Marie-Curie Project: Requirements-aware Systems ( Requirements@run.time)
People: Nelly Bencomo (Fellow), Valerie Issarny (Scientist in charge)

The 24-month project started on the 16th May 2011 and has successfully finished on the 15th May 2013.

A. SUMMARY

Background
: Increasingly software systems are required to survive fluctuations in their execution environment without or with only little human intervention. These systems, sometimes known as eternal software-intensive systems, need to fluidly reconfigure and adapt to the ongoing circumstances and find the way to continue accomplishing their functionalities and requirements. To date, however, software engineering (SE) research in software-intensive systems has mainly focused on software architecture and programming languages with excellent research results. For instance, research in software architecture has shown how software components can be dynamically added, removed or replaced at runtime to support adaptation, sometimes exploiting reflective constructs in modern programming languages to do so. Whilst these technologies provide an essential step towards an engineering science for software-intensive systems, they are not the end of the story as building these eternal systems is risky. Designers must ensure that any critical requirements of the system continue to be satisfied before, during and after a dynamic change. In current software engineering paradigms, systems are not aware of their requirements.


Objectives: This project used the novel notion of requirements reflection, that is, the ability of a system to dynamically observe and reason about its requirements. The project aimed to address the need of having systems requirements-aware by reifying requirements as run-time
objects (i.e. requirements@run.time).
The following were the concrete research objectives (RO) we had in the project:

RO1: Runtime representation of requirements: to offer support and techniques for reifying requirements as run-time objects, including both quality and behaviour requirements. Such techniques should allow the introspection and adaptation of requirements at runtime.
This first research objective is to offer support for run-time representation of requirements in a form suitable for introspection and modification during the execution of the system.

RO2: Synchronization goals-architecture: to relate run-time requirements decisions to changes in the ongoing software architecture.
This objective aims at supporting the maintenance of a synchronization connection between the (dynamically changeable) requirements and the architecture of the system.

RO3: to implement and evaluate the results in the context of a set of challenging case studies.
Analyzing and evaluating the outcomes of RO1 and RO2 have revealed strengths but also limitations. We have evaluated the strengths and also limitations of the techniques developed to meet RO1 and RO2 an also techniques done by other researchers (results published in different publications an papers).

The fellow, Dr. Bencomo has succeeded meeting the three research objectives stated at the beginning of the project. Three different techniques towards runtime representations of requirements for self-adaptive systems have been provided. Specifically, these techniques are based on the use of runtime goal models, Bayesian dynamic decision networks and Fuzzy logic with computing with words techniques. For the three techniques, different real-life case studies have been undertaken to demonstrate the feasibility of executing changes on the architecture of the system due to changes on requirements during execution. Several international publications have been published reporting the evaluations and comparisons with relevant related work.

The work performed during the 24 months can be summarized as follows:

1. Study of the use of runtime goal models and the RELAX language to represent runtime requirements and support the decision-making of self-adaptive systems.
A self-adaptive system adjusts its configuration to tolerate changes in its operating environment. Traditionally, requirements modeling methodologies for self-adaptive systems have analyzed all potential system configurations, and the circumstances under which each is to be adopted. Earlier, the RELAX requirements specification language was proposed to make requirements more tolerant to environmental uncertainty. Also, previously we have shown that, by explicitly capturing and modelling uncertainty in the operating environment, and by verifying and analyzing this model at runtime, it is possible for a system to adapt to tolerate some conditions that were not fully considered at design time. Specifically, Claims have been applied as markers of uncertainty that document design time to document and analyze assumptions about how a self-adaptive system achieves its goals in different operational contexts. A Claim can also be monitored at runtime to prove or disprove its validity, thereby triggering an adaptation to reach more desirable system configurations if necessary. Nevertheless, Claims are also subject to uncertainty, in the form of unanticipated environmental conditions and unreliable monitoring information, that can adversely affect the behavior of the self-adaptive system if it spuriously falsies a Claim. We have proposed the RELAXation of a Claim in recognition that environmental uncertainty may prevent a self-adaptive system from categorically proving or disproving a Claim at run time. Specifically, our approach uses RELAX operators to introduce a fuzzy logic layer upon the evaluation criteria that establishes a Claim's validity. RELAXing a Claim enables a self-adaptive system to tolerate environmental uncertainty that may otherwise mistakenly disprove a Claim. We have shown that RELAXing a Claim also reduces adaptation costs for a self-adaptive system by preventing frequent, and perhaps unnecessary, adaptations and reconfigurations of its goal realization strategies at runtime. We have also shown how the use of goal-based models during runtime can offer support to offer self-explanation of how a system is meeting its requirements, and why the means of meeting these were chosen.

This part of the work contributes towards meeting RO1, RO2, and RO3

Main results achieved so far:

- Claim-based RELAXation technique: We have developed an approach to account for system and environmental uncertainty by RELAXing Claims when there is uncertainty about the evidence for or against a Claim 's truth value. The approach can be seen as an implementation of the RELAX language. We evaluated our Claim RELAXation technique by applying it to an industry-provided case study of a Remote Data Mirroring (RDM) system. Experimental results performed on an RDM simulator show that RELAXing Claim s enables a DAS to reduce the number of adaptations when compared to traditional non-RELAXed Claims.

- Claim-based technique for self-explanation in self-adaptive systems: Furthermore, our approach also uses the runtime goal-based models during execution to offer self-explanation of how a system is meeting its requirements, and the reasons why the ways of meeting these were selected.

2. Study of the use of runtime goal models and dynamic decision networks with Bayesian learning to support the decision-making of self-adaptive systems.

Different modeling techniques have been used to model requirements and decision-making of self-adaptive systems. Important successful techniques based on goal models have been prolific in supporting decision-making according to partial and total fulfillment of functional (goals) and non-functional requirements (softgoals). The final decision about what strategy to use is based, among other reasons, on a utility function that takes into account the weighted sum of the different effects non-functional requirements. Such solutions have been used both at design time and runtime including our own solutions using runtime goal models.

We have enriched the decision-making supported by goal models with the use of Bayesian Dynamic Decision Networks (DDNs). Our novel approach supports reasoning about partial satisfaction of soft-goals using probabilities and uses machine learning.

When using DDNs we introduce new ways to tackle uncertainty based on probabilities that can be updated based on runtime evidence. We have reported the results of the application of the approach on two different cases, one of them the case of dynamic reconfiguration of a remote data mirroring network that must spread data among server while minimizing costs and loss of data. Our early results suggest the decision-making process of self-adaptive systems can be improved by using DDNs.

This part of the work contributes towards meeting RO1, RO2, and RO3

Main results achieved so far:

- A Bayesian-based technique to support the decision making of self-adaptive systems. DDN-based approaches adopt probabilistic methods (i.e., Bayesian methods) and decision theory to assess the consequences of uncertainty.  Using the approach, suitable choices to satisfice functional requirements of the system are identified from a range of alternative decisions and their expected utilities. Satisficement of NFRs is modeled using conditional probabilities given the design decisions. Preferences over decisions are modeled using weights associated with pairs of design alternatives and NFRs and used when computing the expected utilities of the architectural design alternatives. The decision taken by the DDN is that with the highest expected utility. The approach offers the benefits of machine learning.

3. Study of the role of models@run.time in supporting on-the-fly interoperability and dynamic generation of software in the context of the CONNECT project

Models at runtime can be defined as abstract representations of a system, including its structure and behaviour, which exist in tandem with the given system during the actual execution time of that system. Significant advances have been made in recent years in applying this concept, most notably in adaptive systems. We have shown that a similar approach can also be used to support the dynamic generation of software artefacts at execution time. We have applied the approach in the generation of software mediators to tackle the crucial problem of interoperability in distributed systems.

This part of the work contributes towards meeting RO2. Different from the studies described above, this technique has set the basis for the synchronization of the requirements given changes in the architecture of the system during execution. As said in the proposal of this project, the synchronization between requirements and the architecture is easier if the changes come from the requirements in contrast if the dynamic changes come from the architecture. This last is the main reason why these specific results are relevant. This task was done in the context of the EU Project CONNECT (https://www.connect-forever.eu).

Main results achieved so far:

- Contributions towards a technique to use runtime models to support the dynamic synthesis of software and to allow the conception of runtime models during the execution of the system: During runtime, mediators are formally characterized as runtime models to allow the runtime synthesis of software. In order to do that we have used the contributions of the EU CONNECT project. In CONNECT, labelled transition systems (LTS) based models are used to dene the matching and mapping relationships between mismatching communication protocols. Such relationships allow the formal definition of the algorithm that synthesized mediators. Crucially, we have illustrated how the required runtime models are automatically inferred during execution and refined by exploiting learning and synthesis techniques provided by CONNECT.

4. Study of goal patterns for emergent systems using CONNECT

The increasing availability of innovative service discovery and binding middleware (like the one offered by CONNECT) is making feasible emergent systems that address open-world problems. That is to say, given a set of requirements, the services that will ultimately satisfy them may not be known at development time. Instead, services that are capable of fulfilling the requirements are sought and (if discovered) bound at runtime. This places demands on the requirements model that are not present in conventional systems. In particular, a formal representation of the requirements must exist such that the middleware system can map them onto properties offered by discoverable services. We have developed a goal-based model-driven approach for deriving requirements. Goal patterns are used to derive emergent system requirements, which are then mapped, with the aid of domain ontologies onto linear temporal logic expressions. From these, the middleware system can identify candidate services and synthesize mediators that intercept and translate service invocations. The approach has been tailored to the CONNECT emergent middleware system.

This part of the work contributes towards meeting RO1 and RO2.

Main results achieved so far:

- A goal-based model-driven approach for deriving emergent system requirements:  Using domain ontologies, these requirements are mapped onto linear temporal logic expressions. Later, from these expressions, the middleware system identifies candidate services to synthesize mediators that intercept and translate service invocations. The technique has been specifically tailored to the CONNECT-based emergent middleware system.


5. Study on how to tackle the obsolescence of quality specifications models in service-based systems using runtime requirements.

In traditional rigorous software development, analysts use non-functional requirements and environment knowledge to elaborate at design time verifiable specification models with precise non-functional constraints (NFCs). To address the dynamicity in most real-world environments, many applications include runtime specification models to enable the identification of violations of requirements and therefore the possibility of the application of corrective actions as reconfigurations. Unfortunately, the knowledge or perception about the environment may change during the execution of the system, and specification models based on the original knowledge may become obsolete. The specifications of NFCs using specific values or numbers may become rapidly obsolete making specifications fragile. To mitigate the obsolescence of runtime specifications due to QoS drift, we have proposed the use of computing with words (CWW) to represent NFCs with abstract concepts instead of specific values.

This part of the work contributes towards meeting RO1 and RO3.

Main results achieved so far:
- A technique to mitigate the temporal obsolescence of specification models. Specification models are represented as linguistic decision models over a computing-with-words (CWW) architecture, where the meanings of the “words” are synchronized with the environment each time a global QoS drift is detected. The notion of QoS drift was introduced, based on the term concept drift. Using our technique stakeholders are relieved from doing manual maintenance of models. Instead, models are self-maintained by combining the CWW architecture, a vigilance unit that monitors QoS drifts of the alternatives maintains the NFCs in sync with the dynamically changing environment.

B. SUMMARY OF THE PROGRESS OF THE RESEARCHER TRAINING ACTIVITIES/TRANSFER OF KNOWLEDGE ACTIVITIES/INTEGRATION ACTIVITIES.

B.1 Highlights:
- Dr. Bencomo is now a lecturer in Aston University in the UK since May 2013.

- Dr. Bencomo was also the leader Coordinator of the Five-day Dagstuhl seminar on Models@run.time in December 2011, Germany, (participants 64 international experts in the area). From that Seminar, a book Lecture Notes in Computer Science Hot Topics (Springer) is in preparation and should be ready for publication at the end of 2013. Dr. Bencomo is one of the editors of the book with Professors Uwe Assman, Betty Cheng, Gordon Blair, and Robert France.

- Dr Bencomo is the Programme Chair SEAMS 2014 Symposium Software Engineering for Adaptive and Self-Managing Systems (SEAMS), Hyderabad, India

- Dr. Bencomo is also part of the steering committee of SEAMS (since May 2013)

As part of the intended training activities, Dr. Bencomo has been involved in the following academic events:

B.2 Organization of events:
Dr. Bencomo has ample experience organizing events and providing service to the research community. She has co-organized the following events during the period of the project:
-    Dagstuhl Seminar on Models@run.time , November 27 - December 2nd, 2011, Daghstul, Germany (she was the main contact)
-    Workshop Models@run.time 2011, 2012 and 2013 with the Conference MODELS (she was the main contact)
-    Workshop Modeling Outside the Box at MODELS 2013, September-October, Miami, USA
-    Workshop Model-Driven Requirements Engineering (MoDRE) at RE Conference  2013 Rio, Brazi, July 15-16th 2013
-    1st Latin-American School on Software Engineering ELA-ES 2013 in Rio de Janeiro, Brazil, July 2013, (Program co-chair)
- IEEE International Conference on Software Engineering  ICSE 2012, Zurich, Switzerland, Student Volunteer Chair
-    Workshop 2nd Requirements@run.time 2011 at RE Conference, Trento, Italy, 29th August - September 2th 2011  (main contact)

B.3 Invited Talks

- Dr. Bencomo was an invited lecturer in the Generative and Transformational Techniques in Software Engineering IV, International Summer School, GTTSE 2011, Braga, Portugal, July 3-9, 2011. The lecture was about Requirements for Self-adaptation.

-  Talk “How Self-Adaptive Systems Challenge Requirements Engineering”, Fraunhofer IESE – Kaiserslautern, Germany, May, 2012

- Talk “On the Use of Runtime Models: the use of claims to tackle uncertainty”, Projet ADAM – IRIAN – Lille,  France - May, 2012

- Talk  “On the Use of Runtime Models: from architectural-based models to requirement-based models”, Projet  MARGE - Équipe SAMOVAR/ACMES - Dpt INF - Télécom SudParis, France, November, 2011

- Talk “Known Unkowns: How Self-Adaptive Systems Challenge Requirements Engineering”, University of Trento, Italy, November, 2011


B.4 Services to the Research Community

Dr. Bencomo has been/is a PC member of the following Conferences:

2014
- Dr Bencomo is the Programme Chair of the  Symposium Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2014), Hyderabad, India
- PC Member 22th International Conference requirements Engineering, Karlskrona, Sweden 25--29 August 2014

2013
- SEAMS 2013 Symposium Software Engineering for Adaptive and Self-Managing Systems (SEAMS) at ICSE 2013 , San Francisco, USA
- MODELS ACM/IEEE 16th International Conference on Model Driven Engineering Languages & Systems 2013, USA, PC Foundations Track
- RE 2013: Posters&Demos 21th International Conference requirements Engineering, Rio, Brazi, July 15-19th 2013
- VaMOS 2013 7th International Workshop on Variability Modelling of Software-intensive Systems, Pisa, Italy
- CIbSE XVI Ibero-American Conference on Software Engineering, Uruguay, 2013, PC
- SBES 27th Brazilian Symposium on Software Engineering (SBES), Brazil, 2013
- 1st International Workshop on Personalized Web Tasking (PWT 2013), 28th, June, with IEEE 20th International Conference on Web Services, July 2013

2012
- SEAMS 2012 Symposium Software Engineering for Adaptive and Self-Managing Systems (SEAMS) at ICSE 2012 , Zurich, Switzerland (PC)
- MODELS 2012 ACM/IEEE International Conference on Model-Driven Engineering Languages & Systems MODELS 2012 ,Innsbruck, Austria (PC)
- XV Ibero-American Conference on Software Engineering CIbSE 2012, April, Buenos Aires, Argentina
- 3rd Brazilian Conference on Software Theory and Practice  CBSoft 2012, September, Natao, Brazil
- Posters and Tool Demos, RE Conference, 2012, Chicago, USA
- Workshop Requirements@run.time, RE Conference, 2012, Chicago, USA
- UsARE Workshop at ICSE 2012, Requirements@run.time Workshop 2012
- XVII Jornadas de Ingeniería del Software y Bases de Datos JISBD 2012, Septiembre, Almeria, Spain

2011
- SBES 25th Brazilian Symposium on Software Engineering SBES (PC)
- MoDRE 1st Model-Driven Requirements Engineering workshop (PC)
- SEAMS 2011 Symposium Software Engineering for Adaptive and Self-Managing Systems (SEAMS) at ICSE 2011 (PC)
-    VAST 2011 First Workshop on Variability-intensive Systems Testing, Validation & Verification (VAST) at ICST 2011 (PC)


Dr. Bencomo is/has been reviewer of
- Springer Software and Systems Modeling Journal
- Journal of Systems and Software Special issue on Software Architectures and Mobility
- Requirements Engineering (RE) Journal

Dr Bencomo has been a reviewer of the following research international agencies
As an International Project Reviewer
- Swiss National Science Foundation (SNSF), Expert reviewer, Switzerland,, 2012
- Natural Sciences and Engineering Research Council of Canada, Expert reviewer, Canada, 2012
- French National Research Agency (ANR), Expert reviewer, France, 2011, 2012
- Vienna Science and Technology Fund, Austria, project reviewer/evaluator, 2010, 2011, 2013

B.5 Supervision Tasks:

The fellow has supervised or co-supervised the following students:
-    Amel Belaggoun, Master Student Université de Versailles Saint-Quentin-en-Yvelines (2012). Amel Belaggoun  was an intern (master student and later as a researcher) in ARLES-Inria under the supervision of Dr. Bencomo.
-    Romina Torres, PhD Student Universidad Técnica Federico Santa María. Romina Torres was a visiting researcher in ARLES-Inria from April- July 201.

Dr. Bencomo was a PhD External Examiner of PHD thesis defense in:
-    University of Malaga, Spain, January, 2012
-    Fondazione Bruno Kessler, University of Trento, Italy, November, 2011

B.6 Project Management Activities
During the fellowship Dr. Bencomo acquired competence in project management, supervision of students and younger researchers. She also increased the number of academic and industrial collaboration links at the level of Principal Investigator.

B.7 Courses taken:
- Dr. Bencomo attended the Course Netica Bayesian Network and the ExtendSim tool integration courses in June 11-14 2013 in Innovative Decisions Inc., Vienna, VA, USA
- Dr. Bencomo attended the 11th International School on Formal Methods for the Design of Computer, Communication and Software Systems on June 13-18, 2011, in Bertinoro, Italy

B.8 Final Comments:
Generally, resource consumption has been according to plan. We have used the resources as it was planned. No deviations have occurred.

More about this project can be found here.