Software Engineering for Collective Autonomic Systems

SCEL (Service Component Ensemble Language) is a new language specifically designed to rigorously model and program autonomic components and their interaction, while supporting formal reasoning on their behaviors. SCEL brings together various programming abstractions that allow one to directly represent aggregations, behaviors and knowledge according to specific policies. It also naturally supports programming interaction, self-awareness, context-awareness, and adaptation. The solid semantic grounds of the language is exploited for developing logics, tools and methodologies for formal reasoning on system behavior to establish qualitative and quantitative properties of both the individual components and the overall systems.

The diffusion of adaptive systems motivate the study of models of software entities whose interaction capabilities can evolve dynamically. In this paper we overview the contributions in the ASCENS project in the area of software defined networks and of reconfigurable connectors. In particular we highlight: (i) the definition of the Network-conscious pi-calculus and its use in the modeling and verification of the PASTRY protocol, and (ii) the mutual correspondence between different frameworks for defining networks of connectors together with two suitable enhancements for addressing dynamically changing systems.

Nowadays, cyber-physical systems consist of a large and possibly unbounded number of nodes operating in a partially unknown environment to which they need to adapt. They also have strong requirements in terms of performances, resource usage, reliability, or security. To face this inherent complexity it is crucial to develop adequate tools and underlying models to analyze these properties at design time. Proposed models must be able to capture essential aspects of the behavior (e.g. interactions between the components, adaptive behavior, uncertain or changing environments), and the corresponding analysis techniques can only succeed if they exploit as much as possible the specific structure of the considered systems (e.g. large replication of the same component, hierarchical compositions). We consider qualitative analyses targeting boolean properties stating that the system behaves without any flaw, as well as quantitative analyses that evaluate expected performances according to predefined metrics (energy/memory consumption, average/maximum time to accomplish a task, probability to fulfil a goal, etc.). We also address security specific issues such as control policies and information flow.

This paper proposes to reconcile two perspectives on behavioral adaptation commonly taken at different stages of the engineering of autonomic computing systems. Requirements engineering activities often take a black-box perspective: A system is considered to be adaptive with respect to an environment whenever the system is able to satisfy its goals irrespectively of the environment perturbations. Modeling and programming engineering activities often take a white-box perspective: A system is equipped with suitable adaptation mechanisms and its behavior is classified as adaptive depending on whether the adaptation mechanisms are enacted or not. The proposed approach reconciles black- and white-box perspectives by proposing several notions of coherence between the adaptivity as observed by the two perspectives: These notions provide useful criteria for the system developer to assess and possibly modify the adaptation requirements, models and programs of an autonomic system.

Two forms of knowledge are considered: declarative and procedural. The former is easy to extend but it is equipped with expensive deduction mechanisms, while the latter is efficiently executable but it can hardly anticipate all the special cases. In the first part of this chapter (Sections 2 and 3), we first define a syntactic representation of Soft Constraint Satisfaction Problems (SCSPs), which allows us to express dynamic programming (DP) strategies. For the e-mobility case study of ASCENS, we use Soft Constraint Logic Programming (SCLP) to program (in CIAO Prolog) and solve local optimization problems of single electric vehicles. Then we treat the global optimization problem of finding optimal parking spots for all the cars. We provide: (i) a Java orchestrator for the coordination of local SCLP optimizations; and (ii) a DP algorithm, which corresponds to a local to global propagation and back. In the second part of this chapter (Section 4) we assume that different subjects are entitled to decide. The case study concerns a smart grid model where various prosumers (producers-consumers) negotiate (in real time, according to the DEZENT approach) the cost of the exchanged energy. Then each consumer tries to plan an optimal consumption profile (computed via DP) where (s)he uses less energy when it is expensive and more energy when it is cheap, conversely for a producer. Finally, the notion of an aggregator is introduced, whose aim is to sell flexibility to the market.

This chapter presents the ASCENS approach to knowledge representation and reasoning for self-adaptive systems. The approach targets both the integration and promotion of autonomy and self-adaptation in software-intensive systems by providing a mechanism and methodology for specification and operation of knowledge for self-adaptive behavior. The approach is based on the KnowLang Framework, a formal approach to knowledge representation and reasoning developed within the ASCENS Project mandate. With KnowLang we build special knowledge bases meant to be integrated in software-intensive systems to establish the vital connection between knowledge, perception, and actions realizing self-adaptive behavior. At runtime, the knowledge is used against the perception of the world to generate appropriate actions in compliance to the system goals and beliefs.

Reasoning and learning for awareness and adaptation are challenging endeavors since cogitation has to be tightly integrated with action execution and reaction to unforeseen contingencies. After discussing the notion of awareness and presenting a classification scheme for awareness mechanisms, we introduce Extended Behavior Trees (XBTs), a novel modeling method for hierarchical, concurrent behaviors that allows the interleaving of reasoning, learning and actions. The semantics of XBTs are defined by a transformation to SCEL so that sophisticated synchronization strategies are straightforward to realize and different kinds of distributed, hierarchical learning and reasoning—from centrally coordinated to fully autonomic—can easily be expressed. We propose novel hierarchical reinforcement-learning strategies called Hierarchical (Lenient) Frequency-Adjusted Q-learning, that can be implemented using XBTs. Finally we discuss how XBTs can be used to define a multi-layer approach to learning, called teacher-student learning, that combines centralized and distributed learning in a seamless way.

The ASCENS project works with systems of self-aware, self-adaptive and self-expressive ensembles. Performance awareness represents a concern that cuts across multiple aspects of such systems, from the techniques to acquire performance information by monitoring, to the methods of incorporating such information into the design making and decision making processes. This chapter provides an overview of five project contributions – performance monitoring based on the DiSL instrumentation framework, measurement evaluation using the SPL formalism, performance modeling with fluid semantics, adaptation with DEECo and design with IRM-SA – all in the context of the cloud case study.

Collective autonomic systems are adaptive, open-ended, highly parallel, interactive and distributed software systems. Their key features are so-called self-* properties, such as self-awareness, self-adaptation, self-expression, self-healing and self-management. We propose a software development life cycle that helps developers to engineer adaptive behavior and to address the issues posed by the diversity of self-* properties. The life cycle is characterized by three feedback loops, i.e. based on verification at design time, based on monitoring and awareness in the runtime, and the feedback provided by runtime data to the design phases. We illustrate how the life cycle can be instantiated using specific languages, methods and tools developed within the ASCENS project. In addition, a pattern catalog for the development of collective autonomic systems is presented to ease the engineering process.

The ASCENS project deals with the design and development of complex self-adaptive systems, where self-organization is one of the possible means by which to achieve self-adaptation. However, to support the development of self-organising systems, one has to extensively re-situate their engineering from a software architectures and requirements point of view. In particular, in this chapter, we highlight the importance of the decomposition in components to go from the problem to the engineered solution. This leads us to explain and rationalise the following architectural strategy: designing by following the problem organisation. We discuss architectural advantages for development and documentation, and its coherence with existing methodological approaches to self-organisation, and we illustrate the approach with an example on the area of swarm robotics.

This chapter outlines an approach to Autonomy Requirements Engineering (ARE). ARE targets the integration and promotion of autonomy in software-intensive systems by providing a mechanism and methodology for elicitation and expression of autonomy requirements. ARE relies on goal-oriented requirements engineering to elicit and define system goals, and uses the generic autonomy requirements model to derive and define assistive and, eventually, alternative objectives. The system may pursue these “self-* objectives” in the presence of factors threatening the achievement of the initial system goals. Once identified, the autonomy requirements are specified with the KnowLang language. To demonstrate the ARE’s ability to handle autonomy requirements for autonomic ensembles, the ARE’s application to the ASCENS Science Clouds case study is presented and discussed in detail.

The chapter describes IRM, a method that guides the design of smart-cyber physical systems that are built according to the autonomic service-component paradigm. IRM is a requirements-oriented design method that focuses on distributed collaboration. It relies on the invariant concept to model both high-level system goals and low-level software obligations. In IRM, high-level invariants are iteratively decomposed into more specific sub-invariants up to the level that they can be operationalized by autonomous components and component collaborations (ensembles). We present the main concepts behind the method, as well the main decomposition patterns that back up the design process, and illustrate them in the ASCENS e-mobility case study.

The ASCENS project deals with designing systems as ensembles of adaptive components. Among the outputs of the ASCENS project are multiple tools that address particular issues in designing the ensembles, ranging from support for early stage formal modeling to runtime environment for executing and monitoring ensemble implementations. The goal of this chapter is to provide a compact description of the individual tools, which is supplemented by additional downloadable material on the project website.

This chapter focuses on pragmatic aspects of the ASCENS project illustrating the role and significance of the three major application domains (swarm robotics, cloud computing and e-mobility) that motivate and pragmatically justify the approach to construct autonomous systems. A special insight is given into similarities and differences of the ASCENS case studies and their common abstract characteristics that led to a general-purpose methodology for expressing, evaluating and deploying knowledge-based, self-aware and adaptive behaviors. From this perspective selected ASCENS tools and methods to support the system development lifecycle are further discussed and illustrated on concrete examples. Finally future plans are given pointing out to the use and further evolvement of the ASCENS technology.

This chapter presents a disaster recovery scenario that has been used throughout the ASCENS project as a reference to coordinate the study of distributed algorithms for robot ensembles. We first introduce the main traits and open problems in the design of behaviors for robot ensembles. We then present the scenario, highlighting its generality as a framework to compare algorithms and methodologies for distributed robotics. Subsequently, we summarize the main results of the research conducted in ASCENS that used the scenario. Finally, we describe an example algorithm that solves a selected problem in the scenario. The algorithm demonstrates how awareness at the ensemble level can be obtained without requiring awareness at the individual level.

Electro-mobility (e-mobility) is one of the promising technologies being considered by automotive OEMs as an alternative to internal combustion engines as a means of propulsion. The e-mobility case study provides a novel example of a relevant industry application within the ASCENS framework. An overview of the system design is given which describes how e-mobility is conceptualized and then transformed using the ensemble development life cycle (EDLC) approach into a distributed autonomic (i.e self-aware, self-adaptive) component-based software system. The system requirements engineering is based on the state-of-the-affairs (SOTA) approach and the invariant refinement method (IRM) which are both revisited and applied. Regarding the implementation and deployment of the system, a dependable emergent ensembles of components (DEECo) approach is utilized. The DEECo components and ensembles are coded and deployed using the Java-based jDEECo runtime environment. The runtime environment integrates the multi-agent transport simulation tool (MATSim), which is used to predict the effects of the physical interactions of users, vehicles and infrastructure resources. jDEECo handles multiple MATSim instances to allow for different belief states between components and ensembles.