-future(8) = {c}…
2 FUTURES
![Page 43: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/43.jpg)
2-future(8) = {c} 2-future(12) = {c}
![Page 44: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/44.jpg)
![Page 45: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/45.jpg)
2-future(11) = {} 2-future(13) = {}
![Page 46: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/46.jpg)
![Page 47: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/47.jpg)
2-future(2) = {aa, ab, bc} 2-future(3) = {aa, ab, bc}
![Page 48: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/48.jpg)
![Page 49: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/49.jpg)
…
![Page 50: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/50.jpg)
![Page 51: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/51.jpg)
Observations
KOver-
restriction
Over-generalization
only local
![Page 52: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/52.jpg)
Daikon
![Page 53: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/53.jpg)
totalCostunitCost
43
1
7
…
53
8
12
…
_ + _ _ < _
_=_
_ * _
unitCost = totalCostunitCost < totalCostunitCost <= totalCostunitCost + totalCost > unitCost…
preserve expressions with perfect confidence
unitCost <= totalCostunitCost + totalCost > unitCosttotalCost > 0…
1 < _
remove properties that are not statistically relevant
unitCost <= totalCostunitCost + totalCost > unitCosttotalCost > 0
remove redundant properties
unitCost <= totalCosttotalCost > 0
Daikon in a nutshell
![Page 54: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/54.jpg)
Adabu
![Page 55: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/55.jpg)
ADABU = Learning how objects can be used
…and add state observers
run…
… and trace
infer the model
Statically analyze target class…
![Page 56: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/56.jpg)
Analyze
public int getAge() {
return age;
}
Inspector Method= no void no parameters
no side effects
Mutator = NOT Inspector Method
and instrumentall the inspector methods are invoked before and
after execution of mutators
![Page 57: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/57.jpg)
Vector• has 9 inspectors, example with 3
( isEmpty(), capacity(), size())
• Traces are sequences of <state, method, state>
• Example
(true, 20, 0) (true, 20, 0)
![Page 58: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/58.jpg)
From Concrete States to Abstract States
(true, 20, 0) (isEmpty(), capacity()>0, size()=0)
numerical values
references
enumerations and boolean
<0, =0, >0
null, !null
concrete value
abstraction rules
![Page 59: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/59.jpg)
(true, 20, 0) (true, 20, 0)
![Page 60: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/60.jpg)
gkTail
![Page 61: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/61.jpg)
Motivating Example a catalog interacts with an imageDB component
only if the added item is associated with a picture, i.e., the picture attribute is different from null
catalog.addItem
catalog.addItem
imageDB.addPicture
catalog.addItem
catalog.addItem
imageDB.addPicture
item.getPicture() != null
item.getPicture() == null
![Page 62: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/62.jpg)
GKTail
merge similar traces
Derive guards
Synthese EFSMs
![Page 63: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/63.jpg)
Merge Similar Traces
merge
![Page 64: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/64.jpg)
Derive Guards
x≥0
processed events events to be processed
x≥1
x=00≤y ≤20
x=0y=0,x=0y=20
Daikon
![Page 65: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/65.jpg)
Synthese EFSM - PTA
0 1 2 3 4 5 6
m1
0≤x≤15
m1
x=1
m2
x=0y=0x=y
m3
z={’IT’,’UK’}
m1
x=0
m2
x=00≤y≤20
8 9 10 11 12 13
m3
z=’UK’
m3
z=’UK’
m2
x=0y=3
m3
z=’UK’
m1
x=0
m2
x=0y=15
22 23 24 25 26 27
m1
x=0m1
x=1
m2
x=0y=0x=y
m3
z=’IT’
m3
z=’IT’
m2
x=0y=30
![Page 66: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/66.jpg)
3
8 9
m3
z=’UK’
m1
x=1
m2
x=0y=3
3
Synthese EFSM - K-future
0 1 2 3
m1
0≤x≤15
m1
x=1
m2
x=0y=0x=y
8 9
m3
z=’UK’
m3
z=’UK’ m2
x=0y=3
23 24
m1
x=1 m2
x=0y=0x=y
m1
x=1
0 1 2
m1
0≤x≤15
m1
x=1
8 9
m3
z=’UK’
m3
z=’UK’
23
m1
x=1
2Future(0)
2Future(8)
![Page 67: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/67.jpg)
Merge states - Equivalence
4
1 2
m3
z=’UK’
m1
x=1
m2
x=0y=3
3
108 9
m3
z=’UK’
m1
x=1 m2
x=0y=3
1 is 2-equivalent to 8
![Page 68: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/68.jpg)
Merge states – Weak Subsumption
4
1 2
m3
z=’UK’
m1
x=1
m2
x≥0y=3
3
108 9
m3
z=’UK’
m1
x=1 m2
x=0y=3
1 2-weakly subsumes 8
![Page 69: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/69.jpg)
Merge states– Strong Subsumption
4
1 2
m3
z=’UK’
m1
x=1
m2
x≥0y=3
3
8 9
m3
z=’UK’
m1
x=1
1 2-strongly subsumes 8
![Page 70: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/70.jpg)
Example
weak-subsumption with k=2
y≤20
![Page 71: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/71.jpg)
Example
weak-subsumption with k=2
y≤20
![Page 72: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/72.jpg)
Example
y≤20
![Page 73: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/73.jpg)
Result
0 1 2 3 4 5 6
m1
0≤x≤15---
nUsr = 1
m1
x=1---
nUsr=2
m2
x=0y=0x=y
m3
z={’IT’,’UK’}m1
x=0---
nUsr=3
m2
x=00≤y≤20
8 9 12 13
m3
z=’UK’
m3
z=’UK’
m2
y>x
m1
x=0----
nUsr=3
m2
x=0y≤15
24 25 26 27
m2
x=0y=0x=y
m3
z=’IT’
m3
z=’IT’
m2
x=0y=30
m1
x=0---
nUsr = 3
y≤20
![Page 74: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/74.jpg)
Inference
Any algorithm can be applied to derive a model from a rewritten trace
kBehavior
• incremental• based on merging of patterns rather than states
![Page 75: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/75.jpg)
a b b f d e d e
kBehavior by example
1 2
a
3
c
4 5
d f
eb f
a b b f d e d e c
6
c
a b b d e d ec k = 2
![Page 76: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/76.jpg)
Recursion
a b a h j h j h j l
a b a h j h j h j l
![Page 77: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/77.jpg)
Spurious Loop Avoidance
h
a c h d e d f
a c d e d fh
![Page 78: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/78.jpg)
Spurious Loop Avoidance
a c h d e d f
a c d e d fh
![Page 79: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/79.jpg)
Locating faults automatically though behavioral anomalies
![Page 80: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/80.jpg)
Inferred Behavior
Program Behavior
Legal Behavior
Failing Behavior
![Page 81: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/81.jpg)
example
• known issue in Tomcat 6.0.0 (to 6.0.9)
![Page 82: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/82.jpg)
Locating faults is difficult when faults are far from failures
Web
App
1
Web
App
2
Web
App
3
Servlet Catalina
TomcatJasper
public void lifecycleEvent(LifecycleEvent event) { … this.getClass().getClassLoader().loadClass ("org.apache.jasper.compiler.JspRuntimeContext");…
public void lifecycleEvent(LifecycleEvent event) { … this.getClass().getClassLoader().loadClass ("org.apache.jasper.compiler.JspRuntimeContext");…
failure
fault
![Page 83: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/83.jpg)
Locating faults
Web
App
1
Web
App
2
Web
App
3
Servlet Catalina
TomcatJasper
capturecorrect
behavior
tracefailing
executions
locatefaulty
components
AnomalyAnomalyAnomaly
parameter[0] == “localhost”parameter[1] == 8080
GenericServlet.<init>
JspFactory.<clinit>JspFactory.<init>
URL.getFile
URL.getPotocol
Log.log
![Page 84: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/84.jpg)
trace failing executions
We
bA
pp1
We
bA
pp2
We
bA
pp3
Servlet Catalina
TomcatJasper
Anomaly 1Bootstrap init
HostConfig start
HostConfig deployWar
StandardManager start
Anomaly 2: IO, JspFactory.getDefaultFactory returnValue != null does not hold
Anomaly 4
Anomaly 3: FSA for JspServlet.init in state q7, unexpected event: JspFactory.<init>
...
...
...
...Failure
May 7, 2009 11:16:10 PM org.apache.catalina.core.StandardHost startINFO: XML validation disabledMay 7, 2009 11:16:10 PM org.apache.catalina.startup.HostConfig deployWARINFO: Deploying web application archive ELResolverTest.warMay 7, 2009 11:16:34 PM org.apache.catalina.core.StandardContext startSEVERE: Error listenerStartMay 7, 2009 11:16:34 PM org.apache.catalina.core.StandardContext startSEVERE: Context [/ELResolverTest] startup failed due to previous errorsMay 7, 2009 11:19:45 PM org.apache.coyote.http11.Http11Protocol startINFO: Starting Coyote HTTP/1.1 on http-8080
monitor
![Page 85: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/85.jpg)
Eliminate spurious anomalies
System Failure!!
unexpectedinteraction!
unexpectedinteraction!
unexpectedinteraction!
unexpectedvalue!
unexpectedvalue!
violations detected during both successful and failing executions are ignored
violations detected during failing executions only are re-arranged according to likely cause-effects
![Page 86: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/86.jpg)
locate faulty components
ContainerBase.start
LifecycleSupport.fireLifecycleEvent
HostConfig.lifecycleEvent
HostConfig.start
ChipsListener.contextInitialized
JspFactory.<clinit>
Process
JspFactory.getDefaultFactory
Bootstrap.main
JspFactory.<init>
LogFactory.getLog...
...
...
...
...
anomaly graph
dynamic call tree
extract
![Page 87: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/87.jpg)
Building Anomaly Graphs
Dynamic call graph for the Tomcat case study
initial anomaly graph
![Page 88: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/88.jpg)
Anomaly Graphs Can Be Messy
• initial anomaly graph for a bug in Eclipse 3.3– multiple issues – false positives
![Page 89: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/89.jpg)
locate faulty components
ContainerBase.start
LifecycleSupport.fireLifecycleEvent
HostConfig.lifecycleEvent
HostConfig.start
ChipsListener.contextInitialized
JspFactory.<clinit>
Process
JspFactory.getDefaultFactory
Bootstrap.main
JspFactory.<init>
LogFactory.getLog...
...
...
...
... cluster
anomaly graph
dynamic call tree faulty locations
extract
![Page 90: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/90.jpg)
Refining Anomaly Graphs
• incrementally remove nodes with highest weights,
• measure coesion of the single resulting graphs– when removing edges the initial graph is
partitioned into multiple graphs
• stop the process when cohesion does not significantly improve anymore
![Page 91: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/91.jpg)
Stopping Criterion
biggest change
edges with weights greater than this value are removed
Inverse cohesion of single graphs
![Page 92: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/92.jpg)
Results
inspect big firstfirst two graphs
enough to explain the problem
![Page 93: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/93.jpg)
Fixing faultsautomatically
![Page 94: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/94.jpg)
Fixing faults automatically
• Application-independent approaches– Reboot/micro-reboot/rejuvenation
• Design redundancy– Multi version programming– Exception handling– Wrappers
• Genetic approaches• Exploit intrinsic redundancy
![Page 95: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/95.jpg)
Automatic workarounds
![Page 96: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/96.jpg)
Manual workaround:exploiting intrinsic redundancy
✖✔
Your family == Anyone, Your family
![Page 97: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/97.jpg)
Exploiting intrinsic redundancy automatically
Your family = Anyone, Your familyequivalent sequences
![Page 98: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/98.jpg)
Equivalent sequences
Functionally null operations Idempotent operations
Alternative operations
affect timing, scheduling, not functionality
setTimeout()
globally invariant functional effect
m.hide(); m.show()
sequences of operations that have the same intended effect
setTag(‘tag1’,‘tag2’);setTag(‘tag1); addTag(‘tag2’);
![Page 99: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/99.jpg)
Functionally null operations
issue 519
map = new GMap2(document.getElementById("map"));map.setCenter(new GLatLng(37,-122),15);map.openInfoWindow(new GLatLng(37.4,-122), 'Hello World!');
map = new GMap2(document.getElementById("map"));setTimeout(“map.setCenter(new GLatLng(37,-122),15)”,500);map.openInfoWindow(new GLatLng(37.4,-122), 'Hello World!');
![Page 100: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/100.jpg)
Idempotent operations
issue 1305
polyline.enableDrawing();
v = polyline.deleteVertex(polyline.getVertexCount()-1)polyline.insertVertex(polyline.getVertexCount()-1,v);polyline.enableDrawing();
![Page 101: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/101.jpg)
Alternative operations
issue 585map.addOverlay(first);
function showOverlay(){ first.show();}function hideOverlay(){first.hide();}
map.addOverlay(first);
function showOverlay(){ map.addOverlay(first); first.show();}function hideOverlay(){ map.removeOverlay(first);}
![Page 102: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/102.jpg)
From equivalent sequences to workarounds
•Each equivalent sequence has a priority:
setTimeout - setCenter add() -> add() show()
Successful workaround: 7
No. times used: 14
Priority = <success rate, success>
✔
Priority = <1/2, 7>
Successful workaround: 1
No. times used: 2
Priority = <1/2, 2>
![Page 103: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/103.jpg)
Check system consistency
![Page 104: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/104.jpg)
Open problems
• Check that the changes fix the problem– Invariants– Oracles– Models of correct execution
![Page 105: Self-healing Software Systems Mauro Pezzè University of Lugano and University of Milano Bicocca.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649de75503460f94ae133d/html5/thumbnails/105.jpg)
Societies of digital systems