Formal Aspects of Computing

, Volume 24, Issue 2, pp 163–186 | Cite as

A formal approach to adaptive software: continuous assurance of non-functional requirements

  • Antonio Filieri
  • Carlo Ghezzi
  • Giordano Tamburrelli
Original Article


Modern software systems are increasingly requested to be adaptive to changes in the environment in which they are embedded. Moreover, adaptation often needs to be performed automatically, through self-managed reactions enacted by the application at run time. Off-line, human-driven changes should be requested only if self-adaptation cannot be achieved successfully. To support this kind of autonomic behavior, software systems must be empowered by a rich run-time support that can monitor the relevant phenomena of the surrounding environment to detect changes, analyze the data collected to understand the possible consequences of changes, reason about the ability of the application to continue to provide the required service, and finally react if an adaptation is needed. This paper focuses on non-functional requirements, which constitute an essential component of the quality that modern software systems need to exhibit. Although the proposed approach is quite general, it is mainly exemplified in the paper in the context of service-oriented systems, where the quality of service (QoS) is regulated by contractual obligations between the application provider and its clients. We analyze the case where an application, exported as a service, is built as a composition of other services. Non-functional requirements—such as reliability and performance—heavily depend on the environment in which the application is embedded. Thus changes in the environment may ultimately adversely affect QoS satisfaction. We illustrate an approach and support tools that enable a holistic view of the design and run-time management of adaptive software systems. The approach is based on formal (probabilistic) models that are used at design time to reason about dependability of the application in quantitative terms. Models continue to exist at run time to enable continuous verification and detection of changes that require adaptation.


Software evolution (self)Adaptive software Non-functional requirements Reliability Performance Models Model-driven development Markov models Verification Probabilistic model checking Monitoring Bayesian inference 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. AAA+06.
    Alves A, Arkin A, Askary S, Bloch B, Curbera F, Goland Y, Kartha N, Sterling, König D, Mehta V, Thatte S, van der Rijn D, Yendluri P, Yiu A (2006) Web services business process execution language version 2.0. OASIS Committee Draft, May 2006Google Scholar
  2. ALRL04.
    Avizienis A, Laprie J-C, Randell B, Landwehr CE (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Dependable Sec Comput 1(1): 11–33CrossRefGoogle Scholar
  3. AMFG09.
    Abreu J, Mazzanti F, Fiadeiro JL, Gnesi S (2009) A model-checking approach for service component architectures. In: FMOODS/FORTE, pp 219–224Google Scholar
  4. BBF09.
    Blair G, Bencomo N, France RB (2009) Models@run.time. Computer 42(10): 22–27CrossRefGoogle Scholar
  5. BCC+05.
    Burdy L, Cheon Y, Cok DR, Ernst MD, Kiniry JR, Leavens GT, Rustan K, Leino M, Poll E (2005) An overview of jml tools and applications. Int J Softw Tools Technol Transf 7: 212–232CrossRefGoogle Scholar
  6. BDF+05.
    Barnett M, DeLine R, Fähndrich M, Jacobs B, Rustan K, Leino M, Schulte W, Venter H (2005) The spec# programming system: challenges and directions. In: VSTTE, pp 144–152Google Scholar
  7. BDNG06.
    Baresi L, Di Nitto E, Ghezzi C (2006) Toward open-world software: issue and challenges. Computer 39(10): 36–43CrossRefGoogle Scholar
  8. BEI+08.
    Bertolino A, Emmerich W, Inverardi P, Issarny V, Liotopoulos FK, Plaza P (2008) Plastic: providing lightweight & adaptable service technology for pervasive information & communication. In: ASE Workshops, pp 65–70Google Scholar
  9. Béz06.
    Bézivin J (2006) Model driven engineering: an emerging technical space. In: Generative and Transformational Techniques in Software Engineering (GTTSE). LNCS, vol 4143. Springer, Berlin, pp 36–64Google Scholar
  10. BHHK03.
    Baier C, Haverkort B, Hermanns H, Katoen J-P (2003) Model-checking algorithms for continuous-time markov chains. IEEE Trans Softw Eng 29: 524–541CrossRefGoogle Scholar
  11. BK08.
    Baier C, Katoen J-P (2008) Principles of Model Checking. MIT Press, CambridgezbMATHGoogle Scholar
  12. BL76.
    Belady LA, Lehman MM (1976) A model of large program development. IBM Syst J 15(3): 225–252zbMATHCrossRefGoogle Scholar
  13. BPE.
  14. Cal09.
    Calinescu R (2009) General-purpose autonomic computing. In: Zhang Y, Yang LT, Denko MK (eds) Autonomic computing and networking. Springer, US, pp 3–30Google Scholar
  15. CdLG+09.
    Cheng BHC, de Lemos R, Giese H, Inverardi P, Magee J (eds) (2009) Software Engineering for Self-Adaptive Systems [outcome of a Dagstuhl Seminar], Lecture Notes in Computer Science. vol 5525. Springer, BerlinGoogle Scholar
  16. CDNP+10.
    Cavallaro L, Di Nitto E, Pelliccione P, Pradella M, Tivoli M (2010) Synthesizing adapters for conversational web-services from their wsdl interface. In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems, SEAMS ’10. ACM, New York, pp 104–113Google Scholar
  17. CGK+.
    Calinescu R, Grunske L, Kwiatkowska M, Mirandola R, Tamburrelli G Dynamic qos management and optimisation in service-based systems. IEEE Trans Softw Eng (to appear)Google Scholar
  18. CH06.
    Czarnecki K, Helsen S (2006) Feature-based survey of model transformation approaches. IBM Syst J 45(3): 621–646CrossRefGoogle Scholar
  19. Che80.
    Cheung RC (1980) A user-oriented software reliability model. IEEE Trans Softw Eng 6(2): 118–125zbMATHCrossRefGoogle Scholar
  20. CK09.
    Calinescu R, Kwiatkowska M (2009) Using quantitative analysis to implement autonomic it systems. In: Proceedings of the 31st International Conference on Software Engineering (ICSE 2009), pp 100–110Google Scholar
  21. DGM+08.
    Di Nitto E, Ghezzi C, Metzger A, Papazoglou M, Pohl K (2008) A journey to highly dynamic, self-adaptive service-based applications. Autom Softw Eng 15(3-4): 313–341CrossRefGoogle Scholar
  22. EGMT09.
    Epifani I, Ghezzi C, Mirandola R, Tamburrelli G (2009) Model evolution by run-time adaptation. In: Proceedings of the 31st International Conference on Software Engineering, IEEE Computer Society, pp 111–121Google Scholar
  23. EGT10.
    Epifani I, Ghezzi C, Tamburrelli G (2010) Change-point detection for black-box services. In: Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering, FSE ’10. ACM, New York, pp 227–236Google Scholar
  24. FBL10.
    Fähndrich M, Barnett M, Logozzo F (2010) Embedded contract languages. In: SAC, pp 2103–2110Google Scholar
  25. FGTar.
    Filieri A, Ghezzi C, Tamburrelli G (2011) Run-time efficient probabilistic model checking. In: Proceedings of the 33rd International Conference on Software Engineering (to appear)Google Scholar
  26. Gel04.
    Gelman A (2004) Bayesian data analysis. CRC press, West Palm BeachzbMATHGoogle Scholar
  27. GGMT08.
    Gallotti S, Ghezzi C, Mirandola R, Tamburrelli G (2008) Quality prediction of service compositions through probabilistic model checking. In: QoSA ’08: Proceedings of the 4th International Conference on the Quality of Software Architectures, Karlsruhe, GermanyGoogle Scholar
  28. GMPLMT10.
    Ghezzi C, Motta A, Panzica La Manna V, Tamburrelli G (2010) Qos driven dynamic binding in-the-many. In: Sixth International Conference on the Quality of Software Architectures, QoSA 2010Google Scholar
  29. GPT01.
    Goseva-Popstojanova K, Trivedi KS (2001) Architecture-based approach to reliability assessment of software systems. Perform Eval 45(2-3): 179–204zbMATHCrossRefGoogle Scholar
  30. Gru08.
    Grunske L (2008) Specification patterns for probabilistic quality properties. In: Robby (ed) ICSE. ACM, pp 31–40Google Scholar
  31. GT09a.
    Ghezzi C, Tamburrelli G (2009) Reasoning on Non-Functional Requirements for Integrated Services. In: Proceedings of the 17th International Requirements Engineering Conference. IEEE Computer Society, pp 69–78Google Scholar
  32. GT09b.
    Ghezzi C, Tamburrelli G (2009) Predicting performance properties for open systems with KAMI. In: QoSA ’09: Proceedings of the 5th International Conference on the Quality of Software Architectures. Springer-Verlag, Berlin, pp 70–85Google Scholar
  33. Gui98.
    Guide MU (1998) The mathworks. Inc., Natick, MA, 5Google Scholar
  34. Hel04.
    Hellerstein JL (2004) Self-managing systems: a control theory foundation. In: Local Computer Networks, vol 0. Annual IEEE Conference, pp 708–708Google Scholar
  35. HHZ09.
    Hahn E, Hermanns H, Zhang L (2009) Probabilistic reachability for parametric markov models. In: Model Checking Software, pp 88–106Google Scholar
  36. HKNP06.
    Hinton A, Kwiatkowska M, Norman G, Parker D (2006) Prism: A tool for automatic verification of probabilistic systems. In: Proc. 12th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS+06), vol 3920, pp 441–444Google Scholar
  37. HM08.
    Huebscher MC, McCann JA (2008) A survey of autonomic computing—degrees, models, and applications. ACM Comput Surv 40(3):1–28.
  38. IN08.
    Immonen A, Niemela E (2008) Survey of reliability and availability prediction methods from the viewpoint of software architecture. Softw Syst Model 7(1): 49–65CrossRefGoogle Scholar
  39. JZ95.
    Jackson M, Zave P (1995) Deriving specifications from requirements: an example. In: ICSE ’95: Proceedings of the 17th international conference on Software engineering. ACM, New York, pp 15–24Google Scholar
  40. KC03.
    Kephart JO, Chess DM (2003) The vision of autonomic computing. COMPUTER, pp 41–50Google Scholar
  41. KKNP01.
    Katoen J-P, Kwiatkowska M, Norman G, Parker D (2001) Faster and symbolic ctmc model checking. In: de Alfaro L, Gilmore S (eds) Process Algebra and Probabilistic Methods. Performance Modelling and Verification, vol 2165. Lecture Notes in Computer Science. Springer, Berlin, pp 23–38Google Scholar
  42. KM90.
    Kramer J, Magee J (1990) The evolving philosophers problem: dynamic change management. IEEE Trans Softw Eng 16: 1293–1306CrossRefGoogle Scholar
  43. KM07.
    Kramer J, Magee J (2007) Self-managed systems: an architectural challenge. In: Future of Software Engineering, pp 259–268Google Scholar
  44. KNP04.
    Kwiatkowska M, Norman G, Parker D (2004) Prism 2.0: a tool for probabilistic model checking. In: Quantitative Evaluation of Systems, 2004. QEST 2004. Proceedings. First International Conference, pp 322–323Google Scholar
  45. KNP07.
    Kwiatkowska MZ, Norman G, Parker D (2007) Stochastic model checking. In: SFM, pp 220–270Google Scholar
  46. KPQ11.
    Kwiatkowska M, Parker D, Qu H (2011) Incremental quantitative verificat ion for markov decision processes. (unpublished—submitted for publication)Google Scholar
  47. KRAW07.
    Kihl M, Robertsson A, Andersson M, Wittenmark B (2007) Control-theoretic analysis of admission control mechanisms for web server systems. World Wide Web J Springer 11(1-2008):93–116Google Scholar
  48. KU02.
    Kozine IO, Utkin LV (2002) Interval-valued finite markov chains. Reliab Comput 8:97–113Google Scholar
  49. KZH+10.
    Katoen J-P, Zapreev IS, Hahn EM, Hermanns H, Jansen DN (2010) The ins and outs of the probabilistic model checker mrmc. In: Performance Evaluation, Corrected Proof:–2010 (in Press)Google Scholar
  50. LB85.
    Lehman MM, Belady LA (eds) (1985) Program evolution: processes of software change. Academic Press, LondonGoogle Scholar
  51. Leh80.
    Lehman MM (1980) On understanding laws, evolution, and conservation in the large-program life cycle. J Syst Softw 1: 213–221CrossRefGoogle Scholar
  52. LS09.
    Leucker M, Schallhart C (2009) A brief account of runtime verification. J Log Algebr Program 78(5): 293–303zbMATHCrossRefGoogle Scholar
  53. Mey07.
    Meyer B (2007) Contract-driven development. In: FASEGoogle Scholar
  54. MHS+10.
    Maggio M, Hoffmann H, Santambrogio MD, Agarwal A, Leva A (2010) Controlling software applications via resource allocation within the heartbeats framework. In: CDC, pp 3736–3741Google Scholar
  55. NTT11.
    Ng KW, Tian GL, Tang ML (2011) Dirichlet and Related Distributions: Theory, Methods and Applications. Wiley Series in Probability and Statistics. Wiley, New YorkGoogle Scholar
  56. Ope.
  57. PY05.
    Pezze M, Young M (2005) Software testing and analysis: process, principles and techniques. Wiley, New YorkGoogle Scholar
  58. Ros96.
    Ross SM (1996) Stochastic processes. Wiley, New YorkzbMATHGoogle Scholar
  59. SLE04.
    Skene J, Lamanna DD, Emmerich W (2004) Precise service level agreements. In: Proc. of 26th Intl. Conference on Software Engineering (ICSE). IEEE Press, USA, pp 179–188Google Scholar
  60. ST09.
    Salehie M, Tahvildari L (2009) Self-adaptive software: landscape and research challenges. TAAS 4(2):1–42. Google Scholar
  61. tBFGM07.
    ter Beek MH, Fantechi A, Gnesi S, Mazzanti F (2007) An action/state-based model-checking approach for the analysis of communication protocols for service-oriented applications. In: FMICS, pp 133–148Google Scholar
  62. VEBD07.
    Vandewoude Y, Ebraert P, Berbers Y, D’Hondt T (2007) Tranquility: a low disruptive alternative to quiescence for ensuring safe dynamic updates. IEEE Trans Softw Eng 33(12):856–868Google Scholar
  63. vL09.
    van Lamsweerde A (2009) Requirements engineering: from System goals to UML models to software specifications. Wiley, New YorkGoogle Scholar
  64. WSD.
  65. ZC06.
    Zhang J, Cheng BHC (2006) Model-based development of dynamically adaptive software. In: ICSE, ACM, New York, pp 371–380Google Scholar
  66. ZJ97.
    Zave P, Jackson M (1997) Four dark corners of requirements engineering. ACM Trans Softw Eng Methodol 6(1): 1–30CrossRefGoogle Scholar

Copyright information

© British Computer Society 2011

Authors and Affiliations

  • Antonio Filieri
    • 1
  • Carlo Ghezzi
    • 1
  • Giordano Tamburrelli
    • 1
  1. 1.DEI, Politecnico di Milano, DeepSE GroupMilanItaly

Personalised recommendations