Software Architecture

Industrial control systems (e.g. programmable logic controllers, PLC or distributed control systems, DCS) cyclically execute control algorithms to automated production processes. Nowadays, for many applications their deployment is moving from dedicated embedded controllers into more flexible container environments, thus becoming “Virtual PLCs”. It is difficult to update such containerized Virtual PLCs during runtime by switching to a newer instance, which requires transferring internal state. Former research has only proposed dynamic update approaches for single embedded controllers, while other work introduced special Kubernetes (K8s) state replication approaches, which did not support cyclic real-time applications. We propose a dynamic update mechanism for Virtual PLCs deployed as K8s microservices. This approach is based on a purpose-built K8s Operator and allows control application updates without halting the production processes. Our experimental validation shows that the approach can support the internal state transfer of large industrial control applications (100.000 state variables) within only 15% of the available cycle slack time. Therefore, the approach creates vast opportunities for updating applications on-the-fly and migrating them between nodes in a cloud-native fashion.

The use of models and formal analysis techniques at runtime is fundamental to address safety assurance during the system operational stage, when all relevant uncertainties and unknowns can be resolved. This paper presents a novel approach to runtime safety enforcement of software systems based on the MAPE-K control loop architecture for system monitoring and control, and on the Abstract State Machine as runtime model representing the enforcement strategy aimed at preserving or eventually restoring safety. The enforcer software is designed as an autonomic manager that wraps around the software system to monitor and manage unsafe system changes using probing and effecting interfaces provided by the system, so realising grey-box safety enforcement. The proposed approach is supported by a component framework that is here illustrated by means of a case study in the health-care domain.

In this paper, we present a precise and yet concise characterisation of autonomous systems. To the best of our knowledge, there is no similar work, which through a mathematical definition of terms provides a foundation for describing the systems of the future: autonomous software-intensive systems and their architectures. Such systems include robotic taxi as an example of 2D mobility, or even drone/UAV taxi, as an example in the field of 3D urban air mobility. The presented terms lead to a four-level taxonomy. We describe informally and formally the taxonomy levels and exemplarily compare them to the degrees of automation as previously proposed by the SAE J3016 automotive standard.

In software design, guaranteeing the correctness of run-time system behavior while achieving an acceptable balance among multiple quality attributes remains a challenging problem. Moreover, providing guarantees about the satisfaction of those requirements when systems are subject to uncertain environments is even more challenging. While recent developments in architectural analysis techniques can assist architects in exploring the satisfaction of quantitative guarantees across the design space, existing approaches are still limited because they do not explicitly link design decisions to satisfaction of quality requirements. Furthermore, the amount of information they yield can be overwhelming to a human designer, making it difficult to distinguish the forest through the trees. In this paper, we present an approach to analyzing architectural design spaces that addresses these limitations and provides a basis to enable the explainability of design tradeoffs. Our approach combines dimensionality reduction techniques employed in machine learning pipelines with quantitative verification to enable architects to understand how design decisions contribute to the satisfaction of strict quantitative guarantees under uncertainty across the design space. Our results show feasibility of the approach in two case studies and evidence that dimensionality reduction is a viable approach to facilitate comprehension of tradeoffs in poorly-understood design spaces.

Service discovery mechanisms have continuously evolved during the last years to support the effective and efficient service composition in large-scale microservice applications. Still, the dynamic nature of services (and of their contexts) are being rarely taken into account for maximizing the desired quality of service. This paper proposes using machine learning techniques, as part of the service discovery process, to select microservice instances in a given context, maximize QoS, and take into account the continuous changes in the execution environment. Both deep neural networks and reinforcement learning techniques are used. Experimental results show how the proposed approach outperforms traditional service discovery mechanisms.

Federated learning is an emerging machine learning paradigm that enables multiple devices to train models locally and formulate a global model, without sharing the clients’ local data. A federated learning system can be viewed as a large-scale distributed system, involving different components and stakeholders with diverse requirements and constraints. Hence, developing a federated learning system requires both software system design thinking and machine learning knowledge. Although much effort has been put into federated learning from the machine learning perspectives, our previous systematic literature review on the area shows that there is a distinct lack of considerations for software architecture design for federated learning. In this paper, we propose FLRA, a reference architecture for federated learning systems, which provides a template design for federated learning-based solutions. The proposed FLRA reference architecture is based on an extensive review of existing patterns of federated learning systems found in the literature and existing industrial implementation. The FLRA reference architecture consists of a pool of architectural patterns that could address the frequently recurring design problems in federated learning architectures. The FLRA reference architecture can serve as a design guideline to assist architects and developers with practical solutions for their problems, which can be further customised.

Software Architecture Documentation often consists of different artifacts. On the one hand, there is informal textual documentation. On the other hand, there are formal models of the system. Finding related information in multiple artifacts with different level of formality is often not easy. Therefore, trace links between these can help to understand the system. In this paper, we propose an extendable, agent-based framework for creating trace links between textual software architecture documentation and models. Our framework SWATTR offers different pipeline stages to extract text and model information, identify elements in text, and connect these elements to model elements. In each stage, multiple agents can be used to capture necessary information to automatically create trace links. We evaluate the performance of our approach with three case studies and compare our results to baseline approaches. The results for our approach are good to excellent with a weighted average \(F_1\)-Score of 0.72 over all case studies. Moreover, our approach outperforms the baseline approaches on non-weighted average by at least 0.24 (weighted 0.31).

Software developers use issue trackers (e.g. Jira) to manage defects, bugs, tasks, change requests, etc. In this paper we explore (a) how architectural knowledge concepts (e.g. architectural component behavior, contextual constraints) are textually represented in issues (e.g. as adjectives), (b) which architectural knowledge concepts commonly occur in issues, and (c) which architectural knowledge concepts appear together. We analyzed issues in the Jira issue trackers of three large Apache projects. To identify “architecturally relevant” issues, we linked issues to architecturally relevant source code changes in the studied systems. We then developed a code book by manually labeling a subset of issues. After reaching conceptual saturation, we coded remaining issues. Our findings support empirically-grounded search tools to identify architectural knowledge concepts in issues for future reuse.

This paper highlights humans’ social and mobility behaviors’ role in the continuous engineering of sustainable socio-technical Internet of Things (IoT) systems. Our approach relates the humans’ characteristics and intentions with the system’s goals, and models such interaction. Such a modeling approach aligns the architectural design and associated quality of service (QoS) with humans’ quality of experience (QoE). We design a simulation environment that combines agent-based social simulation (ABSS) with architectural models generated through a model-driven engineering approach. Our modeling approach facilitates choosing the best architectural model and system configuration to enhance both the humans’ and system’s sustainability. We apply our approach to the Uffizi Galleries crowd management system. Taking advantage of real data, we model scenarios related to humans’ speed, vision variations, grouping, and social attachment, which impact QoE. We then assess various architectural models with different SW/HW configurations to propose the optimal model based on different scenarios concerning QoS-QoE requirements.

Contemporary component-based systems often manifest themselves as service-based architectures, where a central activity is management of their software updates. However, stringent security constraints in mission-critical settings often impose compulsory network isolation among systems, also known as air-gap; a prevalent choice in different sectors including private, public or governmental organizations. This raises several issues involving updates, stemming from the fact that controlling the update procedure of a distributed service-based system centrally and remotely is precluded by network isolation policies. A dedicated software architecture is thus required, where key themes are dependability of the update process, interoperability with respect to the software supported and auditability regarding update actions previously performed. We adopt an architectural viewpoint and present a technical framework for updating service-based systems in air-gapped environments. We describe the particularities of the domain characterized by network isolation and provide suitable notations for service versions, whereupon satisfiability is leveraged for dependency resolution; those are situated within an overall architectural design. Finally, we evaluate the proposed framework over a realistic case study of an international organization, and assess the performance of the dependency resolution procedures for practical problem sizes.

Blockchains have been increasingly employed in use cases at the network’s edge, such as autonomous vehicles and edge computing. These use cases usually establish new blockchain networks due to operation costs, performance constraints, and the lack of reliable connectivity to public blockchains. The design of these edge blockchain networks heavily influences the quality attributes of blockchain-oriented software deployed upon them. This paper presents a taxonomy of edge blockchain network designs successfully utilized by the existing literature and analyzes their availability when facing failures at nodes and networks. This taxonomy benefits practitioners and researchers by offering a design guide for establishing blockchain networks for edge use cases.

Data-intensive architectures handle an enormous amount of information, which require the use of big data technologies. These tools include the parallelization mechanisms employed to speed up data processing. However, the increasing volume of these data has an impact on this parallelism and on resource usage. The strategy traditionally employed to increase the processing power has usually been that of adding more resources in order to exploit the parallelism; this strategy is, however, not always feasible in real projects, principally owing to the cost implied. The intention of this paper is, therefore, to analyze how this parallelism can be exploited from a software perspective, focusing specifically on whether big data tools behave as ideally expected: a linear increase in performance with respect to the degree of parallelism and the data load rate. An analysis is consequently carried out of, on the one hand, the impact of the internal data partitioning mechanisms of big data tools and, on the other, the impact on the performance of an increasing data load, while keeping the hardware resources constant. We have, therefore, conducted an experiment with two consolidated big data tools, Kafka and Elasticsearch. Our goal is to analyze the performance obtained when varying the degree of parallelism and the data load rate without ever reaching the limit of hardware resources available. The results of these experiments lead us to conclude that the performance obtained is far from being the ideal speedup, but that software parallelism still has a significant impact.

Application Programming Interfaces (APIs) have become prevalent in today’s software systems and services. APIs are basically a technical means to realize the co-operation between software systems or services. While there are several guidelines for API development, the actually applied practices and challenges are less clear. To better understand the state of the practice of API development and management in the industry, we conducted a descriptive case study in four Finnish software companies: two consultancy companies developing software for their customers, and two companies developing their software products. As a result, we identified five different usage scenarios for APIs and emphasize that diversity of usage should be taken into account more explicitly especially in research. API development and technical management are well supported by the existing tools and technologies especially available from the cloud technology. This leaves as the main challenge the selection of the right technology from the existing technology stack. Documentation and usability are practical issues to be considered and often less rigorously addressed. However, understanding what kind of API management model to apply for the business context appears as the major challenge. We also suggest considering APIs more clearly a separate concern in the product management with specific practices, such as API roadmapping.

Isolation, autonomy, and loose coupling are critical success factors of microservice architectures. Unfortunately, systems tend to become strongly coupled over time, sometimes even exhibiting cyclic communication chains, making the individual deployment of services challenging. Such chains are highly problematic when strongly coupled communication e.g. based on synchronous invocations is used, but also create complexity and maintenance issues in more loosely coupled asynchronous or event-based communication. Here, cycles only manifest on a conceptual or domain level, making them hard to track for algorithms that rely solely on static analysis. Accordingly, previous attempts to detect cycles either focused on synchronous communication or had to collect additional runtime data, which can be costly and time-consuming. We suggest a novel approach for identifying and evaluating domain-based cyclic dependencies in microservice systems based on modular, reusable source code detectors. Based on the architecture model reconstructed by the detectors, we derived a set of architectural metrics for detecting and classifying domain-based cyclical dependencies. By conducting two case studies on open-source microservice architectures, we validated the feasibility and applicability of our approach.

Some methods use the dependencies between source code entities to perform clustering to, e.g., automatically map to an intended modular architecture or reconstruct the implemented software architecture. However, there are many different ways that source code entities can depend on each other in an object-oriented system, and it is not likely that all dependencies are equally useful. We investigate how well an optimized set of weights for 14 different types of dependencies perform when automatically mapping source code to modules using an established mapping technique. The optimized weights were found using genetic optimization. We compare the F1 score of precision and recall to uniform weights and weights computed by module relation ratio in eight open-source systems to evaluate performance. Our experiments show that optimized weights significantly outperform the others, especially in systems that seem not to have been designed using the low coupling, high cohesion principle. We also find that dependencies based on method calls are not useful for automatic mapping in any of the eight systems.

The AgeTech domain poses both opportunities and challenges for the architects of Internet of Things (IoT) solutions. Key requirements concern data privacy and cost-efficiency, as well as guaranteed, interoperable delivery of event messages from resource-constrained edge devices to the cloud and consumer applications; public cloud deployments and asynchronous, queue-based messaging are common building blocks of such solutions. This experience report features the conceptual, pattern-oriented design and open source implementation of a custom-built embeddable event router that natively supports the CloudEvents specification from the Cloud Native Computing Foundation. Our CloudEvents Router introduces standardized event routing targeting the software landscape of the AgeTech startup CARU; this landscape reaches from an embedded microcontroller to cloud-scale services running on Amazon Web Services. The report further analyses the message delivery guarantees given in messaging protocol specifications and their implementations (for instance, MQTT libraries) and presents an alternative delivery management approach, implemented and validated in the open sourced Rust microkernel of the CloudEvents router. The report concludes with lessons learned about messaging edge cases and protocol particularities, in MQTT in particular.

When a system evolves, its architecture co-evolves and becomes more complex. Thus, the development team needs to continuously expend modernizing efforts to reduce the complexity and improve the maintainability. To this end, software development processes can be used. However, many processes in their original form are mainly used for greenfield projects or integrating new requirements. Thus, many processes are not ideally suited to continuously modernize software while considering the existing requirements. In this paper, we present our experience during the modernization of a long-lived software system. During the modernization we used a process which is based on the spiral model and combined it with different agile development principles to continuously modernize a long-lived system in a lightweight manner. Our process aims at improving quality attributes of a software system while considering existing and changing requirements. This process was applied to the Hardware Configuration Definition (HCD), which is used on IBM Z for several decades to define I/O configurations. Using this real-world software system, we present the lessons learned and our experiences during the modernization.

Industry 4.0 (I4.0) concepts evolve the current industrial processes towards directly connecting shopfloor machines to systems from different layers of the Automation Pyramid, such as Enterprise Resource Planning (ERP) or Manufacturing Execution Systems (MES). Companies introducing I4.0 concepts aim at (i) facilitating changeable production systems in order to quickly react to customer inquiries such that even lot-size one becomes feasible and (ii) having a holistic view of the different parameters of a production process. Enabling these calls for accessing the different systems of the Automation Pyramid, which is hard to achieve in traditional production systems without technical changes consuming time, effort and budget, mainly due to the lack of standardization, heterogeneous protocols, and the lack of proper interfaces among the systems of the Automation Pyramid. This challenge is greater in small and medium-size enterprises (SMEs) due to economic reasons or lack access to personnel with a skill set encompassing all the levels of the Automation Pyramid. I4.0-based concepts are built according to the Service-Oriented Architecture principle to enable peer-to-peer communication of systems from each layer of the Automation Pyramid. The service-oriented middleware architecture Eclipse BaSyx 4.0 implements SOA and other I4.0 concepts such as Digital Twins, and has been instantiated in German companies of different sizes. In this paper, we present two use cases focusing on of adoption of Eclipse BaSyx in two German SMEs and show how this enables the adoption of I4.0 concepts with improved time, effort and budget.

Traditionally, industrial and IoT data analytics applications run in the cloud, leveraging its power regarding big data processing capabilities. With edge computing, opportunities for moving data processing from the cloud to the edge has emerged, i.e., compute nodes become close to where data is generated and to where the processed results are consumed. When running analytics on the edge, lag time is minimal, such that real-time data can be considered and insights can be delivered faster, which leads to improving both the effectiveness and efficiency in online decision-making.

From a software architecture perspective, it is still a challenge to design systems for edge analytics as it raises many architecture-related questions. However, this architectural perspective on edge analytics has not been consolidated in literature so far. Therefore, in this paper, we first give an overview of the edge analytics topic from the perspective of our own experience from industrial projects, before we survey a subset of existing approaches for edge analytics and review them from a software architecture point of view. We investigate the differences among the surveyed architectures in order to shed some light on the covered architectural aspects of edge analytics architectures, which will be useful for future academic and industrial projects incorporating edge analytics.

As part of our software architecture research and practice we have found that a common difficulty for new architects is knowing where to focus their attention to maximise their effectiveness. This led us to wonder whether successful experienced architects have any common techniques or heuristics that they use to help them achieve this. In an earlier study where, having interviewed experienced architects, we found that in fact there were some common heuristics that they use, we created a simple model based on an analysis of their advice. In this paper we explain how we validated that model with a wider survey of experienced enterprise and software architects and, from the findings of that study, extended the model with an additional dimension. This resulted in our model having four primary guidelines, which are: focus on stakeholder needs and priorities, prioritise time according to risks, delegate as much as possible, and ensure team effectiveness.